An example chain used for code signing in Secure Boot. The highlights: Signer: Basic Constraints (critical): is not a CA Authority Information Access: CA Issuers (URL) CRL Distribution Point: URL Authority Key Identifier Subject Key Identifier Subject Alt Name: DNS:MOPR Extended Key Usage: Code Signing, 1.3.6.1.4.1.311.10.3.6 (szOID_NT5_CRYPTO) Intermediate CA: Basic Constraints (critical): is a CA, no defined path length Authority Information Access: CA Issuers (URL) CRL Distribution Point: URL Authority Key Identifier Subject Key Identifier Key Usage: Digital Signature, Certificate Signing, CRL Signing 1.3.6.1.4.1.311.21.1 (szOID_CERTSRV_CA_VERSION): 02 01 00 = INTEGER:0 1.3.6.1.4.1.311.20.2: (szOID_ENROLL_CERTTYPE_EXTENSION): 1e 0a 00 53 00 75 00 62 00 43 00 41 = BMP String: (UTF16-BE) "SubCA" -----BEGIN CERTIFICATE----- MIIEuDCCA6CgAwIBAgIKYQu72AAAAAAABTANBgkqhkiG9w0BAQsFADCBhDELMAkG A1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQx HjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEuMCwGA1UEAxMlTWljcm9z b2Z0IFdpbmRvd3MgUHJvZHVjdGlvbiBQQ0EgMjAxMTAeFw0xMjA0MDkyMDU1NTBa Fw0xMzA3MDkyMDU1NTBaMHAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5n dG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9y YXRpb24xGjAYBgNVBAMTEU1pY3Jvc29mdCBXaW5kb3dzMIIBIjANBgkqhkiG9w0B AQEFAAOCAQ8AMIIBCgKCAQEA3Khet89xiozfG0nBujlbYVWuF4nKLqDvCYEaCw4s zMMcTNqoj2C3g39i1C607JNgyR7x1+8aMHjKR9kOP08dJCTZv22Bswp7qPoeMr1a OGkP70U/W7RJ3f2g124hOLn3IEsXl+iMWItRH0c94ku0v+HzCumo9hCWc4KURqN7 uQiguNxKJN0CL4OkGlZOg170h3G/q5YOJd1Fbi7woMtyAENvluQVIxW2ovm7l4vn 4Uppxa6F2+H/kI79SbpcTw6TD4zd/3LtE45Xqdv1YcY6/5JG5dU1dCyhZ/wGeTiN 8pMezmV2IgBkeNhw9nxDteYNvonj1jaIFnd01Pr0Tv/rKQIDAQABo4IBPTCCATkw HwYDVR0lBBgwFgYIKwYBBQUHAwMGCisGAQQBgjcKAwYwHQYDVR0OBBYEFJcyzVfG VHOWC/4D1SmhbYtpD+MEMA8GA1UdEQQIMAaCBE1PUFIwHwYDVR0jBBgwFoAUqSkC OY4WxJd4zZD5nk+a4XxVr1MwVAYDVR0fBE0wSzBJoEegRYZDaHR0cDovL3d3dy5t aWNyb3NvZnQuY29tL3BraW9wcy9jcmwvTWljV2luUHJvUENBMjAxMV8yMDExLTEw LTE5LmNybDBhBggrBgEFBQcBAQRVMFMwUQYIKwYBBQUHMAKGRWh0dHA6Ly93d3cu bWljcm9zb2Z0LmNvbS9wa2lvcHMvY2VydHMvTWljV2luUHJvUENBMjAxMV8yMDEx LTEwLTE5LmNydDAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQDH800w 9sBFH7arq9zlIDA1wgt8dbFnhK2wqp7Y9kfALfTOjYJ3uONW4yhuTcDURBct6oO5 r5xhM8SR5TaAAk1rrA2YXW3+d2mIzLM3s1q7MqArUEE1FKV23JMrKkrirvljMAQe BASA47HL8GzWkQz3nq0+zTMqm7cVbC2ZduXfrItbWdguozpIJkcGY9+tWZ4TdGja e9MDckPgI4uWwfmeoSmfqomN2FT4EviDRpe3xZkdLhZW204vVti8IHfnu32IbU+2 kHxVXG1UCJckQ1rDNFsbbbtgUwC6g0ElFzlNzTtsgt9QE8b1f8seA5GbY0ad12Bv P7roJCZY8ZqxdLA8 -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIF1zCCA7+gAwIBAgIKYQd2VgAAAAAACDANBgkqhkiG9w0BAQsFADCBiDELMAkG A1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQx HjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEyMDAGA1UEAxMpTWljcm9z b2Z0IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIwMTAwHhcNMTExMDE5MTg0 MTQyWhcNMjYxMDE5MTg1MTQyWjCBhDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldh c2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBD b3Jwb3JhdGlvbjEuMCwGA1UEAxMlTWljcm9zb2Z0IFdpbmRvd3MgUHJvZHVjdGlv biBQQ0EgMjAxMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN0Mu6Lk Lgnj58X3lmm8ACG9aTMz760Ey1SA7gaDu8UghNn30ovzOLCrpK0tfGJ5Bf/jSj8E NSBw48Tna+CcwDZ16Yox3Y1w5dw3tXRGlihbh2AjLL/cR6Vn91EnnnLrB6bJuR47 UzV85dPsJ7mHHP65ySMJb6hGkcFuljxB08ujP10Cak3saR8lKFw2//1DFQqU4Bm0 z9/CEuLCWyfuJ3gwi1sqCWsiiVNgFizAaB1TuuxJ851hjIVoCXNEXX2iVCvdefcV zzVdbBwrXM68nCOLb261Jtk2E8NP1ieuuTI7QZIs4cfNd+iqVE73XAsEh2W0Qxio suBtGXfsWiT6SAMCAwEAAaOCAUMwggE/MBAGCSsGAQQBgjcVAQQDAgEAMB0GA1Ud DgQWBBSpKQI5jhbEl3jNkPmeT5rhfFWvUzAZBgkrBgEEAYI3FAIEDB4KAFMAdQBi AEMAQTALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBTV 9lbLj+iiXGJo0T2UkFvXzpoYxDBWBgNVHR8ETzBNMEugSaBHhkVodHRwOi8vY3Js Lm1pY3Jvc29mdC5jb20vcGtpL2NybC9wcm9kdWN0cy9NaWNSb29DZXJBdXRfMjAx MC0wNi0yMy5jcmwwWgYIKwYBBQUHAQEETjBMMEoGCCsGAQUFBzAChj5odHRwOi8v d3d3Lm1pY3Jvc29mdC5jb20vcGtpL2NlcnRzL01pY1Jvb0NlckF1dF8yMDEwLTA2 LTIzLmNydDANBgkqhkiG9w0BAQsFAAOCAgEAFPx8cVGlecJusu85Prw8Ug9uKz8Q E3P+qGjQSKY0TYqWBSbuMUaQYXnW/zguRWv0wOUouNodj4rbCdcax0wKNmZqjOwb 1wSQqBgXpJu54kAyNnbEwVrGv+QEwOoW06zDaO9irN1UbFAwWKbrfP6Up06O9Ox8 hnNXwlIhczRa86OKVsgE2gcJ7fiL4870fo6u8PYLigj7P8kdcn9TuOu+Y+DjPTFl sIHl8qzNFqSfPaixm8JC0JCEX1Qd/4nquh1HkG+wc05Bn0CfX+WhKrIRkXOKISjw zt5zOV8+q1xg7N8DEKjTCen09paFtn9RiGZHGY2isBI9gSpoBXe7kUxie7bBB8e6 eoc0Aw5LYnqZ6cr8zko3yS2kV3wc/j3cuA9a+tbEswKFAjrqs9lu5GkhN96B0fZ1 GQVn05NXXikbOcjuLeHN5EVzW9DSznqrFhmCRljQXp2Bs2evbDXyvOU/JOI1ogp1 BvYYVpnUeCzRBRvr0IgBnaoQ8QXfun4sY7cGmyMhxPl4bOJYFwY2K5ESA8yk2fIt uvmUnUDtGEXxzopcaz6rA9NwGCoKauBfR9HVYwoy8q/XNh8qcFrlQlkIcUtXun6D gfAhPPQcwcW5kJMOiEWThumxIJm+mMvFlaRdYtagYwggvXUQd30980W5n5efy1eA bzOpBM93pGIcWX4= -----END CERTIFICATE-----