KTC 27インチ QD-MiniLED 4K UHD 量子ドットゲーミングモニター|デュアルモード技術 320Hz/160Hz|HDR1400|Type-C 65W|HDMI2.1/DP1.4|Adaptive Sync|フリッカーフリー対応(DC調光)| KVM対応|145% sRGB|フル装備のエルゴノミクス機能 | PS5で120 Hz(VRR)対応 | 3年保証 M27P6
5星中4.3(666)
(2025年4月26日 13:07 GMT +09:00 時点 - 詳細はこちら価格および発送可能時期は表示された日付/時刻の時点のものであり、変更される場合があります。本商品の購入においては、購入の時点で当該の Amazon サイトに表示されている価格および発送可能時期の情報が適用されます。)
Anker USB Power Strip (10-in-1, 20W) (USBタップ 電源タップ AC差込口/USB-C/USB-A/延長コード 1.5m) 【PSE技術基準適合/USB Power Delivery対応 】MacBook PD対応 Windows PC iPad iPhone Galaxy Android スマートフォン ノートPC 各種 その他機器対応
5星中4.3(500)
¥2,990 (2025年4月26日 13:09 GMT +09:00 時点 - 詳細はこちら価格および発送可能時期は表示された日付/時刻の時点のものであり、変更される場合があります。本商品の購入においては、購入の時点で当該の Amazon サイトに表示されている価格および発送可能時期の情報が適用されます。)
タッチペン 【2025年革新版 全機種対応】スタイラスペン スマホ タッチペン タブレットペン 全機種対応 超高精度 極細 互換ペン Type-C充電 電量表示/磁気吸着機能対応 軽量 耐摩 耐久 iPad・iPhone・Androidスマホ/タブレット用ペンシル
5星中4.9(2897)
¥2,199 (2025年4月26日 13:09 GMT +09:00 時点 - 詳細はこちら価格および発送可能時期は表示された日付/時刻の時点のものであり、変更される場合があります。本商品の購入においては、購入の時点で当該の Amazon サイトに表示されている価格および発送可能時期の情報が適用されます。)



OpenSSL+curlでの証明書関連トラブルシミュレーション #TLS - Qiita

背景

最近のこのXのポストに触発され、色々試してみたものです。
image.png
https://x.com/ockeghem/status/1913081176283296042

ただ、あんまり気力がないので実行方法や実行結果データをそのまま載せます。
※解釈等は非常に軽くしか行いません。

環境

  • OS
    Windows11(amd64) + WSL2上のUbuntu 24.04.02 TLS
  • OpenSSL
    OpenSSL 3.0.13 30 Jan 2024 (Library: OpenSSL 3.0.13 30 Jan 2024)
  • curl
    curl 8.5.0 (x86_64-pc-linux-gnu) libcurl/8.5.0 OpenSSL/3.0.13 zlib/1.3 brotli/1.1.0 zstd/1.5.5 libidn2/2.3.7 libpsl/0.21.2 (+libidn2/2.3.7) libssh/0.10.6/openssl/zlib nghttp2/1.59.0 librtmp/2.3 OpenLDAP/2.6.7
    Release-Date: 2023-12-06, security patched: 8.5.0-2ubuntu10.6
    Protocols: dict file ftp ftps gopher gophers http https imap imaps ldap ldaps mqtt pop3 pop3s rtmp rtsp scp sftp smb smbs smtp smtps telnet tftp
    Features: alt-svc AsynchDNS brotli GSS-API HSTS HTTP2 HTTPS-proxy IDN IPv6 Kerberos Largefile libz NTLM PSL SPNEGO SSL threadsafe TLS-SRP UnixSockets zstd
  • 壊れたRSA鍵生成ツール
    https://github.com/angel-p57/qiita-sample/tree/master/brokenrsa 上の rsa-genbkey.rb を使用
  • 通信環境
    機器ローカルの localhost ( 127.0.0.1 ) をサーバおよびOCSPレスポンダの動作用に使用します。ポート番号はそれぞれ 10443, 10080 としています。証明書もそれに合わせて作成します。
  • 実施日時
    2025/4/19の午後に実施しているため、期限切れ等の判断は、この実施日時を元にしたものです。

方針

以下のパターンを試すものとします。

  • OCSPなし
    • 正常なTLSハンドシェイク
    • 発行元CAが信頼できない(オレオレ状態)
    • ドメイン名不一致
    • 証明書期限切れ
    • 壊れたRSA鍵使用
      • サーバ認証時のサーバによるRSA署名が壊れている
        ※証明書に対応する秘密鍵が一致しない状況を擬似的に再現することを意図したものです
      • RSA署名がたまたま壊れていない扱いになる
  • OCSPあり(OCSP stapling)
    • OCSPレスポンダ不応答
    • 正常(OCSPレスポンダ応答あり)
    • revokeされた証明書(OCSP応答でrevoke)

鍵・証明書の作成

スクリプトmkca.sh, mkcrt.shを使用し、CAを2種、サーバ用鍵・証明書をケース分生成します。

  • CA用
    • CA1: メインで使用
      コマンド mkca.sh により、ca.key, ca.crt, ca.srl, ca.idx を用意します。
      それぞれCA秘密鍵、CA証明書、シリアル管理ファイル、証明書状態管理用のインデクスファイルです。
      なお、これらはOCSPレスポンダの動作用にも兼用します。
    • CA2: ダミー
      別になくてもいいのですが、コマンド mkca.sh ca2 により ca2.crt(証明書) を用意します。
  • サーバ用鍵データ
    • 正常なRSA鍵
      コマンド openssl genrsa 2048 > nrsa.key で、2048bit RSA鍵 nrsa.key を生成します。
      他のケースで使う鍵 nrsa-adom.key, nrsa-d0.key, nrsa-rev.key にも同じ鍵を使いまわすため、ファイルコピーあるいはシンボリックリンク作成をしておきます。
    • 壊れたRSA鍵
      コマンド ruby rsa-genbkey.rb 2048 3 > brsa.key により壊れたRSA鍵生成ツールを実行し、brsa.key を生成します。
      本ツールに関しては、以前の記事処理が破綻するRSA鍵についてのあれこれをご覧ください。
  • サーバ用証明書データ
    証明書作成スクリプトmkcrt.shにより各種証明書を作成します。
    • 正常な証明書 nrsa.crt: コマンド ./mkcrt.sh nrsa localhost
    • 壊れたRSA鍵用の証明書 brsa.crt: コマンド ./mkcrt.sh brsa localhost
    • ドメイン名不一致証明書 nrsa-adom.crt: コマンド ./mkcrt.sh nrsa-adom localhost2
    • 期限切れ証明書 nrsa-d0.crt: コマンド ./mkcrt.sh nrsa-d0 localhost 0
    • revokeされた証明書 nrsa-rev.crt: コマンド ./mkcrt.sh nrsa-rev localhost 365 R
      ※スクリプトに不具合があってrevoke日時が設定されないため、その後手動で ca.idx を編集します。具体的には2カラム目の有効期限の直後のTAB二連続の間に現時刻より少し前のrevoke日時を yymmddHHMMSSZ の形式で書き込みます。
CAセットアップスクリプトmkca.sh

mkca.sh

#!/bin/bash

set -e
BASE=${1:-ca}

openssl req 
  -new 
  -newkey ec:(openssl ecparam -name prime256v1) 
  -nodes 
  -keyout $BASE.key 
  -out $BASE.csr 
  -subj '/C=JP/ST=Neo-Saitama/O=Soukai Synd./CN=Six Gates Test CA'

echo 01 > $BASE.srl

openssl x509 
  -signkey $BASE.key 
  -req 
  -in $BASE.csr 
  -out $BASE.crt 
  -days 3650 
  -set_serial 01 
  -extensions testca 
  -extfile ( echo '
    [ testca ]
    subjectKeyIdentifier   = hash
    authorityKeyIdentifier = keyid:always,issuer
    basicConstraints       = critical, CA:true
    keyUsage               = critical, cRLSign, keyCertSign, digitalSignature
  ')

cp /dev/null $BASE.idx
rm -f $BASE.csr
証明書作成スクリプトmkcrt.sh

mkcrt.sh

#!/bin/bash

set -e
BASE="$1"
DOMAIN="$2"
[[ -n $BASE && -n $DOMAIN ]] || {
  echo "Usage: $0 base domain days V/R"
  exit 1
}
DAYS="${3:-365}"
CRTSTAT="${4:-V}"
CA=ca
maxtrial=20

for ((i=1; i=maxtrial; i++)); do
  echo "** trial: $i **"
  openssl req 
    -new 
    -key $BASE.key 
    -out $BASE.csr 
    -subj "/C=JP/ST=Neo-Saitama/O=Omura Industries MC./OU=#$$/CN=angel-p57"

  openssl x509 
    -req 
    -in $BASE.csr 
    -out $BASE.crt 
    -CA $CA.crt 
    -CAkey $CA.key 
    -CAserial $CA.srl 
    -days $DAYS 
    -sha256 
    -extensions testcrt 
    -extfile ( echo "
      [ testcrt ]
      basicConstraints       = CA:false
      keyUsage               = critical, digitalSignature, keyEncipherment
      extendedKeyUsage       = serverAuth
      subjectKeyIdentifier   = hash
      authorityKeyIdentifier = keyid, issuer
      subjectAltName         = DNS:$DOMAIN, IP:127.0.0.1
      certificatePolicies    = 1.3.6.1.4.1.13769.666.666.666.1.500.9.1
      authorityInfoAccess    = OCSP;URI:http://127.0.0.1:10080/
    ") && break
done
rm -f $BASE.csr

declare -A crtinfo
while read key val; do
  crtinfo[$key]="$val"
done (
  openssl x509 
    -enddate 
    -serial 
    -subject 
    -noout 
    -in $BASE.crt 
  | sed -e 's/= */ /'
)
printf '%st%stt%stunknownt%sn' 
  $CRTSTAT 
  $(TZ= date +%y%m%d%H%M%SZ -d "${crtinfo[notAfter]}") 
  ${crtinfo[serial]} 
  "${crtinfo[subject]}" >> $CA.idx

なお、サーバ証明書のサブジェクトの各要素は共通にしているため、OU だけ厳密ではありませんがテキトーに異なる値が入るようにして、サブジェクト全体で値が被らないようにしています。
※OUを設定しない場合、OCSPレスポンダが ( おそらくサブジェクトの重複で ) エラーになってしまう現象を観測しています。

TLSサーバ・OCSPレスポンダ起動用スクリプト

TLSサーバ、OCSPレスポンダ起動用のスクリプトを以下のように準備します。
TLSサーバは、OCSP staplingを使用するかどうかを選べるようにしています。
なお、起動後は動作し続けるため、killコマンド等で明示的に止める必要があります。

TLSサーバ起動スクリプト

runsvr.sh

# !/bin/bash

BASE=${1:-nrsa}
CHECK_OCSP=${2:OFF}
CA=ca

if [[ $CHECK_OCSP = ON ]]; then
  openssl s_server 
    -port 10443 
    -key $BASE.key 
    -cert $BASE.crt 
    -status_verbose 
    -WWW
else
  openssl s_server 
    -port 10443 
    -key $BASE.key 
    -cert $BASE.crt 
    -WWW
fi >> server-$BASE.log 2>&1
OCSPレスポンダ起動スクリプト

runocsp.sh

# !/bin/bash

CA=${1:-ca}

openssl ocsp 
  -port 10080 
  -index $CA.idx 
  -rsigner $CA.crt 
  -CA $CA.crt 
  -rkey $CA.key 
  >> ocsp.log 2>&1

※OCSP staplingを使用する場合、コマンドの引数等でOCSPレスポンダの使用する証明書を指定する方法が見つからなかったので、システム領域に置くようにして解決しています。具体的には、以下のようにシンボリックリンクをはっています。( このシンボリックリンク名をどう決めれば良いかは未調査です。今回は実行時の挙動を解析して名前を割り出してています )

証明書の設置状況

$ ls -l /usr/lib/ssl/certs
(略)
lrwxrwxrwx 1 root root     20 Apr 19 17:03 511aaf75.0 -> /()/ca.crt
(略)

その他

HTTPS接続で試験を行うため、試験用URL https://localhost:10443/index.txt に対応したデータファイル index.txt をテキトーに用意しておきます。
※今回は test というテキストだけ書き込んでいます。

OCSP不使用ケース

  • 正常ケースおよび発行元CAが信頼できない(オレオレ状態)ケース
    正常ケースでは、単に test というテキストデータだけ出力されますが、オレオレ状態ではself-signed certificateというメッセージが出てエラーになっています。

    実行ログ

    bash$ ./runsvr.sh nrsa &
[1] 8559
bash$ curl --trace trace-nrsa.log --cacert ca.crt https://localhost:10443/index.txt
test
bash$ curl --trace trace-nrsa-aca.log --cacert ca2.crt https://localhost:10443/index.txt
curl: (60) SSL certificate problem: self-signed certificate in certificate chain
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
bash$ kill %1
bash$
[1]+  Terminated              ./runsvr.sh nrsa
  • ドメイン名不一致
    SANがマッチしない旨エラーメッセージが出ています。

    実行ログ

    bash$ ./runsvr.sh nrsa-adom &
[1] 8563
bash$ curl --trace trace-nrsa-adom.log --cacert ca.crt https://localhost:10443/index.txt
curl: (60) SSL: no alternative certificate subject name matches target host name 'localhost'
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
bash$ kill %1
bash$
[1]+  Terminated              ./runsvr.sh nrsa-adom
  • 証明書期限切れ
    expiredというエラーメッセージが出ています。

    実行ログ

    bash$ ./runsvr.sh nrsa-d0 &
[1] 8566
bash$ curl --trace trace-nrsa-d0.log --cacert ca.crt https://localhost:10443/index.txt
curl: (60) SSL certificate problem: certificate has expired
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
bash$ kill %1
bash$
[1]+  Terminated              ./runsvr.sh nrsa-d0
  • 壊れたRSA鍵使用
    壊れたRSA鍵を使う場合、確率によって署名が壊れます。なので、両方の結果を見るためには何回か試してみる必要があります。以下のログでは、サーバ認証時のサーバによるRSA署名が壊れているケース→たまたま壊れていない扱いになるケースの順で載せています。

    実行ログ

    bash$ ./runsvr.sh brsa &
[1] 8570
bash$ curl --trace trace-brsa-ng.log --cacert ca.crt https://localhost:10443/index.txt
curl: (35) OpenSSL/3.0.13: error:02000086:rsa routines::last octet invalid
bash$ curl --trace trace-brsa-ok.log --cacert ca.crt https://localhost:10443/index.txt
test
bash$ kill %1
bash$
[1]+  Terminated              ./runsvr.sh brsa

OCSP使用ケース

curl側で--cert-statusでOCSP staplingを有効にします。

  • 正常な証明書でOCSPレスポンダ不応答/応答の違い
    OCSPレスポンダ動作前だと、TLSサーバの方でOCSP応答がなしという扱いになります。それを受けてcurlもOCSP応答なしのエラーになります。

    実行ログ

    bash$ ./runsvr.sh nrsa ON &
[1] 8577
bash$ curl --trace trace-nrsa-ocspnores.log --cert-status --cacert ca.crt https://localhost:10443/index.txt
curl: (91) No OCSP response received
bash$ ./runocsp.sh &
[2] 8580
bash$ curl --trace trace-nrsa-ocsp.log --cert-status --cacert ca.crt https://localhost:10443/index.txt
test
bash$ kill %1
bash$
[1]-  Terminated              ./runsvr.sh nrsa ON
  • revokeされた証明書(OCSP応答でrevoke)
    OCSP情報により(証明書自身の有効期限に反して)revoke済みという扱いになるため、curlでもエラーになります。

    実行ログ

    bash$ ./runsvr.sh nrsa-rev ON &
[3] 8583
bash$ curl --trace trace-nrsa-rev.log --cert-status --cacert ca.crt https://localhost:10443/index.txt
curl: (91) SSL certificate revocation reason: (UNKNOWN) (-1)
bash$

トレース内容

正常ケース

trace-nrsa.log

== Info: Host localhost:10443 was resolved.
== Info: IPv6: ::1
== Info: IPv4: 127.0.0.1
== Info:   Trying [::1]:10443...
== Info: Connected to localhost (::1) port 10443
== Info: ALPN: curl offers h2,http/1.1
=> Send SSL data, 5 bytes (0x5)
0000: 16 03 01 02 00                                  .....
== Info: TLSv1.3 (OUT), TLS handshake, Client hello (1):
=> Send SSL data, 512 bytes (0x200)
0000: 01 00 01 fc 03 03 ca d2 4e 36 ec 3f 60 e7 9d 16 ........N6.?`...
0010: 70 da 34 fd 74 22 f0 f8 12 03 a7 c7 60 c3 07 76 p.4.t"......`..v
0020: b4 32 cd 3f 72 ec 20 61 fa c9 a8 10 88 7a 5e 71 .2.?r. a.....z^q
0030: a6 16 f9 61 f1 b6 30 c0 cf ef df 66 71 a8 f9 75 ...a..0....fq..u
0040: 48 6e 68 a4 b0 33 e5 00 3e 13 02 13 03 13 01 c0 Hnh..3..>.......
0050: 2c c0 30 00 9f cc a9 cc a8 cc aa c0 2b c0 2f 00 ,.0.........+./.
0060: 9e c0 24 c0 28 00 6b c0 23 c0 27 00 67 c0 0a c0 ..$.(.k.#.'.g...
0070: 14 00 39 c0 09 c0 13 00 33 00 9d 00 9c 00 3d 00 ..9.....3.....=.
0080: 3c 00 35 00 2f 00 ff 01 00 01 75 00 00 00 0e 00 <.5. ....localhost...="" ................="" ......h2.http="" ............="" .....-.....3.="" d6="" cf="" ...="" ...hg.t..9="" bc="" ac="" b2="" c2="" d3="" b4="" b3="" ..xz.=".wZd.....K" b8="" .="" info:="" cafile:="" ca.crt="=" capath:="" recv="" ssl="" data="" bytes="" ....z="=" tlsv1.3="" tls="" handshake="" server="" hello="" a1="" ae="" f2="" f5="" ...v...o.t......="" ad="" cc="" f1="" ef="" e6="" d1="" ce="" f3="" fa="" c9="" a8="" ....po="" a.....z="" a6="" f9="" b6="" c0="" df="" ...a..0....fq..u="" a4="" b0="" e5="" hnh..3.......="" ba="" a2="" ...3.="" ..="" d2="" f6="" e1="" ea="" .....="" encrypted="" extensions="" ......="" certificate="" ...p...l..a0..="" a0="" ...........0...="" .h.="...0V1.0...U" ....jp1.0...u...="" .neo-saitama1.0.="" ..u....soukai="" sy="" nd.1.0...u....si="" x="" gates="" test="" ca0="" ...250419030216z="" ..260419030216z0="" f1.0...u....jp1.="" tama1.0...u....o="" mura="" industries="" mc.1.0...u....="" gel-p570..="" f7="" .h.............0="" f4="" c6="" d4="" fc="" ...........8..="" c8="" aa="" dd="" fe="" e.....p..s="" de="" c1="" bf="" ec="" c4="" f8="" .p.0="" e7="" c3="" da="" ca="" a7="" b7="" bb="" ..........="" e3="" d8="" .w....="" dc="" cb="" a="" e9="" a5="" t.="" fb="" ......p.="" e...="" ff="" b9="" e4="" s24="" a3="" q.4..t..........="" e2="" ..u...........0.="" ..u.="" ...0...u.......e="" db="" .or......s.u..0i="" g.0...u.="" c5="" l.......p..-....="" b1="" d5="" ...0...u....0...="" localhost......0="" ...u.="" ..0.0...="" eb="" ....i........t..="" tp:="" ab="" ..i.0f.="" d9="" cd="" czx="" fd="" .0...0..........="" .0...="" .0...u....jp1.0.="" ..u....neo-saita="" ma1.0...u....sou="" kai="" synd.1.0...u="" ....six="" te="" st="" ca0...2504190="" ..jp1.0...u....n="" eo-saitama1.0...="" u....soukai="" synd="" .1.0...u....six="" ca0y0="" e8="" b5="....B...nc....." d0="" be="" ee="" c7="" .cb="" u......ll.......="" p..-.......0...u="" .p..-.......0...="" u.......0....0..="" .u...........0..="" i...._..="" qeg="]#G..E(K.." zor="" cert="" verify="" h.l..="">...-.BP0..
0030: ff 73 a7 5c f2 d3 1b 63 d0 79 00 5f 46 c5 0a e2 .s....c.y._F...
0040: 6d e5 16 88 67 cb 90 ac d2 eb d6 cc 15 87 f6 99 m...g...........
0050: c3 a1 7b 44 ff 19 da a1 aa dd a7 f4 e3 b1 c3 32 ..{D...........2
0060: cf ec e9 52 ca 13 b3 bf b7 a9 e0 08 eb 10 09 a3 ...R............
0070: a1 a4 08 af e1 33 9c a4 c9 5e 57 26 37 cd 97 a2 .....3...^W&7...
0080: 59 46 27 2e 4d 0c 53 09 ee b0 1b 5b 02 50 51 ee YF'.M.S....[.PQ.
0090: 51 d5 fa fa d0 cb 98 6c c0 35 a5 8a 3e b6 ce b0 Q......l.5..>...
00a0: 24 fb 8b d6 af 7f 08 f8 65 12 2e 2e ca 81 26 49 $.......e.....&I
00b0: 61 fd 69 39 c8 f4 6a 88 f1 88 8e 09 08 76 f9 36 a.i9..j......v.6
00c0: 38 e4 32 1e 17 0c 51 74 f8 b6 d8 68 6c 56 ac 07 8.2...Qt...hlV..
00d0: 1a e6 70 82 ea 9d 0d c6 64 1a 94 38 b5 31 91 1e ..p.....d..8.1..
00e0: 7c 77 3b ec 05 b4 f2 4f 3f 96 f0 f0 04 2b 79 1a |w;....O?....+y.
00f0: 0e 2a 18 47 61 ed 12 7f f9 8b 0a 28 a7 8c 53 96 .*.Ga......(..S.
0100: b7 a6 79 dd bc ed 99 fd                         ..y.....
 Send SSL data, 5 bytes (0x5)
0000: 14 03 03 00 01                                  .....
== Info: TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
=> Send SSL data, 1 bytes (0x1)
0000: 01                                              .
=> Send SSL data, 5 bytes (0x5)
0000: 17 03 03 00 45                                  ....E
=> Send SSL data, 1 bytes (0x1)
0000: 16                                              .
== Info: TLSv1.3 (OUT), TLS handshake, Finished (20):
=> Send SSL data, 52 bytes (0x34)
0000: 14 00 00 30 6f df 5e 63 42 3c bd 70 08 33 53 8f ...0o.^cB<.p.3s. ba="" c0="" c8="" ef="" e8="" da="" c1="" a3="" f6="" ......h.....p="" b6="" d2="" b1="" .f.="" fb="" ....="=" info:="" ssl="" connection="" using="" tlsv1.3="" tls_aes_256_gcm_sha384="" x25519="" rsassa-pss="=" alpn:="" server="" did="" not="" agree="" on="" a="" protocol.="" uses="" default.="=" certificate:="=" subject:="" c="JP;" st="Neo-Saitama;" o="Omura" industries="" mc.="" ou="#7170;" cn="angel-p57" start="" date:="" apr="" gmt="=" expire="" subjectaltname:="" host="" matched="" cert="" issuer:="" synd.="" gates="" test="" ca="=" certificate="" verify="" ok.="=" level="" public="" key="" type="" rsa="" bits="" signed="" ecdsa-with-sha256="=" ec="" http=""> Send SSL data, 5 bytes (0x5)
0000: 17 03 03 00 68                                  ....h
=> Send SSL data, 1 bytes (0x1)
0000: 17                                              .
=> Send header, 87 bytes (0x57)
0000: 47 45 54 20 2f 69 6e 64 65 78 2e 74 78 74 20 48 GET /index.txt H
0010: 54 54 50 2f 31 2e 31 0d 0a 48 6f 73 74 3a 20 6c TTP/1.1..Host: l
0020: 6f 63 61 6c 68 6f 73 74 3a 31 30 34 34 33 0d 0a ocalhost:10443..
0030: 55 73 65 72 2d 41 67 65 6e 74 3a 20 63 75 72 6c User-Agent: curl
0040: 2f 38 2e 35 2e 30 0d 0a 41 63 63 65 70 74 3a 20 /8.5.0..Accept: 
0050: 2a 2f 2a 0d 0a 0d 0a                            */*....
S...]..D.&
0090: ea 9f 4b c0 e9 90 85 82 3a 69 18 bd d5 24 c3 6f ..K.....:i...$.o
00a0: 9d be c1 db 76 d1 ba 06 4f 7e bb 70 5b ce 03 61 ....v...O~.p[..a
00b0: 71 e3 aa e1 7c 0a bf 87 e0 3a 66 e2 84 e2 77 a8 q...|....:f...w.
00c0: d6 b2 6e 59 09 47 cd 76 8b 3a 69 85 8b 1f 40 5b ..nY.G.v.:i...@[
00d0: 3a bd fd 35 82 67 ac 1a c4 08 ac fa 8c cd 8c d5 :..5.g..........
00e0: ac e4 16 50 1b c2 a7 00 00                      ...P.....
X.......nO]...
0090: 34 a3 e3 1e e0 90 a2 75 50 5f df a7 5d 64 b2 6d 4......uP_..]d.m
00a0: 6d c5 6a 42 81 72 0c 6f 69 04 ea 8c b1 5f 65 2a m.jB.r.oi...._e*
00b0: cc 49 76 10 07 d9 03 6d cb 34 a0 f3 90 5b b8 69 .Iv....m.4...[.i
00c0: 12 a4 20 83 4d 98 df 87 cd d7 45 1d 40 8b 40 11 .. .M.....E.@.@.
00d0: 29 17 e8 81 1a f7 67 47 73 9a bd 86 a2 f9 89 9f ).....gGs.......
00e0: 0f b9 f0 30 87 0e 4b 00 00                      ...0..K..
== Info: old SSL session ID is stale, removing
 Send SSL data, 5 bytes (0x5)
0000: 17 03 03 00 13                                  .....
=> Send SSL data, 1 bytes (0x1)
0000: 15                                              .
== Info: TLSv1.3 (OUT), TLS alert, close notify (256):
=> Send SSL data, 2 bytes (0x2)
0000: 01 00                                           ..
発行元CAが信頼できない

trace-nrsa-aca.log

== Info: Host localhost:10443 was resolved.
== Info: IPv6: ::1
== Info: IPv4: 127.0.0.1
== Info:   Trying [::1]:10443...
== Info: Connected to localhost (::1) port 10443
== Info: ALPN: curl offers h2,http/1.1
=> Send SSL data, 5 bytes (0x5)
0000: 16 03 01 02 00                                  .....
== Info: TLSv1.3 (OUT), TLS handshake, Client hello (1):
=> Send SSL data, 512 bytes (0x200)
0000: 01 00 01 fc 03 03 f9 15 45 65 20 b8 22 eb 29 41 ........Ee .".)A
0010: e3 06 67 73 67 0b 68 71 b9 e9 51 aa db a5 e1 31 ..gsg.hq..Q....1
0020: 03 d6 85 d1 35 8b 20 89 67 32 59 e9 99 0e c8 ab ....5. .g2Y.....
0030: 6e 46 9a 12 19 6f 13 a0 4b 4d bd 61 e2 5c 5c 0a nF...o..KM.a.\.
0040: 49 d7 3b 6f df fd 49 00 3e 13 02 13 03 13 01 c0 I.;o..I.>.......
0050: 2c c0 30 00 9f cc a9 cc a8 cc aa c0 2b c0 2f 00 ,.0.........+./.
0060: 9e c0 24 c0 28 00 6b c0 23 c0 27 00 67 c0 0a c0 ..$.(.k.#.'.g...
0070: 14 00 39 c0 09 c0 13 00 33 00 9d 00 9c 00 3d 00 ..9.....3.....=.
0080: 3c 00 35 00 2f 00 ff 01 00 01 75 00 00 00 0e 00 <.5. ....localhost...="" ................="" ......h2.http="" ............="" .....-.....3.="" a8="" bb="" a0="" e4="" ...="" d.....y...k.="" d2="" df="" f0="" ca="" ..j.="" ea="" b8="" .="" info:="" cafile:="" ca2.crt="=" capath:="" recv="" ssl="" data="" bytes="" ....z="=" tlsv1.3="" tls="" handshake="" server="" hello="" d4="" b2="" dd="" b4="" ...v...k.="" f2="" f4="" ff="" bd="" d9="" .w5....="" f8="" e3="" e9="" c8="" ab="" ..d="" .g2y.....="" e2="" nf...o..km.a.="" d7="" fd="" i.="" ...3.="">...B
0060: a1 37 5a 1e b2 d2 a1 d2 8f b3 cb 66 22 2f b7 4d .7Z........f"/.M
0070: f2 7f 98 93 e2 41 60 74 cb 71                   .....A`t.q
 Send SSL data, 5 bytes (0x5)
0000: 15 03 03 00 02                                  .....
== Info: TLSv1.3 (OUT), TLS alert, unknown CA (560):
=> Send SSL data, 2 bytes (0x2)
0000: 02 30                                           .0
== Info: SSL certificate problem: self-signed certificate in certificate chain
== Info: Closing connection
ドメイン名不一致

trace-nrsa-adom.log

== Info: Host localhost:10443 was resolved.
== Info: IPv6: ::1
== Info: IPv4: 127.0.0.1
== Info:   Trying [::1]:10443...
== Info: Connected to localhost (::1) port 10443
== Info: ALPN: curl offers h2,http/1.1
=> Send SSL data, 5 bytes (0x5)
0000: 16 03 01 02 00                                  .....
== Info: TLSv1.3 (OUT), TLS handshake, Client hello (1):
=> Send SSL data, 512 bytes (0x200)
0000: 01 00 01 fc 03 03 77 29 6e 8b f1 7b 11 8d 24 d6 ......w)n..{..$.
0010: df 1a f4 a1 77 1f 74 ab 47 69 f2 2f 96 53 eb 41 ....w.t.Gi./.S.A
0020: 34 39 67 a5 12 e9 20 7e 6a 09 90 10 6d 94 dc 6d 49g... ~j...m..m
0030: 9f 23 fd 08 37 0f b5 08 0b 1d eb 3e 70 21 a9 4b .#..7......>p!.K
0040: 79 81 2d 8e 51 53 25 00 3e 13 02 13 03 13 01 c0 y.-.QS%.>.......
0050: 2c c0 30 00 9f cc a9 cc a8 cc aa c0 2b c0 2f 00 ,.0.........+./.
0060: 9e c0 24 c0 28 00 6b c0 23 c0 27 00 67 c0 0a c0 ..$.(.k.#.'.g...
0070: 14 00 39 c0 09 c0 13 00 33 00 9d 00 9c 00 3d 00 ..9.....3.....=.
0080: 3c 00 35 00 2f 00 ff 01 00 01 75 00 00 00 0e 00 <.5. ....localhost...="" ................="" ......h2.http="" ............="" .....-.....3.="" ae="" e1="" fd="" c0="" f3="" ...="" t..q.d...h..="" aa="" bd="" d7="" ee="" e5="" f8="" c5="" fe="" .0="..QB.......z." b8="" ...o............="" info:="" cafile:="" ca.crt="=" capath:="" recv="" ssl="" data="" bytes="" ....z="=" tlsv1.3="" tls="" handshake="" server="" hello="" df="" ab="" a4="" b5="" ...v....7b......="" da="" e0="" b4="" a5="" ..="h...mE'.B..|," dc="" x..t.b="" eb="" a9="" .="">p!.K
0040: 79 81 2d 8e 51 53 25 13 02 00 00 2e 00 2b 00 02 y.-.QS%......+..
0050: 03 04 00 33 00 24 00 1d 00 20 8b 7b b1 ec f2 d1 ...3.$... .{....
0060: b3 07 a6 c4 01 07 e6 97 4f 1e 85 04 c2 31 4e a0 ........O....1N.
0070: 30 a5 b8 d2 07 ed 8b 0a 23 2f                   0.......#/
....b.b...
0020: 47 ff 43 d2 80 8c 56 4b d8 ac 22 5f 8e 60 3a 09 G.C...VK.."_.`:.
0030: 40 86 1b a6 fd 2b 0e ad 74 4c 24 0e 42 d4 56 8f @....+..tL$.B.V.
0040: eb 9e 0e 8e 15 f0 d4 0e 7a ca 48 70 88 ab d8 65 ........z.Hp...e
0050: 64 d0 13 32 77 c7 e3 59 be 6e d3 c3 ca 4b 81 51 d..2w..Y.n...K.Q
0060: f3 aa 6f 81 cd f6 ed 37 0c 9c ca c5 6a ae a5 82 ..o....7....j...
0070: d6 a3 3d 96 59 b6 d1 60 82 4a 71 71 d3 88 7f f0 ..=.Y..`.Jqq....
0080: d5 c0 89 96 3a 11 dd cd d8 e2 7d a5 b6 c5 29 6e ....:.....}...)n
0090: 01 ae 1b d8 c2 4c 61 69 19 2b 00 91 9f bd c9 48 .....Lai.+.....H
00a0: ce 50 71 0a fe ac f0 c1 a9 b8 8d bf fe d5 31 80 .Pq...........1.
00b0: 17 37 e3 ba 77 c4 4f df c5 c9 2f a6 b4 28 bc 41 .7..w.O.../..(.A
00c0: 82 fb 58 b8 6d 3c 9f b3 81 74 0d 7a 23 dc 9d df ..X.m<...t.z d0="" d8="" c6="" ff="" up.p..s..i.="" c9="" eb="" db="" e4="" f0="" .="" d5="" ca="" ef="" e7="" f8="" ec="" .5="" .w...s.......="" f3="" f6="" fb="" f2="" b9="" e3="" bf="" ....="" recv="" ssl="" data="" bytes="" ....e="" info:="" tlsv1.3="" tls="" handshake="" finished="" d2="" fd="" b4="" ...0..="" f4="" f1="" df="" a9="" e8="" c0="" b8="" r..y...m.x="" ...q=""> Send SSL data, 5 bytes (0x5)
0000: 14 03 03 00 01                                  .....
== Info: TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
=> Send SSL data, 1 bytes (0x1)
0000: 01                                              .
=> Send SSL data, 5 bytes (0x5)
0000: 17 03 03 00 45                                  ....E
=> Send SSL data, 1 bytes (0x1)
0000: 16                                              .
== Info: TLSv1.3 (OUT), TLS handshake, Finished (20):
=> Send SSL data, 52 bytes (0x34)
0000: 14 00 00 30 c3 33 58 06 50 7b a3 21 80 65 dd 3e ...0.3X.P{.!.e.>
0010: 3a 90 f0 ad 35 fd 4b c4 bf 4a e1 d4 76 9b 60 88 :...5.K..J..v.`.
0020: 52 bf 1e a7 83 6d 00 b9 4a 08 bf 9f 4b 5e 5b fe R....m..J...K^[.
0030: c8 36 9b 19                                     .6..
== Info: SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 / X25519 / RSASSA-PSS
== Info: ALPN: server did not agree on a protocol. Uses default.
== Info: Server certificate:
== Info:  subject: C=JP; ST=Neo-Saitama; O=Omura Industries MC.; OU=#7192; CN=angel-p57
== Info:  start date: Apr 19 03:02:46 2025 GMT
== Info:  expire date: Apr 19 03:02:46 2026 GMT
== Info:  subjectAltName does not match localhost
== Info: SSL: no alternative certificate subject name matches target host name 'localhost'
== Info: Closing connection
=> Send SSL data, 5 bytes (0x5)
0000: 17 03 03 00 13                                  .....
=> Send SSL data, 1 bytes (0x1)
0000: 15                                              .
== Info: TLSv1.3 (OUT), TLS alert, close notify (256):
=> Send SSL data, 2 bytes (0x2)
0000: 01 00                                           ..
..
....
0010: 00 00 00 00 01 00 d0 97 8c 3f 62 ea 2e f4 e8 ec .........?b.....
0020: 5e 68 6f b2 94 79 4f 60 70 ce 4b 2e 35 9a e2 63 ^ho..yO`p.K.5..c
0030: 25 9a 37 ed c2 8d 48 4c 36 f0 bd 24 f1 d7 ae 2c %.7...HL6..$...,
0040: 97 e0 f4 10 89 05 76 6b 70 4c 82 ab e3 68 b3 ce ......vkpL...h..
0050: b8 60 20 21 db f1 c5 74 a2 6c 78 44 b3 12 d5 18 .` !...t.lxD....
0060: 53 2c eb fe 9e 06 0c 4b e0 e2 05 ca 16 14 4a 19 S,.....K......J.
0070: 86 ae 19 f1 ac 6a c8 30 3a 77 07 13 59 3a b2 43 .....j.0:w..Y:.C
0080: 20 26 6d 86 a8 d5 ae eb 97 fc e0 44 f0 94 fd 66  &m........D...f
0090: dd 65 68 af 39 03 98 3f 0d 9d c2 55 09 9f 2d b5 .eh.9..?...U..-.
00a0: f4 d5 b4 e5 0d 46 52 9f 38 49 3a f0 ba a8 02 86 .....FR.8I:.....
00b0: 22 99 0f 2a 2a d3 be 55 22 28 49 0c 80 4d 50 6a "..**..U"(I..MPj
00c0: f6 cf a6 02 9d 29 a4 90 ec 0c be b1 e4 5f d2 ac .....)......._..
00d0: ed 19 8d 2c d2 26 2d 26 f5 d9 18 d0 00 dd ae ce ...,.&-&........
00e0: f6 35 d7 2f e9 e6 24 00 00                      .5./..$..
== Info: old SSL session ID is stale, removing
証明書期限切れ

trace-nrsa-d0.log

== Info: Host localhost:10443 was resolved.
== Info: IPv6: ::1
== Info: IPv4: 127.0.0.1
== Info:   Trying [::1]:10443...
== Info: Connected to localhost (::1) port 10443
== Info: ALPN: curl offers h2,http/1.1
=> Send SSL data, 5 bytes (0x5)
0000: 16 03 01 02 00                                  .....
== Info: TLSv1.3 (OUT), TLS handshake, Client hello (1):
=> Send SSL data, 512 bytes (0x200)
0000: 01 00 01 fc 03 03 90 f6 ba 2a fd f8 75 10 73 4e .........*..u.sN
0010: 0d 48 fd 61 a2 00 b9 d1 20 f6 e9 3c ed 4a 0f d5 .H.a.... ..<.j.. a9="" e5="" eb="" ngj...="" cd="" d4="" cb="" f6="" f0="" c0="" w...a_..="">.......
0050: 2c c0 30 00 9f cc a9 cc a8 cc aa c0 2b c0 2f 00 ,.0.........+./.
0060: 9e c0 24 c0 28 00 6b c0 23 c0 27 00 67 c0 0a c0 ..$.(.k.#.'.g...
0070: 14 00 39 c0 09 c0 13 00 33 00 9d 00 9c 00 3d 00 ..9.....3.....=.
0080: 3c 00 35 00 2f 00 ff 01 00 01 75 00 00 00 0e 00 <.5. ....localhost...="" ................="" ......h2.http="" ............="" .....-.....3.="" f1="" eb="" fb="" ad="" bc="" ...="" b0="" ef="" d7="" d6="" e1="" a1="" b8="" info:="" cafile:="" ca.crt="=" capath:="" recv="" ssl="" data="" bytes="" ....z="=" tlsv1.3="" tls="" handshake="" server="" hello="" e8="" e3="" dc="" ...v..3....="" b6="" c5="" fa="" fe="" c3="" bd="" cd="" d4="" cb="" f6="" f0="" w...a_.......="" ...3.="" .d.gub="" b1="" f7="" ac="" c4="" b2="" db="" dd="" d2="" .y......="" .....="" .="=" encrypted="" extensions="" ......="" certificate="" ...p...l..a0..="" a0="" ...........0...="" ce="" .h.="...0V1.0...U" ....jp1.0...u...="" .neo-saitama1.0.="" ..u....soukai="" sy="" nd.1.0...u....si="" x="" gates="" test="" ca0="" ...250419030254z="" ..250419030254z0="" f1.0...u....jp1.="" tama1.0...u....o="" mura="" industries="" mc.1.0...u....="" gel-p570..="" .h.............0="" f4="" c6="" a4="" fc="" ...........8..="" cc="" c8="" aa="" e.....p..s="" ea="" de="" c1="" ..="" bf="" f3="" df="" b4="" ec="" f8="" .p.0="" e7="" da="" ca="" a7="" b3="" b7="" bb="" ..........="" d8="" a8="" .w....="" c2="" a="" e9="" a5="" t.="" e6="" d1="" ......p.="" e...="" f2="" ff="" b9="" e4="" s24="" c9="" a3="" e5="" q.4..t..........="" e2="" ..u...........0.="" ..u.="" ...0...u.......e="" .or......s.u..0i="" g.0...u.="" l.......p..-....="" d5="" ...0...u....0...="" localhost......0="" ...u.="" ..0.0...="" ....i........t..="" tp:="" a2="" ..i.0f.="" ee="" c7="" d0="" b5="" w...t..4...3g.jb="" d9="" .....s2...="" fd="" .0...0..........="" .0...="" .0...u....jp1.0.="" ..u....neo-saita="" ma1.0...u....sou="" kai="" synd.1.0...u="" ....six="" te="" st="" ca0...2504190="" ..jp1.0...u....n="" eo-saitama1.0...="" u....soukai="" synd="" .1.0...u....six="" ca0y0="" be="" a6="" .cb="" u......ll.......="" p..-.......0...u="" .p..-.......0...="" u.......0....0..="" .u...........0..="" i...._..="" f5="" qeg="]#G..E(K.." zor=""> Send SSL data, 5 bytes (0x5)
0000: 15 03 03 00 02                                  .....
== Info: TLSv1.3 (OUT), TLS alert, certificate expired (557):
=> Send SSL data, 2 bytes (0x2)
0000: 02 2d                                           .-
== Info: SSL certificate problem: certificate has expired
== Info: Closing connection
壊れたRSA鍵で壊れた署名

trace-brsa-ng.log

== Info: Host localhost:10443 was resolved.
== Info: IPv6: ::1
== Info: IPv4: 127.0.0.1
== Info:   Trying [::1]:10443...
== Info: Connected to localhost (::1) port 10443
== Info: ALPN: curl offers h2,http/1.1
=> Send SSL data, 5 bytes (0x5)
0000: 16 03 01 02 00                                  .....
== Info: TLSv1.3 (OUT), TLS handshake, Client hello (1):
=> Send SSL data, 512 bytes (0x200)
0000: 01 00 01 fc 03 03 33 bc c5 2f ce f0 4d 7d be 7d ......3../..M}.}
0010: 1c cb d6 d7 16 76 36 44 33 39 42 8e bf 92 5d 0c .....v6D39B...].
0020: 36 2f 31 ae fb 1b 20 87 58 ab b7 58 14 9e 49 12 6/1... .X..X..I.
0030: 0d ee 76 32 1f b4 39 6f 04 3e 13 fc 24 a5 bf 82 ..v2..9o.>..$...
0040: 52 44 01 b6 42 44 df 00 3e 13 02 13 03 13 01 c0 RD..BD..>.......
0050: 2c c0 30 00 9f cc a9 cc a8 cc aa c0 2b c0 2f 00 ,.0.........+./.
0060: 9e c0 24 c0 28 00 6b c0 23 c0 27 00 67 c0 0a c0 ..$.(.k.#.'.g...
0070: 14 00 39 c0 09 c0 13 00 33 00 9d 00 9c 00 3d 00 ..9.....3.....=.
0080: 3c 00 35 00 2f 00 ff 01 00 01 75 00 00 00 0e 00 <.5. ....localhost...="" ................="" ......h2.http="" ............="" .....-.....3.="" ae="" a5="" fe="" b4="" f4="" e4="" ...="" ..="" f0="" c9="" bd="" ..ctb.f.u.jovzh.="" f2="" b8="" .7.u............="" info:="" cafile:="" ca.crt="=" capath:="" recv="" ssl="" data="" bytes="" ....z="=" tlsv1.3="" tls="" handshake="" server="" hello="" aa="" d1="" ac="" ...v..3g..s5...h="" b0="" dd="" ee="" e5="" e7="" ........v.....="" e9="" c6="" ab="" b7="" v...qr="" .x..x..i.="" fc="" bf="" ..v2..9o.="">..$...
0040: 52 44 01 b6 42 44 df 13 02 00 00 2e 00 2b 00 02 RD..BD.......+..
0050: 03 04 00 33 00 24 00 1d 00 20 9c 4e 6d e5 83 13 ...3.$... .Nm...
0060: c6 a5 e0 96 e9 a8 fd c0 d3 18 eb d9 8f bb dd 9d ................
0070: 53 b6 53 0b 0b 59 1c a8 1a 71                   S.S..Y...q
..3.&'.....h
0090: 12 25 d4 6e 6c 5a fc 5e fb 83 9a fd eb 03 f3 5e .%.nlZ.^.......^
00a0: 91 b4 36 8c 5f a7 da a2 f6 09 de c8 68 f9 3e 12 ..6._.......h.>.
00b0: 39 57 64 64 14 02 9a 00 6d d0 84 99 95 71 c2 0a 9Wdd....m....q..
00c0: d9 2f 7b c9 52 2b 41 7d eb 52 ab d4 d4 3c b7 ab ./{.R+A}.R...<.. a6="" ba="" a3="" c7="" a4="" d4="" ..="" b9="" b5="" bd="" .="" c5="" d5="" ee="" b0="" e8="" ac="" c9="" f0="" .......b=""> Send SSL data, 5 bytes (0x5)
0000: 15 03 03 00 02                                  .....
== Info: TLSv1.3 (OUT), TLS alert, decrypt error (563):
=> Send SSL data, 2 bytes (0x2)
0000: 02 33                                           .3
== Info: OpenSSL/3.0.13: error:02000086:rsa routines::last octet invalid
== Info: Closing connection
壊れたRSA鍵だが署名は正常に見える

trace-brsa-ok.log

== Info: Host localhost:10443 was resolved.
== Info: IPv6: ::1
== Info: IPv4: 127.0.0.1
== Info:   Trying [::1]:10443...
== Info: Connected to localhost (::1) port 10443
== Info: ALPN: curl offers h2,http/1.1
=> Send SSL data, 5 bytes (0x5)
0000: 16 03 01 02 00                                  .....
== Info: TLSv1.3 (OUT), TLS handshake, Client hello (1):
=> Send SSL data, 512 bytes (0x200)
0000: 01 00 01 fc 03 03 92 20 73 5e a2 74 5f ea 4f 46 ....... s^.t_.OF
0010: 90 5c 55 70 14 92 5d 70 37 fe a5 d1 5c 8c e3 ac .Up..]p7......
0020: f5 49 0b 5f be 4c 20 e9 d4 a5 7a e3 b7 d6 3f 72 .I._.L ...z...?r
0030: 2b 2c fd d1 fa c3 19 d5 da c0 8b ab f6 7b 65 fd +,...........{e.
0040: bd 31 ae 15 be b8 96 00 3e 13 02 13 03 13 01 c0 .1......>.......
0050: 2c c0 30 00 9f cc a9 cc a8 cc aa c0 2b c0 2f 00 ,.0.........+./.
0060: 9e c0 24 c0 28 00 6b c0 23 c0 27 00 67 c0 0a c0 ..$.(.k.#.'.g...
0070: 14 00 39 c0 09 c0 13 00 33 00 9d 00 9c 00 3d 00 ..9.....3.....=.
0080: 3c 00 35 00 2f 00 ff 01 00 01 75 00 00 00 0e 00 <.5. ....localhost...="" ................="" ......h2.http="" ............="" .....-.....3.="" c9="" ef="" a2="" f2="" f9="" ...="" r...="" f3="" ba="" c3="" af="" ca="" d7="" dd="" e6="" ...u="" .-.="" aa="" b8="" info:="" cafile:="" ca.crt="=" capath:="" recv="" ssl="" data="" bytes="" ....z="=" tlsv1.3="" tls="" handshake="" server="" hello="" ...v....qgq.t..x="" f6="" bb="" e2="" ee="" df="" e9="" d4="" a5="" e3="" b7="" d6="" ..="" ...z...="" fd="" d1="" fa="" d5="" da="" c0="" ab="" bd="" ae="" be="" .1...........="" ...3.="" bc="" f8="" db="" .v.......="" a9="" b4="" .....="" .="=" encrypted="" extensions="" ......="" certificate="" ...o...k..="" a0="" ...........0...="" ce="" .h.="...0V1.0...U" ....jp1.0...u...="" .neo-saitama1.0.="" ..u....soukai="" sy="" nd.1.0...u....si="" x="" gates="" test="" ca0="" ...250419030223z="" ..260419030223z0="" f1.0...u....jp1.="" tama1.0...u....o="" mura="" industries="" mc.1.0...u....="" gel-p570..="" f7="" .h.............0="" e0="" d3="" fc="" ...........i..="" e7="" a8="" b2="" ad="" .z...f.....="" fe="" b5="" ......5="" c8="" nq.="=...[..x...." b1="" ....ly="" ac="" fb="" a7="" d8="" eb="" ed="" c1="" b0="" .uu......="" cc="" d2="" b9="" cd="" e5="" h._.5="" a4="" cb="" es.h..bb="" f0="" e...4x....iq.k0="" c7="" ea="" ..w="" e8="" a1="" a3="" ff="" ..u...........0.="" ..u.="" ...0...u.......r="" ..0...u.="" c5="" l.......p..-....="" ...0...u....0...="" localhost......0="" ...u.="" ..0.0...="" ....i........t..="" tp:="" ..h.0e.="" o.....u.="" b3="" ..vd...8.="{..r.." _dpr.....="" dc="" s="" bf="" a6="" d0="" ...q......b.....="" .u....neo-saitam="" a1.0...u....souk="" ai="" synd.1.0...u.="" ...six="" tes="" t="" ca0...25041903="" .jp1.0...u....ne="" o-saitama1.0...u="" ....soukai="" synd.="" g="" ates="" ca0y0.="" ....b...nc.....="" e4="" .._s...6..iy...="" ......ll.......p="" ..-.......0...u.="" p..-.......0...u="" .......0....0...="" u...........0...="" ec="" c4="" e7.v.t.wd..5..4i="" ...._..="" f5="" qeg="]#G..E(K..Z" or="" y..="" cert="" verify="" ........w1y.="" ....="" c6="" f1="" l="" ..o.m.......="" de="" ....q...="/......" .p......z.....h="" .zwil_..........="" .b..xfz...sa.="" cf="" .4..="" c2="" .......a..o...j.="" .t.....="" ....e="" finished="" ...0...l.="" .a=""> Send SSL data, 5 bytes (0x5)
0000: 14 03 03 00 01                                  .....
== Info: TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
=> Send SSL data, 1 bytes (0x1)
0000: 01                                              .
=> Send SSL data, 5 bytes (0x5)
0000: 17 03 03 00 45                                  ....E
=> Send SSL data, 1 bytes (0x1)
0000: 16                                              .
== Info: TLSv1.3 (OUT), TLS handshake, Finished (20):
=> Send SSL data, 52 bytes (0x34)
0000: 14 00 00 30 1d 88 49 fc 61 a2 6a c5 a5 1f 0e fd ...0..I.a.j.....
0010: 0c ac 66 2f ca 06 bd 05 7e a8 22 f7 ce d4 f4 a4 ..f/....~.".....
0020: b1 5b d0 34 52 98 1f c8 7a ba 60 da d4 a4 2f 61 .[.4R...z.`.../a
0030: 80 b5 2d 09                                     ..-.
== Info: SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 / X25519 / RSASSA-PSS
== Info: ALPN: server did not agree on a protocol. Uses default.
== Info: Server certificate:
== Info:  subject: C=JP; ST=Neo-Saitama; O=Omura Industries MC.; OU=#7179; CN=angel-p57
== Info:  start date: Apr 19 03:02:23 2025 GMT
== Info:  expire date: Apr 19 03:02:23 2026 GMT
== Info:  subjectAltName: host "localhost" matched cert's "localhost"
== Info:  issuer: C=JP; ST=Neo-Saitama; O=Soukai Synd.; CN=Six Gates Test CA
== Info:  SSL certificate verify ok.
== Info:   Certificate level 0: Public key type RSA (2048/112 Bits/secBits), signed using ecdsa-with-SHA256
== Info:   Certificate level 1: Public key type EC/prime256v1 (256/128 Bits/secBits), signed using ecdsa-with-SHA256
== Info: using HTTP/1.x
=> Send SSL data, 5 bytes (0x5)
0000: 17 03 03 00 68                                  ....h
=> Send SSL data, 1 bytes (0x1)
0000: 17                                              .
=> Send header, 87 bytes (0x57)
0000: 47 45 54 20 2f 69 6e 64 65 78 2e 74 78 74 20 48 GET /index.txt H
0010: 54 54 50 2f 31 2e 31 0d 0a 48 6f 73 74 3a 20 6c TTP/1.1..Host: l
0020: 6f 63 61 6c 68 6f 73 74 3a 31 30 34 34 33 0d 0a ocalhost:10443..
0030: 55 73 65 72 2d 41 67 65 6e 74 3a 20 63 75 72 6c User-Agent: curl
0040: 2f 38 2e 35 2e 30 0d 0a 41 63 63 65 70 74 3a 20 /8.5.0..Accept: 
0050: 2a 2f 2a 0d 0a 0d 0a                            */*....
 Send SSL data, 5 bytes (0x5)
0000: 17 03 03 00 13                                  .....
=> Send SSL data, 1 bytes (0x1)
0000: 15                                              .
== Info: TLSv1.3 (OUT), TLS alert, close notify (256):
=> Send SSL data, 2 bytes (0x2)
0000: 01 00                                           ..
OCSP有効・レスポンダ不応答

trace-nrsa-ocspnores.log

== Info: Host localhost:10443 was resolved.
== Info: IPv6: ::1
== Info: IPv4: 127.0.0.1
== Info:   Trying [::1]:10443...
== Info: Connected to localhost (::1) port 10443
== Info: ALPN: curl offers h2,http/1.1
=> Send SSL data, 5 bytes (0x5)
0000: 16 03 01 02 00                                  .....
== Info: TLSv1.3 (OUT), TLS handshake, Client hello (1):
=> Send SSL data, 512 bytes (0x200)
0000: 01 00 01 fc 03 03 a0 2b 8f 2a 95 64 ba 3e b6 df .......+.*.d.>..
0010: 54 97 c1 50 dc 88 82 11 97 bc 3e 61 d6 89 bc 81 T..P......>a....
0020: e8 d1 d9 0c 44 37 20 69 ef 58 32 f9 47 3f 43 75 ....D7 i.X2.G?Cu
0030: 2e 9d 14 f1 1d af 90 0b 3c 37 d3 c3 61 dc d3 17 ...............
0050: 2c c0 30 00 9f cc a9 cc a8 cc aa c0 2b c0 2f 00 ,.0.........+./.
0060: 9e c0 24 c0 28 00 6b c0 23 c0 27 00 67 c0 0a c0 ..$.(.k.#.'.g...
0070: 14 00 39 c0 09 c0 13 00 33 00 9d 00 9c 00 3d 00 ..9.....3.....=.
0080: 3c 00 35 00 2f 00 ff 01 00 01 75 00 00 00 0e 00 <.5. ....localhost...="" ................="" ...............h="" ...1.....="" .....="" ....3.="" fd="" a3="" da="" e6="" .l..js..m0q="" f6="" ef="" cb="" bb="" b5="" eb="" a1="" ad="" f3="" d1="" .h.....p....m...="" af="" info:="" cafile:="" ca.crt="=" capath:="" recv="" ssl="" data="" bytes="" ....z="=" tlsv1.3="" tls="" handshake="" server="" hello="" db="" c5="" f2="" ...v...a.ek="" c8="" c1="" d5="" ea="" d6="" ............n...="" c0="" f9="" b._="" i.x2.g="" f1="" d3="" c3="" dc="" ........="" z2...........="" f8="" be="" ...3.="" .5="" ..="" b6="" fa="" a6="" bd="" a2="" ca="" k........="" .="=" encrypted="" extensions="" ......="" certificate="" ...p...l..a0..="" a0="" ...........0...="" ce="" .h.="...0V1.0...U" ....jp1.0...u...="" .neo-saitama1.0.="" ..u....soukai="" sy="" nd.1.0...u....si="" x="" gates="" test="" ca0="" ...250419030216z="" ..260419030216z0="" f1.0...u....jp1.="" tama1.0...u....o="" mura="" industries="" mc.1.0...u....="" gel-p570..="" f7="" .h.............0="" f4="" c6="" d4="" a4="" fc="" ...........8..="" cc="" aa="" dd="" fe="" e.....p..s="" de="" bf="" b2="" df="" b4="" ec="" c4="" .p.0="" e7="" a7="" b3="" b7="" ac="" d2="" ..........="" e3="" d8="" a8="" .w....="" c2="" a="" e9="" a5="" t.="" fb="" ......p.="" e1="" e...="" ff="" b9="" e4="" s24="" c9="" e5="" q.4..t..........="" e2="" ..u...........0.="" ..u.="" ...0...u.......e="" .or......s.u..0i="" g.0...u.="" l.......p..-....="" b1="" ...0...u....0...="" localhost......0="" ...u.="" ..0.0...="" ....i........t..="" tp:="" ab="" b0="" ..i.0f.="" d9="" f5="" cd="" czx="" .0...0..........="" .0...="" .0...u....jp1.0.="" ..u....neo-saita="" ma1.0...u....sou="" kai="" synd.1.0...u="" ....six="" te="" st="" ca0...2504190="" ..jp1.0...u....n="" eo-saitama1.0...="" u....soukai="" synd="" .1.0...u....six="" ca0y0="" ...="" e8="" d0="" ee="" c7="" b8="" .cb="" u......ll.......="" p..-.......0...u="" .p..-.......0...="" u.......0....0..="" .u...........0..="" i...._..="" qeg="]#G..E(K.." zor="" cert="" verify="" .........:..w.="" ...c..l....="" .....s..="" w...:.1="" f0="" .m.2="" bc="" .k..tr.._..dn_..="" ..x.="" j..e.h..:...f...="" ba="" .kb0.i.....b....="" ..k.="" .....6.5.="" a9="" q.="" vx..5.f...="" .s..............="" ..e.as..="" ....e="" finished="" ...0r...oym....h="" .x.tn.="" ....=""> Send SSL data, 5 bytes (0x5)
0000: 14 03 03 00 01                                  .....
== Info: TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
=> Send SSL data, 1 bytes (0x1)
0000: 01                                              .
=> Send SSL data, 5 bytes (0x5)
0000: 17 03 03 00 45                                  ....E
=> Send SSL data, 1 bytes (0x1)
0000: 16                                              .
== Info: TLSv1.3 (OUT), TLS handshake, Finished (20):
=> Send SSL data, 52 bytes (0x34)
0000: 14 00 00 30 bf 85 1f 98 94 36 18 a1 c5 da 51 e5 ...0.....6....Q.
0010: cb 36 c6 28 53 14 ea 70 82 f4 dd 0e 7c ee 88 df .6.(S..p....|...
0020: f2 1c 2b ae 0e 86 b4 35 86 75 75 97 cb 4c dc a8 ..+....5.uu..L..
0030: 14 9a 81 8d                                     ....
== Info: SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 / X25519 / RSASSA-PSS
== Info: ALPN: server did not agree on a protocol. Uses default.
== Info: Server certificate:
== Info:  subject: C=JP; ST=Neo-Saitama; O=Omura Industries MC.; OU=#7170; CN=angel-p57
== Info:  start date: Apr 19 03:02:16 2025 GMT
== Info:  expire date: Apr 19 03:02:16 2026 GMT
== Info:  subjectAltName: host "localhost" matched cert's "localhost"
== Info:  issuer: C=JP; ST=Neo-Saitama; O=Soukai Synd.; CN=Six Gates Test CA
== Info:  SSL certificate verify ok.
== Info:   Certificate level 0: Public key type RSA (2048/112 Bits/secBits), signed using ecdsa-with-SHA256
== Info:   Certificate level 1: Public key type EC/prime256v1 (256/128 Bits/secBits), signed using ecdsa-with-SHA256
== Info: No OCSP response received
== Info: Closing connection
=> Send SSL data, 5 bytes (0x5)
0000: 17 03 03 00 13                                  .....
=> Send SSL data, 1 bytes (0x1)
0000: 15                                              .
== Info: TLSv1.3 (OUT), TLS alert, close notify (256):
=> Send SSL data, 2 bytes (0x2)
0000: 01 00                                           ..
OCSP有効・正常

trace-nrsa-ocsp.log

== Info: Host localhost:10443 was resolved.
== Info: IPv6: ::1
== Info: IPv4: 127.0.0.1
== Info:   Trying [::1]:10443...
== Info: Connected to localhost (::1) port 10443
== Info: ALPN: curl offers h2,http/1.1
=> Send SSL data, 5 bytes (0x5)
0000: 16 03 01 02 00                                  .....
== Info: TLSv1.3 (OUT), TLS handshake, Client hello (1):
=> Send SSL data, 512 bytes (0x200)
0000: 01 00 01 fc 03 03 7d 68 49 f7 77 20 8e 0e 70 13 ......}hI.w ..p.
0010: 7a b4 8f 52 a5 06 f1 51 ec 6c 2c fb 1f 59 53 29 z..R...Q.l,..YS)
0020: 6a d5 f8 a2 15 65 20 82 57 bb 84 92 0b 35 9b 16 j....e .W....5..
0030: 22 06 af ea c8 c7 37 67 1d 13 39 99 7e 3c 02 a2 ".....7g..9.~<.. ea="" e9="" a3="" c0="....]..">.......
0050: 2c c0 30 00 9f cc a9 cc a8 cc aa c0 2b c0 2f 00 ,.0.........+./.
0060: 9e c0 24 c0 28 00 6b c0 23 c0 27 00 67 c0 0a c0 ..$.(.k.#.'.g...
0070: 14 00 39 c0 09 c0 13 00 33 00 9d 00 9c 00 3d 00 ..9.....3.....=.
0080: 3c 00 35 00 2f 00 ff 01 00 01 75 00 00 00 0e 00 <.5. ....localhost...="" ................="" ...............h="" ...1.....="" .....="" e0="" ....3.="" .5.="" e8="" d3="" d6="" f1="" cf="" ...="" b8="" bb="" a5="" d0="" af="" info:="" cafile:="" ca.crt="=" capath:="" recv="" ssl="" data="" bytes="" ....z="=" tlsv1.3="" tls="" handshake="" server="" hello="" a0="" fb="" cc="" b1="" be="" ...v.......="" fc="" e5="" a6="" a9="" dd="" d8="" .k...o.z.t="" ee="" ed="" ...9..="" .w....5..="" ea="" c8="" c7="" a2="" e9="" a3="" ...3.="" .d="" df="" d4="" ad="" .c....="">D.R..`
0070: 1a 51 31 8e e2 9d 85 bc a8 1b                   .Q1.......
 Send SSL data, 5 bytes (0x5)
0000: 14 03 03 00 01                                  .....
== Info: TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
=> Send SSL data, 1 bytes (0x1)
0000: 01                                              .
=> Send SSL data, 5 bytes (0x5)
0000: 17 03 03 00 45                                  ....E
=> Send SSL data, 1 bytes (0x1)
0000: 16                                              .
== Info: TLSv1.3 (OUT), TLS handshake, Finished (20):
=> Send SSL data, 52 bytes (0x34)
0000: 14 00 00 30 21 f2 83 c4 72 b3 82 92 da c7 70 82 ...0!...r.....p.
0010: a2 15 9c e5 28 48 12 78 0f 3d d5 2c 74 0c c4 f1 ....(H.x.=.,t...
0020: eb 46 c5 3d e6 28 97 26 20 45 fc 9c 92 01 83 6b .F.=.(.& E.....k
0030: 67 c7 d3 fd                                     g...
== Info: SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 / X25519 / RSASSA-PSS
== Info: ALPN: server did not agree on a protocol. Uses default.
== Info: Server certificate:
== Info:  subject: C=JP; ST=Neo-Saitama; O=Omura Industries MC.; OU=#7170; CN=angel-p57
== Info:  start date: Apr 19 03:02:16 2025 GMT
== Info:  expire date: Apr 19 03:02:16 2026 GMT
== Info:  subjectAltName: host "localhost" matched cert's "localhost"
== Info:  issuer: C=JP; ST=Neo-Saitama; O=Soukai Synd.; CN=Six Gates Test CA
== Info:  SSL certificate verify ok.
== Info:   Certificate level 0: Public key type RSA (2048/112 Bits/secBits), signed using ecdsa-with-SHA256
== Info:   Certificate level 1: Public key type EC/prime256v1 (256/128 Bits/secBits), signed using ecdsa-with-SHA256
== Info: SSL certificate status: good (0)
== Info: using HTTP/1.x
=> Send SSL data, 5 bytes (0x5)
0000: 17 03 03 00 68                                  ....h
=> Send SSL data, 1 bytes (0x1)
0000: 17                                              .
=> Send header, 87 bytes (0x57)
0000: 47 45 54 20 2f 69 6e 64 65 78 2e 74 78 74 20 48 GET /index.txt H
0010: 54 54 50 2f 31 2e 31 0d 0a 48 6f 73 74 3a 20 6c TTP/1.1..Host: l
0020: 6f 63 61 6c 68 6f 73 74 3a 31 30 34 34 33 0d 0a ocalhost:10443..
0030: 55 73 65 72 2d 41 67 65 6e 74 3a 20 63 75 72 6c User-Agent: curl
0040: 2f 38 2e 35 2e 30 0d 0a 41 63 63 65 70 74 3a 20 /8.5.0..Accept: 
0050: 2a 2f 2a 0d 0a 0d 0a                            */*....
X.{.
0090: f6 04 97 1e ea 64 c8 35 83 6b 58 6c 68 85 9e 21 .....d.5.kXlh..!
00a0: dd 7b f4 2e 9e 77 eb 79 09 84 06 82 dd e0 98 90 .{...w.y........
00b0: 3f aa 03 e3 2a 75 d3 64 4a de 98 02 6d 36 c6 d2 ?...*u.dJ...m6..
00c0: de 4a 31 97 32 b0 85 89 a6 8f d8 4a fb 3a 0b 88 .J1.2......J.:..
00d0: 66 9a a3 55 ff 01 cb 17 ec c7 e2 45 75 9c 04 18 f..U.......Eu...
00e0: aa 8d 62 a9 f0 df 80 00 00                      ..b......
Y7..U
0070: 68 43 b3 57 74 52 6b dc 55 c0 ca 77 87 4a c9 af hC.WtRk.U..w.J..
0080: 2d 11 8a 2d 92 b0 20 63 e7 b3 9a fd 35 16 f2 76 -..-.. c....5..v
0090: ce 60 ea 39 75 c3 77 cb b6 d1 52 19 39 19 90 41 .`.9u.w...R.9..A
00a0: 2f 70 37 c8 fd fb 49 08 23 ee fe 8d 10 30 7b 6b /p7...I.#....0{k
00b0: a4 5a ba 72 e5 0e 8c 41 ec d6 35 6b f9 6e ce ce .Z.r...A..5k.n..
00c0: ac cd db a6 ae 3f 4e d5 6e d7 a3 bb d4 2f 21 87 .....?N.n..../!.
00d0: 1e 5d d8 7f 12 7a db 80 fc 14 34 cf 17 70 c4 77 .]...z....4..p.w
00e0: f5 57 22 16 5e ad 19 00 00                      .W".^....
== Info: old SSL session ID is stale, removing
 Send SSL data, 5 bytes (0x5)
0000: 17 03 03 00 13                                  .....
=> Send SSL data, 1 bytes (0x1)
0000: 15                                              .
== Info: TLSv1.3 (OUT), TLS alert, close notify (256):
=> Send SSL data, 2 bytes (0x2)
0000: 01 00                                           ..
OCSP有効・revokeされた証明書

trace-nrsa-rev.log

== Info: Host localhost:10443 was resolved.
== Info: IPv6: ::1
== Info: IPv4: 127.0.0.1
== Info:   Trying [::1]:10443...
== Info: Connected to localhost (::1) port 10443
== Info: ALPN: curl offers h2,http/1.1
=> Send SSL data, 5 bytes (0x5)
0000: 16 03 01 02 00                                  .....
== Info: TLSv1.3 (OUT), TLS handshake, Client hello (1):
=> Send SSL data, 512 bytes (0x200)
0000: 01 00 01 fc 03 03 66 7d 8c c5 e9 0b 73 12 eb 03 ......f}....s...
0010: db e3 a6 50 c3 44 e5 7f 7b 0e 92 8b f9 40 66 b3 ...P.D..{....@f.
0020: 2d a4 e2 7f ee 80 20 7b 57 7a 33 3d e3 f1 81 98 -..... {Wz3=....
0030: dc e8 c4 62 bc df 86 71 6d c3 6d 73 35 5d 22 11 ...b...qm.ms5]".
0040: 6f 67 7e cd c5 1c 00 00 3e 13 02 13 03 13 01 c0 og~.....>.......
0050: 2c c0 30 00 9f cc a9 cc a8 cc aa c0 2b c0 2f 00 ,.0.........+./.
0060: 9e c0 24 c0 28 00 6b c0 23 c0 27 00 67 c0 0a c0 ..$.(.k.#.'.g...
0070: 14 00 39 c0 09 c0 13 00 33 00 9d 00 9c 00 3d 00 ..9.....3.....=.
0080: 3c 00 35 00 2f 00 ff 01 00 01 75 00 00 00 0e 00 <.5. ....localhost...="" ................="" ...............h="" ...1.....="" .....="" ad="" ....3.="" ...="" a2="" e4="" ae="" ff="" d6="" f5="" c2="" c9="" ..3..r...r.h...h="" f9="" e7="" e8="" .="" af="" info:="" cafile:="" ca.crt="=" capath:="" recv="" ssl="" data="" bytes="" ....z="=" tlsv1.3="" tls="" handshake="" server="" hello="" b6="" cb="" d1="" a3="" ...v...a.a.k....="" a9="" ef="" e0="" df="" ca="" e3="" f1="" dc="" c4="" bc="" c3="" ...b...qm.ms5="" cd="" c5="" og="" fb="" ab="" c8="" d4="" ...3.="" f4="" ac="" b8="" ...i....="">.0$..).
0070: 61 2f 6f d3 b0 9f ae 5b 34 6e                   a/o....[4n
W...ne......
0340: 23 f9 0a 24 f1 f1 4d 81 02 02 21 00 ff 07 47 b7 #..$..M...!...G.
0350: 5b d3 ae 11 e9 0d 41 89 dd 5d b5 eb 90 d5 09 a1 [.....A..]......
0360: 3d 90 60 ea ac 57 43 af da 2a 9c c1 03 5b 00 05 =.`..WC..*...[..
0370: 03 57 01 00 03 53 30 82 03 4f 0a 01 00 a0 82 03 .W...S0..O......
0380: 48 30 82 03 44 06 09 2b 06 01 05 05 07 30 01 01 H0..D..+.....0..
0390: 04 82 03 35 30 82 03 31 30 81 cf a1 58 30 56 31 ...50..10...X0V1
03a0: 0b 30 09 06 03 55 04 06 13 02 4a 50 31 14 30 12 .0...U....JP1.0.
03b0: 06 03 55 04 08 0c 0b 4e 65 6f 2d 53 61 69 74 61 ..U....Neo-Saita
03c0: 6d 61 31 15 30 13 06 03 55 04 0a 0c 0c 53 6f 75 ma1.0...U....Sou
03d0: 6b 61 69 20 53 79 6e 64 2e 31 1a 30 18 06 03 55 kai Synd.1.0...U
03e0: 04 03 0c 11 53 69 78 20 47 61 74 65 73 20 54 65 ....Six Gates Te
03f0: 73 74 20 43 41 18 0f 32 30 32 35 30 34 31 39 30 st CA..202504190
0400: 39 33 37 33 31 5a 30 62 30 60 30 3a 30 09 06 05 93731Z0b0`0:0...
0410: 2b 0e 03 02 1a 05 00 04 14 c5 06 45 f3 e5 33 88 +..........E..3.
0420: 6a 8a 2f 9e 75 49 75 bd fc ba 0b ec 1d 04 14 4c j./.uIu........L
0430: 6c 83 ef 92 11 cc 12 95 70 16 cc 2d 87 f3 18 c5 l.......p..-....
0440: f8 b1 d5 02 01 06 a1 11 18 0f 32 30 32 35 30 34 ..........202504
0450: 31 39 30 33 30 34 30 34 5a 18 0f 32 30 32 35 30 19030404Z..20250
0460: 34 31 39 30 39 33 37 33 31 5a 30 0a 06 08 2a 86 419093731Z0...*.
0470: 48 ce 3d 04 03 02 03 48 00 30 45 02 20 47 35 04 H.=....H.0E. G5.
0480: cd 85 81 b9 59 e1 03 ef 50 bc 09 9e d7 c9 fc fc ....Y...P.......
0490: 71 b2 72 88 df fc 93 40 5d 7a e7 04 91 02 21 00 q.r....@]z....!.
04a0: be 48 11 34 66 f1 6f 70 4b 67 46 32 3b 21 d7 43 .H.4f.opKgF2;!.C
04b0: 7e 5d 5b d1 50 f7 a9 c0 f8 3e c7 fa a1 80 5b b0 ~][.P....>....[.
04c0: a0 82 02 05 30 82 02 01 30 82 01 fd 30 82 01 a4 ....0...0...0...
04d0: a0 03 02 01 02 02 01 01 30 0a 06 08 2a 86 48 ce ........0...*.H.
04e0: 3d 04 03 02 30 56 31 0b 30 09 06 03 55 04 06 13 =...0V1.0...U...
04f0: 02 4a 50 31 14 30 12 06 03 55 04 08 0c 0b 4e 65 .JP1.0...U....Ne
0500: 6f 2d 53 61 69 74 61 6d 61 31 15 30 13 06 03 55 o-Saitama1.0...U
0510: 04 0a 0c 0c 53 6f 75 6b 61 69 20 53 79 6e 64 2e ....Soukai Synd.
0520: 31 1a 30 18 06 03 55 04 03 0c 11 53 69 78 20 47 1.0...U....Six G
0530: 61 74 65 73 20 54 65 73 74 20 43 41 30 1e 17 0d ates Test CA0...
0540: 32 35 30 34 31 39 30 33 30 31 35 39 5a 17 0d 33 250419030159Z..3
0550: 35 30 34 31 37 30 33 30 31 35 39 5a 30 56 31 0b 50417030159Z0V1.
0560: 30 09 06 03 55 04 06 13 02 4a 50 31 14 30 12 06 0...U....JP1.0..
0570: 03 55 04 08 0c 0b 4e 65 6f 2d 53 61 69 74 61 6d .U....Neo-Saitam
0580: 61 31 15 30 13 06 03 55 04 0a 0c 0c 53 6f 75 6b a1.0...U....Souk
0590: 61 69 20 53 79 6e 64 2e 31 1a 30 18 06 03 55 04 ai Synd.1.0...U.
05a0: 03 0c 11 53 69 78 20 47 61 74 65 73 20 54 65 73 ...Six Gates Tes
05b0: 74 20 43 41 30 59 30 13 06 07 2a 86 48 ce 3d 02 t CA0Y0...*.H.=.
05c0: 01 06 08 2a 86 48 ce 3d 03 01 07 03 42 00 04 ca ...*.H.=....B...
05d0: 6e 63 fe d1 dd e8 b5 5e b7 2a 7e 53 60 6c 10 55 nc.....^.*~S`l.U
05e0: 5a 21 75 8e 8b 53 44 5d e4 7f 5f 53 84 da e5 36 Z!u..SD].._S...6
05f0: 82 b9 69 79 00 d0 be 7e 92 5b 16 8b 06 9e ee 83 ..iy...~.[......
0600: 51 c7 73 01 e3 d6 54 b8 63 42 7d 17 0d 2c a6 a3 Q.s...T.cB}..,..
0610: 63 30 61 30 1d 06 03 55 1d 0e 04 16 04 14 4c 6c c0a0...U......Ll
0620: 83 ef 92 11 cc 12 95 70 16 cc 2d 87 f3 18 c5 f8 .......p..-.....
0630: b1 d5 30 1f 06 03 55 1d 23 04 18 30 16 80 14 4c ..0...U.#..0...L
0640: 6c 83 ef 92 11 cc 12 95 70 16 cc 2d 87 f3 18 c5 l.......p..-....
0650: f8 b1 d5 30 0f 06 03 55 1d 13 01 01 ff 04 05 30 ...0...U.......0
0660: 03 01 01 ff 30 0e 06 03 55 1d 0f 01 01 ff 04 04 ....0...U.......
0670: 03 02 01 86 30 0a 06 08 2a 86 48 ce 3d 04 03 02 ....0...*.H.=...
0680: 03 47 00 30 44 02 20 29 45 37 8a 76 ec 74 9b 77 .G.0D. )E7.v.t.w
0690: 64 93 c4 35 2e fa 34 49 f8 da 16 aa 5f a7 1c 7e d..5..4I...._..~
06a0: 4c 29 5d d5 46 b9 99 02 20 71 45 47 3d 5d 23 47 L)].F... qEG=]#G
06b0: f5 16 45 28 4b e2 8f 5a 4f 72 25 36 08 19 cd cd ..E(K..ZOr%6....
06c0: e6 e9 b0 a7 fd f6 ce 3b 79 00 02 01 30 82 01 fd .......;y...0...
06d0: 30 82 01 a4 a0 03 02 01 02 02 01 01 30 0a 06 08 0...........0...
06e0: 2a 86 48 ce 3d 04 03 02 30 56 31 0b 30 09 06 03 *.H.=...0V1.0...
06f0: 55 04 06 13 02 4a 50 31 14 30 12 06 03 55 04 08 U....JP1.0...U..
0700: 0c 0b 4e 65 6f 2d 53 61 69 74 61 6d 61 31 15 30 ..Neo-Saitama1.0
0710: 13 06 03 55 04 0a 0c 0c 53 6f 75 6b 61 69 20 53 ...U....Soukai S
0720: 79 6e 64 2e 31 1a 30 18 06 03 55 04 03 0c 11 53 ynd.1.0...U....S
0730: 69 78 20 47 61 74 65 73 20 54 65 73 74 20 43 41 ix Gates Test CA
0740: 30 1e 17 0d 32 35 30 34 31 39 30 33 30 31 35 39 0...250419030159
0750: 5a 17 0d 33 35 30 34 31 37 30 33 30 31 35 39 5a Z..350417030159Z
0760: 30 56 31 0b 30 09 06 03 55 04 06 13 02 4a 50 31 0V1.0...U....JP1
0770: 14 30 12 06 03 55 04 08 0c 0b 4e 65 6f 2d 53 61 .0...U....Neo-Sa
0780: 69 74 61 6d 61 31 15 30 13 06 03 55 04 0a 0c 0c itama1.0...U....
0790: 53 6f 75 6b 61 69 20 53 79 6e 64 2e 31 1a 30 18 Soukai Synd.1.0.
07a0: 06 03 55 04 03 0c 11 53 69 78 20 47 61 74 65 73 ..U....Six Gates
07b0: 20 54 65 73 74 20 43 41 30 59 30 13 06 07 2a 86  Test CA0Y0...*.
07c0: 48 ce 3d 02 01 06 08 2a 86 48 ce 3d 03 01 07 03 H.=....*.H.=....
07d0: 42 00 04 ca 6e 63 fe d1 dd e8 b5 5e b7 2a 7e 53 B...nc.....^.*~S
07e0: 60 6c 10 55 5a 21 75 8e 8b 53 44 5d e4 7f 5f 53 `l.UZ!u..SD].._S
07f0: 84 da e5 36 82 b9 69 79 00 d0 be 7e 92 5b 16 8b ...6..iy...~.[..
0800: 06 9e ee 83 51 c7 73 01 e3 d6 54 b8 63 42 7d 17 ....Q.s...T.cB}.
0810: 0d 2c a6 a3 63 30 61 30 1d 06 03 55 1d 0e 04 16 .,..c0a0...U....
0820: 04 14 4c 6c 83 ef 92 11 cc 12 95 70 16 cc 2d 87 ..Ll.......p..-.
0830: f3 18 c5 f8 b1 d5 30 1f 06 03 55 1d 23 04 18 30 ......0...U.#..0
0840: 16 80 14 4c 6c 83 ef 92 11 cc 12 95 70 16 cc 2d ...Ll.......p..-
0850: 87 f3 18 c5 f8 b1 d5 30 0f 06 03 55 1d 13 01 01 .......0...U....
0860: ff 04 05 30 03 01 01 ff 30 0e 06 03 55 1d 0f 01 ...0....0...U...
0870: 01 ff 04 04 03 02 01 86 30 0a 06 08 2a 86 48 ce ........0...*.H.
0880: 3d 04 03 02 03 47 00 30 44 02 20 29 45 37 8a 76 =....G.0D. )E7.v
0890: ec 74 9b 77 64 93 c4 35 2e fa 34 49 f8 da 16 aa .t.wd..5..4I....
08a0: 5f a7 1c 7e 4c 29 5d d5 46 b9 99 02 20 71 45 47 _..~L)].F... qEG
08b0: 3d 5d 23 47 f5 16 45 28 4b e2 8f 5a 4f 72 25 36 =]#G..E(K..ZOr%6
08c0: 08 19 cd cd e6 e9 b0 a7 fd f6 ce 3b 79 00 00    ...........;y..
..3#..z.O
0030: 15 f9 06 51                                     ...Q
=> Send SSL data, 5 bytes (0x5)
0000: 14 03 03 00 01                                  .....
== Info: TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
=> Send SSL data, 1 bytes (0x1)
0000: 01                                              .
=> Send SSL data, 5 bytes (0x5)
0000: 17 03 03 00 45                                  ....E
=> Send SSL data, 1 bytes (0x1)
0000: 16                                              .
== Info: TLSv1.3 (OUT), TLS handshake, Finished (20):
=> Send SSL data, 52 bytes (0x34)
0000: 14 00 00 30 1b d8 50 b9 d0 0d e0 30 b1 30 02 63 ...0..P....0.0.c
0010: 22 02 1a 58 eb c1 d4 2a a1 67 a5 bf e0 5b 09 18 "..X...*.g...[..
0020: 4d df 27 40 f3 fe ab 6e d8 11 67 36 d1 8d 92 99 M.'@...n..g6....
0030: 4d 9b 5e 82                                     M.^.
== Info: SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 / X25519 / RSASSA-PSS
== Info: ALPN: server did not agree on a protocol. Uses default.
== Info: Server certificate:
== Info:  subject: C=JP; ST=Neo-Saitama; O=Omura Industries MC.; OU=#7212; CN=angel-p57
== Info:  start date: Apr 19 03:03:04 2025 GMT
== Info:  expire date: Apr 19 03:03:04 2026 GMT
== Info:  subjectAltName: host "localhost" matched cert's "localhost"
== Info:  issuer: C=JP; ST=Neo-Saitama; O=Soukai Synd.; CN=Six Gates Test CA
== Info:  SSL certificate verify ok.
== Info:   Certificate level 0: Public key type RSA (2048/112 Bits/secBits), signed using ecdsa-with-SHA256
== Info:   Certificate level 1: Public key type EC/prime256v1 (256/128 Bits/secBits), signed using ecdsa-with-SHA256
== Info: SSL certificate status: revoked (1)
== Info: SSL certificate revocation reason: (UNKNOWN) (-1)
== Info: Closing connection
G.o....
0010: 00 00 00 00 00 00 d0 d6 9c bf 9b 84 c4 92 2f c0 ............../.
0020: 03 49 d4 7a ca ac eb 00 a8 44 1e 6d ce 39 b2 12 .I.z.....D.m.9..
0030: 42 f7 7c a9 a9 e1 a5 7a 58 6c f2 4e 89 80 c0 6a B.|....zXl.N...j
0040: a9 8a b0 4a 7d 44 aa 64 36 f0 0f 24 61 ed 9b e8 ...J}D.d6..$a...
0050: 03 eb 11 c3 cb 00 a5 ff 10 16 7e cf 43 94 76 d9 ..........~.C.v.
0060: a4 37 fa a1 a0 4a 78 5e a7 c5 bf 2a 26 34 55 35 .7...Jx^...*&4U5
0070: 82 d4 f7 9e 6a ff 85 be 9f 13 54 c8 c9 5a 25 9f ....j.....T..Z%.
0080: 46 4f 22 06 17 01 c9 ba 30 4f 7e ec 3d dc 5f 2b FO".....0O~.=._+
0090: 00 91 57 b4 19 f4 a7 03 0a 10 06 12 3d de 28 01 ..W.........=.(.
00a0: cb 59 cd 98 a0 43 ed 56 f7 a7 b8 0b 27 a2 de d2 .Y...C.V....'...
00b0: 1d f6 e0 43 d0 70 46 55 f9 2e 5c 2d 2f fa 82 b6 ...C.pFU..-/...
00c0: 50 b7 d6 2c f7 62 de 29 98 90 b7 63 15 d7 2b c0 P..,.b.)...c..+.
00d0: 3e 1c 7a e3 08 22 ff d6 a5 1e 50 da 86 1e cf bf >.z.."....P.....
00e0: 11 a1 83 45 8f e7 75 00 00                      ...E..u..
 Send SSL data, 5 bytes (0x5)
0000: 17 03 03 00 13                                  .....
=> Send SSL data, 1 bytes (0x1)
0000: 15                                              .
== Info: TLSv1.3 (OUT), TLS alert, close notify (256):
=> Send SSL data, 2 bytes (0x2)
0000: 01 00                                           ..

生成したデータ

鍵データ

CA1用鍵データ

ca.key

-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgQEA2WNtaNDmpJkwM
ZTLpoz2QxSmUsyx9tdBbMrcmf3ehRANCAATKbmP+0d3otV63Kn5TYGwQVVohdY6L
U0Rd5H9fU4Ta5TaCuWl5ANC+fpJbFosGnu6DUcdzAePWVLhjQn0XDSym
-----END PRIVATE KEY-----
サーバ用RSA鍵データ

nrsa.key

-----BEGIN PRIVATE KEY-----
MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQD0xg441KQi/EUN
zO/IqnChB3Msdt0p/pLqEmBDU6BS3sGem5jWMxBHv1DzMCSy37QLWOySxPjxIDZb
+vxHX+f2tGzDavEx2sp9kFhjpwiKBqAhOh04rdac5xSzgge3u7aR7yasHdLMUQV3
3oPjkXvfX9iokSKFQJRhI3F7Dhk6c8LcCDGFKsvUVA076VpB79RloBzLfqUBbqzL
qIXD5lD4XdHdKmb795E3HQcoJll/ZlMiyMThfT3EReanEHxPmEFUj8SzDd9vtjiL
pOPvlF9HXNIjBvKGxEVzMjQij3SzBzrOAP91rbnkQOSRSJJzyDjJeSMrGo2/93Gs
NN2KVA0FAgMBAAECggEAB2gri6u08HwVc4af5kDGGhFZel8kb9NiIGQq9o6ZcOMz
FQ4cpgqzM5XwqKiXIQnk7wejV7Okhti/MbGwIFF2JFXZtAt7Pf4iwixJMxwdsDOQ
H+vxcMLN65SQi01kLLqo79ST+oGyhyKX2ZnpqswUZVzcol6LSWCmvM5vmNYt4Zdf
sok6xE9gAFUzdeMg+tSV871ZvaiCjR5GiuN/3MsTgh52KHJBZL0iNcFzLSeJ2sRX
79au6ukpUbQ7zi9dmt3+txjl88LPfhhaNYPqBJlHZUtQPYhZtyHCY29aGnGBgkUg
UERuEsLEjGWIaN0vy8SuXAq77jMeI0busnT8RzXV4QKBgQD7tvBIhhQWVfTEOxOh
oT+aNab1kjBFWGUjpWPm0gxIpqHnvyORgUbIVxNj3BFc044cpAJSMiE6xKUW6d8B
boxN3+QkxVXfIXZtbQruSfsfcGZAyo5VYMLzuzL9VFFXMgU79R8GasKBCW0cq7p3
GHM372gMYEz83wvZ6ic/5CgWlQKBgQD48N2nLcG1VnVXtS27eQzlfHYA/dnYmQgH
zh46b0Rh4U25l7kwAz0xwCz5K1SwpJcVfXgEMkOxN9apLJgnAeLkD5/DjrLemtFH
FMZh7WAbmZk72H3f2G1tMGdRQHLU6/XDt8MZRKQZOplUZi1mgy4AsaaNn/YpwIgz
Fbh+9z6wsQKBgQCg7P1DsIypFv0sc4SCgh+yjHiYaYT44KGQn412JXX7AKVkDxxD
Sz4gmSLpZemnyg0CHIzrVedOtifBtXWAadfDdc9a/tp+k9st7FffrmahW+/TnmxP
A1TAFD9uHHkAYRddlMHoDVsauhcLDHNi7rvC2AlSWEMAK+1cvUmonEpQ3QKBgQCx
KTmVMEsa8lyv/pB9SriS2PBh5EaUjtPYOifpDiZsQhs+aWuxb5ytO0bGTMAIthmP
gatX0S27gTGTU9k0aXM/Op9IXNWO9j7Zhz9nkbdD7RvQK1Hpa+z0N+5PNL6EKSjO
EIkYAnGGQt274ruMqO6kL8mIIL7fF9XWBS83rF1BAQKBgQCg6txM7z9Y2nTvLr2v
llzFTCHAXjVjhD+iKztvzNO/bLq5o/8k4GpIhR2do9MtzPW8eo760atHcDKbpCi8
V+lXRB3Jvj5b9SOvJt9O36bRAH5+664RjkMbox8Nz2Xk3+UB/suvRSBMFsu0BZvH
uid/KlMxXLyTL0/aBtWDl/ny5A==
-----END PRIVATE KEY-----
サーバ用壊れたRSA鍵データ

brsa.key

-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEA4NO8SfzALLT5ei7n1Eaosq3AFX1qalTD/pKRkw7bNTy1Vgwz
milzEk5RCj09uwoaWxmleMj63wgMEBKKTFlbZrEojxUs84dyrHuHblDaL/ubc6fV
bL4BhKU7u2IUp4EBNZ3TmUBJeV5chFVLK3mfp61U2ImIdx8h61V185Or7bUXIM7B
CduwBCLM0rlJWAsQRprNm4lubnkhK1Yz5YpdgS3YjhWUJXuCaNpfiTUlrXAK4uLg
5ZSZQkVT5kgIpGJCeys/yzeYwGNl5fADNHiV3xgbaXHjazA/gS53IjMTn6zH4nnp
6lNPaz/8JOiPhlOtdJaltGps/Z4smwV35qFJyQIDAQABAoIBACjZ0CiRaEm3SG1P
AIitnhF5SKGe/Cr94+7pqtHRrTrrIPfVl7q3NVVqLYdywTivCULsUgi0XAEScT6q
X76nrdfm8Luu2VAWmFuGxoDg6AQ373MAV+M+UwBLFaNimuYkppebacs6xx7qal0R
Mmtf2gaZlAUUWFtsqLkd+iSb/G1gVvBqKqlkiKHzz4GG0+t83AUGgKZZ6YYKJRSY
6XVIYzXwvfzP9u5XHAZDMJznYHMIpon2sxJ1vNxOiHrRQkgLJLCrNlY86sbwt+Ug
rwIbIl6uCstCzcWbQk3yjwtDj5olQMPWayrOHRK/MjqhSGDkB+m9VmLrSnKJj2OG
Vm34mAECgYEA9npmudmTKJ7vkIVOCZgPPzAJIw/vhBIfN/u9ZA+W/BMSPUgvNlD5
KfImik45UXkxZYe9Q8lFyCEPTctzyochYO/CUqg9deOC+J2Ep8alDkFbUlKFgAvY
OW4H73QJGeoqGYJmzQAh/+b9Ut2dDPl9/bn3CyiF8cG37QiTaKsO7MECgYEA6YM2
LBbCxE+FPbxMmsQuOBEY5YSUrDBqhsBdmtEucmgW4OTFseGfRjQpPK1wqe4NFJMD
9+TTQpiU8Vn/Cxe4IxMxvY0xqmPlWn8vKM4tjcTE7FGJN2vgaPC8IsWVfZXCxOHE
4Y25GHZ+68wp/oE3h1xDPrNpvZS6x9jWHOYdtwkCgYEA8Gh1GCN7IOzdODZ95me1
v2koEFXzxfszDhTyJs3588baTIHC4xTZ4yr4ooAn8irmnmRmm96OvORaHAQs3ccu
LHHPNXY59GnEDqD9ifP8fEoNO9+XrUxgS6vh+5JPakJ3a8hAYwYVI5h3UEMuc0BK
vpeLugt9kk/kCUQLG9V1SkECgYEA1GpnfPO3eJxduCryBFcxNA9Zdm+ETp48SRf0
DkD631eQeEOjEo0LNfF9EZU0R2AkxfJ2San+AzaJRoN3Xb/V4RI0zRkDdNwqZogL
fjMPfUbhW5dQGvomyU8z1O2nbvYslqxJTGR/W6FvE1BFYx5oRNnI0eCi77G7ts+o
9eDeZwECgYEA4sOC4PJEq/Rw/frfWR/118sWtFmLJGtPyJNbb+8jQiwc+/LapzPZ
iGDo00U1iEJRJ/iSrup/1ya7GfL6SyJXmcd/BI7IAIooGbTnGOqTOLg+Cx8FFM7a
WKyXz2QTROVmaugUNAmmCeR3ql2aD1B3fhlgq4JqvllxAC4XvGbkCFY=
-----END RSA PRIVATE KEY-----

なお、最後の壊れたRSA鍵データは、パラメータprime1として、本当の素数ではなく $p’=q(3q-2)$ 型の擬素数を使用したもので、$q=7595674843050454805528193490535364057202382647252780272344814400025877771778642204973150240594982600121723883442187516293139129446969602164038394453274341$、$p’=173082828964048653729361376801977603700071656925378842590377869826618114723677068036280381146525578464168843785041245150314018272428873451203484570150431742157999647863433038541476031178592943068705134741871205054315430196948848757337923586830072631791464699200060807170599896175698431978565922586219720404161$ に相当するものです。

証明書データ

CA1用証明書

ca.crt

-----BEGIN CERTIFICATE-----
MIIB/TCCAaSgAwIBAgIBATAKBggqhkjOPQQDAjBWMQswCQYDVQQGEwJKUDEUMBIG
A1UECAwLTmVvLVNhaXRhbWExFTATBgNVBAoMDFNvdWthaSBTeW5kLjEaMBgGA1UE
AwwRU2l4IEdhdGVzIFRlc3QgQ0EwHhcNMjUwNDE5MDMwMTU5WhcNMzUwNDE3MDMw
MTU5WjBWMQswCQYDVQQGEwJKUDEUMBIGA1UECAwLTmVvLVNhaXRhbWExFTATBgNV
BAoMDFNvdWthaSBTeW5kLjEaMBgGA1UEAwwRU2l4IEdhdGVzIFRlc3QgQ0EwWTAT
BgcqhkjOPQIBBggqhkjOPQMBBwNCAATKbmP+0d3otV63Kn5TYGwQVVohdY6LU0Rd
5H9fU4Ta5TaCuWl5ANC+fpJbFosGnu6DUcdzAePWVLhjQn0XDSymo2MwYTAdBgNV
HQ4EFgQUTGyD75IRzBKVcBbMLYfzGMX4sdUwHwYDVR0jBBgwFoAUTGyD75IRzBKV
cBbMLYfzGMX4sdUwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwCgYI
KoZIzj0EAwIDRwAwRAIgKUU3inbsdJt3ZJPENS76NEn42haqX6ccfkwpXdVGuZkC
IHFFRz1dI0f1FkUoS+KPWk9yJTYIGc3N5umwp/32zjt5
-----END CERTIFICATE-----
CA2用証明書

ca2.crt

-----BEGIN CERTIFICATE-----
MIIB/zCCAaSgAwIBAgIBATAKBggqhkjOPQQDAjBWMQswCQYDVQQGEwJKUDEUMBIG
A1UECAwLTmVvLVNhaXRhbWExFTATBgNVBAoMDFNvdWthaSBTeW5kLjEaMBgGA1UE
AwwRU2l4IEdhdGVzIFRlc3QgQ0EwHhcNMjUwNDE5MDMwMjAzWhcNMzUwNDE3MDMw
MjAzWjBWMQswCQYDVQQGEwJKUDEUMBIGA1UECAwLTmVvLVNhaXRhbWExFTATBgNV
BAoMDFNvdWthaSBTeW5kLjEaMBgGA1UEAwwRU2l4IEdhdGVzIFRlc3QgQ0EwWTAT
BgcqhkjOPQIBBggqhkjOPQMBBwNCAATArfyXLOKbJqPPsLPhFmp+d4nKcqzQo+yn
CZ1Ts5sYI6Vvpov+BKYpm4hwFeTrSIyI4JTZKR5OR3OzuBZnPba1o2MwYTAdBgNV
HQ4EFgQUPM5Q1iRS0XRrG3R20bUoD+dPk2UwHwYDVR0jBBgwFoAUPM5Q1iRS0XRr
G3R20bUoD+dPk2UwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwCgYI
KoZIzj0EAwIDSQAwRgIhAPh3zRWTFD5eJ1srObKJ4osfzHb14xMEJ0U2z3TxY4eO
AiEA0T34SEgO+7jJhCkg2npX3zVNr2sOV0HXGuhArTWUh4g=
-----END CERTIFICATE-----
サーバ用の通常の証明書

nrsa.crt

-----BEGIN CERTIFICATE-----
MIIDXTCCAwKgAwIBAgIBAjAKBggqhkjOPQQDAjBWMQswCQYDVQQGEwJKUDEUMBIG
A1UECAwLTmVvLVNhaXRhbWExFTATBgNVBAoMDFNvdWthaSBTeW5kLjEaMBgGA1UE
AwwRU2l4IEdhdGVzIFRlc3QgQ0EwHhcNMjUwNDE5MDMwMjE2WhcNMjYwNDE5MDMw
MjE2WjBmMQswCQYDVQQGEwJKUDEUMBIGA1UECAwLTmVvLVNhaXRhbWExHTAbBgNV
BAoMFE9tdXJhIEluZHVzdHJpZXMgTUMuMQ4wDAYDVQQLDAUjNzE3MDESMBAGA1UE
AwwJYW5nZWwtcDU3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9MYO
ONSkIvxFDczvyKpwoQdzLHbdKf6S6hJgQ1OgUt7BnpuY1jMQR79Q8zAkst+0C1js
ksT48SA2W/r8R1/n9rRsw2rxMdrKfZBYY6cIigagITodOK3WnOcUs4IHt7u2ke8m
rB3SzFEFd96D45F731/YqJEihUCUYSNxew4ZOnPC3AgxhSrL1FQNO+laQe/UZaAc
y36lAW6sy6iFw+ZQ+F3R3Spm+/eRNx0HKCZZf2ZTIsjE4X09xEXmpxB8T5hBVI/E
sw3fb7Y4i6Tj75RfR1zSIwbyhsRFczI0Io90swc6zgD/da255EDkkUiSc8g4yXkj
KxqNv/dxrDTdilQNBQIDAQABo4HlMIHiMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQD
AgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMB0GA1UdDgQWBBT2RahvcpnB/A22g1Pj
VdvEMElnxDAfBgNVHSMEGDAWgBRMbIPvkhHMEpVwFswth/MYxfix1TAaBgNVHREE
EzARgglsb2NhbGhvc3SHBH8AAAEwHwYDVR0gBBgwFjAUBhIrBgEEAetJhRqFGoUa
AYN0CQEwMwYIKwYBBQUHAQEEJzAlMCMGCCsGAQUFBzABhhdodHRwOi8vMTI3LjAu
MC4xOjEwMDgwLzAKBggqhkjOPQQDAgNJADBGAiEA0blqNzirsD/ZCzDmoAKmaKX1
NvQi5mXl5/63gv9+CdoCIQDVLixTQI/NPYCMKW4f+/g11DrFoENaeCKDE5N5yyPC
4g==
-----END CERTIFICATE-----
ドメイン不一致証明書(localhost2)

nrsa-adom.crt

-----BEGIN CERTIFICATE-----
MIIDXTCCAwOgAwIBAgIBBDAKBggqhkjOPQQDAjBWMQswCQYDVQQGEwJKUDEUMBIG
A1UECAwLTmVvLVNhaXRhbWExFTATBgNVBAoMDFNvdWthaSBTeW5kLjEaMBgGA1UE
AwwRU2l4IEdhdGVzIFRlc3QgQ0EwHhcNMjUwNDE5MDMwMjQ2WhcNMjYwNDE5MDMw
MjQ2WjBmMQswCQYDVQQGEwJKUDEUMBIGA1UECAwLTmVvLVNhaXRhbWExHTAbBgNV
BAoMFE9tdXJhIEluZHVzdHJpZXMgTUMuMQ4wDAYDVQQLDAUjNzE5MjESMBAGA1UE
AwwJYW5nZWwtcDU3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9MYO
ONSkIvxFDczvyKpwoQdzLHbdKf6S6hJgQ1OgUt7BnpuY1jMQR79Q8zAkst+0C1js
ksT48SA2W/r8R1/n9rRsw2rxMdrKfZBYY6cIigagITodOK3WnOcUs4IHt7u2ke8m
rB3SzFEFd96D45F731/YqJEihUCUYSNxew4ZOnPC3AgxhSrL1FQNO+laQe/UZaAc
y36lAW6sy6iFw+ZQ+F3R3Spm+/eRNx0HKCZZf2ZTIsjE4X09xEXmpxB8T5hBVI/E
sw3fb7Y4i6Tj75RfR1zSIwbyhsRFczI0Io90swc6zgD/da255EDkkUiSc8g4yXkj
KxqNv/dxrDTdilQNBQIDAQABo4HmMIHjMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQD
AgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMB0GA1UdDgQWBBT2RahvcpnB/A22g1Pj
VdvEMElnxDAfBgNVHSMEGDAWgBRMbIPvkhHMEpVwFswth/MYxfix1TAbBgNVHREE
FDASggpsb2NhbGhvc3QyhwR/AAABMB8GA1UdIAQYMBYwFAYSKwYBBAHrSYUahRqF
GgGDdAkBMDMGCCsGAQUFBwEBBCcwJTAjBggrBgEFBQcwAYYXaHR0cDovLzEyNy4w
LjAuMToxMDA4MC8wCgYIKoZIzj0EAwIDSAAwRQIhAOsn5F8AiGjZupMPMV6hxFOW
ZFzVmCtcvuf6/hYKOMGbAiBDuhMrOd1ZDyXagB2JyVC7pLKKHXqTuZVN9MNWGp+h
lA==
-----END CERTIFICATE-----
期限切れサーバ証明書(有効期間0日)

nrsa-d0.crt

-----BEGIN CERTIFICATE-----
MIIDXTCCAwKgAwIBAgIBBTAKBggqhkjOPQQDAjBWMQswCQYDVQQGEwJKUDEUMBIG
A1UECAwLTmVvLVNhaXRhbWExFTATBgNVBAoMDFNvdWthaSBTeW5kLjEaMBgGA1UE
AwwRU2l4IEdhdGVzIFRlc3QgQ0EwHhcNMjUwNDE5MDMwMjU0WhcNMjUwNDE5MDMw
MjU0WjBmMQswCQYDVQQGEwJKUDEUMBIGA1UECAwLTmVvLVNhaXRhbWExHTAbBgNV
BAoMFE9tdXJhIEluZHVzdHJpZXMgTUMuMQ4wDAYDVQQLDAUjNzIwMzESMBAGA1UE
AwwJYW5nZWwtcDU3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9MYO
ONSkIvxFDczvyKpwoQdzLHbdKf6S6hJgQ1OgUt7BnpuY1jMQR79Q8zAkst+0C1js
ksT48SA2W/r8R1/n9rRsw2rxMdrKfZBYY6cIigagITodOK3WnOcUs4IHt7u2ke8m
rB3SzFEFd96D45F731/YqJEihUCUYSNxew4ZOnPC3AgxhSrL1FQNO+laQe/UZaAc
y36lAW6sy6iFw+ZQ+F3R3Spm+/eRNx0HKCZZf2ZTIsjE4X09xEXmpxB8T5hBVI/E
sw3fb7Y4i6Tj75RfR1zSIwbyhsRFczI0Io90swc6zgD/da255EDkkUiSc8g4yXkj
KxqNv/dxrDTdilQNBQIDAQABo4HlMIHiMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQD
AgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMB0GA1UdDgQWBBT2RahvcpnB/A22g1Pj
VdvEMElnxDAfBgNVHSMEGDAWgBRMbIPvkhHMEpVwFswth/MYxfix1TAaBgNVHREE
EzARgglsb2NhbGhvc3SHBH8AAAEwHwYDVR0gBBgwFjAUBhIrBgEEAetJhRqFGoUa
AYN0CQEwMwYIKwYBBQUHAQEEJzAlMCMGCCsGAQUFBzABhhdodHRwOi8vMTI3LjAu
MC4xOjEwMDgwLzAKBggqhkjOPQQDAgNJADBGAiEAw2Ez3KL2WDIj8rI10VjibcbE
ZvMdnd/ux7gqhxvxVfACIQDoH14Id9CchlQB8TS1o4kzR5xqYqyljtTEUzKx9tkk
UA==
-----END CERTIFICATE-----
壊れたRSA鍵に対応するサーバ証明書

brsa.crt

-----BEGIN CERTIFICATE-----
MIIDXDCCAwKgAwIBAgIBAzAKBggqhkjOPQQDAjBWMQswCQYDVQQGEwJKUDEUMBIG
A1UECAwLTmVvLVNhaXRhbWExFTATBgNVBAoMDFNvdWthaSBTeW5kLjEaMBgGA1UE
AwwRU2l4IEdhdGVzIFRlc3QgQ0EwHhcNMjUwNDE5MDMwMjIzWhcNMjYwNDE5MDMw
MjIzWjBmMQswCQYDVQQGEwJKUDEUMBIGA1UECAwLTmVvLVNhaXRhbWExHTAbBgNV
BAoMFE9tdXJhIEluZHVzdHJpZXMgTUMuMQ4wDAYDVQQLDAUjNzE3OTESMBAGA1UE
AwwJYW5nZWwtcDU3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4NO8
SfzALLT5ei7n1Eaosq3AFX1qalTD/pKRkw7bNTy1VgwzmilzEk5RCj09uwoaWxml
eMj63wgMEBKKTFlbZrEojxUs84dyrHuHblDaL/ubc6fVbL4BhKU7u2IUp4EBNZ3T
mUBJeV5chFVLK3mfp61U2ImIdx8h61V185Or7bUXIM7BCduwBCLM0rlJWAsQRprN
m4lubnkhK1Yz5YpdgS3YjhWUJXuCaNpfiTUlrXAK4uLg5ZSZQkVT5kgIpGJCeys/
yzeYwGNl5fADNHiV3xgbaXHjazA/gS53IjMTn6zH4nnp6lNPaz/8JOiPhlOtdJal
tGps/Z4smwV35qFJyQIDAQABo4HlMIHiMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQD
AgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMB0GA1UdDgQWBBTOUjNrM2oJBMchQoFq
1t+FfKoXhTAfBgNVHSMEGDAWgBRMbIPvkhHMEpVwFswth/MYxfix1TAaBgNVHREE
EzARgglsb2NhbGhvc3SHBH8AAAEwHwYDVR0gBBgwFjAUBhIrBgEEAetJhRqFGoUa
AYN0CQEwMwYIKwYBBQUHAQEEJzAlMCMGCCsGAQUFBzABhhdodHRwOi8vMTI3LjAu
MC4xOjEwMDgwLzAKBggqhkjOPQQDAgNIADBFAiBPiuf66Rh1FPbjVkQQs5c43T17
DKtytwNfZHByEhq1xwIhAKPjQ/y6UytJt0fL0YWzhwgjn9zK97+mqlHiCdDp7+ZC
-----END CERTIFICATE-----
revokeされたサーバ証明書

nrsa-rev.crt

-----BEGIN CERTIFICATE-----
MIIDXTCCAwKgAwIBAgIBBjAKBggqhkjOPQQDAjBWMQswCQYDVQQGEwJKUDEUMBIG
A1UECAwLTmVvLVNhaXRhbWExFTATBgNVBAoMDFNvdWthaSBTeW5kLjEaMBgGA1UE
AwwRU2l4IEdhdGVzIFRlc3QgQ0EwHhcNMjUwNDE5MDMwMzA0WhcNMjYwNDE5MDMw
MzA0WjBmMQswCQYDVQQGEwJKUDEUMBIGA1UECAwLTmVvLVNhaXRhbWExHTAbBgNV
BAoMFE9tdXJhIEluZHVzdHJpZXMgTUMuMQ4wDAYDVQQLDAUjNzIxMjESMBAGA1UE
AwwJYW5nZWwtcDU3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9MYO
ONSkIvxFDczvyKpwoQdzLHbdKf6S6hJgQ1OgUt7BnpuY1jMQR79Q8zAkst+0C1js
ksT48SA2W/r8R1/n9rRsw2rxMdrKfZBYY6cIigagITodOK3WnOcUs4IHt7u2ke8m
rB3SzFEFd96D45F731/YqJEihUCUYSNxew4ZOnPC3AgxhSrL1FQNO+laQe/UZaAc
y36lAW6sy6iFw+ZQ+F3R3Spm+/eRNx0HKCZZf2ZTIsjE4X09xEXmpxB8T5hBVI/E
sw3fb7Y4i6Tj75RfR1zSIwbyhsRFczI0Io90swc6zgD/da255EDkkUiSc8g4yXkj
KxqNv/dxrDTdilQNBQIDAQABo4HlMIHiMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQD
AgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMB0GA1UdDgQWBBT2RahvcpnB/A22g1Pj
VdvEMElnxDAfBgNVHSMEGDAWgBRMbIPvkhHMEpVwFswth/MYxfix1TAaBgNVHREE
EzARgglsb2NhbGhvc3SHBH8AAAEwHwYDVR0gBBgwFjAUBhIrBgEEAetJhRqFGoUa
AYN0CQEwMwYIKwYBBQUHAQEEJzAlMCMGCCsGAQUFBzABhhdodHRwOi8vMTI3LjAu
MC4xOjEwMDgwLzAKBggqhkjOPQQDAgNJADBGAiEA7QlYNpFBe0aGCD5Xo+X0bmW6
nYvx2poj+Qok8fFNgQICIQD/B0e3W9OuEekNQYndXbXrkNUJoT2QYOqsV0Ov2iqc
wQ==
-----END CERTIFICATE-----

証明書ステータスデータ

タブが含まれるため、xxdコマンドによる出力を以下に挙げます。

インデクスファイルのダンプ

ca.idxのダンプ

$ xxd ca.idx
00000000: 5609 3236 3034 3139 3033 3032 3136 5a09  V.260419030216Z.
00000010: 0930 3209 756e 6b6e 6f77 6e09 4320 3d20  .02.unknown.C =
00000020: 4a50 2c20 5354 203d 204e 656f 2d53 6169  JP, ST = Neo-Sai
00000030: 7461 6d61 2c20 4f20 3d20 4f6d 7572 6120  tama, O = Omura
00000040: 496e 6475 7374 7269 6573 204d 432e 2c20  Industries MC.,
00000050: 4f55 203d 2022 2337 3137 3022 2c20 434e  OU = "#7170", CN
00000060: 203d 2061 6e67 656c 2d70 3537 0a56 0932   = angel-p57.V.2
00000070: 3630 3431 3930 3330 3232 335a 0909 3033  60419030223Z..03
00000080: 0975 6e6b 6e6f 776e 0943 203d 204a 502c  .unknown.C = JP,
00000090: 2053 5420 3d20 4e65 6f2d 5361 6974 616d   ST = Neo-Saitam
000000a0: 612c 204f 203d 204f 6d75 7261 2049 6e64  a, O = Omura Ind
000000b0: 7573 7472 6965 7320 4d43 2e2c 204f 5520  ustries MC., OU
000000c0: 3d20 2223 3731 3739 222c 2043 4e20 3d20  = "#7179", CN =
000000d0: 616e 6765 6c2d 7035 370a 5609 3236 3034  angel-p57.V.2604
000000e0: 3139 3033 3032 3436 5a09 0930 3409 756e  19030246Z..04.un
000000f0: 6b6e 6f77 6e09 4320 3d20 4a50 2c20 5354  known.C = JP, ST
00000100: 203d 204e 656f 2d53 6169 7461 6d61 2c20   = Neo-Saitama,
00000110: 4f20 3d20 4f6d 7572 6120 496e 6475 7374  O = Omura Indust
00000120: 7269 6573 204d 432e 2c20 4f55 203d 2022  ries MC., OU = "
00000130: 2337 3139 3222 2c20 434e 203d 2061 6e67  #7192", CN = ang
00000140: 656c 2d70 3537 0a56 0932 3530 3431 3930  el-p57.V.2504190
00000150: 3330 3235 345a 0909 3035 0975 6e6b 6e6f  30254Z..05.unkno
00000160: 776e 0943 203d 204a 502c 2053 5420 3d20  wn.C = JP, ST =
00000170: 4e65 6f2d 5361 6974 616d 612c 204f 203d  Neo-Saitama, O =
00000180: 204f 6d75 7261 2049 6e64 7573 7472 6965   Omura Industrie
00000190: 7320 4d43 2e2c 204f 5520 3d20 2223 3732  s MC., OU = "#72
000001a0: 3033 222c 2043 4e20 3d20 616e 6765 6c2d  03", CN = angel-
000001b0: 7035 370a 5209 3236 3034 3139 3033 3033  p57.R.2604190303
000001c0: 3034 5a09 3235 3034 3139 3033 3034 3034  04Z.250419030404
000001d0: 5a09 3036 0975 6e6b 6e6f 776e 0943 203d  Z.06.unknown.C =
000001e0: 204a 502c 2053 5420 3d20 4e65 6f2d 5361   JP, ST = Neo-Sa
000001f0: 6974 616d 612c 204f 203d 204f 6d75 7261  itama, O = Omura
00000200: 2049 6e64 7573 7472 6965 7320 4d43 2e2c   Industries MC.,
00000210: 204f 5520 3d20 2223 3732 3132 222c 2043   OU = "#7212", C
00000220: 4e20 3d20 616e 6765 6c2d 7035 370a       N = angel-p57.

ただ、ダンプだと見づらいと思いますので、タブを t に置き換えたテキストも挙げます。
タブ区切りの各カラムの意味を明確に把握しているわけではありませんが、一応順にステータス(一文字)、有効期限、revoke時の有効期限、シリアル番号、不明カラム、サブジェクトとなっているようです。

変換版のインデクスファイル

変換版

Vt260419030216Ztt02tunknowntC = JP, ST = Neo-Saitama, O = Omura Industries MC., OU = "#7170", CN = angel-p57
Vt260419030223Ztt03tunknowntC = JP, ST = Neo-Saitama, O = Omura Industries MC., OU = "#7179", CN = angel-p57
Vt260419030246Ztt04tunknowntC = JP, ST = Neo-Saitama, O = Omura Industries MC., OU = "#7192", CN = angel-p57
Vt250419030254Ztt05tunknowntC = JP, ST = Neo-Saitama, O = Omura Industries MC., OU = "#7203", CN = angel-p57
Rt260419030304Zt250419030404Zt06tunknowntC = JP, ST = Neo-Saitama, O = Omura Industries MC., OU = "#7212", CN = angel-p57

ということで、単に実験記録だけになりますが、手順の整備そのものが役に立つかもしれないので記事にしました。類似の作業をするときの参考になれば幸いです。



フラッグシティパートナーズ海外不動産投資セミナー 【DMM FX】入金

Source link

Hanye SSD 2TB PCIe Gen4x4 M.2 NVMe 2280 ヒートシンク搭載 新型PS5 PS5動作確認済み R:7450MB/s W:6700MB/s HE70 高耐久3D NAND TLC 正規代理店品メーカー5年保証
5星中4.6(2420)
¥17,580 (2025年4月26日 13:09 GMT +09:00 時点 - 詳細はこちら価格および発送可能時期は表示された日付/時刻の時点のものであり、変更される場合があります。本商品の購入においては、購入の時点で当該の Amazon サイトに表示されている価格および発送可能時期の情報が適用されます。)
SUNGUY USB-C Lightningケーブル 0.5M 2本セット【MFi認証取得】 タイプc ライトニングケーブル PD対応 20W急速充電 iPhone 充電ケーブル Carplay対応 高耐久ナイロン編み iPhone 14 13 12 XR XS iPhone 8 7 6 SEなどに対応 短い 50cm グレー
5星中4.6(136)
¥990 (2025年4月26日 13:09 GMT +09:00 時点 - 詳細はこちら価格および発送可能時期は表示された日付/時刻の時点のものであり、変更される場合があります。本商品の購入においては、購入の時点で当該の Amazon サイトに表示されている価格および発送可能時期の情報が適用されます。)
【2025正規MFi認証品】i-Phone 充電ケーブル ライトニングケーブル 純正品質【1M/2M 各2本】充電器 ケーブル 2.4A急速充電 USB 充電コード 高速データ転送 断線防止 高耐久 i-Phone 14/14 Pro/13/13 Pro/12/11/X/8/8plus/7/6/iPad 各種対応
5星中4.7(2110)
¥898 (2025年4月26日 13:07 GMT +09:00 時点 - 詳細はこちら価格および発送可能時期は表示された日付/時刻の時点のものであり、変更される場合があります。本商品の購入においては、購入の時点で当該の Amazon サイトに表示されている価格および発送可能時期の情報が適用されます。)