Condividi tramite


Richiesta EOBO PKCS #7

L'esempio seguente contiene una richiesta PKCS #7 Enroll On Behalf Of (EOBO). L'esempio è stato generato usando gli strumenti Certreq.exe e Certutil.exe. Il file inf usato come input per Certreq.exe contiene la configurazione seguente.

[NewRequest]
RequestType=pkcs7
RequesterName=Domain\TargetUser

[RequestAttributes]
CertificateTemplate=User

Questa configurazione genera l'output di esempio seguente. La configurazione specifica il tipo di richiesta (PKCS #7), il nome dell'entità che richiede la registrazione e il nome del modello. Il modello User specifica che:

  • La richiesta deve usare Microsoft Base Cryptographic Provider 1.0 o Microsoft Enhanced Cryptographic Provider 1.0.
  • Il nome del soggetto deve essere compilato da Active Directory.
  • La richiesta include il nome del modello di certificato, l'utilizzo chiavi avanzato (EKU) e le estensioni Utilizzo chiavi. L'estensione EKU specifica che il certificato emesso può essere usato per crittografare il file system (EFS), la posta elettronica sicura e l'autenticazione client.
PKCS7 Message:
  CMSG_SIGNED(2)
  CMSG_SIGNED_DATA_PKCS_1_5_VERSION(1)
  Content Type: 1.2.840.113549.1.7.1 PKCS 7 Data

PKCS7 Message Content:
================ Begin Nesting Level 1 ================
PKCS10 Certificate Request:
Version: 1
Subject:
    EMPTY

Public Key Algorithm:
    Algorithm ObjectId: 1.2.840.113549.1.1.1 RSA (RSA_SIGN)
    Algorithm Parameters:
    05 00
Public Key Length: 1024 bits
Public Key: UnusedBits = 0
    0000  30 81 89 02 81 81 00 d3  fc 7a a7 5d b5 ae dd 68
    0010  a7 a1 8b 70 1f 8f ec 83  78 ce b2 fe f6 77 59 c8
    0020  60 a6 e9 32 e2 cd bd b5  78 0c ec 92 bd a1 ce 9d
    0030  f8 64 54 4a 99 cf 45 72  da db ab 6b c2 e8 a2 8c
    0040  90 76 59 d1 59 5c a6 d3  af 33 9a 50 e9 d5 b2 6d
    0050  ec 11 f9 9d fd 4b 64 2c  74 70 76 9d 02 51 fa d9
    0060  d0 2f 39 fe 97 e3 2a dc  96 54 ed c1 71 7e 95 19
    0070  ad 0f ca a7 50 c1 9d 19  f1 09 38 7e 93 ed 28 f5
    0080  17 62 f9 81 ab f5 cd 02  03 01 00 01
Request Attributes: 5
  5 attributes:

  Attribute[0]: 1.3.6.1.4.1.311.13.2.3 (OS Version)
    Value[0][0]:
        6.0.5361.2
    0000  16 0a 36 2e 30 2e 35 33  36 31 2e 32               ..6.0.5361.2

  Attribute[1]: 1.3.6.1.4.1.311.13.2.1 (Enrollment Name Value Pair)
    Value[1][0]:
        CertificateTemplate=User
    0000  30 32 1e 26 00 43 00 65  00 72 00 74 00 69 00 66   02.&.C.e.r.t.i.f
    0010  00 69 00 63 00 61 00 74  00 65 00 54 00 65 00 6d   .i.c.a.t.e.T.e.m
    0020  00 70 00 6c 00 61 00 74  00 65 1e 08 00 55 00 73   .p.l.a.t.e...U.s
    0030  00 65 00 72                                        .e.r

  Attribute[2]: 1.3.6.1.4.1.311.21.20 (Client Information)
    Value[2][0]:
    Unknown Attribute type
    Client Id: = 9
      (XECI_DISABLE -- 0)
      (XECI_XENROLL -- 1)
      (XECI_AUTOENROLL -- 2)
      (XECI_REQWIZARD -- 3)
      (XECI_CERTREQ -- 4)
    User: JDOMCSC\administrator
    Machine: vich3d.jdomcsc.nttest.microsoft.com
    Process: certreq
    0000  30 48 02 01 09 0c 23 76  69 63 68 33 64 2e 6a 64   0H....#vich3d.jd
    0010  6f 6d 63 73 63 2e 6e 74  74 65 73 74 2e 6d 69 63   omcsc.nttest.mic
    0020  72 6f 73 6f 66 74 2e 63  6f 6d 0c 15 4a 44 4f 4d   rosoft.com..JDOM
    0030  43 53 43 5c 61 64 6d 69  6e 69 73 74 72 61 74 6f   CSC\administrato
    0040  72 0c 07 63 65 72 74 72  65 71                     r..certreq

  Attribute[3]: 1.3.6.1.4.1.311.13.2.2 (Enrollment CSP)
    Value[3][0]:
    Unknown Attribute type
    CSP Provider Info
    KeySpec = 1
    Provider = Microsoft Enhanced Cryptographic Provider v1.0
    Signature: UnusedBits=0
    0000  30 64 02 01 01 1e 5c 00  4d 00 69 00 63 00 72 00   0d....\.M.i.c.r.
    0010  6f 00 73 00 6f 00 66 00  74 00 20 00 45 00 6e 00   o.s.o.f.t. .E.n.
    0020  68 00 61 00 6e 00 63 00  65 00 64 00 20 00 43 00   h.a.n.c.e.d. .C.
    0030  72 00 79 00 70 00 74 00  6f 00 67 00 72 00 61 00   r.y.p.t.o.g.r.a.
    0040  70 00 68 00 69 00 63 00  20 00 50 00 72 00 6f 00   p.h.i.c. .P.r.o.
    0050  76 00 69 00 64 00 65 00  72 00 20 00 76 00 31 00   v.i.d.e.r. .v.1.
    0060  2e 00 30 03 01 00                                  ..0...

  Attribute[4]: 1.2.840.113549.1.9.14 (Certificate Extensions)
    Value[4][0]:
    Unknown Attribute type
Certificate Extensions: 4
    1.3.6.1.4.1.311.20.2: Flags = 0, Length = a
    Certificate Template Name (Certificate Type)
        User

    0000  1e 08 00 55 00 73 00 65  00 72                     ...U.s.e.r

    2.5.29.37: Flags = 0, Length = 22
    Enhanced Key Usage
        Encrypting File System (1.3.6.1.4.1.311.10.3.4)
        Secure Email (1.3.6.1.5.5.7.3.4)
        Client Authentication (1.3.6.1.5.5.7.3.2)

    0000  30 20 06 0a 2b 06 01 04  01 82 37 0a 03 04 06 08   0 ..+.....7.....
    0010  2b 06 01 05 05 07 03 04  06 08 2b 06 01 05 05 07   +.........+.....
    0020  03 02                                              ..

    2.5.29.15: Flags = 1(Critical), Length = 4
    Key Usage
        Digital Signature, Key Encipherment (a0)

    0000  03 02 05 a0                                        ....

    2.5.29.14: Flags = 0, Length = 16
    Subject Key Identifier
        22 bc ae e6 cd 7a fb 76 55 02 b6 9b f9 37 10 21 d3 9c e7 5a

    0000  04 14 22 bc ae e6 cd 7a  fb 76 55 02 b6 9b f9 37   .."....z.vU....7
    0010  10 21 d3 9c e7 5a                                  .!...Z

    0000  30 73 30 17 06 09 2b 06  01 04 01 82 37 14 02 04   0s0...+.....7...
    0010  0a 1e 08 00 55 00 73 00  65 00 72 30 29 06 03 55   ....U.s.e.r0)..U
    0020  1d 25 04 22 30 20 06 0a  2b 06 01 04 01 82 37 0a   .%."0 ..+.....7.
    0030  03 04 06 08 2b 06 01 05  05 07 03 04 06 08 2b 06   ....+.........+.
    0040  01 05 05 07 03 02 30 0e  06 03 55 1d 0f 01 01 ff   ......0...U.....
    0050  04 04 03 02 05 a0 30 1d  06 03 55 1d 0e 04 16 04   ......0...U.....
    0060  14 22 bc ae e6 cd 7a fb  76 55 02 b6 9b f9 37 10   ."....z.vU....7.
    0070  21 d3 9c e7 5a                                     !...Z
Signature Algorithm:
    Algorithm ObjectId: 1.2.840.113549.1.1.5 sha1RSA
    Algorithm Parameters:
    05 00
Signature: UnusedBits=0
    0000  b7 93 ce 23 99 d3 53 81  78 8a 02 c0 c0 6f d3 c9
    0010  e8 be 08 55 c5 13 ee 78  31 c9 33 3d 48 d6 0b 5d
    0020  26 80 97 0a 94 b6 73 ce  1b 1d cb 89 15 22 16 61
    0030  86 a5 10 81 ef 95 9c 89  54 b6 db 73 b0 d7 6a ec
    0040  00 26 cc d8 4d 9a 76 c9  0a 74 48 bd 0c 46 f1 a3
    0050  fb 69 6e ac 47 60 82 29  b5 b6 8c 62 0d 8b 07 f5
    0060  8d 10 5c c2 a4 01 6c 11  b4 76 ab 61 b3 6b 96 67
    0070  fa ad 44 e0 cd 38 60 5c  a1 46 6b 90 7a 3b 05 a5
Signature matches Public Key
Key Id Hash(rfc-sha1): 22 bc ae e6 cd 7a fb 76 55 02 b6 9b f9 37 10 21 d3 9c e7 5a
Key Id Hash(sha1): dd a1 92 dc 5b 5a 6a d2 86 44 d6 cb d8 fe 87 cb 2a ca f5 92
----------------  End Nesting Level 1  ----------------

Signer Count: 1
Signing Certificate Index: 0
dwFlags = CA_VERIFY_FLAGS_CONSOLE_TRACE (0x20000000)
dwFlags = CA_VERIFY_FLAGS_DUMP_CHAIN (0x40000000)
ChainFlags = CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT (0x40000000)
HCCE_LOCAL_MACHINE
CERT_CHAIN_POLICY_BASE
-------- CERT_CHAIN_CONTEXT --------
ChainContext.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
ChainContext.dwRevocationFreshnessTime: 1 Days, 7 Hours, 8 Minutes, 50 Seconds

SimpleChain.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
SimpleChain.dwRevocationFreshnessTime: 1 Days, 7 Hours, 8 Minutes, 50 Seconds

CertContext[0][0]: dwInfoStatus=102 dwErrorStatus=0
  Issuer: CN=JDOMCSC Longhorn Enterprise Root CA, O=Microsoft
  NotBefore: 5/4/2006 6:31 PM
  NotAfter: 5/3/2008 6:31 PM
  Subject: CN=Administrator, CN=Users, DC=jdomcsc, DC=nttest, DC=microsoft, DC=com
  Serial: 588cf81a000000000b57
  SubjectAltName: Other Name:Principal Name=Administrator@jdomcsc.nttest.microsoft.com
  Template: EnrollmentAgent
  4c 63 a9 53 fb 51 11 c9 20 5b 93 cb 36 da 9e 4b 2c 64 3d ea
  Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2)
  Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
    CRL 52:
    Issuer: CN=JDOMCSC Longhorn Enterprise Root CA, O=Microsoft
    6b a0 09 df 7c a5 1f 00 62 a0 b7 31 4f c2 9b 3e 40 97 cc 2b
    Delta CRL 52:
    Issuer: CN=JDOMCSC Longhorn Enterprise Root CA, O=Microsoft
    65 34 cc 62 35 11 04 f5 df 50 0a 84 3e 7a da 13 69 a2 11 f6
  Application[0] = 1.3.6.1.4.1.311.20.2.1 Certificate Request Agent

CertContext[0][1]: dwInfoStatus=10c dwErrorStatus=0
  Issuer: CN=JDOMCSC Longhorn Enterprise Root CA, O=Microsoft
  NotBefore: 3/15/2006 11:33 AM
  NotAfter: 3/15/2011 11:43 AM
  Subject: CN=JDOMCSC Longhorn Enterprise Root CA, O=Microsoft
  Serial: 1a527b5929af2eb640ada1d7beecd805
  Template: CA
  b3 c9 0e c6 08 94 7b f7 b2 b9 f2 86 3f 54 9e 82 71 2c fa a0
  Element.dwInfoStatus = CERT_TRUST_HAS_NAME_MATCH_ISSUER (0x4)
  Element.dwInfoStatus = CERT_TRUST_IS_SELF_SIGNED (0x8)
  Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)

Exclude leaf cert:
  23 02 10 d9 b1 52 54 92 56 3e f4 0b 0a 36 a9 95 63 94 2d 24
Full chain:
##   f4 6c 8d 29 e2 f0 ba 15 37 f3 2e d1 20 4a f7 18 07 e7 4d 0a

Verified Issuance Policies: None
Verified Application Policies:
    1.3.6.1.4.1.311.20.2.1 Certificate Request Agent

Signer Info[0]:
Signature matches Public Key
CMSG_SIGNER_INFO_PKCS_1_5_VERSION(1)
CERT_ID_ISSUER_SERIAL_NUMBER(1)
    Serial Number: 588cf81a000000000b57
    Issuer:
        CN=JDOMCSC Longhorn Enterprise Root CA
        O=Microsoft
    Subject:
        CN=Administrator
        CN=Users
        DC=jdomcsc
        DC=nttest
        DC=microsoft
        DC=com
Hash Algorithm:
    Algorithm ObjectId: 1.3.14.3.2.26 sha1 (sha1NoSign)
    Algorithm Parameters: NULL
Encrypted Hash Algorithm:
    Algorithm ObjectId: 1.2.840.113549.1.1.1 RSA (RSA_SIGN)
    Algorithm Parameters: NULL
Encrypted Hash:
    0000  61 f7 89 b0 eb d1 fa 1f  80 92 d9 66 7b c2 ac 86
    0010  bc d6 f9 9d 76 91 1a da  a1 6e 1f 5c 81 fc 36 f6
    0020  a9 3c 6c 9a 2a 4a 5a 2e  0e 77 62 a0 54 1d 98 1d
    0030  fe 83 bc e2 28 42 c5 e1  4e 6d ad 8d 27 57 30 08
    0040  54 17 49 d8 6e 13 29 38  83 33 74 12 42 ed e0 0e
    0050  f3 28 5a d0 a7 88 8b 40  f3 fb 12 4f a3 8c 6a 3b
    0060  c8 cd f4 f1 4b d7 6a 21  1d 03 e0 4c c2 49 da 1e
    0070  81 7a 5d a0 de 88 7c ae  10 5d 92 e2 d0 3b 17 97

Authenticated Attributes[0]:
  3 attributes:

  Attribute[0]: 1.2.840.113549.1.9.3 (Content Type)
    Value[0][0]:
    Unknown Attribute type
    1.2.840.113549.1.7.1 PKCS 7 Data
    0000  06 09 2a 86 48 86 f7 0d  01 07 01                  ..*.H......

  Attribute[1]: 1.2.840.113549.1.9.4 (Message Digest)
    Value[1][0]:
    Unknown Attribute type
    Message Digest(certutil):
        ea 0b 89 69 ef 4e 5e c3 c2 56 ac 23 1f af 05 57 5e 7c b3 16
    0000  04 14 ea 0b 89 69 ef 4e  5e c3 c2 56 ac 23 1f af   .....i.N^..V.#..
    0010  05 57 5e 7c b3 16                                  .W^|..

  Attribute[2]: 1.3.6.1.4.1.311.13.2.1 (Enrollment Name Value Pair)
    Value[2][0]:
        RequesterName=Domain\TargetUser
    0000  30 40 1e 1a 00 52 00 65  00 71 00 75 00 65 00 73   0@...R.e.q.u.e.s
    0010  00 74 00 65 00 72 00 4e  00 61 00 6d 00 65 1e 22   .t.e.r.N.a.m.e."
    0020  00 44 00 6f 00 6d 00 61  00 69 00 6e 00 5c 00 54   .D.o.m.a.i.n.\.T
    0030  00 61 00 72 00 67 00 65  00 74 00 55 00 73 00 65   .a.r.g.e.t.U.s.e
    0040  00 72                                              .r

Unauthenticated Attributes[0]:
  0 attributes:

Computed Hash: b5 58 c5 ce d8 6a 6b c4 79 8f 88 dc 85 7f ae 90 ca 13 e5 bb
No Recipient

Certificates:
================ Begin Nesting Level 1 ================
Element 0:
X509 Certificate:
Version: 3
Serial Number: 588cf81a000000000b57
    57 0b 00 00 00 00 1a f8  8c 58
Signature Algorithm:
    Algorithm ObjectId: 1.2.840.10045.4.3.3 ECDSA SHA-384(certlib) (sha384ECDSA)
    Algorithm Parameters: NULL
Issuer:
    CN=JDOMCSC Longhorn Enterprise Root CA
    O=Microsoft
    [0,0]: CERT_RDN_PRINTABLE_STRING, Length = 9 (9/64 Characters)
        2.5.4.10 Organization (O)="Microsoft"

        4d 69 63 72 6f 73 6f 66  74                        Microsoft

        4d 00 69 00 63 00 72 00  6f 00 73 00 6f 00 66 00   M.i.c.r.o.s.o.f.
        74 00                                              t.

    [1,0]: CERT_RDN_PRINTABLE_STRING, Length = 35 (35/64 Characters)
        2.5.4.3 Common Name (CN)="JDOMCSC Longhorn Enterprise Root CA"

        4a 44 4f 4d 43 53 43 20  4c 6f 6e 67 68 6f 72 6e   JDOMCSC Longhorn
        20 45 6e 74 65 72 70 72  69 73 65 20 52 6f 6f 74    Enterprise Root
        20 43 41                                            CA

        4a 00 44 00 4f 00 4d 00  43 00 53 00 43 00 20 00   J.D.O.M.C.S.C. .
        4c 00 6f 00 6e 00 67 00  68 00 6f 00 72 00 6e 00   L.o.n.g.h.o.r.n.
        20 00 45 00 6e 00 74 00  65 00 72 00 70 00 72 00    .E.n.t.e.r.p.r.
        69 00 73 00 65 00 20 00  52 00 6f 00 6f 00 74 00   i.s.e. .R.o.o.t.
        20 00 43 00 41 00                                   .C.A.


NotBefore: 5/4/2006 6:31 PM
NotAfter: 5/3/2008 6:31 PM

Subject:
    CN=Administrator
    CN=Users
    DC=jdomcsc
    DC=nttest
    DC=microsoft
    DC=com
    [0,0]: CERT_RDN_IA5_STRING, Length = 3 (3/128 Characters)
        0.9.2342.19200300.100.1.25 Domain Component (DC)="com"

        63 6f 6d                                           com

        63 00 6f 00 6d 00                                  c.o.m.

    [1,0]: CERT_RDN_IA5_STRING, Length = 9 (9/128 Characters)
        0.9.2342.19200300.100.1.25 Domain Component (DC)="microsoft"

        6d 69 63 72 6f 73 6f 66  74                        microsoft

        6d 00 69 00 63 00 72 00  6f 00 73 00 6f 00 66 00   m.i.c.r.o.s.o.f.
        74 00                                              t.

    [2,0]: CERT_RDN_IA5_STRING, Length = 6 (6/128 Characters)
        0.9.2342.19200300.100.1.25 Domain Component (DC)="nttest"

        6e 74 74 65 73 74                                  nttest

        6e 00 74 00 74 00 65 00  73 00 74 00               n.t.t.e.s.t.

    [3,0]: CERT_RDN_IA5_STRING, Length = 7 (7/128 Characters)
        0.9.2342.19200300.100.1.25 Domain Component (DC)="jdomcsc"

        6a 64 6f 6d 63 73 63                               jdomcsc

        6a 00 64 00 6f 00 6d 00  63 00 73 00 63 00         j.d.o.m.c.s.c.

    [4,0]: CERT_RDN_PRINTABLE_STRING, Length = 5 (5/64 Characters)
        2.5.4.3 Common Name (CN)="Users"

        55 73 65 72 73                                     Users

        55 00 73 00 65 00 72 00  73 00                     U.s.e.r.s.

    [5,0]: CERT_RDN_PRINTABLE_STRING, Length = 13 (13/64 Characters)
        2.5.4.3 Common Name (CN)="Administrator"

        41 64 6d 69 6e 69 73 74  72 61 74 6f 72            Administrator

        41 00 64 00 6d 00 69 00  6e 00 69 00 73 00 74 00   A.d.m.i.n.i.s.t.
        72 00 61 00 74 00 6f 00  72 00                     r.a.t.o.r.


Public Key Algorithm:
    Algorithm ObjectId: 1.2.840.113549.1.1.1 RSA (RSA_SIGN)
    Algorithm Parameters:
    05 00
Public Key Length: 1024 bits
Public Key: UnusedBits = 0
    0000  30 81 89 02 81 81 00 bf  1a 3f 63 bf 9e 24 bc 10
    0010  d9 28 63 c9 4b cf 29 d9  c5 70 28 93 8a ce e7 14
    0020  68 d5 b7 20 eb 60 f2 d9  81 19 3a 98 b8 66 85 58
    0030  31 6b 53 4b 03 b9 f3 e5  bf 85 12 11 c5 a2 9e 09
    0040  7a f7 c7 ad 8f 65 77 c1  d5 7e fd c0 48 6c 92 0c
    0050  d1 06 cd b7 86 55 b4 8e  a7 6b 8d 00 e6 13 4b 54
    0060  63 17 a5 12 13 2f 9e 32  0e 2d c7 22 09 47 e6 e9
    0070  34 77 1e 94 84 18 16 05  0d 3e da 42 8f 84 fd 65
    0080  ea 1d c4 93 f9 7d 19 02  03 01 00 01
Certificate Extensions: 8
    1.3.6.1.4.1.311.20.2: Flags = 0, Length = 20
    Certificate Template Name (Certificate Type)
        EnrollmentAgent

    0000  1e 1e 00 45 00 6e 00 72  00 6f 00 6c 00 6c 00 6d   ...E.n.r.o.l.l.m
    0010  00 65 00 6e 00 74 00 41  00 67 00 65 00 6e 00 74   .e.n.t.A.g.e.n.t

    2.5.29.37: Flags = 0, Length = e
    Enhanced Key Usage
        Certificate Request Agent (1.3.6.1.4.1.311.20.2.1)

    0000  30 0c 06 0a 2b 06 01 04  01 82 37 14 02 01         0...+.....7...

    2.5.29.15: Flags = 0, Length = 4
    Key Usage
        Digital Signature (80)

    0000  03 02 07 80                                        ....

    2.5.29.14: Flags = 0, Length = 16
    Subject Key Identifier
        9f ad 2e 19 53 07 d5 d3 34 b9 66 75 65 0e 19 85 00 3a 26 7d

    0000  04 14 9f ad 2e 19 53 07  d5 d3 34 b9 66 75 65 0e   ......S...4.fue.
    0010  19 85 00 3a 26 7d                                  ...:&}

    2.5.29.35: Flags = 0, Length = 18
    Authority Key Identifier
        KeyID=16 a1 b0 9e 8f 4f ee 2e d4 25 07 90 2b 89 37 21 70 c7 d6 65

    0000  30 16 80 14 16 a1 b0 9e  8f 4f ee 2e d4 25 07 90   0........O...%..
    0010  2b 89 37 21 70 c7 d6 65                            +.7!p..e

    2.5.29.31: Flags = 0, Length = 166
    CRL Distribution Points
        [1]CRL Distribution Point
             Distribution Point Name:
                  Full Name:
                       URL=ldap:///CN=JDOMCSC%20Longhorn%20Enterprise%20Root%20CA,CN=JAYTEST7,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=jdomcsc,DC=nttest,DC=microsoft,DC=com?certificateRevocationList?base?objectClass=cRLDistributionPoint
                       URL=https://jaytest7.jdomcsc.nttest.microsoft.com/CertEnroll/JDOMCSC%20Longhorn%20Enterprise%20Root%20CA.crl

    0000  30 82 01 62 30 82 01 5e  a0 82 01 5a a0 82 01 56   0..b0..^...Z...V
    0010  86 81 ea 6c 64 61 70 3a  2f 2f 2f 43 4e 3d 4a 44   ...ldap:///CN=JD
    0020  4f 4d 43 53 43 25 32 30  4c 6f 6e 67 68 6f 72 6e   OMCSC%20Longhorn
    0030  25 32 30 45 6e 74 65 72  70 72 69 73 65 25 32 30   %20Enterprise%20
    0040  52 6f 6f 74 25 32 30 43  41 2c 43 4e 3d 4a 41 59   Root%20CA,CN=JAY
    0050  54 45 53 54 37 2c 43 4e  3d 43 44 50 2c 43 4e 3d   TEST7,CN=CDP,CN=
    0060  50 75 62 6c 69 63 25 32  30 4b 65 79 25 32 30 53   Public%20Key%20S
    0070  65 72 76 69 63 65 73 2c  43 4e 3d 53 65 72 76 69   ervices,CN=Servi
    0080  63 65 73 2c 43 4e 3d 43  6f 6e 66 69 67 75 72 61   ces,CN=Configura
    0090  74 69 6f 6e 2c 44 43 3d  6a 64 6f 6d 63 73 63 2c   tion,DC=jdomcsc,
    00a0  44 43 3d 6e 74 74 65 73  74 2c 44 43 3d 6d 69 63   DC=nttest,DC=mic
    00b0  72 6f 73 6f 66 74 2c 44  43 3d 63 6f 6d 3f 63 65   rosoft,DC=com?ce
    00c0  72 74 69 66 69 63 61 74  65 52 65 76 6f 63 61 74   rtificateRevocat
    00d0  69 6f 6e 4c 69 73 74 3f  62 61 73 65 3f 6f 62 6a   ionList?base?obj
    00e0  65 63 74 43 6c 61 73 73  3d 63 52 4c 44 69 73 74   ectClass=cRLDist
    00f0  72 69 62 75 74 69 6f 6e  50 6f 69 6e 74 86 67 68   ributionPoint.gh
    0100  74 74 70 3a 2f 2f 6a 61  79 74 65 73 74 37 2e 6a   ttp://jaytest7.j
    0110  64 6f 6d 63 73 63 2e 6e  74 74 65 73 74 2e 6d 69   domcsc.nttest.mi
    0120  63 72 6f 73 6f 66 74 2e  63 6f 6d 2f 43 65 72 74   crosoft.com/Cert
    0130  45 6e 72 6f 6c 6c 2f 4a  44 4f 4d 43 53 43 25 32   Enroll/JDOMCSC%2
    0140  30 4c 6f 6e 67 68 6f 72  6e 25 32 30 45 6e 74 65   0Longhorn%20Ente
    0150  72 70 72 69 73 65 25 32  30 52 6f 6f 74 25 32 30   rprise%20Root%20
    0160  43 41 2e 63 72 6c                                  CA.crl

    1.3.6.1.5.5.7.1.1: Flags = 0, Length = 185
    Authority Information Access
        [1]Authority Info Access
             Access Method=Certification Authority Issuer (1.3.6.1.5.5.7.48.2)
             Alternative Name:
                  URL=ldap:///CN=JDOMCSC%20Longhorn%20Enterprise%20Root%20CA,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=jdomcsc,DC=nttest,DC=microsoft,DC=com?cACertificate?base?objectClass=certificationAuthority
        [2]Authority Info Access
             Access Method=Certification Authority Issuer (1.3.6.1.5.5.7.48.2)
             Alternative Name:
                  URL=https://jaytest7.jdomcsc.nttest.microsoft.com/CertEnroll/JAYTEST7.jdomcsc.nttest.microsoft.com_JDOMCSC%20Longhorn%20Enterprise%20Root%20CA.crt

    0000  30 82 01 81 30 81 e1 06  08 2b 06 01 05 05 07 30   0...0....+.....0
    0010  02 86 81 d4 6c 64 61 70  3a 2f 2f 2f 43 4e 3d 4a   ....ldap:///CN=J
    0020  44 4f 4d 43 53 43 25 32  30 4c 6f 6e 67 68 6f 72   DOMCSC%20Longhor
    0030  6e 25 32 30 45 6e 74 65  72 70 72 69 73 65 25 32   n%20Enterprise%2
    0040  30 52 6f 6f 74 25 32 30  43 41 2c 43 4e 3d 41 49   0Root%20CA,CN=AI
    0050  41 2c 43 4e 3d 50 75 62  6c 69 63 25 32 30 4b 65   A,CN=Public%20Ke
    0060  79 25 32 30 53 65 72 76  69 63 65 73 2c 43 4e 3d   y%20Services,CN=
    0070  53 65 72 76 69 63 65 73  2c 43 4e 3d 43 6f 6e 66   Services,CN=Conf
    0080  69 67 75 72 61 74 69 6f  6e 2c 44 43 3d 6a 64 6f   iguration,DC=jdo
    0090  6d 63 73 63 2c 44 43 3d  6e 74 74 65 73 74 2c 44   mcsc,DC=nttest,D
    00a0  43 3d 6d 69 63 72 6f 73  6f 66 74 2c 44 43 3d 63   C=microsoft,DC=c
    00b0  6f 6d 3f 63 41 43 65 72  74 69 66 69 63 61 74 65   om?cACertificate
    00c0  3f 62 61 73 65 3f 6f 62  6a 65 63 74 43 6c 61 73   ?base?objectClas
    00d0  73 3d 63 65 72 74 69 66  69 63 61 74 69 6f 6e 41   s=certificationA
    00e0  75 74 68 6f 72 69 74 79  30 81 9a 06 08 2b 06 01   uthority0....+..
    00f0  05 05 07 30 02 86 81 8d  68 74 74 70 3a 2f 2f 6a   ...0....https://j
    0100  61 79 74 65 73 74 37 2e  6a 64 6f 6d 63 73 63 2e   aytest7.jdomcsc.
    0110  6e 74 74 65 73 74 2e 6d  69 63 72 6f 73 6f 66 74   nttest.microsoft
    0120  2e 63 6f 6d 2f 43 65 72  74 45 6e 72 6f 6c 6c 2f   .com/CertEnroll/
    0130  4a 41 59 54 45 53 54 37  2e 6a 64 6f 6d 63 73 63   JAYTEST7.jdomcsc
    0140  2e 6e 74 74 65 73 74 2e  6d 69 63 72 6f 73 6f 66   .nttest.microsof
    0150  74 2e 63 6f 6d 5f 4a 44  4f 4d 43 53 43 25 32 30   t.com_JDOMCSC%20
    0160  4c 6f 6e 67 68 6f 72 6e  25 32 30 45 6e 74 65 72   Longhorn%20Enter
    0170  70 72 69 73 65 25 32 30  52 6f 6f 74 25 32 30 43   prise%20Root%20C
    0180  41 2e 63 72 74                                     A.crt

    2.5.29.17: Flags = 0, Length = 3e
    Subject Alternative Name
        Other Name:
             Principal Name=Administrator@jdomcsc.nttest.microsoft.com
    AltName: 1 entries:
    AltName[0] CERT_ALT_NAME_OTHER_NAME: 1.3.6.1.4.1.311.20.2.3 Principal Name: 
      CERT_RDN_UTF8_STRING, Length = 42 (42 Characters)
        "Administrator@jdomcsc.nttest.microsoft.com"

        41 64 6d 69 6e 69 73 74  72 61 74 6f 72 40 6a 64   Administrator@jd
        6f 6d 63 73 63 2e 6e 74  74 65 73 74 2e 6d 69 63   omcsc.nttest.mic
        72 6f 73 6f 66 74 2e 63  6f 6d                     rosoft.com

        41 00 64 00 6d 00 69 00  6e 00 69 00 73 00 74 00   A.d.m.i.n.i.s.t.
        72 00 61 00 74 00 6f 00  72 00 40 00 6a 00 64 00   r.a.t.o.r.@.j.d.
        6f 00 6d 00 63 00 73 00  63 00 2e 00 6e 00 74 00   o.m.c.s.c...n.t.
        74 00 65 00 73 00 74 00  2e 00 6d 00 69 00 63 00   t.e.s.t...m.i.c.
        72 00 6f 00 73 00 6f 00  66 00 74 00 2e 00 63 00   r.o.s.o.f.t...c.
        6f 00 6d 00                                        o.m.


    0000  30 3c a0 3a 06 0a 2b 06  01 04 01 82 37 14 02 03   0<.:..+.....7...
    0010  a0 2c 0c 2a 41 64 6d 69  6e 69 73 74 72 61 74 6f   .,.*Administrato
    0020  72 40 6a 64 6f 6d 63 73  63 2e 6e 74 74 65 73 74   r@jdomcsc.nttest
    0030  2e 6d 69 63 72 6f 73 6f  66 74 2e 63 6f 6d         .microsoft.com

Signature Algorithm:
    Algorithm ObjectId: 1.2.840.10045.4.3.3 ECDSA SHA-384(certlib) (sha384ECDSA)
    Algorithm Parameters: NULL
Signature: UnusedBits=0
    0000  df db 4e b7 c5 d1 a0 20  67 c5 35 9f 94 5c 81 0b
    0010  57 0d f1 62 38 81 1a c8  d6 dc 19 c8 1f ae 07 17
    0020  fe 71 cd 3e 00 18 a4 9d  cc ab 5b 95 bf 03 16 4d
    0030  30 02 3e df 67 d9 b2 51  d7 35 9b 26 16 23 02 13
    0040  31 28 e7 11 26 58 9b 04  93 f3 76 0b e8 8b 58 5d
    0050  9d cc a4 c1 d7 3e f2 be  d8 b5 c0 ea 44 6a 0c 4b
    0060  2b 61 30 02 64 30
Non-root Certificate
Key Id Hash(rfc-sha1): 9f ad 2e 19 53 07 d5 d3 34 b9 66 75 65 0e 19 85 00 3a 26 7d
Key Id Hash(sha1): a3 00 d8 b3 30 12 26 94 05 a4 76 17 40 11 41 fd ab de 92 a1
Cert Hash(md5): e6 37 c0 39 b7 8b 88 e3 cf 54 6e eb 13 a9 9b d8
Cert Hash(sha1): 4c 63 a9 53 fb 51 11 c9 20 5b 93 cb 36 da 9e 4b 2c 64 3d ea
----------------  End Nesting Level 1  ----------------
No CRLs
CertUtil: -dump command completed successfully.

Richieste di esempio