Suspect CA Certificates on the Sony Xperia Z5 Compact (E5823)
I got curious today about the CA certificates present on my current phone, the Sony Xperia Z5 Compact (E5823), running Android 5.1.1.
It turns out it’s pretty easy to pull the CA certs from an Android device (even easier than before). Assuming you have adb set up and working with your device already:
$ adb pull /system/etc/security/cacerts cacerts
The certificates are now stored in standard PEM format, so they’re super easy to use in formats we want. I’m running an Ubuntu 15.10 system currently, so I’m using that as a baseline to ‘diff’ the Android CA certs against (using an admittedly cursory check to just match the first line of the cert):
$ for i in cacerts/* ; do if ! $(grep -q $(sed -n 2p $i) /etc/ssl/certs/ca-certificates.crt) ; then echo $i ; fi ; done
This turned up a list of six root certificates trusted by my phone that aren’t trusted by my desktop:
2fb1850a.0
73da149b.0
bda4cc84.0
c33a80d4.0
ddc328ff.0
In order to find out what these six CA certificates represent to be, we repeat the previous command (!!) piped into openssl to decode them into human-readable format:
$ !! | while read line ; do echo $line ; openssl x509 -in $line -text -sha1 -fingerprint -noout ; echo ; echo ; done
After some research, it turns out that four of these certificates were removed from the Android source tree in October, 2015, and another earlier in June, 2015, all of which were part of efforts to eliminate 1024-bit RSA keys, but the changes haven’t made it to my device yet. Ah, the joys of the Android update distribution model.
However, one certificate remains unaccounted for: C=JP, O=Sony Computer Entertainment Inc., CN=SCEI DNAS Root 05, SHA1 Fingerprint=F2:29:23:F2:18:BA:B9:CD:96:6A:1F:DE:A3:C0:F4:34:B8:66:3A:22. I find it somewhat odd that, as of the time of this writing, there are no Google search results for that SHA1 fingerprint, though “SCEI DNAS Root 05” does turn up some results. One may easily surmise this is Sony’s own CA. It’s all well and good that they don’t want to buy expensive certificates for their numerous proprietary services that only their devices will use, but I do take issue with this approach, since it exposes the rest of the system—native components and third-party apps—to MITM attacks once their CA is compromised. (I know that its subsidiaries operate with quite a bit of independence, but Sony hasn’t engendered great trust in their digital security.)
For those who are curious, the list was as follows, with some commentary for each:
0d188d89.0 Certificate: Data: Version: 3 (0x2) Serial Number: 44:99:8d:3c:c0:03:27:bd:9c:76:95:b9:ea:db:ac:b5 Signature Algorithm: sha1WithRSAEncryption Issuer: C=TR, O=Elektronik Bilgi Guvenligi A.S., CN=e-Guven Kok Elektronik Sertifika Hizmet Saglayicisi Validity Not Before: Jan 4 11:32:48 2007 GMT Not After : Jan 4 11:32:48 2017 GMT Subject: C=TR, O=Elektronik Bilgi Guvenligi A.S., CN=e-Guven Kok Elektronik Sertifika Hizmet Saglayicisi Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:c3:12:20:9e:b0:5e:00:65:8d:4e:46:bb:80:5c: e9:2c:06:97:d5:f3:72:c9:70:b9:e7:4b:65:80:c1: 4b:be:7e:3c:d7:54:31:94:de:d5:12:ba:53:16:02: ea:58:63:ef:5b:d8:f3:ed:2a:1a:aa:71:48:a3:dc: 10:2d:5f:5f:eb:5c:4b:9c:96:08:42:25:28:11:cc: 8a:5a:62:01:50:d5:eb:09:53:2f:f8:c3:8f:fe:b3: fc:fd:9d:a2:e3:5f:7d:be:ed:0b:e0:60:eb:69:ec: 33:ed:d8:8d:fb:12:49:83:00:c9:8b:97:8c:3b:73: 2a:32:b3:12:f7:b9:4d:f2:f4:4d:6d:c7:e6:d6:26: 37:08:f2:d9:fd:6b:5c:a3:e5:48:5c:58:bc:42:be: 03:5a:81:ba:1c:35:0c:00:d3:f5:23:7e:71:30:08: 26:38:dc:25:11:47:2d:f3:ba:23:10:a5:bf:bc:02: f7:43:5e:c7:fe:b0:37:50:99:7b:0f:93:ce:e6:43: 2c:c3:7e:0d:f2:1c:43:66:60:cb:61:31:47:87:a3: 4f:ae:bd:56:6c:4c:bc:bc:f8:05:ca:64:f4:e9:34: a1:2c:b5:73:e1:c2:3e:e8:c8:c9:34:25:08:5c:f3: ed:a6:c7:94:9f:ad:88:43:25:d7:e1:39:60:fe:ac: 39:59 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE X509v3 Subject Key Identifier: 9F:EE:44:B3:94:D5:FA:91:4F:2E:D9:55:9A:04:56:DB:2D:C4:DB:A5 Signature Algorithm: sha1WithRSAEncryption 7f:5f:b9:53:5b:63:3d:75:32:e7:fa:c4:74:1a:cb:46:df:46: 69:1c:52:cf:aa:4f:c2:68:eb:ff:80:a9:51:e8:3d:62:77:89: 3d:0a:75:39:f1:6e:5d:17:87:6f:68:05:c1:94:6c:d9:5d:df: da:b2:59:cb:a5:10:8a:ca:cc:39:cd:9f:eb:4e:de:52:ff:0c: f0:f4:92:a9:f2:6c:53:ab:9b:d2:47:a0:1f:74:f7:9b:9a:f1: 2f:15:9f:7a:64:30:18:07:3c:2a:0f:67:ca:fc:0f:89:61:9d: 65:a5:3c:e5:bc:13:5b:08:db:e3:ff:ed:bb:06:bb:6a:06:b1: 7a:4f:65:c6:82:fd:1e:9c:8b:b5:0d:ee:48:bb:b8:bd:aa:08: b4:fb:a3:7c:cb:9f:cd:90:76:5c:86:96:78:57:0a:66:f9:58: 1a:9d:fd:97:29:60:de:11:a6:90:1c:19:1c:ee:01:96:22:34: 34:2e:91:f9:b7:c4:27:d1:7b:e6:bf:fb:80:44:5a:16:e5:eb: e0:d4:0a:38:bc:e4:91:e3:d5:eb:5c:c1:ac:df:1b:6a:7c:9e: e5:75:d2:b6:97:87:db:cc:87:2b:43:3a:84:08:af:ab:3c:db: f7:3c:66:31:86:b0:9d:53:79:ed:f8:23:de:42:e3:2d:82:f1: 0f:e5:fa:97 SHA1 Fingerprint=DD:E1:D2:A9:01:80:2E:1D:87:5E:84:B3:80:7E:4B:B1:FD:99:41:34
This certificate does match that presented by E-Guven, but investigating its SHA-1 fingerprint uncovered a series of pages explaining why the e-Guven CA Certificatee-Guven CA Certificate will no longer be trusted. Google must have missed the memo (or they’re just more trusting than the folks at Mozilla).
2fb1850a.0 Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, O=America Online Inc., CN=America Online Root Certification Authority 2 Validity Not Before: May 28 06:00:00 2002 GMT Not After : Sep 29 14:08:00 2037 GMT Subject: C=US, O=America Online Inc., CN=America Online Root Certification Authority 2 Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (4096 bit) Modulus: 00:cc:41:45:1d:e9:3d:4d:10:f6:8c:b1:41:c9:e0: 5e:cb:0d:b7:bf:47:73:d3:f0:55:4d:dd:c6:0c:fa: b1:66:05:6a:cd:78:b4:dc:02:db:4e:81:f3:d7:a7: 7c:71:bc:75:63:a0:5d:e3:07:0c:48:ec:25:c4:03: 20:f4:ff:0e:3b:12:ff:9b:8d:e1:c6:d5:1b:b4:6d: 22:e3:b1:db:7f:21:64:af:86:bc:57:22:2a:d6:47: 81:57:44:82:56:53:bd:86:14:01:0b:fc:7f:74:a4: 5a:ae:f1:ba:11:b5:9b:58:5a:80:b4:37:78:09:33: 7c:32:47:03:5c:c4:a5:83:48:f4:57:56:6e:81:36: 27:18:4f:ec:9b:28:c2:d4:b4:d7:7c:0c:3e:0c:2b: df:ca:04:d7:c6:8e:ea:58:4e:a8:a4:a5:18:1c:6c: 45:98:a3:41:d1:2d:d2:c7:6d:8d:19:f1:ad:79:b7: 81:3f:bd:06:82:27:2d:10:58:05:b5:78:05:b9:2f: db:0c:6b:90:90:7e:14:59:38:bb:94:24:13:e5:d1: 9d:14:df:d3:82:4d:46:f0:80:39:52:32:0f:e3:84: b2:7a:43:f2:5e:de:5f:3f:1d:dd:e3:b2:1b:a0:a1: 2a:23:03:6e:2e:01:15:87:5c:a6:75:75:c7:97:61: be:de:86:dc:d4:48:db:bd:2a:bf:4a:55:da:e8:7d: 50:fb:b4:80:17:b8:94:bf:01:3d:ea:da:ba:7c:e0: 58:67:17:b9:58:e0:88:86:46:67:6c:9d:10:47:58: 32:d0:35:7c:79:2a:90:a2:5a:10:11:23:35:ad:2f: cc:e4:4a:5b:a7:c8:27:f2:83:de:5e:bb:5e:77:e7: e8:a5:6e:63:c2:0d:5d:61:d0:8c:d2:6c:5a:21:0e: ca:28:a3:ce:2a:e9:95:c7:48:cf:96:6f:1d:92:25: c8:c6:c6:c1:c1:0c:05:ac:26:c4:d2:75:d2:e1:2a: 67:c0:3d:5b:a5:9a:eb:cf:7b:1a:a8:9d:14:45:e5: 0f:a0:9a:65:de:2f:28:bd:ce:6f:94:66:83:48:29: d8:ea:65:8c:af:93:d9:64:9f:55:57:26:bf:6f:cb: 37:31:99:a3:60:bb:1c:ad:89:34:32:62:b8:43:21: 06:72:0c:a1:5c:6d:46:c5:fa:29:cf:30:de:89:dc: 71:5b:dd:b6:37:3e:df:50:f5:b8:07:25:26:e5:bc: b5:fe:3c:02:b3:b7:f8:be:43:c1:87:11:94:9e:23: 6c:17:8a:b8:8a:27:0c:54:47:f0:a9:b3:c0:80:8c: a0:27:eb:1d:19:e3:07:8e:77:70:ca:2b:f4:7d:76: e0:78:67 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Subject Key Identifier: 4D:45:C1:68:38:BB:73:A9:69:A1:20:E7:ED:F5:22:A1:23:14:D7:9E X509v3 Authority Key Identifier: keyid:4D:45:C1:68:38:BB:73:A9:69:A1:20:E7:ED:F5:22:A1:23:14:D7:9E X509v3 Key Usage: critical Digital Signature, Certificate Sign, CRL Sign Signature Algorithm: sha1WithRSAEncryption 67:6b:06:b9:5f:45:3b:2a:4b:33:b3:e6:1b:6b:59:4e:22:cc: b9:b7:a4:25:c9:a7:c4:f0:54:96:0b:64:f3:b1:58:4f:5e:51: fc:b2:97:7b:27:65:c2:e5:ca:e7:0d:0c:25:7b:62:e3:fa:9f: b4:87:b7:45:46:af:83:a5:97:48:8c:a5:bd:f1:16:2b:9b:76: 2c:7a:35:60:6c:11:80:97:cc:a9:92:52:e6:2b:e6:69:ed:a9: f8:36:2d:2c:77:bf:61:48:d1:63:0b:b9:5b:52:ed:18:b0:43: 42:22:a6:b1:77:ae:de:69:c5:cd:c7:1c:a1:b1:a5:1c:10:fb: 18:be:1a:70:dd:c1:92:4b:be:29:5a:9d:3f:35:be:e5:7d:51: f8:55:e0:25:75:23:87:1e:5c:dc:ba:9d:b0:ac:b3:69:db:17: 83:c9:f7:de:0c:bc:08:dc:91:9e:a8:d0:d7:15:37:73:a5:35: b8:fc:7e:c5:44:40:06:c3:eb:f8:22:80:5c:47:ce:02:e3:11: 9f:44:ff:fd:9a:32:cc:7d:64:51:0e:eb:57:26:76:3a:e3:1e: 22:3c:c2:a6:36:dd:19:ef:a7:fc:12:f3:26:c0:59:31:85:4c: 9c:d8:cf:df:a4:cc:cc:29:93:ff:94:6d:76:5c:13:08:97:f2: ed:a5:0b:4d:dd:e8:c9:68:0e:66:d3:00:0e:33:12:5b:bc:95: e5:32:90:a8:b3:c6:6c:83:ad:77:ee:8b:7e:7e:b1:a9:ab:d3: e1:f1:b6:c0:b1:ea:88:c0:e7:d3:90:e9:28:92:94:7b:68:7b: 97:2a:0a:67:2d:85:02:38:10:e4:03:61:d4:da:25:36:c7:08: 58:2d:a1:a7:51:af:30:0a:49:f5:a6:69:87:07:2d:44:46:76: 8e:2a:e5:9a:3b:d7:18:a2:fc:9c:38:10:cc:c6:3b:d2:b5:17: 3a:6f:fd:ae:25:bd:f5:72:59:64:b1:74:2a:38:5f:18:4c:df: cf:71:04:5a:36:d4:bf:2f:99:9c:e8:d9:ba:b1:95:e6:02:4b: 21:a1:5b:d5:c1:4f:8f:ae:69:6d:53:db:01:93:b5:5c:1e:18: dd:64:5a:ca:18:28:3e:63:04:11:fd:1c:8d:00:0f:b8:37:df: 67:8a:9d:66:a9:02:6a:91:ff:13:ca:2f:5d:83:bc:87:93:6c: dc:24:51:16:04:25:66:fa:b3:d9:c2:ba:29:be:9a:48:38:82: 99:f4:bf:3b:4a:31:19:f9:bf:8e:21:33:14:ca:4f:54:5f:fb: ce:fb:8f:71:7f:fd:5e:19:a0:0f:4b:91:b8:c4:54:bc:06:b0: 45:8f:26:91:a2:8e:fe:a9 SHA1 Fingerprint=85:B5:FF:67:9B:0C:79:96:1F:C8:6E:44:22:00:46:13:DB:17:92:84
This and the other AOL cert below were removed from Mozilla’s trust at the end of 2014. I’m definitely not an Android system hacker, so I don’t claim to understand the Android source tree. As noted earlier, these certs (minus Sony’s) appear to have been removed from one place (platform/system/ca-certificates), but they’re still present in the platform/libcore2/luni/src/main/files/cacerts (maybe that’s some other branch?).
73da149b.0 Certificate: Data: Version: 3 (0x2) Serial Number: 0 (0x0) Signature Algorithm: sha1WithRSAEncryption Issuer: C=JP, O=Sony Computer Entertainment Inc., CN=SCEI DNAS Root 05 Validity Not Before: Jul 12 09:01:19 2004 GMT Not After : Dec 6 09:01:19 2037 GMT Subject: C=JP, O=Sony Computer Entertainment Inc., CN=SCEI DNAS Root 05 Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:d9:8f:7b:36:bc:3f:00:aa:94:8e:de:b0:e1:88: 92:84:84:4a:72:0d:83:bd:99:0f:75:2d:eb:78:f2: ed:27:68:b6:13:c8:bc:60:6a:55:95:98:90:8a:6a: 25:82:5d:d4:8e:0d:87:ff:c8:a5:74:02:40:bd:0f: 9c:92:eb:87:d0:41:7a:8c:2a:32:e7:f9:34:da:b7: 52:cf:34:22:18:ae:f4:2b:cd:10:01:0e:d7:c8:37: 38:55:75:4d:87:52:c1:0e:73:52:c9:37:dc:e5:1e: 23:b8:78:68:13:c3:55:c6:57:61:e1:ed:75:b3:cb: a9:ee:0a:f2:28:22:6a:7e:69:ae:b0:03:e5:2e:a1: db:cb:7c:68:09:be:a8:c5:91:a3:e6:d6:db:90:7f: f3:8d:57:c0:31:81:3f:bf:c8:c5:9b:fc:62:88:a8: ac:2a:3c:d0:25:58:7b:a9:46:a1:4d:3c:79:ea:90: 89:a1:c8:e7:30:05:db:cd:43:59:94:a8:55:f2:e3: 25:41:16:98:49:f1:aa:bf:1a:3a:1b:33:44:67:8f: 8b:e1:22:ed:44:23:1c:3b:99:5f:da:cb:84:32:35: cc:03:43:f8:10:36:e7:db:67:fe:2c:0e:a9:55:de: db:43:9c:70:99:65:1c:97:06:e0:47:26:77:df:1f: e6:a3 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: C6:56:A1:33:5B:4F:CE:83:77:62:05:44:86:6D:20:57:B5:AF:DA:DC X509v3 Authority Key Identifier: keyid:C6:56:A1:33:5B:4F:CE:83:77:62:05:44:86:6D:20:57:B5:AF:DA:DC DirName:/C=JP/O=Sony Computer Entertainment Inc./CN=SCEI DNAS Root 05 serial:00 X509v3 Basic Constraints: CA:TRUE Signature Algorithm: sha1WithRSAEncryption 09:93:e2:86:3c:17:03:6e:f0:27:4d:ed:10:a7:07:01:e1:4b: 8b:c6:81:c3:6c:ac:1f:81:b0:b8:7d:5d:59:bd:d4:a6:ec:e7: 58:e0:74:89:04:f5:c1:0a:1c:9c:41:58:08:9c:79:5c:51:27: 8f:86:8b:5a:94:87:2c:4a:bf:b1:23:be:9b:2f:9a:3e:84:c4: b3:2d:b4:6a:31:7e:60:b6:19:9b:46:d9:c4:7e:74:08:96:21: ae:41:13:e0:2d:9a:0b:45:ef:84:6a:7d:93:52:50:d6:8d:16: eb:e7:05:4f:92:d3:95:76:a9:b2:af:01:b6:dd:f5:b7:e5:c3: 3d:7e:d1:a8:65:78:58:67:a4:b7:78:4c:4f:bc:51:73:b2:56: 5d:d0:10:8a:32:2b:6d:88:bc:9a:d6:cc:d3:b2:84:1a:73:d4: e8:84:fc:0b:8e:fe:d2:64:ae:ae:9c:0b:3a:85:8b:d6:d3:e0: a3:a7:8f:a4:b3:62:73:8a:ae:50:c8:21:f5:15:d5:8d:e4:f2: 5c:e3:26:c9:87:5e:52:6d:a0:b7:ba:84:ae:f4:0e:36:58:be: e8:4a:66:86:6d:00:da:48:69:20:c1:d2:a5:08:d3:13:c8:15: ad:9a:78:d9:ae:be:ce:0d:62:63:2d:af:14:13:a6:89:0d:7b: 19:15:25:d0 SHA1 Fingerprint=F2:29:23:F2:18:BA:B9:CD:96:6A:1F:DE:A3:C0:F4:34:B8:66:3A:22 bda4cc84.0 Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, O=America Online Inc., CN=America Online Root Certification Authority 1 Validity Not Before: May 28 06:00:00 2002 GMT Not After : Nov 19 20:43:00 2037 GMT Subject: C=US, O=America Online Inc., CN=America Online Root Certification Authority 1 Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:a8:2f:e8:a4:69:06:03:47:c3:e9:2a:98:ff:19: a2:70:9a:c6:50:b2:7e:a5:df:68:4d:1b:7c:0f:b6: 97:68:7d:2d:a6:8b:97:e9:64:86:c9:a3:ef:a0:86: bf:60:65:9c:4b:54:88:c2:48:c5:4a:39:bf:14:e3: 59:55:e5:19:b4:74:c8:b4:05:39:5c:16:a5:e2:95: 05:e0:12:ae:59:8b:a2:33:68:58:1c:a6:d4:15:b7: d8:9f:d7:dc:71:ab:7e:9a:bf:9b:8e:33:0f:22:fd: 1f:2e:e7:07:36:ef:62:39:c5:dd:cb:ba:25:14:23: de:0c:c6:3d:3c:ce:82:08:e6:66:3e:da:51:3b:16: 3a:a3:05:7f:a0:dc:87:d5:9c:fc:72:a9:a0:7d:78: e4:b7:31:55:1e:65:bb:d4:61:b0:21:60:ed:10:32: 72:c5:92:25:1e:f8:90:4a:18:78:47:df:7e:30:37: 3e:50:1b:db:1c:d3:6b:9a:86:53:07:b0:ef:ac:06: 78:f8:84:99:fe:21:8d:4c:80:b6:0c:82:f6:66:70: 79:1a:d3:4f:a3:cf:f1:cf:46:b0:4b:0f:3e:dd:88: 62:b8:8c:a9:09:28:3b:7a:c7:97:e1:1e:e5:f4:9f: c0:c0:ae:24:a0:c8:a1:d9:0f:d6:7b:26:82:69:32: 3d:a7 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Subject Key Identifier: 00:AD:D9:A3:F6:79:F6:6E:74:A9:7F:33:3D:81:17:D7:4C:CF:33:DE X509v3 Authority Key Identifier: keyid:00:AD:D9:A3:F6:79:F6:6E:74:A9:7F:33:3D:81:17:D7:4C:CF:33:DE X509v3 Key Usage: critical Digital Signature, Certificate Sign, CRL Sign Signature Algorithm: sha1WithRSAEncryption 7c:8a:d1:1f:18:37:82:e0:b8:b0:a3:ed:56:95:c8:62:61:9c: 05:a2:cd:c2:62:26:61:cd:10:16:d7:cc:b4:65:34:d0:11:8a: ad:a8:a9:05:66:ef:74:f3:6d:5f:9d:99:af:f6:8b:fb:eb:52: b2:05:98:a2:6f:2a:c5:54:bd:25:bd:5f:ae:c8:86:ea:46:2c: c1:b3:bd:c1:e9:49:70:18:16:97:08:13:8c:20:e0:1b:2e:3a: 47:cb:1e:e4:00:30:95:5b:f4:45:a3:c0:1a:b0:01:4e:ab:bd: c0:23:6e:63:3f:80:4a:c5:07:ed:dc:e2:6f:c7:c1:62:f1:e3: 72:d6:04:c8:74:67:0b:fa:88:ab:a1:01:c8:6f:f0:14:af:d2: 99:cd:51:93:7e:ed:2e:38:c7:bd:ce:46:50:3d:72:e3:79:25: 9d:9b:88:2b:10:20:dd:a5:b8:32:9f:8d:e0:29:df:21:74:86: 82:db:2f:82:30:c6:c7:35:86:b3:f9:96:5f:46:db:0c:45:fd: f3:50:c3:6f:c6:c3:48:ad:46:a6:e1:27:47:0a:1d:0e:9b:b6: c2:77:7f:63:f2:e0:7d:1a:be:fc:e0:df:d7:c7:a7:6c:b0:f9: ae:ba:3c:fd:74:b4:11:e8:58:0d:80:bc:d3:a8:80:3a:99:ed: 75:cc:46:7b SHA1 Fingerprint=39:21:C1:15:C1:5D:0E:CA:5C:CB:5B:C4:F0:7D:21:D8:05:0B:56:6A c33a80d4.0 Certificate: Data: Version: 3 (0x2) Serial Number: 36:12:22:96:c5:e3:38:a5:20:a1:d2:5f:4c:d7:09:54 Signature Algorithm: sha1WithRSAEncryption Issuer: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA/emailAddress=premium-server@thawte.com Validity Not Before: Aug 1 00:00:00 1996 GMT Not After : Jan 1 23:59:59 2021 GMT Subject: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA/emailAddress=premium-server@thawte.com Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (1024 bit) Modulus: 00:d2:36:36:6a:8b:d7:c2:5b:9e:da:81:41:62:8f: 38:ee:49:04:55:d6:d0:ef:1c:1b:95:16:47:ef:18: 48:35:3a:52:f4:2b:6a:06:8f:3b:2f:ea:56:e3:af: 86:8d:9e:17:f7:9e:b4:65:75:02:4d:ef:cb:09:a2: 21:51:d8:9b:d0:67:d0:ba:0d:92:06:14:73:d4:93: cb:97:2a:00:9c:5c:4e:0c:bc:fa:15:52:fc:f2:44: 6e:da:11:4a:6e:08:9f:2f:2d:e3:f9:aa:3a:86:73: b6:46:53:58:c8:89:05:bd:83:11:b8:73:3f:aa:07: 8d:f4:42:4d:e7:40:9d:1c:37 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE Signature Algorithm: sha1WithRSAEncryption 65:90:ac:88:0f:56:d9:e6:30:34:d4:26:c7:d0:50:f1:92:de: 6b:d4:39:88:09:22:c6:a6:63:83:03:f7:99:77:d8:b2:e5:18: b8:5d:63:f3:d4:73:fb:6c:9c:99:78:f1:4b:78:7d:19:24:c3: 2b:02:84:f8:bc:22:d9:8a:22:d7:a0:fc:71:ec:91:87:20:f1: b8:ec:b1:e5:55:80:ac:3d:52:c8:39:0e:c2:f0:c0:05:4f:d6: 82:75:8c:bd:5f:d2:dc:76:9a:05:12:c9:af:72:c3:dc:25:7e: a4:4d:8e:17:a5:e0:87:7f:e1:9a:5a:e1:60:dc:64:23:3c:42: 2e:4d SHA1 Fingerprint=E0:AB:05:94:20:72:54:93:05:60:62:02:36:70:F7:CD:2E:FC:66:66 ddc328ff.0 Certificate: Data: Version: 3 (0x2) Serial Number: 34:a4:ff:f6:30:af:4c:a5:3c:33:17:42:a1:94:66:75 Signature Algorithm: sha1WithRSAEncryption Issuer: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Server CA/emailAddress=server-certs@thawte.com Validity Not Before: Aug 1 00:00:00 1996 GMT Not After : Jan 1 23:59:59 2021 GMT Subject: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Server CA/emailAddress=server-certs@thawte.com Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (1024 bit) Modulus: 00:d3:a4:50:6e:c8:ff:56:6b:e6:cf:5d:b6:ea:0c: 68:75:47:a2:aa:c2:da:84:25:fc:a8:f4:47:51:da: 85:b5:20:74:94:86:1e:0f:75:c9:e9:08:61:f5:06: 6d:30:6e:15:19:02:e9:52:c0:62:db:4d:99:9e:e2: 6a:0c:44:38:cd:fe:be:e3:64:09:70:c5:fe:b1:6b: 29:b6:2f:49:c8:3b:d4:27:04:25:10:97:2f:e7:90: 6d:c0:28:42:99:d7:4c:43:de:c3:f5:21:6d:54:9f: 5d:c3:58:e1:c0:e4:d9:5b:b0:b8:dc:b4:7b:df:36: 3a:c2:b5:66:22:12:d6:87:0d Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE Signature Algorithm: sha1WithRSAEncryption be:40:69:41:6f:c6:db:c1:a7:bf:07:c0:45:e4:d0:b5:43:1e: 4c:95:33:35:e9:5e:c2:3e:28:f6:a8:0d:50:d5:ff:e2:0c:0f: fc:50:02:8e:ae:91:b9:ad:34:8a:8d:9f:27:71:aa:19:cc:4b: e8:04:ca:d4:17:6b:12:1a:d6:c6:5f:d6:cd:5e:ff:89:76:bf: d8:48:d8:59:bd:08:8a:89:1d:57:cd:45:1e:52:ba:12:9a:84: fa:18:89:5f:e8:f9:30:35:6a:01:60:b9:99:80:83:85:0a:6e: da:f4:c9:8f:5e:73:2d:31:4a:63:a0:74:f2:1f:8b:22:d2:29: 3e:eb SHA1 Fingerprint=9F:AD:91:A6:CE:6A:C6:C5:00:47:C4:4E:C9:D4:A5:0D:92:D8:49:79