I got curious today about the CA certificates present on my current phone, the Sony Xperia Z5 Compact (E5823), running Android 5.1.1.<\/p>\n
It turns out it’s pretty easy to pull the CA certs from an Android device (even easier than before). Assuming you have adb set up and working with your device already: The certificates are now stored in standard PEM format, so they’re super easy to use in formats we want. I’m running an Ubuntu 15.10 system currently, so I’m using that as a baseline to ‘diff’ the Android CA certs against (using an admittedly cursory check to just match the first line of the cert): This turned up a list of six root certificates trusted by my phone that aren’t trusted by my desktop: In order to find out what these six CA certificates represent to be, we repeat the previous command (!!) piped into openssl to decode them into human-readable format: After some research, it turns out that four of these certificates were removed from the Android source tree<\/a> in October, 2015, and another earlier in June, 2015<\/a>, all of which were part of efforts to eliminate 1024-bit RSA keys, but the changes haven’t made it to my device yet. Ah, the joys of the Android update distribution model.<\/p>\n However, one certificate remains unaccounted for: C=JP, O=Sony Computer Entertainment Inc., CN=SCEI DNAS Root 05, SHA1 Fingerprint=F2:29:23:F2:18:BA:B9:CD:96:6A:1F:DE:A3:C0:F4:34:B8:66:3A:22. I find it somewhat odd that, as of the time of this writing, there are no Google search results for that SHA1 fingerprint, though “SCEI DNAS Root 05” does turn up some results. One may easily surmise this is Sony’s own CA. It’s all well and good that they don’t want to buy expensive certificates for their numerous proprietary services that only their devices will use, but I do take issue with this approach, since it exposes the rest of the system—native components and third-party apps—to MITM<\/acronym> attacks once their CA is compromised. (I know that its subsidiaries operate with quite a bit of independence, but Sony hasn’t engendered great trust<\/a> in their digital security.)<\/p>\n For those who are curious, the list was as follows, with some commentary for each:<\/p>\n This certificate does match that presented by E-Guven<\/a>, but investigating its SHA-1 fingerprint<\/a> uncovered a series<\/a> of<\/a> pages<\/a> explaining why the e-Guven CA Certificatee-Guven CA Certificate will no longer be trusted. Google must have missed the memo (or they’re just more trusting than the folks at Mozilla).<\/p>\n This and the other AOL cert below were removed from Mozilla’s trust<\/a> at the end of 2014. I’m definitely not an Android system hacker, so I don’t claim to understand the Android source tree. As noted earlier, these certs (minus Sony’s) appear to have been removed<\/a> from one place (platform\/system\/ca-certificates), but they’re still present in the platform\/libcore2\/luni\/src\/main\/files\/cacerts<\/a> (maybe that’s some other branch?).<\/p>\n I got curious today about the CA certificates present on my current phone, the Sony Xperia Z5 Compact (E5823), running Android 5.1.1. It turns out it’s pretty easy to pull the CA certs from an Android device (even easier than before). Assuming you have adb set up and working with your device already: $ adb […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-252","post","type-post","status-publish","format-standard","hentry","category-general"],"_links":{"self":[{"href":"http:\/\/www.p14nd4.com\/blog\/wp-json\/wp\/v2\/posts\/252","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.p14nd4.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.p14nd4.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.p14nd4.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.p14nd4.com\/blog\/wp-json\/wp\/v2\/comments?post=252"}],"version-history":[{"count":4,"href":"http:\/\/www.p14nd4.com\/blog\/wp-json\/wp\/v2\/posts\/252\/revisions"}],"predecessor-version":[{"id":257,"href":"http:\/\/www.p14nd4.com\/blog\/wp-json\/wp\/v2\/posts\/252\/revisions\/257"}],"wp:attachment":[{"href":"http:\/\/www.p14nd4.com\/blog\/wp-json\/wp\/v2\/media?parent=252"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.p14nd4.com\/blog\/wp-json\/wp\/v2\/categories?post=252"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.p14nd4.com\/blog\/wp-json\/wp\/v2\/tags?post=252"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\n$ adb pull \/system\/etc\/security\/cacerts cacerts<\/code><\/p>\n
\n$ for i in cacerts\/* ; do if ! $(grep -q $(sed -n 2p $i) \/etc\/ssl\/certs\/ca-certificates.crt) ; then echo $i ; fi ; done<\/code><\/p>\n
\n<\/p>\n
\n2fb1850a.0
\n73da149b.0
\nbda4cc84.0
\nc33a80d4.0
\nddc328ff.0<\/div>\n
\n$ !! | while read line ; do echo $line ; openssl x509 -in $line -text -sha1 -fingerprint -noout ; echo ; echo ; done<\/code><\/p>\n0d188d89.0\r\nCertificate:\r\n Data:\r\n Version: 3 (0x2)\r\n Serial Number:\r\n 44:99:8d:3c:c0:03:27:bd:9c:76:95:b9:ea:db:ac:b5\r\n Signature Algorithm: sha1WithRSAEncryption\r\n Issuer: C=TR, O=Elektronik Bilgi Guvenligi A.S., CN=e-Guven Kok Elektronik Sertifika Hizmet Saglayicisi\r\n Validity\r\n Not Before: Jan 4 11:32:48 2007 GMT\r\n Not After : Jan 4 11:32:48 2017 GMT\r\n Subject: C=TR, O=Elektronik Bilgi Guvenligi A.S., CN=e-Guven Kok Elektronik Sertifika Hizmet Saglayicisi\r\n Subject Public Key Info:\r\n Public Key Algorithm: rsaEncryption\r\n Public-Key: (2048 bit)\r\n Modulus:\r\n 00:c3:12:20:9e:b0:5e:00:65:8d:4e:46:bb:80:5c:\r\n e9:2c:06:97:d5:f3:72:c9:70:b9:e7:4b:65:80:c1:\r\n 4b:be:7e:3c:d7:54:31:94:de:d5:12:ba:53:16:02:\r\n ea:58:63:ef:5b:d8:f3:ed:2a:1a:aa:71:48:a3:dc:\r\n 10:2d:5f:5f:eb:5c:4b:9c:96:08:42:25:28:11:cc:\r\n 8a:5a:62:01:50:d5:eb:09:53:2f:f8:c3:8f:fe:b3:\r\n fc:fd:9d:a2:e3:5f:7d:be:ed:0b:e0:60:eb:69:ec:\r\n 33:ed:d8:8d:fb:12:49:83:00:c9:8b:97:8c:3b:73:\r\n 2a:32:b3:12:f7:b9:4d:f2:f4:4d:6d:c7:e6:d6:26:\r\n 37:08:f2:d9:fd:6b:5c:a3:e5:48:5c:58:bc:42:be:\r\n 03:5a:81:ba:1c:35:0c:00:d3:f5:23:7e:71:30:08:\r\n 26:38:dc:25:11:47:2d:f3:ba:23:10:a5:bf:bc:02:\r\n f7:43:5e:c7:fe:b0:37:50:99:7b:0f:93:ce:e6:43:\r\n 2c:c3:7e:0d:f2:1c:43:66:60:cb:61:31:47:87:a3:\r\n 4f:ae:bd:56:6c:4c:bc:bc:f8:05:ca:64:f4:e9:34:\r\n a1:2c:b5:73:e1:c2:3e:e8:c8:c9:34:25:08:5c:f3:\r\n ed:a6:c7:94:9f:ad:88:43:25:d7:e1:39:60:fe:ac:\r\n 39:59\r\n Exponent: 65537 (0x10001)\r\n X509v3 extensions:\r\n X509v3 Key Usage: critical\r\n Certificate Sign, CRL Sign\r\n X509v3 Basic Constraints: critical\r\n CA:TRUE\r\n X509v3 Subject Key Identifier: \r\n 9F:EE:44:B3:94:D5:FA:91:4F:2E:D9:55:9A:04:56:DB:2D:C4:DB:A5\r\n Signature Algorithm: sha1WithRSAEncryption\r\n 7f:5f:b9:53:5b:63:3d:75:32:e7:fa:c4:74:1a:cb:46:df:46:\r\n 69:1c:52:cf:aa:4f:c2:68:eb:ff:80:a9:51:e8:3d:62:77:89:\r\n 3d:0a:75:39:f1:6e:5d:17:87:6f:68:05:c1:94:6c:d9:5d:df:\r\n da:b2:59:cb:a5:10:8a:ca:cc:39:cd:9f:eb:4e:de:52:ff:0c:\r\n f0:f4:92:a9:f2:6c:53:ab:9b:d2:47:a0:1f:74:f7:9b:9a:f1:\r\n 2f:15:9f:7a:64:30:18:07:3c:2a:0f:67:ca:fc:0f:89:61:9d:\r\n 65:a5:3c:e5:bc:13:5b:08:db:e3:ff:ed:bb:06:bb:6a:06:b1:\r\n 7a:4f:65:c6:82:fd:1e:9c:8b:b5:0d:ee:48:bb:b8:bd:aa:08:\r\n b4:fb:a3:7c:cb:9f:cd:90:76:5c:86:96:78:57:0a:66:f9:58:\r\n 1a:9d:fd:97:29:60:de:11:a6:90:1c:19:1c:ee:01:96:22:34:\r\n 34:2e:91:f9:b7:c4:27:d1:7b:e6:bf:fb:80:44:5a:16:e5:eb:\r\n e0:d4:0a:38:bc:e4:91:e3:d5:eb:5c:c1:ac:df:1b:6a:7c:9e:\r\n e5:75:d2:b6:97:87:db:cc:87:2b:43:3a:84:08:af:ab:3c:db:\r\n f7:3c:66:31:86:b0:9d:53:79:ed:f8:23:de:42:e3:2d:82:f1:\r\n 0f:e5:fa:97\r\nSHA1 Fingerprint=DD:E1:D2:A9:01:80:2E:1D:87:5E:84:B3:80:7E:4B:B1:FD:99:41:34<\/pre>\n
2fb1850a.0\r\nCertificate:\r\n Data:\r\n Version: 3 (0x2)\r\n Serial Number: 1 (0x1)\r\n Signature Algorithm: sha1WithRSAEncryption\r\n Issuer: C=US, O=America Online Inc., CN=America Online Root Certification Authority 2\r\n Validity\r\n Not Before: May 28 06:00:00 2002 GMT\r\n Not After : Sep 29 14:08:00 2037 GMT\r\n Subject: C=US, O=America Online Inc., CN=America Online Root Certification Authority 2\r\n Subject Public Key Info:\r\n Public Key Algorithm: rsaEncryption\r\n Public-Key: (4096 bit)\r\n Modulus:\r\n 00:cc:41:45:1d:e9:3d:4d:10:f6:8c:b1:41:c9:e0:\r\n 5e:cb:0d:b7:bf:47:73:d3:f0:55:4d:dd:c6:0c:fa:\r\n b1:66:05:6a:cd:78:b4:dc:02:db:4e:81:f3:d7:a7:\r\n 7c:71:bc:75:63:a0:5d:e3:07:0c:48:ec:25:c4:03:\r\n 20:f4:ff:0e:3b:12:ff:9b:8d:e1:c6:d5:1b:b4:6d:\r\n 22:e3:b1:db:7f:21:64:af:86:bc:57:22:2a:d6:47:\r\n 81:57:44:82:56:53:bd:86:14:01:0b:fc:7f:74:a4:\r\n 5a:ae:f1:ba:11:b5:9b:58:5a:80:b4:37:78:09:33:\r\n 7c:32:47:03:5c:c4:a5:83:48:f4:57:56:6e:81:36:\r\n 27:18:4f:ec:9b:28:c2:d4:b4:d7:7c:0c:3e:0c:2b:\r\n df:ca:04:d7:c6:8e:ea:58:4e:a8:a4:a5:18:1c:6c:\r\n 45:98:a3:41:d1:2d:d2:c7:6d:8d:19:f1:ad:79:b7:\r\n 81:3f:bd:06:82:27:2d:10:58:05:b5:78:05:b9:2f:\r\n db:0c:6b:90:90:7e:14:59:38:bb:94:24:13:e5:d1:\r\n 9d:14:df:d3:82:4d:46:f0:80:39:52:32:0f:e3:84:\r\n b2:7a:43:f2:5e:de:5f:3f:1d:dd:e3:b2:1b:a0:a1:\r\n 2a:23:03:6e:2e:01:15:87:5c:a6:75:75:c7:97:61:\r\n be:de:86:dc:d4:48:db:bd:2a:bf:4a:55:da:e8:7d:\r\n 50:fb:b4:80:17:b8:94:bf:01:3d:ea:da:ba:7c:e0:\r\n 58:67:17:b9:58:e0:88:86:46:67:6c:9d:10:47:58:\r\n 32:d0:35:7c:79:2a:90:a2:5a:10:11:23:35:ad:2f:\r\n cc:e4:4a:5b:a7:c8:27:f2:83:de:5e:bb:5e:77:e7:\r\n e8:a5:6e:63:c2:0d:5d:61:d0:8c:d2:6c:5a:21:0e:\r\n ca:28:a3:ce:2a:e9:95:c7:48:cf:96:6f:1d:92:25:\r\n c8:c6:c6:c1:c1:0c:05:ac:26:c4:d2:75:d2:e1:2a:\r\n 67:c0:3d:5b:a5:9a:eb:cf:7b:1a:a8:9d:14:45:e5:\r\n 0f:a0:9a:65:de:2f:28:bd:ce:6f:94:66:83:48:29:\r\n d8:ea:65:8c:af:93:d9:64:9f:55:57:26:bf:6f:cb:\r\n 37:31:99:a3:60:bb:1c:ad:89:34:32:62:b8:43:21:\r\n 06:72:0c:a1:5c:6d:46:c5:fa:29:cf:30:de:89:dc:\r\n 71:5b:dd:b6:37:3e:df:50:f5:b8:07:25:26:e5:bc:\r\n b5:fe:3c:02:b3:b7:f8:be:43:c1:87:11:94:9e:23:\r\n 6c:17:8a:b8:8a:27:0c:54:47:f0:a9:b3:c0:80:8c:\r\n a0:27:eb:1d:19:e3:07:8e:77:70:ca:2b:f4:7d:76:\r\n e0:78:67\r\n Exponent: 65537 (0x10001)\r\n X509v3 extensions:\r\n X509v3 Basic Constraints: critical\r\n CA:TRUE\r\n X509v3 Subject Key Identifier: \r\n 4D:45:C1:68:38:BB:73:A9:69:A1:20:E7:ED:F5:22:A1:23:14:D7:9E\r\n X509v3 Authority Key Identifier: \r\n keyid:4D:45:C1:68:38:BB:73:A9:69:A1:20:E7:ED:F5:22:A1:23:14:D7:9E\r\n\r\n X509v3 Key Usage: critical\r\n Digital Signature, Certificate Sign, CRL Sign\r\n Signature Algorithm: sha1WithRSAEncryption\r\n 67:6b:06:b9:5f:45:3b:2a:4b:33:b3:e6:1b:6b:59:4e:22:cc:\r\n b9:b7:a4:25:c9:a7:c4:f0:54:96:0b:64:f3:b1:58:4f:5e:51:\r\n fc:b2:97:7b:27:65:c2:e5:ca:e7:0d:0c:25:7b:62:e3:fa:9f:\r\n b4:87:b7:45:46:af:83:a5:97:48:8c:a5:bd:f1:16:2b:9b:76:\r\n 2c:7a:35:60:6c:11:80:97:cc:a9:92:52:e6:2b:e6:69:ed:a9:\r\n f8:36:2d:2c:77:bf:61:48:d1:63:0b:b9:5b:52:ed:18:b0:43:\r\n 42:22:a6:b1:77:ae:de:69:c5:cd:c7:1c:a1:b1:a5:1c:10:fb:\r\n 18:be:1a:70:dd:c1:92:4b:be:29:5a:9d:3f:35:be:e5:7d:51:\r\n f8:55:e0:25:75:23:87:1e:5c:dc:ba:9d:b0:ac:b3:69:db:17:\r\n 83:c9:f7:de:0c:bc:08:dc:91:9e:a8:d0:d7:15:37:73:a5:35:\r\n b8:fc:7e:c5:44:40:06:c3:eb:f8:22:80:5c:47:ce:02:e3:11:\r\n 9f:44:ff:fd:9a:32:cc:7d:64:51:0e:eb:57:26:76:3a:e3:1e:\r\n 22:3c:c2:a6:36:dd:19:ef:a7:fc:12:f3:26:c0:59:31:85:4c:\r\n 9c:d8:cf:df:a4:cc:cc:29:93:ff:94:6d:76:5c:13:08:97:f2:\r\n ed:a5:0b:4d:dd:e8:c9:68:0e:66:d3:00:0e:33:12:5b:bc:95:\r\n e5:32:90:a8:b3:c6:6c:83:ad:77:ee:8b:7e:7e:b1:a9:ab:d3:\r\n e1:f1:b6:c0:b1:ea:88:c0:e7:d3:90:e9:28:92:94:7b:68:7b:\r\n 97:2a:0a:67:2d:85:02:38:10:e4:03:61:d4:da:25:36:c7:08:\r\n 58:2d:a1:a7:51:af:30:0a:49:f5:a6:69:87:07:2d:44:46:76:\r\n 8e:2a:e5:9a:3b:d7:18:a2:fc:9c:38:10:cc:c6:3b:d2:b5:17:\r\n 3a:6f:fd:ae:25:bd:f5:72:59:64:b1:74:2a:38:5f:18:4c:df:\r\n cf:71:04:5a:36:d4:bf:2f:99:9c:e8:d9:ba:b1:95:e6:02:4b:\r\n 21:a1:5b:d5:c1:4f:8f:ae:69:6d:53:db:01:93:b5:5c:1e:18:\r\n dd:64:5a:ca:18:28:3e:63:04:11:fd:1c:8d:00:0f:b8:37:df:\r\n 67:8a:9d:66:a9:02:6a:91:ff:13:ca:2f:5d:83:bc:87:93:6c:\r\n dc:24:51:16:04:25:66:fa:b3:d9:c2:ba:29:be:9a:48:38:82:\r\n 99:f4:bf:3b:4a:31:19:f9:bf:8e:21:33:14:ca:4f:54:5f:fb:\r\n ce:fb:8f:71:7f:fd:5e:19:a0:0f:4b:91:b8:c4:54:bc:06:b0:\r\n 45:8f:26:91:a2:8e:fe:a9\r\nSHA1 Fingerprint=85:B5:FF:67:9B:0C:79:96:1F:C8:6E:44:22:00:46:13:DB:17:92:84<\/pre>\n
73da149b.0\r\nCertificate:\r\n Data:\r\n Version: 3 (0x2)\r\n Serial Number: 0 (0x0)\r\n Signature Algorithm: sha1WithRSAEncryption\r\n Issuer: C=JP, O=Sony Computer Entertainment Inc., CN=SCEI DNAS Root 05\r\n Validity\r\n Not Before: Jul 12 09:01:19 2004 GMT\r\n Not After : Dec 6 09:01:19 2037 GMT\r\n Subject: C=JP, O=Sony Computer Entertainment Inc., CN=SCEI DNAS Root 05\r\n Subject Public Key Info:\r\n Public Key Algorithm: rsaEncryption\r\n Public-Key: (2048 bit)\r\n Modulus:\r\n 00:d9:8f:7b:36:bc:3f:00:aa:94:8e:de:b0:e1:88:\r\n 92:84:84:4a:72:0d:83:bd:99:0f:75:2d:eb:78:f2:\r\n ed:27:68:b6:13:c8:bc:60:6a:55:95:98:90:8a:6a:\r\n 25:82:5d:d4:8e:0d:87:ff:c8:a5:74:02:40:bd:0f:\r\n 9c:92:eb:87:d0:41:7a:8c:2a:32:e7:f9:34:da:b7:\r\n 52:cf:34:22:18:ae:f4:2b:cd:10:01:0e:d7:c8:37:\r\n 38:55:75:4d:87:52:c1:0e:73:52:c9:37:dc:e5:1e:\r\n 23:b8:78:68:13:c3:55:c6:57:61:e1:ed:75:b3:cb:\r\n a9:ee:0a:f2:28:22:6a:7e:69:ae:b0:03:e5:2e:a1:\r\n db:cb:7c:68:09:be:a8:c5:91:a3:e6:d6:db:90:7f:\r\n f3:8d:57:c0:31:81:3f:bf:c8:c5:9b:fc:62:88:a8:\r\n ac:2a:3c:d0:25:58:7b:a9:46:a1:4d:3c:79:ea:90:\r\n 89:a1:c8:e7:30:05:db:cd:43:59:94:a8:55:f2:e3:\r\n 25:41:16:98:49:f1:aa:bf:1a:3a:1b:33:44:67:8f:\r\n 8b:e1:22:ed:44:23:1c:3b:99:5f:da:cb:84:32:35:\r\n cc:03:43:f8:10:36:e7:db:67:fe:2c:0e:a9:55:de:\r\n db:43:9c:70:99:65:1c:97:06:e0:47:26:77:df:1f:\r\n e6:a3\r\n Exponent: 65537 (0x10001)\r\n X509v3 extensions:\r\n X509v3 Subject Key Identifier: \r\n C6:56:A1:33:5B:4F:CE:83:77:62:05:44:86:6D:20:57:B5:AF:DA:DC\r\n X509v3 Authority Key Identifier: \r\n keyid:C6:56:A1:33:5B:4F:CE:83:77:62:05:44:86:6D:20:57:B5:AF:DA:DC\r\n DirName:\/C=JP\/O=Sony Computer Entertainment Inc.\/CN=SCEI DNAS Root 05\r\n serial:00\r\n\r\n X509v3 Basic Constraints: \r\n CA:TRUE\r\n Signature Algorithm: sha1WithRSAEncryption\r\n 09:93:e2:86:3c:17:03:6e:f0:27:4d:ed:10:a7:07:01:e1:4b:\r\n 8b:c6:81:c3:6c:ac:1f:81:b0:b8:7d:5d:59:bd:d4:a6:ec:e7:\r\n 58:e0:74:89:04:f5:c1:0a:1c:9c:41:58:08:9c:79:5c:51:27:\r\n 8f:86:8b:5a:94:87:2c:4a:bf:b1:23:be:9b:2f:9a:3e:84:c4:\r\n b3:2d:b4:6a:31:7e:60:b6:19:9b:46:d9:c4:7e:74:08:96:21:\r\n ae:41:13:e0:2d:9a:0b:45:ef:84:6a:7d:93:52:50:d6:8d:16:\r\n eb:e7:05:4f:92:d3:95:76:a9:b2:af:01:b6:dd:f5:b7:e5:c3:\r\n 3d:7e:d1:a8:65:78:58:67:a4:b7:78:4c:4f:bc:51:73:b2:56:\r\n 5d:d0:10:8a:32:2b:6d:88:bc:9a:d6:cc:d3:b2:84:1a:73:d4:\r\n e8:84:fc:0b:8e:fe:d2:64:ae:ae:9c:0b:3a:85:8b:d6:d3:e0:\r\n a3:a7:8f:a4:b3:62:73:8a:ae:50:c8:21:f5:15:d5:8d:e4:f2:\r\n 5c:e3:26:c9:87:5e:52:6d:a0:b7:ba:84:ae:f4:0e:36:58:be:\r\n e8:4a:66:86:6d:00:da:48:69:20:c1:d2:a5:08:d3:13:c8:15:\r\n ad:9a:78:d9:ae:be:ce:0d:62:63:2d:af:14:13:a6:89:0d:7b:\r\n 19:15:25:d0\r\nSHA1 Fingerprint=F2:29:23:F2:18:BA:B9:CD:96:6A:1F:DE:A3:C0:F4:34:B8:66:3A:22\r\n\r\n\r\nbda4cc84.0\r\nCertificate:\r\n Data:\r\n Version: 3 (0x2)\r\n Serial Number: 1 (0x1)\r\n Signature Algorithm: sha1WithRSAEncryption\r\n Issuer: C=US, O=America Online Inc., CN=America Online Root Certification Authority 1\r\n Validity\r\n Not Before: May 28 06:00:00 2002 GMT\r\n Not After : Nov 19 20:43:00 2037 GMT\r\n Subject: C=US, O=America Online Inc., CN=America Online Root Certification Authority 1\r\n Subject Public Key Info:\r\n Public Key Algorithm: rsaEncryption\r\n Public-Key: (2048 bit)\r\n Modulus:\r\n 00:a8:2f:e8:a4:69:06:03:47:c3:e9:2a:98:ff:19:\r\n a2:70:9a:c6:50:b2:7e:a5:df:68:4d:1b:7c:0f:b6:\r\n 97:68:7d:2d:a6:8b:97:e9:64:86:c9:a3:ef:a0:86:\r\n bf:60:65:9c:4b:54:88:c2:48:c5:4a:39:bf:14:e3:\r\n 59:55:e5:19:b4:74:c8:b4:05:39:5c:16:a5:e2:95:\r\n 05:e0:12:ae:59:8b:a2:33:68:58:1c:a6:d4:15:b7:\r\n d8:9f:d7:dc:71:ab:7e:9a:bf:9b:8e:33:0f:22:fd:\r\n 1f:2e:e7:07:36:ef:62:39:c5:dd:cb:ba:25:14:23:\r\n de:0c:c6:3d:3c:ce:82:08:e6:66:3e:da:51:3b:16:\r\n 3a:a3:05:7f:a0:dc:87:d5:9c:fc:72:a9:a0:7d:78:\r\n e4:b7:31:55:1e:65:bb:d4:61:b0:21:60:ed:10:32:\r\n 72:c5:92:25:1e:f8:90:4a:18:78:47:df:7e:30:37:\r\n 3e:50:1b:db:1c:d3:6b:9a:86:53:07:b0:ef:ac:06:\r\n 78:f8:84:99:fe:21:8d:4c:80:b6:0c:82:f6:66:70:\r\n 79:1a:d3:4f:a3:cf:f1:cf:46:b0:4b:0f:3e:dd:88:\r\n 62:b8:8c:a9:09:28:3b:7a:c7:97:e1:1e:e5:f4:9f:\r\n c0:c0:ae:24:a0:c8:a1:d9:0f:d6:7b:26:82:69:32:\r\n 3d:a7\r\n Exponent: 65537 (0x10001)\r\n X509v3 extensions:\r\n X509v3 Basic Constraints: critical\r\n CA:TRUE\r\n X509v3 Subject Key Identifier: \r\n 00:AD:D9:A3:F6:79:F6:6E:74:A9:7F:33:3D:81:17:D7:4C:CF:33:DE\r\n X509v3 Authority Key Identifier: \r\n keyid:00:AD:D9:A3:F6:79:F6:6E:74:A9:7F:33:3D:81:17:D7:4C:CF:33:DE\r\n\r\n X509v3 Key Usage: critical\r\n Digital Signature, Certificate Sign, CRL Sign\r\n Signature Algorithm: sha1WithRSAEncryption\r\n 7c:8a:d1:1f:18:37:82:e0:b8:b0:a3:ed:56:95:c8:62:61:9c:\r\n 05:a2:cd:c2:62:26:61:cd:10:16:d7:cc:b4:65:34:d0:11:8a:\r\n ad:a8:a9:05:66:ef:74:f3:6d:5f:9d:99:af:f6:8b:fb:eb:52:\r\n b2:05:98:a2:6f:2a:c5:54:bd:25:bd:5f:ae:c8:86:ea:46:2c:\r\n c1:b3:bd:c1:e9:49:70:18:16:97:08:13:8c:20:e0:1b:2e:3a:\r\n 47:cb:1e:e4:00:30:95:5b:f4:45:a3:c0:1a:b0:01:4e:ab:bd:\r\n c0:23:6e:63:3f:80:4a:c5:07:ed:dc:e2:6f:c7:c1:62:f1:e3:\r\n 72:d6:04:c8:74:67:0b:fa:88:ab:a1:01:c8:6f:f0:14:af:d2:\r\n 99:cd:51:93:7e:ed:2e:38:c7:bd:ce:46:50:3d:72:e3:79:25:\r\n 9d:9b:88:2b:10:20:dd:a5:b8:32:9f:8d:e0:29:df:21:74:86:\r\n 82:db:2f:82:30:c6:c7:35:86:b3:f9:96:5f:46:db:0c:45:fd:\r\n f3:50:c3:6f:c6:c3:48:ad:46:a6:e1:27:47:0a:1d:0e:9b:b6:\r\n c2:77:7f:63:f2:e0:7d:1a:be:fc:e0:df:d7:c7:a7:6c:b0:f9:\r\n ae:ba:3c:fd:74:b4:11:e8:58:0d:80:bc:d3:a8:80:3a:99:ed:\r\n 75:cc:46:7b\r\nSHA1 Fingerprint=39:21:C1:15:C1:5D:0E:CA:5C:CB:5B:C4:F0:7D:21:D8:05:0B:56:6A\r\n\r\n\r\nc33a80d4.0\r\nCertificate:\r\n Data:\r\n Version: 3 (0x2)\r\n Serial Number:\r\n 36:12:22:96:c5:e3:38:a5:20:a1:d2:5f:4c:d7:09:54\r\n Signature Algorithm: sha1WithRSAEncryption\r\n Issuer: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA\/emailAddress=premium-server@thawte.com\r\n Validity\r\n Not Before: Aug 1 00:00:00 1996 GMT\r\n Not After : Jan 1 23:59:59 2021 GMT\r\n Subject: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA\/emailAddress=premium-server@thawte.com\r\n Subject Public Key Info:\r\n Public Key Algorithm: rsaEncryption\r\n Public-Key: (1024 bit)\r\n Modulus:\r\n 00:d2:36:36:6a:8b:d7:c2:5b:9e:da:81:41:62:8f:\r\n 38:ee:49:04:55:d6:d0:ef:1c:1b:95:16:47:ef:18:\r\n 48:35:3a:52:f4:2b:6a:06:8f:3b:2f:ea:56:e3:af:\r\n 86:8d:9e:17:f7:9e:b4:65:75:02:4d:ef:cb:09:a2:\r\n 21:51:d8:9b:d0:67:d0:ba:0d:92:06:14:73:d4:93:\r\n cb:97:2a:00:9c:5c:4e:0c:bc:fa:15:52:fc:f2:44:\r\n 6e:da:11:4a:6e:08:9f:2f:2d:e3:f9:aa:3a:86:73:\r\n b6:46:53:58:c8:89:05:bd:83:11:b8:73:3f:aa:07:\r\n 8d:f4:42:4d:e7:40:9d:1c:37\r\n Exponent: 65537 (0x10001)\r\n X509v3 extensions:\r\n X509v3 Basic Constraints: critical\r\n CA:TRUE\r\n Signature Algorithm: sha1WithRSAEncryption\r\n 65:90:ac:88:0f:56:d9:e6:30:34:d4:26:c7:d0:50:f1:92:de:\r\n 6b:d4:39:88:09:22:c6:a6:63:83:03:f7:99:77:d8:b2:e5:18:\r\n b8:5d:63:f3:d4:73:fb:6c:9c:99:78:f1:4b:78:7d:19:24:c3:\r\n 2b:02:84:f8:bc:22:d9:8a:22:d7:a0:fc:71:ec:91:87:20:f1:\r\n b8:ec:b1:e5:55:80:ac:3d:52:c8:39:0e:c2:f0:c0:05:4f:d6:\r\n 82:75:8c:bd:5f:d2:dc:76:9a:05:12:c9:af:72:c3:dc:25:7e:\r\n a4:4d:8e:17:a5:e0:87:7f:e1:9a:5a:e1:60:dc:64:23:3c:42:\r\n 2e:4d\r\nSHA1 Fingerprint=E0:AB:05:94:20:72:54:93:05:60:62:02:36:70:F7:CD:2E:FC:66:66\r\n\r\n\r\nddc328ff.0\r\nCertificate:\r\n Data:\r\n Version: 3 (0x2)\r\n Serial Number:\r\n 34:a4:ff:f6:30:af:4c:a5:3c:33:17:42:a1:94:66:75\r\n Signature Algorithm: sha1WithRSAEncryption\r\n Issuer: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Server CA\/emailAddress=server-certs@thawte.com\r\n Validity\r\n Not Before: Aug 1 00:00:00 1996 GMT\r\n Not After : Jan 1 23:59:59 2021 GMT\r\n Subject: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Server CA\/emailAddress=server-certs@thawte.com\r\n Subject Public Key Info:\r\n Public Key Algorithm: rsaEncryption\r\n Public-Key: (1024 bit)\r\n Modulus:\r\n 00:d3:a4:50:6e:c8:ff:56:6b:e6:cf:5d:b6:ea:0c:\r\n 68:75:47:a2:aa:c2:da:84:25:fc:a8:f4:47:51:da:\r\n 85:b5:20:74:94:86:1e:0f:75:c9:e9:08:61:f5:06:\r\n 6d:30:6e:15:19:02:e9:52:c0:62:db:4d:99:9e:e2:\r\n 6a:0c:44:38:cd:fe:be:e3:64:09:70:c5:fe:b1:6b:\r\n 29:b6:2f:49:c8:3b:d4:27:04:25:10:97:2f:e7:90:\r\n 6d:c0:28:42:99:d7:4c:43:de:c3:f5:21:6d:54:9f:\r\n 5d:c3:58:e1:c0:e4:d9:5b:b0:b8:dc:b4:7b:df:36:\r\n 3a:c2:b5:66:22:12:d6:87:0d\r\n Exponent: 65537 (0x10001)\r\n X509v3 extensions:\r\n X509v3 Basic Constraints: critical\r\n CA:TRUE\r\n Signature Algorithm: sha1WithRSAEncryption\r\n be:40:69:41:6f:c6:db:c1:a7:bf:07:c0:45:e4:d0:b5:43:1e:\r\n 4c:95:33:35:e9:5e:c2:3e:28:f6:a8:0d:50:d5:ff:e2:0c:0f:\r\n fc:50:02:8e:ae:91:b9:ad:34:8a:8d:9f:27:71:aa:19:cc:4b:\r\n e8:04:ca:d4:17:6b:12:1a:d6:c6:5f:d6:cd:5e:ff:89:76:bf:\r\n d8:48:d8:59:bd:08:8a:89:1d:57:cd:45:1e:52:ba:12:9a:84:\r\n fa:18:89:5f:e8:f9:30:35:6a:01:60:b9:99:80:83:85:0a:6e:\r\n da:f4:c9:8f:5e:73:2d:31:4a:63:a0:74:f2:1f:8b:22:d2:29:\r\n 3e:eb\r\nSHA1 Fingerprint=9F:AD:91:A6:CE:6A:C6:C5:00:47:C4:4E:C9:D4:A5:0D:92:D8:49:79<\/pre>\n","protected":false},"excerpt":{"rendered":"