[cryptography] Microsoft Sub-CA used in malware signing

Marsh Ray marsh at extendedsubset.com
Wed Jun 6 14:04:03 EDT 2012


On 06/05/2012 07:21 AM, Douglas Pichardo wrote:
> The last link below [http://rmhrisk.wpengine.com/?p=52] points out that
> the sub-CA's were issued with constraints granting them:
> - License Server Verification (1.3.6.1.4.1.311.10.6.2)
> - Key Pack Licenses (1.3.6.1.4.1.311.10.6.1)
> - Code Signing (1.3.6.1.5.5.7.3.3)
>
> But I don't see any constraints at all listed in the MS.txt certificate
> you attached from
> [http://blog.crysys.hu/2012/06/the-flame-malware-wusetupv-exe-certificate-chain/].
>   Am I missing something here?

No you're not. There aren't any.

This is true not only for the evil cert, but also for Genuine 
Microsoft^TM Terminal Services License Server license certs. You can 
find examples with http://www.google.com/search?q="06+01+04+01+82+37+12"
Attached are a couple of examples found this way.

Ryan Hurst has more good detailed analyses on the MSTS licensing PKI 
goof based on a Genuine Microsoft^TM cert.
http://rmhrisk.wpengine.com/?p=57 and
http://rmhrisk.wpengine.com/?p=60

Marc Stevens and B.M.M. de Weger (of 
http://www.win.tue.nl/hashclash/rogue-ca/) have been looking at the 
collision in the evil CN=MS cert. I'm sure they'll have a full report at 
some point. Until then, they have said this:
> [We] have confirmed that flame uses a yet unknown md5 chosen-prefix
> collision attack. We are interested in other possible certs based
> on this md5 coll attack for further analysis. I am now analyzing
> their chosen-prefix collision attack in more detail, (more examples
> would greatly help) and trying to write up some results and
> conclusions to make a more detailed statement. The collision
> attack itself is very interesting from a scientific viewpoint
> and there are already some practical implications.

Didier Stevens has posted the full chain at
> http://blog.didierstevens.com/2012/06/06/flame-authenticode-dumps-kb2718704/

There is a mystery cert "CN=TLS Server" in the executable. It does not 
appear to have a tumor. It's attached here. Perhaps someone can figure 
out what it's for.

- Marsh

P.S. The first couple of 64-byte blocks here are the tumor. For some 
reason, it does not show up with 'openssl x509 -text' or even 'openssl 
asn1parse -dump'.

>   500:d=2  hl=4 l= 888 prim:   cont [ 1 ]
> 		dd if=MS.der bs=1 skip=500 count=888 | hd
> 		00000000  81 82 03 78 00 6a 4c e0 1f f5 91 69 b2 74 36 f0  |...x.jL....i.t6.|
> 		00000010  7f 7b 4b 7b c6 be eb 3f 9f 98 3d a3 84 87 54 7e  |.{K{...?..=...T~|
> 		00000020  72 87 71 25 4b 68 35 ae 65 bd 6c 8f dc 8d ac c4  |r.q%Kh5.e.l.....|
> 		00000030  e8 98 92 de dc 53 62 f5 72 6a 25 27 a3 12 46 eb  |.....Sb.rj%'..F.|
> 		00000040  7f 6d 58 cd 30 83 d7 7a 85 b8 48 e6 0e 01 11 68  |.mX.0..z..H....h|
> 		00000050  65 7d 53 38 0b 40 f4 3b 68 43 59 c1 3c 05 c3 40  |e}S8. at .;hCY.<..@|
> 		00000060  26 9d 51 97 e2 eb 2e b8 c2 19 6e 4e 94 46 3b d8  |&.Q.......nN.F;.|
> 		00000070  d4 fd 0d 00 d1 68 fa df f3 fa 18 8a 7c 65 9b da  |.....h......|e..|
> 		00000080  23 11 9f 16 a6 8b 23 24 88 87 22 69 19 c2 11 ea  |#.....#$.."i....|
> 		00000090  9d 36 81 ad fb e8 8b d2 d0 eb 06 f2 1a 86 8d c6  |.6..............|
> 		000000a0  84 f3 88 c5 e0 d9 64 c6 48 95 d4 be d3 54 48 91  |......d.H....TH.|
> 		000000b0  e6 6c e9 1e 33 97 15 42 ee b4 6d 1f 15 0b 27 dd  |.l..3..B..m...'.|
> 		000000c0  08 bb 81 de b6 96 16 39 d9 26 44 6a 5f d1 6b 3f  |.......9.&Dj_.k?|
> 		000000d0  12 71 dc f0 99 62 d2 43 14 58 f8 6e f8 22 35 d2  |.q...b.C.X.n."5.|
> 		000000e0  90 f7 fd 93 6a c4 49 b8 cb 0c e9 65 a8 f7 22 b5  |....j.I....e..".|
> 		000000f0  f2 05 19 20 ef 25 63 c7 b3 97 4a 82 3e b2 e3 ee  |... .%c...J.>...|
> 		00000100  b4 5e cb 1d b3 59 8f 8d f4 79 01 b1 b6 68 89 14  |.^...Y...y...h..|
> 		00000110  b4 8f 9d 60 d7 71 a5 3d 95 02 03 01 00 01 a3 82  |...`.q.=........|
> 		00000120  02 5a 30 82 02 56 30 1d 06 03 55 1d 0e 04 16 04  |.Z0..V0...U.....|
> 		00000130  14 9a 9a 5d 77 bd 84 66 a4 f1 de 18 10 1b 6e 67  |...]w..f......ng|
> 		00000140  a5 97 c1 14 87 30 1f 06 03 55 1d 23 04 18 30 16  |.....0...U.#..0.|
> 		00000150  80 14 75 e8 03 58 5d fb 65 e4 d9 a6 ac 17 b6 03  |..u..X].e.......|
> 		00000160  7e 47 ad 2e 81 af 30 81 c2 06 03 55 1d 1f 04 81  |~G....0....U....|
> 		00000170  ba 30 81 b7 30 81 b4 a0 81 b1 a0 81 ae 86 56 68  |.0..0.........Vh|
> 		00000180  74 74 70 3a 2f 2f 74 6b 78 70 61 73 72 76 33 36  |ttp://tkxpasrv36|
> 		00000190  2e 70 61 72 74 6e 65 72 73 2e 65 78 74 72 61 6e  |.partners.extran|
> 		000001a0  65 74 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d  |et.microsoft.com|
> 		000001b0  2f 43 65 72 74 45 6e 72 6f 6c 6c 2f 4d 69 63 72  |/CertEnroll/Micr|
> 		000001c0  6f 73 6f 66 74 25 32 30 4c 53 52 41 25 32 30 50  |osoft%20LSRA%20P|
> 		000001d0  41 2e 63 72 6c 86 54 66 69 6c 65 3a 2f 2f 5c 5c  |A.crl.Tfile://\\|
> 		000001e0  74 6b 78 70 61 73 72 76 33 36 2e 70 61 72 74 6e  |tkxpasrv36.partn|
> 		000001f0  65 72 73 2e 65 78 74 72 61 6e 65 74 2e 6d 69 63  |ers.extranet.mic|
> 		00000200  72 6f 73 6f 66 74 2e 63 6f 6d 5c 43 65 72 74 45  |rosoft.com\CertE|
> 		00000210  6e 72 6f 6c 6c 5c 4d 69 63 72 6f 73 6f 66 74 20  |nroll\Microsoft |
> 		00000220  4c 53 52 41 20 50 41 2e 63 72 6c 30 82 01 31 06  |LSRA PA.crl0..1.|
> 		00000230  08 2b 06 01 05 05 07 01 01 04 82 01 23 30 82 01  |.+..........#0..|
> 		00000240  1f 30 81 8e 06 08 2b 06 01 05 05 07 30 02 86 81  |.0....+.....0...|
> 		00000250  81 68 74 74 70 3a 2f 2f 74 6b 78 70 61 73 72 76  |.http://tkxpasrv|
> 		00000260  33 36 2e 70 61 72 74 6e 65 72 73 2e 65 78 74 72  |36.partners.extr|
> 		00000270  61 6e 65 74 2e 6d 69 63 72 6f 73 6f 66 74 2e 63  |anet.microsoft.c|
> 		00000280  6f 6d 2f 43 65 72 74 45 6e 72 6f 6c 6c 2f 74 6b  |om/CertEnroll/tk|
> 		00000290  78 70 61 73 72 76 33 36 2e 70 61 72 74 6e 65 72  |xpasrv36.partner|
> 		000002a0  73 2e 65 78 74 72 61 6e 65 74 2e 6d 69 63 72 6f  |s.extranet.micro|
> 		000002b0  73 6f 66 74 2e 63 6f 6d 5f 4d 69 63 72 6f 73 6f  |soft.com_Microso|
> 		000002c0  66 74 25 32 30 4c 53 52 41 25 32 30 50 41 2e 63  |ft%20LSRA%20PA.c|
> 		000002d0  72 74 30 81 8b 06 08 2b 06 01 05 05 07 30 02 86  |rt0....+.....0..|
> 		000002e0  7f 66 69 6c 65 3a 2f 2f 5c 5c 74 6b 78 70 61 73  |.file://\\tkxpas|
> 		000002f0  72 76 33 36 2e 70 61 72 74 6e 65 72 73 2e 65 78  |rv36.partners.ex|
> 		00000300  74 72 61 6e 65 74 2e 6d 69 63 72 6f 73 6f 66 74  |tranet.microsoft|
> 		00000310  2e 63 6f 6d 5c 43 65 72 74 45 6e 72 6f 6c 6c 5c  |.com\CertEnroll\|
> 		00000320  74 6b 78 70 61 73 72 76 33 36 2e 70 61 72 74 6e  |tkxpasrv36.partn|
> 		00000330  65 72 73 2e 65 78 74 72 61 6e 65 74 2e 6d 69 63  |ers.extranet.mic|
> 		00000340  72 6f 73 6f 66 74 2e 63 6f 6d 5f 4d 69 63 72 6f  |rosoft.com_Micro|
> 		00000350  73 6f 66 74 20 4c 53 52 41 20 50 41 2e 63 72 74  |soft LSRA PA.crt|
> 		00000360  30 1a                                            |0.|
> 		00000362  06 08 2b 06 01 04 01 82 37 12 01 01 ff           |..+.....7....|

And more evidence (not that we needed any) that the cert was obtained 
via MSTS licensing:

> echo '30 1a 06 08 2b 06 01 04 01 82 37 12 01 01 ff 04 0b 16 09 54 4c 53 7e 42 41 53 49 43'|xxd -r -p|openssl asn1parse -dump -inform der
>     0:d=0  hl=2 l=  26 cons: SEQUENCE
>     2:d=1  hl=2 l=   8 prim: OBJECT            :1.3.6.1.4.1.311.18   <-- a MS Terminal Services licensing specific OID
>    12:d=1  hl=2 l=   1 prim: BOOLEAN           :255
>    15:d=1  hl=2 l=  11 prim: OCTET STRING
>       0000 - 16 09 54 4c 53 7e 42 41-53 49 43                  ..TLS~BASIC



-------------- next part --------------
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:96:0b:b2:00:00:00:01:0c:30
    Signature Algorithm: md5WithRSAEncryption
        Issuer: DC=com, DC=microsoft, DC=extranet, DC=partners, CN=Microsoft LSRA PA
        Validity
            Not Before: Jun  7 01:24:51 2011 GMT
            Not After : Feb 19 21:48:39 2012 GMT
        Subject: CN=Terminal Services LS
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (512 bit)
                Modulus:
                    00:a5:1a:fc:58:50:c2:06:a8:8b:b2:82:8e:23:4a:
                    e7:16:8d:6a:aa:28:38:fe:1a:d7:09:a6:ac:f7:88:
                    df:96:38:30:d7:32:85:46:16:2b:de:5a:ee:d8:bc:
                    ad:21:92:23:b5:e9:9c:89:49:27:8c:c3:f2:d1:8f:
                    15:47:7d:89:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                A3:8C:1E:F4:65:D0:2E:F4:27:7E:D6:34:19:A7:87:B2:89:A4:6B:CA
            X509v3 Authority Key Identifier: 
                keyid:75:E8:03:58:5D:FB:65:E4:D9:A6:AC:17:B6:03:7E:47:AD:2E:81:AF

            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:http://tk5paxprdsrv09.partners.extranet.microsoft.com/CertEnroll/Microsoft%20LSRA%20PA.crl
                  URI:file://\\TK5PAXPRDSRV09.partners.extranet.microsoft.com\CertEnroll\Microsoft LSRA PA.crl

            Authority Information Access: 
                CA Issuers - URI:http://tk5paxprdsrv09.partners.extranet.microsoft.com/CertEnroll/TK5PAXPRDSRV09.partners.extranet.microsoft.com_Microsoft%20LSRA%20PA.crt
                CA Issuers - URI:file://\\TK5PAXPRDSRV09.partners.extranet.microsoft.com\CertEnroll\TK5PAXPRDSRV09.partners.extranet.microsoft.com_Microsoft LSRA PA.crt

            1.3.6.1.4.1.311.18: critical
                ..TLS~BASIC
    Signature Algorithm: md5WithRSAEncryption
         83:55:27:29:70:5c:e8:94:48:a8:4b:48:dc:2b:7c:96:4c:19:
         32:47:d3:ea:17:6c:34:e5:29:94:16:81:e5:c7:2e:59:6a:a0:
         9c:67:2c:6b:97:d3:d4:c5:d4:61:43:28:cf:a0:39:b1:f6:ec:
         c2:87:86:da:8a:f7:e7:0e:16:ab:c5:82:8c:bf:75:bc:50:ef:
         fa:19:7a:7b:82:31:e6:52:70:d4:52:d2:1f:47:4f:d5:bd:21:
         11:2e:44:10:09:c8:8a:22:9f:6e:0a:e0:96:38:fd:59:9e:df:
         03:2d:79:ba:d7:2d:6b:30:07:17:0f:84:76:8c:1d:db:91:27:
         45:4f:c4:88:a0:00:16:33:94:31:69:26:11:41:bb:95:02:2d:
         c8:9a:c1:1a:a0:1f:a2:3e:65:37:4e:b2:da:46:d4:9f:bf:40:
         f0:dc:0f:7e:08:84:c1:ac:bc:de:19:32:04:2f:01:bb:48:c4:
         e2:5c:7f:20:9f:d2:4a:55:9d:8c:d3:75:22:df:0e:fd:3c:d9:
         06:55:4c:f8:fc:02:2b:1a:4a:34:50:af:35:3b:d8:76:87:1b:
         5f:8e:b2:1a:9d:ab:8b:4e:a8:ad:89:5f:5a:e7:67:fb:25:54:
         6f:fc:73:ea:9e:80:65:8e:9f:f3:7f:49:58:d7:10:d6:35:df:
         bd:9f:d8:4f
-----BEGIN CERTIFICATE-----
MIIE0TCCA7mgAwIBAgIKQJYLsgAAAAEMMDANBgkqhkiG9w0BAQQFADCBgDETMBEG
CgmSJomT8ixkARkWA2NvbTEZMBcGCgmSJomT8ixkARkWCW1pY3Jvc29mdDEYMBYG
CgmSJomT8ixkARkWCGV4dHJhbmV0MRgwFgYKCZImiZPyLGQBGRYIcGFydG5lcnMx
GjAYBgNVBAMTEU1pY3Jvc29mdCBMU1JBIFBBMB4XDTExMDYwNzAxMjQ1MVoXDTEy
MDIxOTIxNDgzOVowHzEdMBsGA1UEAxMUVGVybWluYWwgU2VydmljZXMgTFMwXDAN
BgkqhkiG9w0BAQEFAANLADBIAkEApRr8WFDCBqiLsoKOI0rnFo1qqig4/hrXCaas
94jfljgw1zKFRhYr3lru2LytIZIjtemciUknjMPy0Y8VR32JoQIDAQABo4ICczCC
Am8wHQYDVR0OBBYEFKOMHvRl0C70J37WNBmnh7KJpGvKMB8GA1UdIwQYMBaAFHXo
A1hd+2Xk2aasF7YDfketLoGvMIHKBgNVHR8EgcIwgb8wgbyggbmggbaGWmh0dHA6
Ly90azVwYXhwcmRzcnYwOS5wYXJ0bmVycy5leHRyYW5ldC5taWNyb3NvZnQuY29t
L0NlcnRFbnJvbGwvTWljcm9zb2Z0JTIwTFNSQSUyMFBBLmNybIZYZmlsZTovL1xc
VEs1UEFYUFJEU1JWMDkucGFydG5lcnMuZXh0cmFuZXQubWljcm9zb2Z0LmNvbVxD
ZXJ0RW5yb2xsXE1pY3Jvc29mdCBMU1JBIFBBLmNybDCCAUIGCCsGAQUFBwEBBIIB
NDCCATAwgZYGCCsGAQUFBzAChoGJaHR0cDovL3RrNXBheHByZHNydjA5LnBhcnRu
ZXJzLmV4dHJhbmV0Lm1pY3Jvc29mdC5jb20vQ2VydEVucm9sbC9USzVQQVhQUkRT
UlYwOS5wYXJ0bmVycy5leHRyYW5ldC5taWNyb3NvZnQuY29tX01pY3Jvc29mdCUy
MExTUkElMjBQQS5jcnQwgZQGCCsGAQUFBzAChoGHZmlsZTovL1xcVEs1UEFYUFJE
U1JWMDkucGFydG5lcnMuZXh0cmFuZXQubWljcm9zb2Z0LmNvbVxDZXJ0RW5yb2xs
XFRLNVBBWFBSRFNSVjA5LnBhcnRuZXJzLmV4dHJhbmV0Lm1pY3Jvc29mdC5jb21f
TWljcm9zb2Z0IExTUkEgUEEuY3J0MBoGCCsGAQQBgjcSAQH/BAsWCVRMU35CQVNJ
QzANBgkqhkiG9w0BAQQFAAOCAQEAg1UnKXBc6JRIqEtI3Ct8lkwZMkfT6hdsNOUp
lBaB5ccuWWqgnGcsa5fT1MXUYUMoz6A5sfbswoeG2or35w4Wq8WCjL91vFDv+hl6
e4Ix5lJw1FLSH0dP1b0hES5EEAnIiiKfbgrgljj9WZ7fAy15utctazAHFw+Edowd
25EnRU/EiKAAFjOUMWkmEUG7lQItyJrBGqAfoj5lN06y2kbUn79A8NwPfgiEway8
3hkyBC8Bu0jE4lx/IJ/SSlWdjNN1It8O/TzZBlVM+PwCKxpKNFCvNTvYdocbX46y
Gp2ri06orYlfWudn+yVUb/xz6p6AZY6f839JWNcQ1jXfvZ/YTw==
-----END CERTIFICATE-----
-------------- next part --------------
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0c:ea:1b:33:00:00:00:02:77:97
    Signature Algorithm: md5WithRSAEncryption
        Issuer: emailAddress=lsra at microsoft.com, C=US, ST=Washington, L=Redmond, O=Microsoft, OU=Anti Piracy, CN=Microsoft Terminal Server Registration Authority
        Validity
            Not Before: Feb 14 11:02:45 2002 GMT
            Not After : Feb 14 11:12:45 2004 GMT
        Subject: emailAddress=aterry at libero.it, C=IT, ST=PV, L=Stradella, CN=Terminal Services LS
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (512 bit)
                Modulus:
                    00:c8:8a:f0:f2:8d:4a:3a:21:e1:fe:36:9c:85:a9:
                    59:b1:a0:63:9f:51:bb:ad:1e:04:00:41:67:94:10:
                    f5:69:ca:4f:7a:d9:f0:a1:a0:9e:06:a4:e6:3d:68:
                    ca:7f:51:3c:f5:d5:da:cf:53:e8:3c:0e:64:90:05:
                    26:7d:db:0b:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                E2:B6:DC:C2:59:06:46:81:6A:A7:48:F4:AC:2B:EE:A5:7E:26:77:62
            X509v3 Authority Key Identifier: 
                keyid:05:06:52:62:77:57:4F:0C:4B:FE:C0:41:30:99:E3:11:C0:F5:B7:E4
                DirName:/C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/OU=Copyright (c) 2000 Microsoft Corp./CN=Microsoft Enforced Licensing License Server CA
                serial:61:28:74:A0:00:00:00:00:00:06

            1.3.6.1.4.1.311.18: critical
                ..TLS~BASIC
    Signature Algorithm: md5WithRSAEncryption
         ba:49:1f:db:7e:15:79:29:4c:9a:a8:b8:ac:13:80:00:8b:02:
         7c:04:59:42:c1:ed:3a:f8:28:dc:f3:c0:6a:37:8c:fc:93:16:
         a9:44:fe:a3:aa:16:90:0d:0a:6f:ea:96:57:d0:b4:ab:8d:c9:
         af:de:09:8a:de:13:b3:a5:8d:a6:24:12:e3:d8:01:dd:61:a9:
         b5:c0:0f:00:94:64:f5:67:b5:ee:a4:f2:6e:75:69:3e:3d:f1:
         ba:f7:68:b7:31:37:4b:3c:a8:b1:d9:96:68:24:0b:d7:31:a3:
         99:9c:f0:c5:89:23:d0:66:5d:72:fb:d8:8b:9f:78:de:92:60:
         02:fc
-----BEGIN CERTIFICATE-----
MIIDmjCCAwOgAwIBAgIKDOobMwAAAAJ3lzANBgkqhkiG9w0BAQQFADCBvDEhMB8G
CSqGSIb3DQEJARYSbHNyYUBtaWNyb3NvZnQuY29tMQswCQYDVQQGEwJVUzETMBEG
A1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDESMBAGA1UEChMJTWlj
cm9zb2Z0MRQwEgYDVQQLEwtBbnRpIFBpcmFjeTE5MDcGA1UEAxMwTWljcm9zb2Z0
IFRlcm1pbmFsIFNlcnZlciBSZWdpc3RyYXRpb24gQXV0aG9yaXR5MB4XDTAyMDIx
NDExMDI0NVoXDTA0MDIxNDExMTI0NVowbjEfMB0GCSqGSIb3DQEJARYQYXRlcnJ5
QGxpYmVyby5pdDELMAkGA1UEBhMCSVQxCzAJBgNVBAgTAlBWMRIwEAYDVQQHEwlT
dHJhZGVsbGExHTAbBgNVBAMTFFRlcm1pbmFsIFNlcnZpY2VzIExTMFwwDQYJKoZI
hvcNAQEBBQADSwAwSAJBAMiK8PKNSjoh4f42nIWpWbGgY59Ru60eBABBZ5QQ9WnK
T3rZ8KGgngak5j1oyn9RPPXV2s9T6DwOZJAFJn3bC2sCAwEAAaOCATIwggEuMB0G
A1UdDgQWBBTittzCWQZGgWqnSPSsK+6lfiZ3YjCB8AYDVR0jBIHoMIHlgBQFBlJi
d1dPDEv+wEEwmeMRwPW35KGBwKSBvTCBujELMAkGA1UEBhMCVVMxEzARBgNVBAgT
Cldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29m
dCBDb3Jwb3JhdGlvbjErMCkGA1UECxMiQ29weXJpZ2h0IChjKSAyMDAwIE1pY3Jv
c29mdCBDb3JwLjE3MDUGA1UEAxMuTWljcm9zb2Z0IEVuZm9yY2VkIExpY2Vuc2lu
ZyBMaWNlbnNlIFNlcnZlciBDQYIKYSh0oAAAAAAABjAaBggrBgEEAYI3EgEB/wQL
FglUTFN+QkFTSUMwDQYJKoZIhvcNAQEEBQADgYEAukkf234VeSlMmqi4rBOAAIsC
fARZQsHtOvgo3PPAajeM/JMWqUT+o6oWkA0Kb+qWV9C0q43Jr94Jit4Ts6WNpiQS
49gB3WGptcAPAJRk9We17qTybnVpPj3xuvdotzE3SzyosdmWaCQL1zGjmZzwxYkj
0GZdcvvYi5943pJgAvw=
-----END CERTIFICATE-----
-------------- next part --------------
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            14:51:5b:02:00:00:00:00:00:08
    Signature Algorithm: md5WithRSAEncryption
        Issuer: DC=com, DC=microsoft, DC=extranet, DC=partners, CN=Microsoft LSRA PA
        Validity
            Not Before: Feb 23 19:21:36 2010 GMT
            Not After : Feb 19 21:48:39 2012 GMT
        Subject: C=US, ST=Washington, L=Redmond, O=Microsoft, CN=TLS Server
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (1024 bit)
                Modulus:
                    00:b8:88:fb:42:d4:31:b0:f7:d7:f4:dc:35:59:8e:
                    9c:e3:63:d9:fe:81:98:6d:58:80:10:51:9b:9e:11:
                    04:50:e9:29:e6:93:a5:23:f8:10:75:e0:a6:a1:9f:
                    07:53:77:14:b3:db:c8:eb:ab:77:0e:88:9a:a5:f2:
                    29:d4:90:73:e5:d7:13:13:e2:05:57:08:69:1d:e4:
                    42:bd:95:00:8a:2a:43:53:d7:ca:d8:0d:4c:a3:85:
                    3e:70:cf:80:2f:71:bd:18:bb:77:d3:d2:71:5d:47:
                    43:1c:60:9c:35:11:9f:36:b2:d9:6c:37:3d:0b:07:
                    34:7e:cc:2b:11:14:bc:4d:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature, Non Repudiation
            X509v3 Subject Key Identifier: 
                C5:01:E3:20:B1:88:03:51:7E:65:13:A8:B1:62:7D:D0:CC:6B:D9:17
            X509v3 Authority Key Identifier: 
                keyid:75:E8:03:58:5D:FB:65:E4:D9:A6:AC:17:B6:03:7E:47:AD:2E:81:AF

            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:http://tkxpasrv36.partners.extranet.microsoft.com/CertEnroll/Microsoft%20LSRA%20PA.crl
                  URI:file://\\tkxpasrv36.partners.extranet.microsoft.com\CertEnroll\Microsoft LSRA PA.crl

            Authority Information Access: 
                CA Issuers - URI:http://tkxpasrv36.partners.extranet.microsoft.com/CertEnroll/tkxpasrv36.partners.extranet.microsoft.com_Microsoft%20LSRA%20PA.crt
                CA Issuers - URI:file://\\tkxpasrv36.partners.extranet.microsoft.com\CertEnroll\tkxpasrv36.partners.extranet.microsoft.com_Microsoft LSRA PA.crt

    Signature Algorithm: md5WithRSAEncryption
         63:1d:f1:1b:73:08:8c:04:8e:9c:aa:1c:79:9e:cb:3f:6c:22:
         aa:41:a0:66:21:8f:49:21:9e:43:77:0e:22:9a:25:02:b2:15:
         65:f1:6b:82:2d:a5:f6:05:9d:36:4c:25:ae:85:3c:3a:4e:60:
         9d:2a:cb:b0:24:a6:6d:5c:5a:5e:85:df:f6:67:7e:71:9c:21:
         f0:76:42:a2:98:32:0d:7b:61:06:58:c6:c1:a1:38:5e:f1:9c:
         8d:d7:ac:a4:35:80:19:ed:e5:4e:81:4b:a7:d2:4b:e6:b1:84:
         96:07:80:a1:d3:1f:6a:fc:da:22:a1:d9:5b:c7:cd:a4:9f:96:
         f7:11:a9:94:5e:a9:79:13:8d:89:b0:af:ef:da:e5:f4:d1:6e:
         8d:b7:24:e5:a6:7f:92:19:40:b4:0b:3c:03:23:27:f1:78:94:
         9a:05:d3:e1:d7:6c:f4:da:46:2b:5f:0b:71:39:85:26:e5:8b:
         fb:f9:38:bc:d8:cd:06:77:55:f5:59:90:93:5c:04:44:0f:ed:
         32:19:5c:43:67:5d:a8:0e:33:c7:54:69:0d:2b:2f:4b:f8:f4:
         aa:02:c1:ae:3b:f6:32:bf:f3:62:f9:e3:d0:24:ad:3b:66:39:
         a1:5e:87:5b:50:d5:c8:51:f3:8b:a6:2b:d7:7f:63:7f:bc:26:
         bc:99:6c:68
-----BEGIN CERTIFICATE-----
MIIFLjCCBBagAwIBAgIKFFFbAgAAAAAACDANBgkqhkiG9w0BAQQFADCBgDETMBEG
CgmSJomT8ixkARkWA2NvbTEZMBcGCgmSJomT8ixkARkWCW1pY3Jvc29mdDEYMBYG
CgmSJomT8ixkARkWCGV4dHJhbmV0MRgwFgYKCZImiZPyLGQBGRYIcGFydG5lcnMx
GjAYBgNVBAMTEU1pY3Jvc29mdCBMU1JBIFBBMB4XDTEwMDIyMzE5MjEzNloXDTEy
MDIxOTIxNDgzOVowXTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24x
EDAOBgNVBAcTB1JlZG1vbmQxEjAQBgNVBAoTCU1pY3Jvc29mdDETMBEGA1UEAxMK
VExTIFNlcnZlcjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAuIj7QtQxsPfX
9Nw1WY6c42PZ/oGYbViAEFGbnhEEUOkp5pOlI/gQdeCmoZ8HU3cUs9vI66t3Doia
pfIp1JBz5dcTE+IFVwhpHeRCvZUAiipDU9fK2A1Mo4U+cM+AL3G9GLt309JxXUdD
HGCcNRGfNrLZbDc9Cwc0fswrERS8TbUCAwEAAaOCAk4wggJKMA4GA1UdDwEB/wQE
AwIGwDAdBgNVHQ4EFgQUxQHjILGIA1F+ZROosWJ90Mxr2RcwHwYDVR0jBBgwFoAU
degDWF37ZeTZpqwXtgN+R60uga8wgcIGA1UdHwSBujCBtzCBtKCBsaCBroZWaHR0
cDovL3RreHBhc3J2MzYucGFydG5lcnMuZXh0cmFuZXQubWljcm9zb2Z0LmNvbS9D
ZXJ0RW5yb2xsL01pY3Jvc29mdCUyMExTUkElMjBQQS5jcmyGVGZpbGU6Ly9cXHRr
eHBhc3J2MzYucGFydG5lcnMuZXh0cmFuZXQubWljcm9zb2Z0LmNvbVxDZXJ0RW5y
b2xsXE1pY3Jvc29mdCBMU1JBIFBBLmNybDCCATEGCCsGAQUFBwEBBIIBIzCCAR8w
gY4GCCsGAQUFBzAChoGBaHR0cDovL3RreHBhc3J2MzYucGFydG5lcnMuZXh0cmFu
ZXQubWljcm9zb2Z0LmNvbS9DZXJ0RW5yb2xsL3RreHBhc3J2MzYucGFydG5lcnMu
ZXh0cmFuZXQubWljcm9zb2Z0LmNvbV9NaWNyb3NvZnQlMjBMU1JBJTIwUEEuY3J0
MIGLBggrBgEFBQcwAoZ/ZmlsZTovL1xcdGt4cGFzcnYzNi5wYXJ0bmVycy5leHRy
YW5ldC5taWNyb3NvZnQuY29tXENlcnRFbnJvbGxcdGt4cGFzcnYzNi5wYXJ0bmVy
cy5leHRyYW5ldC5taWNyb3NvZnQuY29tX01pY3Jvc29mdCBMU1JBIFBBLmNydDAN
BgkqhkiG9w0BAQQFAAOCAQEAYx3xG3MIjASOnKoceZ7LP2wiqkGgZiGPSSGeQ3cO
IpolArIVZfFrgi2l9gWdNkwlroU8Ok5gnSrLsCSmbVxaXoXf9md+cZwh8HZCopgy
DXthBljGwaE4XvGcjdespDWAGe3lToFLp9JL5rGElgeAodMfavzaIqHZW8fNpJ+W
9xGplF6peRONibCv79rl9NFujbck5aZ/khlAtAs8AyMn8XiUmgXT4dds9NpGK18L
cTmFJuWL+/k4vNjNBndV9VmQk1wERA/tMhlcQ2ddqA4zx1RpDSsvS/j0qgLBrjv2
Mr/zYvnj0CStO2Y5oV6HW1DVyFHzi6Yr139jf7wmvJlsaA==
-----END CERTIFICATE-----


More information about the cryptography mailing list