aboutsummaryrefslogtreecommitdiffstats
path: root/certs/E5.pem
diff options
context:
space:
mode:
authorGravatar Christian Hesse <mail@eworm.de>2024-06-20 09:50:39 +0200
committerGravatar Christian Hesse <mail@eworm.de>2024-06-21 15:55:45 +0200
commitd1693a241b0ec444d7ad469681e4ba81c1b398df (patch)
treecf5cd457f153cf7f20acb2e0608e4cba3bef9915 /certs/E5.pem
parent35f4ec0b1d1d8c26ec9293efe2d9091993d7bf89 (diff)
certs: E1 / E5 -> ISRG Root X2
In the beginning of Let's Encrypt their root certificate ISRG Root X1 was not widely trusted, at least some older and/or mobile platforms were missing that certificate in their root certificate store. At that time Let's Encrypt was using an alternative chain of trust, where a certificate was cross-signed with DST Root CA X3. To make sure a valid chain of trust is available under all circumstances a set of all certificates had to be supplied: both root vertificates ISRG Root X1 & DST Root CA X3, and an intermediate certificate. This was still true after DST Root CA X3 expired, as it could still be used as a root anchor and was shipped by Let's Encrypt when requested. 🤪 This time is finally over, and we have a clean chain for trust ending in ISRG Root X1 (or ISRG Root X2). Well, actually it is the other way round... Let's Encrypt signs with different tantamount intermediate certificates. There is not only E5, but also E6 - and we can not know beforehand which one is used on renew. So let's jetzt drop the intermediate certificates now, and rely on root certificates only. We are perfectly fine with this these days. Follow-up commits will do the same for *all* certificates. The certificate is downloaded with: curl -d '["ISRG Root X2"]' https://mkcert.org/generate/ | grep -v '^$' > certs/ISRG-Root-X2.pem
Diffstat (limited to 'certs/E5.pem')
-rw-r--r--certs/E5.pem119
1 files changed, 0 insertions, 119 deletions
diff --git a/certs/E5.pem b/certs/E5.pem
deleted file mode 100644
index 3f9e915..0000000
--- a/certs/E5.pem
+++ /dev/null
@@ -1,119 +0,0 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- 18:6e:75:d4:ee:b0:a0:5d:fd:2d:a8:20:86:5d:1e:31
- Signature Algorithm: ecdsa-with-SHA384
- Issuer: C=US, O=Internet Security Research Group, CN=ISRG Root X2
- Validity
- Not Before: Mar 13 00:00:00 2024 GMT
- Not After : Mar 12 23:59:59 2027 GMT
- Subject: C=US, O=Let's Encrypt, CN=E5
- Subject Public Key Info:
- Public Key Algorithm: id-ecPublicKey
- Public-Key: (384 bit)
- pub:
- 04:0d:0b:3a:8a:6b:61:8e:b6:ef:dc:5f:58:e7:c6:
- 42:45:54:ab:63:f6:66:61:48:0a:2e:59:75:b4:81:
- 02:37:50:b7:3f:16:79:dc:98:ec:a1:28:97:72:20:
- 1c:2c:cf:d5:7c:52:20:4e:54:78:5b:84:14:6b:c0:
- 90:ae:85:ec:c0:51:41:3c:5a:87:7f:06:4d:d4:fe:
- 60:d1:fa:6c:2d:e1:7d:95:10:88:a2:08:54:0f:99:
- 1a:4c:e6:ea:0a:ac:d8
- ASN1 OID: secp384r1
- NIST CURVE: P-384
- X509v3 extensions:
- X509v3 Key Usage: critical
- Digital Signature, Certificate Sign, CRL Sign
- X509v3 Extended Key Usage:
- TLS Web Client Authentication, TLS Web Server Authentication
- X509v3 Basic Constraints: critical
- CA:TRUE, pathlen:0
- X509v3 Subject Key Identifier:
- 9F:2B:5F:CF:3C:21:4F:9D:04:B7:ED:2B:2C:C4:C6:70:8B:D2:D7:0D
- X509v3 Authority Key Identifier:
- 7C:42:96:AE:DE:4B:48:3B:FA:92:F8:9E:8C:CF:6D:8B:A9:72:37:95
- Authority Information Access:
- CA Issuers - URI:http://x2.i.lencr.org/
- X509v3 Certificate Policies:
- Policy: 2.23.140.1.2.1
- X509v3 CRL Distribution Points:
- Full Name:
- URI:http://x2.c.lencr.org/
- Signature Algorithm: ecdsa-with-SHA384
- Signature Value:
- 30:64:02:30:1b:6d:2e:45:41:1c:45:3e:d9:5f:34:18:74:67:
- 13:79:ba:ab:29:b5:b6:10:4e:83:27:4a:8b:45:4e:c7:7b:cf:
- f4:40:30:1d:61:a5:e6:1c:6d:a4:90:09:92:6e:46:4b:02:30:
- 46:29:18:84:34:7a:bc:fb:de:d8:1b:d8:19:a7:04:f5:cb:7e:
- e7:6d:84:d9:da:8e:ea:ce:36:30:b9:a2:80:4c:2c:e6:60:12:
- 4b:a9:76:aa:e8:6d:95:47:da:72:09:0c
------BEGIN CERTIFICATE-----
-MIICtDCCAjugAwIBAgIQGG511O6woF39Lagghl0eMTAKBggqhkjOPQQDAzBPMQsw
-CQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJuZXQgU2VjdXJpdHkgUmVzZWFyY2gg
-R3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBYMjAeFw0yNDAzMTMwMDAwMDBaFw0y
-NzAzMTIyMzU5NTlaMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNy
-eXB0MQswCQYDVQQDEwJFNTB2MBAGByqGSM49AgEGBSuBBAAiA2IABA0LOoprYY62
-79xfWOfGQkVUq2P2ZmFICi5ZdbSBAjdQtz8WedyY7KEol3IgHCzP1XxSIE5UeFuE
-FGvAkK6F7MBRQTxah38GTdT+YNH6bC3hfZUQiKIIVA+ZGkzm6gqs2KOB+DCB9TAO
-BgNVHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIG
-A1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFJ8rX888IU+dBLftKyzExnCL0tcN
-MB8GA1UdIwQYMBaAFHxClq7eS0g7+pL4nozPbYupcjeVMDIGCCsGAQUFBwEBBCYw
-JDAiBggrBgEFBQcwAoYWaHR0cDovL3gyLmkubGVuY3Iub3JnLzATBgNVHSAEDDAK
-MAgGBmeBDAECATAnBgNVHR8EIDAeMBygGqAYhhZodHRwOi8veDIuYy5sZW5jci5v
-cmcvMAoGCCqGSM49BAMDA2cAMGQCMBttLkVBHEU+2V80GHRnE3m6qym1thBOgydK
-i0VOx3vP9EAwHWGl5hxtpJAJkm5GSwIwRikYhDR6vPve2BvYGacE9ct+522E2dqO
-6s42MLmigEws5mASS6l2quhtlUfacgkM
------END CERTIFICATE-----
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- 41:d2:9d:d1:72:ea:ee:a7:80:c1:2c:6c:e9:2f:87:52
- Signature Algorithm: ecdsa-with-SHA384
- Issuer: C = US, O = Internet Security Research Group, CN = ISRG Root X2
- Validity
- Not Before: Sep 4 00:00:00 2020 GMT
- Not After : Sep 17 16:00:00 2040 GMT
- Subject: C = US, O = Internet Security Research Group, CN = ISRG Root X2
- Subject Public Key Info:
- Public Key Algorithm: id-ecPublicKey
- Public-Key: (384 bit)
- pub:
- 04:cd:9b:d5:9f:80:83:0a:ec:09:4a:f3:16:4a:3e:
- 5c:cf:77:ac:de:67:05:0d:1d:07:b6:dc:16:fb:5a:
- 8b:14:db:e2:71:60:c4:ba:45:95:11:89:8e:ea:06:
- df:f7:2a:16:1c:a4:b9:c5:c5:32:e0:03:e0:1e:82:
- 18:38:8b:d7:45:d8:0a:6a:6e:e6:00:77:fb:02:51:
- 7d:22:d8:0a:6e:9a:5b:77:df:f0:fa:41:ec:39:dc:
- 75:ca:68:07:0c:1f:ea
- ASN1 OID: secp384r1
- NIST CURVE: P-384
- X509v3 extensions:
- X509v3 Key Usage: critical
- Certificate Sign, CRL Sign
- X509v3 Basic Constraints: critical
- CA:TRUE
- X509v3 Subject Key Identifier:
- 7C:42:96:AE:DE:4B:48:3B:FA:92:F8:9E:8C:CF:6D:8B:A9:72:37:95
- Signature Algorithm: ecdsa-with-SHA384
- 30:65:02:30:7b:79:4e:46:50:84:c2:44:87:46:1b:45:70:ff:
- 58:99:de:f4:fd:a4:d2:55:a6:20:2d:74:d6:34:bc:41:a3:50:
- 5f:01:27:56:b4:be:27:75:06:af:12:2e:75:98:8d:fc:02:31:
- 00:8b:f5:77:6c:d4:c8:65:aa:e0:0b:2c:ee:14:9d:27:37:a4:
- f9:53:a5:51:e4:29:83:d7:f8:90:31:5b:42:9f:0a:f5:fe:ae:
- 00:68:e7:8c:49:0f:b6:6f:5b:5b:15:f2:e7
------BEGIN CERTIFICATE-----
-MIICGzCCAaGgAwIBAgIQQdKd0XLq7qeAwSxs6S+HUjAKBggqhkjOPQQDAzBPMQsw
-CQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJuZXQgU2VjdXJpdHkgUmVzZWFyY2gg
-R3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBYMjAeFw0yMDA5MDQwMDAwMDBaFw00
-MDA5MTcxNjAwMDBaME8xCzAJBgNVBAYTAlVTMSkwJwYDVQQKEyBJbnRlcm5ldCBT
-ZWN1cml0eSBSZXNlYXJjaCBHcm91cDEVMBMGA1UEAxMMSVNSRyBSb290IFgyMHYw
-EAYHKoZIzj0CAQYFK4EEACIDYgAEzZvVn4CDCuwJSvMWSj5cz3es3mcFDR0HttwW
-+1qLFNvicWDEukWVEYmO6gbf9yoWHKS5xcUy4APgHoIYOIvXRdgKam7mAHf7AlF9
-ItgKbppbd9/w+kHsOdx1ymgHDB/qo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0T
-AQH/BAUwAwEB/zAdBgNVHQ4EFgQUfEKWrt5LSDv6kviejM9ti6lyN5UwCgYIKoZI
-zj0EAwMDaAAwZQIwe3lORlCEwkSHRhtFcP9Ymd70/aTSVaYgLXTWNLxBo1BfASdW
-tL4ndQavEi51mI38AjEAi/V3bNTIZargCyzuFJ0nN6T5U6VR5CmD1/iQMVtCnwr1
-/q4AaOeMSQ+2b1tbFfLn
------END CERTIFICATE-----