### Autoridades y Certificados ###

### Creando Autoridad Certificadora (CA)


lcardena@vaionic:~/cc52d$ /usr/lib/ssl/misc/CA.sh -newca
CA certificate filename (or enter to create)

Making CA certificate ...
Generating a 1024 bit RSA private key
..........++++++
.................................++++++
writing new private key to './demoCA/private/./cakey.pem'
Enter PEM pass phrase: capassphrase
Verifying - Enter PEM pass phrase: capassphrase
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:CL
State or Province Name (full name) [Some-State]:Metropolitana
Locality Name (eg, city) []:Santiago
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Segurito Inc
Organizational Unit Name (eg, section) []:Autoridad Certificadora
Common Name (eg, YOUR name) []:Juan Segura
Email Address []:jsegura@segurito.cl

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:cachallenge
An optional company name []:Segurito (c)
Using configuration from /usr/lib/ssl/openssl.cnf
Enter pass phrase for ./demoCA/private/./cakey.pem:
Check that the request matches the signature
Signature ok
Certificate Details:
        Serial Number: 0 (0x0)
        Validity                  
            Not Before: Aug 30 21:34:57 2006 GMT
            Not After : Aug 29 21:34:57 2009 GMT
        Subject:
            countryName               = CL
            stateOrProvinceName       = Metropolitana
            organizationName          = Segurito Inc
            organizationalUnitName    = Autoridad Certificadora
            commonName                = Juan Segura
            emailAddress              = jsegura@segurito.cl
        X509v3 extensions:
            X509v3 Basic Constraints:
                CA:FALSE
            Netscape Comment:
                OpenSSL Generated Certificate
            X509v3 Subject Key Identifier:
                A9:FB:34:4F:01:9A:7C:DB:22:C2:30:91:D1:C0:DE:4F:ED:22:F2:73
            X509v3 Authority Key Identifier:
                keyid:A9:FB:34:4F:01:9A:7C:DB:22:C2:30:91:D1:C0:DE:4F:ED:22:F2:73

Certificate is to be certified until Aug 29 21:34:57 2009 GMT (1095 days)

Write out database with 1 new entries
Data Base Updated


lcardena@vaionic:~/cc52d$ ls -laR demoCA
demoCA:
total 48
drwx------ 6 lcardena 4096 2006-08-30 15:19 ./
drwx------ 7 lcardena 4096 2006-08-30 15:17 ../
-rw------- 1 lcardena 3263 2006-08-30 15:19 cacert.pem
-rw------- 1 lcardena  794 2006-08-30 15:18 careq.pem
drwx------ 2 lcardena 4096 2006-08-30 15:17 certs/
drwx------ 2 lcardena 4096 2006-08-30 15:17 crl/
-rw------- 1 lcardena  122 2006-08-30 15:19 index.txt
-rw------- 1 lcardena   21 2006-08-30 15:19 index.txt.attr
-rw------- 1 lcardena    0 2006-08-30 15:17 index.txt.old
drwx------ 2 lcardena 4096 2006-08-30 15:19 newcerts/
drwx------ 2 lcardena 4096 2006-08-30 15:17 private/
-rw------- 1 lcardena    3 2006-08-30 15:19 serial
-rw------- 1 lcardena    3 2006-08-30 15:17 serial.old

demoCA/certs:
total 8
drwx------ 2 lcardena 4096 2006-08-30 15:17 ./
drwx------ 6 lcardena 4096 2006-08-30 15:19 ../

demoCA/crl:
total 8
drwx------ 2 lcardena 4096 2006-08-30 15:17 ./
drwx------ 6 lcardena 4096 2006-08-30 15:19 ../

demoCA/newcerts:
total 12
drwx------ 2 lcardena 4096 2006-08-30 15:19 ./
drwx------ 6 lcardena 4096 2006-08-30 15:19 ../
-rw------- 1 lcardena 3263 2006-08-30 15:19 00.pem

demoCA/private:
total 12
drwx------ 2 lcardena 4096 2006-08-30 15:17 ./  
drwx------ 6 lcardena 4096 2006-08-30 15:19 ../
-rw------- 1 lcardena  963 2006-08-30 15:18 cakey.pem


### CA's RSA Key Pair


lcardena@vaionic:~/cc52d$ cat demoCA/private/cakey.pem
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,45408AE4F715E00C

oiAb9mXt3YzAHTWxa+Y18gbfrecECNP1zM4ij9NmxDkuqBhq2m3k+Epr0NnnFhQR
HleiZZagny5APvYVzgXNqp4HouXgpr/lyOv73V1BywCfSNNpFId0DGnAieDD0aJc
OgZroDdQ4/o6sStlPxeO/zlPdJwm7EHqKaTIUV81VvgryG0087ZgaFHgPlY40qBP
5nObNVaWGfnUHjYk50BNBE1B/Pl5lNkoK3YRrxxrm7alT6PJOOv/ombtPeBFqXhC
kG3fTLdeUKbgkFbFfJR0h3rUzIkZLQnmlFbtOupEoqwtJ20Exa2lTxtfG+nTdKY5
q/Pdx3LoNkFck/Cq1ZyZVMLfhPZgF2mAncf1AXCTf8Iq6HecqNDpbN7s3gAV+W5+
ComY39Hgk/GhL8Ri7fbRDV9TByLnjCtZGU0IjfyJbXD0z8pzhtK+17jn+tKQDvXL
bufdWODtdTkvpJLLREVWko59HLNEsdpVD5lnG8fP4DyhIdR99r5PMQ+D8WAnTxyv
TncI4xxwbcHu48TPeN5WVqKSgk5P3mi1f0gMKGv7v30IOMHZ/xGXoJaSr09TRr8M
tHP8oNgvSUg9DY1dkqN8PXZHBvYIv6KcmxUIxcETpVsUD3YZZHtk2DSyv+g6xQ4b
D1xPUNQQsa2rQxfPOkJTW3F2fR79cnSRwGLA7B06c/vCgcYTMudig/Xz6T4HOhgR
whtwDQdBWyUgX5Zie/VCySnomjwPPbhCllNqbREwFLfzfp60ZnP/xZj9+XT5PAaF
LrKEWiqYiephNVPmpFAahF1fFxW8VXvVgVqCceIP4zvRMbQuKVnsRQ==
-----END RSA PRIVATE KEY-----


### CA's self-signed Certificate


lcardena@vaionic:~/cc52d$ cat demoCA/cacert.pem
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 0 (0x0)
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=CL, ST=Metropolitana, O=Segurito Inc, OU=Autoridad Certificadora, CN=Juan Segura/emailAddress=jsegura@segurito.cl
        Validity
            Not Before: Aug 30 21:34:57 2006 GMT
            Not After : Aug 29 21:34:57 2009 GMT
        Subject: C=CL, ST=Metropolitana, O=Segurito Inc, OU=Autoridad Certificadora, CN=Juan Segura/emailAddress=jsegura@segurito.cl
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (1024 bit)
                Modulus (1024 bit):
                    00:eb:4a:94:c7:86:71:67:c0:5b:87:fb:61:2c:d7:
                    73:8c:8b:e3:a7:1d:09:8e:f6:3f:c4:5f:4a:36:1d:
                    90:ad:a9:4e:11:40:1c:0c:61:f4:71:5d:46:38:04:
                    4c:b9:2e:2f:60:18:b3:6c:db:b3:8f:e0:a7:79:d6:
                    6a:55:2d:37:5a:18:a8:59:61:62:02:54:db:81:64:
                    77:41:52:d9:27:45:c4:15:42:ad:02:a7:4d:7f:96:
                    de:05:89:a8:04:66:51:0d:18:67:57:08:52:3f:d9:
                    00:dd:2e:8a:b0:1b:44:35:ca:ff:2c:69:1b:f4:20:
                    70:20:72:1c:94:3a:81:cf:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints:
                CA:FALSE
            Netscape Comment:
                OpenSSL Generated Certificate
            X509v3 Subject Key Identifier:
                A9:FB:34:4F:01:9A:7C:DB:22:C2:30:91:D1:C0:DE:4F:ED:22:F2:73
            X509v3 Authority Key Identifier:
                keyid:A9:FB:34:4F:01:9A:7C:DB:22:C2:30:91:D1:C0:DE:4F:ED:22:F2:73

    Signature Algorithm: sha1WithRSAEncryption
        3b:57:f0:1c:a0:81:98:fb:bb:88:cc:91:e1:df:d2:ed:09:ad:
        18:31:22:c9:50:0c:e2:f5:ab:24:5b:ce:29:d9:ab:08:26:8d:
        f2:f0:79:8e:a2:87:af:54:71:fa:dc:26:e0:d2:13:14:29:ed:
        be:8c:06:43:75:3e:9f:20:dd:55:a7:df:81:78:c0:75:d1:e0:
        48:c8:25:5d:04:8a:d0:1a:ff:40:f4:31:ff:8e:d2:8c:75:f5:
        10:78:d2:f9:35:fd:1b:b5:bf:c7:56:58:0a:53:35:4a:01:36:
        94:e6:40:17:c5:4b:90:3b:c2:7a:37:d3:37:df:a8:f9:39:93:
        4c:c9
-----BEGIN CERTIFICATE-----
MIIDIzCCAoygAwIBAgIBADANBgkqhkiG9w0BAQUFADCBmDELMAkGA1UEBhMCQ0wx
FjAUBgNVBAgTDU1ldHJvcG9saXRhbmExFTATBgNVBAoTDFNlZ3VyaXRvIEluYzEg
MB4GA1UECxMXQXV0b3JpZGFkIENlcnRpZmljYWRvcmExFDASBgNVBAMTC0p1YW4g
U2VndXJhMSIwIAYJKoZIhvcNAQkBFhNqc2VndXJhQHNlZ3VyaXRvLmNsMB4XDTA2
MDgzMDIxMzQ1N1oXDTA5MDgyOTIxMzQ1N1owgZgxCzAJBgNVBAYTAkNMMRYwFAYD
VQQIEw1NZXRyb3BvbGl0YW5hMRUwEwYDVQQKEwxTZWd1cml0byBJbmMxIDAeBgNV
BAsTF0F1dG9yaWRhZCBDZXJ0aWZpY2Fkb3JhMRQwEgYDVQQDEwtKdWFuIFNlZ3Vy
YTEiMCAGCSqGSIb3DQEJARYTanNlZ3VyYUBzZWd1cml0by5jbDCBnzANBgkqhkiG
9w0BAQEFAAOBjQAwgYkCgYEA60qUx4ZxZ8Bbh/thLNdzjIvjpx0JjvY/xF9KNh2Q
ralOEUAcDGH0cV1GOARMuS4vYBizbNuzj+CnedZqVS03WhioWWFiAlTbgWR3QVLZ
J0XEFUKtAqdNf5beBYmoBGZRDRhnVwhSP9kA3S6KsBtENcr/LGkb9CBwIHIclDqB
zyMCAwEAAaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBH
ZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFKn7NE8BmnzbIsIwkdHA3k/t
IvJzMB8GA1UdIwQYMBaAFKn7NE8BmnzbIsIwkdHA3k/tIvJzMA0GCSqGSIb3DQEB
BQUAA4GBADtX8ByggZj7u4jMkeHf0u0JrRgxIslQDOL1qyRbzinZqwgmjfLweY6i
h69UcfrcJuDSExQp7b6MBkN1Pp8g3VWn34F4wHXR4EjIJV0EitAa/0D0Mf+O0ox1
9RB40vk1/Ru1v8dWWApTNUoBNpTmQBfFS5A7wno30zffqPk5k0zJ
-----END CERTIFICATE-----


### Un servidor quiere un certificado: Crea un Unsigned Certificate Request


lcardena@vaionic:~/cc52d$ /usr/lib/ssl/misc/CA.sh -newreq
Generating a 1024 bit RSA private key
...............++++++
........................................++++++
writing new private key to 'newkey.pem'
Enter PEM pass phrase: serverpassphrase
Verifying - Enter PEM pass phrase: serverpassphrase
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:AR
State or Province Name (full name) [Some-State]:Mendoza
Locality Name (eg, city) []:Maipu
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Gauchos SA
Organizational Unit Name (eg, section) []:Webhosting
Common Name (eg, YOUR name) []:gauchos.ar
Email Address []:webhosting@gauchos.ar

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:serverchallenge
An optional company name []:Gauchos Sociedad Anonima
Request is in newreq.pem, private key is in newkey.pem


lcardena@vaionic:~/cc52d$ cat newkey.pem
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,CC282718AA60FC32

sa6PUj5Lb2u4p17vdSkGz1dUulZoO8/mhz0Cggp7zgES7auF09QOPFNpgteYXYdQ
7LYU69LvkR8XAVgJjCOmTZVhyPvKobknt7I+0fgBeJjVDwa7Po7rbfttlDeNjYJd
3YxYD0HExmJlF5Ojjs7gPjAr927v0wBIoopKjixUjyIllQBnADnTowQzMK53u9p2
/79YXGGAvddio8djz0M6OhiqsAtK62qGDxfxLjDfjBfS1Bsaj944X2BelVErnQmA
5b1CflA0/3l3y+graFaFNS637xvkinwsiBa3jUwaJgIzcqW/gzhMdBptQiKxzu2s
SfCzPPg+ATsNr7WUMBM+SrXMpSLpo2FcG/7ehTajBSjP5ZZSBP72DpvXWmt3Qgpm
yUk4FKXnyJ3TJvC38MZP37buiPAyFQlk0hFNCh8Y8KhY6TiAt5O0CzBi3erP3D6H
ed8vY4Yj5wrI96e4zeHshQVINr2SSCbTO5TdGOM60rfVCXSKJoZ8fil/nrQekB5D
ycxxQap0cvWep5s1OycFkDDNvpa6viHLLEgVvuW6f8F+W14eAZd832Ix8GkMfeaK
yU6tOdtahBqfW7l5cbGObVMeyVQKpNbQqODlzaqQw4n8hC+WahTgBPMfvRnMtdGe
GI7BtjBoVBxxbknChovTkkIXh7uD44ElVb0By3xB5O6crXiQmBCpTjcNRbCSLva5
tsM7pDvkMZjJnVT+x3BR6FBC8wZZAHpMVpsXozBVxhgmQ96DrOusUDKnmSq/hFMt
vgcodKYD0SUDnePGF3lkjd0E3UrG4iDpvuS5CPGgXwCotOUK9O+upQ==
-----END RSA PRIVATE KEY-----


lcardena@vaionic:~/cc52d$ cp newkey.pem gauchos.ar.pem


### La CA firma el Unsigned Certificate Request del servidor


lcardena@vaionic:~/cc52d$ /usr/lib/ssl/misc/CA.sh -sign
Using configuration from /usr/lib/ssl/openssl.cnf
Enter pass phrase for ./demoCA/private/cakey.pem:
Check that the request matches the signature
Signature ok
Certificate Details:
        Serial Number: 2 (0x2)
        Validity
            Not Before: Aug 30 22:05:14 2006 GMT
            Not After : Aug 30 22:05:14 2007 GMT
        Subject:
            countryName               = AR
            stateOrProvinceName       = Mendoza
            localityName              = Maipu
            organizationName          = Gauchos SA
            organizationalUnitName    = Webhosting
            commonName                = gauchos.ar
            emailAddress              = webhosting@gauchos.ar
        X509v3 extensions:
            X509v3 Basic Constraints:
                CA:FALSE
            Netscape Comment:
                OpenSSL Generated Certificate
            X509v3 Subject Key Identifier:
                04:DF:8D:41:FC:40:0B:FB:09:34:CC:1B:03:47:B9:00:77:F7:7D:DE
            X509v3 Authority Key Identifier:
                keyid:A9:FB:34:4F:01:9A:7C:DB:22:C2:30:91:D1:C0:DE:4F:ED:22:F2:73

Certificate is to be certified until Aug 30 22:05:14 2007 GMT (365 days)
Sign the certificate? [y/n]:y


1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2 (0x2)
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=CL, ST=Metropolitana, O=Segurito Inc, OU=Autoridad Certificadora, CN=Juan Segura/emailAddress=jsegura@segurito.cl
        Validity
            Not Before: Aug 30 22:05:14 2006 GMT
            Not After : Aug 30 22:05:14 2007 GMT
        Subject: C=AR, ST=Mendoza, L=Maipu, O=Gauchos SA, OU=Webhosting, CN=gauchos.ar/emailAddress=webhosting@gauchos.ar
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (1024 bit)
                Modulus (1024 bit):
                    00:be:1c:e4:a8:ee:34:54:3e:e8:93:d6:cc:77:f6:
                    a3:e2:ba:b4:1e:a5:fd:cd:93:33:3d:a7:b4:53:99:
                    07:4a:bf:22:c3:73:69:5d:a9:b5:7a:52:6e:f2:77:
                    48:62:56:41:c8:aa:72:b2:ee:b5:ad:85:a1:e2:59:
                    e2:26:2a:37:bd:7f:a2:63:fc:fa:9c:e2:7f:83:80:
                    fb:56:d2:94:5c:73:49:14:b5:1d:07:f5:d9:31:71:
                    ef:e7:e1:c5:c3:09:fe:23:52:1a:7c:37:b0:3c:02:
                    54:7e:f3:6e:8f:a9:56:8f:7a:92:ab:94:45:98:fc:
                    a0:6a:84:ab:35:62:b2:99:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints:
                CA:FALSE
            Netscape Comment:
                OpenSSL Generated Certificate
            X509v3 Subject Key Identifier:
                04:DF:8D:41:FC:40:0B:FB:09:34:CC:1B:03:47:B9:00:77:F7:7D:DE
            X509v3 Authority Key Identifier:
                keyid:A9:FB:34:4F:01:9A:7C:DB:22:C2:30:91:D1:C0:DE:4F:ED:22:F2:73

    Signature Algorithm: sha1WithRSAEncryption
        23:ba:fb:41:b1:56:29:60:a2:1a:3e:0b:d3:32:fa:45:f7:89:
        87:04:3e:7b:d1:69:49:04:36:a3:f4:d2:bf:40:df:b0:a8:54:
        29:07:9e:50:5e:3e:89:16:3a:91:b9:21:49:8b:f9:b9:c2:41:
        c3:29:4c:27:4d:e4:f9:0b:a0:c1:db:aa:6a:35:42:29:a2:38:
        4f:22:de:18:fb:11:aa:a6:c0:8d:10:1d:e0:f0:6c:45:c2:c4:
        c3:9a:7e:1b:77:97:cd:49:70:3a:0c:ee:76:79:59:3f:3e:fc:
        ca:c9:33:ff:b7:fc:a5:50:51:14:7e:2a:87:6b:55:9c:70:0c:
        c7:9b
-----BEGIN CERTIFICATE-----
MIIDHzCCAoigAwIBAgIBAjANBgkqhkiG9w0BAQUFADCBmDELMAkGA1UEBhMCQ0wx
FjAUBgNVBAgTDU1ldHJvcG9saXRhbmExFTATBgNVBAoTDFNlZ3VyaXRvIEluYzEg
MB4GA1UECxMXQXV0b3JpZGFkIENlcnRpZmljYWRvcmExFDASBgNVBAMTC0p1YW4g
U2VndXJhMSIwIAYJKoZIhvcNAQkBFhNqc2VndXJhQHNlZ3VyaXRvLmNsMB4XDTA2
MDgzMDIyMDUxNFoXDTA3MDgzMDIyMDUxNFowgZQxCzAJBgNVBAYTAkFSMRAwDgYD
VQQIEwdNZW5kb3phMQ4wDAYDVQQHEwVNYWlwdTETMBEGA1UEChMKR2F1Y2hvcyBT
QTETMBEGA1UECxMKV2ViaG9zdGluZzETMBEGA1UEAxMKZ2F1Y2hvcy5hcjEkMCIG
CSqGSIb3DQEJARYVd2ViaG9zdGluZ0BnYXVjaG9zLmFyMIGfMA0GCSqGSIb3DQEB
AQUAA4GNADCBiQKBgQC+HOSo7jRUPuiT1sx39qPiurQepf3NkzM9p7RTmQdKvyLD
c2ldqbV6Um7yd0hiVkHIqnKy7rWthaHiWeImKje9f6Jj/Pqc4n+DgPtW0pRcc0kU
tR0H9dkxce/n4cXDCf4jUhp8N7A8AlR+826PqVaPepKrlEWY/KBqhKs1YrKZiQID
AQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVy
YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUBN+NQfxAC/sJNMwbA0e5AHf3fd4w
HwYDVR0jBBgwFoAUqfs0TwGafNsiwjCR0cDeT+0i8nMwDQYJKoZIhvcNAQEFBQAD
gYEAI7r7QbFWKWCiGj4L0zL6RfeJhwQ+e9FpSQQ2o/TSv0DfsKhUKQeeUF4+iRY6
kbkhSYv5ucJBwylMJ03k+QugwduqajVCKaI4TyLeGPsRqqbAjRAd4PBsRcLEw5p+
G3eXzUlwOgzudnlZPz78yskz/7f8pVBRFH4qh2tVnHAMx5s=
-----END CERTIFICATE-----
Signed certificate is in newcert.pem


lcardena@vaionic:~/cc52d$ cat newcert.pem
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2 (0x2)
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=CL, ST=Metropolitana, O=Segurito Inc, OU=Autoridad Certificadora, CN=Juan Segura/emailAddress=jsegura@segurito.cl
        Validity
            Not Before: Aug 30 22:05:14 2006 GMT
            Not After : Aug 30 22:05:14 2007 GMT
        Subject: C=AR, ST=Mendoza, L=Maipu, O=Gauchos SA, OU=Webhosting, CN=gauchos.ar/emailAddress=webhosting@gauchos.ar
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (1024 bit)
                Modulus (1024 bit):
                    00:be:1c:e4:a8:ee:34:54:3e:e8:93:d6:cc:77:f6:
                    a3:e2:ba:b4:1e:a5:fd:cd:93:33:3d:a7:b4:53:99:
                    07:4a:bf:22:c3:73:69:5d:a9:b5:7a:52:6e:f2:77:
                    48:62:56:41:c8:aa:72:b2:ee:b5:ad:85:a1:e2:59:
                    e2:26:2a:37:bd:7f:a2:63:fc:fa:9c:e2:7f:83:80:
                    fb:56:d2:94:5c:73:49:14:b5:1d:07:f5:d9:31:71:
                    ef:e7:e1:c5:c3:09:fe:23:52:1a:7c:37:b0:3c:02:
                    54:7e:f3:6e:8f:a9:56:8f:7a:92:ab:94:45:98:fc:
                    a0:6a:84:ab:35:62:b2:99:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints:
                CA:FALSE
            Netscape Comment:
                OpenSSL Generated Certificate
            X509v3 Subject Key Identifier:
                04:DF:8D:41:FC:40:0B:FB:09:34:CC:1B:03:47:B9:00:77:F7:7D:DE
            X509v3 Authority Key Identifier:
                keyid:A9:FB:34:4F:01:9A:7C:DB:22:C2:30:91:D1:C0:DE:4F:ED:22:F2:73

    Signature Algorithm: sha1WithRSAEncryption
        23:ba:fb:41:b1:56:29:60:a2:1a:3e:0b:d3:32:fa:45:f7:89:
        87:04:3e:7b:d1:69:49:04:36:a3:f4:d2:bf:40:df:b0:a8:54:
        29:07:9e:50:5e:3e:89:16:3a:91:b9:21:49:8b:f9:b9:c2:41:
        c3:29:4c:27:4d:e4:f9:0b:a0:c1:db:aa:6a:35:42:29:a2:38:
        4f:22:de:18:fb:11:aa:a6:c0:8d:10:1d:e0:f0:6c:45:c2:c4:
        c3:9a:7e:1b:77:97:cd:49:70:3a:0c:ee:76:79:59:3f:3e:fc:
        ca:c9:33:ff:b7:fc:a5:50:51:14:7e:2a:87:6b:55:9c:70:0c:
        c7:9b
-----BEGIN CERTIFICATE-----
MIIDHzCCAoigAwIBAgIBAjANBgkqhkiG9w0BAQUFADCBmDELMAkGA1UEBhMCQ0wx
FjAUBgNVBAgTDU1ldHJvcG9saXRhbmExFTATBgNVBAoTDFNlZ3VyaXRvIEluYzEg
MB4GA1UECxMXQXV0b3JpZGFkIENlcnRpZmljYWRvcmExFDASBgNVBAMTC0p1YW4g
U2VndXJhMSIwIAYJKoZIhvcNAQkBFhNqc2VndXJhQHNlZ3VyaXRvLmNsMB4XDTA2
MDgzMDIyMDUxNFoXDTA3MDgzMDIyMDUxNFowgZQxCzAJBgNVBAYTAkFSMRAwDgYD
VQQIEwdNZW5kb3phMQ4wDAYDVQQHEwVNYWlwdTETMBEGA1UEChMKR2F1Y2hvcyBT
QTETMBEGA1UECxMKV2ViaG9zdGluZzETMBEGA1UEAxMKZ2F1Y2hvcy5hcjEkMCIG
CSqGSIb3DQEJARYVd2ViaG9zdGluZ0BnYXVjaG9zLmFyMIGfMA0GCSqGSIb3DQEB
AQUAA4GNADCBiQKBgQC+HOSo7jRUPuiT1sx39qPiurQepf3NkzM9p7RTmQdKvyLD
c2ldqbV6Um7yd0hiVkHIqnKy7rWthaHiWeImKje9f6Jj/Pqc4n+DgPtW0pRcc0kU
tR0H9dkxce/n4cXDCf4jUhp8N7A8AlR+826PqVaPepKrlEWY/KBqhKs1YrKZiQID
AQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVy
YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUBN+NQfxAC/sJNMwbA0e5AHf3fd4w
HwYDVR0jBBgwFoAUqfs0TwGafNsiwjCR0cDeT+0i8nMwDQYJKoZIhvcNAQEFBQAD
gYEAI7r7QbFWKWCiGj4L0zL6RfeJhwQ+e9FpSQQ2o/TSv0DfsKhUKQeeUF4+iRY6
kbkhSYv5ucJBwylMJ03k+QugwduqajVCKaI4TyLeGPsRqqbAjRAd4PBsRcLEw5p+
G3eXzUlwOgzudnlZPz78yskz/7f8pVBRFH4qh2tVnHAMx5s=
-----END CERTIFICATE-----


lcardena@vaionic:~/cc52d$ cp newcert.pem gauchos.ar.crt


### El Cliente hace lo mismo (forma larga): Generar par RSA


lcardena@vaionic:~/cc52d$ openssl genrsa -des3 -out llave.key 1024
Generating RSA private key, 1024 bit long modulus
.......++++++
.......................++++++
e is 65537 (0x10001)
Enter pass phrase for llave.key: clientepassphrase
Verifying - Enter pass phrase for llave.key: clientepassphrase


lcardena@vaionic:~/cc52d$ cat llave.key
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,2924B8824F1B2352

SZ5Nhr+5ZZ46DXbd4t+aUctnKbKEfHaonKgVY724aLpjXDfIYQNNKHV3WzHw6BIa
462sIid9T63EhOP73/jbITiMD1HBA8AvyxoV7cEiLqVrntA2qFdQIrRwm8oMB3ki
mRUhZ7iZJRASzru8u6j3wKMJiPSW9wgB80S9xZyfXwQaGlCZWQDE2B3aYaDlF1Cv
zEdDEue7hFEkKHN9Mr0BtZ+bruEubfRBJahp5CXydvWXgY60Nha/eO4mxpqtmZ1h
tmjFznVOX1RHYX9Jxbbk7GtZS3sx6ZkJDQPIC6mi3XfSjVNfzPLAqSZO0cv8jVC0
hO2GXd4PPIApdwgfz8zfQYng9By1Uk7OEFX3PeL3kOhpq/004KLRix/Y9spJgANz
PefG6RvvIZCFqtvdV1M5jyLxW0J3yVa1IvO7u1UJIEUvIgB7joS3D1Ipvmm3H+xE
zm9WM0luJLD/cmrm+ORDm0UdOkCdvH+5toSep4t1ZCi3qjbdpX+00ODEJIWW3jza
KAHONw3tJRFd++TPda00Hcdn2GxcFehEcEubkWMCz2cqpaR5TjmgvdrqgQ4C5ixR
Npe80kpnPP2QNikdqNXBi/FdRTRsKwDFf3iZ32t1TMmLY045X5dmdhj8btH0gaEe
pt+PSn166PMbB+yJ0yF944mK+4UsUI+OfQ5jqqRQKzfeVLGG1qN1roN8JITtn3+h
q+VBzHECOg7pMBNTRs6fc0CuI5il1AbuG4cpmtp3045l8IrEmQrTbjX2DBj7tgfN
7Jw60R4gofFonvr3CE9I0x2NSUk7gmB7bzbgC1+5s4S/QO17kBLEjw==


### Cliente genera petici'on

lcardena@vaionic:~/cc52d$ openssl req -new -key llave.key -out request.csr
Enter pass phrase for llave.key: clientepassphrase
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:CL
State or Province Name (full name) [Some-State]:Santiago
Locality Name (eg, city) []:Penaflor
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Luchosoft Inc
Organizational Unit Name (eg, section) []:Desarrollo
Common Name (eg, YOUR name) []:Luis
Email Address []:lcardena@dcc.cl

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:clientchallenge
An optional company name []:Luchonet


lcardena@vaionic:~/cc52d$ cat request.csr
-----BEGIN CERTIFICATE REQUEST-----
MIICCTCCAXICAQAwgY8xCzAJBgNVBAYTAkNMMREwDwYDVQQIEwhTYW50aWFnbzER
MA8GA1UEBxMIUGVuYWZsb3IxFjAUBgNVBAoTDUx1Y2hvc29mdCBJbmMxEzARBgNV
BAsTCkRlc2Fycm9sbG8xDTALBgNVBAMTBEx1aXMxHjAcBgkqhkiG9w0BCQEWD2xj
YXJkZW5hQGRjYy5jbDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwOD6RgQ6
KzyRUO5brJdsqVm9WACpVnYKgm5FXuMwaTgG3k8+h0gYw5bNqOTL8MJMna+quJBD
fkgL0zolkDrkoGAF/QvJjO3zmHb4HFxQlN8x4PHUTliwULGv9alWiFVU62uzQJCV
oeSoNqrNTLtfEr2pWfovQNYJc/0IUccL6AkCAwEAAaA5MBcGCSqGSIb3DQEJAjEK
EwhMdWNob25ldDAeBgkqhkiG9w0BCQcxERMPY2xpZW50Y2hhbGxlbmdlMA0GCSqG
SIb3DQEBBQUAA4GBAAH7hv5HpiY0xy/jCBjSZS02iK8jc4H5NWcFmNZe9AEFKEUu
ZqA1p7p6IkfMQ9RtqfxGY7hu9QQ7UGccUpxFPoPVsm8tvQTMyWzc/R3JUZs5UhFh
AJg3MHI5wSVjpGcCyiTn3N+Gk6/4etnqkM2yIY8+YcKLIQsebVwmxS5vU6Z2
-----END CERTIFICATE REQUEST-----


### CA firma CSR

lcardena@vaionic:~/cc52d$ cp request.csr newreq.pem


lcardena@vaionic:~/cc52d$ /usr/lib/ssl/misc/CA.sh -sign
Using configuration from /usr/lib/ssl/openssl.cnf
Enter pass phrase for ./demoCA/private/cakey.pem: capassphrase
Check that the request matches the signature
Signature ok
Certificate Details:
        Serial Number: 3 (0x3)
        Validity
            Not Before: Aug 30 22:57:53 2006 GMT
            Not After : Aug 30 22:57:53 2007 GMT
        Subject:
            countryName               = CL
            stateOrProvinceName       = Santiago
            localityName              = Penaflor
            organizationName          = Luchosoft Inc
            organizationalUnitName    = Desarrollo
            commonName                = Luis
            emailAddress              = lcardena@dcc.cl
        X509v3 extensions:
            X509v3 Basic Constraints:
                CA:FALSE
            Netscape Comment:
                OpenSSL Generated Certificate
            X509v3 Subject Key Identifier:
                08:50:6D:3A:C9:6F:7A:79:4A:97:BC:DF:A0:16:C1:C0:62:60:AD:85
            X509v3 Authority Key Identifier:
                keyid:A9:FB:34:4F:01:9A:7C:DB:22:C2:30:91:D1:C0:DE:4F:ED:22:F2:73

Certificate is to be certified until Aug 30 22:57:53 2007 GMT (365 days)
Sign the certificate? [y/n]:y


1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3 (0x3)
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=CL, ST=Metropolitana, O=Segurito Inc, OU=Autoridad Certificadora, CN=Juan Segura/emailAddress=jsegura@segurito.cl
        Validity
            Not Before: Aug 30 22:57:53 2006 GMT
            Not After : Aug 30 22:57:53 2007 GMT
        Subject: C=CL, ST=Santiago, L=Penaflor, O=Luchosoft Inc, OU=Desarrollo, CN=Luis/emailAddress=lcardena@dcc.cl
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (1024 bit)
                Modulus (1024 bit):
                    00:c0:e0:fa:46:04:3a:2b:3c:91:50:ee:5b:ac:97:
                    6c:a9:59:bd:58:00:a9:56:76:0a:82:6e:45:5e:e3:
                    30:69:38:06:de:4f:3e:87:48:18:c3:96:cd:a8:e4:
                    cb:f0:c2:4c:9d:af:aa:b8:90:43:7e:48:0b:d3:3a:
                    25:90:3a:e4:a0:60:05:fd:0b:c9:8c:ed:f3:98:76:
                    f8:1c:5c:50:94:df:31:e0:f1:d4:4e:58:b0:50:b1:
                    af:f5:a9:56:88:55:54:eb:6b:b3:40:90:95:a1:e4:
                    a8:36:aa:cd:4c:bb:5f:12:bd:a9:59:fa:2f:40:d6:
                    09:73:fd:08:51:c7:0b:e8:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints:
                CA:FALSE
            Netscape Comment:
                OpenSSL Generated Certificate
            X509v3 Subject Key Identifier:
                08:50:6D:3A:C9:6F:7A:79:4A:97:BC:DF:A0:16:C1:C0:62:60:AD:85
            X509v3 Authority Key Identifier:
                keyid:A9:FB:34:4F:01:9A:7C:DB:22:C2:30:91:D1:C0:DE:4F:ED:22:F2:73

    Signature Algorithm: sha1WithRSAEncryption
        2f:ef:be:14:78:96:d1:47:51:15:21:70:3e:31:98:71:bc:74:
        7d:4e:38:33:17:f3:9a:40:9d:11:f8:2c:06:cc:79:3a:4f:58:
        57:14:5c:31:61:24:3c:cb:3e:6c:a4:ac:78:f1:7e:f9:ca:a6:
        bb:71:a9:a8:19:06:71:12:01:f3:8f:71:99:93:12:b0:3d:14:
        09:ae:af:59:e3:16:69:b1:83:8b:88:dc:7a:e4:d1:28:2b:76:
        ca:6e:23:b6:a3:8b:f9:cf:df:44:53:24:17:e9:89:c3:54:fb:
        5d:f6:11:e3:b7:4e:1a:93:a6:5b:37:bf:9a:df:65:32:6a:96:
        f2:b8
-----BEGIN CERTIFICATE-----
MIIDGjCCAoOgAwIBAgIBAzANBgkqhkiG9w0BAQUFADCBmDELMAkGA1UEBhMCQ0wx
FjAUBgNVBAgTDU1ldHJvcG9saXRhbmExFTATBgNVBAoTDFNlZ3VyaXRvIEluYzEg
MB4GA1UECxMXQXV0b3JpZGFkIENlcnRpZmljYWRvcmExFDASBgNVBAMTC0p1YW4g
U2VndXJhMSIwIAYJKoZIhvcNAQkBFhNqc2VndXJhQHNlZ3VyaXRvLmNsMB4XDTA2
MDgzMDIyNTc1M1oXDTA3MDgzMDIyNTc1M1owgY8xCzAJBgNVBAYTAkNMMREwDwYD
VQQIEwhTYW50aWFnbzERMA8GA1UEBxMIUGVuYWZsb3IxFjAUBgNVBAoTDUx1Y2hv
c29mdCBJbmMxEzARBgNVBAsTCkRlc2Fycm9sbG8xDTALBgNVBAMTBEx1aXMxHjAc
BgkqhkiG9w0BCQEWD2xjYXJkZW5hQGRjYy5jbDCBnzANBgkqhkiG9w0BAQEFAAOB
jQAwgYkCgYEAwOD6RgQ6KzyRUO5brJdsqVm9WACpVnYKgm5FXuMwaTgG3k8+h0gY
w5bNqOTL8MJMna+quJBDfkgL0zolkDrkoGAF/QvJjO3zmHb4HFxQlN8x4PHUTliw
ULGv9alWiFVU62uzQJCVoeSoNqrNTLtfEr2pWfovQNYJc/0IUccL6AkCAwEAAaN7
MHkwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQg
Q2VydGlmaWNhdGUwHQYDVR0OBBYEFAhQbTrJb3p5Spe836AWwcBiYK2FMB8GA1Ud
IwQYMBaAFKn7NE8BmnzbIsIwkdHA3k/tIvJzMA0GCSqGSIb3DQEBBQUAA4GBAC/v
vhR4ltFHURUhcD4xmHG8dH1OODMX85pAnRH4LAbMeTpPWFcUXDFhJDzLPmykrHjx
fvnKprtxqagZBnESAfOPcZmTErA9FAmur1njFmmxg4uI3Hrk0SgrdspuI7aji/nP
30RTJBfpicNU+132EeO3ThqTpls3v5rfZTJqlvK4
-----END CERTIFICATE-----
Signed certificate is in newcert.pem


lcardena@vaionic:~/cc52d$ mv newcert.pem lcardena.crt


lcardena@vaionic:~/cc52d$ cat lcardena.crt
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3 (0x3)
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=CL, ST=Metropolitana, O=Segurito Inc, OU=Autoridad Certificadora, CN=Juan Segura/emailAddress=jsegura@segurito.cl
        Validity
            Not Before: Aug 30 22:57:53 2006 GMT
            Not After : Aug 30 22:57:53 2007 GMT
        Subject: C=CL, ST=Santiago, L=Penaflor, O=Luchosoft Inc, OU=Desarrollo, CN=Luis/emailAddress=lcardena@dcc.cl
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (1024 bit)
                Modulus (1024 bit):
                    00:c0:e0:fa:46:04:3a:2b:3c:91:50:ee:5b:ac:97:
                    6c:a9:59:bd:58:00:a9:56:76:0a:82:6e:45:5e:e3:
                    30:69:38:06:de:4f:3e:87:48:18:c3:96:cd:a8:e4:
                    cb:f0:c2:4c:9d:af:aa:b8:90:43:7e:48:0b:d3:3a:
                    25:90:3a:e4:a0:60:05:fd:0b:c9:8c:ed:f3:98:76:
                    f8:1c:5c:50:94:df:31:e0:f1:d4:4e:58:b0:50:b1:
                    af:f5:a9:56:88:55:54:eb:6b:b3:40:90:95:a1:e4:
                    a8:36:aa:cd:4c:bb:5f:12:bd:a9:59:fa:2f:40:d6:
                    09:73:fd:08:51:c7:0b:e8:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints:
                CA:FALSE
            Netscape Comment:
                OpenSSL Generated Certificate
            X509v3 Subject Key Identifier:
                08:50:6D:3A:C9:6F:7A:79:4A:97:BC:DF:A0:16:C1:C0:62:60:AD:85
            X509v3 Authority Key Identifier:
                keyid:A9:FB:34:4F:01:9A:7C:DB:22:C2:30:91:D1:C0:DE:4F:ED:22:F2:73

    Signature Algorithm: sha1WithRSAEncryption
        2f:ef:be:14:78:96:d1:47:51:15:21:70:3e:31:98:71:bc:74:
        7d:4e:38:33:17:f3:9a:40:9d:11:f8:2c:06:cc:79:3a:4f:58:
        57:14:5c:31:61:24:3c:cb:3e:6c:a4:ac:78:f1:7e:f9:ca:a6:
        bb:71:a9:a8:19:06:71:12:01:f3:8f:71:99:93:12:b0:3d:14:
        09:ae:af:59:e3:16:69:b1:83:8b:88:dc:7a:e4:d1:28:2b:76:
        ca:6e:23:b6:a3:8b:f9:cf:df:44:53:24:17:e9:89:c3:54:fb:
        5d:f6:11:e3:b7:4e:1a:93:a6:5b:37:bf:9a:df:65:32:6a:96:
        f2:b8
-----BEGIN CERTIFICATE-----
MIIDGjCCAoOgAwIBAgIBAzANBgkqhkiG9w0BAQUFADCBmDELMAkGA1UEBhMCQ0wx
FjAUBgNVBAgTDU1ldHJvcG9saXRhbmExFTATBgNVBAoTDFNlZ3VyaXRvIEluYzEg
MB4GA1UECxMXQXV0b3JpZGFkIENlcnRpZmljYWRvcmExFDASBgNVBAMTC0p1YW4g
U2VndXJhMSIwIAYJKoZIhvcNAQkBFhNqc2VndXJhQHNlZ3VyaXRvLmNsMB4XDTA2
MDgzMDIyNTc1M1oXDTA3MDgzMDIyNTc1M1owgY8xCzAJBgNVBAYTAkNMMREwDwYD
VQQIEwhTYW50aWFnbzERMA8GA1UEBxMIUGVuYWZsb3IxFjAUBgNVBAoTDUx1Y2hv
c29mdCBJbmMxEzARBgNVBAsTCkRlc2Fycm9sbG8xDTALBgNVBAMTBEx1aXMxHjAc
BgkqhkiG9w0BCQEWD2xjYXJkZW5hQGRjYy5jbDCBnzANBgkqhkiG9w0BAQEFAAOB
jQAwgYkCgYEAwOD6RgQ6KzyRUO5brJdsqVm9WACpVnYKgm5FXuMwaTgG3k8+h0gY
w5bNqOTL8MJMna+quJBDfkgL0zolkDrkoGAF/QvJjO3zmHb4HFxQlN8x4PHUTliw
ULGv9alWiFVU62uzQJCVoeSoNqrNTLtfEr2pWfovQNYJc/0IUccL6AkCAwEAAaN7
MHkwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQg
Q2VydGlmaWNhdGUwHQYDVR0OBBYEFAhQbTrJb3p5Spe836AWwcBiYK2FMB8GA1Ud
IwQYMBaAFKn7NE8BmnzbIsIwkdHA3k/tIvJzMA0GCSqGSIb3DQEBBQUAA4GBAC/v
vhR4ltFHURUhcD4xmHG8dH1OODMX85pAnRH4LAbMeTpPWFcUXDFhJDzLPmykrHjx
fvnKprtxqagZBnESAfOPcZmTErA9FAmur1njFmmxg4uI3Hrk0SgrdspuI7aji/nP
30RTJBfpicNU+132EeO3ThqTpls3v5rfZTJqlvK4
-----END CERTIFICATE-----


### Importar al navegador

lcardena@vaionic:~/cc52d$ openssl pkcs12 -export -out lcardena.p12 -in lcardena.crt -name "Mi Certificado"


### Colisiones ###

## Mostrar certificados

lcardena@vaionic:~/cc52d$ openssl x509 -in MD5Collision.certificate1.cer -inform DER -text
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 55604297 (0x3507449)
        Signature Algorithm: md5WithRSAEncryption
        Issuer: CN=Hash Collision CA, L=Eindhoven, C=NL
        Validity
            Not Before: Feb  1 00:00:01 2005 GMT
            Not After : Feb  1 00:00:01 2007 GMT
        Subject: CN=Hash Collision, O=we used a collision for MD5, L=Eindhoven, C=NL
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (2048 bit)
                Modulus (2048 bit):
                    00:ca:b9:e7:42:c4:b6:26:87:1a:b9:a5:24:84:6b:
                    05:c1:88:95:fb:93:65:e9:a6:9f:48:03:92:ff:2c:
                    3b:3f:79:41:ad:34:06:ff:ad:b4:03:4b:df:84:7a:
                    4d:37:01:4f:db:32:83:cb:19:d4:6f:a8:a7:65:c6:
                    b3:f0:16:bf:30:6a:ff:7c:2e:57:73:68:9b:33:19:
                    b8:15:64:ab:e7:f5:b9:cf:66:c5:e4:fe:79:0c:ee:
                    04:7d:36:cc:77:b0:ae:5d:08:7f:30:b5:60:eb:88:
                    72:b3:4d:40:67:78:66:2d:d8:84:64:67:7d:bd:9b:
                    80:98:9e:f2:4f:b8:2e:0e:a3:2b:58:64:af:33:b8:
                    fe:86:59:b0:94:46:46:99:f4:77:a6:bf:ca:34:8c:
                    23:cf:68:1e:c0:a8:46:a8:b2:7a:29:07:1b:56:3a:
                    13:16:b0:5f:38:27:b8:2f:b1:f9:de:1f:23:8f:3d:
                    12:ad:0d:da:a9:7d:db:cf:ce:ea:d1:09:39:5e:46:
                    e0:18:ae:23:7c:e5:93:55:ac:93:18:72:28:4c:3a:
                    29:3f:e9:11:79:41:a1:ad:52:83:64:a0:68:7a:ff:
                    60:83:b1:4b:00:9d:d9:52:c8:66:ca:43:a0:f4:1a:
                    7d:ce:58:76:c1:6c:b3:46:e9:a7:18:09:1c:ec:3d:
                    57:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints:
                CA:FALSE
            X509v3 Key Usage:
                Digital Signature, Non Repudiation, Key Encipherment
    Signature Algorithm: md5WithRSAEncryption
        13:19:e6:ff:66:ef:86:21:ae:ae:0c:fb:d2:c0:67:b9:9c:38:
        34:c0:0b:e8:8e:0a:97:e6:02:05:bc:5e:cd:85:64:6b:66:98:
        bd:2e:91:32:48:26:c8:b1:0e:21:67:ef:f2:64:c5:e4:5a:23:
        4f:de:57:23:a7:51:ea:2b:79:13:06:22:1b:54:b4:c2:0e:4c:
        d1:65:62:d6:98:ad:e4:d6:33:f0:53:d6:53:f8:be:9c:4d:40:
        2e:c9:f9:2d:36:30:98:dd:56:05:96:f7:bf:09:5a:f3:c9:fe:
        d7:ee:2b:49:21:80:18:00:3f:5c:65:f0:51:1d:45:4e:6e:52:
        29:13:2d:04:94:b7:b6:5e:f9:58:5a:a9:d4:33:09:4f:db:4f:
        9c:99:46:10:af:e0:f2:3f:b2:6e:5d:24:65:39:ae:ff:b6:e0:
        b0:df:35:b4:d9:ae:3c:f7:68:c5:aa:bc:93:55:8d:f8:7b:f4:
        21:28:8e:79:e9:ad:cb:b8:da:23:64:52:8e:74:f8:13:48:ff:
        b9:f5:fa:c4:3e:97:4f:3d:79:cc:a2:22:fd:67:5b:fd:3b:80:
        8a:3f:66:10:42:32:c8:06:a2:53:09:a1:87:d1:03:d7:50:89:
        34:36:d4:a3:29:09:fe:5c:76:b4:54:95:f5:2f:29:cf:66:a9:
        e3:dd:47:3f
-----BEGIN CERTIFICATE-----
MIIDNTCCAh2gAwIBAgIEA1B0STANBgkqhkiG9w0BAQQFADA9MRowGAYDVQQDExFI
YXNoIENvbGxpc2lvbiBDQTESMBAGA1UEBxMJRWluZGhvdmVuMQswCQYDVQQGEwJO
TDAeFw0wNTAyMDEwMDAwMDFaFw0wNzAyMDEwMDAwMDFaMGAxFzAVBgNVBAMTDkhh
c2ggQ29sbGlzaW9uMSQwIgYDVQQKExt3ZSB1c2VkIGEgY29sbGlzaW9uIGZvciBN
RDUxEjAQBgNVBAcTCUVpbmRob3ZlbjELMAkGA1UEBhMCTkwwggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQDKuedCxLYmhxq5pSSEawXBiJX7k2Xppp9IA5L/
LDs/eUGtNAb/rbQDS9+Eek03AU/bMoPLGdRvqKdlxrPwFr8wav98LldzaJszGbgV
ZKvn9bnPZsXk/nkM7gR9Nsx3sK5dCH8wtWDriHKzTUBneGYt2IRkZ329m4CYnvJP
uC4OoytYZK8zuP6GWbCURkaZ9Hemv8o0jCPPaB7AqEaosnopBxtWOhMWsF84J7gv
sfneHyOPPRKtDdqpfdvPzurRCTleRuAYriN85ZNVrJMYcihMOik/6RF5QaGtUoNk
oGh6/2CDsUsAndlSyGbKQ6D0Gn3OWHbBbLNG6acYCRzsPVfZAgMBAAGjGjAYMAkG
A1UdEwQCMAAwCwYDVR0PBAQDAgXgMA0GCSqGSIb3DQEBBAUAA4IBAQATGeb/Zu+G
Ia6uDPvSwGe5nDg0wAvojgqX5gIFvF7NhWRrZpi9LpEySCbIsQ4hZ+/yZMXkWiNP
3lcjp1HqK3kTBiIbVLTCDkzRZWLWmK3k1jPwU9ZT+L6cTUAuyfktNjCY3VYFlve/
CVrzyf7X7itJIYAYAD9cZfBRHUVOblIpEy0ElLe2XvlYWqnUMwlP20+cmUYQr+Dy
P7JuXSRlOa7/tuCw3zW02a4892jFqryTVY34e/QhKI556a3LuNojZFKOdPgTSP+5
9frEPpdPPXnMoiL9Z1v9O4CKP2YQQjLIBqJTCaGH0QPXUIk0NtSjKQn+XHa0VJX1
LynPZqnj3Uc/
-----END CERTIFICATE-----


lcardena@vaionic:~/cc52d$ openssl x509 -in MD5Collision.certificate2.cer -inform DER -text
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 55604297 (0x3507449)
        Signature Algorithm: md5WithRSAEncryption
        Issuer: CN=Hash Collision CA, L=Eindhoven, C=NL
        Validity
            Not Before: Feb  1 00:00:01 2005 GMT
            Not After : Feb  1 00:00:01 2007 GMT
        Subject: CN=Hash Collision, O=we used a collision for MD5, L=Eindhoven, C=NL
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (2048 bit)
                Modulus (2048 bit):
                    00:ca:b9:e7:42:c4:b6:26:87:1a:b9:a5:24:84:6b:
                    05:c1:88:95:fb:13:65:e9:a6:9f:48:03:92:ff:2c:
                    3b:3f:79:41:ad:34:06:ff:ad:b4:03:4b:df:84:7a:
                    4d:b7:01:4f:db:32:83:cb:19:d4:6f:a8:a7:65:c6:
                    33:f0:16:bf:30:6a:ff:7c:2e:57:73:68:9b:33:19:
                    b8:15:64:ab:e7:f5:b9:cf:66:45:e4:fe:79:0c:ee:
                    04:7d:36:cc:77:b0:ae:5d:08:7f:30:b5:60:eb:88:
                    72:b3:4d:40:67:f8:65:2d:d8:84:64:67:7d:bd:9b:
                    80:98:9e:f2:cf:b8:2e:0e:a3:2b:58:64:af:33:b8:
                    fe:86:59:b0:94:46:46:99:f4:77:a6:bf:ca:34:8c:
                    23:cf:68:1e:c0:a8:46:a8:b2:7a:29:07:1b:56:3a:
                    13:16:b0:5f:38:27:b8:2f:b1:f9:de:1f:23:8f:3d:
                    12:ad:0d:da:a9:7d:db:cf:ce:ea:d1:09:39:5e:46:
                    e0:18:ae:23:7c:e5:93:55:ac:93:18:72:28:4c:3a:
                    29:3f:e9:11:79:41:a1:ad:52:83:64:a0:68:7a:ff:
                    60:83:b1:4b:00:9d:d9:52:c8:66:ca:43:a0:f4:1a:
                    7d:ce:58:76:c1:6c:b3:46:e9:a7:18:09:1c:ec:3d:
                    57:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints:
                CA:FALSE
            X509v3 Key Usage:
                Digital Signature, Non Repudiation, Key Encipherment
    Signature Algorithm: md5WithRSAEncryption
        13:19:e6:ff:66:ef:86:21:ae:ae:0c:fb:d2:c0:67:b9:9c:38:
        34:c0:0b:e8:8e:0a:97:e6:02:05:bc:5e:cd:85:64:6b:66:98:
        bd:2e:91:32:48:26:c8:b1:0e:21:67:ef:f2:64:c5:e4:5a:23:
        4f:de:57:23:a7:51:ea:2b:79:13:06:22:1b:54:b4:c2:0e:4c:
        d1:65:62:d6:98:ad:e4:d6:33:f0:53:d6:53:f8:be:9c:4d:40:
        2e:c9:f9:2d:36:30:98:dd:56:05:96:f7:bf:09:5a:f3:c9:fe:
        d7:ee:2b:49:21:80:18:00:3f:5c:65:f0:51:1d:45:4e:6e:52:
        29:13:2d:04:94:b7:b6:5e:f9:58:5a:a9:d4:33:09:4f:db:4f:
        9c:99:46:10:af:e0:f2:3f:b2:6e:5d:24:65:39:ae:ff:b6:e0:
        b0:df:35:b4:d9:ae:3c:f7:68:c5:aa:bc:93:55:8d:f8:7b:f4:
        21:28:8e:79:e9:ad:cb:b8:da:23:64:52:8e:74:f8:13:48:ff:
        b9:f5:fa:c4:3e:97:4f:3d:79:cc:a2:22:fd:67:5b:fd:3b:80:
        8a:3f:66:10:42:32:c8:06:a2:53:09:a1:87:d1:03:d7:50:89:
        34:36:d4:a3:29:09:fe:5c:76:b4:54:95:f5:2f:29:cf:66:a9:
        e3:dd:47:3f
-----BEGIN CERTIFICATE-----
MIIDNTCCAh2gAwIBAgIEA1B0STANBgkqhkiG9w0BAQQFADA9MRowGAYDVQQDExFI
YXNoIENvbGxpc2lvbiBDQTESMBAGA1UEBxMJRWluZGhvdmVuMQswCQYDVQQGEwJO
TDAeFw0wNTAyMDEwMDAwMDFaFw0wNzAyMDEwMDAwMDFaMGAxFzAVBgNVBAMTDkhh
c2ggQ29sbGlzaW9uMSQwIgYDVQQKExt3ZSB1c2VkIGEgY29sbGlzaW9uIGZvciBN
RDUxEjAQBgNVBAcTCUVpbmRob3ZlbjELMAkGA1UEBhMCTkwwggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQDKuedCxLYmhxq5pSSEawXBiJX7E2Xppp9IA5L/
LDs/eUGtNAb/rbQDS9+Eek23AU/bMoPLGdRvqKdlxjPwFr8wav98LldzaJszGbgV
ZKvn9bnPZkXk/nkM7gR9Nsx3sK5dCH8wtWDriHKzTUBn+GUt2IRkZ329m4CYnvLP
uC4OoytYZK8zuP6GWbCURkaZ9Hemv8o0jCPPaB7AqEaosnopBxtWOhMWsF84J7gv
sfneHyOPPRKtDdqpfdvPzurRCTleRuAYriN85ZNVrJMYcihMOik/6RF5QaGtUoNk
oGh6/2CDsUsAndlSyGbKQ6D0Gn3OWHbBbLNG6acYCRzsPVfZAgMBAAGjGjAYMAkG
A1UdEwQCMAAwCwYDVR0PBAQDAgXgMA0GCSqGSIb3DQEBBAUAA4IBAQATGeb/Zu+G
Ia6uDPvSwGe5nDg0wAvojgqX5gIFvF7NhWRrZpi9LpEySCbIsQ4hZ+/yZMXkWiNP
3lcjp1HqK3kTBiIbVLTCDkzRZWLWmK3k1jPwU9ZT+L6cTUAuyfktNjCY3VYFlve/
CVrzyf7X7itJIYAYAD9cZfBRHUVOblIpEy0ElLe2XvlYWqnUMwlP20+cmUYQr+Dy
P7JuXSRlOa7/tuCw3zW02a4892jFqryTVY34e/QhKI556a3LuNojZFKOdPgTSP+5
9frEPpdPPXnMoiL9Z1v9O4CKP2YQQjLIBqJTCaGH0QPXUIk0NtSjKQn+XHa0VJX1
LynPZqnj3Uc/
-----END CERTIFICATE-----


## Conversi'on

lcardena@vaionic:~/cc52d$ openssl x509 -in MD5Collision.certificate1.cer -inform DER -out MD5Collision.certificate1.pem
lcardena@vaionic:~/cc52d$ openssl x509 -in MD5Collision.certificate2.cer -inform DER -out MD5Collision.certificate2.pem
lcardena@vaionic:~/cc52d$ openssl x509 -in MD5CollisionCA.cer -inform DER -out MD5CollisionCA.pem


## Verificaci'on

lcardena@vaionic:~/cc52d$ openssl verify -CAfile MD5CollisionCA.pem MD5Collision.certificate1.pem
MD5Collision.certificate1.pem: OK
lcardena@vaionic:~/cc52d$    openssl verify -CAfile MD5CollisionCA.pem MD5Collision.certificate2.pem
MD5Collision.certificate2.pem: OK
