156 ServerIron ADX Security Guide
53-1002440-03
Configuring SSL on a ServerIron ADX
6
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
Authority
Validity
Not Before: Apr 17 00:00:00 1997 GMT
Not After : Oct 24 23:59:59 2011 GMT
Subject: O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign
International Server CA - Class 3, OU=www.verisign.com/CPS Incorp.by Ref.
LIABILITY LTD.(c)97 VeriSign
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:d8:82:80:e8:d6:19:02:7d:1f:85:18:39:25:a2:
65:2b:e1:bf:d4:05:d3:bc:e6:36:3b:aa:f0:4c:6c:
5b:b6:e7:aa:3c:73:45:55:b2:f1:bd:ea:97:42:ed:
9a:34:0a:15:d4:a9:5c:f5:40:25:dd:d9:07:c1:32:
b2:75:6c:c4:ca:bb:a3:fe:56:27:71:43:aa:63:f5:
30:3e:93:28:e5:fa:f1:09:3b:f3:b7:4d:4e:39:f7:
5c:49:5a:b8:c1:1d:d3:b2:8a:fe:70:30:95:42:cb:
fe:2b:51:8b:5a:3c:3a:f9:22:4f:90:b2:02:a7:53:
9c:4f:34:e7:ab:04:b2:7b:6f
Exponent: lu IÕ8~0xlx)
*s:
*sX509v3 Basic Constraints:
*sCA:TRUE, pathlen:0
*sX509v3 Certificate Policies:
*sPolicy: 2.16.840.1.113733.1.7.1.1
*sCPS:
*sX509v3 Extended Key Usage:
*sTLS Web Server Authentication, TLS Web Client Authentication, Netscape Server
Gated Crypto, 2.16.840.1.113733.1.8.1
*sX509v3 Key Usage:
*sCertificate Sign, CRL Sign
*sNetscape Cert Type:
*sSSL CA, S/MIME CA
*sX509v3 CRL Distribution Points:
*sURI:http://crl.verisign.com/pca3.crl
Signature Algorithm: sha1WithRSAEncryption
08:01:ec:e4:68:94:03:42:f1:73:f1:23:a2:3a:de:e9:f1:da:
c6:54:c4:23:3e:86:ea:cf:6a:3a:33:ab:ea:9c:04:14:07:36:
06:0b:f9:88:6f:d5:13:ee:29:2b:c3:e4:72:8d:44:ed:d1:ac:
20:09:2d:e1:f6:e1:19:05:38:b0:3d:0f:9f:7f:f8:9e:02:dc:
86:02:86:61:4e:26:5f:5e:9f:92:1e:0c:24:a4:f5:d0:70:13:
cf:26:c3:43:3d:49:1d:9e:82:2e:52:5f:bc:3e:c6:66:29:01:
8e:4e:92:2c:bc:46:75:03:82:ac:73:e9:d9:7e:0b:67:ef:54:
52:1a
Once the chain is verified, the second step is to make sure that the intermediate CA is signed by a root CA whose certificate already exists in the client. In this example, the intermediate certificate is signed by: Issuer: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority