1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
|
/*! \mainpage
README.certs
============
1. X.509 Certs and key files
----------------------------
In this directory you will find:
a) rootCA_cert.pem -- ECC root CA PEM file; almost 10 years valid
b) rootCA_key.pem -- encypted corresponding key file for signing - password 12345
c) rootCA_key.pem.plain -- unencypted corresponding key file for signing
e) ::1_cert.pem -- ECC IPv6 localhost PEM cert
f) ::1_key.pem -- encrypted corresponding key file for authentication - password testcert
g) ::1_key.pem.plain -- unencrypted corresponding key file for authentication
h) 127.0.0.1_cert.pem -- ECC IPv4 localhost PEM cert
i) 127.0.0.1_key.pem -- enrypted corresponding key file for authentication - password testcert
j) 127.0.0.1_key.pem.plain -- unencrypted corresponding key file for authentication
k) localhost_cert.pem -- ECC generic localhost PEM cert
l) localhost.pem -- encrypted corresponding key file for authentication - password testcert
m) localhost.pem -- unencrypted corresponding key file for authentication
n) chain6.pem -- chained ::1_cert.pam + rootCA_cert.pem
o) chain4.pem -- chained 127.0.0.1_cert.pam + rootCA_cert.pem
p) dh2048.pem -- Diffie-Hellman parameter file with 2048 bit
All x509 certs are generated by means of the ECC prime256v1 algorithm.
CA cert validity: About 10 years from September 2023.
Other certs valdity is about 5 years starting at September 2023.
2. Usage
--------
These x509 certs and key files are provided to allow an initial
setup and test of UCSPI-SSL's sslserver and companions.
The use of ECC signatures requires OpenSSL > 1.1.1 or LibreSSL > 3.3.1.
3. rootCA_cert.pem
------------------
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
2a:33:3a:76:03:ac:7a:0f:23:38:0a:5c:e3:43:f2:9d:74:9d:ae:99
Signature Algorithm: ecdsa-with-SHA256
Issuer: C = US, ST = New York, L = Brooklyn, O = ucspi-ssl research laboratory, CN = ucspi-ssl research ca
Validity
Not Before: Sep 20 13:04:38 2023 GMT
Not After : Oct 17 13:04:38 2033 GMT
Subject: C = US, ST = New York, L = Brooklyn, O = ucspi-ssl research laboratory, CN = ucspi-ssl research ca
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:74:87:e3:06:ee:44:a1:7b:4c:ca:d4:d9:13:fa:
d2:8a:4c:08:42:84:ae:3f:f9:97:9d:c2:49:48:ad:
0f:3d:ba:c2:26:df:28:22:45:63:7c:fe:28:b1:e1:
90:1d:33:4f:62:3f:b0:ff:0c:04:52:0b:75:1b:6b:
72:76:a1:00:07
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Subject Key Identifier:
A5:33:0C:F4:15:5B:BD:10:6A:71:A2:79:EB:00:77:8C:7A:30:35:83
X509v3 Authority Key Identifier:
keyid:A5:33:0C:F4:15:5B:BD:10:6A:71:A2:79:EB:00:77:8C:7A:30:35:83
X509v3 Basic Constraints: critical
CA:TRUE
Signature Algorithm: ecdsa-with-SHA256
30:45:02:21:00:99:53:0a:1c:5f:b2:1c:80:c0:05:17:05:f7:
75:96:28:87:bd:c3:d5:ca:2f:bf:a4:17:5e:66:ac:bb:4f:68:
50:02:20:37:25:2a:62:2e:5d:31:8f:d7:71:3a:4d:b9:39:6b:
f8:02:5a:50:7b:c9:74:33:11:57:24:a9:2b:7a:39:37:b6
-----BEGIN CERTIFICATE-----
MIICSzCCAfGgAwIBAgIUKjM6dgOseg8jOApc40PynXSdrpkwCgYIKoZIzj0EAwIw
ezELMAkGA1UEBhMCVVMxETAPBgNVBAgTCE5ldyBZb3JrMREwDwYDVQQHEwhCcm9v
a2x5bjEmMCQGA1UEChMddWNzcGktc3NsIHJlc2VhcmNoIGxhYm9yYXRvcnkxHjAc
BgNVBAMTFXVjc3BpLXNzbCByZXNlYXJjaCBjYTAeFw0yMzA5MjAxMzA0MzhaFw0z
MzEwMTcxMzA0MzhaMHsxCzAJBgNVBAYTAlVTMREwDwYDVQQIEwhOZXcgWW9yazER
MA8GA1UEBxMIQnJvb2tseW4xJjAkBgNVBAoTHXVjc3BpLXNzbCByZXNlYXJjaCBs
YWJvcmF0b3J5MR4wHAYDVQQDExV1Y3NwaS1zc2wgcmVzZWFyY2ggY2EwWTATBgcq
hkjOPQIBBggqhkjOPQMBBwNCAAR0h+MG7kShe0zK1NkT+tKKTAhChK4/+ZedwklI
rQ89usIm3ygiRWN8/iix4ZAdM09iP7D/DARSC3Uba3J2oQAHo1MwUTAdBgNVHQ4E
FgQUpTMM9BVbvRBqcaJ56wB3jHowNYMwHwYDVR0jBBgwFoAUpTMM9BVbvRBqcaJ5
6wB3jHowNYMwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAgNIADBFAiEAmVMK
HF+yHIDABRcF93WWKIe9w9XKL7+kF15mrLtPaFACIDclKmIuXTGP13E6Tbk5a/gC
WlB7yXQzEVckqSt6OTe2
-----END CERTIFICATE-----
4. ::1_cert.pem
---------------
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
06:d5:47:e8:f3:8c:9e:62:65:2f:21:f4:32:e5:09:be:92:ad:4f:2f
Signature Algorithm: ecdsa-with-SHA256
Issuer: C = US, ST = New York, L = Brooklyn, O = ucspi-ssl research laboratory, CN = loopback
Validity
Not Before: Sep 20 13:05:52 2023 GMT
Not After : Dec 2 13:05:52 2028 GMT
Subject: C = US, ST = New York, L = Brooklyn, O = ucspi-ssl research laboratory, CN = loopback
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:2c:04:f7:2e:0a:84:7f:26:b2:e2:02:6c:b4:c4:
9a:83:89:fa:a9:62:16:f8:0e:25:4d:2d:9c:a1:37:
4a:a4:3a:ee:42:ef:b8:31:4f:e1:94:94:c8:f1:1b:
ed:60:fc:04:ed:0b:e7:eb:db:93:ad:05:24:38:04:
88:df:bb:4c:30
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage:
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 Subject Alternative Name:
IP Address:0:0:0:0:0:0:0:1, DNS:localhost
X509v3 Authority Key Identifier:
DirName:/C=US/ST=New York/L=Brooklyn/O=ucspi-ssl research laboratory/CN=loopback
serial:06:D5:47:E8:F3:8C:9E:62:65:2F:21:F4:32:E5:09:BE:92:AD:4F:2F
Signature Algorithm: ecdsa-with-SHA256
30:45:02:21:00:84:ca:6c:81:c7:cf:aa:43:c5:cf:e3:95:7c:
43:a7:09:3e:9a:b5:e4:ae:e8:55:a5:da:3f:6e:53:37:95:dc:
ea:02:20:35:83:1c:1b:bd:8e:9e:8c:eb:be:88:0e:a9:c1:23:
00:d3:97:e7:ca:ea:cd:75:00:9b:89:2c:7f:89:ca:ac:cf
-----BEGIN CERTIFICATE-----
MIICzzCCAnWgAwIBAgIUBtVH6POMnmJlLyH0MuUJvpKtTy8wCgYIKoZIzj0EAwIw
bjELMAkGA1UEBhMCVVMxETAPBgNVBAgTCE5ldyBZb3JrMREwDwYDVQQHEwhCcm9v
a2x5bjEmMCQGA1UEChMddWNzcGktc3NsIHJlc2VhcmNoIGxhYm9yYXRvcnkxETAP
BgNVBAMTCGxvb3BiYWNrMB4XDTIzMDkyMDEzMDU1MloXDTI4MTIwMjEzMDU1Mlow
bjELMAkGA1UEBhMCVVMxETAPBgNVBAgTCE5ldyBZb3JrMREwDwYDVQQHEwhCcm9v
a2x5bjEmMCQGA1UEChMddWNzcGktc3NsIHJlc2VhcmNoIGxhYm9yYXRvcnkxETAP
BgNVBAMTCGxvb3BiYWNrMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAELAT3LgqE
fyay4gJstMSag4n6qWIW+A4lTS2coTdKpDruQu+4MU/hlJTI8RvtYPwE7Qvn69uT
rQUkOASI37tMMKOB8DCB7TAJBgNVHRMEAjAAMAsGA1UdDwQEAwIFoDATBgNVHSUE
DDAKBggrBgEFBQcDATAmBgNVHREEHzAdhxAAAAAAAAAAAAAAAAAAAAABgglsb2Nh
bGhvc3QwgZUGA1UdIwSBjTCBiqFypHAwbjELMAkGA1UEBhMCVVMxETAPBgNVBAgT
CE5ldyBZb3JrMREwDwYDVQQHEwhCcm9va2x5bjEmMCQGA1UEChMddWNzcGktc3Ns
IHJlc2VhcmNoIGxhYm9yYXRvcnkxETAPBgNVBAMTCGxvb3BiYWNrghQG1Ufo84ye
YmUvIfQy5Qm+kq1PLzAKBggqhkjOPQQDAgNIADBFAiEAhMpsgcfPqkPFz+OVfEOn
CT6ateSu6FWl2j9uUzeV3OoCIDWDHBu9jp6M676IDqnBIwDTl+fK6s11AJuJLH+J
yqzP
-----END CERTIFICATE-----
5. 127.0.0.1_cert.pem
---------------------
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
75:01:d6:e2:c8:06:cb:69:ab:1f:c0:78:db:5f:00:2b:ca:c3:70:3c
Signature Algorithm: ecdsa-with-SHA256
Issuer: C = US, ST = New York, L = Brooklyn, O = ucspi-ssl research laboratory, CN = loopback
Validity
Not Before: Sep 20 13:05:14 2023 GMT
Not After : Dec 2 13:05:14 2028 GMT
Subject: C = US, ST = New York, L = Brooklyn, O = ucspi-ssl research laboratory, CN = loopback
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:98:39:f8:09:02:bd:81:7b:1d:4f:23:34:2e:b0:
5c:97:b7:77:98:bd:d7:8a:ed:d7:d0:48:25:c1:ff:
a6:a4:97:8f:fc:56:00:04:9b:14:ba:3f:db:d3:76:
d4:53:07:63:20:61:fb:c6:88:fa:09:06:b9:7f:85:
d2:cf:7a:28:00
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage:
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 Subject Alternative Name:
IP Address:127.0.0.1, DNS:localhost
X509v3 Authority Key Identifier:
DirName:/C=US/ST=New York/L=Brooklyn/O=ucspi-ssl research laboratory/CN=loopback
serial:75:01:D6:E2:C8:06:CB:69:AB:1F:C0:78:DB:5F:00:2B:CA:C3:70:3C
Signature Algorithm: ecdsa-with-SHA256
30:44:02:20:5b:38:50:24:5e:1f:43:d4:24:ad:eb:8d:43:ec:
db:2b:f5:04:bb:78:0a:f1:30:b0:5e:6d:69:6c:dd:00:57:9f:
02:20:2b:b1:26:72:21:0f:ce:72:9a:5d:77:13:07:c9:fd:37:
04:14:bc:c0:da:33:49:6a:a4:4d:17:c8:48:04:36:a0
-----BEGIN CERTIFICATE-----
MIICwjCCAmmgAwIBAgIUdQHW4sgGy2mrH8B4218AK8rDcDwwCgYIKoZIzj0EAwIw
bjELMAkGA1UEBhMCVVMxETAPBgNVBAgTCE5ldyBZb3JrMREwDwYDVQQHEwhCcm9v
a2x5bjEmMCQGA1UEChMddWNzcGktc3NsIHJlc2VhcmNoIGxhYm9yYXRvcnkxETAP
BgNVBAMTCGxvb3BiYWNrMB4XDTIzMDkyMDEzMDUxNFoXDTI4MTIwMjEzMDUxNFow
bjELMAkGA1UEBhMCVVMxETAPBgNVBAgTCE5ldyBZb3JrMREwDwYDVQQHEwhCcm9v
a2x5bjEmMCQGA1UEChMddWNzcGktc3NsIHJlc2VhcmNoIGxhYm9yYXRvcnkxETAP
BgNVBAMTCGxvb3BiYWNrMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEmDn4CQK9
gXsdTyM0LrBcl7d3mL3Xiu3X0Eglwf+mpJeP/FYABJsUuj/b03bUUwdjIGH7xoj6
CQa5f4XSz3ooAKOB5DCB4TAJBgNVHRMEAjAAMAsGA1UdDwQEAwIFoDATBgNVHSUE
DDAKBggrBgEFBQcDATAaBgNVHREEEzARhwR/AAABgglsb2NhbGhvc3QwgZUGA1Ud
IwSBjTCBiqFypHAwbjELMAkGA1UEBhMCVVMxETAPBgNVBAgTCE5ldyBZb3JrMREw
DwYDVQQHEwhCcm9va2x5bjEmMCQGA1UEChMddWNzcGktc3NsIHJlc2VhcmNoIGxh
Ym9yYXRvcnkxETAPBgNVBAMTCGxvb3BiYWNrghR1AdbiyAbLaasfwHjbXwArysNw
PDAKBggqhkjOPQQDAgNHADBEAiBbOFAkXh9D1CSt641D7Nsr9QS7eArxMLBebWls
3QBXnwIgK7EmciEPznKaXXcTB8n9NwQUvMDaM0lqpE0XyEgENqA=
-----END CERTIFICATE-----
6. localhost_cert.pem
---------------------
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
7a:6a:2a:23:7c:b4:99:26:bd:19:ee:88:72:b4:1c:8e:4d:3b:5a:40
Signature Algorithm: ecdsa-with-SHA256
Issuer: C = US, ST = New York, L = Brooklyn, O = ucspi-ssl research laboratory, CN = localhost
Validity
Not Before: Sep 20 13:06:24 2023 GMT
Not After : Dec 2 13:06:24 2028 GMT
Subject: C = US, ST = New York, L = Brooklyn, O = ucspi-ssl research laboratory, CN = localhost
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:13:bc:51:f1:ce:42:39:a5:da:fd:81:e7:4d:03:
fd:3d:93:9d:63:ce:d7:32:0c:1b:c1:f3:1a:43:84:
f4:c5:db:79:c9:7e:e5:3d:ad:de:ca:66:fd:f5:a7:
1c:80:18:20:b6:c6:b1:18:76:30:0a:3f:5f:ac:ca:
a4:90:d4:8b:b0
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage:
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Subject Alternative Name:
DNS:localhost, IP Address:0.0.0.0, IP Address:0:0:0:0:0:0:0:0
X509v3 Authority Key Identifier:
DirName:/C=US/ST=New York/L=Brooklyn/O=ucspi-ssl research laboratory/CN=localhost
serial:7A:6A:2A:23:7C:B4:99:26:BD:19:EE:88:72:B4:1C:8E:4D:3B:5A:40
Signature Algorithm: ecdsa-with-SHA256
30:45:02:20:71:4c:08:c1:2a:7e:31:a9:33:5a:92:cb:da:81:
85:ed:74:66:38:f8:5b:f1:55:1c:e4:bb:ba:3e:4e:83:76:fb:
02:21:00:d3:82:51:6f:87:b0:32:14:1e:e0:f0:8c:43:cf:1c:
f2:2b:ca:70:a9:d3:26:55:00:91:94:29:87:06:8d:3e:3e
-----BEGIN CERTIFICATE-----
MIIC2DCCAn6gAwIBAgIUemoqI3y0mSa9Ge6IcrQcjk07WkAwCgYIKoZIzj0EAwIw
bzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCE5ldyBZb3JrMREwDwYDVQQHEwhCcm9v
a2x5bjEmMCQGA1UEChMddWNzcGktc3NsIHJlc2VhcmNoIGxhYm9yYXRvcnkxEjAQ
BgNVBAMTCWxvY2FsaG9zdDAeFw0yMzA5MjAxMzA2MjRaFw0yODEyMDIxMzA2MjRa
MG8xCzAJBgNVBAYTAlVTMREwDwYDVQQIEwhOZXcgWW9yazERMA8GA1UEBxMIQnJv
b2tseW4xJjAkBgNVBAoTHXVjc3BpLXNzbCByZXNlYXJjaCBsYWJvcmF0b3J5MRIw
EAYDVQQDEwlsb2NhbGhvc3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQTvFHx
zkI5pdr9gedNA/09k51jztcyDBvB8xpDhPTF23nJfuU9rd7KZv31pxyAGCC2xrEY
djAKP1+syqSQ1Iuwo4H3MIH0MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgWgMBMGA1Ud
JQQMMAoGCCsGAQUFBwMCMCwGA1UdEQQlMCOCCWxvY2FsaG9zdIcEAAAAAIcQAAAA
AAAAAAAAAAAAAAAAADCBlgYDVR0jBIGOMIGLoXOkcTBvMQswCQYDVQQGEwJVUzER
MA8GA1UECBMITmV3IFlvcmsxETAPBgNVBAcTCEJyb29rbHluMSYwJAYDVQQKEx11
Y3NwaS1zc2wgcmVzZWFyY2ggbGFib3JhdG9yeTESMBAGA1UEAxMJbG9jYWxob3N0
ghR6aiojfLSZJr0Z7ohytByOTTtaQDAKBggqhkjOPQQDAgNIADBFAiBxTAjBKn4x
qTNaksvagYXtdGY4+FvxVRzku7o+ToN2+wIhANOCUW+HsDIUHuDwjEPPHPIrynCp
0yZVAJGUKYcGjT4+
-----END CERTIFICATE-----
|
