如何强制https使用指定的算法

登录进行投票

不知道这两命令行不行。。。要SERVER版才行，没法试：

1
NETSH /add sslcert

Adds a new SSL server certificate binding and corresponding client certificate policies for an IP address and port.

Syntax

add sslcert [ ipport= ] IPAddress:port [ certhash= ] CertHash [ appid= ] GUID [ [ certstorename= ] CertStoreName [ verifyclientcertrevocation= ] enable | disable [ verifyrevocationwithcachedclientcertonly= ] enable | disable [ usagecheck= ] enable | disable [ revocationfreshnesstime= ] U-Int [ urlretrievaltimeout= ] U-Int [ sslctlidentifier= ] SSLCTIdentifier [ sslctlstorename= ] SSLCtStoreName [ dsmapperusage= ] enable | disable [ clientcertnegotiation= ] enable | disable ] ]

Parameters

ipport: Required. Specifies the IP address and port for the binding. A colon character (:) is used as a delimiter between the IP address and the port number.

certhash: Required. Specifies the SHA hash of the certificate. This hash is 20 bytes long and is specified as a hexadecimal string.

appid: Required. Specifies the GUID to identify the owning application.

certstorename: Optional. Specifies the store name for the certificate. Defaults to MY. Certificate must be stored in the local machine context.

verifyclientcertrevocation: Optional. Specifies the Turns on/off verification of revocation of client certificates.

verifyrevocationwithcachedclientcertonly: Optional. Specifies whether the usage of only cached client certificate for revocation checking is enabled or disabled.

usagecheck: Optional. Specifies whether the usage check is enabled or disabled. Default is enabled.

revocationfreshnesstime: Optional. Specifies the time interval, in seconds, to check for an updated certificate revocation list (CRL). If this value is zero, then the new CRL is updated only if the previous one expires.

urlretrievaltimeout: Optional. Specifies the timeout interval (in milliseconds) after the attempt to retrieve the certificate revocation list for the remote URL.

sslctlidentifier: Optional. Specifies the list of the certificate issuers that can be trusted. This list can be a subset of the certificate issuers that are trusted by the computer.

sslctlstorename: Optional. Specifies the certificate store name under LOCAL_MACHINE where SslCtlIdentifier is stored.

dsmapperusage: Optional. Specifies whether DS mappers is enabled or disabled. Default is disabled.

clientcertnegotiation: Optional. Specifies whether the negotiation of certificate is enabled or disabled. Default is disabled.

Examples

Following is an example of the add sslcert command.

add sslcert ipport=1.1.1.1:443 certhash=0102030405060708090A0B0C0D0E0F1011121314 appid={00112233-4455-6677-8899-AABBCCDDEEFF}

add timeout

Adds a global timeout to the service.

===

2

Certutil

Certutil <-parameter> [-parameter]

Certutil.exe is a command-line program that is installed as part of Certificate Services. You can use Certutil.exe to dump and display certification authority (CA) configuration information, configure Certificate Services, back up and restore CA components, and verify certificates, key pairs, and certificate chains.

试试：
能显缓存页，CRL，

Z这两个公私匙是用户USER 的

CERTUTIL -v -URLCache crl：
。。。。。。。
C:\Documents and Settings\user\Application Data\Microsoft\Cr
yptnetUrlCache\Content\A44F4E7CB3133FF765C39A53AD8FCFDD"

Meta File Name: "C:\Documents and Settings\user\Application Data\Microsoft\Cry
ptnetUrlCache\MetaData\A44F4E7CB3133FF765C39A53AD8FCFDD"

C:\WINDOWS\system32>CERTUTIL -v -URLCache crl
402.203.0: 0x80070057 (WIN32: 87): ..CertCli Version
WinINet Cache entries: 0

WinHttp Cache entry: 36 Bytes
Source Url Name: "http://crl.microsoft.com/pki/crl/products/tspca.crl"

显示有三个CRL。都是MS公司的，贴一个
Local File Name: "C:\Documents and Settings\user\Application Data\Microsoft\Cr
yptnetUrlCache\Content\3130B1871A126520A8C47861EFE3ED4D"

Meta File Name: "C:\Documents and Settings\user\Application Data\Microsoft\Cry
ptnetUrlCache\MetaData\3130B1871A126520A8C47861EFE3ED4D"

File Size: 552
Last Sync Time: 2009-11-3 10:30

WinHttp Cache entry: 36 Bytes
Source Url Name: "http://crl.microsoft.com/pki/crl/products/CSPCA.crl"

Local File Name: "C:\Documents and Settings\user\Application Data\Microsoft\Cr
yptnetUrlCache\Content\7B2238AACCEDC3F1FFE8E7EB5F575EC9"

Meta File Name: "C:\Documents and Settings\user\Application Data\Microsoft\Cry
ptnetUrlCache\MetaData\7B2238AACCEDC3F1FFE8E7EB5F575EC9"

File Size: 552
Last Sync Time: 2009-11-3 10:30

WinHttp Cache entry: 36 Bytes
Source Url Name: "http://crl.microsoft.com/pki/crl/products/CodeSignPCA2.crl"

Local File Name: "C:\Documents and Settings\user\Application Data\Microsoft\Cr
yptnetUrlCache\Content\A44F4E7CB3133FF765C39A53AD8FCFDD"

Meta File Name: "C:\Documents and Settings\user\Application Data\Microsoft\Cry
ptnetUrlCache\MetaData\A44F4E7CB3133FF765C39A53AD8FCFDD"

File Size: 558
Last Sync Time: 2009-11-3 10:29

WinHttp Cache entries: 3

CertUtil: -URLCache command completed successfully.

--------------------- IE 浏览CACHEURL，刚从MS下的CRL，和上传的图都在：光清IE HISTORY不行，得INTERNET选项/全清COOKIE等等，
CERTUTIL -v -URLCache url：。。。。。。。。。。。。。
WinINet Cache entry: 764 Bytes Source Url Name: "Visited: user@http://cid-8ec97c3dd4df067e.skydrive.live.com/ self.aspx/%e6%96%b0%e5%bb%ba%e7%9b%b8%e5%86%8c/11.GIF" Local File Name: "(null)" Use Count: 0 Hit Rate: 4 File Size: 0 Last Modified Time: 2009-11-3 13:13 Expire Time: 2009-11-29 13:13 Last Access Time: 2009-11-3 13:13 Last Sync Time: 2009-11-3 13:13 WinINet Cache entries: 263 320.996.0: 0x8007000d (WIN32: 13)
WinHttp Cache entry: 36 Bytes Source Url Name: "http://www.microsoft.com/pki/mscorp/Microsoft%20Secure%20Ser ver%20Authority(5).crt"
Local File Name: "C:\Documents and Settings\user\Application Data\Microsoft\Cr yptnetUrlCache\Content\0897206B35294097C3660E62BCDB227C" Meta File Name: "C:\Documents and Settings\user\Application Data\Microsoft\Cry ptnetUrlCache\MetaData\0897206B35294097C3660E62BCDB227C" File Size: 2202 Last Sync Time: 2009-11-3 13:11
。。。。。。。。
C:\WINDOWS\system32>CERTUTIL -v -URLCache url
402.203.0: 0x80070057 (WIN32: 87): ..CertCli Version **** OFFLINE **** 320.829.0: 0x80070002 (WIN32: 2) url 320.213.0: 0x80070002 (WIN32: 2) 320.834.0: 0x80070002 (WIN32: 2) WinHttp Cache entries: 0 CertUtil: -URLCache command completed successfully.

-------------------------------
C:\WINDOWS\system32>CERTUTIL -v -MachineInfo ./$
402.203.0: 0x80070057 (WIN32: 87): ..CertCli Version
307.5778.0: 0x8007054b (WIN32: 1355)
CertUtil: -MachineInfo command FAILED: 0x8007054b (WIN32: 1355)
CertUtil: 指定的域不存在，或无法联系。
301.3128.0: 0x8007054b (WIN32: 1355)

C:\WINDOWS\system32>CERTUTIL -v -DCInfo Verify
402.203.0: 0x80070057 (WIN32: 87): ..CertCli Version
309.536.0: 0x54b (1355)
309.696.0: 0x54b (1355)
CertUtil: -DCInfo command FAILED: 0x54b (1355)
CertUtil: 指定的域不存在，或无法联系。
301.3128.0: 0x54b (1355)

C:\WINDOWS\system32>CERTUTIL -v -EntInfo .\LILIANJIE$
402.203.0: 0x80070057 (WIN32: 87): ..CertCli Version
++++++++ MACHINE: LILIANJIE$ ++++++++
** Enterprise Root Certificates for DC LILIANJIE
No certs in Ent Root store!
No Autoenrollment Objects!!!

No Autoenrolled Certificates in MY store!!!
309.928.0: 0x80092004 (-2146885628)
309.1095.0: 0x80092004 (-2146885628)
307.5638.0: 0x800704bc (WIN32: 1212)
309.1102.0: 0x800704bc (WIN32: 1212)

CertUtil: -EntInfo command completed successfully.

2009年11月2日 5:46

0

登录进行投票

CERTUTIL -v -store:

02.203.0: 0x80070057 (WIN32: 87):

..CertCli Version

================ Certificate 0 ================

X509 Certificate: Version: 3

Serial Number: 06376c00aa00648a11cfb8d4aa5c35f4

Signature Algorithm:
Algorithm ObjectId: 1.2.840.113549.1.1.4 md5RSA
Algorithm Parameters: 05 00

Issuer: CN=Root Agency
NotBefore: 1996-5-29 6:02
NotAfter: 2040-1-1 7:59

Subject: CN=Root Agency

Public Key Algorithm:
Algorithm ObjectId: 1.2.840.113549.1.1.1
RSA Algorithm Parameters: 05 00
Public Key Length: 512 bits
Public Key:
UnusedBits = 0 0000 30 47 02 40 81 55 22 b9 8a a4 6f ed d6 e7 d9 66 0010 0f 55 bc d7 cd d5 bc 4e 40 02 21 a2 b1 f7 87 30 0020 85 5e d2 f2 44 b9 dc 9b 75 b6 fb 46 5f 42 b6 9d 0030 23 36 0b de 54 0f cd bd 1f 99 2a 10 58 11 cb 40 0040 cb b5 a7 41 02 03 01 00 01

Certificate Extensions: 2 2.5.4.3:
Flags = 0,
Length = 49
公用名 (CN) Unknown Extension
type 0000 13 47 46 6f 72 20 54 65 73 74 69 6e 67 20 50 75 .GFor Testing Pu 0010 72 70 6f 73 65 73 20 4f 6e 6c 79 20 53 61 6d 70 rposes Only Samp 0020 6c 65 20 53 6f 66 74 77 61 72 65 20 50 75 62 6c le

Software Publ 0030 69 73 68 69 6e 67 20 43 72 65 64 65 6e 74 69 61
ishing Credentia 0040 6c 73 20 41 67 65 6e 63 79
ls Agency 2.5.29.1:
Flags = 0,
Length = 40

颁发机构密钥标识符 KeyID=12 e4 09 2d 06 1d 1d 4f 00 8d 61 21 dc 16 64 63
Certificate Issuer:
CN=Root Agency
Certificate SerialNumber=06 37 6c 00 aa 00 64 8a 11 cf b8 d4 aa 5c 35 f4
Signature Algorithm:
Algorithm ObjectId: 1.2.840.113549.1.1.4
md5RSA Algorithm Parameters: 05 00
Signature: UnusedBits=0 0000 8c 3b 17 10 ad 41 11 42 4c 20 87 ba a5 87 bd 4b 0010 cc f7 2a bd 01 8d b0 56 bd 67 83 72 68 25 1b e7 0020 bd 9a 64 6f 6f c4 f0 fa b3 c1 dc c9 5b 69 62 db 0030 95 c3 f5 f0 fa 17 21 a8 3f 89 42 89 7b 3e 2e 2d
Signature matches Public Key Root Certificate:
Subject matches Issuer Key Id Hash(sha1): 9a a6 58 7f 94 dd 91 d9 1e 63 df d3 f0 ce 5f ae 18 93 aa b7 Key Id Hash(canonicalized sha1): 38 59 6d ac 2a 46 c9 00 23 09 90 5e 1f 02 c1 fb 5d f7 24 cd
Cert Hash(md5): c0 a7 23 f0 da 35 02 6b 21 ed b1 75 97 f1 d4 70
Cert Hash(sha1): fe e4 49 ee 0e 39 65 a5 24 6f 00 0e 87 fd e2 a0 65 fd 89 d4
CERT_SUBJECT_PUBLIC_KEY_MD5_HASH_PROP_ID(25): ed bc cd d5 10 6a 07 1c 5d 8b 46 90 91 8e 48 aa CERT_SHA1_HASH_PROP_ID(3): fe e4 49 ee 0e 39 65 a5 24 6f 00 0e 87 fd e2 a0 65 fd 89 d4 CERT_KEY_IDENTIFIER_PROP_ID(20): 9a a6 58 7f 94 dd 91 d9 1e 63 df d3 f0 ce 5f ae 18 93 aa b7

No stored keyset property

================ Certificate 1 ================ X509 Certificate: Version: 3 Serial Number: d8c8767622e94fa511d33bb738f31290 Signature Algorithm: Algorithm ObjectId: 1.2.840.113549.1.1.4 md5RSA Algorithm Parameters: 05 00 Issuer: CN=Root SGC Authority NotBefore: 1999-7-17 3:47 NotAfter: 2004-7-17 3:47 Subject: E=premium-server@thawte.com CN=Thawte Premium Server CA OU=Certification Services Division O=Thawte Consulting cc L=Cape Town S=Western Cape C=ZA Public Key Algorithm: Algorithm ObjectId: 1.2.840.113549.1.1.1 RSA Algorithm Parameters: 05 00 Public Key Length: 1024 bits Public Key: UnusedBits = 0 0000 30 81 89 02 81 81 00 d2 36 36 6a 8b d7 c2 5b 9e 0010 da 81 41 62 8f 38 ee 49 04 55 d6 d0 ef 1c 1b 95 0020 16 47 ef 18 48 35 3a 52 f4 2b 6a 06 8f 3b 2f ea 0030 56 e3 af 86 8d 9e 17 f7 9e b4 65 75 02 4d ef cb 0040 09 a2 21 51 d8 9b d0 67 d0 ba 0d 92 06 14 73 d4 0050 93 cb 97 2a 00 9c 5c 4e 0c bc fa 15 52 fc f2 44 0060 6e da 11 4a 6e 08 9f 2f 2d e3 f9 aa 3a 86 73 b6 0070 46 53 58 c8 89 05 bd 83 11 b8 73 3f aa 07 8d f4 0080 42 4d e7 40 9d 1c 37 02 03 01 00 01 Certificate Extensions: 3 2.5.29.10: Flags = 0, Length = 6 基本限制 Subject Type=CA Path Length Constraint=None 2.5.29.37: Flags = 0, Length = 19 增强型密钥用法未知密钥用法 (1.3.6.1.4.1.311.10.3.3) 未知密钥用法 (2.16.840.1.113730.4.1) 2.5.29.1: Flags = 0, Length = 41 颁发机构密钥标识符 KeyID=0d 27 29 e4 05 2a 97 b4 77 58 35 47 93 2d 06 b8 Certificate Issuer: CN=Root SGC Authority Certificate SerialNumber=20 9d 11 d1 0e 7f 7b 85 74 80 Signature Algorithm: Algorithm ObjectId: 1.2.840.113549.1.1.4 md5RSA Algorithm Parameters: 05 00 Signature: UnusedBits=0 0000 2e 39 40 bc bc 3d d1 02 82 49 9a 64 6c c6 7c c1 0010 42 ab 45 9b c4 f2 b6 13 ac 61 07 93 ae d6 92 94 0020 c8 c5 d8 96 da b1 ce 08 4f c4 a6 f0 92 02 56 c9 0030 34 06 23 25 f8 0d 56 5c 5d 9d 5e 29 ef 5d ff a3 0040 f0 d5 d0 6d 71 29 c0 e7 74 7a 85 f7 c3 da 0e d5 0050 89 3b b0 0d a2 db 30 61 d1 d4 b5 c5 d9 d5 e3 e1 0060 e7 6d 69 a3 ce 53 c7 dd 3b 39 ed 45 49 4b 1a d2 0070 8a 64 b9 c8 6a 12 f1 ab 9f 7b a1 f1 77 b5 a1 1e 0080 ea d8 7f 32 fa 7f e1 c0 39 20 dd a6 c6 4b 37 a3 0090 7e 08 ae 66 7f f1 35 ce 3d 57 46 6f 31 ec 2e 45 00a0 8a d7 3d 63 af a6 35 19 54 51 4e 60 19 3f 91 d7 00b0 9f c3 29 d0 4a 3c f1 f0 0b 56 c0 13 6d e5 a6 01 00c0 9c 27 f1 38 9c fa 5b ce 86 5f f1 4b 02 2c eb a0 00d0 d6 8f 2a dd ca 48 99 fe 90 10 05 1c fb af e1 d5 00e0 6c c5 7a f1 16 26 fd 67 c4 82 e4 e4 5f de 6e 73 00f0 ce e5 6e 68 35 5c d5 20 ff b8 97 50 2c c6 98 b6 Non-root Certificate Key Id Hash(sha1): 5f f3 24 6c 8f 91 24 af 9b 5f 3e b0 34 6a f4 2d 5c a8 5d cc Cert Hash(md5): 53 66 ea 0c 15 09 f1 c1 99 70 42 29 ae 0d c4 66 Cert Hash(sha1): fe 62 2e a7 b3 3c a4 65 19 ab 39 73 6a 66 b8 f6 e4 1f f1 57 CERT_KEY_IDENTIFIER_PROP_ID(20): 5f f3 24 6c 8f 91 24 af 9b 5f 3e b0 34 6a f4 2d 5c a8 5d cc CERT_SHA1_HASH_PROP_ID(3): fe 62 2e a7 b3 3c a4 65 19 ab 39 73 6a 66 b8 f6 e4 1f f1 57 CERT_SUBJECT_PUBLIC_KEY_MD5_HASH_PROP_ID(25): 5d c4 5e 2c d1 84 57 91 bd de 76 00 05 0a f5 10 CERT_MD5_HASH_PROP_ID(4): 53 66 ea 0c 15 09 f1 c1 99 70 42 29 ae 0d c4 66 No stored keyset property

================ Certificate 2 ================ X509 Certificate: Version: 3 Serial Number: 209d11d10e81940b0dc0 Signature Algorithm: Algorithm ObjectId: 1.2.840.113549.1.1.4 md5RSA Algorithm Parameters: 05 00 Issuer: CN=Root SGC Authority NotBefore: 1997-8-7 1:29 NotAfter: 2010-1-1 15:00 Subject: CN=MS SGC Authority Public Key Algorithm: Algorithm ObjectId: 1.2.840.113549.1.1.1 RSA Algorithm Parameters: 05 00 Public Key Length: 1024 bits Public Key: UnusedBits = 0 0000 30 81 89 02 81 81 00 9c b8 a5 f9 3c 13 4d 40 c9 0010 96 dc ea 5b 9b 00 5b c8 67 c0 34 0f 16 31 2d 19 0020 e0 2d 76 b1 5c 4d 34 06 fc 23 63 5f 93 62 c9 22 0030 06 bd aa fc 6e 4a 03 5b 79 66 4c 6c 75 41 ab d8 0040 c0 41 5a 2a ec ed 57 1d be b1 77 29 8a 92 50 89 0050 67 af 7c 0b a4 dc 6c c0 a9 38 ed af 92 cd 6b 6a 0060 d2 42 30 c7 b3 3e 3c 13 c7 5d 98 50 d4 4b 98 b2 0070 cb 74 be fa 9b 9e 57 f7 e4 61 fd d7 54 7f f0 9e 0080 eb ab 19 64 af e3 a3 02 03 01 00 01 Certificate Extensions: 1 2.5.29.1: Flags = 0, Length = 41 颁发机构密钥标识符 KeyID=0d 27 29 e4 05 2a 97 b4 77 58 35 47 93 2d 06 b8 Certificate Issuer: CN=Root SGC Authority Certificate SerialNumber=20 9d 11 d1 0e 7f 7b 85 74 80 Signature Algorithm: Algorithm ObjectId: 1.2.840.113549.1.1.4 md5RSA Algorithm Parameters: 05 00 Signature: UnusedBits=0 0000 fe 39 f5 c1 2d 45 06 bf 50 fd a6 bd 1b db b2 18 0010 5f ed 5a e8 15 48 ce 8c a6 d4 be 24 e5 53 84 3d 0020 8c a4 38 16 60 97 49 92 d6 08 0f cb f7 1a 1b 35 0030 d3 c7 01 40 aa 40 b1 cb 0c c1 9f 62 4f b3 ed 11 0040 2b 1e 05 0a b8 fc 00 a8 5a ee d6 93 d1 78 03 68 0050 24 9b c7 1b 05 58 0c 19 c2 66 c3 45 a7 d5 50 70 0060 57 d6 51 74 50 84 58 34 2d f9 82 8b 4d 01 ca 2e 0070 46 e2 6d 74 6b b0 0f e7 71 3a f5 b7 fe 5f 18 24 0080 40 6e 0a ef e2 6a 7e 4c 9b 5c 85 6d ce c0 ef e2 0090 8a 16 d1 71 72 0e 06 68 4f 3e 34 42 fa 8d b8 99 00a0 08 db 1b 1f 46 1e 11 97 08 09 ee ba fe ab 1a 88 00b0 7a 88 76 6a 53 5d a5 77 c4 53 18 ec 6e 12 fb e6 00c0 8a 58 eb 06 c2 9b 77 80 c1 9e 0f 5c 36 53 7e 32 00d0 f2 bf 46 2a f2 56 87 52 e6 36 3d f8 57 a6 08 7d 00e0 f4 ec 8f de 53 b1 23 b7 dd 33 8e 5c e3 dd d2 a4 00f0 89 3c cf 6b 47 21 61 2b df 60 b8 16 06 0a 58 4f Non-root Certificate Key Id Hash(sha1): d1 71 0e 20 df 03 71 25 dd ca b9 6d 8c da b0 17 da ae c7 99 Cert Hash(md5): 77 17 62 21 30 e3 81 fa 1f 64 a5 26 1f dc f9 79 Cert Hash(sha1): f6 35 72 39 b7 c3 97 25 bd 80 00 64 6e 4a 0d 18 eb ce 4c fa CERT_SUBJECT_PUBLIC_KEY_MD5_HASH_PROP_ID(25): 8d 11 80 a8 ac 4f 2b 18 6c 7d a5 ff fd 8b 86 e1 CERT_ENHKEY_USAGE_PROP_ID(9): Usage Entries: 3 [0] 1.3.6.1.5.5.7.3.1 服务器验证 [1] 1.3.6.1.4.1.311.10.3.3 [2] 2.16.840.1.113730.4.1 CERT_SHA1_HASH_PROP_ID(3): f6 35 72 39 b7 c3 97 25 bd 80 00 64 6e 4a 0d 18 eb ce 4c fa CERT_KEY_IDENTIFIER_PROP_ID(20): d1 71 0e 20 df 03 71 25 dd ca b9 6d 8c da b0 17 da ae c7 99 No stored keyset property

================ Certificate 3 ================ X509 Certificate: Version: 3 Serial Number: c4bbd8c0caff56a511d3569661992230 Signature Algorithm: Algorithm ObjectId: 1.2.840.113549.1.1.4 md5RSA Algorithm Parameters: 05 00 Issuer: CN=Root SGC Authority NotBefore: 1999-8-20 8:30 NotAfter: 2014-1-28 15:00 Subject: CN=GlobalSign Root CA OU=Root CA O=GlobalSign nv-sa C=BE Public Key Algorithm: Algorithm ObjectId: 1.2.840.113549.1.1.1 RSA Algorithm Parameters: 05 00 Public Key Length: 2048 bits Public Key: UnusedBits = 0 0000 30 82 01 0a 02 82 01 01 00 da 0e e6 99 8d ce a3 0010 e3 4f 8a 7e fb f1 8b 83 25 6b ea 48 1f f1 2a b0 0020 b9 95 11 04 bd f0 63 d1 e2 67 66 cf 1c dd cf 1b 0030 48 2b ee 8d 89 8e 9a af 29 80 65 ab e9 c7 2d 12 0040 cb ab 1c 4c 70 07 a1 3d 0a 30 cd 15 8d 4f f8 dd 0050 d4 8c 50 15 1c ef 50 ee c4 2e f7 fc e9 52 f2 91 0060 7d e0 6d d5 35 30 8e 5e 43 73 f2 41 e9 d5 6a e3 0070 b2 89 3a 56 39 38 6f 06 3c 88 69 5b 2a 4d c5 a7 0080 54 b8 6c 89 cc 9b f9 3c ca e5 fd 89 f5 12 3c 92 0090 78 96 d6 dc 74 6e 93 44 61 d1 8d c7 46 b2 75 0e 00a0 86 e8 19 8a d5 6d 6c d5 78 16 95 a2 e9 c8 0a 38 00b0 eb f2 24 13 4f 73 54 93 13 85 3a 1b bc 1e 34 b5 00c0 8b 05 8c b9 77 8b b1 db 1f 20 91 ab 09 53 6e 90 00d0 ce 7b 37 74 b9 70 47 91 22 51 63 16 79 ae b1 ae 00e0 41 26 08 c8 19 2b d1 46 aa 48 d6 64 2a d7 83 34 00f0 ff 2c 2a c1 6c 19 43 4a 07 85 e7 d3 7c f6 21 68 0100 ef ea f2 52 9f 7f 93 90 cf 02 03 01 00 01 Certificate Extensions: 3 2.5.29.10: Flags = 0, Length = 6 基本限制 Subject Type=CA Path Length Constraint=None 2.5.29.37: Flags = 0, Length = 19 增强型密钥用法未知密钥用法 (1.3.6.1.4.1.311.10.3.3) 未知密钥用法 (2.16.840.1.113730.4.1) 2.5.29.1: Flags = 0, Length = 41 颁发机构密钥标识符 KeyID=0d 27 29 e4 05 2a 97 b4 77 58 35 47 93 2d 06 b8 Certificate Issuer: CN=Root SGC Authority Certificate SerialNumber=20 9d 11 d1 0e 7f 7b 85 74 80 Signature Algorithm: Algorithm ObjectId: 1.2.840.113549.1.1.4 md5RSA Algorithm Parameters: 05 00 Signature: UnusedBits=0 0000 1f 41 b4 1d db 5a 46 48 a9 5f 84 68 24 19 2d d3 0010 77 39 66 cb 15 21 aa f9 5f f2 92 79 af 07 29 06 0020 ed 4f 8d c4 20 9e f7 6d 5c 2b 7a e5 13 c4 08 e7 0030 e1 8a e5 da 17 6f d7 0a 17 8d 8e 7d 9d 77 37 07 0040 cb be 78 60 bf 89 c0 9d 39 53 18 6d 7f ec e6 24 0050 e0 66 3e a9 e2 db 01 7e cd c0 96 f0 e8 9b 03 ac 0060 e9 bb 41 58 3d 1f 4f 92 01 d2 dc 09 1a a8 e4 9d 0070 a8 f9 ed f3 84 8b 36 a2 67 66 6d 74 03 b7 84 3e 0080 d6 44 49 51 74 26 6d 95 76 dd 3b 37 f0 03 d7 2e 0090 1a f7 97 e6 97 76 47 86 cf 91 7c a6 a3 88 db ca 00a0 de 81 e7 04 a6 a6 4b 69 a1 24 45 c0 69 df 96 7e 00b0 8c ff 6c c2 25 b4 c4 21 79 25 72 79 65 f1 db 13 00c0 ae 69 65 02 33 59 11 d4 47 1e 4d 10 08 6a 61 31 00d0 e4 6d ca 4c bd 0f a6 99 94 9b 4a 63 03 dc 8e 7a 00e0 f1 45 db c6 bf c6 a0 f2 db a2 cc d2 91 99 d7 a7 00f0 46 8e 42 9c 70 a8 cb b9 42 57 25 36 55 ee 82 d2 Non-root Certificate Key Id Hash(sha1): 87 db d4 5f b0 92 8d 4e 1d f8 15 67 e7 f2 ab af d6 2b 67 75 Cert Hash(md5): 6f 7e 74 a3 a1 3a ca bb 63 cf 74 04 17 05 fa 33 Cert Hash(sha1): e5 21 5d 34 60 c2 c2 0b be 2d 9f e5 fb 66 5d aa 2c 0e 22 5c CERT_SUBJECT_PUBLIC_KEY_MD5_HASH_PROP_ID(25): a8 23 b4 a2 01 80 be b4 60 ca b9 55 c2 4d 7e 21 CERT_SHA1_HASH_PROP_ID(3): e5 21 5d 34 60 c2 c2 0b be 2d 9f e5 fb 66 5d aa 2c 0e 22 5c CERT_KEY_IDENTIFIER_PROP_ID(20): 87 db d4 5f b0 92 8d 4e 1d f8 15 67 e7 f2 ab af d6 2b 67 75 No stored keyset property

================ Certificate 4 ================ X509 Certificate: Version: 3 Serial Number: 198b11d13f9a8ffe69a0 Signature Algorithm: Algorithm ObjectId: 1.2.840.113549.1.1.4 md5RSA Algorithm Parameters: 05 00 Issuer: CN=Microsoft Root Authority OU=Microsoft Corporation OU=Copyright (c) 1997 Microsoft Corp. NotBefore: 1997-10-1 15:00 NotAfter: 2002-12-31 15:00 Subject: CN=Microsoft Windows Hardware Compatibility OU=Microsoft Corporation OU=Microsoft Windows Hardware Compatibility Intermediate CA OU=Copyright (c) 1997 Microsoft Corp. Public Key Algorithm: Algorithm ObjectId: 1.2.840.113549.1.1.1 RSA Algorithm Parameters: 05 00 Public Key Length: 1024 bits Public Key: UnusedBits = 0 0000 30 81 89 02 81 81 00 e0 4e 10 0e b8 a7 ef 21 ca 0010 60 5a dc 9f 1e 3e 83 77 5a 29 2e f9 4e e5 08 5d 0020 de e1 cf 09 c0 1f 44 b7 07 a8 4b a4 22 30 3b 19 0030 06 83 ee f3 ac 27 78 ae ca d6 40 2b ce 79 01 e1 0040 9d 56 8b 36 72 b1 63 90 5f a0 b2 c0 66 a6 49 c5 0050 3c fa 26 a2 62 c3 d3 b5 cc 61 15 4c f2 3f b4 e7 0060 45 08 43 89 7f 6a 8d d5 66 fb d7 ff 64 00 c4 11 0070 fd 2c a3 0b 75 b0 fb e5 ac 26 65 a3 81 e6 66 49 0080 3d 1d 73 7a 9b 71 d7 02 03 01 00 01 Certificate Extensions: 2 2.5.29.37: Flags = 0, Length = 18 增强型密钥用法代码签名 (1.3.6.1.5.5.7.3.3) Windows 硬件驱动程序验证 (1.3.6.1.4.1.311.10.3.5) 2.5.29.1: Flags = 0, Length = 88 颁发机构密钥标识符 Certificate Issuer: CN=Microsoft Root Authority OU=Microsoft Corporation OU=Copyright (c) 1997 Microsoft Corp. Certificate SerialNumber=00 c1 00 8b 3c 3c 88 11 d1 3e f6 63 ec df 40 Signature Algorithm: Algorithm ObjectId: 1.2.840.113549.1.1.4 md5RSA Algorithm Parameters: 05 00 Signature: UnusedBits=0 0000 a8 20 da 3a a9 98 74 c5 82 41 a7 ce 2e e0 70 11 0010 12 73 99 b0 b8 97 32 a5 53 d4 2e f0 cc ba d8 71 0020 61 b0 d6 71 fc d2 c6 be 31 82 4f a7 6a 6f 04 04 0030 a1 0d 00 c3 6c 43 d7 72 99 aa ed 5d bf 72 93 fd 0040 6b 67 f0 52 4b 91 c4 0a c7 c3 fe 29 23 4a da 02 0050 bf bb b8 29 82 a0 52 be 91 ac 21 c5 f6 29 0a 3c 0060 59 53 b6 0d 97 3e e3 54 eb f7 a1 bc d9 01 85 5e 0070 54 68 fd c5 ce 07 73 8f b7 e6 5a 30 12 e9 67 21 0080 9d e0 cb 74 5d 5c 52 56 da 73 c3 5f 82 b2 bf ea 0090 13 5c 2b d1 6a 60 fd 50 4d 8f 81 16 94 98 5a 6a 00a0 3c 0d 76 ac 7e e1 90 b3 79 f0 94 c0 04 f4 82 37 00b0 f8 f5 e7 4f 39 ea 3c 41 64 68 86 2c ac df 5d e9 00c0 9b 91 e3 9e 0e 7f d6 c6 8b d4 32 07 d8 54 0b fc 00d0 5f 8a 02 4d ab b7 87 cb d4 9b 19 0b 62 c7 7e 39 00e0 5a 02 8b 01 f3 ab 13 15 8b e4 5f 2d af 83 9b d0 00f0 12 b4 03 4f 3a 98 aa b3 33 2f 0d a4 54 80 2f 71 Non-root Certificate Key Id Hash(sha1): 26 5d 05 07 d8 2f a2 60 84 bd 83 7d f5 21 80 a7 05 6f 5a 85 Cert Hash(md5): 2f 36 09 a3 ba 1e f1 56 86 92 38 66 47 fd 0f b6 Cert Hash(sha1): ba 9e 3c 32 56 2a 67 12 8c aa bd 4a b0 c5 00 be e1 d0 c2 56 CERT_KEY_IDENTIFIER_PROP_ID(20): 26 5d 05 07 d8 2f a2 60 84 bd 83 7d f5 21 80 a7 05 6f 5a 85 CERT_SUBJECT_PUBLIC_KEY_MD5_HASH_PROP_ID(25): 83 b6 53 18 66 4e 6f a2 45 e0 d7 60 9f b9 58 20 CERT_SHA1_HASH_PROP_ID(3): ba 9e 3c 32 56 2a 67 12 8c aa bd 4a b0 c5 00 be e1 d0 c2 56 CERT_MD5_HASH_PROP_ID(4): 2f 36 09 a3 ba 1e f1 56 86 92 38 66 47 fd 0f b6 CERT_ISSUER_PUBLIC_KEY_MD5_HASH_PROP_ID(24): 3f c8 cb 0b c0 52 41 e5 8d 65 e9 44 8b 2d 07 c2 No stored keyset property

================ Certificate 5 ================ X509 Certificate: Version: 3 Serial Number: fdb1dde5ef8f56a511d3569842e67fe0 Signature Algorithm: Algorithm ObjectId: 1.2.840.113549.1.1.4 md5RSA Algorithm Parameters: 05 00 Issuer: CN=Root SGC Authority NotBefore: 1999-8-20 8:43 NotAfter: 2009-10-16 15:00 Subject: O=SecureNet CA SGC Root C=au Public Key Algorithm: Algorithm ObjectId: 1.2.840.113549.1.1.1 RSA Algorithm Parameters: 05 00 Public Key Length: 2048 bits Public Key: UnusedBits = 0 0000 30 82 01 0a 02 82 01 01 00 a7 5b b1 0d 8a 53 21 0010 ba 52 88 38 90 42 65 44 fd 56 eb 73 c5 85 f3 06 0020 31 e5 08 fc 8c b1 d5 7a c7 0b 23 0a bc 5a 09 22 0030 01 f8 a7 c0 de 57 74 31 8b ad 36 cc 5e 73 f7 f6 0040 44 f0 31 ca f5 2c a2 05 f3 0a 1c 30 7a 86 33 e2 0050 46 53 f6 64 d6 47 ab b1 53 94 63 77 c4 62 d3 2f 0060 0b ea 5f b0 75 02 5e f8 2b cf 26 f3 de d2 ad eb 0070 65 7f bc 2e 41 84 fc 99 9a e9 81 1b a7 9c 66 c7 0080 f8 f5 b2 84 1b 20 75 72 21 c7 84 ff 02 46 cc 0f 0090 a6 69 85 7d 59 21 d5 0e a7 5d 56 15 4f cc 1f 41 00a0 2c 7f 66 1b af eb dd 41 a3 ec a9 e6 56 4a fe 1e 00b0 a7 c4 5c 22 9f 2f e0 0b 74 01 70 c8 73 83 0a 07 00c0 a4 68 9e e4 51 0e 8d 74 31 2f a2 c6 da 08 10 2b 00d0 ef 25 3e 6c 86 b5 46 e7 97 83 c0 ab de b0 ae 06 00e0 1a e7 c8 fb ef 7e ad 8e b0 9a 45 f1 9b f5 b1 e8 00f0 31 bb 64 00 bf 7f 91 66 cd a8 af 95 ea 13 3a 02 0100 4c 5b eb c0 93 e4 41 fc ad 02 03 01 00 01 Certificate Extensions: 3 2.5.29.10: Flags = 0, Length = 6 基本限制 Subject Type=CA Path Length Constraint=None 2.5.29.37: Flags = 0, Length = 19 增强型密钥用法未知密钥用法 (1.3.6.1.4.1.311.10.3.3) 未知密钥用法 (2.16.840.1.113730.4.1) 2.5.29.1: Flags = 0, Length = 41 颁发机构密钥标识符 KeyID=0d 27 29 e4 05 2a 97 b4 77 58 35 47 93 2d 06 b8 Certificate Issuer: CN=Root SGC Authority Certificate SerialNumber=20 9d 11 d1 0e 7f 7b 85 74 80 Signature Algorithm: Algorithm ObjectId: 1.2.840.113549.1.1.4 md5RSA Algorithm Parameters: 05 00 Signature: UnusedBits=0 0000 71 71 b5 64 ca c8 2d 5a 8f 00 17 20 8e 7a 6f b5 0010 b2 52 c4 cf 45 4f 5a 6c b1 b0 c4 1f 91 dc f2 30 0020 0d 6d b0 02 79 27 e5 f5 f9 7a 36 5c 10 8a 68 6c 0030 1c e0 18 64 89 4b e2 25 68 48 18 4d 3c 51 28 48 0040 6c 8a 87 d1 62 d1 d7 0e 9c 2c 60 37 26 b2 31 6d 0050 cf 21 e0 ee 95 1c 99 dc 0c 7f 44 0b 35 60 c7 8d 0060 84 b1 d8 5c bd cb 0c 5d e2 80 f2 4f 72 c0 3d da 0070 f6 cf ec ff a2 66 81 a1 ef 8a 6f 7a 43 22 1f a2 0080 34 46 c2 c1 9b 18 95 be 28 4d 9b 15 f4 63 fb 92 0090 9a e9 48 fa c9 d2 04 57 4a 8f ca 74 a3 a7 71 2b 00a0 03 86 0a aa 51 66 2b 8c 96 bc a9 92 30 0f 9a b2 00b0 fa 27 a2 15 e5 46 e9 49 91 07 e5 d6 4f 8f 20 49 00c0 95 a3 50 ae 9a 8f f5 9b 28 39 70 fa 07 78 d9 77 00d0 61 23 76 be de f5 79 f6 12 a8 9f 8d 11 4d 0e b4 00e0 46 e7 bd fb 05 79 8b a3 70 21 28 e6 17 ce d5 c4 00f0 e9 1f d3 2b 5e 19 5b 5d bf 36 d9 70 22 56 59 70 Non-root Certificate Key Id Hash(sha1): 17 22 51 ac 74 1e 4d ea ae ad 4c cd e1 cd a1 4f 81 8e d0 b7 Cert Hash(md5): aa d1 36 6d 1d d4 6e 4f d4 71 1c 03 33 de 20 4e Cert Hash(sha1): 9f 02 5d 9f 58 71 1a 60 5e b0 69 4b 0e 8b c0 ca 4f 25 fd 6f CERT_SUBJECT_PUBLIC_KEY_MD5_HASH_PROP_ID(25): fe 4d 94 5b e7 ca 1f 62 95 3a 5c 89 cd 07 a9 96 CERT_SHA1_HASH_PROP_ID(3): 9f 02 5d 9f 58 71 1a 60 5e b0 69 4b 0e 8b c0 ca 4f 25 fd 6f CERT_KEY_IDENTIFIER_PROP_ID(20): 17 22 51 ac 74 1e 4d ea ae ad 4c cd e1 cd a1 4f 81 8e d0 b7 No stored keyset property

================ Certificate 6 ================ X509 Certificate: Version: 3 Serial Number: 236c971e2bc60d0bf97460def108c3c3 Signature Algorithm: Algorithm ObjectId: 1.2.840.113549.1.1.2 md2RSA Algorithm Parameters: 05 00 Issuer: OU=Class 3 Public Primary Certification Authority O=VeriSign, Inc. C=US NotBefore: 1997-4-17 8:00 NotAfter: 2004-1-8 7:59 Subject: OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign OU=VeriSign International Server CA - Class 3 OU=VeriSign, Inc. O=VeriSign Trust Network Public Key Algorithm: Algorithm ObjectId: 1.2.840.113549.1.1.1 RSA Algorithm Parameters: 05 00 Public Key Length: 1024 bits Public Key: UnusedBits = 0 0000 30 81 89 02 81 81 00 d8 82 80 e8 d6 19 02 7d 1f 0010 85 18 39 25 a2 65 2b e1 bf d4 05 d3 bc e6 36 3b 0020 aa f0 4c 6c 5b b6 e7 aa 3c 73 45 55 b2 f1 bd ea 0030 97 42 ed 9a 34 0a 15 d4 a9 5c f5 40 25 dd d9 07 0040 c1 32 b2 75 6c c4 ca bb a3 fe 56 27 71 43 aa 63 0050 f5 30 3e 93 28 e5 fa f1 09 3b f3 b7 4d 4e 39 f7 0060 5c 49 5a b8 c1 1d d3 b2 8a fe 70 30 95 42 cb fe 0070 2b 51 8b 5a 3c 3a f9 22 4f 90 b2 02 a7 53 9c 4f 0080 34 e7 ab 04 b2 7b 6f 02 03 01 00 01 Certificate Extensions: 5 2.5.29.19: Flags = 0, Length = 8 基本限制 Subject Type=CA Path Length Constraint=0 2.5.29.15: Flags = 0, Length = 4 密钥用法 Certificate Signing, Off-line CRL Signing, CRL Signing (06) 2.16.840.1.113730.1.1: Flags = 0, Length = 4 Netscape Cert Type SSL CA, SMIME CA (06) 2.5.29.37: Flags = 0, Length = 19 增强型密钥用法未知密钥用法 (2.16.840.1.113733.1.8.1) 未知密钥用法 (2.16.840.1.113730.4.1) 2.5.29.32: Flags = 0, Length = 12c 证书策略 [1]Certificate Policy: Policy Identifier=2.16.840.1.113733.1.7.1.1 [1,1]Policy Qualifier Info: Policy Qualifier Id=CPS Qualifier: https://www.verisign.com/CPS [1,2]Policy Qualifier Info: Policy Qualifier Id=用户通告 Qualifier: Notice Reference: Organization=VeriSign, Inc. Notice Number=1 Notice Text=VeriSign's Certification Practice Statement, www.verisign.com/CPS, governs this certificate & is incorporated by reference herein. SOME WARRANTIES DISCLAIMED & LIABILITY LTD. (c)1997 VeriSign Signature Algorithm: Algorithm ObjectId: 1.2.840.113549.1.1.2 md2RSA Algorithm Parameters: 05 00 Signature: UnusedBits=0 0000 ae 9a 37 5f 1e 55 65 5e 66 4b 5b 4a 1e 24 11 92 0010 66 96 31 e3 50 46 cd 8c d1 d5 28 0c cc 8e 43 c8 0020 9b 05 06 89 b6 4d 7c 70 62 69 c8 55 6c d4 55 f4 0030 60 78 1b 7d 46 66 31 9e 06 55 d9 fc c2 83 ff 99 0040 78 8c fd 9b 7d e6 86 4b 37 cb 8d 6b 93 19 48 d5 0050 1f 18 be 91 f0 67 fb 3a a9 45 b4 42 c0 9a 6c 24 0060 21 5a 62 8b 33 4e c7 8d 11 ec 22 45 98 b6 58 b1 0070 bb 63 74 b3 1a 0d 68 cd 72 f5 48 2b c3 98 8c b8 Non-root Certificate Key Id Hash(sha1): 0a cf eb 4b 07 e7 03 a0 1f 4c ef 28 ee 72 56 f7 51 75 91 55 Cert Hash(md5): 18 87 5c cb f8 20 5d 24 4a bf 19 c7 13 0e fd b4 Cert Hash(sha1): 8b 24 cd 8d 8b 58 c6 da 72 ac e0 97 c7 b1 e3 ce a4 dc 3d c6 CERT_SUBJECT_PUBLIC_KEY_MD5_HASH_PROP_ID(25): 6e d6 ed 7d f5 2f c1 9b dc 9e 5f e9 e2 be 21 fb CERT_SHA1_HASH_PROP_ID(3): 8b 24 cd 8d 8b 58 c6 da 72 ac e0 97 c7 b1 e3 ce a4 dc 3d c6 CERT_KEY_IDENTIFIER_PROP_ID(20): 0a cf eb 4b 07 e7 03 a0 1f 4c ef 28 ee 72 56 f7 51 75 91 55 No stored keyset property

================ Certificate 7 ================ X509 Certificate: Version: 3 Serial Number: 52c820137c85a7edf217ce82c8451673 Signature Algorithm: Algorithm ObjectId: 1.2.840.113549.1.1.4 md5RSA Algorithm Parameters: 05 00 Issuer: OU=Class 2 Public Primary Certification Authority O=VeriSign, Inc. C=US NotBefore: 1998-5-12 8:00 NotAfter: 2004-1-7 7:59 Subject: CN=VeriSign Class 2 CA - Individual Subscriber OU=www.verisign.com/repository/RPA Incorp. By Ref.,LIAB.LTD(c)98 OU=VeriSign Trust Network O=VeriSign, Inc. Public Key Algorithm: Algorithm ObjectId: 1.2.840.113549.1.1.1 RSA Algorithm Parameters: 05 00 Public Key Length: 1024 bits Public Key: UnusedBits = 0 0000 30 81 89 02 81 81 00 b5 cb 1a 54 5e 25 b0 2c 59 0010 5f 09 6b d0 da d6 4a 4b 11 9d 1a 0a 3e 7e 2f b7 0020 65 5f 17 63 15 e5 2c d0 20 00 0c f0 ba 6b aa 5e 0030 49 b1 68 93 83 25 ac 24 5f a2 23 1c 69 4d b8 3b 0040 db 7d da 8f c1 09 cf a5 58 3a b6 4b c4 d4 db d8 0050 ae 75 fa 86 22 99 22 01 28 60 a5 db d5 30 df 21 0060 70 5e 48 99 ad 21 54 91 d1 de 5f fb 38 29 53 1b 0070 e2 7a 53 58 c5 0d 5d 13 07 b3 50 c4 06 4b 39 f8 0080 54 ab b9 8b 69 12 13 02 03 01 00 01 Certificate Extensions: 5 2.16.840.1.113730.1.1: Flags = 0, Length = 4 Netscape Cert Type SSL CA, SMIME CA (06) 2.5.29.31: Flags = 0, Length = 2e CRL 分发点 [1]CRL Distribution Point Distribution Point Name: Full Name: URL=http://crl.verisign.com/pca2.1.1.crl 2.5.29.32: Flags = 0, Length = 40 证书策略 [1]Certificate Policy: Policy Identifier=2.16.840.1.113733.1.7.1.1 [1,1]Policy Qualifier Info: Policy Qualifier Id=CPS Qualifier: www.verisign.com/repository/RPA 2.5.29.19: Flags = 0, Length = 8 基本限制 Subject Type=CA Path Length Constraint=0 2.5.29.15: Flags = 0, Length = 4 密钥用法 Certificate Signing, Off-line CRL Signing, CRL Signing (06) Signature Algorithm: Algorithm ObjectId: 1.2.840.113549.1.1.4 md5RSA Algorithm Parameters: 05 00 Signature: UnusedBits=0 0000 b9 0c 7f 92 2f 28 41 18 a1 08 a0 dc eb 4c f3 bd 0010 c1 b0 e6 ec 82 a2 ed 20 03 70 5f c7 a0 f3 5a fe 0020 34 1b 21 97 ef 68 7e 40 cb 6c b7 c0 f9 1d d8 08 0030 65 90 85 c6 16 62 8b 8f d7 48 89 c1 a1 34 de bf 0040 2f 01 56 82 99 9b 64 d0 08 bb 9f ae d9 05 58 d4 0050 07 81 52 8a c4 75 d5 89 17 ec dd ce 84 b2 b8 52 0060 9a 8f 14 37 11 44 14 8c a8 a6 49 b4 18 3b f4 e1 0070 5e 24 d3 cd 38 fa 5f 55 e9 d8 ea 22 51 63 0b 92 Non-root Certificate Key Id Hash(sha1): 9f 5c 30 60 e8 c8 10 ca 1f bf 25 9e 10 49 11 2e e1 c0 01 a4 Cert Hash(md5): cf a8 b4 c1 43 b9 a2 8e 18 4e 52 85 87 c0 71 80 Cert Hash(sha1): 7b 02 31 2b ac c5 9e c3 88 fe ae 12 fd 27 7f 6a 9f b4 fa c1 CERT_SUBJECT_PUBLIC_KEY_MD5_HASH_PROP_ID(25): c4 f1 f9 0b 27 87 ec e2 1c 32 34 0d f7 6c c6 7c CERT_SHA1_HASH_PROP_ID(3): 7b 02 31 2b ac c5 9e c3 88 fe ae 12 fd 27 7f 6a 9f b4 fa c1 CERT_KEY_IDENTIFIER_PROP_ID(20): 9f 5c 30 60 e8 c8 10 ca 1f bf 25 9e 10 49 11 2e e1 c0 01 a4 No stored keyset property
================ Certificate 8 ================ X509 Certificate: Version: 3 Serial Number: 6108892e000000000007 Signature Algorithm: Algorithm ObjectId: 1.2.840.113549.1.1.5 sha1RSA Algorithm Parameters: 05 00 Issuer: CN=Microsoft Root Certificate Authority DC=microsoft DC=com NotBefore: 2005-2-25 1:48 NotAfter: 2017-2-10 1:58 Subject: CN=MSN Content PCA O=Microsoft Corporation L=Redmond S=Washington C=US Public Key Algorithm: Algorithm ObjectId: 1.2.840.113549.1.1.1 RSA Algorithm Parameters: 05 00 Public Key Length: 2048 bits Public Key: UnusedBits = 0 0000 30 82 01 0a 02 82 01 01 00 e1 13 75 09 0c c2 ee 0010 8a f2 fe 67 86 39 ca 0d d4 41 5b d2 e4 06 eb f1 0020 a8 05 6b b4 73 36 9b 64 d0 15 5f 79 28 6f fb c6 0030 80 ea d8 d9 2d 30 f7 77 dc 96 7f ac d2 0a ae b6 0040 e6 56 5a f6 fb 8a 0d ab 75 27 ae 3c d2 0c 9d 65 0050 9f 5b 7e 0e 41 88 97 d5 61 6b 1a 85 77 75 0f 70 0060 fe 64 a6 43 56 9d 9b 35 20 8a a7 b2 38 f9 92 d1 0070 67 36 4d 54 81 1f 0d dc 3a 6d 91 49 65 22 db 8f 0080 28 f1 29 3b cb 47 70 09 8e 77 39 4b 6a d1 10 9c 0090 3b 27 c1 8b 2f 69 93 18 ea 39 7b fc 06 f5 e3 3c 00a0 77 83 30 6f 35 ac c6 f5 9f 87 77 cb 22 dc 09 98 00b0 05 c9 79 4b 09 c8 43 ea 5d ad 7b 31 00 b0 6e c8 00c0 f4 03 d9 ef 65 0b 15 0a de a9 27 b1 b1 15 b5 5a 00d0 35 2e 86 a4 63 ff b9 3c 15 ba a0 2f 8e 74 7a ac 00e0 58 8e 45 2f 82 0a 8f 2c 0e 31 df 51 08 28 72 1c 00f0 55 0e b3 6e 59 1b 94 db be a7 5f 91 d9 03 42 98 0100 44 39 b0 81 7f 1a 03 a6 89 02 03 01 00 01 Certificate Extensions: 8 1.3.6.1.4.1.311.21.1: Flags = 0, Length = 3 CA 版本 V1.0 2.5.29.14: Flags = 0, Length = 16 主题密钥标识符 60 30 cb 54 91 3f ce 19 aa 8f b3 1c 3c c7 53 d5 19 bf 71 32 2.5.29.15: Flags = 0, Length = 4 密钥用法 Digital Signature, Non-Repudiation, Certificate Signing, Off-line CRL Signing, CRL Signing (c6) 2.5.29.19: Flags = 1(Critical), Length = 5 基本限制 Subject Type=CA Path Length Constraint=None 2.5.29.35: Flags = 0, Length = 90 颁发机构密钥标识符 KeyID=0e ac 82 60 40 56 27 97 e5 25 13 fc 2a e1 0a 53 95 59 e4 a4 Certificate Issuer: Directory Address: CN=Microsoft Root Certificate Authority DC=microsoft DC=com Certificate SerialNumber=79 ad 16 a1 4a a0 a5 ad 4c 73 58 f4 07 13 2e 65 2.5.29.31: Flags = 0, Length = 49 CRL 分发点 [1]CRL Distribution Point Distribution Point Name: Full Name: URL=http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl 1.3.6.1.5.5.7.1.1: Flags = 0, Length = 48 颁发机构信息访问 [1]Authority Info Access Access Method=证书颁发机构颁发者 (1.3.6.1.5.5.7.48.2) Alternative Name: URL=http://www.microsoft.com/pki/certs/MicrosoftRootCert.crt 2.5.29.32: Flags = 0, Length = 6d 证书策略 [1]Certificate Policy: Policy Identifier=1.3.6.1.4.1.311.21.47 [1,1]Policy Qualifier Info: Policy Qualifier Id=用户通告 Qualifier: Notice Text=Copyright ? 2005 Microsoft Corporation Signature Algorithm: Algorithm ObjectId: 1.2.840.113549.1.1.5 sha1RSA Algorithm Parameters: 05 00 Signature: UnusedBits=0 0000 8b a2 68 62 81 df 36 cb 64 df e8 c4 f1 32 99 7f 0010 eb 22 09 d0 c4 66 f4 5e d5 90 1d 77 c6 39 e9 38 0020 9b b6 22 f5 df 05 45 5b 44 15 89 ce 9d b1 fb 02 0030 42 54 a7 a9 b1 49 32 5b 98 10 63 27 22 83 b8 f7 0040 ef 43 a0 de 7d d8 5e 45 7e 88 62 c1 5b 0e a9 14 0050 1b 49 22 8f 07 02 79 c6 bb 82 47 6e 8d 13 e8 a0 0060 e1 98 2e 1c e7 a7 6d 4f 77 61 53 ab 3d 1b b6 64 0070 ff d7 ba 77 1e ae 23 95 53 2e 40 18 34 fc a7 88 0080 d2 fe d8 4c fe f0 c0 20 dc f1 75 da 94 5b 7c 77 0090 56 ea 40 3c 43 35 12 15 7e 31 74 3f 2e 3e df e4 00a0 02 ca 91 3b 51 84 76 f3 c8 31 32 6d b8 bb 3a cb 00b0 1e 9e 74 4b 8b 79 b2 42 c1 7d a3 62 76 7b 04 fa 00c0 17 34 3f 6d 02 80 c9 47 6b 70 6e fd cf a6 1e 20 00d0 93 c1 21 58 ca 28 cb ee 76 e1 df a2 62 90 8b dc 00e0 b7 9c 81 ab 49 18 37 04 26 2b 5b bf ea 51 a3 93 00f0 2d 68 3e 45 03 9b 5d f7 a7 fa e5 74 ff 4d ca b6 0100 fe 5c 5c 53 06 fb c7 2b 45 fd 6c 60 32 51 c5 16 0110 6b dd b3 a4 58 bb b3 75 cf 36 86 bc 62 63 6e 75 0120 44 c2 81 57 79 28 9b d8 0d 58 fd 68 02 e6 c5 4f 0130 8b 26 8d 21 4d df 81 44 d4 3d 58 b5 f2 08 34 6b 0140 c6 62 15 58 72 49 1e a5 32 de 72 42 d4 a9 61 44 0150 1d 9c ae 89 c6 d4 06 e3 20 d6 05 4f d1 2d 21 1f 0160 df 9c f4 24 25 97 16 dd 33 ce d5 ea f6 ab e4 80 0170 05 cd 00 a0 0c a5 25 61 aa d2 7d 0c ee 11 3d ad 0180 df a4 8b 1a f1 b0 74 db 41 27 77 7c 04 a3 f5 7c 0190 e4 69 07 ad 85 3f a1 1c 08 15 90 b9 e7 6b 5c f2 01a0 b0 8f d0 e3 ff f3 39 93 e6 7b f5 08 ae cd 11 66 01b0 d2 2d 60 72 5f 6d 7f 13 a2 70 28 e9 31 ae 07 0f 01c0 cb c0 f3 6e 85 8b 7b 11 12 fb cc 41 cb e3 65 8e 01d0 6c 4d 8b a1 f4 59 d5 92 bb 4d 3a d8 d2 3b 23 04 01e0 df 5d 93 83 b9 0b 25 96 de 4d ba ba 12 3b 03 44 01f0 45 12 08 aa d6 5e fa 5f e9 a9 4f 27 43 4a 3c c3 Non-root Certificate Key Id Hash(sha1): 60 30 cb 54 91 3f ce 19 aa 8f b3 1c 3c c7 53 d5 19 bf 71 32 Cert Hash(md5): 6c ef ca 89 61 e9 5f d0 b8 1b 35 df dd 6a 67 4c Cert Hash(sha1): 4c 4d 56 48 81 41 76 5b f4 29 a0 21 df 24 87 25 fa d5 9f f8 CERT_SUBJECT_PUBLIC_KEY_MD5_HASH_PROP_ID(25): 4c 4a 0f 73 80 3f b3 f3 f0 e1 ae fe bb af e2 39 CERT_SHA1_HASH_PROP_ID(3): 4c 4d 56 48 81 41 76 5b f4 29 a0 21 df 24 87 25 fa d5 9f f8 CERT_KEY_IDENTIFIER_PROP_ID(20): 60 30 cb 54 91 3f ce 19 aa 8f b3 1c 3c c7 53 d5 19 bf 71 32 No stored keyset property

================ Certificate 9 ================ X509 Certificate: Version: 3 Serial Number: 92f3bba649ab4fa511d33bb929e27850 Signature Algorithm: Algorithm ObjectId: 1.2.840.113549.1.1.4 md5RSA Algorithm Parameters: 05 00 Issuer: CN=Root SGC Authority NotBefore: 1999-7-17 4:00 NotAfter: 2004-7-17 4:00 Subject: E=server-certs@thawte.com CN=Thawte Server CA OU=Certification Services Division O=Thawte Consulting cc L=Cape Town S=Western Cape C=ZA Public Key Algorithm: Algorithm ObjectId: 1.2.840.113549.1.1.1 RSA Algorithm Parameters: 05 00 Public Key Length: 1024 bits Public Key: UnusedBits = 0 0000 30 81 89 02 81 81 00 d3 a4 50 6e c8 ff 56 6b e6 0010 cf 5d b6 ea 0c 68 75 47 a2 aa c2 da 84 25 fc a8 0020 f4 47 51 da 85 b5 20 74 94 86 1e 0f 75 c9 e9 08 0030 61 f5 06 6d 30 6e 15 19 02 e9 52 c0 62 db 4d 99 0040 9e e2 6a 0c 44 38 cd fe be e3 64 09 70 c5 fe b1 0050 6b 29 b6 2f 49 c8 3b d4 27 04 25 10 97 2f e7 90 0060 6d c0 28 42 99 d7 4c 43 de c3 f5 21 6d 54 9f 5d 0070 c3 58 e1 c0 e4 d9 5b b0 b8 dc b4 7b df 36 3a c2 0080 b5 66 22 12 d6 87 0d 02 03 01 00 01 Certificate Extensions: 3 2.5.29.10: Flags = 0, Length = 6 基本限制 Subject Type=CA Path Length Constraint=None 2.5.29.37: Flags = 0, Length = 19 增强型密钥用法未知密钥用法 (1.3.6.1.4.1.311.10.3.3) 未知密钥用法 (2.16.840.1.113730.4.1) 2.5.29.1: Flags = 0, Length = 41 颁发机构密钥标识符 KeyID=0d 27 29 e4 05 2a 97 b4 77 58 35 47 93 2d 06 b8 Certificate Issuer: CN=Root SGC Authority Certificate SerialNumber=20 9d 11 d1 0e 7f 7b 85 74 80 Signature Algorithm: Algorithm ObjectId: 1.2.840.113549.1.1.4 md5RSA Algorithm Parameters: 05 00 Signature: UnusedBits=0 0000 b4 00 a2 c3 d2 5e 0f ec 6b ed cd 62 b2 94 06 4a 0010 33 fe 0c fc 5b 63 d8 66 65 a4 c6 62 82 87 11 47 0020 b0 9a f6 04 64 6e 4e 2a 4a 85 98 7a 56 1b 94 0c 0030 9e 69 54 13 53 bb 56 55 a3 8f 88 f0 31 37 db 7e 0040 17 d1 35 1b ee bc 77 04 e7 e8 34 89 70 cc c1 c5 0050 19 ae e5 b0 c2 93 1e ff 77 2b 40 80 1c bc 33 2d 0060 5c 23 23 3d 84 58 ee 4b 24 bb 51 ff a9 49 a2 df 0070 09 c8 e2 81 33 5d 65 d4 c8 f2 70 04 f4 8d 46 cd 0080 33 3f c9 29 6f 89 17 60 58 c1 47 d8 14 85 f7 02 0090 6c 32 53 0c ba 7e fd 12 bc 2e 13 d3 40 af ac 06 00a0 19 fe 22 84 e1 da ab f3 03 9e 6d ff 3f d1 52 29 00b0 8e 0d 1c 8f ab d3 d9 c9 1c 76 3b 6d 52 e9 95 5f 00c0 b0 fc 38 ed 75 8a a5 55 a5 3f 61 ec 02 d9 64 aa 00d0 06 f6 e3 3b 92 4f 3f 78 6a b3 dc 83 27 05 f4 6a 00e0 3c 76 32 40 ab 13 02 52 65 2c 2f 3e 75 fd 5a 24 00f0 2e 8a 5c 96 bf 0a 91 4e 3f bd 1b dd 29 09 de 83 Non-root Certificate Key Id Hash(sha1): 07 15 28 6d 70 73 aa b2 8a 7c 0f 86 ce 38 93 00 38 05 8a b1 Cert Hash(md5): bd c0 6e da bc 23 b1 df 0a 16 e0 47 3e a1 f9 af Cert Hash(sha1): 2d 69 a2 0e c4 f0 cd 19 03 7f d6 d6 24 6b 1e e0 ec 41 ba 22 CERT_KEY_IDENTIFIER_PROP_ID(20): 07 15 28 6d 70 73 aa b2 8a 7c 0f 86 ce 38 93 00 38 05 8a b1 CERT_SHA1_HASH_PROP_ID(3): 2d 69 a2 0e c4 f0 cd 19 03 7f d6 d6 24 6b 1e e0 ec 41 ba 22 CERT_SUBJECT_PUBLIC_KEY_MD5_HASH_PROP_ID(25): 41 87 d1 f7 d5 69 d7 ca b1 29 11 1d f8 99 91 81 CERT_MD5_HASH_PROP_ID(4): bd c0 6e da bc 23 b1 df 0a 16 e0 47 3e a1 f9 af No stored keyset property

================ Certificate 10 ================ X509 Certificate: Version: 3 Serial Number: 087c8e1fad9b56a511d3569a2c4a68a0 Signature Algorithm: Algorithm ObjectId: 1.2.840.113549.1.1.4 md5RSA Algorithm Parameters: 05 00 Issuer: CN=Root SGC Authority NotBefore: 1999-8-20 8:57 NotAfter: 2019-6-24 15:00 Subject: CN=UTN - DATACorp SGC OU=http://www.usertrust.com O=The USERTRUST Network L=Salt Lake City S=UT C=US Public Key Algorithm: Algorithm ObjectId: 1.2.840.113549.1.1.1 RSA Algorithm Parameters: 05 00 Public Key Length: 2048 bits Public Key: UnusedBits = 0 0000 30 82 01 0a 02 82 01 01 00 df ee 58 10 a2 2b 6e 0010 55 c4 8e bf 2e 46 09 e7 e0 08 0f 2e 2b 7a 13 94 0020 1b bd f6 b6 80 8e 65 05 93 00 1e bc af e2 0f 8e 0030 19 0d 12 47 ec ac ad a3 fa 2e 70 f8 de 6e fb 56 0040 42 15 9e 2e 5c ef 23 de 21 b9 05 76 27 19 0f 4f 0050 d6 c3 9c b4 be 94 19 63 f2 a6 11 0a eb 53 48 9c 0060 be f2 29 3b 16 e8 1a a0 4c a6 c9 f4 18 59 68 c0 0070 70 f2 53 00 c0 5e 50 82 a5 56 6f 36 f9 4a e0 44 0080 86 a0 4d 4e d6 47 6e 49 4a cb 67 d7 a6 c4 05 b9 0090 8e 1e f4 fc ff cd e7 36 e0 9c 05 6c b2 33 22 15 00a0 d0 b4 e0 cc 17 c0 b2 c0 f4 fe 32 3f 29 2a 95 7b 00b0 d8 f2 a7 4e 0f 54 7c a1 0d 80 b3 09 03 c1 ff 5c 00c0 dd 5e 9a 3e bc ae bc 47 8a 6a ae 71 ca 1f b1 2a 00d0 b8 5f 42 05 0b ec 46 30 d1 72 0b ca e9 56 6d f5 00e0 ef df 78 be 61 ba b2 a5 ae 04 4c bc a8 ac 69 15 00f0 97 bd ef eb b4 8c bf 35 f8 d4 c3 d1 28 0e 5c 3a 0100 9f 70 18 33 20 77 c4 a2 af 02 03 01 00 01 Certificate Extensions: 3 2.5.29.10: Flags = 0, Length = 6 基本限制 Subject Type=CA Path Length Constraint=None 2.5.29.37: Flags = 0, Length = 19 增强型密钥用法未知密钥用法 (1.3.6.1.4.1.311.10.3.3) 未知密钥用法 (2.16.840.1.113730.4.1) 2.5.29.1: Flags = 0, Length = 41 颁发机构密钥标识符 KeyID=0d 27 29 e4 05 2a 97 b4 77 58 35 47 93 2d 06 b8 Certificate Issuer: CN=Root SGC Authority Certificate SerialNumber=20 9d 11 d1 0e 7f 7b 85 74 80 Signature Algorithm: Algorithm ObjectId: 1.2.840.113549.1.1.4 md5RSA Algorithm Parameters: 05 00 Signature: UnusedBits=0 0000 cb 66 12 26 98 b0 53 db 07 ac 57 54 0e 6e 9c 89 0010 e8 c1 df 4b 60 45 f1 17 40 cc 27 c2 17 0e ad 43 0020 0f 1d d2 f6 e3 e7 94 2d d6 6f 57 e2 08 22 ce 97 0030 9f dc 5f fa 17 c3 c3 c2 02 c1 10 19 18 b8 94 53 0040 cc 1b 95 eb 69 83 3f d8 5b 49 7f bd cb 05 e8 d8 0050 48 b3 7d 33 87 32 40 56 b5 cc 4a 53 df 54 46 0d 0060 26 a5 a6 3b 33 03 5d 7a 9d af 0f 02 23 3a da e1 0070 90 a6 66 de fb a5 60 3c 2a 48 eb 52 a0 5e 2c d2 0080 47 e9 09 f5 10 46 7c 85 eb b1 97 fb f9 da bd 86 0090 98 fb 9f c3 d1 50 bf d5 1d 42 7a 45 1a 45 6a fc 00a0 3d 16 df 6f 26 28 f0 79 0e 30 5e 0a 4d d8 e3 d2 00b0 70 89 51 6c 1f 7b eb c9 d6 5b cc ea 5b 84 7f 30 00c0 6e fe 18 99 ad 65 23 11 7c bb cc b9 d1 cb 24 d8 00d0 7e 19 8f de 25 ef 1e 4d e4 42 64 3f e0 d9 34 87 00e0 29 7b ad 86 3f 37 5c 81 c9 86 4a 4b 88 4c 14 92 00f0 c1 82 a1 df 38 d1 d5 63 57 74 95 ae 5d e8 f8 e2 Non-root Certificate Key Id Hash(sha1): 53 32 d1 b3 cf 7f fa e0 f1 a0 5d 85 4e 92 d2 9e 45 1d b4 4f Cert Hash(md5): 1c 17 8a 91 62 67 d5 ac 94 50 70 84 7b 6f 6d 8a Cert Hash(sha1): 18 92 71 e5 73 fe d2 95 a8 c1 30 ea f3 57 a2 0c 4a 9f 11 5e CERT_SUBJECT_PUBLIC_KEY_MD5_HASH_PROP_ID(25): 99 c0 39 58 d4 13 8c 59 ae 87 67 2b eb 67 43 2a CERT_SHA1_HASH_PROP_ID(3): 18 92 71 e5 73 fe d2 95 a8 c1 30 ea f3 57 a2 0c 4a 9f 11 5e CERT_KEY_IDENTIFIER_PROP_ID(20): 53 32 d1 b3 cf 7f fa e0 f1 a0 5d 85 4e 92 d2 9e 45 1d b4 4f No stored keyset property

================ Certificate 11 ================ X509 Certificate: Version: 3 Serial Number: 0d8b4feeaad2185bf4756a9d29e17ffb Signature Algorithm: Algorithm ObjectId: 1.2.840.113549.1.1.2 md2RSA Algorithm Parameters: 05 00 Issuer: OU=Class 1 Public Primary Certification Authority O=VeriSign, Inc. C=US NotBefore: 1998-5-12 8:00 NotAfter: 2008-5-13 7:59 Subject: CN=VeriSign Class 1 CA Individual Subscriber-Persona Not Validated OU=www.verisign.com/repository/RPA Incorp. By Ref.,LIAB.LTD(c)98 OU=VeriSign Trust Network O=VeriSign, Inc. Public Key Algorithm: Algorithm ObjectId: 1.2.840.113549.1.1.1 RSA Algorithm Parameters: 05 00 Public Key Length: 1024 bits Public Key: UnusedBits = 0 0000 30 81 89 02 81 81 00 bb 5a 44 8a 04 16 bb 55 fd 0010 03 7a 8a 2d 94 4f 15 78 36 b8 0d 4a b2 6f 9c 54 0020 bf bc e8 77 2a 9d b9 f0 68 bb 95 d9 31 41 70 7a 0030 81 4b b9 48 13 56 2d c7 08 e1 84 42 ab c0 a2 92 0040 ab 44 5c aa 42 f0 82 0e 02 e9 2f fb c2 3b bb be 0050 c9 27 0a 5d b6 b0 36 42 33 b5 6e 54 88 4f 87 4a 0060 bf 19 da f9 15 e8 0f 87 b6 1c e3 cc c6 9a 8e 7f 0070 6a 24 92 e3 fc e0 65 ba a7 b1 7e ef c9 db 37 6a 0080 c8 4a c8 09 06 e4 99 02 03 01 00 01 Certificate Extensions: 5 2.16.840.1.113730.1.1: Flags = 0, Length = 4 Netscape Cert Type SSL CA, SMIME CA (06) 2.5.29.31: Flags = 0, Length = 2e CRL 分发点 [1]CRL Distribution Point Distribution Point Name: Full Name: URL=http://crl.verisign.com/pca1.1.1.crl 2.5.29.32: Flags = 0, Length = 40 证书策略 [1]Certificate Policy: Policy Identifier=2.16.840.1.113733.1.7.1.1 [1,1]Policy Qualifier Info: Policy Qualifier Id=CPS Qualifier: www.verisign.com/repository/RPA 2.5.29.19: Flags = 0, Length = 8 基本限制 Subject Type=CA Path Length Constraint=0 2.5.29.15: Flags = 0, Length = 4 密钥用法 Certificate Signing, Off-line CRL Signing, CRL Signing (06) Signature Algorithm: Algorithm ObjectId: 1.2.840.113549.1.1.2 md2RSA Algorithm Parameters: 05 00 Signature: UnusedBits=0 0000 ad 1f 73 d8 ae 3e aa e5 3e a0 33 83 ef 17 33 bd 0010 c5 9a 0d 64 94 f4 37 7c c4 13 eb 68 f1 e9 5b 24 0020 a5 a7 b0 64 a9 35 c1 9d e1 3e bd 0a cd 33 b2 20 0030 cd b0 33 06 8c 65 cf d2 21 e3 d9 f5 22 aa de 8a 0040 d1 83 8c 5a f8 42 06 bc f2 09 09 78 34 c8 e7 b9 0050 03 e6 07 c5 08 6c 9b 10 de 8e 21 31 a8 d5 c4 52 0060 4a 1c 0b 11 65 ad 79 9b 32 95 5e 2e 4e 5e c5 a0 0070 89 50 2f 55 4d ec 08 bf ac 4c 79 8c df 0e 7c 42 Non-root Certificate Key Id Hash(sha1): 58 63 7c 48 ea 9b ea f2 0b 64 73 25 12 f2 26 cc a5 7b 9a 5a Cert Hash(md5): ca 66 3c fc 71 2b ba 41 92 71 dd 72 ad e5 65 65 Cert Hash(sha1): 12 51 9a e9 cd 77 7a 56 01 84 f1 fb d5 42 15 22 2e 95 e7 1f CERT_SUBJECT_PUBLIC_KEY_MD5_HASH_PROP_ID(25): a8 89 c4 49 64 03 d2 61 9e 04 0a d2 82 ff c1 59 CERT_SHA1_HASH_PROP_ID(3): 12 51 9a e9 cd 77 7a 56 01 84 f1 fb d5 42 15 22 2e 95 e7 1f CERT_KEY_IDENTIFIER_PROP_ID(20): 58 63 7c 48 ea 9b ea f2 0b 64 73 25 12 f2 26 cc a5 7b 9a 5a No stored keyset property

================ Certificate 12 ================ X509 Certificate: Version: 3 Serial Number: 198b11d13f9a8ffe69a0 Signature Algorithm: Algorithm ObjectId: 1.2.840.113549.1.1.4 md5RSA Algorithm Parameters: 05 00 Issuer: CN=Microsoft Root Authority OU=Microsoft Corporation OU=Copyright (c) 1997 Microsoft Corp. NotBefore: 1997-10-1 15:00 NotAfter: 2002-12-31 15:00 Subject: CN=Microsoft Windows Hardware Compatibility OU=Microsoft Corporation OU=Microsoft Windows Hardware Compatibility Intermediate CA OU=Copyright (c) 1997 Microsoft Corp. Public Key Algorithm: Algorithm ObjectId: 1.2.840.113549.1.1.1 RSA Algorithm Parameters: 05 00 Public Key Length: 1024 bits Public Key: UnusedBits = 0 0000 30 81 89 02 81 81 00 e0 4e 10 0e b8 a7 ef 21 ca 0010 60 5a dc 9f 1e 3e 83 77 5a 29 2e f9 4e e5 08 5d 0020 de e1 cf 09 c0 1f 44 b7 07 a8 4b a4 22 30 3b 19 0030 06 83 ee f3 ac 27 78 ae ca d6 40 2b ce 79 01 e1 0040 9d 56 8b 36 72 b1 63 90 5f a0 b2 c0 66 a6 49 c5 0050 3c fa 26 a2 62 c3 d3 b5 cc 61 15 4c f2 3f b4 e7 0060 45 08 43 89 7f 6a 8d d5 66 fb d7 ff 64 00 c4 11 0070 fd 2c a3 0b 75 b0 fb e5 ac 26 65 a3 81 e6 66 49 0080 3d 1d 73 7a 9b 71 d7 02 03 01 00 01 Certificate Extensions: 3 2.5.29.19: Flags = 1(Critical), Length = 5 基本限制 Subject Type=CA Path Length Constraint=None 2.5.29.37: Flags = 0, Length = 18 增强型密钥用法代码签名 (1.3.6.1.5.5.7.3.3) Windows 硬件驱动程序验证 (1.3.6.1.4.1.311.10.3.5) 2.5.29.1: Flags = 0, Length = 9a 颁发机构密钥标识符 KeyID=5b d0 70 ef 69 72 9e 23 51 7e 14 b2 4d 8e ff cb Certificate Issuer: CN=Microsoft Root Authority OU=Microsoft Corporation OU=Copyright (c) 1997 Microsoft Corp. Certificate SerialNumber=00 c1 00 8b 3c 3c 88 11 d1 3e f6 63 ec df 40 Signature Algorithm: Algorithm ObjectId: 1.2.840.113549.1.1.4 md5RSA Algorithm Parameters: 05 00 Signature: UnusedBits=0 0000 01 2c cb 1e 74 bd 55 60 51 a5 95 c6 ca f0 49 a4 0010 f3 4a e7 6e 9a cd 7e e8 8e 71 54 52 46 eb 05 95 0020 d7 a8 ba d2 f2 09 bc 39 9a 52 ee 7f 03 17 6d f6 0030 a7 bc 39 46 51 78 59 3d 81 07 b5 8c 23 9f e3 b5 0040 cd 5c 0b 45 94 0a bc 3e 36 ea 28 75 bc ac 5f 6f 0050 81 a7 2a bb ff dc ce 0c 43 08 4a 9b 50 5b c9 a8 0060 bb 08 5e ae b4 af ea c2 e2 6c f3 41 c7 26 bc 15 0070 ff 80 be 9e 0c 07 51 93 27 29 ad 33 04 05 b7 b7 0080 b4 9c 56 f3 53 18 d0 b4 0a 2d c5 ef 36 ad 61 01 0090 e0 1e 57 31 47 60 15 96 53 1b 62 62 87 c6 98 ab 00a0 22 84 84 d1 63 2a 5b ff cd a2 ea 79 ad 6a 44 a7 00b0 39 6d 16 1b b2 98 74 09 a7 dc 05 b4 86 d1 7c 35 00c0 3a d7 d4 71 d6 7b 4b 44 54 af df 51 2d 24 44 11 00d0 24 cc 92 d5 c9 09 15 0e 08 b3 0e 71 8f 5e 65 d5 00e0 28 28 52 54 b9 af d0 3c 96 7d 5f fc c2 4d 2d ad 00f0 40 4d 64 0b 05 2c 58 49 e8 8b 60 83 76 58 d8 16 Non-root Certificate Key Id Hash(sha1): 26 5d 05 07 d8 2f a2 60 84 bd 83 7d f5 21 80 a7 05 6f 5a 85 Cert Hash(md5): 09 c2 54 bd e4 ea 50 f2 6d 14 97 f2 9c 51 af 6d Cert Hash(sha1): 10 9f 1c ae d6 45 bb 78 b3 ea 2b 94 c0 69 7c 74 07 33 03 1c CERT_MD5_HASH_PROP_ID(4): 09 c2 54 bd e4 ea 50 f2 6d 14 97 f2 9c 51 af 6d CERT_KEY_IDENTIFIER_PROP_ID(20): 26 5d 05 07 d8 2f a2 60 84 bd 83 7d f5 21 80 a7 05 6f 5a 85 CERT_SUBJECT_PUBLIC_KEY_MD5_HASH_PROP_ID(25): 83 b6 53 18 66 4e 6f a2 45 e0 d7 60 9f b9 58 20 CERT_ISSUER_PUBLIC_KEY_MD5_HASH_PROP_ID(24): 3f c8 cb 0b c0 52 41 e5 8d 65 e9 44 8b 2d 07 c2 CERT_SIGNATURE_HASH_PROP_ID(15): 05 85 87 0a 20 bd 9e 68 5a 85 14 a9 82 bb 2b e2 CERT_SHA1_HASH_PROP_ID(3): 10 9f 1c ae d6 45 bb 78 b3 ea 2b 94 c0 69 7c 74 07 33 03 1c No stored keyset property

================ Certificate 13 ================ X509 Certificate: Version: 3 Serial Number: 610971d8000100000005 Signature Algorithm: Algorithm ObjectId: 1.2.840.113549.1.1.5 sha1RSA Algorithm Parameters: 05 00 Issuer: CN=MSN Content PCA O=Microsoft Corporation L=Redmond S=Washington C=US NotBefore: 2005-2-25 2:03 NotAfter: 2010-2-25 2:13 Subject: CN=MSN Content Authentication CA O=Microsoft Corporation L=Redmond S=Washington C=US Public Key Algorithm: Algorithm ObjectId: 1.2.840.113549.1.1.1 RSA Algorithm Parameters: 05 00 Public Key Length: 2048 bits Public Key: UnusedBits = 0 0000 30 82 01 0a 02 82 01 01 00 92 94 79 a8 c5 ec ed 0010 df ce 32 e4 3d b3 2b 60 0f f3 98 03 f9 ca 2e c3 0020 d9 1e 1b e6 c1 90 fd b4 b6 99 0d ce 90 80 9b e4 0030 8b 96 10 02 47 8a bc fe f0 0c cc 23 0c 68 15 be 0040 d1 74 c2 b1 fa 0d 4b b1 40 25 59 29 bc 90 7d 61 0050 68 c1 10 91 13 73 98 d6 bc 46 d2 8a 14 5c 7c c3 0060 ce a8 ca f5 e7 7e 45 2e 09 fc 7a a3 f0 9a 8b a0 0070 cd 89 2d c4 7d fa cc d2 aa 54 f8 c0 e4 2c 16 02 0080 39 c4 77 32 f2 38 15 46 f3 27 9f 9f 39 26 30 51 0090 43 66 ea eb 6a 88 6b 07 a0 86 4e a4 64 d1 54 57 00a0 89 83 41 4b e9 4e 1c 95 9f 94 2a 62 84 35 8f f6 00b0 80 64 71 ba 88 32 65 8d 57 31 b3 c5 16 ab be 27 00c0 a1 a4 ad 3b 3b 51 44 5d 61 80 c4 ec 58 d9 ed 4f 00d0 6c d7 47 69 46 9b 06 f5 af 0d a6 b5 6f 4e b9 69 00e0 c0 e2 04 2d 2e bf 1e 32 c9 c9 2d aa 1c f6 15 32 00f0 9e 2a 2e 95 10 78 39 c8 42 2c 87 58 ba 1d 9b 6c 0100 d8 1c 3b b1 8d fb 1f eb 8d 02 03 01 00 01 Certificate Extensions: 9 1.3.6.1.4.1.311.21.1: Flags = 0, Length = 3 CA 版本 V1.0 2.5.29.14: Flags = 0, Length = 16 主题密钥标识符 75 e0 63 75 90 0e 3f 33 78 fd a8 76 7f ab 53 08 b3 dc 0b ea 2.5.29.15: Flags = 0, Length = 4 密钥用法 Digital Signature, Non-Repudiation, Certificate Signing, Off-line CRL Signing, CRL Signing (c6) 2.5.29.19: Flags = 1(Critical), Length = 5 基本限制 Subject Type=CA Path Length Constraint=None 2.5.29.35: Flags = 0, Length = 8a 颁发机构密钥标识符 KeyID=60 30 cb 54 91 3f ce 19 aa 8f b3 1c 3c c7 53 d5 19 bf 71 32 Certificate Issuer: Directory Address: CN=Microsoft Root Certificate Authority DC=microsoft DC=com Certificate SerialNumber=61 08 89 2e 00 00 00 00 00 07 2.5.29.31: Flags = 0, Length = 45 CRL 分发点 [1]CRL Distribution Point Distribution Point Name: Full Name: URL=http://crl.microsoft.com/pki/crl/products/MSNContentPCA.crl 1.3.6.1.5.5.7.1.1: Flags = 0, Length = 44 颁发机构信息访问 [1]Authority Info Access Access Method=证书颁发机构颁发者 (1.3.6.1.5.5.7.48.2) Alternative Name: URL=http://www.microsoft.com/pki/certs/MSNContentPCA.crt 2.5.29.37: Flags = 0, Length = 22 增强型密钥用法代码签名 (1.3.6.1.5.5.7.3.3) 时间戳 (1.3.6.1.5.5.7.3.8) 未知密钥用法 (1.3.6.1.4.1.311.51.1.3) 2.5.29.32: Flags = 0, Length = 6d 证书策略 [1]Certificate Policy: Policy Identifier=1.3.6.1.4.1.311.21.47 [1,1]Policy Qualifier Info: Policy Qualifier Id=用户通告 Qualifier: Notice Text=Copyright ? 2005 Microsoft Corporation Signature Algorithm: Algorithm ObjectId: 1.2.840.113549.1.1.5 sha1RSA Algorithm Parameters: 05 00 Signature: UnusedBits=0 0000 7c a0 c4 cb a9 9b 0f 72 fa e2 b6 b8 87 91 88 cc 0010 9b 62 ff 91 f8 2e cf 24 8b e9 12 68 2f aa c1 ce 0020 b9 42 45 68 9f 64 1c fe 7a 03 47 0c 86 9b de 0f 0030 7d 1f 48 b9 82 2d 6e c4 c1 7b 77 d6 ab 1d a3 e2 0040 aa f3 da 11 8b 37 79 38 2d 2e 6a 34 53 93 2c a7 0050 29 4d 6b 5d 24 80 f8 30 51 5a 08 ed 51 da a2 83 0060 9c 62 06 26 19 e5 e7 78 e2 6d a4 51 56 4b 5d ad 0070 03 67 a2 38 a3 31 03 fe 5d 56 f4 26 a4 ed 50 3c 0080 24 93 6f 0f d2 04 fe df e0 68 7a d9 9e 1d 13 3c 0090 e7 a7 82 72 1e b8 4b f5 14 2e e6 2e 64 e4 eb a4 00a0 a4 7c 31 ef 73 5c de 59 26 e8 cd 16 a6 06 b1 bd 00b0 42 cf 4d 64 7e 16 a1 87 f7 f1 6b 64 8b 8e ee 57 00c0 aa b3 30 c1 d6 65 89 de ca 73 bd 3c c7 b7 c3 4a 00d0 54 2f c8 c3 65 13 76 c6 20 71 c3 95 79 6e 47 fd 00e0 f8 af da b8 2a 1a 6e 4f 6c 00 3a 5e 84 ab 47 f4 00f0 33 e5 6a 37 fe b1 7a 9a 1b 92 ec 79 2a d4 fb d4 Non-root Certificate Key Id Hash(sha1): 75 e0 63 75 90 0e 3f 33 78 fd a8 76 7f ab 53 08 b3 dc 0b ea Cert Hash(md5): c3 1c 70 01 8e 0d 80 5b 65 07 fd 32 dc 40 a7 d9 Cert Hash(sha1): 0c 92 54 d4 47 40 6a ce 01 11 22 a1 6a af 8b 73 ad a6 75 a0 CERT_SUBJECT_PUBLIC_KEY_MD5_HASH_PROP_ID(25): 14 54 99 00 aa 88 78 32 62 ae 46 02 fa 43 9b ac CERT_SHA1_HASH_PROP_ID(3): 0c 92 54 d4 47 40 6a ce 01 11 22 a1 6a af 8b 73 ad a6 75 a0 CERT_KEY_IDENTIFIER_PROP_ID(20): 75 e0 63 75 90 0e 3f 33 78 fd a8 76 7f ab 53 08 b3 dc 0b ea No stored keyset property

================ Certificate 14 ================ X509 Certificate: Version: 3 Serial Number: 8fb2adb53a9056a511d356947cedeec0 Signature Algorithm: Algorithm ObjectId: 1.2.840.113549.1.1.4 md5RSA Algorithm Parameters: 05 00 Issuer: CN=Root SGC Authority NotBefore: 1999-8-20 8:16 NotAfter: 2006-2-23 15:00 Subject: CN=GTE CyberTrust Root O=GTE Corporation C=US Public Key Algorithm: Algorithm ObjectId: 1.2.840.113549.1.1.1 RSA Algorithm Parameters: 05 00 Public Key Length: 1024 bits Public Key: UnusedBits = 0 0000 30 81 89 02 81 81 00 b8 e6 4f ba db 98 7c 71 7c 0010 af 44 b7 d3 0f 46 d9 64 e5 93 c1 42 8e c7 ba 49 0020 8d 35 2d 7a e7 8b bd e5 05 31 59 c6 b1 2f 0a 0c 0030 fb 9f a7 3f a2 09 66 84 56 1e 37 29 1b 87 e9 7e 0040 0c ca 9a 9f a5 7f f5 15 94 a3 d5 a2 46 82 d8 68 0050 4c d1 37 15 06 68 af bd f8 b0 b3 f0 29 f5 95 5a 0060 09 16 61 77 0a 22 25 d4 4f 45 aa c7 bd e5 96 df 0070 f9 d4 a8 8e 42 cc 24 c0 1e 91 27 4a b5 6d 06 80 0080 63 39 c4 a2 5e 38 03 02 03 01 00 01 Certificate Extensions: 3 2.5.29.10: Flags = 0, Length = 6 基本限制 Subject Type=CA Path Length Constraint=None 2.5.29.37: Flags = 0, Length = 19 增强型密钥用法未知密钥用法 (1.3.6.1.4.1.311.10.3.3) 未知密钥用法 (2.16.840.1.113730.4.1) 2.5.29.1: Flags = 0, Length = 41 颁发机构密钥标识符 KeyID=0d 27 29 e4 05 2a 97 b4 77 58 35 47 93 2d 06 b8 Certificate Issuer: CN=Root SGC Authority Certificate SerialNumber=20 9d 11 d1 0e 7f 7b 85 74 80 Signature Algorithm: Algorithm ObjectId: 1.2.840.113549.1.1.4 md5RSA Algorithm Parameters: 05 00 Signature: UnusedBits=0 0000 94 21 22 a9 23 ea 8f 2c 48 d1 4f 2d 18 98 99 ee 0010 f3 24 11 47 4d f9 dc 24 8a 54 89 17 2b b4 27 6a 0020 57 f5 6e 21 d7 92 98 af 8a 28 ba 9a 71 98 fd 77 0030 88 db e5 3f 1f 49 d6 42 c9 50 e5 53 3d 5b 85 5c 0040 55 a0 f9 24 02 3c 98 d2 7c f6 07 1d 07 3c 21 d9 0050 0e 96 d4 7c e7 b6 03 5c 80 fc 02 61 b5 e0 df b5 0060 81 08 ff 03 1a 54 8d 35 66 8b 1b 4c 0c d2 60 55 0070 48 7d 83 c5 6d d8 6d 08 8c 9b 83 a9 51 f4 52 bf 0080 6b 93 0e 8b ac b2 8e 10 fd da 1f 22 78 3c 2d b4 0090 7c 31 ae 2d 2c 33 b7 29 61 f2 9b f9 11 6c 26 41 00a0 b4 59 b2 87 39 40 f9 ed e5 6a 51 60 68 06 c6 24 00b0 0f f3 b6 21 93 1f 37 1c 91 07 06 37 33 31 1f ff 00c0 a2 0d 7b 7c 69 b9 41 cf 0e d1 83 b0 9e b0 b0 8a 00d0 eb 2f 36 bd 00 7d b3 fc 4f 78 ea de 28 9f b3 a5 00e0 e0 ff 8e ad cc 37 e4 48 09 78 68 f4 4c 92 19 e2 00f0 45 74 80 d4 a8 94 1a c7 33 e3 4f 3c e3 c9 88 79 Non-root Certificate Key Id Hash(sha1): e5 a1 7b f4 87 33 50 d8 1e 82 b7 96 39 9f 1e 51 60 fb 2e 1e Cert Hash(md5): ea 17 4b b9 64 24 45 ee c9 2b db b8 61 66 da 49 Cert Hash(sha1): 06 3d a6 77 48 f0 ec cc 69 0d 31 9b cd cd 0e 72 ac 8d 48 d5 CERT_SUBJECT_PUBLIC_KEY_MD5_HASH_PROP_ID(25): 12 fa bd 58 ac d5 fc 77 cd 76 08 b3 d3 37 8c 3d CERT_SHA1_HASH_PROP_ID(3): 06 3d a6 77 48 f0 ec cc 69 0d 31 9b cd cd 0e 72 ac 8d 48 d5 CERT_KEY_IDENTIFIER_PROP_ID(20): e5 a1 7b f4 87 33 50 d8 1e 82 b7 96 39 9f 1e 51 60 fb 2e 1e No stored keyset property

一个吊销:

================ CRL 0 ================ X509 Certificate Revocation List:

Version: 2 Signature
Algorithm: Algorithm ObjectId: 1.2.840.113549.1.1.2 md2RSA
Algorithm Parameters: 05 00

Issuer: OU=VeriSign Commercial Software Publishers CA O=VeriSign, Inc.

L=Internet
ThisUpdate: 2001-3-24 8:00 NextUpdate: 2004-1-8 7:59

CRL Entries: 3

Serial Number:
1b5190f73724399c9254cd424637996a Revocation Date: 2001-1-30 8:01
Serial Number:

750e40ff97f047edf556c7084eb1abfd Revocation Date: 2001-1-31 8:00

Serial Number:
77e65a4359935d5f7a75801acdadc222 Revocation Date: 2000-8-31 8:00

CRL Extensions: 2 2.5.29.19: Flags = 0, Length = 2

基本限制 Subject Type=End Entity Path Length Constraint=None 2.5.29.15: Flags = 0, Length = 4

密钥用法 Digital Signature, Key Encipherment (a0)

Signature Algorithm:

Algorithm ObjectId: 1.2.840.113549.1.1.2 md2RSA

Algorithm Parameters: 05 00
Signature: UnusedBits=0 0000 cd 9c 9c 3b 63 51 4d 43 67 08 ea c9 7a ab 07 15 0010 be 97 0c 92 c8 b1 4e 06 a0 52 28 82 94 e3 a3 72 0020 1d 66 18 19 f5 43 80 d7 8f 64 fb 6f 30 b4 22 e4 0030 84 f1 ad 6e 8e 75 0c e6 15 22 cd 5e aa a7 7e 3d 0040 21 06 7f 90 0a f5 bd 08 c4 0d 22 62 91 6a 74 46 0050 ac 6a e7 9d 39 c1 4b 0c cf 8a 89 9b cf 0e 83 1e 0060 21 7e 67 fa 0c c0 ab 65 0e dd 19 59 da f9 bb 64 0070 bf 11 b8 5d 48 54 88 3d 4a 91 6d 16 fc e8 2c 18 CRL

Hash(md5): 4f 02 34 ad 0e e3 7e 31 82 d3 5b 0e bf af bc 3e

CRL Hash(sha1): a3 77 d1 b1 c0 53 88 33 03 52 11 f4 08 3d 00 fe cc 41 4d ab

CERT_SHA1_HASH_PROP_ID(3):

a3 77 d1 b1 c0 53 88 33 03 52 11 f4 08 3d 00 fe cc 41 4d ab

CertUtil: -store command completed successfully.

2009年11月3日 6:32

0

登录进行投票

certutil -V -error 和NET HELPMSG 一样

C:\WINDOWS\system32>certutil -V -error 1
402.203.0: 0x80070057 (WIN32: 87): ..CertCli Version
0x1 (1) -- 1 (1)
Error message text: 函数不正确。 0x1 (1)
CertUtil: -error command completed successfully.

C:\WINDOWS\system32>certutil -V -error 2
402.203.0: 0x80070057 (WIN32: 87): ..CertCli Version
0x2 (2) -- 2 (2)
Error message text: 系统找不到指定的文件。 0x2 (2)
CertUtil: -error command completed successfully.

C:\WINDOWS\system32>certutil -V -error 3
402.203.0: 0x80070057 (WIN32: 87): ..CertCli Version
0x3 (3) -- 3 (3)
Error message text: 系统找不到指定的路径。 0x3 (3)
CertUtil: -error command completed successfully.

C:\WINDOWS\system32>NET HELPMSG 3

系统找不到指定的路径。

C:\WINDOWS\system32>NET HELPMSG 1

函数不正确。

C:\WINDOWS\system32>

2009年11月3日 7:20

0

登录进行投票

C:\WINDOWS\system32>certutil -v -encodehex Blob13_0.crt "C:\Documents and Settin gs\user\My Documents\333.cer" 402.203.0: 0x80070057 (WIN32: 87): ..CertCli Version Input Length = 1437 Output Length = 6657 CertUtil: -encodehex command completed successfully. C:\WINDOWS\system32>certutil -v -decodehex "C:\Documents and Settings\user\My Do cuments\333.cer" "C:\Documents and Settings\user\My Documents\444.cer" 402.203.0: 0x80070057 (WIN32: 87): ..CertCli Version Input Length = 6657 Output Length = 1437 CertUtil: -decodehex command completed successfully. C:\WINDOWS\system32> C:\WINDOWS\system32>certutil -v -decode "C:\Documents and Settings\user\My Docum ents\111.cer" "C:\Documents and Settings\user\My Documents\222.cer" 402.203.0: 0x80070057 (WIN32: 87): ..CertCli Version Input Length = 1492 Output Length = 1043 CertUtil: -decode command completed successfully. C:\WINDOWS\system32>certutil -v -decode "C:\Documents and Settings\user\My Docum ents\111.cer" "C:\Documents and Settings\user\My Documents\222" 402.203.0: 0x80070057 (WIN32: 87): ..CertCli Version Input Length = 1492 Output Length = 1043 C:\WINDOWS\system32>certutil -v -decode "C:\Documents and Settings\user\My Docum ents\111.cer" "C:\Documents and Settings\user\My Documents\555.req" 402.203.0: 0x80070057 (WIN32: 87): ..CertCli Version Input Length = 1492 Output Length = 1043 CertUtil: -decode command completed successfully. C:\WINDOWS\system32>certutil -v -decode "C:\Documents and Settings\user\My Docum ents\555.req" "C:\Documents and Settings\user\My Documents\666.der" 402.203.0: 0x80070057 (WIN32: 87): ..CertCli Version DecodeFile returned 数据无效。 0x8007000d (WIN32: 13) CertUtil: -decode command FAILED: 0x8007000d (WIN32: 13) CertUtil: 数据无效。 301.3128.0: 0x8007000d (WIN32: 13) C:\WINDOWS\system32>certutil -v -encode "C:\Documents and Settings\user\My Docum ents\555.req" "C:\Documents and Settings\user\My Documents\666.der" 402.203.0: 0x80070057 (WIN32: 87): ..CertCli Version Input Length = 1043 Output Length = 1492 CertUtil: -encode command completed successfully.

2009年11月3日 8:24

0

登录进行投票

2009年11月3日 9:06

0

登录进行投票

C:\Documents and Settings\user\My Documents\我接收到的文件\Cabs.adminpak>reg que
ry HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNE
L /s

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL
EventLogging REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\C
iphers

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\C
iphers\DES 56/56

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\C
iphers\NULL

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\C
iphers\RC2 128/128

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\C
iphers\RC2 40/128

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\C
iphers\RC2 56/128

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\C
iphers\RC4 128/128

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\C
iphers\RC4 40/128

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\C
iphers\RC4 56/128

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\C
iphers\Triple DES 168/168

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\H
ashes

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\H
ashes\MD5

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\H
ashes\SHA

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\K
eyExchangeAlgorithms

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\K
eyExchangeAlgorithms\Diffie-Hellman

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\K
eyExchangeAlgorithms\PKCS

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\P
rotocols

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\P
rotocols\Multi-Protocol Unified Hello

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\P
rotocols\Multi-Protocol Unified Hello\Client

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\P
rotocols\Multi-Protocol Unified Hello\Server

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\P
rotocols\PCT 1.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\P
rotocols\PCT 1.0\Client

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\P
rotocols\PCT 1.0\Server

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\P
rotocols\SSL 2.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\P
rotocols\SSL 2.0\Client

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\P
rotocols\SSL 2.0\Server

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\P
rotocols\SSL 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\P
rotocols\SSL 3.0\Client

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\P
rotocols\SSL 3.0\Server

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\P
rotocols\TLS 1.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\P
rotocols\TLS 1.0\Client

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\P
rotocols\TLS 1.0\Server

C:\Documents and Settings\user\My Documents\我接收到的文件\Cabs.adminpak>CERTREQ

2009年11月3日 9:53

0

登录进行投票

google:

SCHANNEL\Protocols 子项

协议的注册表项下 SCHANNEL 键用于的控件使用的协议支持由 Schannel.dll 文件，并限制该协议使用 TLS 服务器或 TLS 的客户端。

若要禁止使用的 SSL 3.0 或 TLS 1.0 之外的其他协议，请将 Enabled 值的 DWORD 鍊兼暟鎹改为 0x0 中下面的注册表项，在协议键下的每个：

SCHANNEL\Protocols\PCT 1.0\Client
SCHANNEL\Protocols\PCT 1.0\Server
SCHANNEL\Protocols\SSL 2.0\Client
SCHANNEL\Protocols\SSL 2.0\Server

目前的 Microsoft 消息队列使用的客户端和服务器之间只有 PCT 1.0

SCHANNEL\Ciphers 子项

密码的注册表项下 SCHANNEL 键用于控制如 DES 或 RC4 对称算法的使用。以下是在密码键下的有效注册表项。

SCHANNEL\Ciphers\RC4 128/128 子项:

rc4 128/128

此子项是指 128 位 RC4。

要允许此密码算法、 0xffffffff 到更改启用值的 DWORD 值数据，否则更改为 0x0 的 DWORD 值数据。如果不配置启用值，启用了默认值。此注册表项不能应用于不具备 SGC 证书

---------------------------------------------------------------------------------------

des:有好几种：0xffffffff 到更改 启用，否则更改为 0x0 ，不配置启用值，启用了默认值，但有很多不允许禁用的算法。。。

TLS 1.0 和SSL 3.0 ：{}是要在regedit里建的值：

ssl_rsa_export_with_rc4_40_md5	{0x00，0x03}
ssl_rsa_with_rc4_128_md5	{0x00，0x04}

SSL_RSA_WITH_DES_CBC_SHA	{0x00，0x09}
ssl_rsa_with_3des_ede_cbc_sha	{0x00，0x0A}
ssl_rsa_export1024_with_des_cbc_sha	{0x00，0x62}
ssl_rsa_export1024_with_rc4_56_sha	{0x00，0x64}

TLS_RSA_WITH_DES_CBC_SHA	{0x00，0x09}
tls_rsa_with_3des_ede_cbc_sha	{0x00，0x0A}
tls_rsa_export1024_with_des_cbc_sha	{0x00，0x62

tls_rsa_export_with_rc4_40_md5

{0x00，0x03}

tls_rsa_with_rc4_128_md5

{0x00，0x04}

1

。。。。SCHANNEL\Ciphers\Triple DES 128/128 子项:

三重 DES 168/168

2

。。。。SCHANNEL\Ciphers\RC2 56/56 子项:

DES 56/56

3

SCHANNEL\Hashes\MD5 子项:

md5

=====
例子：
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Hashes\MD5]
"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Hashes\SHA]
"Enabled"=dword:ffffffff

已标记为答案 sbkk 2009年11月28日 7:40

2009年11月5日 6:48

积极答复者

如何强制https使用指定的算法

问题

答案

google:

SCHANNEL\Protocols 子项

SCHANNEL\Ciphers 子项

全部回复

不知道这两命令行不行。。。要SERVER版才行，没法试：

1
NETSH /add sslcert

add timeout

google:

SCHANNEL\Protocols 子项

SCHANNEL\Ciphers 子项

积极答复者

如何强制https使用指定的算法

问题

答案

google:SCHANNEL\Protocols 子项

SCHANNEL\Ciphers 子项

全部回复

不知道这两命令行不行。。。要SERVER版才行，没法试：1NETSH /add sslcert

add timeout

google:SCHANNEL\Protocols 子项

SCHANNEL\Ciphers 子项

google:

SCHANNEL\Protocols 子项

不知道这两命令行不行。。。要SERVER版才行，没法试：

1
NETSH /add sslcert

google:

SCHANNEL\Protocols 子项