Suspect CA Certificates on the Sony Xperia Z5 Compact (E5823)

I got curious today about the CA certificates present on my current phone, the Sony Xperia Z5 Compact (E5823), running Android 5.1.1.

It turns out it’s pretty easy to pull the CA certs from an Android device (even easier than before). Assuming you have adb set up and working with your device already:
$ adb pull /system/etc/security/cacerts cacerts

The certificates are now stored in standard PEM format, so they’re super easy to use in formats we want. I’m running an Ubuntu 15.10 system currently, so I’m using that as a baseline to ‘diff’ the Android CA certs against (using an admittedly cursory check to just match the first line of the cert):
$ for i in cacerts/* ; do if ! $(grep -q $(sed -n 2p $i) /etc/ssl/certs/ca-certificates.crt) ; then echo $i ; fi ; done

This turned up a list of six root certificates trusted by my phone that aren’t trusted by my desktop:

0d188d89.0
2fb1850a.0
73da149b.0
bda4cc84.0
c33a80d4.0
ddc328ff.0

In order to find out what these six CA certificates represent to be, we repeat the previous command (!!) piped into openssl to decode them into human-readable format:
$ !! | while read line ; do echo $line ; openssl x509 -in $line -text -sha1 -fingerprint -noout ; echo ; echo ; done

After some research, it turns out that four of these certificates were removed from the Android source tree in October, 2015, and another earlier in June, 2015, all of which were part of efforts to eliminate 1024-bit RSA keys, but the changes haven’t made it to my device yet. Ah, the joys of the Android update distribution model.

However, one certificate remains unaccounted for: C=JP, O=Sony Computer Entertainment Inc., CN=SCEI DNAS Root 05, SHA1 Fingerprint=F2:29:23:F2:18:BA:B9:CD:96:6A:1F:DE:A3:C0:F4:34:B8:66:3A:22. I find it somewhat odd that, as of the time of this writing, there are no Google search results for that SHA1 fingerprint, though “SCEI DNAS Root 05″ does turn up some results. One may easily surmise this is Sony’s own CA. It’s all well and good that they don’t want to buy expensive certificates for their numerous proprietary services that only their devices will use, but I do take issue with this approach, since it exposes the rest of the system—native components and third-party apps—to MITM attacks once their CA is compromised. (I know that its subsidiaries operate with quite a bit of independence, but Sony hasn’t engendered great trust in their digital security.)

For those who are curious, the list was as follows, with some commentary for each:

0d188d89.0
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:99:8d:3c:c0:03:27:bd:9c:76:95:b9:ea:db:ac:b5
    Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=TR, O=Elektronik Bilgi Guvenligi A.S., CN=e-Guven Kok Elektronik Sertifika Hizmet Saglayicisi
        Validity
            Not Before: Jan  4 11:32:48 2007 GMT
            Not After : Jan  4 11:32:48 2017 GMT
        Subject: C=TR, O=Elektronik Bilgi Guvenligi A.S., CN=e-Guven Kok Elektronik Sertifika Hizmet Saglayicisi
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:c3:12:20:9e:b0:5e:00:65:8d:4e:46:bb:80:5c:
                    e9:2c:06:97:d5:f3:72:c9:70:b9:e7:4b:65:80:c1:
                    4b:be:7e:3c:d7:54:31:94:de:d5:12:ba:53:16:02:
                    ea:58:63:ef:5b:d8:f3:ed:2a:1a:aa:71:48:a3:dc:
                    10:2d:5f:5f:eb:5c:4b:9c:96:08:42:25:28:11:cc:
                    8a:5a:62:01:50:d5:eb:09:53:2f:f8:c3:8f:fe:b3:
                    fc:fd:9d:a2:e3:5f:7d:be:ed:0b:e0:60:eb:69:ec:
                    33:ed:d8:8d:fb:12:49:83:00:c9:8b:97:8c:3b:73:
                    2a:32:b3:12:f7:b9:4d:f2:f4:4d:6d:c7:e6:d6:26:
                    37:08:f2:d9:fd:6b:5c:a3:e5:48:5c:58:bc:42:be:
                    03:5a:81:ba:1c:35:0c:00:d3:f5:23:7e:71:30:08:
                    26:38:dc:25:11:47:2d:f3:ba:23:10:a5:bf:bc:02:
                    f7:43:5e:c7:fe:b0:37:50:99:7b:0f:93:ce:e6:43:
                    2c:c3:7e:0d:f2:1c:43:66:60:cb:61:31:47:87:a3:
                    4f:ae:bd:56:6c:4c:bc:bc:f8:05:ca:64:f4:e9:34:
                    a1:2c:b5:73:e1:c2:3e:e8:c8:c9:34:25:08:5c:f3:
                    ed:a6:c7:94:9f:ad:88:43:25:d7:e1:39:60:fe:ac:
                    39:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Subject Key Identifier: 
                9F:EE:44:B3:94:D5:FA:91:4F:2E:D9:55:9A:04:56:DB:2D:C4:DB:A5
    Signature Algorithm: sha1WithRSAEncryption
         7f:5f:b9:53:5b:63:3d:75:32:e7:fa:c4:74:1a:cb:46:df:46:
         69:1c:52:cf:aa:4f:c2:68:eb:ff:80:a9:51:e8:3d:62:77:89:
         3d:0a:75:39:f1:6e:5d:17:87:6f:68:05:c1:94:6c:d9:5d:df:
         da:b2:59:cb:a5:10:8a:ca:cc:39:cd:9f:eb:4e:de:52:ff:0c:
         f0:f4:92:a9:f2:6c:53:ab:9b:d2:47:a0:1f:74:f7:9b:9a:f1:
         2f:15:9f:7a:64:30:18:07:3c:2a:0f:67:ca:fc:0f:89:61:9d:
         65:a5:3c:e5:bc:13:5b:08:db:e3:ff:ed:bb:06:bb:6a:06:b1:
         7a:4f:65:c6:82:fd:1e:9c:8b:b5:0d:ee:48:bb:b8:bd:aa:08:
         b4:fb:a3:7c:cb:9f:cd:90:76:5c:86:96:78:57:0a:66:f9:58:
         1a:9d:fd:97:29:60:de:11:a6:90:1c:19:1c:ee:01:96:22:34:
         34:2e:91:f9:b7:c4:27:d1:7b:e6:bf:fb:80:44:5a:16:e5:eb:
         e0:d4:0a:38:bc:e4:91:e3:d5:eb:5c:c1:ac:df:1b:6a:7c:9e:
         e5:75:d2:b6:97:87:db:cc:87:2b:43:3a:84:08:af:ab:3c:db:
         f7:3c:66:31:86:b0:9d:53:79:ed:f8:23:de:42:e3:2d:82:f1:
         0f:e5:fa:97
SHA1 Fingerprint=DD:E1:D2:A9:01:80:2E:1D:87:5E:84:B3:80:7E:4B:B1:FD:99:41:34

This certificate does match that presented by E-Guven, but investigating its SHA-1 fingerprint uncovered a series of pages explaining why the e-Guven CA Certificatee-Guven CA Certificate will no longer be trusted. Google must have missed the memo (or they’re just more trusting than the folks at Mozilla).

2fb1850a.0
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
    Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=US, O=America Online Inc., CN=America Online Root Certification Authority 2
        Validity
            Not Before: May 28 06:00:00 2002 GMT
            Not After : Sep 29 14:08:00 2037 GMT
        Subject: C=US, O=America Online Inc., CN=America Online Root Certification Authority 2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (4096 bit)
                Modulus:
                    00:cc:41:45:1d:e9:3d:4d:10:f6:8c:b1:41:c9:e0:
                    5e:cb:0d:b7:bf:47:73:d3:f0:55:4d:dd:c6:0c:fa:
                    b1:66:05:6a:cd:78:b4:dc:02:db:4e:81:f3:d7:a7:
                    7c:71:bc:75:63:a0:5d:e3:07:0c:48:ec:25:c4:03:
                    20:f4:ff:0e:3b:12:ff:9b:8d:e1:c6:d5:1b:b4:6d:
                    22:e3:b1:db:7f:21:64:af:86:bc:57:22:2a:d6:47:
                    81:57:44:82:56:53:bd:86:14:01:0b:fc:7f:74:a4:
                    5a:ae:f1:ba:11:b5:9b:58:5a:80:b4:37:78:09:33:
                    7c:32:47:03:5c:c4:a5:83:48:f4:57:56:6e:81:36:
                    27:18:4f:ec:9b:28:c2:d4:b4:d7:7c:0c:3e:0c:2b:
                    df:ca:04:d7:c6:8e:ea:58:4e:a8:a4:a5:18:1c:6c:
                    45:98:a3:41:d1:2d:d2:c7:6d:8d:19:f1:ad:79:b7:
                    81:3f:bd:06:82:27:2d:10:58:05:b5:78:05:b9:2f:
                    db:0c:6b:90:90:7e:14:59:38:bb:94:24:13:e5:d1:
                    9d:14:df:d3:82:4d:46:f0:80:39:52:32:0f:e3:84:
                    b2:7a:43:f2:5e:de:5f:3f:1d:dd:e3:b2:1b:a0:a1:
                    2a:23:03:6e:2e:01:15:87:5c:a6:75:75:c7:97:61:
                    be:de:86:dc:d4:48:db:bd:2a:bf:4a:55:da:e8:7d:
                    50:fb:b4:80:17:b8:94:bf:01:3d:ea:da:ba:7c:e0:
                    58:67:17:b9:58:e0:88:86:46:67:6c:9d:10:47:58:
                    32:d0:35:7c:79:2a:90:a2:5a:10:11:23:35:ad:2f:
                    cc:e4:4a:5b:a7:c8:27:f2:83:de:5e:bb:5e:77:e7:
                    e8:a5:6e:63:c2:0d:5d:61:d0:8c:d2:6c:5a:21:0e:
                    ca:28:a3:ce:2a:e9:95:c7:48:cf:96:6f:1d:92:25:
                    c8:c6:c6:c1:c1:0c:05:ac:26:c4:d2:75:d2:e1:2a:
                    67:c0:3d:5b:a5:9a:eb:cf:7b:1a:a8:9d:14:45:e5:
                    0f:a0:9a:65:de:2f:28:bd:ce:6f:94:66:83:48:29:
                    d8:ea:65:8c:af:93:d9:64:9f:55:57:26:bf:6f:cb:
                    37:31:99:a3:60:bb:1c:ad:89:34:32:62:b8:43:21:
                    06:72:0c:a1:5c:6d:46:c5:fa:29:cf:30:de:89:dc:
                    71:5b:dd:b6:37:3e:df:50:f5:b8:07:25:26:e5:bc:
                    b5:fe:3c:02:b3:b7:f8:be:43:c1:87:11:94:9e:23:
                    6c:17:8a:b8:8a:27:0c:54:47:f0:a9:b3:c0:80:8c:
                    a0:27:eb:1d:19:e3:07:8e:77:70:ca:2b:f4:7d:76:
                    e0:78:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Subject Key Identifier: 
                4D:45:C1:68:38:BB:73:A9:69:A1:20:E7:ED:F5:22:A1:23:14:D7:9E
            X509v3 Authority Key Identifier: 
                keyid:4D:45:C1:68:38:BB:73:A9:69:A1:20:E7:ED:F5:22:A1:23:14:D7:9E

            X509v3 Key Usage: critical
                Digital Signature, Certificate Sign, CRL Sign
    Signature Algorithm: sha1WithRSAEncryption
         67:6b:06:b9:5f:45:3b:2a:4b:33:b3:e6:1b:6b:59:4e:22:cc:
         b9:b7:a4:25:c9:a7:c4:f0:54:96:0b:64:f3:b1:58:4f:5e:51:
         fc:b2:97:7b:27:65:c2:e5:ca:e7:0d:0c:25:7b:62:e3:fa:9f:
         b4:87:b7:45:46:af:83:a5:97:48:8c:a5:bd:f1:16:2b:9b:76:
         2c:7a:35:60:6c:11:80:97:cc:a9:92:52:e6:2b:e6:69:ed:a9:
         f8:36:2d:2c:77:bf:61:48:d1:63:0b:b9:5b:52:ed:18:b0:43:
         42:22:a6:b1:77:ae:de:69:c5:cd:c7:1c:a1:b1:a5:1c:10:fb:
         18:be:1a:70:dd:c1:92:4b:be:29:5a:9d:3f:35:be:e5:7d:51:
         f8:55:e0:25:75:23:87:1e:5c:dc:ba:9d:b0:ac:b3:69:db:17:
         83:c9:f7:de:0c:bc:08:dc:91:9e:a8:d0:d7:15:37:73:a5:35:
         b8:fc:7e:c5:44:40:06:c3:eb:f8:22:80:5c:47:ce:02:e3:11:
         9f:44:ff:fd:9a:32:cc:7d:64:51:0e:eb:57:26:76:3a:e3:1e:
         22:3c:c2:a6:36:dd:19:ef:a7:fc:12:f3:26:c0:59:31:85:4c:
         9c:d8:cf:df:a4:cc:cc:29:93:ff:94:6d:76:5c:13:08:97:f2:
         ed:a5:0b:4d:dd:e8:c9:68:0e:66:d3:00:0e:33:12:5b:bc:95:
         e5:32:90:a8:b3:c6:6c:83:ad:77:ee:8b:7e:7e:b1:a9:ab:d3:
         e1:f1:b6:c0:b1:ea:88:c0:e7:d3:90:e9:28:92:94:7b:68:7b:
         97:2a:0a:67:2d:85:02:38:10:e4:03:61:d4:da:25:36:c7:08:
         58:2d:a1:a7:51:af:30:0a:49:f5:a6:69:87:07:2d:44:46:76:
         8e:2a:e5:9a:3b:d7:18:a2:fc:9c:38:10:cc:c6:3b:d2:b5:17:
         3a:6f:fd:ae:25:bd:f5:72:59:64:b1:74:2a:38:5f:18:4c:df:
         cf:71:04:5a:36:d4:bf:2f:99:9c:e8:d9:ba:b1:95:e6:02:4b:
         21:a1:5b:d5:c1:4f:8f:ae:69:6d:53:db:01:93:b5:5c:1e:18:
         dd:64:5a:ca:18:28:3e:63:04:11:fd:1c:8d:00:0f:b8:37:df:
         67:8a:9d:66:a9:02:6a:91:ff:13:ca:2f:5d:83:bc:87:93:6c:
         dc:24:51:16:04:25:66:fa:b3:d9:c2:ba:29:be:9a:48:38:82:
         99:f4:bf:3b:4a:31:19:f9:bf:8e:21:33:14:ca:4f:54:5f:fb:
         ce:fb:8f:71:7f:fd:5e:19:a0:0f:4b:91:b8:c4:54:bc:06:b0:
         45:8f:26:91:a2:8e:fe:a9
SHA1 Fingerprint=85:B5:FF:67:9B:0C:79:96:1F:C8:6E:44:22:00:46:13:DB:17:92:84

This and the other AOL cert below were removed from Mozilla’s trust at the end of 2014. I’m definitely not an Android system hacker, so I don’t claim to understand the Android source tree. As noted earlier, these certs (minus Sony’s) appear to have been removed from one place (platform/system/ca-certificates), but they’re still present in the platform/libcore2/luni/src/main/files/cacerts (maybe that’s some other branch?).

73da149b.0
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 0 (0x0)
    Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=JP, O=Sony Computer Entertainment Inc., CN=SCEI DNAS Root 05
        Validity
            Not Before: Jul 12 09:01:19 2004 GMT
            Not After : Dec  6 09:01:19 2037 GMT
        Subject: C=JP, O=Sony Computer Entertainment Inc., CN=SCEI DNAS Root 05
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:d9:8f:7b:36:bc:3f:00:aa:94:8e:de:b0:e1:88:
                    92:84:84:4a:72:0d:83:bd:99:0f:75:2d:eb:78:f2:
                    ed:27:68:b6:13:c8:bc:60:6a:55:95:98:90:8a:6a:
                    25:82:5d:d4:8e:0d:87:ff:c8:a5:74:02:40:bd:0f:
                    9c:92:eb:87:d0:41:7a:8c:2a:32:e7:f9:34:da:b7:
                    52:cf:34:22:18:ae:f4:2b:cd:10:01:0e:d7:c8:37:
                    38:55:75:4d:87:52:c1:0e:73:52:c9:37:dc:e5:1e:
                    23:b8:78:68:13:c3:55:c6:57:61:e1:ed:75:b3:cb:
                    a9:ee:0a:f2:28:22:6a:7e:69:ae:b0:03:e5:2e:a1:
                    db:cb:7c:68:09:be:a8:c5:91:a3:e6:d6:db:90:7f:
                    f3:8d:57:c0:31:81:3f:bf:c8:c5:9b:fc:62:88:a8:
                    ac:2a:3c:d0:25:58:7b:a9:46:a1:4d:3c:79:ea:90:
                    89:a1:c8:e7:30:05:db:cd:43:59:94:a8:55:f2:e3:
                    25:41:16:98:49:f1:aa:bf:1a:3a:1b:33:44:67:8f:
                    8b:e1:22:ed:44:23:1c:3b:99:5f:da:cb:84:32:35:
                    cc:03:43:f8:10:36:e7:db:67:fe:2c:0e:a9:55:de:
                    db:43:9c:70:99:65:1c:97:06:e0:47:26:77:df:1f:
                    e6:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                C6:56:A1:33:5B:4F:CE:83:77:62:05:44:86:6D:20:57:B5:AF:DA:DC
            X509v3 Authority Key Identifier: 
                keyid:C6:56:A1:33:5B:4F:CE:83:77:62:05:44:86:6D:20:57:B5:AF:DA:DC
                DirName:/C=JP/O=Sony Computer Entertainment Inc./CN=SCEI DNAS Root 05
                serial:00

            X509v3 Basic Constraints: 
                CA:TRUE
    Signature Algorithm: sha1WithRSAEncryption
         09:93:e2:86:3c:17:03:6e:f0:27:4d:ed:10:a7:07:01:e1:4b:
         8b:c6:81:c3:6c:ac:1f:81:b0:b8:7d:5d:59:bd:d4:a6:ec:e7:
         58:e0:74:89:04:f5:c1:0a:1c:9c:41:58:08:9c:79:5c:51:27:
         8f:86:8b:5a:94:87:2c:4a:bf:b1:23:be:9b:2f:9a:3e:84:c4:
         b3:2d:b4:6a:31:7e:60:b6:19:9b:46:d9:c4:7e:74:08:96:21:
         ae:41:13:e0:2d:9a:0b:45:ef:84:6a:7d:93:52:50:d6:8d:16:
         eb:e7:05:4f:92:d3:95:76:a9:b2:af:01:b6:dd:f5:b7:e5:c3:
         3d:7e:d1:a8:65:78:58:67:a4:b7:78:4c:4f:bc:51:73:b2:56:
         5d:d0:10:8a:32:2b:6d:88:bc:9a:d6:cc:d3:b2:84:1a:73:d4:
         e8:84:fc:0b:8e:fe:d2:64:ae:ae:9c:0b:3a:85:8b:d6:d3:e0:
         a3:a7:8f:a4:b3:62:73:8a:ae:50:c8:21:f5:15:d5:8d:e4:f2:
         5c:e3:26:c9:87:5e:52:6d:a0:b7:ba:84:ae:f4:0e:36:58:be:
         e8:4a:66:86:6d:00:da:48:69:20:c1:d2:a5:08:d3:13:c8:15:
         ad:9a:78:d9:ae:be:ce:0d:62:63:2d:af:14:13:a6:89:0d:7b:
         19:15:25:d0
SHA1 Fingerprint=F2:29:23:F2:18:BA:B9:CD:96:6A:1F:DE:A3:C0:F4:34:B8:66:3A:22


bda4cc84.0
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
    Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=US, O=America Online Inc., CN=America Online Root Certification Authority 1
        Validity
            Not Before: May 28 06:00:00 2002 GMT
            Not After : Nov 19 20:43:00 2037 GMT
        Subject: C=US, O=America Online Inc., CN=America Online Root Certification Authority 1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:a8:2f:e8:a4:69:06:03:47:c3:e9:2a:98:ff:19:
                    a2:70:9a:c6:50:b2:7e:a5:df:68:4d:1b:7c:0f:b6:
                    97:68:7d:2d:a6:8b:97:e9:64:86:c9:a3:ef:a0:86:
                    bf:60:65:9c:4b:54:88:c2:48:c5:4a:39:bf:14:e3:
                    59:55:e5:19:b4:74:c8:b4:05:39:5c:16:a5:e2:95:
                    05:e0:12:ae:59:8b:a2:33:68:58:1c:a6:d4:15:b7:
                    d8:9f:d7:dc:71:ab:7e:9a:bf:9b:8e:33:0f:22:fd:
                    1f:2e:e7:07:36:ef:62:39:c5:dd:cb:ba:25:14:23:
                    de:0c:c6:3d:3c:ce:82:08:e6:66:3e:da:51:3b:16:
                    3a:a3:05:7f:a0:dc:87:d5:9c:fc:72:a9:a0:7d:78:
                    e4:b7:31:55:1e:65:bb:d4:61:b0:21:60:ed:10:32:
                    72:c5:92:25:1e:f8:90:4a:18:78:47:df:7e:30:37:
                    3e:50:1b:db:1c:d3:6b:9a:86:53:07:b0:ef:ac:06:
                    78:f8:84:99:fe:21:8d:4c:80:b6:0c:82:f6:66:70:
                    79:1a:d3:4f:a3:cf:f1:cf:46:b0:4b:0f:3e:dd:88:
                    62:b8:8c:a9:09:28:3b:7a:c7:97:e1:1e:e5:f4:9f:
                    c0:c0:ae:24:a0:c8:a1:d9:0f:d6:7b:26:82:69:32:
                    3d:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Subject Key Identifier: 
                00:AD:D9:A3:F6:79:F6:6E:74:A9:7F:33:3D:81:17:D7:4C:CF:33:DE
            X509v3 Authority Key Identifier: 
                keyid:00:AD:D9:A3:F6:79:F6:6E:74:A9:7F:33:3D:81:17:D7:4C:CF:33:DE

            X509v3 Key Usage: critical
                Digital Signature, Certificate Sign, CRL Sign
    Signature Algorithm: sha1WithRSAEncryption
         7c:8a:d1:1f:18:37:82:e0:b8:b0:a3:ed:56:95:c8:62:61:9c:
         05:a2:cd:c2:62:26:61:cd:10:16:d7:cc:b4:65:34:d0:11:8a:
         ad:a8:a9:05:66:ef:74:f3:6d:5f:9d:99:af:f6:8b:fb:eb:52:
         b2:05:98:a2:6f:2a:c5:54:bd:25:bd:5f:ae:c8:86:ea:46:2c:
         c1:b3:bd:c1:e9:49:70:18:16:97:08:13:8c:20:e0:1b:2e:3a:
         47:cb:1e:e4:00:30:95:5b:f4:45:a3:c0:1a:b0:01:4e:ab:bd:
         c0:23:6e:63:3f:80:4a:c5:07:ed:dc:e2:6f:c7:c1:62:f1:e3:
         72:d6:04:c8:74:67:0b:fa:88:ab:a1:01:c8:6f:f0:14:af:d2:
         99:cd:51:93:7e:ed:2e:38:c7:bd:ce:46:50:3d:72:e3:79:25:
         9d:9b:88:2b:10:20:dd:a5:b8:32:9f:8d:e0:29:df:21:74:86:
         82:db:2f:82:30:c6:c7:35:86:b3:f9:96:5f:46:db:0c:45:fd:
         f3:50:c3:6f:c6:c3:48:ad:46:a6:e1:27:47:0a:1d:0e:9b:b6:
         c2:77:7f:63:f2:e0:7d:1a:be:fc:e0:df:d7:c7:a7:6c:b0:f9:
         ae:ba:3c:fd:74:b4:11:e8:58:0d:80:bc:d3:a8:80:3a:99:ed:
         75:cc:46:7b
SHA1 Fingerprint=39:21:C1:15:C1:5D:0E:CA:5C:CB:5B:C4:F0:7D:21:D8:05:0B:56:6A


c33a80d4.0
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            36:12:22:96:c5:e3:38:a5:20:a1:d2:5f:4c:d7:09:54
    Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA/emailAddress=premium-server@thawte.com
        Validity
            Not Before: Aug  1 00:00:00 1996 GMT
            Not After : Jan  1 23:59:59 2021 GMT
        Subject: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA/emailAddress=premium-server@thawte.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (1024 bit)
                Modulus:
                    00:d2:36:36:6a:8b:d7:c2:5b:9e:da:81:41:62:8f:
                    38:ee:49:04:55:d6:d0:ef:1c:1b:95:16:47:ef:18:
                    48:35:3a:52:f4:2b:6a:06:8f:3b:2f:ea:56:e3:af:
                    86:8d:9e:17:f7:9e:b4:65:75:02:4d:ef:cb:09:a2:
                    21:51:d8:9b:d0:67:d0:ba:0d:92:06:14:73:d4:93:
                    cb:97:2a:00:9c:5c:4e:0c:bc:fa:15:52:fc:f2:44:
                    6e:da:11:4a:6e:08:9f:2f:2d:e3:f9:aa:3a:86:73:
                    b6:46:53:58:c8:89:05:bd:83:11:b8:73:3f:aa:07:
                    8d:f4:42:4d:e7:40:9d:1c:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:TRUE
    Signature Algorithm: sha1WithRSAEncryption
         65:90:ac:88:0f:56:d9:e6:30:34:d4:26:c7:d0:50:f1:92:de:
         6b:d4:39:88:09:22:c6:a6:63:83:03:f7:99:77:d8:b2:e5:18:
         b8:5d:63:f3:d4:73:fb:6c:9c:99:78:f1:4b:78:7d:19:24:c3:
         2b:02:84:f8:bc:22:d9:8a:22:d7:a0:fc:71:ec:91:87:20:f1:
         b8:ec:b1:e5:55:80:ac:3d:52:c8:39:0e:c2:f0:c0:05:4f:d6:
         82:75:8c:bd:5f:d2:dc:76:9a:05:12:c9:af:72:c3:dc:25:7e:
         a4:4d:8e:17:a5:e0:87:7f:e1:9a:5a:e1:60:dc:64:23:3c:42:
         2e:4d
SHA1 Fingerprint=E0:AB:05:94:20:72:54:93:05:60:62:02:36:70:F7:CD:2E:FC:66:66


ddc328ff.0
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:a4:ff:f6:30:af:4c:a5:3c:33:17:42:a1:94:66:75
    Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Server CA/emailAddress=server-certs@thawte.com
        Validity
            Not Before: Aug  1 00:00:00 1996 GMT
            Not After : Jan  1 23:59:59 2021 GMT
        Subject: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Server CA/emailAddress=server-certs@thawte.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (1024 bit)
                Modulus:
                    00:d3:a4:50:6e:c8:ff:56:6b:e6:cf:5d:b6:ea:0c:
                    68:75:47:a2:aa:c2:da:84:25:fc:a8:f4:47:51:da:
                    85:b5:20:74:94:86:1e:0f:75:c9:e9:08:61:f5:06:
                    6d:30:6e:15:19:02:e9:52:c0:62:db:4d:99:9e:e2:
                    6a:0c:44:38:cd:fe:be:e3:64:09:70:c5:fe:b1:6b:
                    29:b6:2f:49:c8:3b:d4:27:04:25:10:97:2f:e7:90:
                    6d:c0:28:42:99:d7:4c:43:de:c3:f5:21:6d:54:9f:
                    5d:c3:58:e1:c0:e4:d9:5b:b0:b8:dc:b4:7b:df:36:
                    3a:c2:b5:66:22:12:d6:87:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:TRUE
    Signature Algorithm: sha1WithRSAEncryption
         be:40:69:41:6f:c6:db:c1:a7:bf:07:c0:45:e4:d0:b5:43:1e:
         4c:95:33:35:e9:5e:c2:3e:28:f6:a8:0d:50:d5:ff:e2:0c:0f:
         fc:50:02:8e:ae:91:b9:ad:34:8a:8d:9f:27:71:aa:19:cc:4b:
         e8:04:ca:d4:17:6b:12:1a:d6:c6:5f:d6:cd:5e:ff:89:76:bf:
         d8:48:d8:59:bd:08:8a:89:1d:57:cd:45:1e:52:ba:12:9a:84:
         fa:18:89:5f:e8:f9:30:35:6a:01:60:b9:99:80:83:85:0a:6e:
         da:f4:c9:8f:5e:73:2d:31:4a:63:a0:74:f2:1f:8b:22:d2:29:
         3e:eb
SHA1 Fingerprint=9F:AD:91:A6:CE:6A:C6:C5:00:47:C4:4E:C9:D4:A5:0D:92:D8:49:79

Leave a Reply