CMC EOBO-Anforderung
Das folgende Beispiel enthält eine CMC-Registrierungsanforderung im Auftrag von (EOBO). Das Beispiel wurde mithilfe der tools Certreq.exe und Certutil.exe generiert. Die .inf-Datei, die als Eingabe für Certreq.exe verwendet wird, enthält die folgende Konfiguration.
[NewRequest]
RequestType=cmc
RequesterName=Domain\TargetUser
[RequestAttributes]
CertificateTemplate=User
Diese Konfiguration generiert die folgende Beispielausgabe. Die Konfiguration gibt den Typ der Anforderung (CMC), den Namen der Entität an, die die Registrierung anfordert, und den Namen der Vorlage. Die Vorlage Benutzer gibt Folgendes an:
- Die Anforderung muss entweder den Microsoft Base Cryptographic Provider 1.0 oder den Microsoft Enhanced Cryptographic Provider 1.0 verwenden.
- Der Antragstellername muss aus Active Directory erstellt werden.
- Die Anforderung umfasst den Zertifikatvorlagennamen, die erweiterte Schlüsselverwendung (Enhanced Key Usage, EKU) und die Schlüsselverwendungserweiterungen. Die EKU-Erweiterung gibt an, dass das ausgestellte Zertifikat für das Verschlüsseln des Dateisystems (EFS), für sichere E-Mails und für die Clientauthentifizierung verwendet werden kann.
PKCS7/CMS Message:
CMSG_SIGNED(2)
CMSG_SIGNED_DATA_CMS_VERSION(3)
Content Type: 1.3.6.1.5.5.7.12.2 CMC Data
PKCS7 Message Content:
================ Begin Nesting Level 1 ================
CMS Certificate Request:
Tagged Attributes: 2
Body Part Id: 3
1.3.6.1.4.1.311.10.10.1 CMC Attributes
Value[0]:
Data Reference: 0
Cert Reference[0]: 1
1 attributes:
Attribute[0]: 1.3.6.1.4.1.311.21.20 (Client Information)
Value[0][0]:
Unknown Attribute type
Client Id: = 9
(XECI_DISABLE -- 0)
(XECI_XENROLL -- 1)
(XECI_AUTOENROLL -- 2)
(XECI_REQWIZARD -- 3)
(XECI_CERTREQ -- 4)
User: JDOMCSC\administrator
Machine: vich3d.jdomcsc.nttest.microsoft.com
Process: certreq
0000 30 48 02 01 09 0c 23 76 69 63 68 33 64 2e 6a 64 0H....#vich3d.jd
0010 6f 6d 63 73 63 2e 6e 74 74 65 73 74 2e 6d 69 63 omcsc.nttest.mic
0020 72 6f 73 6f 66 74 2e 63 6f 6d 0c 15 4a 44 4f 4d rosoft.com..JDOM
0030 43 53 43 5c 61 64 6d 69 6e 69 73 74 72 61 74 6f CSC\administrato
0040 72 0c 07 63 65 72 74 72 65 71 r..certreq
Body Part Id: 2
1.3.6.1.5.5.7.7.18 Reg Info
Value[0]:
RequesterName: Domain\TargetUser
Tagged Requests: 1
CMC_TAGGED_CERT_REQUEST_CHOICE:
Body Part Id: 1
================ Begin Nesting Level 2 ================
Element 0:
PKCS10 Certificate Request:
Version: 1
Subject:
EMPTY
Public Key Algorithm:
Algorithm ObjectId: 1.2.840.113549.1.1.1 RSA (RSA_SIGN)
Algorithm Parameters:
05 00
Public Key Length: 1024 bits
Public Key: UnusedBits = 0
0000 30 81 89 02 81 81 00 b7 0f 10 7a 44 05 74 91 3c
0010 b9 6e 6d bb 5f f9 27 74 66 15 7c cb 45 a4 df ba
0020 2c 18 fc c3 da 2c 4a 7c ef e7 7f 46 61 3a 59 1c
0030 37 d7 26 2f 55 f8 94 8b f9 b4 84 7e ed 74 dc de
0040 d4 2c 19 6b ef 7c f5 07 57 1f 9b ee 16 d4 21 d4
0050 33 7e 4d 47 b2 5d ee 81 6a fd b8 63 b2 db 7f 2a
0060 15 1e 68 3c 1c bb 54 a3 d8 90 c0 66 d2 e1 4a b2
0070 bb 2e ce 23 97 99 48 e1 cd 3b 1d 1c 11 bf 6e d3
0080 00 08 30 e8 6a e1 bb 02 03 01 00 01
Request Attributes: 5
5 attributes:
Attribute[0]: 1.3.6.1.4.1.311.13.2.3 (OS Version)
Value[0][0]:
6.0.5361.2
0000 16 0a 36 2e 30 2e 35 33 36 31 2e 32 ..6.0.5361.2
Attribute[1]: 1.3.6.1.4.1.311.13.2.1 (Enrollment Name Value Pair)
Value[1][0]:
CertificateTemplate=User
0000 30 32 1e 26 00 43 00 65 00 72 00 74 00 69 00 66 02.&.C.e.r.t.i.f
0010 00 69 00 63 00 61 00 74 00 65 00 54 00 65 00 6d .i.c.a.t.e.T.e.m
0020 00 70 00 6c 00 61 00 74 00 65 1e 08 00 55 00 73 .p.l.a.t.e...U.s
0030 00 65 00 72 .e.r
Attribute[2]: 1.3.6.1.4.1.311.21.20 (Client Information)
Value[2][0]:
Unknown Attribute type
Client Id: = 9
(XECI_DISABLE -- 0)
(XECI_XENROLL -- 1)
(XECI_AUTOENROLL -- 2)
(XECI_REQWIZARD -- 3)
(XECI_CERTREQ -- 4)
User: JDOMCSC\administrator
Machine: vich3d.jdomcsc.nttest.microsoft.com
Process: certreq
0000 30 48 02 01 09 0c 23 76 69 63 68 33 64 2e 6a 64 0H....#vich3d.jd
0010 6f 6d 63 73 63 2e 6e 74 74 65 73 74 2e 6d 69 63 omcsc.nttest.mic
0020 72 6f 73 6f 66 74 2e 63 6f 6d 0c 15 4a 44 4f 4d rosoft.com..JDOM
0030 43 53 43 5c 61 64 6d 69 6e 69 73 74 72 61 74 6f CSC\administrato
0040 72 0c 07 63 65 72 74 72 65 71 r..certreq
Attribute[3]: 1.3.6.1.4.1.311.13.2.2 (Enrollment CSP)
Value[3][0]:
Unknown Attribute type
CSP Provider Info
KeySpec = 1
Provider = Microsoft Enhanced Cryptographic Provider v1.0
Signature: UnusedBits=0
0000 30 64 02 01 01 1e 5c 00 4d 00 69 00 63 00 72 00 0d....\.M.i.c.r.
0010 6f 00 73 00 6f 00 66 00 74 00 20 00 45 00 6e 00 o.s.o.f.t. .E.n.
0020 68 00 61 00 6e 00 63 00 65 00 64 00 20 00 43 00 h.a.n.c.e.d. .C.
0030 72 00 79 00 70 00 74 00 6f 00 67 00 72 00 61 00 r.y.p.t.o.g.r.a.
0040 70 00 68 00 69 00 63 00 20 00 50 00 72 00 6f 00 p.h.i.c. .P.r.o.
0050 76 00 69 00 64 00 65 00 72 00 20 00 76 00 31 00 v.i.d.e.r. .v.1.
0060 2e 00 30 03 01 00 ..0...
Attribute[4]: 1.2.840.113549.1.9.14 (Certificate Extensions)
Value[4][0]:
Unknown Attribute type
Certificate Extensions: 4
1.3.6.1.4.1.311.20.2: Flags = 0, Length = a
Certificate Template Name (Certificate Type)
User
0000 1e 08 00 55 00 73 00 65 00 72 ...U.s.e.r
2.5.29.37: Flags = 0, Length = 22
Enhanced Key Usage
Encrypting File System (1.3.6.1.4.1.311.10.3.4)
Secure Email (1.3.6.1.5.5.7.3.4)
Client Authentication (1.3.6.1.5.5.7.3.2)
0000 30 20 06 0a 2b 06 01 04 01 82 37 0a 03 04 06 08 0 ..+.....7.....
0010 2b 06 01 05 05 07 03 04 06 08 2b 06 01 05 05 07 +.........+.....
0020 03 02 ..
2.5.29.15: Flags = 1(Critical), Length = 4
Key Usage
Digital Signature, Key Encipherment (a0)
0000 03 02 05 a0 ....
2.5.29.14: Flags = 0, Length = 16
Subject Key Identifier
a4 f5 5a 3a e5 a5 63 9a 26 06 9a 86 80 b7 39 96 42 c2 d6 92
0000 04 14 a4 f5 5a 3a e5 a5 63 9a 26 06 9a 86 80 b7 ....Z:..c.&.....
0010 39 96 42 c2 d6 92 9.B...
0000 30 73 30 17 06 09 2b 06 01 04 01 82 37 14 02 04 0s0...+.....7...
0010 0a 1e 08 00 55 00 73 00 65 00 72 30 29 06 03 55 ....U.s.e.r0)..U
0020 1d 25 04 22 30 20 06 0a 2b 06 01 04 01 82 37 0a .%."0 ..+.....7.
0030 03 04 06 08 2b 06 01 05 05 07 03 04 06 08 2b 06 ....+.........+.
0040 01 05 05 07 03 02 30 0e 06 03 55 1d 0f 01 01 ff ......0...U.....
0050 04 04 03 02 05 a0 30 1d 06 03 55 1d 0e 04 16 04 ......0...U.....
0060 14 a4 f5 5a 3a e5 a5 63 9a 26 06 9a 86 80 b7 39 ...Z:..c.&.....9
0070 96 42 c2 d6 92 .B...
Signature Algorithm:
Algorithm ObjectId: 1.2.840.113549.1.1.5 sha1RSA
Algorithm Parameters:
05 00
Signature: UnusedBits=0
0000 bb ec 11 7a bb 66 fe 55 d8 1a e4 b1 2b 3a 1f 45
0010 a1 a2 db f8 75 7a 4c 58 73 90 1e 68 18 53 2d 35
0020 e2 38 75 5d 8b 3e d6 dd 9b c4 c7 c8 b2 6b da 49
0030 45 8a 7c a2 fc b8 37 ff 8e b7 f2 49 a1 d2 da fd
0040 fb 9f 26 d0 31 9d f8 ce 10 0d 2b 19 f3 d4 20 81
0050 b0 ed 17 0c 4b f2 bf 92 3d 42 ba 62 6b 7c d5 8a
0060 c4 ec 0b 56 7d fa ac 69 df b8 54 6f 31 98 7d 84
0070 fa 8e 66 ce d9 4d 08 a1 92 8d ba 77 24 cd 71 5d
Signature matches Public Key
Key Id Hash(rfc-sha1): a4 f5 5a 3a e5 a5 63 9a 26 06 9a 86 80 b7 39 96 42 c2 d6 92
Key Id Hash(sha1): a6 30 45 3d a9 90 27 7d 35 48 d4 06 94 42 b7 1f 52 f5 f9 6d
---------------- End Nesting Level 2 ----------------
Tagged Content Info: 0
Tagged Other Messages: 0
---------------- End Nesting Level 1 ----------------
Signer Count: 2
Signer Info[0]:
Signature matches request Public Key
CMSG_SIGNER_INFO_CMS_VERSION(3)
CERT_ID_KEY_IDENTIFIER(2)
0000 a4 f5 5a 3a e5 a5 63 9a 26 06 9a 86 80 b7 39 96
0010 42 c2 d6 92
Hash Algorithm:
Algorithm ObjectId: 1.3.14.3.2.26 sha1 (sha1NoSign)
Algorithm Parameters: NULL
Encrypted Hash Algorithm:
Algorithm ObjectId: 1.2.840.113549.1.1.1 RSA (RSA_SIGN)
Algorithm Parameters: NULL
Encrypted Hash:
0000 9a f8 b1 da 2b 78 92 a3 ee 24 9c f7 18 67 be c4
0010 70 04 0e 90 7f 5a d6 d0 db e1 b2 a5 18 f8 14 9d
0020 a4 7c f6 bb a5 98 64 5b e5 e1 e6 cd 7c a6 0a ce
0030 c2 3b 0a 32 5e 0f 8c e2 3f b3 ac 4a 9e f4 89 4a
0040 cc 7f 97 d5 9b fa 15 9f 3d 81 64 6b 0e 44 a2 fa
0050 da bf 76 45 e3 1b b3 d2 5c 56 50 f4 16 da bb 09
0060 92 3e a4 cb ff b8 e3 27 8d 85 58 3b 3a 1b c8 85
0070 cc 86 bb c2 3f 45 19 fa 9b 38 b1 d6 ae 6c 53 9b
Authenticated Attributes[0]:
2 attributes:
Attribute[0]: 1.2.840.113549.1.9.3 (Content Type)
Value[0][0]:
Unknown Attribute type
1.3.6.1.5.5.7.12.2 CMC Data
0000 06 08 2b 06 01 05 05 07 0c 02 ..+.......
Attribute[1]: 1.2.840.113549.1.9.4 (Message Digest)
Value[1][0]:
Unknown Attribute type
Message Digest(certutil):
76 5f 2c 3f 9f bb 3e be 34 49 e8 fa 9c 19 d9 92 a8 1f da 56
0000 04 14 76 5f 2c 3f 9f bb 3e be 34 49 e8 fa 9c 19 ..v_,?..>.4I....
0010 d9 92 a8 1f da 56 .....V
Unauthenticated Attributes[0]:
0 attributes:
Computed Hash: 27 50 32 b5 c6 25 2e d4 2f 14 92 ae 7c 15 60 d3 0a 62 c4 21
Signing Certificate Index: 0
dwFlags = CA_VERIFY_FLAGS_CONSOLE_TRACE (0x20000000)
dwFlags = CA_VERIFY_FLAGS_DUMP_CHAIN (0x40000000)
ChainFlags = CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT (0x40000000)
HCCE_LOCAL_MACHINE
CERT_CHAIN_POLICY_BASE
-------- CERT_CHAIN_CONTEXT --------
ChainContext.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
ChainContext.dwRevocationFreshnessTime: 1 Days, 7 Hours, 8 Minutes, 51 Seconds
SimpleChain.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
SimpleChain.dwRevocationFreshnessTime: 1 Days, 7 Hours, 8 Minutes, 51 Seconds
CertContext[0][0]: dwInfoStatus=102 dwErrorStatus=0
Issuer: CN=JDOMCSC Longhorn Enterprise Root CA, O=Microsoft
NotBefore: 5/4/2006 6:31 PM
NotAfter: 5/3/2008 6:31 PM
Subject: CN=Administrator, CN=Users, DC=jdomcsc, DC=nttest, DC=microsoft, DC=com
Serial: 588cf81a000000000b57
SubjectAltName: Other Name:Principal Name=Administrator@jdomcsc.nttest.microsoft.com
Template: EnrollmentAgent
4c 63 a9 53 fb 51 11 c9 20 5b 93 cb 36 da 9e 4b 2c 64 3d ea
Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2)
Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
CRL 52:
Issuer: CN=JDOMCSC Longhorn Enterprise Root CA, O=Microsoft
6b a0 09 df 7c a5 1f 00 62 a0 b7 31 4f c2 9b 3e 40 97 cc 2b
Delta CRL 52:
Issuer: CN=JDOMCSC Longhorn Enterprise Root CA, O=Microsoft
65 34 cc 62 35 11 04 f5 df 50 0a 84 3e 7a da 13 69 a2 11 f6
Application[0] = 1.3.6.1.4.1.311.20.2.1 Certificate Request Agent
CertContext[0][1]: dwInfoStatus=10c dwErrorStatus=0
Issuer: CN=JDOMCSC Longhorn Enterprise Root CA, O=Microsoft
NotBefore: 3/15/2006 11:33 AM
NotAfter: 3/15/2011 11:43 AM
Subject: CN=JDOMCSC Longhorn Enterprise Root CA, O=Microsoft
Serial: 1a527b5929af2eb640ada1d7beecd805
Template: CA
b3 c9 0e c6 08 94 7b f7 b2 b9 f2 86 3f 54 9e 82 71 2c fa a0
Element.dwInfoStatus = CERT_TRUST_HAS_NAME_MATCH_ISSUER (0x4)
Element.dwInfoStatus = CERT_TRUST_IS_SELF_SIGNED (0x8)
Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
Exclude leaf cert:
23 02 10 d9 b1 52 54 92 56 3e f4 0b 0a 36 a9 95 63 94 2d 24
Full chain:
## f4 6c 8d 29 e2 f0 ba 15 37 f3 2e d1 20 4a f7 18 07 e7 4d 0a
Verified Issuance Policies: None
Verified Application Policies:
1.3.6.1.4.1.311.20.2.1 Certificate Request Agent
Signer Info[1]:
Signature matches Public Key
CMSG_SIGNER_INFO_PKCS_1_5_VERSION(1)
CERT_ID_ISSUER_SERIAL_NUMBER(1)
Serial Number: 588cf81a000000000b57
Issuer:
CN=JDOMCSC Longhorn Enterprise Root CA
O=Microsoft
Subject:
CN=Administrator
CN=Users
DC=jdomcsc
DC=nttest
DC=microsoft
DC=com
Hash Algorithm:
Algorithm ObjectId: 1.3.14.3.2.26 sha1 (sha1NoSign)
Algorithm Parameters: NULL
Encrypted Hash Algorithm:
Algorithm ObjectId: 1.2.840.113549.1.1.1 RSA (RSA_SIGN)
Algorithm Parameters: NULL
Encrypted Hash:
0000 7b 2f 3c e3 36 bd 07 73 3a 00 8b 72 33 6e f4 6e
0010 b9 fb 26 c0 1b b0 fe 0b f3 7f 16 3d 49 68 32 dc
0020 23 f5 4f b9 17 49 26 7f 9f b8 b6 c3 0d fb 20 a2
0030 a5 0f c1 bc af fe dd 4e 6b 61 e3 01 a1 76 7a 90
0040 bc 38 1e ae e4 aa 62 2c 7e 7d fb f1 bb 52 b8 e7
0050 47 29 13 f2 e1 42 e7 4c 62 37 22 14 10 ff 70 cc
0060 c4 e8 b1 b9 72 5a cb 58 28 45 e3 74 49 6c 50 e9
0070 ee b0 31 95 7f 43 9e fa 7e 03 b5 c1 88 79 c2 ba
Authenticated Attributes[1]:
2 attributes:
Attribute[0]: 1.2.840.113549.1.9.3 (Content Type)
Value[0][0]:
Unknown Attribute type
1.3.6.1.5.5.7.12.2 CMC Data
0000 06 08 2b 06 01 05 05 07 0c 02 ..+.......
Attribute[1]: 1.2.840.113549.1.9.4 (Message Digest)
Value[1][0]:
Unknown Attribute type
Message Digest(certutil):
76 5f 2c 3f 9f bb 3e be 34 49 e8 fa 9c 19 d9 92 a8 1f da 56
0000 04 14 76 5f 2c 3f 9f bb 3e be 34 49 e8 fa 9c 19 ..v_,?..>.4I....
0010 d9 92 a8 1f da 56 .....V
Unauthenticated Attributes[1]:
0 attributes:
Computed Hash: 27 50 32 b5 c6 25 2e d4 2f 14 92 ae 7c 15 60 d3 0a 62 c4 21
No Recipient
Certificates:
================ Begin Nesting Level 1 ================
Element 0:
X509 Certificate:
Version: 3
Serial Number: 588cf81a000000000b57
57 0b 00 00 00 00 1a f8 8c 58
Signature Algorithm:
Algorithm ObjectId: 1.2.840.10045.4.3.3 ECDSA SHA-384(certlib) (sha384ECDSA)
Algorithm Parameters: NULL
Issuer:
CN=JDOMCSC Longhorn Enterprise Root CA
O=Microsoft
[0,0]: CERT_RDN_PRINTABLE_STRING, Length = 9 (9/64 Characters)
2.5.4.10 Organization (O)="Microsoft"
4d 69 63 72 6f 73 6f 66 74 Microsoft
4d 00 69 00 63 00 72 00 6f 00 73 00 6f 00 66 00 M.i.c.r.o.s.o.f.
74 00 t.
[1,0]: CERT_RDN_PRINTABLE_STRING, Length = 35 (35/64 Characters)
2.5.4.3 Common Name (CN)="JDOMCSC Longhorn Enterprise Root CA"
4a 44 4f 4d 43 53 43 20 4c 6f 6e 67 68 6f 72 6e JDOMCSC Longhorn
20 45 6e 74 65 72 70 72 69 73 65 20 52 6f 6f 74 Enterprise Root
20 43 41 CA
4a 00 44 00 4f 00 4d 00 43 00 53 00 43 00 20 00 J.D.O.M.C.S.C. .
4c 00 6f 00 6e 00 67 00 68 00 6f 00 72 00 6e 00 L.o.n.g.h.o.r.n.
20 00 45 00 6e 00 74 00 65 00 72 00 70 00 72 00 .E.n.t.e.r.p.r.
69 00 73 00 65 00 20 00 52 00 6f 00 6f 00 74 00 i.s.e. .R.o.o.t.
20 00 43 00 41 00 .C.A.
NotBefore: 5/4/2006 6:31 PM
NotAfter: 5/3/2008 6:31 PM
Subject:
CN=Administrator
CN=Users
DC=jdomcsc
DC=nttest
DC=microsoft
DC=com
[0,0]: CERT_RDN_IA5_STRING, Length = 3 (3/128 Characters)
0.9.2342.19200300.100.1.25 Domain Component (DC)="com"
63 6f 6d com
63 00 6f 00 6d 00 c.o.m.
[1,0]: CERT_RDN_IA5_STRING, Length = 9 (9/128 Characters)
0.9.2342.19200300.100.1.25 Domain Component (DC)="microsoft"
6d 69 63 72 6f 73 6f 66 74 microsoft
6d 00 69 00 63 00 72 00 6f 00 73 00 6f 00 66 00 m.i.c.r.o.s.o.f.
74 00 t.
[2,0]: CERT_RDN_IA5_STRING, Length = 6 (6/128 Characters)
0.9.2342.19200300.100.1.25 Domain Component (DC)="nttest"
6e 74 74 65 73 74 nttest
6e 00 74 00 74 00 65 00 73 00 74 00 n.t.t.e.s.t.
[3,0]: CERT_RDN_IA5_STRING, Length = 7 (7/128 Characters)
0.9.2342.19200300.100.1.25 Domain Component (DC)="jdomcsc"
6a 64 6f 6d 63 73 63 jdomcsc
6a 00 64 00 6f 00 6d 00 63 00 73 00 63 00 j.d.o.m.c.s.c.
[4,0]: CERT_RDN_PRINTABLE_STRING, Length = 5 (5/64 Characters)
2.5.4.3 Common Name (CN)="Users"
55 73 65 72 73 Users
55 00 73 00 65 00 72 00 73 00 U.s.e.r.s.
[5,0]: CERT_RDN_PRINTABLE_STRING, Length = 13 (13/64 Characters)
2.5.4.3 Common Name (CN)="Administrator"
41 64 6d 69 6e 69 73 74 72 61 74 6f 72 Administrator
41 00 64 00 6d 00 69 00 6e 00 69 00 73 00 74 00 A.d.m.i.n.i.s.t.
72 00 61 00 74 00 6f 00 72 00 r.a.t.o.r.
Public Key Algorithm:
Algorithm ObjectId: 1.2.840.113549.1.1.1 RSA (RSA_SIGN)
Algorithm Parameters:
05 00
Public Key Length: 1024 bits
Public Key: UnusedBits = 0
0000 30 81 89 02 81 81 00 bf 1a 3f 63 bf 9e 24 bc 10
0010 d9 28 63 c9 4b cf 29 d9 c5 70 28 93 8a ce e7 14
0020 68 d5 b7 20 eb 60 f2 d9 81 19 3a 98 b8 66 85 58
0030 31 6b 53 4b 03 b9 f3 e5 bf 85 12 11 c5 a2 9e 09
0040 7a f7 c7 ad 8f 65 77 c1 d5 7e fd c0 48 6c 92 0c
0050 d1 06 cd b7 86 55 b4 8e a7 6b 8d 00 e6 13 4b 54
0060 63 17 a5 12 13 2f 9e 32 0e 2d c7 22 09 47 e6 e9
0070 34 77 1e 94 84 18 16 05 0d 3e da 42 8f 84 fd 65
0080 ea 1d c4 93 f9 7d 19 02 03 01 00 01
Certificate Extensions: 8
1.3.6.1.4.1.311.20.2: Flags = 0, Length = 20
Certificate Template Name (Certificate Type)
EnrollmentAgent
0000 1e 1e 00 45 00 6e 00 72 00 6f 00 6c 00 6c 00 6d ...E.n.r.o.l.l.m
0010 00 65 00 6e 00 74 00 41 00 67 00 65 00 6e 00 74 .e.n.t.A.g.e.n.t
2.5.29.37: Flags = 0, Length = e
Enhanced Key Usage
Certificate Request Agent (1.3.6.1.4.1.311.20.2.1)
0000 30 0c 06 0a 2b 06 01 04 01 82 37 14 02 01 0...+.....7...
2.5.29.15: Flags = 0, Length = 4
Key Usage
Digital Signature (80)
0000 03 02 07 80 ....
2.5.29.14: Flags = 0, Length = 16
Subject Key Identifier
9f ad 2e 19 53 07 d5 d3 34 b9 66 75 65 0e 19 85 00 3a 26 7d
0000 04 14 9f ad 2e 19 53 07 d5 d3 34 b9 66 75 65 0e ......S...4.fue.
0010 19 85 00 3a 26 7d ...:&}
2.5.29.35: Flags = 0, Length = 18
Authority Key Identifier
KeyID=16 a1 b0 9e 8f 4f ee 2e d4 25 07 90 2b 89 37 21 70 c7 d6 65
0000 30 16 80 14 16 a1 b0 9e 8f 4f ee 2e d4 25 07 90 0........O...%..
0010 2b 89 37 21 70 c7 d6 65 +.7!p..e
2.5.29.31: Flags = 0, Length = 166
CRL Distribution Points
[1]CRL Distribution Point
Distribution Point Name:
Full Name:
URL=ldap:///CN=JDOMCSC%20Longhorn%20Enterprise%20Root%20CA,CN=JAYTEST7,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=jdomcsc,DC=nttest,DC=microsoft,DC=com?certificateRevocationList?base?objectClass=cRLDistributionPoint
URL=https://jaytest7.jdomcsc.nttest.microsoft.com/CertEnroll/JDOMCSC%20Longhorn%20Enterprise%20Root%20CA.crl
0000 30 82 01 62 30 82 01 5e a0 82 01 5a a0 82 01 56 0..b0..^...Z...V
0010 86 81 ea 6c 64 61 70 3a 2f 2f 2f 43 4e 3d 4a 44 ...ldap:///CN=JD
0020 4f 4d 43 53 43 25 32 30 4c 6f 6e 67 68 6f 72 6e OMCSC%20Longhorn
0030 25 32 30 45 6e 74 65 72 70 72 69 73 65 25 32 30 %20Enterprise%20
0040 52 6f 6f 74 25 32 30 43 41 2c 43 4e 3d 4a 41 59 Root%20CA,CN=JAY
0050 54 45 53 54 37 2c 43 4e 3d 43 44 50 2c 43 4e 3d TEST7,CN=CDP,CN=
0060 50 75 62 6c 69 63 25 32 30 4b 65 79 25 32 30 53 Public%20Key%20S
0070 65 72 76 69 63 65 73 2c 43 4e 3d 53 65 72 76 69 ervices,CN=Servi
0080 63 65 73 2c 43 4e 3d 43 6f 6e 66 69 67 75 72 61 ces,CN=Configura
0090 74 69 6f 6e 2c 44 43 3d 6a 64 6f 6d 63 73 63 2c tion,DC=jdomcsc,
00a0 44 43 3d 6e 74 74 65 73 74 2c 44 43 3d 6d 69 63 DC=nttest,DC=mic
00b0 72 6f 73 6f 66 74 2c 44 43 3d 63 6f 6d 3f 63 65 rosoft,DC=com?ce
00c0 72 74 69 66 69 63 61 74 65 52 65 76 6f 63 61 74 rtificateRevocat
00d0 69 6f 6e 4c 69 73 74 3f 62 61 73 65 3f 6f 62 6a ionList?base?obj
00e0 65 63 74 43 6c 61 73 73 3d 63 52 4c 44 69 73 74 ectClass=cRLDist
00f0 72 69 62 75 74 69 6f 6e 50 6f 69 6e 74 86 67 68 ributionPoint.gh
0100 74 74 70 3a 2f 2f 6a 61 79 74 65 73 74 37 2e 6a ttp://jaytest7.j
0110 64 6f 6d 63 73 63 2e 6e 74 74 65 73 74 2e 6d 69 domcsc.nttest.mi
0120 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 43 65 72 74 crosoft.com/Cert
0130 45 6e 72 6f 6c 6c 2f 4a 44 4f 4d 43 53 43 25 32 Enroll/JDOMCSC%2
0140 30 4c 6f 6e 67 68 6f 72 6e 25 32 30 45 6e 74 65 0Longhorn%20Ente
0150 72 70 72 69 73 65 25 32 30 52 6f 6f 74 25 32 30 rprise%20Root%20
0160 43 41 2e 63 72 6c CA.crl
1.3.6.1.5.5.7.1.1: Flags = 0, Length = 185
Authority Information Access
[1]Authority Info Access
Access Method=Certification Authority Issuer (1.3.6.1.5.5.7.48.2)
Alternative Name:
URL=ldap:///CN=JDOMCSC%20Longhorn%20Enterprise%20Root%20CA,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=jdomcsc,DC=nttest,DC=microsoft,DC=com?cACertificate?base?objectClass=certificationAuthority
[2]Authority Info Access
Access Method=Certification Authority Issuer (1.3.6.1.5.5.7.48.2)
Alternative Name:
URL=https://jaytest7.jdomcsc.nttest.microsoft.com/CertEnroll/JAYTEST7.jdomcsc.nttest.microsoft.com_JDOMCSC%20Longhorn%20Enterprise%20Root%20CA.crt
0000 30 82 01 81 30 81 e1 06 08 2b 06 01 05 05 07 30 0...0....+.....0
0010 02 86 81 d4 6c 64 61 70 3a 2f 2f 2f 43 4e 3d 4a ....ldap:///CN=J
0020 44 4f 4d 43 53 43 25 32 30 4c 6f 6e 67 68 6f 72 DOMCSC%20Longhor
0030 6e 25 32 30 45 6e 74 65 72 70 72 69 73 65 25 32 n%20Enterprise%2
0040 30 52 6f 6f 74 25 32 30 43 41 2c 43 4e 3d 41 49 0Root%20CA,CN=AI
0050 41 2c 43 4e 3d 50 75 62 6c 69 63 25 32 30 4b 65 A,CN=Public%20Ke
0060 79 25 32 30 53 65 72 76 69 63 65 73 2c 43 4e 3d y%20Services,CN=
0070 53 65 72 76 69 63 65 73 2c 43 4e 3d 43 6f 6e 66 Services,CN=Conf
0080 69 67 75 72 61 74 69 6f 6e 2c 44 43 3d 6a 64 6f iguration,DC=jdo
0090 6d 63 73 63 2c 44 43 3d 6e 74 74 65 73 74 2c 44 mcsc,DC=nttest,D
00a0 43 3d 6d 69 63 72 6f 73 6f 66 74 2c 44 43 3d 63 C=microsoft,DC=c
00b0 6f 6d 3f 63 41 43 65 72 74 69 66 69 63 61 74 65 om?cACertificate
00c0 3f 62 61 73 65 3f 6f 62 6a 65 63 74 43 6c 61 73 ?base?objectClas
00d0 73 3d 63 65 72 74 69 66 69 63 61 74 69 6f 6e 41 s=certificationA
00e0 75 74 68 6f 72 69 74 79 30 81 9a 06 08 2b 06 01 uthority0....+..
00f0 05 05 07 30 02 86 81 8d 68 74 74 70 3a 2f 2f 6a ...0....https://j
0100 61 79 74 65 73 74 37 2e 6a 64 6f 6d 63 73 63 2e aytest7.jdomcsc.
0110 6e 74 74 65 73 74 2e 6d 69 63 72 6f 73 6f 66 74 nttest.microsoft
0120 2e 63 6f 6d 2f 43 65 72 74 45 6e 72 6f 6c 6c 2f .com/CertEnroll/
0130 4a 41 59 54 45 53 54 37 2e 6a 64 6f 6d 63 73 63 JAYTEST7.jdomcsc
0140 2e 6e 74 74 65 73 74 2e 6d 69 63 72 6f 73 6f 66 .nttest.microsof
0150 74 2e 63 6f 6d 5f 4a 44 4f 4d 43 53 43 25 32 30 t.com_JDOMCSC%20
0160 4c 6f 6e 67 68 6f 72 6e 25 32 30 45 6e 74 65 72 Longhorn%20Enter
0170 70 72 69 73 65 25 32 30 52 6f 6f 74 25 32 30 43 prise%20Root%20C
0180 41 2e 63 72 74 A.crt
2.5.29.17: Flags = 0, Length = 3e
Subject Alternative Name
Other Name:
Principal Name=Administrator@jdomcsc.nttest.microsoft.com
AltName: 1 entries:
AltName[0] CERT_ALT_NAME_OTHER_NAME: 1.3.6.1.4.1.311.20.2.3 Principal Name:
CERT_RDN_UTF8_STRING, Length = 42 (42 Characters)
"Administrator@jdomcsc.nttest.microsoft.com"
41 64 6d 69 6e 69 73 74 72 61 74 6f 72 40 6a 64 Administrator@jd
6f 6d 63 73 63 2e 6e 74 74 65 73 74 2e 6d 69 63 omcsc.nttest.mic
72 6f 73 6f 66 74 2e 63 6f 6d rosoft.com
41 00 64 00 6d 00 69 00 6e 00 69 00 73 00 74 00 A.d.m.i.n.i.s.t.
72 00 61 00 74 00 6f 00 72 00 40 00 6a 00 64 00 r.a.t.o.r.@.j.d.
6f 00 6d 00 63 00 73 00 63 00 2e 00 6e 00 74 00 o.m.c.s.c...n.t.
74 00 65 00 73 00 74 00 2e 00 6d 00 69 00 63 00 t.e.s.t...m.i.c.
72 00 6f 00 73 00 6f 00 66 00 74 00 2e 00 63 00 r.o.s.o.f.t...c.
6f 00 6d 00 o.m.
0000 30 3c a0 3a 06 0a 2b 06 01 04 01 82 37 14 02 03 0<.:..+.....7...
0010 a0 2c 0c 2a 41 64 6d 69 6e 69 73 74 72 61 74 6f .,.*Administrato
0020 72 40 6a 64 6f 6d 63 73 63 2e 6e 74 74 65 73 74 r@jdomcsc.nttest
0030 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d .microsoft.com
Signature Algorithm:
Algorithm ObjectId: 1.2.840.10045.4.3.3 ECDSA SHA-384(certlib) (sha384ECDSA)
Algorithm Parameters: NULL
Signature: UnusedBits=0
0000 df db 4e b7 c5 d1 a0 20 67 c5 35 9f 94 5c 81 0b
0010 57 0d f1 62 38 81 1a c8 d6 dc 19 c8 1f ae 07 17
0020 fe 71 cd 3e 00 18 a4 9d cc ab 5b 95 bf 03 16 4d
0030 30 02 3e df 67 d9 b2 51 d7 35 9b 26 16 23 02 13
0040 31 28 e7 11 26 58 9b 04 93 f3 76 0b e8 8b 58 5d
0050 9d cc a4 c1 d7 3e f2 be d8 b5 c0 ea 44 6a 0c 4b
0060 2b 61 30 02 64 30
Non-root Certificate
Key Id Hash(rfc-sha1): 9f ad 2e 19 53 07 d5 d3 34 b9 66 75 65 0e 19 85 00 3a 26 7d
Key Id Hash(sha1): a3 00 d8 b3 30 12 26 94 05 a4 76 17 40 11 41 fd ab de 92 a1
Cert Hash(md5): e6 37 c0 39 b7 8b 88 e3 cf 54 6e eb 13 a9 9b d8
Cert Hash(sha1): 4c 63 a9 53 fb 51 11 c9 20 5b 93 cb 36 da 9e 4b 2c 64 3d ea
---------------- End Nesting Level 1 ----------------
No CRLs
CertUtil: -dump command completed successfully.
Zugehörige Themen