Appendix C – CMC Dump of a Qualified Subordination Request
Applies To: Windows Server 2003 with SP1
PKCS7/CMS Message:
CMSG_SIGNED(2)
CMSG_SIGNED_DATA_CMS_VERSION(3)
Content Type: 1.3.6.1.5.5.7.12.2 CMC Data
PKCS7 Message Content:
================ Begin Nesting Level 1 ================
CMS Certificate Request:
Tagged Attributes: 2
Body Part Id: 2
1.3.6.1.5.5.7.7.8 CMC Extensions
Value[0]:
Data Reference: 0
Cert Reference[0]: 1
Extensions: 7
2.5.29.36: Flags = 0, Length = 8
Policy Constraints
Required Explicit Policy Skip Certs=0
Inhibit Policy Mapping Skip Certs=0
2.5.29.32: Flags = 0, Length = 10
Certificate Policies
429.195.0: 0x80070002 (WIN32: 2): LDAPFlags
[1]Certificate Policy:
Policy Identifier=Corporate High Assurance
1.3.6.1.4.1.311.21.10: Flags = 0, Length = 6c
Application Policies
[1]Application Certificate Policy:
Policy Identifier=Client Authentication
[2]Application Certificate Policy:
Policy Identifier=Smart Card Logon
[3]Application Certificate Policy:
Policy Identifier=Corporate RAS
[4]Application Certificate Policy:
Policy Identifier=Private Key Archival
[5]Application Certificate Policy:
Policy Identifier=Key Recovery Agent
[6]Application Certificate Policy:
Policy Identifier=Encrypting File System
[7]Application Certificate Policy:
Policy Identifier=Secure Email
[8]Application Certificate Policy:
Policy Identifier=Certificate Request Agent
2.5.29.30: Flags = 0, Length = bf
Name Constraints
Permitted
[1]Subtrees (0..Max):
Other Name:
Principal Name=.asia.northwindtraders.com
[2]Subtrees (0..Max):
RFC822 Name=@northwindtraders.com
[3]Subtrees (0..Max):
RFC822 Name=.northwindtraders.com
[4]Subtrees (0..Max):
DNS Name=.asia.northwindtraders.com
[5]Subtrees (0..Max):
Directory Address:
DC=ASIA
DC=Northwindtraders
DC=com
[6]Subtrees (0..Max):
URL=
[7]Subtrees (0..Max):
IP Address=
Excluded=None
1.3.6.1.4.1.311.20.2: Flags = 0, Length = c
Certificate Template Name
SubCA
2.5.29.15: Flags = 0, Length = 4
Key Usage
Digital Signature, Certificate Signing, Off-line CRL Signing, CRL Signing (86)
2.5.29.19: Flags = 1(Critical), Length = 5
Basic Constraints
Subject Type=CA
Path Length Constraint=None
Body Part Id: 3
1.3.6.1.5.5.7.7.18 Reg Info
Value[0]:
CertificateTemplate: SubCA
Tagged Requests: 1
CMC_TAGGED_CERT_REQUEST_CHOICE:
Body Part Id: 1
================ Begin Nesting Level 2 ================
Element 0:
PKCS10 Certificate Request:
Version: 1
Subject:
CN=ITG ASIA Corp CA 1
DC=asia
DC=Northwindtraders
DC=com
Public Key Algorithm:
Algorithm ObjectId: 1.2.840.113549.1.1.1 RSA
Algorithm Parameters:
05 00
Public Key Length: 2048 bits
Public Key: UnusedBits = 0
0000 30 82 01 0a 02 82 01 01 00 c4 92 eb 3d e3 70 52
0010 23 9f 9e a0 6c 9e 1e 26 43 7e 9c a3 d1 82 56 88
0020 5f df 2d a3 c6 f2 0a ae 25 8b 4e c8 7c 2b a2 4a
0030 72 49 ff 48 46 d9 59 6b 9e 1e 76 1a ff a9 1b 29
0040 30 4f a7 00 0f 73 3d 16 6b 4c 57 cd 2b c5 3d 78
0050 82 81 4a 90 26 b7 8b d4 b1 c4 08 ea 77 2a c2 f8
0060 8e e9 93 98 47 21 96 8e f9 9d ac bc 5f 01 f9 09
0070 12 b6 73 70 9a 2e 35 1c 51 d0 74 54 ee 46 7e 92
0080 03 5e d4 86 10 86 02 8b 8c 38 7e 76 10 55 0b 92
0090 1d 85 b9 46 d7 eb c2 42 3d a4 3d 84 d7 1f dd 93
00a0 30 ae 96 57 76 05 5d 2f 6e d0 7f 17 21 c2 87 1b
00b0 82 0c 02 da 10 87 48 ec c6 ba 45 45 75 22 3f 9a
00c0 f8 1f c6 10 05 08 01 d5 fa 56 25 a3 19 2c da e0
00d0 74 f6 43 9a c1 4d ed b6 9e 83 91 35 d0 c9 c3 6b
00e0 72 2f b0 3c fd 05 27 35 7b ea 8b 9d 48 83 96 59
00f0 bf b9 d3 80 b1 14 71 8e 75 e1 c9 da 69 86 4e cc
0100 9a 00 01 83 f5 0f 4b 2e 55 02 03 01 00 01
Request Attributes: 2
2 attributes:
Attribute[0]: 1.3.6.1.4.1.311.13.2.3 (OS Version)
Value[0][0]:
5.1.3541.2.
Attribute[1]: 1.2.840.113549.1.9.14 (Certificate Extensions)
Value[1][0]:
Unknown Attribute type
Certificate Extensions: 6
1.3.6.1.4.1.311.21.1: Flags = 0, Length = 3
CA Version
V1.0
1.3.6.1.4.1.311.21.2: Flags = 0, Length = 16
Previous CA Certificate Hash
d3 e5 cc ef 88 53 0d 13 b7 ae a2 7b 19 5f 57 5e 33 62 b0 ef
2.5.29.14: Flags = 0, Length = 16
Subject Key Identifier
d3 b6 48 1a c0 76 07 ba 35 2b 1c 90 8b bc 1f 2b d3 b9 4d f8
1.3.6.1.4.1.311.20.2: Flags = 0, Length = c
Certificate Template Name
SubCA
2.5.29.15: Flags = 0, Length = 4
Key Usage
Digital Signature, Certificate Signing, Off-line CRL Signing, CRL Signing (86)
2.5.29.19: Flags = 1(Critical), Length = 5
Basic Constraints
Subject Type=CA
Path Length Constraint=None
Signature Algorithm:
Algorithm ObjectId: 1.2.840.113549.1.1.5 sha1RSA
Algorithm Parameters:
05 00
Signature: UnusedBits=0
0000 a1 4b fa 5b ec 6c 4d e8 e4 a4 2d 7f 4b b9 65 cb
0010 61 1e d5 85 49 e9 07 9c c5 8b 9b e2 a4 b5 18 26
0020 76 33 d9 3d 66 2e 32 2c e8 a5 23 65 9f 07 0a d6
0030 d3 d0 3f 1a ac ef 75 2d 53 0d 79 13 90 6f e3 61
0040 ab bb ad 31 e9 46 31 b4 78 33 3e 7d 4f d4 87 3c
0050 cf 75 0a 03 51 f0 f4 f3 15 25 b8 d8 5f bb d4 78
0060 5d a9 39 34 1d d7 f9 8a 8d 3c 4e 1f ea 79 23 ce
0070 85 42 8f 36 c2 24 d2 9f 90 37 93 80 d4 f2 76 74
0080 ad 65 a0 7e 83 fc 83 21 ea e5 d8 c9 5f 02 ea d0
0090 9f 50 96 3a b5 c3 7f 85 9b b8 fc cd 68 c5 27 c5
00a0 99 d6 5f df 8f 8b 82 7b 0f 21 f0 3d 9f 34 0c d8
00b0 ec 2b b1 a9 55 c7 01 2d 9e f0 89 76 d3 ed d6 33
00c0 55 8a 9a c7 8d 52 3e b1 5d da 35 61 28 f7 07 73
00d0 57 52 80 ac c0 31 ad 9e 81 49 01 1f 48 1f f4 95
00e0 9f 39 4b 1a be 33 c6 4b cf 67 04 5b aa 94 59 4d
00f0 d4 95 42 6f 25 d3 64 fc d6 c8 e7 ca e3 b3 0a ad
Signature matches Public Key
Key Id Hash(sha1): d3 b6 48 1a c0 76 07 ba 35 2b 1c 90 8b bc 1f 2b d3 b9 4d f8
---------------- End Nesting Level 2 ----------------
Tagged Content Info: 0
Tagged Other Messages: 0
---------------- End Nesting Level 1 ----------------
Signer Count: 2
Signer Info[0]:
NULL signature verifies
CMSG_SIGNER_INFO_PKCS_1_5_VERSION(1)
CERT_ID_ISSUER_SERIAL_NUMBER(1)
Serial Number: 00
Issuer: OID.1.3.6.1.4.1.311.21.9=Dummy Signer
Hash Algorithm:
Algorithm ObjectId: 1.3.14.3.2.26 sha1
Algorithm Parameters: NULL
Encrypted Hash Algorithm:
Algorithm ObjectId: 1.3.6.1.5.5.7.6.2 NO_SIGN
Algorithm Parameters: NULL
Encrypted Hash:
0000 75 80 82 26 ff 11 77 5b 92 52 ce 2e a2 8e a2 32
0010 98 a7 1a a0
Authenticated Attributes[0]:
3 attributes:
Attribute[0]: 1.2.840.113549.1.9.3 (Content Type)
Value[0][0]:
Unknown Attribute type
1.3.6.1.5.5.7.12.2 CMC Data
Attribute[1]: 1.2.840.113549.1.9.4 (Message Digest)
Value[1][0]:
Unknown Attribute type
Message Digest:
5a 74 12 86 78 3a ab 5b 17 85 6f 4d 44 ea a2 74 2c 86 c1 1f
Attribute[2]: 1.3.6.1.4.1.311.21.20 (Client Information)
Value[2][0]:
Unknown Attribute type
Client Id: = 4
XECI_CERTREQ -- 4
User: ASIA\user2
Machine: user2.asia.northwindtraders.com
Process: certreq
Unauthenticated Attributes[0]:
0 attributes:
Computed Hash: 75 80 82 26 ff 11 77 5b 92 52 ce 2e a2 8e a2 32 98 a7 1a a0
Signing Certificate Index: 1
-------- CERT_CHAIN_CONTEXT --------
ChainContext.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
CertContext.dwRevocationFreshnessTime: 27 Days, 4 Hours, 47 Minutes, 46 Seconds
SimpleChain.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
SimpleChain.dwRevocationFreshnessTime: 27 Days, 4 Hours, 47 Minutes, 46 Seconds
CertContext[0][0]: dwInfoStatus=101 dwErrorStatus=0
Issuer: CN=W2K User Enrollment CA, OU=Test, O=NT Distributed Systems, L=Redmond,
S=WA, C=US, E=user1@northwindtraders.com
Subject: CN=Darren Canavor
Serial: 61321aaf00000000061e
Template: EnrollmentAgent
54 8e 6f e3 d6 88 31 29 b6 f0 fb be bd aa 91 12 76 dd 51 a3
Element.dwInfoStatus = CERT_TRUST_HAS_EXACT_MATCH_ISSUER (0x1)
Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
419.2199.0: 0x80070002 (WIN32: 2)
CRL 0:
Issuer: CN=W2K User Enrollment CA, OU=Test, O=NT Distributed Systems,
L=Redmond, S=WA, C=US, E=user1@northwindtraders.com
4b f3 03 53 8b d0 82 f5 bf aa b7 d1 ee fc aa 3e 12 74 b5 fe
Application[0] = 1.3.6.1.4.1.311.20.2.1 Certificate Request Agent
CertContext[0][1]: dwInfoStatus=101 dwErrorStatus=0
Issuer: E=user1@northwindtraders.com, CN=ASIA W2K PCA, OU=Test, O=NT
Distributed Systems, L=Redmond, S=WA, C=US
Subject: CN=W2K User Enrollment CA, OU=Test, O=NT Distributed Systems,
L=Redmond, S=WA, C=US, E=user1@northwindtraders.com
Serial: 4860d04700020000bc47
Template: SubCA
fa 4b b5 e1 a6 9f 8d e9 1d 69 4b f4 42 9f 76 0b ef a9 c8 d9
Element.dwInfoStatus = CERT_TRUST_HAS_EXACT_MATCH_ISSUER (0x1)
Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
419.2199.0: 0x80070002 (WIN32: 2)
CRL 0:
Issuer: E=user1@northwindtraders.com, CN=ASIA W2K PCA, OU=Test, O=NT
Distributed Systems, L=Redmond, S=WA, C=US
a7 a0 41 a8 90 71 0f 02 60 b1 28 bf 47 3b 4e 48 20 24 58 74
CertContext[0][2]: dwInfoStatus=102 dwErrorStatus=0
Issuer: CN=ASIA SA Root CA, OU=Asia, O=Northwindtraders, C=US
Subject: E=user1@northwindtraders.com, CN=ASIA W2K PCA, OU=Test, O=NT
Distributed Systems, L=Redmond, S=WA, C=US
Serial: 1f54dfa100000000001d
Template: SubCA
61 0b 95 b6 06 ba 14 4c ae 89 24 9d 83 fd 06 49 9b ca 82 60
Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2)
Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
CRL 49:
Issuer: CN=ASIA SA Root CA, OU=Asia, O=Northwindtraders, C=US
78 9e e3 0f 30 ed 2f d5 6e ec b1 9b 59 93 9b b9 b3 36 bb 8e
CertContext[0][3]: dwInfoStatus=10c dwErrorStatus=0
Issuer: CN=ASIA SA Root CA, OU=Asia, O=Northwindtraders, C=US
Subject: CN=ASIA SA Root CA, OU=Asia, O=Northwindtraders, C=US
Serial: 212566f75e7584b8478f7b59b4a9e212
Template: CA
9e 90 bb 26 24 e4 da dc 63 11 b8 18 2d af ad 39 56 81 66 51
Element.dwInfoStatus = CERT_TRUST_HAS_NAME_MATCH_ISSUER (0x4)
Element.dwInfoStatus = CERT_TRUST_IS_SELF_SIGNED (0x8)
Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
CRL 49:
Issuer: CN=ASIA SA Root CA, OU=Asia, O=Northwindtraders, C=US
78 9e e3 0f 30 ed 2f d5 6e ec b1 9b 59 93 9b b9 b3 36 bb 8e
Exclude leaf cert:
ea 88 66 a8 e8 c0 2d 50 c6 b0 21 a8 4d fb 87 2d 0b 8a da 83
Full chain:
7c c0 2c 86 ba 49 40 95 45 4c 0c 7f e1 f7 07 d3 88 f1 8d d4
------------------------------------
Verified Issuance Policies: None
Verified Application Policies:
1.3.6.1.4.1.311.20.2.1 Certificate Request Agent
Signer Info[1]:
Signature matches Public Key
CMSG_SIGNER_INFO_PKCS_1_5_VERSION(1)
CERT_ID_ISSUER_SERIAL_NUMBER(1)
Serial Number: 61321aaf00000000061e
Issuer: CN=W2K User Enrollment CA, OU=Test, O=NT Distributed Systems,
L=Redmond, S=WA, C=US, E=user1@northwindtraders.com
Subject: CN=Darren Canavor
Hash Algorithm:
Algorithm ObjectId: 1.3.14.3.2.26 sha1
Algorithm Parameters: NULL
Encrypted Hash Algorithm:
Algorithm ObjectId: 1.2.840.113549.1.1.1 RSA
Algorithm Parameters: NULL
Encrypted Hash:
0000 91 d8 40 e2 fc d7 9f dd da 2a 16 ed 6e b4 62 39
0010 08 c9 0b 08 c6 7a 19 8e f4 7a af ee a0 c8 e5 5a
0020 54 90 d3 bb f8 89 cf e8 3f e4 7a 33 45 1e 6b 09
0030 29 a2 4a 3d e0 28 fe d8 45 15 59 67 74 f4 ab 03
0040 82 d8 89 11 e6 bd 1a 5f 3b 73 02 a4 f8 be 9f f9
0050 d2 65 cc 2a b1 47 d4 d1 ce 8f 1d 51 be 5e 5b 92
0060 a7 79 da 80 4e 5e e5 72 3c 76 84 61 34 d4 42 f2
0070 da 4d 4b 17 ec 34 53 9b 2c 86 71 60 82 47 54 1e
Authenticated Attributes[1]:
3 attributes:
Attribute[0]: 1.2.840.113549.1.9.3 (Content Type)
Value[0][0]:
Unknown Attribute type
1.3.6.1.5.5.7.12.2 CMC Data
Attribute[1]: 1.2.840.113549.1.9.4 (Message Digest)
Value[1][0]:
Unknown Attribute type
Message Digest:
5a 74 12 86 78 3a ab 5b 17 85 6f 4d 44 ea a2 74 2c 86 c1 1f
Attribute[2]: 1.3.6.1.4.1.311.21.20 (Client Information)
Value[2][0]:
Unknown Attribute type
Client Id: = 4
XECI_CERTREQ -- 4
User: ASIA\user2
Machine: user2.asia.northwindtraders.com
Process: certreq
Unauthenticated Attributes[1]:
0 attributes:
Computed Hash: 75 80 82 26 ff 11 77 5b 92 52 ce 2e a2 8e a2 32 98 a7 1a a0
No Recipient
Certificates:
================ Begin Nesting Level 1 ================
Element 0:
X509 Certificate:
Version: 3
Serial Number: 4860d04700020000bc47
Signature Algorithm:
Algorithm ObjectId: 1.2.840.113549.1.1.5 sha1RSA
Algorithm Parameters:
05 00
Issuer:
E=user1@northwindtraders.com
CN=ASIA W2K PCA
OU=Test
O=NT Distributed Systems
L=Redmond
S=WA
C=US
NotBefore: 6/26/2001 1:03 PM
NotAfter: 6/7/2002 11:41 AM
Subject:
CN=W2K User Enrollment CA
OU=Test
O=NT Distributed Systems
L=Redmond
S=WA
C=US
E=user1@northwindtraders.com
Public Key Algorithm:
Algorithm ObjectId: 1.2.840.10040.4.1 DSA
Algorithm Parameters:
0000 30 82 01 1e 02 81 81 00 a1 13 9a 69 07 1f 39 de
0010 e8 f2 6f 24 0b 80 91 67 a1 f5 b4 d0 e5 24 65 3c
0020 2e f1 48 0c ef 3e e9 5d 1c fe 9a 47 1b 3e d3 41
0030 ba c4 c5 c1 6e 55 9c b2 c4 dc 0b 9a 1a a1 12 f6
0040 45 a5 32 f6 8d d3 50 79 e1 f0 1e 75 70 6b aa a8
0050 75 fb 99 bd 74 75 a8 b1 05 b0 a6 fd 4e 20 fa 9d
0060 9d 5e 79 51 9b 19 b0 c3 62 dd c2 a3 c1 ad af f6
0070 00 6b f7 70 3a 7e 22 e1 a9 d1 df 2f fc 53 d5 04
0080 95 b2 6c 7a 0c c4 52 5f 02 15 00 ee 57 07 f1 1f
0090 44 e7 75 0b d2 a0 f9 65 0a ec b8 dc 7c ad 6d 02
00a0 81 80 38 5d bc e4 06 1c 6c 16 70 54 7c 3a 65 d0
00b0 f3 bb 08 83 90 d0 b1 1b ea 53 90 23 8b b7 2e e2
00c0 a0 16 b7 11 41 31 20 f2 2c 56 a9 f3 8d 2b e8 74
00d0 32 c0 7e f4 90 a1 0f 30 c1 5e df e3 c7 a4 20 90
00e0 73 6a 02 bb eb 46 31 bd 29 70 45 e7 d7 43 22 86
00f0 55 33 e5 b9 d7 ac 4f 0b d4 53 5f ec 9c ae 34 0c
0100 14 35 7e 7f ad 0c 2d 50 4c ea 7d 47 34 1a 19 0b
0110 63 a3 1a 4a 3a 4d b8 4a 8a 7d b1 36 48 64 d0 f7
0120 e2 41
Public Key Length: 1024 bits
Public Key: UnusedBits = 0
0000 02 81 80 6f be 7e 8d a2 4c d2 4a c2 bb dc 71 9c
0010 85 d5 d3 0c e7 df d0 8e a5 85 2b d2 5b a4 a1 0d
0020 a8 55 1b d6 4b 04 2d 56 f8 0a a7 78 8b 1f d1 73
0030 b7 3e 2a af 1e 21 13 c6 4e 98 ce 88 4c 34 60 d1
0040 4c a4 80 4e 1c 76 ad 8e dd 60 6c f0 22 55 47 95
0050 09 3b 93 75 51 11 eb 7c 74 4a a1 72 2c cf d4 28
0060 ef 60 f0 8a 18 eb 4a 19 24 93 c0 27 3f af 55 98
0070 d6 1b 69 63 4a a6 7b f7 69 92 77 4c 28 60 f8 97
0080 6c a2 d0
Certificate Extensions: 7
2.5.29.14: Flags = 0, Length = 16
Subject Key Identifier
0a 2f e7 66 09 39 b6 c3 9d 96 9a 49 ff 75 73 fd 72 80 92 45
1.3.6.1.4.1.311.20.2: Flags = 0, Length = c
Certificate Template Name
SubCA
2.5.29.15: Flags = 0, Length = 4
Key Usage
Certificate Signing, Off-line CRL Signing, CRL Signing (06)
2.5.29.19: Flags = 1(Critical), Length = 5
Basic Constraints
Subject Type=CA
Path Length Constraint=None
2.5.29.35: Flags = 0, Length = 76
Authority Key Identifier
KeyID=7a fc 16 de 56 19 08 a3 39 21 5d 55 0f f2 57 be 8f 5e c7 7f
Certificate Issuer:
Directory Address:
CN=ASIA SA Root CA
OU=Asia
O=Northwindtraders
C=US
Certificate SerialNumber=1f 54 df a1 00 00 00 00 00 1d
2.5.29.31: Flags = 0, Length = 11c
CRL Distribution Points
[1]CRL Distribution Point
Distribution Point Name:
Full Name:
URL=ldap:///CN=ASIA%20W2K%20PCA,CN=W2KPCA,CN=CDP,CN=Public%20Key%20Services,CN=S
ervices,CN=Configuration,DC=asia,DC=Northwindtraders,DC=com?certificateRevocatio
nList?base?objectclass=cRLDistributionPoint
[2]CRL Distribution Point
Distribution Point Name:
Full Name:
URL=https://w2kpca.asia.northwindtraders.com/CertEnroll/ASIA%20W2K%20PCA.crl
1.3.6.1.5.5.7.1.1: Flags = 0, Length = 130
Authority Information Access
[1]Authority Info Access
Access Method=Certification Authority Issuer (1.3.6.1.5.5.7.48.2)
Alternative Name:
RL=ldap:///CN=ASIA%20W2K%20PCA,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=
Configuration,DC=asia,DC=Northwindtraders,DC=com?cACertificate?base?objectclass=
certificationAuthority
[2]Authority Info Access
Access Method=Certification Authority Issuer (1.3.6.1.5.5.7.48.2)
Alternative Name:
URL=https://w2kpca.asia.northwindtraders.com/CertEnroll/W2KPCA.asia.northwindtrad
ers.com_ASIA%20W2K%20PCA(2).crt
Signature Algorithm:
Algorithm ObjectId: 1.2.840.113549.1.1.5 sha1RSA
Algorithm Parameters:
05 00
Signature: UnusedBits=0
0000 70 a2 0e c9 94 30 81 83 43 33 1b b3 6a 83 ae a5
0010 2a 1f fc c9 d8 28 ae 7e b3 a2 fb c2 f0 be 8a 3b
0020 31 e9 bc e2 80 1c 9d 5a 5c 08 db 79 df 7f 88 5e
0030 7c e2 90 fe 9b e5 83 20 b5 7b 2b 2c 86 bb 22 c4
0040 4e 9e 09 3c 6a c1 c0 35 57 85 82 a3 07 b4 ca e5
0050 d8 48 38 33 ec b2 f2 11 56 c4 83 2c 27 2e 9b 19
0060 7e 9c 62 5a 8f 10 78 16 3c 36 c3 19 fc 7f 63 38
0070 b8 eb ab 24 7a 45 86 ec 25 b0 b0 63 b0 2e 98 91
0080 54 13 6d c3 eb d7 c3 42 10 64 49 19 cf 20 d5 55
0090 18 bb a6 fd 5b ff 12 5a 88 62 22 12 5a 02 1e de
00a0 e2 21 e8 fa d2 83 6e 13 fd 55 3b ca 8a 56 27 8d
00b0 28 79 3c 15 df 58 79 4c ce fb d9 44 d4 fc 7f 6b
00c0 92 6b 67 3c e6 29 b2 ed 6a 30 0f 89 75 ab 9e 04
00d0 6b 31 ec e0 79 76 c3 51 cd 91 1e 13 cd 1e 06 8d
00e0 ce c8 c9 9b cb 14 23 88 ae e0 c3 1f 18 56 ae 55
00f0 a6 15 c5 95 18 61 5e 65 b6 24 9e c8 ca 87 fe 20
Non-root Certificate
Key Id Hash(sha1): 0a 2f e7 66 09 39 b6 c3 9d 96 9a 49 ff 75 73 fd 72 80 92 45
Cert Hash(md5): d4 8e c5 46 fa 21 77 2a 32 f0 8c 28 78 9a a2 92
Cert Hash(sha1): fa 4b b5 e1 a6 9f 8d e9 1d 69 4b f4 42 9f 76 0b ef a9 c8 d9
---------------- End Nesting Level 1 ----------------
================ Begin Nesting Level 1 ================
Element 1:
X509 Certificate:
Version: 3
Serial Number: 61321aaf00000000061e
Signature Algorithm:
Algorithm ObjectId: 1.2.840.10040.4.3 sha1DSA
Algorithm Parameters: NULL
Issuer:
CN=W2K User Enrollment CA
OU=Test
O=NT Distributed Systems
L=Redmond
S=WA
C=US
E=user1@northwindtraders.com
NotBefore: 10/29/2001 6:16 PM
NotAfter: 6/7/2002 11:41 AM
Subject:
CN=Darren Canavor
Public Key Algorithm:
Algorithm ObjectId: 1.2.840.113549.1.1.1 RSA
Algorithm Parameters:
05 00
Public Key Length: 1024 bits
Public Key: UnusedBits = 0
0000 30 81 89 02 81 81 00 eb 8c 61 aa 06 26 3a 0f 74
0010 bb 03 53 94 8e 8b d7 c9 1c b8 af d9 71 12 3a 07
0020 96 fb 15 dd 1f ca d1 14 9e 47 ae aa 79 7d f0 ba
0030 71 3c 02 d7 1a 53 2e fe 56 23 be 64 ee f4 7f 7e
0040 02 68 22 ab f1 8d 94 f6 4f ee e2 45 f6 0e 5f 34
0050 dd c9 60 32 f0 fd 55 6b 4f 3d 5a 8d c3 21 97 ba
0060 a2 6b af 40 b1 ba 59 de 27 15 e4 e4 e3 2f 9f 84
0070 22 92 29 25 88 42 a5 c9 90 84 2e 46 86 32 21 99
0080 1f 52 98 5d 79 d7 eb 02 03 01 00 01
Certificate Extensions: 8
2.5.29.15: Flags = 0, Length = 4
Key Usage
Digital Signature (80)
2.5.29.14: Flags = 0, Length = 16
Subject Key Identifier
3e 09 89 24 b9 c6 f9 68 34 e8 02 1c f5 25 cd 96 6e 13 68 d0
1.3.6.1.4.1.311.20.2: Flags = 0, Length = 20
Certificate Template Name
EnrollmentAgent
2.5.29.35: Flags = 0, Length = ca
Authority Key Identifier
KeyID=0a 2f e7 66 09 39 b6 c3 9d 96 9a 49 ff 75 73 fd 72 80 92 45
Certificate Issuer:
Directory Address:
E=user1@northwindtraders.com
CN=ASIA W2K PCA
OU=Test
O=NT Distributed Systems
L=Redmond
S=WA
C=US
Certificate SerialNumber=48 60 d0 47 00 02 00 00 bc 47
2.5.29.31: Flags = 0, Length = 136
CRL Distribution Points
[1]CRL Distribution Point
Distribution Point Name:
Full Name:
URL=ldap:///CN=W2K%20User%20Enrollment%20CA,CN=w2keobca,CN=CDP,CN=Public%20Key%2
0Services,CN=Services,CN=Configuration,DC=asia,DC=Northwindtraders,DC=com?certif
icateRevocationList?base?objectclass=cRLDistributionPoint
[2]CRL Distribution Point
Distribution Point Name:
Full Name:
URL=https://w2keobca.asia.northwindtraders.com/CertEnroll/W2K%20User%20Enrollment
%20CA.crl
1.3.6.1.5.5.7.1.1: Flags = 0, Length = 147
Authority Information Access
[1]Authority Info Access
Access Method=Certification Authority Issuer (1.3.6.1.5.5.7.48.2)
Alternative Name:
URL=ldap:///CN=W2K%20User%20Enrollment%20CA,CN=AIA,CN=Public%20Key%20Services,CN
=Services,CN=Configuration,DC=asia,DC=Northwindtraders,DC=com?cACertificate?base
?objectclass=certificationAuthority
[2]Authority Info Access
Access Method=Certification Authority Issuer (1.3.6.1.5.5.7.48.2)
Alternative Name:
URL=https://w2keobca.asia.northwindtraders.com/CertEnroll/w2keobca.asia.northwind
traders.com_W2K%20User%20Enrollment%20CA.crt
2.5.29.37: Flags = 0, Length = e
Enhanced Key Usage
Certificate Request Agent (1.3.6.1.4.1.311.20.2.1)
2.5.29.17: Flags = 0, Length = 52
Subject Alternative Name
Other Name:
Principal Name=user2@asia.northwindtraders.com
Signature Algorithm:
Algorithm ObjectId: 1.2.840.10040.4.3 sha1DSA
Algorithm Parameters: NULL
Signature: UnusedBits=0
0000 c2 c8 2e 86 c9 32 ca 80 5c f3 ba 09 08 14 fc 01
0010 ab 87 1c 34 14 02 32 aa 7c af d0 36 8b df ac 24
0020 da 2c a6 7e 21 fc f8 49 da 80 00 15 02 2d 30
Non-root Certificate
Key Id Hash(sha1): 3e 09 89 24 b9 c6 f9 68 34 e8 02 1c f5 25 cd 96 6e 13 68 d0
Cert Hash(md5): 59 6d 1c 02 87 8f 91 08 cb 33 82 c1 d2 4a f8 1c
Cert Hash(sha1): 54 8e 6f e3 d6 88 31 29 b6 f0 fb be bd aa 91 12 76 dd 51 a3
---------------- End Nesting Level 1 ----------------
================ Begin Nesting Level 1 ================
Element 2:
X509 Certificate:
Version: 3
Serial Number: 1f54dfa100000000001d
Signature Algorithm:
Algorithm ObjectId: 1.2.840.113549.1.1.5 sha1RSA
Algorithm Parameters:
05 00
Issuer:
CN=ASIA SA Root CA
OU=Asia
O=Northwindtraders
C=US
NotBefore: 6/7/2001 11:31 AM
NotAfter: 6/7/2002 11:41 AM
Subject:
E=user1@northwindtraders.com
CN=ASIA W2K PCA
OU=Test
O=NT Distributed Systems
L=Redmond
S=WA
C=US
Public Key Algorithm:
Algorithm ObjectId: 1.2.840.113549.1.1.1 RSA
Algorithm Parameters:
05 00
Public Key Length: 2048 bits
Public Key: UnusedBits = 0
0000 30 82 01 0a 02 82 01 01 00 c2 0b 38 8e 77 00 c5
0010 ec 23 62 2f 1f 5a bd f9 72 5f f4 71 25 87 38 ca
0020 1d 8c 1c 07 cb 02 4e 12 43 7a d9 fe db 40 0f b1
0030 ca 98 72 b0 d9 fb 10 37 42 84 72 24 0f 26 36 f8
0040 ab a7 5b 44 a1 0f d7 18 f5 57 d6 e3 79 36 c5 cc
0050 bc af 47 ae b7 5e 0c 0f 3d 76 e7 06 84 af c1 2e
0060 99 90 e4 82 3f 20 d4 d6 bf 0b 37 9e 7f 31 e4 38
0070 b9 32 46 0b 94 0f b3 b9 55 cb f5 03 c9 c4 3b 1c
0080 6a 3b 78 77 06 71 f1 16 ed f9 a6 4b 94 35 00 a4
0090 9a 13 fe fc 7b 7a 8f cd 6e 9b 87 8d de 19 8e 06
00a0 88 ce b5 04 e4 fd 2a 50 a7 1e d5 7a d2 80 f1 e5
00b0 3f 08 2e 55 5e 05 57 97 0e d6 13 d8 6c 16 7d 5e
00c0 10 65 4e 2a 44 cc 5d f9 3d 52 9c d1 1e 15 e0 4d
00d0 a4 ec a1 0f 2f 5a e6 29 d5 4e 45 04 09 fc 45 0e
00e0 11 0f d0 fa d5 8d 0c 41 0d fd 79 69 e2 2a 09 f7
00f0 92 cd 2d fe 4d 61 13 b9 b9 f4 06 fb 78 9a e6 7c
0100 19 e4 1f 22 64 81 89 c7 29 02 03 01 00 01
Certificate Extensions: 8
1.3.6.1.4.1.311.21.1: Flags = 0, Length = 3
CA Version
V2.0
2.5.29.14: Flags = 0, Length = 16
Subject Key Identifier
7a fc 16 de 56 19 08 a3 39 21 5d 55 0f f2 57 be 8f 5e c7 7f
1.3.6.1.4.1.311.20.2: Flags = 0, Length = c
Certificate Template Name
SubCA
2.5.29.15: Flags = 0, Length = 4
Key Usage
Digital Signature, Non-Repudiation, Certificate Signing, Off-line CRL
Signing, CRL Signing (c6)
2.5.29.19: Flags = 1(Critical), Length = 5
Basic Constraints
Subject Type=CA
Path Length Constraint=None
2.5.29.35: Flags = 0, Length = 18
Authority Key Identifier
KeyID=77 c9 74 69 2c 39 fe 38 65 f4 87 05 58 08 ce bd ba 97 da 10
2.5.29.31: Flags = 0, Length = 131
CRL Distribution Points
[1]CRL Distribution Point
Distribution Point Name:
Full Name:
URL=https://whicasarootca.asia.northwindtraders.com/CertEnroll/ASIA%20SA%20Root%20CA.crl
URL=ldap:///CN=ASIA%20SA%20Root%20CA,CN=whicasarootca,CN=CDP,CN=Public%20Key%20S
ervices,CN=Services,CN=Configuration,DC=asia,DC=Northwindtraders,DC=com?certific
ateRevocationList?base?objectClass=cRLDistributionPoint
1.3.6.1.5.5.7.1.1: Flags = 0, Length = 145
Authority Information Access
[1]Authority Info Access
Access Method=Certification Authority Issuer (1.3.6.1.5.5.7.48.2)
Alternative Name:
URL=https://whicasarootca.asia.northwindtraders.com/CertEnroll/whicasarootca.asia
.northwindtraders.com_ASIA%20SA%20Root%20CA.crt
[2]Authority Info Access
Access Method=Certification Authority Issuer (1.3.6.1.5.5.7.48.2)
Alternative Name:
URL=ldap:///CN=ASIA%20SA%20Root%20CA,CN=AIA,CN=Public%20Key%20Services,CN=Servic
es,CN=Configuration,DC=asia,DC=Northwindtraders,DC=com?cACertificate?base?object
Class=certificationAuthority
Signature Algorithm:
Algorithm ObjectId: 1.2.840.113549.1.1.5 sha1RSA
Algorithm Parameters:
05 00
Signature: UnusedBits=0
0000 1f 1b 35 ad 28 ce 75 25 8b 26 18 19 8a 38 60 1c
0010 95 f6 bf d1 fb de 61 76 ba 24 71 97 f6 1d 48 92
0020 df 11 36 f8 40 de 58 20 b1 6a 55 ac 27 f9 8b f7
0030 c2 b6 ca 76 18 8a 47 69 39 28 e0 fd 81 98 3d 07
0040 df 6f 01 12 76 c3 5b 2a 9b 42 d9 b5 9c 40 fd 15
0050 0b 4a 9c 5f 88 17 f7 3a b8 42 90 58 19 88 10 4d
0060 4f 53 cf d8 29 1b 3c 5b c9 c0 f2 ad 13 61 b0 e7
0070 70 b5 25 df 15 0c 36 2a 50 95 b6 8f b7 1d d5 6e
Non-root Certificate
Key Id Hash(sha1): 7a fc 16 de 56 19 08 a3 39 21 5d 55 0f f2 57 be 8f 5e c7 7f
Cert Hash(md5): f2 bf 51 9f 3a d7 37 ec 03 20 79 b5 69 17 c4 26
Cert Hash(sha1): 61 0b 95 b6 06 ba 14 4c ae 89 24 9d 83 fd 06 49 9b ca 82 60
---------------- End Nesting Level 1 ----------------
================ Begin Nesting Level 1 ================
Element 3:
X509 Certificate:
Version: 3
Serial Number: 212566f75e7584b8478f7b59b4a9e212
Signature Algorithm:
Algorithm ObjectId: 1.2.840.113549.1.1.5 sha1RSA
Algorithm Parameters:
05 00
Issuer:
CN=ASIA SA Root CA
OU=Asia
O=Northwindtraders
C=US
NotBefore: 9/20/2000 1:24 PM
NotAfter: 9/20/2002 1:33 PM
Subject:
CN=ASIA SA Root CA
OU=Asia
O=Northwindtraders
C=US
Public Key Algorithm:
Algorithm ObjectId: 1.2.840.113549.1.1.1 RSA
Algorithm Parameters:
05 00
Public Key Length: 1024 bits
Public Key: UnusedBits = 0
0000 30 81 89 02 81 81 00 c7 29 b7 6c 1b 49 f7 77 a9
0010 f5 83 3d 78 5b 6b 25 29 85 03 c3 46 e8 eb 71 4c
0020 a4 4b 2f 2a 2b 5c c6 0d 53 32 ec 76 8c ef 19 67
0030 52 67 09 73 6e f0 13 6a 4c eb ce b8 ae aa ae d0
0040 81 a0 73 26 f4 b4 3a af 32 03 3b 61 a9 fd 23 05
0050 0c ac 1a f4 c7 d4 b1 e2 7a 8d db 98 21 45 38 e5
0060 2d 1a f7 dd 24 66 c4 32 f4 db f1 c4 f4 cb 10 20
0070 3c 9e ce af 45 99 b5 ae fb 7f f0 11 50 d5 96 bf
0080 a8 3b 4c d5 14 85 ed 02 03 01 00 01
Certificate Extensions: 6
1.3.6.1.4.1.311.20.2: Flags = 0, Length = 6
Certificate Template Name
CA
2.5.29.15: Flags = 0, Length = 4
Key Usage
Non-Repudiation, Certificate Signing, Off-line CRL Signing, CRL Signing (46)
2.5.29.19: Flags = 1(Critical), Length = 5
Basic Constraints
Subject Type=CA
Path Length Constraint=None
2.5.29.14: Flags = 0, Length = 16
Subject Key Identifier
77 c9 74 69 2c 39 fe 38 65 f4 87 05 58 08 ce bd ba 97 da 10
2.5.29.31: Flags = 0, Length = ae
CRL Distribution Points
[1]CRL Distribution Point
Distribution Point Name:
Full Name:
URL=https://whicasarootca.asia.northwindtraders.com/CertEnroll/ASIA%20SA%20Root%20CA.crl
URL=file://\\whicasarootca.asia.northwindtraders.com\CertEnroll\ASIA%20SA%20Root%20CA.crl
1.3.6.1.4.1.311.21.1: Flags = 0, Length = 3
CA Version
V0.0
Signature Algorithm:
Algorithm ObjectId: 1.2.840.113549.1.1.5 sha1RSA
Algorithm Parameters:
05 00
Signature: UnusedBits=0
0000 9d 64 9e 14 7c 07 32 06 f7 86 8b a6 fc b9 52 74
0010 31 35 ab 30 98 ee b5 d7 7d 1c 8a 3d f7 a4 89 e2
0020 2c f2 cc f9 ad 93 66 29 95 42 a8 77 a8 1b 7c 1c
0030 4a 4b 25 b1 68 3f 1e db 47 2c e6 46 dd fd c9 b3
0040 28 8a 55 14 c1 a6 64 9d 64 46 90 82 9a 73 55 85
0050 2e 6e 5d ff 19 2c 95 18 fa a1 dc e3 b8 54 bc 9a
0060 c3 3c 1b a7 e0 51 b1 90 3d a7 3b de e3 e8 55 a0
0070 54 40 a4 90 04 37 ff f6 ac a8 cd 24 6f e1 f9 08
Signature matches Public Key
Root Certificate: Subject matches Issuer
Key Id Hash(sha1): 77 c9 74 69 2c 39 fe 38 65 f4 87 05 58 08 ce bd ba 97 da 10
Cert Hash(md5): 51 66 26 77 89 a4 3d 07 f7 62 56 d2 de 0e d8 f6
Cert Hash(sha1): 9e 90 bb 26 24 e4 da dc 63 11 b8 18 2d af ad 39 56 81 66 51
---------------- End Nesting Level 1 ----------------
No CRLs
CertUtil: -dump command completed successfully.
This is a preliminary document and may be changed substantially prior to final commercial release of the software described herein. The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication.
This white paper is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT.
Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.
2003 Microsoft Corporation. All rights reserved. Microsoft, Windows, and Windows NT are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.
Other product and company names mentioned herein may be the trademarks of their respective owners.
Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA