Ogni host Windows 7 ha un certificato Trusted Root di Entrust che ha l'estensione "Tipo Cert Netscape" (vedi immagine)
StoconfrontandoleestensioniS/MIMEinteroperabilievedouninsiemepiuttostodiversificatodiofferteeconfigurazioni.
Cisonoclientchefannoancorariferimentoaquestaestensione?L'estensionediNetscapeènecessariaoutile?
Diseguitoèriportatoildumpcompletodelcertificato:
C:\>certutil-dumpc:\netscape.cerX509Certificate:Version:3SerialNumber:374ad243SignatureAlgorithm:AlgorithmObjectId:1.2.840.113549.1.1.5sha1RSAAlgorithmParameters:0500Issuer:CN=Entrust.netSecureServerCertificationAuthorityOU=(c)1999Entrust.netLimitedOU=www.entrust.net/CPSincorp.byref.(limitsliab.)O=Entrust.netC=USNotBefore:5/25/199912:09PMNotAfter:5/25/201912:39PMSubject:CN=Entrust.netSecureServerCertificationAuthorityOU=(c)1999Entrust.netLimitedOU=www.entrust.net/CPSincorp.byref.(limitsliab.)O=Entrust.netC=USPublicKeyAlgorithm:AlgorithmObjectId:1.2.840.113549.1.1.1RSA(RSA_SIGN)AlgorithmParameters:0500PublicKeyLength:1024bitsPublicKey:UnusedBits=0000030818702818100cd288334541b89f30f0010af379131ffaf3160c9a8e8b21068ed9f0020e79336f10a64bb47f504173f23474dc50030271981260c54720d882dd91f9a129fbc0040b371d380193f47667b8c3528d2b90adf005024da9cd65079817a5ad337f7c24ad8290060922664d1e4986c3a008af5349b65f8ed0070e310fffdb84958dca0de82396b81b11600801961b954b6e643020103CertificateExtensions:82.16.840.1.113730.1.1:Flags=0,Length=4NetscapeCertTypeSSLCA,SMIMECA,SignatureCA(07)2.5.29.31:Flags=0,Length=110CRLDistributionPoints[1]CRLDistributionPointDistributionPointName:FullName:DirectoryAddress:CN=CRL1CN=Entrust.netSecureServerCertificationAuthorityOU=(c)1999Entrust.netLimitedOU=www.entrust.net/CPSincorp.byref.(limitsliab.)O=Entrust.netC=US[2]CRLDistributionPointDistributionPointName:FullName:URL=http://www.entrust.net/CRL/net1.crl2.5.29.16:Flags=0,Length=24PrivateKeyUsagePeriodUnknownExtensiontype00003022800f3139393930353235313630390"..199905251609
0010 34 30 5a 81 0f 32 30 31 39 30 35 32 35 31 36 30 40Z..20190525160
0020 39 34 30 5a 940Z
0000: 30 22 ; SEQUENCE (22 Bytes)
0002: 80 0f ; CONTEXT_SPECIFIC[0] (f Bytes)
0004: | 31 39 39 39 30 35 32 35 31 36 30 39 34 30 5a ; 19990525160940Z
0013: 81 0f ; CONTEXT_SPECIFIC[1] (f Bytes)
0015: 32 30 31 39 30 35 32 35 31 36 30 39 34 30 5a ; 20190525160940Z
2.5.29.15: Flags = 0, Length = 4
Key Usage
Certificate Signing, Off-line CRL Signing, CRL Signing (06)
2.5.29.35: Flags = 0, Length = 18
Authority Key Identifier
KeyID=f0 17 62 13 55 3d b3 ff 0a 00 6b fb 50 84 97 f3 ed 62 d0 1a
2.5.29.14: Flags = 0, Length = 16
Subject Key Identifier
f0 17 62 13 55 3d b3 ff 0a 00 6b fb 50 84 97 f3 ed 62 d0 1a
2.5.29.19: Flags = 0, Length = 5
Basic Constraints
Subject Type=CA
Path Length Constraint=None
1.2.840.113533.7.65.0: Flags = 0, Length = c
Unknown Extension type
0000 30 0a 1b 04 56 34 2e 30 03 02 04 90 0...V4.0....
0000: 30 0a ; SEQUENCE (a Bytes)
0002: 1b 04 ; GENERAL_STRING (4 Bytes)
0004: | 56 34 2e 30 ; V4.0
0008: 03 02 ; BIT_STRING (2 Bytes)
000a: 04
000b: 90
Signature Algorithm:
Algorithm ObjectId: 1.2.840.113549.1.1.5 sha1RSA
Algorithm Parameters:
05 00
Signature: UnusedBits=0
0000 b2 f9 06 ed ea 93 0a f7 0b 45 2d 6d 3e 52 f9 05
0010 5c b5 19 73 54 a0 87 78 32 ab ef 05 ad ba 1f 2c
0020 a3 62 2f 96 22 0e 58 8c 43 60 c3 d9 1d d7 9f 3d
0030 e2 3c f6 72 ba 32 87 a8 bb 98 d3 f4 18 4f 46 ef
0040 11 7a 84 75 57 e3 3f ee e7 c6 31 c8 65 36 26 ce
0050 2c bb 04 6a 95 d5 d5 c3 f1 be 92 f7 0d 10 c5 f8
0060 8c ef b5 98 e4 fb 0a 13 8d 7c 25 ff 0e 47 fb a8
0070 17 34 8d 21 7c a5 0a a7 c2 74 64 fa 02 30 dc 90
Signature matches Public Key
Root Certificate: Subject matches Issuer
Key Id Hash(rfc-sha1): ea bf 10 a5 01 1e 95 8f c9 55 b4 67 60 a4 8f fd 8b 0f 12 b4
Key Id Hash(sha1): f0 17 62 13 55 3d b3 ff 0a 00 6b fb 50 84 97 f3 ed 62 d0 1a
Cert Hash(md5): df f2 80 73 cc f1 e6 61 73 fc f5 42 e9 c5 7c ee
Cert Hash(sha1): 99 a6 9b e6 1a fe 88 6b 4d 2b 82 00 7c b8 54 fc 31 7e 15 39
CertUtil: -dump command completed successfully.
C:\>