This is the certificate returned by gmail:
dualbus@ubuntu:~$ openssl x509 -in invalid.der -inform DER -text Certificate: Data: Version: 3 (0x2) Serial Number: 90:76:89:18:e9:33:93:a0 Signature Algorithm: sha256WithRSAEncryption Issuer: OU = "No SNI provided; please fix your client.", CN = invalid2.invalid Validity Not Before: Jan 1 00:00:00 2015 GMT Not After : Jan 1 00:00:00 2030 GMT Subject: OU = "No SNI provided; please fix your client.", CN = invalid2.invalid Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:cd:62:4f:e5:c3:13:84:98:0c:05:e4:ef:44:a2: a5:ec:de:99:71:90:1b:28:35:40:b4:d0:4d:9d:18: 48:81:28:ad:5f:10:b3:2a:db:7d:ae:9d:91:1e:42: e7:ef:aa:19:8d:d3:4e:db:91:0f:a7:e4:20:32:25: 94:fe:b9:24:07:4d:18:d7:c3:9a:87:0e:5f:8b:cb: 3e:2b:d7:51:bf:a8:be:81:23:a2:bf:68:e5:21:e5: bf:4b:48:4e:b3:05:14:0c:7d:09:5c:59:04:3c:a2: 0b:ce:99:79:30:be:f0:76:9e:64:b7:dd:ef:1f:16: bb:1e:cc:0e:b4:0c:44:cf:65:ad:c4:c7:5e:ce:6f: f7:0a:03:b7:b2:5b:36:d3:09:77:5b:4d:e2:23:e9: 02:b7:b1:f2:be:11:b2:d9:a4:4f:2e:12:5f:78:00: 69:42:bd:14:92:ed:ea:ea:6b:68:9b:2d:9c:80:56: b0:7a:43:7f:5f:f6:87:f0:a9:27:5f:bf:7d:30:f7: 2e:5a:eb:4c:da:af:3c:9a:d5:04:06:cb:99:9b:2d: a7:b2:32:bd:27:bf:f2:86:10:91:0f:33:95:ff:26: 3c:73:9f:a5:fe:ef:eb:5a:ec:30:91:9d:a5:83:31: a9:e3:10:41:7e:15:dd:af:af:a6:f6:49:b0:58:25: 26:f5 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment, Certificate Sign X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:TRUE X509v3 Subject Key Identifier: BB:0F:38:96:6F:3E:BE:4F:2B:46:D0:41:6A:D4:AC:B5 Signature Algorithm: sha256WithRSAEncryption b9:d9:e2:54:5c:f5:61:ed:69:f3:b8:63:ed:03:5a:9e:2a:81: 27:5a:1b:28:33:4b:fc:2d:71:13:fe:4b:65:7e:1c:53:82:79: 80:e6:79:9f:6a:b3:45:a9:36:5a:ed:c9:e0:4a:cc:11:fc:84: eb:7d:cb:c6:94:6d:90:70:d8:cd:45:d8:c8:b6:dd:0f:9d:84: 01:14:7d:00:8e:29:b2:13:b6:e9:c1:b9:57:c3:4d:36:c0:1d: 4b:8d:97:f7:b2:af:bf:2f:f0:48:22:d7:7d:f3:ef:35:60:c9: d5:46:d4:a0:34:00:e4:82:07:e0:7a:e6:09:5b:a7:1f:b1:30: 2a:60:64:bb:b1:f5:31:f2:77:08:37:b4:fa:3f:2d:f6:1b:44: 2a:1f:f8:c6:fc:23:76:42:63:d3:ba:15:f6:46:8e:ec:49:9f: ed:2e:c7:74:83:a2:b6:b7:35:7f:c5:98:9f:a2:91:30:93:b0: cb:48:15:68:47:de:1a:32:60:06:a6:38:eb:88:4e:93:d9:1c: 3e:f2:3f:49:5f:6e:e9:dc:18:31:2a:01:0b:b6:61:66:d8:c5: 18:b1:7e:ad:95:4b:18:2f:81:66:c5:72:69:20:04:b6:29:13: c8:83:59:3d:ca:76:5b:a8:d7:ee:8f:1d:a0:da:2e:0d:92:69: c3:98:e8:6a -----BEGIN CERTIFICATE----- MIIDfDCCAmSgAwIBAgIJAJB2iRjpM5OgMA0GCSqGSIb3DQEBCwUAME4xMTAvBgNV BAsMKE5vIFNOSSBwcm92aWRlZDsgcGxlYXNlIGZpeCB5b3VyIGNsaWVudC4xGTAX BgNVBAMTEGludmFsaWQyLmludmFsaWQwHhcNMTUwMTAxMDAwMDAwWhcNMzAwMTAx MDAwMDAwWjBOMTEwLwYDVQQLDChObyBTTkkgcHJvdmlkZWQ7IHBsZWFzZSBmaXgg eW91ciBjbGllbnQuMRkwFwYDVQQDExBpbnZhbGlkMi5pbnZhbGlkMIIBIjANBgkq hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzWJP5cMThJgMBeTvRKKl7N6ZcZAbKDVA tNBNnRhIgSitXxCzKtt9rp2RHkLn76oZjdNO25EPp+QgMiWU/rkkB00Y18Oahw5f i8s+K9dRv6i+gSOiv2jlIeW/S0hOswUUDH0JXFkEPKILzpl5ML7wdp5kt93vHxa7 HswOtAxEz2WtxMdezm/3CgO3sls20wl3W03iI+kCt7HyvhGy2aRPLhJfeABpQr0U ku3q6mtomy2cgFawekN/X/aH8KknX799MPcuWutM2q88mtUEBsuZmy2nsjK9J7/y hhCRDzOV/yY8c5+l/u/rWuwwkZ2lgzGp4xBBfhXdr6+m9kmwWCUm9QIDAQABo10w WzAOBgNVHQ8BAf8EBAMCAqQwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC MA8GA1UdEwEB/wQFMAMBAf8wGQYDVR0OBBIEELsPOJZvPr5PK0bQQWrUrLUwDQYJ KoZIhvcNAQELBQADggEBALnZ4lRc9WHtafO4Y+0DWp4qgSdaGygzS/wtcRP+S2V+ HFOCeYDmeZ9qs0WpNlrtyeBKzBH8hOt9y8aUbZBw2M1F2Mi23Q+dhAEUfQCOKbIT tunBuVfDTTbAHUuNl/eyr78v8Egi133z7zVgydVG1KA0AOSCB+B65glbpx+xMCpg ZLux9THydwg3tPo/LfYbRCof+Mb8I3ZCY9O6FfZGjuxJn+0ux3SDora3NX/FmJ+i kTCTsMtIFWhH3hoyYAamOOuITpPZHD7yP0lfbuncGDEqAQu2YWbYxRixfq2VSxgv gWbFcmkgBLYpE8iDWT3Kdluo1+6PHaDaLg2SacOY6Go= -----END CERTIFICATE-----
This is the certificate returned by gmail:
dualbus@ubuntu:~$ openssl x509 -in invalid.der -inform DER -text
90: 76:89:18: e9:33:93: a0 cryption
Modulus:
00: cd:62:4f: e5:c3:13: 84:98:0c: 05:e4:ef: 44:a2:
a5: ec:de:99: 71:90:1b: 28:35:40: b4:d0:4d: 9d:18:
48: 81:28:ad: 5f:10:b3: 2a:db:7d: ae:9d:91: 1e:42:
e7: ef:aa:19: 8d:d3:4e: db:91:0f: a7:e4:20: 32:25:
94: fe:b9:24: 07:4d:18: d7:c3:9a: 87:0e:5f: 8b:cb:
3e: 2b:d7:51: bf:a8:be: 81:23:a2: bf:68:e5: 21:e5:
bf: 4b:48:4e: b3:05:14: 0c:7d:09: 5c:59:04: 3c:a2:
0b: ce:99:79: 30:be:f0: 76:9e:64: b7:dd:ef: 1f:16:
bb: 1e:cc:0e: b4:0c:44: cf:65:ad: c4:c7:5e: ce:6f:
f7: 0a:03:b7: b2:5b:36: d3:09:77: 5b:4d:e2: 23:e9:
02: b7:b1:f2: be:11:b2: d9:a4:4f: 2e:12:5f: 78:00:
69: 42:bd:14: 92:ed:ea: ea:6b:68: 9b:2d:9c: 80:56:
b0: 7a:43:7f: 5f:f6:87: f0:a9:27: 5f:bf:7d: 30:f7:
2e: 5a:eb:4c: da:af:3c: 9a:d5:04: 06:cb:99: 9b:2d:
a7: b2:32:bd: 27:bf:f2: 86:10:91: 0f:33:95: ff:26:
3c: 73:9f:a5: fe:ef:eb: 5a:ec:30: 91:9d:a5: 83:31:
a9: e3:10:41: 7e:15:dd: af:af:a6: f6:49:b0: 58:25:
26: f5
Exponent: 65537 (0x10001)
Digital Signature, Key Encipherment, Certificate Sign
CA:TRUE
BB:0F: 38:96:6F: 3E:BE:4F: 2B:46:D0: 41:6A:D4: AC:B5 cryption
b9:d9: e2:54:5c: f5:61:ed: 69:f3:b8: 63:ed:03: 5a:9e:2a: 81:
27:5a: 1b:28:33: 4b:fc:2d: 71:13:fe: 4b:65:7e: 1c:53:82: 79:
80:e6: 79:9f:6a: b3:45:a9: 36:5a:ed: c9:e0:4a: cc:11:fc: 84:
eb:7d: cb:c6:94: 6d:90:70: d8:cd:45: d8:c8:b6: dd:0f:9d: 84:
01:14: 7d:00:8e: 29:b2:13: b6:e9:c1: b9:57:c3: 4d:36:c0: 1d:
4b:8d: 97:f7:b2: af:bf:2f: f0:48:22: d7:7d:f3: ef:35:60: c9:
d5:46: d4:a0:34: 00:e4:82: 07:e0:7a: e6:09:5b: a7:1f:b1: 30:
2a:60: 64:bb:b1: f5:31:f2: 77:08:37: b4:fa:3f: 2d:f6:1b: 44:
2a:1f: f8:c6:fc: 23:76:42: 63:d3:ba: 15:f6:46: 8e:ec:49: 9f:
ed:2e: c7:74:83: a2:b6:b7: 35:7f:c5: 98:9f:a2: 91:30:93: b0:
cb:48: 15:68:47: de:1a:32: 60:06:a6: 38:eb:88: 4e:93:d9: 1c:
3e:f2: 3f:49:5f: 6e:e9:dc: 18:31:2a: 01:0b:b6: 61:66:d8: c5:
18:b1: 7e:ad:95: 4b:18:2f: 81:66:c5: 72:69:20: 04:b6:29: 13:
c8:83: 59:3d:ca: 76:5b:a8: d7:ee:8f: 1d:a0:da: 2e:0d:92: 69:
c3:98: e8:6a BAgIJAJB2iRjpM5 OgMA0GCSqGSIb3D QEBCwUAME4xMTAv BgNV wcm92aWRlZDsgcG xlYXNlIGZpeCB5b 3VyIGNsaWVudC4x GTAX saWQyLmludmFsaW QwHhcNMTUwMTAxM DAwMDAwWhcNMzAw MTAx wLwYDVQQLDChOby BTTkkgcHJvdmlkZ WQ7IHBsZWFzZSBm aXgg uMRkwFwYDVQQDEx BpbnZhbGlkMi5pb nZhbGlkMIIBIjAN Bgkq CAQ8AMIIBCgKCAQ EAzWJP5cMThJgMB eTvRKKl7N6ZcZAb KDVA zKtt9rp2RHkLn76 oZjdNO25EPp+ QgMiWU/ rkkB00Y18Oahw5f gSOiv2jlIeW/ S0hOswUUDH0JXFk EPKILzpl5ML7wdp 5kt93vHxa7 ezm/3CgO3sls20w l3W03iI+ kCt7HyvhGy2aRPL hJfeABpQr0U wekN/X/ aH8KknX799MPcuW utM2q88mtUEBsuZ my2nsjK9J7/ y yY8c5+l/ u/rWuwwkZ2lgzGp 4xBBfhXdr6+ m9kmwWCUm9QIDAQ ABo10w EBAMCAqQwHQYDVR 0lBBYwFAYIKwYBB QUHAwEGCCsGAQUF BwMC wQFMAMBAf8wGQYD VR0OBBIEELsPOJZ vPr5PK0bQQWrUrL UwDQYJ DggEBALnZ4lRc9W HtafO4Y+ 0DWp4qgSdaGygzS /wtcRP+ S2V+ pNlrtyeBKzBH8hO t9y8aUbZBw2M1F2 Mi23Q+dhAEUfQCO KbIT Nl/eyr78v8Egi13 3z7zVgydVG1KA0A OSCB+B65glbpx+ xMCpg /LfYbRCof+ Mb8I3ZCY9O6FfZG juxJn+0ux3SDora 3NX/FmJ+ i yYAamOOuITpPZHD 7yP0lfbuncGDEqA Qu2YWbYxRixfq2V Sxgv DWT3Kdluo1+ 6PHaDaLg2SacOY6 Go=
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
Signature Algorithm: sha256WithRSAEn
Issuer: OU = "No SNI provided; please fix your client.", CN = invalid2.invalid
Validity
Not Before: Jan 1 00:00:00 2015 GMT
Not After : Jan 1 00:00:00 2030 GMT
Subject: OU = "No SNI provided; please fix your client.", CN = invalid2.invalid
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
X509v3 extensions:
X509v3 Key Usage: critical
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
X509v3 Subject Key Identifier:
Signature Algorithm: sha256WithRSAEn
-----BEGIN CERTIFICATE-----
MIIDfDCCAmSgAwI
BAsMKE5vIFNOSSB
BgNVBAMTEGludmF
MDAwMDAwWjBOMTE
eW91ciBjbGllbnQ
hkiG9w0BAQEFAAO
tNBNnRhIgSitXxC
i8s+K9dRv6i+
HswOtAxEz2WtxMd
ku3q6mtomy2cgFa
hhCRDzOV/
WzAOBgNVHQ8BAf8
MA8GA1UdEwEB/
KoZIhvcNAQELBQA
HFOCeYDmeZ9qs0W
tunBuVfDTTbAHUu
ZLux9THydwg3tPo
kTCTsMtIFWhH3ho
gWbFcmkgBLYpE8i
-----END CERTIFICATE-----