PKCS #7 EOBO Request
The following example contains a PKCS #7 Enroll On Behalf Of (EOBO) request. The example was generated by using the Certreq.exe and Certutil.exe tools. The .inf file used as input to Certreq.exe contains the following configuration.
[NewRequest]
RequestType=pkcs7
RequesterName=Domain\TargetUser
[RequestAttributes]
CertificateTemplate=User
This configuration generates the following sample output. The configuration specifies the type of request (PKCS #7), the name of the entity requesting the enrollment, and the name of the template. The User template specifies that:
- The request must use either the Microsoft Base Cryptographic Provider 1.0 or the Microsoft Enhanced Cryptographic Provider 1.0.
- The subject name must be built from Active Directory.
- The request includes the Certificate Template Name, Enhanced Key Usage (EKU), and Key Usage extensions. The EKU extension specifies that the issued certificate can be used for Encrypting File System (EFS), secure email, and client authentication.
PKCS7 Message:
CMSG_SIGNED(2)
CMSG_SIGNED_DATA_PKCS_1_5_VERSION(1)
Content Type: 1.2.840.113549.1.7.1 PKCS 7 Data
PKCS7 Message Content:
================ Begin Nesting Level 1 ================
PKCS10 Certificate Request:
Version: 1
Subject:
EMPTY
Public Key Algorithm:
Algorithm ObjectId: 1.2.840.113549.1.1.1 RSA (RSA_SIGN)
Algorithm Parameters:
05 00
Public Key Length: 1024 bits
Public Key: UnusedBits = 0
0000 30 81 89 02 81 81 00 d3 fc 7a a7 5d b5 ae dd 68
0010 a7 a1 8b 70 1f 8f ec 83 78 ce b2 fe f6 77 59 c8
0020 60 a6 e9 32 e2 cd bd b5 78 0c ec 92 bd a1 ce 9d
0030 f8 64 54 4a 99 cf 45 72 da db ab 6b c2 e8 a2 8c
0040 90 76 59 d1 59 5c a6 d3 af 33 9a 50 e9 d5 b2 6d
0050 ec 11 f9 9d fd 4b 64 2c 74 70 76 9d 02 51 fa d9
0060 d0 2f 39 fe 97 e3 2a dc 96 54 ed c1 71 7e 95 19
0070 ad 0f ca a7 50 c1 9d 19 f1 09 38 7e 93 ed 28 f5
0080 17 62 f9 81 ab f5 cd 02 03 01 00 01
Request Attributes: 5
5 attributes:
Attribute[0]: 1.3.6.1.4.1.311.13.2.3 (OS Version)
Value[0][0]:
6.0.5361.2
0000 16 0a 36 2e 30 2e 35 33 36 31 2e 32 ..6.0.5361.2
Attribute[1]: 1.3.6.1.4.1.311.13.2.1 (Enrollment Name Value Pair)
Value[1][0]:
CertificateTemplate=User
0000 30 32 1e 26 00 43 00 65 00 72 00 74 00 69 00 66 02.&.C.e.r.t.i.f
0010 00 69 00 63 00 61 00 74 00 65 00 54 00 65 00 6d .i.c.a.t.e.T.e.m
0020 00 70 00 6c 00 61 00 74 00 65 1e 08 00 55 00 73 .p.l.a.t.e...U.s
0030 00 65 00 72 .e.r
Attribute[2]: 1.3.6.1.4.1.311.21.20 (Client Information)
Value[2][0]:
Unknown Attribute type
Client Id: = 9
(XECI_DISABLE -- 0)
(XECI_XENROLL -- 1)
(XECI_AUTOENROLL -- 2)
(XECI_REQWIZARD -- 3)
(XECI_CERTREQ -- 4)
User: JDOMCSC\administrator
Machine: vich3d.jdomcsc.nttest.microsoft.com
Process: certreq
0000 30 48 02 01 09 0c 23 76 69 63 68 33 64 2e 6a 64 0H....#vich3d.jd
0010 6f 6d 63 73 63 2e 6e 74 74 65 73 74 2e 6d 69 63 omcsc.nttest.mic
0020 72 6f 73 6f 66 74 2e 63 6f 6d 0c 15 4a 44 4f 4d rosoft.com..JDOM
0030 43 53 43 5c 61 64 6d 69 6e 69 73 74 72 61 74 6f CSC\administrato
0040 72 0c 07 63 65 72 74 72 65 71 r..certreq
Attribute[3]: 1.3.6.1.4.1.311.13.2.2 (Enrollment CSP)
Value[3][0]:
Unknown Attribute type
CSP Provider Info
KeySpec = 1
Provider = Microsoft Enhanced Cryptographic Provider v1.0
Signature: UnusedBits=0
0000 30 64 02 01 01 1e 5c 00 4d 00 69 00 63 00 72 00 0d....\.M.i.c.r.
0010 6f 00 73 00 6f 00 66 00 74 00 20 00 45 00 6e 00 o.s.o.f.t. .E.n.
0020 68 00 61 00 6e 00 63 00 65 00 64 00 20 00 43 00 h.a.n.c.e.d. .C.
0030 72 00 79 00 70 00 74 00 6f 00 67 00 72 00 61 00 r.y.p.t.o.g.r.a.
0040 70 00 68 00 69 00 63 00 20 00 50 00 72 00 6f 00 p.h.i.c. .P.r.o.
0050 76 00 69 00 64 00 65 00 72 00 20 00 76 00 31 00 v.i.d.e.r. .v.1.
0060 2e 00 30 03 01 00 ..0...
Attribute[4]: 1.2.840.113549.1.9.14 (Certificate Extensions)
Value[4][0]:
Unknown Attribute type
Certificate Extensions: 4
1.3.6.1.4.1.311.20.2: Flags = 0, Length = a
Certificate Template Name (Certificate Type)
User
0000 1e 08 00 55 00 73 00 65 00 72 ...U.s.e.r
2.5.29.37: Flags = 0, Length = 22
Enhanced Key Usage
Encrypting File System (1.3.6.1.4.1.311.10.3.4)
Secure Email (1.3.6.1.5.5.7.3.4)
Client Authentication (1.3.6.1.5.5.7.3.2)
0000 30 20 06 0a 2b 06 01 04 01 82 37 0a 03 04 06 08 0 ..+.....7.....
0010 2b 06 01 05 05 07 03 04 06 08 2b 06 01 05 05 07 +.........+.....
0020 03 02 ..
2.5.29.15: Flags = 1(Critical), Length = 4
Key Usage
Digital Signature, Key Encipherment (a0)
0000 03 02 05 a0 ....
2.5.29.14: Flags = 0, Length = 16
Subject Key Identifier
22 bc ae e6 cd 7a fb 76 55 02 b6 9b f9 37 10 21 d3 9c e7 5a
0000 04 14 22 bc ae e6 cd 7a fb 76 55 02 b6 9b f9 37 .."....z.vU....7
0010 10 21 d3 9c e7 5a .!...Z
0000 30 73 30 17 06 09 2b 06 01 04 01 82 37 14 02 04 0s0...+.....7...
0010 0a 1e 08 00 55 00 73 00 65 00 72 30 29 06 03 55 ....U.s.e.r0)..U
0020 1d 25 04 22 30 20 06 0a 2b 06 01 04 01 82 37 0a .%."0 ..+.....7.
0030 03 04 06 08 2b 06 01 05 05 07 03 04 06 08 2b 06 ....+.........+.
0040 01 05 05 07 03 02 30 0e 06 03 55 1d 0f 01 01 ff ......0...U.....
0050 04 04 03 02 05 a0 30 1d 06 03 55 1d 0e 04 16 04 ......0...U.....
0060 14 22 bc ae e6 cd 7a fb 76 55 02 b6 9b f9 37 10 ."....z.vU....7.
0070 21 d3 9c e7 5a !...Z
Signature Algorithm:
Algorithm ObjectId: 1.2.840.113549.1.1.5 sha1RSA
Algorithm Parameters:
05 00
Signature: UnusedBits=0
0000 b7 93 ce 23 99 d3 53 81 78 8a 02 c0 c0 6f d3 c9
0010 e8 be 08 55 c5 13 ee 78 31 c9 33 3d 48 d6 0b 5d
0020 26 80 97 0a 94 b6 73 ce 1b 1d cb 89 15 22 16 61
0030 86 a5 10 81 ef 95 9c 89 54 b6 db 73 b0 d7 6a ec
0040 00 26 cc d8 4d 9a 76 c9 0a 74 48 bd 0c 46 f1 a3
0050 fb 69 6e ac 47 60 82 29 b5 b6 8c 62 0d 8b 07 f5
0060 8d 10 5c c2 a4 01 6c 11 b4 76 ab 61 b3 6b 96 67
0070 fa ad 44 e0 cd 38 60 5c a1 46 6b 90 7a 3b 05 a5
Signature matches Public Key
Key Id Hash(rfc-sha1): 22 bc ae e6 cd 7a fb 76 55 02 b6 9b f9 37 10 21 d3 9c e7 5a
Key Id Hash(sha1): dd a1 92 dc 5b 5a 6a d2 86 44 d6 cb d8 fe 87 cb 2a ca f5 92
---------------- End Nesting Level 1 ----------------
Signer Count: 1
Signing Certificate Index: 0
dwFlags = CA_VERIFY_FLAGS_CONSOLE_TRACE (0x20000000)
dwFlags = CA_VERIFY_FLAGS_DUMP_CHAIN (0x40000000)
ChainFlags = CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT (0x40000000)
HCCE_LOCAL_MACHINE
CERT_CHAIN_POLICY_BASE
-------- CERT_CHAIN_CONTEXT --------
ChainContext.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
ChainContext.dwRevocationFreshnessTime: 1 Days, 7 Hours, 8 Minutes, 50 Seconds
SimpleChain.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
SimpleChain.dwRevocationFreshnessTime: 1 Days, 7 Hours, 8 Minutes, 50 Seconds
CertContext[0][0]: dwInfoStatus=102 dwErrorStatus=0
Issuer: CN=JDOMCSC Longhorn Enterprise Root CA, O=Microsoft
NotBefore: 5/4/2006 6:31 PM
NotAfter: 5/3/2008 6:31 PM
Subject: CN=Administrator, CN=Users, DC=jdomcsc, DC=nttest, DC=microsoft, DC=com
Serial: 588cf81a000000000b57
SubjectAltName: Other Name:Principal Name=Administrator@jdomcsc.nttest.microsoft.com
Template: EnrollmentAgent
4c 63 a9 53 fb 51 11 c9 20 5b 93 cb 36 da 9e 4b 2c 64 3d ea
Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2)
Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
CRL 52:
Issuer: CN=JDOMCSC Longhorn Enterprise Root CA, O=Microsoft
6b a0 09 df 7c a5 1f 00 62 a0 b7 31 4f c2 9b 3e 40 97 cc 2b
Delta CRL 52:
Issuer: CN=JDOMCSC Longhorn Enterprise Root CA, O=Microsoft
65 34 cc 62 35 11 04 f5 df 50 0a 84 3e 7a da 13 69 a2 11 f6
Application[0] = 1.3.6.1.4.1.311.20.2.1 Certificate Request Agent
CertContext[0][1]: dwInfoStatus=10c dwErrorStatus=0
Issuer: CN=JDOMCSC Longhorn Enterprise Root CA, O=Microsoft
NotBefore: 3/15/2006 11:33 AM
NotAfter: 3/15/2011 11:43 AM
Subject: CN=JDOMCSC Longhorn Enterprise Root CA, O=Microsoft
Serial: 1a527b5929af2eb640ada1d7beecd805
Template: CA
b3 c9 0e c6 08 94 7b f7 b2 b9 f2 86 3f 54 9e 82 71 2c fa a0
Element.dwInfoStatus = CERT_TRUST_HAS_NAME_MATCH_ISSUER (0x4)
Element.dwInfoStatus = CERT_TRUST_IS_SELF_SIGNED (0x8)
Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
Exclude leaf cert:
23 02 10 d9 b1 52 54 92 56 3e f4 0b 0a 36 a9 95 63 94 2d 24
Full chain:
## f4 6c 8d 29 e2 f0 ba 15 37 f3 2e d1 20 4a f7 18 07 e7 4d 0a
Verified Issuance Policies: None
Verified Application Policies:
1.3.6.1.4.1.311.20.2.1 Certificate Request Agent
Signer Info[0]:
Signature matches Public Key
CMSG_SIGNER_INFO_PKCS_1_5_VERSION(1)
CERT_ID_ISSUER_SERIAL_NUMBER(1)
Serial Number: 588cf81a000000000b57
Issuer:
CN=JDOMCSC Longhorn Enterprise Root CA
O=Microsoft
Subject:
CN=Administrator
CN=Users
DC=jdomcsc
DC=nttest
DC=microsoft
DC=com
Hash Algorithm:
Algorithm ObjectId: 1.3.14.3.2.26 sha1 (sha1NoSign)
Algorithm Parameters: NULL
Encrypted Hash Algorithm:
Algorithm ObjectId: 1.2.840.113549.1.1.1 RSA (RSA_SIGN)
Algorithm Parameters: NULL
Encrypted Hash:
0000 61 f7 89 b0 eb d1 fa 1f 80 92 d9 66 7b c2 ac 86
0010 bc d6 f9 9d 76 91 1a da a1 6e 1f 5c 81 fc 36 f6
0020 a9 3c 6c 9a 2a 4a 5a 2e 0e 77 62 a0 54 1d 98 1d
0030 fe 83 bc e2 28 42 c5 e1 4e 6d ad 8d 27 57 30 08
0040 54 17 49 d8 6e 13 29 38 83 33 74 12 42 ed e0 0e
0050 f3 28 5a d0 a7 88 8b 40 f3 fb 12 4f a3 8c 6a 3b
0060 c8 cd f4 f1 4b d7 6a 21 1d 03 e0 4c c2 49 da 1e
0070 81 7a 5d a0 de 88 7c ae 10 5d 92 e2 d0 3b 17 97
Authenticated Attributes[0]:
3 attributes:
Attribute[0]: 1.2.840.113549.1.9.3 (Content Type)
Value[0][0]:
Unknown Attribute type
1.2.840.113549.1.7.1 PKCS 7 Data
0000 06 09 2a 86 48 86 f7 0d 01 07 01 ..*.H......
Attribute[1]: 1.2.840.113549.1.9.4 (Message Digest)
Value[1][0]:
Unknown Attribute type
Message Digest(certutil):
ea 0b 89 69 ef 4e 5e c3 c2 56 ac 23 1f af 05 57 5e 7c b3 16
0000 04 14 ea 0b 89 69 ef 4e 5e c3 c2 56 ac 23 1f af .....i.N^..V.#..
0010 05 57 5e 7c b3 16 .W^|..
Attribute[2]: 1.3.6.1.4.1.311.13.2.1 (Enrollment Name Value Pair)
Value[2][0]:
RequesterName=Domain\TargetUser
0000 30 40 1e 1a 00 52 00 65 00 71 00 75 00 65 00 73 0@...R.e.q.u.e.s
0010 00 74 00 65 00 72 00 4e 00 61 00 6d 00 65 1e 22 .t.e.r.N.a.m.e."
0020 00 44 00 6f 00 6d 00 61 00 69 00 6e 00 5c 00 54 .D.o.m.a.i.n.\.T
0030 00 61 00 72 00 67 00 65 00 74 00 55 00 73 00 65 .a.r.g.e.t.U.s.e
0040 00 72 .r
Unauthenticated Attributes[0]:
0 attributes:
Computed Hash: b5 58 c5 ce d8 6a 6b c4 79 8f 88 dc 85 7f ae 90 ca 13 e5 bb
No Recipient
Certificates:
================ Begin Nesting Level 1 ================
Element 0:
X509 Certificate:
Version: 3
Serial Number: 588cf81a000000000b57
57 0b 00 00 00 00 1a f8 8c 58
Signature Algorithm:
Algorithm ObjectId: 1.2.840.10045.4.3.3 ECDSA SHA-384(certlib) (sha384ECDSA)
Algorithm Parameters: NULL
Issuer:
CN=JDOMCSC Longhorn Enterprise Root CA
O=Microsoft
[0,0]: CERT_RDN_PRINTABLE_STRING, Length = 9 (9/64 Characters)
2.5.4.10 Organization (O)="Microsoft"
4d 69 63 72 6f 73 6f 66 74 Microsoft
4d 00 69 00 63 00 72 00 6f 00 73 00 6f 00 66 00 M.i.c.r.o.s.o.f.
74 00 t.
[1,0]: CERT_RDN_PRINTABLE_STRING, Length = 35 (35/64 Characters)
2.5.4.3 Common Name (CN)="JDOMCSC Longhorn Enterprise Root CA"
4a 44 4f 4d 43 53 43 20 4c 6f 6e 67 68 6f 72 6e JDOMCSC Longhorn
20 45 6e 74 65 72 70 72 69 73 65 20 52 6f 6f 74 Enterprise Root
20 43 41 CA
4a 00 44 00 4f 00 4d 00 43 00 53 00 43 00 20 00 J.D.O.M.C.S.C. .
4c 00 6f 00 6e 00 67 00 68 00 6f 00 72 00 6e 00 L.o.n.g.h.o.r.n.
20 00 45 00 6e 00 74 00 65 00 72 00 70 00 72 00 .E.n.t.e.r.p.r.
69 00 73 00 65 00 20 00 52 00 6f 00 6f 00 74 00 i.s.e. .R.o.o.t.
20 00 43 00 41 00 .C.A.
NotBefore: 5/4/2006 6:31 PM
NotAfter: 5/3/2008 6:31 PM
Subject:
CN=Administrator
CN=Users
DC=jdomcsc
DC=nttest
DC=microsoft
DC=com
[0,0]: CERT_RDN_IA5_STRING, Length = 3 (3/128 Characters)
0.9.2342.19200300.100.1.25 Domain Component (DC)="com"
63 6f 6d com
63 00 6f 00 6d 00 c.o.m.
[1,0]: CERT_RDN_IA5_STRING, Length = 9 (9/128 Characters)
0.9.2342.19200300.100.1.25 Domain Component (DC)="microsoft"
6d 69 63 72 6f 73 6f 66 74 microsoft
6d 00 69 00 63 00 72 00 6f 00 73 00 6f 00 66 00 m.i.c.r.o.s.o.f.
74 00 t.
[2,0]: CERT_RDN_IA5_STRING, Length = 6 (6/128 Characters)
0.9.2342.19200300.100.1.25 Domain Component (DC)="nttest"
6e 74 74 65 73 74 nttest
6e 00 74 00 74 00 65 00 73 00 74 00 n.t.t.e.s.t.
[3,0]: CERT_RDN_IA5_STRING, Length = 7 (7/128 Characters)
0.9.2342.19200300.100.1.25 Domain Component (DC)="jdomcsc"
6a 64 6f 6d 63 73 63 jdomcsc
6a 00 64 00 6f 00 6d 00 63 00 73 00 63 00 j.d.o.m.c.s.c.
[4,0]: CERT_RDN_PRINTABLE_STRING, Length = 5 (5/64 Characters)
2.5.4.3 Common Name (CN)="Users"
55 73 65 72 73 Users
55 00 73 00 65 00 72 00 73 00 U.s.e.r.s.
[5,0]: CERT_RDN_PRINTABLE_STRING, Length = 13 (13/64 Characters)
2.5.4.3 Common Name (CN)="Administrator"
41 64 6d 69 6e 69 73 74 72 61 74 6f 72 Administrator
41 00 64 00 6d 00 69 00 6e 00 69 00 73 00 74 00 A.d.m.i.n.i.s.t.
72 00 61 00 74 00 6f 00 72 00 r.a.t.o.r.
Public Key Algorithm:
Algorithm ObjectId: 1.2.840.113549.1.1.1 RSA (RSA_SIGN)
Algorithm Parameters:
05 00
Public Key Length: 1024 bits
Public Key: UnusedBits = 0
0000 30 81 89 02 81 81 00 bf 1a 3f 63 bf 9e 24 bc 10
0010 d9 28 63 c9 4b cf 29 d9 c5 70 28 93 8a ce e7 14
0020 68 d5 b7 20 eb 60 f2 d9 81 19 3a 98 b8 66 85 58
0030 31 6b 53 4b 03 b9 f3 e5 bf 85 12 11 c5 a2 9e 09
0040 7a f7 c7 ad 8f 65 77 c1 d5 7e fd c0 48 6c 92 0c
0050 d1 06 cd b7 86 55 b4 8e a7 6b 8d 00 e6 13 4b 54
0060 63 17 a5 12 13 2f 9e 32 0e 2d c7 22 09 47 e6 e9
0070 34 77 1e 94 84 18 16 05 0d 3e da 42 8f 84 fd 65
0080 ea 1d c4 93 f9 7d 19 02 03 01 00 01
Certificate Extensions: 8
1.3.6.1.4.1.311.20.2: Flags = 0, Length = 20
Certificate Template Name (Certificate Type)
EnrollmentAgent
0000 1e 1e 00 45 00 6e 00 72 00 6f 00 6c 00 6c 00 6d ...E.n.r.o.l.l.m
0010 00 65 00 6e 00 74 00 41 00 67 00 65 00 6e 00 74 .e.n.t.A.g.e.n.t
2.5.29.37: Flags = 0, Length = e
Enhanced Key Usage
Certificate Request Agent (1.3.6.1.4.1.311.20.2.1)
0000 30 0c 06 0a 2b 06 01 04 01 82 37 14 02 01 0...+.....7...
2.5.29.15: Flags = 0, Length = 4
Key Usage
Digital Signature (80)
0000 03 02 07 80 ....
2.5.29.14: Flags = 0, Length = 16
Subject Key Identifier
9f ad 2e 19 53 07 d5 d3 34 b9 66 75 65 0e 19 85 00 3a 26 7d
0000 04 14 9f ad 2e 19 53 07 d5 d3 34 b9 66 75 65 0e ......S...4.fue.
0010 19 85 00 3a 26 7d ...:&}
2.5.29.35: Flags = 0, Length = 18
Authority Key Identifier
KeyID=16 a1 b0 9e 8f 4f ee 2e d4 25 07 90 2b 89 37 21 70 c7 d6 65
0000 30 16 80 14 16 a1 b0 9e 8f 4f ee 2e d4 25 07 90 0........O...%..
0010 2b 89 37 21 70 c7 d6 65 +.7!p..e
2.5.29.31: Flags = 0, Length = 166
CRL Distribution Points
[1]CRL Distribution Point
Distribution Point Name:
Full Name:
URL=ldap:///CN=JDOMCSC%20Longhorn%20Enterprise%20Root%20CA,CN=JAYTEST7,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=jdomcsc,DC=nttest,DC=microsoft,DC=com?certificateRevocationList?base?objectClass=cRLDistributionPoint
URL=https://jaytest7.jdomcsc.nttest.microsoft.com/CertEnroll/JDOMCSC%20Longhorn%20Enterprise%20Root%20CA.crl
0000 30 82 01 62 30 82 01 5e a0 82 01 5a a0 82 01 56 0..b0..^...Z...V
0010 86 81 ea 6c 64 61 70 3a 2f 2f 2f 43 4e 3d 4a 44 ...ldap:///CN=JD
0020 4f 4d 43 53 43 25 32 30 4c 6f 6e 67 68 6f 72 6e OMCSC%20Longhorn
0030 25 32 30 45 6e 74 65 72 70 72 69 73 65 25 32 30 %20Enterprise%20
0040 52 6f 6f 74 25 32 30 43 41 2c 43 4e 3d 4a 41 59 Root%20CA,CN=JAY
0050 54 45 53 54 37 2c 43 4e 3d 43 44 50 2c 43 4e 3d TEST7,CN=CDP,CN=
0060 50 75 62 6c 69 63 25 32 30 4b 65 79 25 32 30 53 Public%20Key%20S
0070 65 72 76 69 63 65 73 2c 43 4e 3d 53 65 72 76 69 ervices,CN=Servi
0080 63 65 73 2c 43 4e 3d 43 6f 6e 66 69 67 75 72 61 ces,CN=Configura
0090 74 69 6f 6e 2c 44 43 3d 6a 64 6f 6d 63 73 63 2c tion,DC=jdomcsc,
00a0 44 43 3d 6e 74 74 65 73 74 2c 44 43 3d 6d 69 63 DC=nttest,DC=mic
00b0 72 6f 73 6f 66 74 2c 44 43 3d 63 6f 6d 3f 63 65 rosoft,DC=com?ce
00c0 72 74 69 66 69 63 61 74 65 52 65 76 6f 63 61 74 rtificateRevocat
00d0 69 6f 6e 4c 69 73 74 3f 62 61 73 65 3f 6f 62 6a ionList?base?obj
00e0 65 63 74 43 6c 61 73 73 3d 63 52 4c 44 69 73 74 ectClass=cRLDist
00f0 72 69 62 75 74 69 6f 6e 50 6f 69 6e 74 86 67 68 ributionPoint.gh
0100 74 74 70 3a 2f 2f 6a 61 79 74 65 73 74 37 2e 6a ttp://jaytest7.j
0110 64 6f 6d 63 73 63 2e 6e 74 74 65 73 74 2e 6d 69 domcsc.nttest.mi
0120 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 43 65 72 74 crosoft.com/Cert
0130 45 6e 72 6f 6c 6c 2f 4a 44 4f 4d 43 53 43 25 32 Enroll/JDOMCSC%2
0140 30 4c 6f 6e 67 68 6f 72 6e 25 32 30 45 6e 74 65 0Longhorn%20Ente
0150 72 70 72 69 73 65 25 32 30 52 6f 6f 74 25 32 30 rprise%20Root%20
0160 43 41 2e 63 72 6c CA.crl
1.3.6.1.5.5.7.1.1: Flags = 0, Length = 185
Authority Information Access
[1]Authority Info Access
Access Method=Certification Authority Issuer (1.3.6.1.5.5.7.48.2)
Alternative Name:
URL=ldap:///CN=JDOMCSC%20Longhorn%20Enterprise%20Root%20CA,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=jdomcsc,DC=nttest,DC=microsoft,DC=com?cACertificate?base?objectClass=certificationAuthority
[2]Authority Info Access
Access Method=Certification Authority Issuer (1.3.6.1.5.5.7.48.2)
Alternative Name:
URL=https://jaytest7.jdomcsc.nttest.microsoft.com/CertEnroll/JAYTEST7.jdomcsc.nttest.microsoft.com_JDOMCSC%20Longhorn%20Enterprise%20Root%20CA.crt
0000 30 82 01 81 30 81 e1 06 08 2b 06 01 05 05 07 30 0...0....+.....0
0010 02 86 81 d4 6c 64 61 70 3a 2f 2f 2f 43 4e 3d 4a ....ldap:///CN=J
0020 44 4f 4d 43 53 43 25 32 30 4c 6f 6e 67 68 6f 72 DOMCSC%20Longhor
0030 6e 25 32 30 45 6e 74 65 72 70 72 69 73 65 25 32 n%20Enterprise%2
0040 30 52 6f 6f 74 25 32 30 43 41 2c 43 4e 3d 41 49 0Root%20CA,CN=AI
0050 41 2c 43 4e 3d 50 75 62 6c 69 63 25 32 30 4b 65 A,CN=Public%20Ke
0060 79 25 32 30 53 65 72 76 69 63 65 73 2c 43 4e 3d y%20Services,CN=
0070 53 65 72 76 69 63 65 73 2c 43 4e 3d 43 6f 6e 66 Services,CN=Conf
0080 69 67 75 72 61 74 69 6f 6e 2c 44 43 3d 6a 64 6f iguration,DC=jdo
0090 6d 63 73 63 2c 44 43 3d 6e 74 74 65 73 74 2c 44 mcsc,DC=nttest,D
00a0 43 3d 6d 69 63 72 6f 73 6f 66 74 2c 44 43 3d 63 C=microsoft,DC=c
00b0 6f 6d 3f 63 41 43 65 72 74 69 66 69 63 61 74 65 om?cACertificate
00c0 3f 62 61 73 65 3f 6f 62 6a 65 63 74 43 6c 61 73 ?base?objectClas
00d0 73 3d 63 65 72 74 69 66 69 63 61 74 69 6f 6e 41 s=certificationA
00e0 75 74 68 6f 72 69 74 79 30 81 9a 06 08 2b 06 01 uthority0....+..
00f0 05 05 07 30 02 86 81 8d 68 74 74 70 3a 2f 2f 6a ...0....https://j
0100 61 79 74 65 73 74 37 2e 6a 64 6f 6d 63 73 63 2e aytest7.jdomcsc.
0110 6e 74 74 65 73 74 2e 6d 69 63 72 6f 73 6f 66 74 nttest.microsoft
0120 2e 63 6f 6d 2f 43 65 72 74 45 6e 72 6f 6c 6c 2f .com/CertEnroll/
0130 4a 41 59 54 45 53 54 37 2e 6a 64 6f 6d 63 73 63 JAYTEST7.jdomcsc
0140 2e 6e 74 74 65 73 74 2e 6d 69 63 72 6f 73 6f 66 .nttest.microsof
0150 74 2e 63 6f 6d 5f 4a 44 4f 4d 43 53 43 25 32 30 t.com_JDOMCSC%20
0160 4c 6f 6e 67 68 6f 72 6e 25 32 30 45 6e 74 65 72 Longhorn%20Enter
0170 70 72 69 73 65 25 32 30 52 6f 6f 74 25 32 30 43 prise%20Root%20C
0180 41 2e 63 72 74 A.crt
2.5.29.17: Flags = 0, Length = 3e
Subject Alternative Name
Other Name:
Principal Name=Administrator@jdomcsc.nttest.microsoft.com
AltName: 1 entries:
AltName[0] CERT_ALT_NAME_OTHER_NAME: 1.3.6.1.4.1.311.20.2.3 Principal Name:
CERT_RDN_UTF8_STRING, Length = 42 (42 Characters)
"Administrator@jdomcsc.nttest.microsoft.com"
41 64 6d 69 6e 69 73 74 72 61 74 6f 72 40 6a 64 Administrator@jd
6f 6d 63 73 63 2e 6e 74 74 65 73 74 2e 6d 69 63 omcsc.nttest.mic
72 6f 73 6f 66 74 2e 63 6f 6d rosoft.com
41 00 64 00 6d 00 69 00 6e 00 69 00 73 00 74 00 A.d.m.i.n.i.s.t.
72 00 61 00 74 00 6f 00 72 00 40 00 6a 00 64 00 r.a.t.o.r.@.j.d.
6f 00 6d 00 63 00 73 00 63 00 2e 00 6e 00 74 00 o.m.c.s.c...n.t.
74 00 65 00 73 00 74 00 2e 00 6d 00 69 00 63 00 t.e.s.t...m.i.c.
72 00 6f 00 73 00 6f 00 66 00 74 00 2e 00 63 00 r.o.s.o.f.t...c.
6f 00 6d 00 o.m.
0000 30 3c a0 3a 06 0a 2b 06 01 04 01 82 37 14 02 03 0<.:..+.....7...
0010 a0 2c 0c 2a 41 64 6d 69 6e 69 73 74 72 61 74 6f .,.*Administrato
0020 72 40 6a 64 6f 6d 63 73 63 2e 6e 74 74 65 73 74 r@jdomcsc.nttest
0030 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d .microsoft.com
Signature Algorithm:
Algorithm ObjectId: 1.2.840.10045.4.3.3 ECDSA SHA-384(certlib) (sha384ECDSA)
Algorithm Parameters: NULL
Signature: UnusedBits=0
0000 df db 4e b7 c5 d1 a0 20 67 c5 35 9f 94 5c 81 0b
0010 57 0d f1 62 38 81 1a c8 d6 dc 19 c8 1f ae 07 17
0020 fe 71 cd 3e 00 18 a4 9d cc ab 5b 95 bf 03 16 4d
0030 30 02 3e df 67 d9 b2 51 d7 35 9b 26 16 23 02 13
0040 31 28 e7 11 26 58 9b 04 93 f3 76 0b e8 8b 58 5d
0050 9d cc a4 c1 d7 3e f2 be d8 b5 c0 ea 44 6a 0c 4b
0060 2b 61 30 02 64 30
Non-root Certificate
Key Id Hash(rfc-sha1): 9f ad 2e 19 53 07 d5 d3 34 b9 66 75 65 0e 19 85 00 3a 26 7d
Key Id Hash(sha1): a3 00 d8 b3 30 12 26 94 05 a4 76 17 40 11 41 fd ab de 92 a1
Cert Hash(md5): e6 37 c0 39 b7 8b 88 e3 cf 54 6e eb 13 a9 9b d8
Cert Hash(sha1): 4c 63 a9 53 fb 51 11 c9 20 5b 93 cb 36 da 9e 4b 2c 64 3d ea
---------------- End Nesting Level 1 ----------------
No CRLs
CertUtil: -dump command completed successfully.
Related topics