Dear all,
I have been trying to verify hardware attestation certificates originating from different Android phones with the OpenSSL tool. There seems to be not too much information about how are these supposed to work. With OpenSSL I'm getting mixed results.
Android developer spec for certificate extension data schema is available at
The OpenSSL command shipping with Mac OS 10.13 (LibreSSL 2.2.7) fails even to parse these certificates.
OpenSSL 1.1.0g shipping with Ubuntu parses all of my example certificates just fine. However, trying to verify certificate chains sometime succeeds, sometime fails. ver 1.1.2-dev follows the same pattern.
So far, I have figured out the following patterns:
- Certificate chain extracted from a real world device is either 3 or 4 certificates.
- When the chain is 3 certificates, the middle and last certificates are always the same.
- Out of these 8 real world chains, I'm having
* 3 cases where OpenSSL verifies the chain just nice - branches a, g and h in the upcoming transcript.
* 1 case where OpenSSL gives error
error 20 at 0 depth lookup: unable to get local issuer certificate
error f1.pem: verification failed
139747492622784:error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long:crypto/asn1/asn1_lib.c:101:
139747492622784:error:0D068066:asn1 encoding routines:asn1_check_tlen:bad object header:crypto/asn1/tasn_dec.c:1118:
139747492622784:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:553:
* 4 cases where OpenSSL gives error
error 20 at 0 depth lookup: unable to get local issuer certificate
error e1.pem: verification failed
The hardware devices are in somewhat random order, as follows:
a: Nokia 8 running Android 8.1
b: Motorola Moto Z running Android 7.1.1
c: Nokia 1 running Android 8.1
d: Nokia 2 running Android 7.1.1
e: Sony Oneplus A5000 running Android 7.1.1
f: Huawei Honor 8 running Android 7.0
g: Nokia 5.1 running Android 8.0
h: OnePlus 3T running Android 8.0
Due to other OpenSSL implementations failing to even parse these certificates, I'm now in doubt is it my wrong usage pattern, certificates that are really faulty, or is this a bug with OpenSSL.
br,
Pietu
--- clip ---
Here's my full set of files and commands tried:
$ /usr/local/bin/openssl version
OpenSSL 1.1.2-dev xx XXX xxxx
$ md5sum a2.pem b2.pem d2.pem e2.pem f2.pem h2.pem
2575f8bb229a2c5bc02260dbc8af5575 a2.pem
2575f8bb229a2c5bc02260dbc8af5575 b2.pem
2575f8bb229a2c5bc02260dbc8af5575 d2.pem
2575f8bb229a2c5bc02260dbc8af5575 e2.pem
2575f8bb229a2c5bc02260dbc8af5575 f2.pem
2575f8bb229a2c5bc02260dbc8af5575 h2.pem
$ md5sum a3.pem b3.pem d3.pem e3.pem f3.pem h3.pem
0ec1822cb22ea66f96fc459633dfee78 a3.pem
0ec1822cb22ea66f96fc459633dfee78 b3.pem
0ec1822cb22ea66f96fc459633dfee78 d3.pem
0ec1822cb22ea66f96fc459633dfee78 e3.pem
0ec1822cb22ea66f96fc459633dfee78 f3.pem
0ec1822cb22ea66f96fc459633dfee78 h3.pem
$ # Test out chains with 3 certificates - a and h verify fine.
$ for branch in a; do echo; echo "Checking $branch"; cat "$branch"1.pem "$branch"2.pem "$branch"3.pem; /usr/local/bin/openssl verify -CAfile <(cat "$branch"2.pem "$branch"3.pem) "$branch"1.pem; echo; done
Checking a
-----BEGIN CERTIFICATE-----
MIICgDCCAiagAwIBAgIBATAKBggqhkjOPQQDAjCBiDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFTATBgNVBAoMDEdvb2dsZSwgSW5jLjEQMA4GA1UECwwHQW5kcm9pZDE7MDkGA1UEAwwyQW5kcm9pZCBLZXlzdG9yZSBTb2Z0d2FyZSBBdHRlc3RhdGlvbiBJbnRlcm1lZGlhdGUwIBcNNzAwMTAxMDAwMDAwWhgPMjEwNjAyMDcwNjI4MTVaMB8xHTAbBgNVBAMMFEFuZHJvaWQgS2V5c3RvcmUgS2V5MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEDRgbsaYD1OPI5P78IVIJsgQlAIDKIoGl7BAbuV4tkx0Km3tfcoMAwfWL1exnBoAxuw2ZHUhlNUhWE8kyAW7bsaOB5jCB4zALBgNVHQ8EBAMCB4AwgbIGCisGAQQB1nkCAREEgaMwgaACAQIKAQACAQEKAQEEC2hlbGxvIHdvcmxkBAAwSr+FPQgCBgFmrBioCL+FRToEODA2MRAwDgQJY29tLnB5eXBsAgEMMSIEIIMi9g2//U87C53x3twp61y6K1+22oaTkEjGgyTgXw37MDehBTEDAgECogMCAQOjBAICAQClCzEJAgEEAgEFAgEGqgMCAQG/g3cCBQC/hT4DAgEAv4U/AgUAMB8GA1UdIwQYMBaAFD/8rNYasTqegSC41SUcxWW7HpGpMAoGCCqGSM49BAMCA0gAMEUCIQC+ty2c6G69zydlw3mhdTV0C+IMN45WIxC4K4kpvQIT2wIgBE48WjBNlRTH3RWURiL1oIriLcfTlN7sKeMVkeH1PCU=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIICeDCCAh6gAwIBAgICEAEwCgYIKoZIzj0EAwIwgZgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3MRUwEwYDVQQKDAxHb29nbGUsIEluYy4xEDAOBgNVBAsMB0FuZHJvaWQxMzAxBgNVBAMMKkFuZHJvaWQgS2V5c3RvcmUgU29mdHdhcmUgQXR0ZXN0YXRpb24gUm9vdDAeFw0xNjAxMTEwMDQ2MDlaFw0yNjAxMDgwMDQ2MDlaMIGIMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEVMBMGA1UECgwMR29vZ2xlLCBJbmMuMRAwDgYDVQQLDAdBbmRyb2lkMTswOQYDVQQDDDJBbmRyb2lkIEtleXN0b3JlIFNvZnR3YXJlIEF0dGVzdGF0aW9uIEludGVybWVkaWF0ZTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABOueefhCY1msyyqRTImGzHCtkGaTgqlzJhP+rMv4ISdMIXSXSir+pblNf2bU4GUQZjW8U7ego6ZxWD7bPhGuEBSjZjBkMB0GA1UdDgQWBBQ//KzWGrE6noEguNUlHMVlux6RqTAfBgNVHSMEGDAWgBTIrel3TEXDo88NFhDkeUM6IVowzzASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIChDAKBggqhkjOPQQDAgNIADBFAiBLipt77oK8wDOHri/AiZi03cONqycqRZ9pDMfDktQPjgIhAO7aAV229DLp1IQ7YkyUBO86fMy9Xvsiu+f+uXc/WT/7
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIICizCCAjKgAwIBAgIJAKIFntEOQ1tXMAoGCCqGSM49BAMCMIGYMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzEVMBMGA1UECgwMR29vZ2xlLCBJbmMuMRAwDgYDVQQLDAdBbmRyb2lkMTMwMQYDVQQDDCpBbmRyb2lkIEtleXN0b3JlIFNvZnR3YXJlIEF0dGVzdGF0aW9uIFJvb3QwHhcNMTYwMTExMDA0MzUwWhcNMzYwMTA2MDA0MzUwWjCBmDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxFTATBgNVBAoMDEdvb2dsZSwgSW5jLjEQMA4GA1UECwwHQW5kcm9pZDEzMDEGA1UEAwwqQW5kcm9pZCBLZXlzdG9yZSBTb2Z0d2FyZSBBdHRlc3RhdGlvbiBSb290MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE7l1ex+HA220Dpn7mthvsTWpdamguD/9/SQ59dx9EIm29sa/6FsvHrcV30lacqrewLVQBXT5DKyqO107sSHVBpKNjMGEwHQYDVR0OBBYEFMit6XdMRcOjzw0WEOR5QzohWjDPMB8GA1UdIwQYMBaAFMit6XdMRcOjzw0WEOR5QzohWjDPMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgKEMAoGCCqGSM49BAMCA0cAMEQCIDUho++LNEYenNVg8x1YiSBq3KNlQfYNns6KGYxmSGB7AiBNC/NR2TB8fVvaNTQdqEcbY6WFZTytTySn502vQX3xvw==
-----END CERTIFICATE-----
a1.pem: OK
$ #for keeping msg length in moderation, not duplicating root and intermediate certificates
$ for branch in b d e f h; do echo; echo "Checking $branch"1.pem; cat "$branch"1.pem; /usr/local/bin/openssl verify -CAfile <(cat "$branch"2.pem "$branch"3.pem) "$branch"1.pem; echo; done
Checking b1.pem
-----BEGIN CERTIFICATE-----
MIIBzTCCAXOgAwIBAgIBATAKBggqhkjOPQQDAjAcMRowGAYDVQQDDBFBbmRyb2lkIEtleW1hc3RlcjAgFw03MDAxMDEwMDAwMDBaGA8yMTA2MDIwNzA2MjgxNVowGjEYMBYGA1UEAwwPQSBLZXltYXN0ZXIgS2V5MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEuvoG6Aobkj6eP+Q4bCf7vIY2hLvsQ9rRKG0mdD1YDPoE7lnth4ekSa+lhlMnieHrsH2pnGLZxP4jZoSk3GQdJaOBpTCBojALBgNVHQ8EBAMCB4AwcgYKKwYBBAHWeQIBEQRkMGICAQEKAQACAQEKAQEEC2hlbGxvIHdvcmxkBAAwDL+FPQgCBgFmrHjFgDA3oQUxAwIBAqIDAgEDowQCAgEApQsxCQIBBAIBBQIBBqoDAgEBv4N3AgUAv4U+AwIBAL+FPwIFADAfBgNVHSMEGDAWgBQ//KzWGrE6noEguNUlHMVlux6RqTAKBggqhkjOPQQDAgNIADBFAiEA+atKJFXAli8iI4u42gP+dRCarhtXYTPvSx4gBUoGWEsCIGdA9chHpZmRaNYr+oODruhF+Q1xIyLJYX+pq2q6wHvl
-----END CERTIFICATE-----
CN = A Keymaster Key
error 20 at 0 depth lookup: unable to get local issuer certificate
error b1.pem: verification failed
Checking d1.pem
-----BEGIN CERTIFICATE-----
MIIB1zCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAcMRowGAYDVQQDDBFBbmRyb2lkIEtleW1hc3RlcjAeFw03MDAxMDEwMDAwMDBaFw02OTEyMzEyMzU5NTlaMBoxGDAWBgNVBAMMD0EgS2V5bWFzdGVyIEtleTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABD2A/WLrFMSEGX3XdgKDlxcTAstZnlXgJRZsLC+Z55JR80UYfNgV7EfN3arpKMuJ3fFJ/cYEoACTLHjinhmXVFijgbEwga4wCwYDVR0PBAQDAgeAMH4GCisGAQQB1nkCAREEcDBuAgEBCgEAAgECCgEABAtoZWxsbyB3b3JsZAQAME+hBTEDAgECogMCAQOjBAICAQClCzEJAgEEAgEFAgEGqgMCAQG/g3cCBQC/hT0IAgYBZq9Wdbi/hT4DAgEAv4VBBQIDARHVv4VCBQIDAxRPMAAwHwYDVR0jBBgwFoAUP/ys1hqxOp6BILjVJRzFZbsekakwCgYIKoZIzj0EAwIDSAAwRQIhAObHcoPKw6ntrXr+EC7HmGJO9heDbSuFMjO9sbcOw6rYAiBXtqcI6p0VCDN+jPtztLYtxeqkCnZYDve8MTkrReNSJQ==
-----END CERTIFICATE-----
CN = A Keymaster Key
error 20 at 0 depth lookup: unable to get local issuer certificate
error d1.pem: verification failed
Checking e1.pem
-----BEGIN CERTIFICATE-----
MIIBzTCCAXOgAwIBAgIBATAKBggqhkjOPQQDAjAcMRowGAYDVQQDDBFBbmRyb2lkIEtleW1hc3RlcjAgFw03MDAxMDEwMDAwMDBaGA8yMTA2MDIwNzA2MjgxNVowGjEYMBYGA1UEAwwPQSBLZXltYXN0ZXIgS2V5MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE+KjC/Y5eImDnRgreH+fZeXj9r4725cHz3T8p7wCyWJKajku2c8khAJepG4fUEqHwiggPj7V5IWhaxzi29g7U1aOBpTCBojALBgNVHQ8EBAMCB4AwcgYKKwYBBAHWeQIBEQRkMGICAQEKAQACAQEKAQEEC2hlbGxvIHdvcmxkBAAwDL+FPQgCBgFmr+53yDA3oQUxAwIBAqIDAgEDowQCAgEApQsxCQIBBAIBBQIBBqoDAgEBv4N3AgUAv4U+AwIBAL+FPwIFADAfBgNVHSMEGDAWgBQ//KzWGrE6noEguNUlHMVlux6RqTAKBggqhkjOPQQDAgNIADBFAiEAmm+LNCeZRpBBHUxXGVU9VC/fxEwoLfbC3x7UNCd3ra4CIAW9JO5u6msXwvix4QD0OSBrdrzUCzuS9ItwfjZv+mB3
-----END CERTIFICATE-----
CN = A Keymaster Key
error 20 at 0 depth lookup: unable to get local issuer certificate
error e1.pem: verification failed
Checking f1.pem
-----BEGIN CERTIFICATE-----
MIIB/TCCAaSgAwIBAgIBATAKBggqhkjOPQQDAjAdMRswGQYDVQQDExJBbmRyb2lkIEtleW1hc3RlcjIwHhcNNzAwMTAxMDAwMDAwWhcNMDYwMjA3MDYyODE1WjAaMRgwFgYDVQQDEw9BIEtleW1hc3RlciBLZXkwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASiqHWB8dQg1/Fw67gZvYqIq2WZvbWFll4W5y2uz0UymS34g0FMGkwsJqAlnCquVFraoiaJH35x+jPrGqmdXy6Mo4HXMIHUMAsGA1UdDwQEAwIHgDAIBgNVHR8EAQAwgboGCisGAQQB1nkCAREEgaswgagCAQEKAQECAQIKAQEEC2hlbGxvIHdvcmxkBAAwJL+DdwIFAL+FPQgCBgFmxPuCBb+FQQUCAwERcL+FQgUCAwMUUDBloQUxAwIBAqIDAgEDowQCAgEApQUxAwIBBKoDAgEBv4U+AwIBAL+FQCowKAQgU0HmsmRpeacOV2UwB6HzEBaUIeyb3Z8aVkj3Wt4AWvEBAf8KAQC/hUEFAgMBEXC/hUIFAgMDFFAwCgYIKoZIzj0EAwIDRwAwRAIgEH9o6neMfv7o6ixwUkL4t7r5uS9FbMGAS9Pt9St9qecCICKhqBjZBisaGDSqE3Qo2vFUpvtB03tDHqlzScWXbry1
-----END CERTIFICATE-----
CN = A Keymaster Key
error 20 at 0 depth lookup: unable to get local issuer certificate
error f1.pem: verification failed
140121898299840:error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long:crypto/asn1/asn1_lib.c:101:
140121898299840:error:0D068066:asn1 encoding routines:asn1_check_tlen:bad object header:crypto/asn1/tasn_dec.c:1118:
140121898299840:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:553:
Checking h1.pem
-----BEGIN CERTIFICATE-----
MIICgDCCAiagAwIBAgIBATAKBggqhkjOPQQDAjCBiDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFTATBgNVBAoMDEdvb2dsZSwgSW5jLjEQMA4GA1UECwwHQW5kcm9pZDE7MDkGA1UEAwwyQW5kcm9pZCBLZXlzdG9yZSBTb2Z0d2FyZSBBdHRlc3RhdGlvbiBJbnRlcm1lZGlhdGUwIBcNNzAwMTAxMDAwMDAwWhgPMjEwNjAyMDcwNjI4MTVaMB8xHTAbBgNVBAMMFEFuZHJvaWQgS2V5c3RvcmUgS2V5MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE99dbLWDWw+j/h1MO8Sap27sC+wnjS3w4I2FIea+Tw8AzjCnG3F9tqNwPEDP1Y/NILB0TqgLQ8sKwxXrxXR7yW6OB5jCB4zALBgNVHQ8EBAMCB4AwgbIGCisGAQQB1nkCAREEgaMwgaACAQIKAQACAQEKAQEEC2hlbGxvIHdvcmxkBAAwSr+FPQgCBgFmxQWrGL+FRToEODA2MRAwDgQJY29tLnB5eXBsAgEMMSIEIIMi9g2//U87C53x3twp61y6K1+22oaTkEjGgyTgXw37MDehBTEDAgECogMCAQOjBAICAQClCzEJAgEEAgEFAgEGqgMCAQG/g3cCBQC/hT4DAgEAv4U/AgUAMB8GA1UdIwQYMBaAFD/8rNYasTqegSC41SUcxWW7HpGpMAoGCCqGSM49BAMCA0gAMEUCIDyO1O3bN1RqAPlmEku6Bm64EZVsnXP2AUqABbh5uZQmAiEApb4XgXemFO2By1Uk/2YSTmZY8wKUAf4ZsWCc6+fxiio=
-----END CERTIFICATE-----
h1.pem: OK
# Test out chains with 4 certificates - g verifies fine.
$ for branch in c g; do echo; echo "Checking $branch"; cat "$branch"1.pem "$branch"2.pem "$branch"3.pem "$branch"4.pem; /usr/local/bin/openssl verify -CAfile <(cat "$branch"2.pem "$branch"3.pem "$branch"4.pem) "$branch"1.pem; echo; done
Checking c
-----BEGIN CERTIFICATE-----
MIICUTCCAfagAwIBAgIBATAKBggqhkjOPQQDAjAbMRkwFwYDVQQFExA5NWU3MzI4NzZiNjUxNjhkMCIYDzE5MDAwMTAwMDAwMDAwWhgPMTkwMDAxMDAwMDAwMDBaMB8xHTAbBgNVBAMMFEFuZHJvaWQgS2V5c3RvcmUgS2V5MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE7Sd6FaAz8BONTGJvtGw5AIaiLhGH4ILfaD9OKzLYjfjB/nTcW6ti+CjSMtaROpXzbuYh6IgCGlD089gPnP5+BaOCASEwggEdMAsGA1UdDwQEAwIHgDCB7AYKKwYBBAHWeQIBEQSB3TCB2gIBAgoBAQIBAwoBAQQLaGVsbG8gd29ybGQEADBKv4U9CAIGAWasjANIv4VFOgQ4MDYxEDAOBAljb20ucHl5cGwCAQwxIgQggyL2Db/9TzsLnfHe3CnrXLorX7bahpOQSMaDJOBfDfswcaEFMQMCAQKiAwIBA6MEAgIBAKULMQkCAQQCAQUCAQaqAwIBAb+DdwIFAL+FPgMCAQC/hUAqMCgEIE15D6Cl/oHWs1K5Cv5DBoTZvIF1GM0kxQ5jQzlffFHyAQEBCgEAv4VBBQIDATjkv4VCBQIDAxRQMB8GA1UdIwQYMBaAFBuQe659NNU7MawBkucw39T1flt2MAoGCCqGSM49BAMCA0kAMEYCIQC14bLPGSNXwYUrFzO3Xno7WLHCy1wFtcP+mXCnVlvCngIhAMX60lRiVTvfl2Bq09opnfb3Y7QgE0DViuhheQyNSvL4
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIICKzCCAbKgAwIBAgIKFhlXZkYXJGEUNDAKBggqhkjOPQQDAjAbMRkwFwYDVQQFExA1YjAzNTljY2E4ODc5Y2I1MB4XDTE2MDUyNjE2NTQxNloXDTI2MDUyNDE2NTQxNlowGzEZMBcGA1UEBRMQOTVlNzMyODc2YjY1MTY4ZDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABJoEzxn1L0hLklubtqi8kvk9KEJf4nu8UB7EfcHn5zGbONW9HGgwBlq5X5llRvmNUToPcgbI3sHOvFoHky5nrgyjgd0wgdowHQYDVR0OBBYEFBuQe659NNU7MawBkucw39T1flt2MB8GA1UdIwQYMBaAFAbd7gqSHZtx4caJQUTvOTlwJgA1MAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgeAMCQGA1UdHgQdMBugGTAXghVpbnZhbGlkO2VtYWlsOmludmFsaWQwVAYDVR0fBE0wSzBJoEegRYZDaHR0cHM6Ly9hbmRyb2lkLmdvb2dsZWFwaXMuY29tL2F0dGVzdGF0aW9uL2NybC8xNjE5NTc2NjQ2MTcyNDYxMTQzNDAKBggqhkjOPQQDAgNnADBkAjAMeVZ84Z55FM2+nOrljCQlb7xpdiYDTc96LQyh8OE6EZj8jkQQL9Lh3MT5p5lZ+QsCMGLwHkdPAeD1M8PYEJRyurfC4EYV1k3zJowZbRmYu3N8ztCb3FBgE+1oJpxEPNXIGQ==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDwzCCAaugAwIBAgIKA4gmZ2BliZaFczANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MB4XDTE2MDUyNjE2NDEyOVoXDTI2MDUyNDE2NDEyOVowGzEZMBcGA1UEBRMQNWIwMzU5Y2NhODg3OWNiNTB2MBAGByqGSM49AgEGBSuBBAAiA2IABHf4FUKTZivDuwdyVbXyPF12IRuDzZKq61MbqooE3/gx9gIS9pFS4NZgGTnjSMm6ltYrCv3sDzuPQls+V+BLPQgNfRHavmP9eulc1uR3GNgCnKqxB2o0QcTQGPAxJA81c6OBtjCBszAdBgNVHQ4EFgQUBt3uCpIdm3HhxolBRO85OXAmADUwHwYDVR0jBBgwFoAUNmHhAHyIBQlRi0RsR/8aTMnqTxIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwUAYDVR0fBEkwRzBFoEOgQYY/aHR0cHM6Ly9hbmRyb2lkLmdvb2dsZWFwaXMuY29tL2F0dGVzdGF0aW9uL2NybC9FOEZBMTk2MzE0RDJGQTE4MA0GCSqGSIb3DQEBCwUAA4ICAQAsPFNbAeVGRXKg0H1Ixy31n+vc1GAtLTtdruQGZ3rk6Dq3G5OiNfwLI4vRowDERgTr5RoVRMLs9HzTTCvvdEBhcILKOnaPAd6Jg4HvBi8hsfbXEvRi2kmIfiYAabC71ErJLFEMprTJMSDEOe3lXCJG409z99ofsf/s1M1i77NFVCwstAvRLMjc9TjxRXrGrGD0rMdG2RkionXa3H+4cYqSUf7JCIW6dMB2p+4R3n463DqxxSJNGbchGGUbL6b0qIWdaVcwG2ro+WyItfyw5C4h9XSosauyC9ajjZLt8RAK2ouZHN/kyIXcD1U7IFbSy0SZfaRDLNCzse4iL6IOnuyITEFLnvLfcDSwNX1/ptBRAeeme7G1nwpeohJjiddmf20e421+n3tWUyUhLk9s83MJQQp+mhfApA1Qvz+a7M3OqPvHhBoeu6C4NOlYkb8mrjtuZ/RU5WIRXfyXZqA05Qnu8usuxxNFozU5hWbXIZQx7at2x/7t8/kgHSJhKs4hWIdbVgIDyWIhgoDD+gqTIRlzTwrS876dgy0MTZm1riMEBB5jvAhaeciDBf8u6AFWnMsS0UVtOinr5lTRkHSwie2n90kazqpkeMUdnbBSG7HSMhyg5lvem9G82NakH4S1EPgRBLN1eF8Q51ZmzeNl3DnIGGjNI+LAXw10KVuEkzgd8A==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFYDCCA0igAwIBAgIJAOj6GWMU0voYMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMTYwNTI2MTYyODUyWhcNMjYwNTI0MTYyODUyWjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAaOBpjCBozAdBgNVHQ4EFgQUNmHhAHyIBQlRi0RsR/8aTMnqTxIwHwYDVR0jBBgwFoAUNmHhAHyIBQlRi0RsR/8aTMnqTxIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwQAYDVR0fBDkwNzA1oDOgMYYvaHR0cHM6Ly9hbmRyb2lkLmdvb2dsZWFwaXMuY29tL2F0dGVzdGF0aW9uL2NybC8wDQYJKoZIhvcNAQELBQADggIBACDIw41L3KlXG0aMiS//cqrG+EShHUGo8HNsw30W1kJtjn6UBwRM6jnmiwfBPb8VA91chb2vssAtX2zbTvqBJ9+LBPGCdw/E53Rbf86qhxKaiAHOjpvAy5Y3m00mqC0w/Zwvju1twb4vhLaJ5NkUJYsUS7rmJKHHBnETLi8GFqiEsqTWpG/6ibYCv7rYDBJDcR9W62BW9jfIoBQcxUCUJouMPH25lLNcDc1ssqvC2v7iUgI9LeoM1sNovqPmQUiG9rHli1vXxzCyaMTjwftkJLkf6724DFhuKug2jITV0QkXvaJWF4nUaHOTNA4uJU9WDvZLI1j83A+/xnAJUucIv/zGJ1AMH2boHqF8CY16LpsYgBt6tKxxWH00XcyDCdW2KlBCeqbQPcsFmWyWugxdcekhYsAWyoSf818NUsZdBWBaR/OukXrNLfkQ79IyZohZbvabO/X+MVT3rriAoKc8oE2Uws6DF+60PV7/WIPjNvXySdqspImSN78mflxDqwLqRBYkA3I75qppLGG9rp7UCdRjxMl8ZDBld+7yvHVgt1cVzJx9xnyGCC23UaicMDSXYrB4I4WHXPGjxhZuCuPBLTdOLU8YRvMYdEvYebWHMpvwGCF6bAx3JBpIeOQ1wDB5y0USicV3YgYGmi+NZfhA4URSh77Yd6uuJOJENRaNVTzk
-----END CERTIFICATE-----
CN = Android Keystore Key
error 20 at 0 depth lookup: unable to get local issuer certificate
error c1.pem: verification failed
Checking g
-----BEGIN CERTIFICATE-----
MIICMzCCAdmgAwIBAgIBATAKBggqhkjOPQQDAjApMRkwFwYDVQQFExBhMTk1Mzk2NGJhMmEyODlkMQwwCgYDVQQMDANURUUwHhcNNzAwMTAxMDAwMDAwWhcNNDkxMjMxMjM1OTU5WjAfMR0wGwYDVQQDDBRBbmRyb2lkIEtleXN0b3JlIEtleTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABP8c/Ldx44Ms4bM37CyNoE6Us5uS8dAERkRV8kyxCY7bD3P9rds93fflXJS8Pccyb/fXXJgSS3T2SVdbbPrc5oqjgfswgfgwDAYDVR0PBAUDAweAADCB5wYKKwYBBAHWeQIBEQSB2DCB1QIBAgoBAQIBAwoBAQQLaGVsbG8gd29ybGQEADBLv4U9CQIHBXlxm+8jSL+FRToEODA2MRAwDgQJY29tLnB5eXBsAgEPMSIEIIMi9g2//U87C53x3twp61y6K1+22oaTkEjGgyTgXw37MGuhBTEDAgECogMCAQOjBAICAQClBTEDAgEEqgMCAQG/g3cCBQC/hT4DAgEAv4VAKjAoBCBNeQ+gpf6B1rNSuQr+QwaE2byBdRjNJMUOY0M5X3xR8gEB/woBAL+FQQUCAwE4gL+FQgUCAwMUUDAKBggqhkjOPQQDAgNIADBFAiEA7cObHYk5pcrMI+ZGd5KmVMlr83SbHzDJe6z3rNLqtlwCIAM/9o4YhpHmujecGzSX9sMk/xEaNHXdytqmxwh2wFBM
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIICJjCCAaugAwIBAgIKEyY3BBKHSRYpeTAKBggqhkjOPQQDAjApMRkwFwYDVQQFExAyOTYwY2I5YWViZDUwNWY0MQwwCgYDVQQMDANURUUwHhcNMTgwMzIxMjA1ODE1WhcNMjgwMzE4MjA1ODE1WjApMRkwFwYDVQQFExBhMTk1Mzk2NGJhMmEyODlkMQwwCgYDVQQMDANURUUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATHJiYgEb7N5f8ZnbKTZkDSvp2VugEEvz4Mm7wxVmcizwSPMPiTjv6gm2n1CoNBSHLVnTZ84ywfEk7HiftX1K6Co4G6MIG3MB0GA1UdDgQWBBQkYNkasG1v9aQK31IvheOpubhN5jAfBgNVHSMEGDAWgBTZCjmyzP+wdzrAqIzS/zURX5DNxjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwICBDBUBgNVHR8ETTBLMEmgR6BFhkNodHRwczovL2FuZHJvaWQuZ29vZ2xlYXBpcy5jb20vYXR0ZXN0YXRpb24vY3JsLzEzMjYzNzA0MTI4NzQ5MTYyOTc5MAoGCCqGSM49BAMCA2kAMGYCMQCsCvSIoT/6E+cbiD+v4e+Y6PUYX3ZcatDAAM1eWTAWZmnabkTW9u3/BWhzYYYm4fYCMQCdsRDgh8XG4ZWJhuvFtHy/C3vi1Hf1wD93YoHOLLJaIPvuv/hWR+1UpKO2lgHo9+4=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIID0TCCAbmgAwIBAgIKA4gmZ2BliZaFfTANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MB4XDTE4MDMyMTIwNTM1M1oXDTI4MDMxODIwNTM1M1owKTEZMBcGA1UEBRMQMjk2MGNiOWFlYmQ1MDVmNDEMMAoGA1UEDAwDVEVFMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEjXELw7zFszCPjAS+Qn6zEFajdp6hD+53zSpN7egUzWfkFEh+wcLa4k67Fv2tKuekmLIhr4xidPllElgiwAyeB33abMJ5BckSX1ayj4lnpMVvYRovl/5ZHIKNIJMN/hC6o4G2MIGzMB0GA1UdDgQWBBTZCjmyzP+wdzrAqIzS/zURX5DNxjAfBgNVHSMEGDAWgBQ2YeEAfIgFCVGLRGxH/xpMyepPEjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwICBDBQBgNVHR8ESTBHMEWgQ6BBhj9odHRwczovL2FuZHJvaWQuZ29vZ2xlYXBpcy5jb20vYXR0ZXN0YXRpb24vY3JsL0U4RkExOTYzMTREMkZBMTgwDQYJKoZIhvcNAQELBQADggIBAJKrsCoJam9qc1ZaHeQWf2TAjHDDVylLuUvczTSuu8VhZJiU0+yKGbTNnA13n/dvn7rmMj8W6ObWL582Se9MBBdKtAVeCG7qYFq+m6kYFIfL8sOuutKXG5eW+8VY4he0hu+5eZiS2e3mAZGYF9JwQTAv0H//6+9eLm/+j+L5tr2X4b7H6k2h4YW5HTIzIbVMvp/ic/zmv+RvrmYyXliaz1xglRqrJ6EiFI9/KsYYsSSVgorlrXPyKOBeXGc2SFIVQmLwfW4gc9BC8V4qBDcpFK1kxOfnkyXloVZeat4yuYFSIdtJq9FErMFHfp+pDjIKRGeeWWrPzkbELqtHUSeSktbqN229c+86YRfScxpx5iJ0Jp2YsHkiYDFs+0LOex2RNdOKErGKZ+8QbMtVxUIQARTlhZkeLTLAWufFcclEbZkpoe6jo131VjAlUrkQfK6dVVMx+gLhOffLjH9EmUOD8Y1an9DQCsZl1tpBN4WgInbRMlzBsKF17Z9BEW1f2A+Gn0mnznZoq6t0OxsvRJTEHEgswQh4Vkr77UYSdcwQ0flrpD9Oe6ObnB0VSSCVo1yhPC39R35Z5KDhiNS8BkuPaJoUK8RBbkl5ay4O86LFfY9tdAoHT0A/2hmq/NZhz48K1C9AJGtS+0+zHwSatjWJ7rM/KXAhJ0Nln/nMaeteQy2f
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFYDCCA0igAwIBAgIJAOj6GWMU0voYMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMTYwNTI2MTYyODUyWhcNMjYwNTI0MTYyODUyWjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAaOBpjCBozAdBgNVHQ4EFgQUNmHhAHyIBQlRi0RsR/8aTMnqTxIwHwYDVR0jBBgwFoAUNmHhAHyIBQlRi0RsR/8aTMnqTxIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwQAYDVR0fBDkwNzA1oDOgMYYvaHR0cHM6Ly9hbmRyb2lkLmdvb2dsZWFwaXMuY29tL2F0dGVzdGF0aW9uL2NybC8wDQYJKoZIhvcNAQELBQADggIBACDIw41L3KlXG0aMiS//cqrG+EShHUGo8HNsw30W1kJtjn6UBwRM6jnmiwfBPb8VA91chb2vssAtX2zbTvqBJ9+LBPGCdw/E53Rbf86qhxKaiAHOjpvAy5Y3m00mqC0w/Zwvju1twb4vhLaJ5NkUJYsUS7rmJKHHBnETLi8GFqiEsqTWpG/6ibYCv7rYDBJDcR9W62BW9jfIoBQcxUCUJouMPH25lLNcDc1ssqvC2v7iUgI9LeoM1sNovqPmQUiG9rHli1vXxzCyaMTjwftkJLkf6724DFhuKug2jITV0QkXvaJWF4nUaHOTNA4uJU9WDvZLI1j83A+/xnAJUucIv/zGJ1AMH2boHqF8CY16LpsYgBt6tKxxWH00XcyDCdW2KlBCeqbQPcsFmWyWugxdcekhYsAWyoSf818NUsZdBWBaR/OukXrNLfkQ79IyZohZbvabO/X+MVT3rriAoKc8oE2Uws6DF+60PV7/WIPjNvXySdqspImSN78mflxDqwLqRBYkA3I75qppLGG9rp7UCdRjxMl8ZDBld+7yvHVgt1cVzJx9xnyGCC23UaicMDSXYrB4I4WHXPGjxhZuCuPBLTdOLU8YRvMYdEvYebWHMpvwGCF6bAx3JBpIeOQ1wDB5y0USicV3YgYGmi+NZfhA4URSh77Yd6uuJOJENRaNVTzk
-----END CERTIFICATE-----
g1.pem: OK
