1-up SSL certificate
Here's a valid SSL certificate containing a 1-up mushroom image, encoded in the RSA modulus. To extract the image, run:
curl https://crt.sh/?d=348762047 | openssl x509 -modulus -noout | perl -p -e 's/^.+?=//; s/([0-9A-F]{2})/chr hex $1/ge' > img.png
The image is encoded in the modulus's most significant bits. The PNG specification allows for extra trailing bytes, so the remainder of the modulus is ignored when displaying the image. If you look closely, you can see the PNG header:
Here's another valid SSL certificate, this one contains 'SSL' in the RSA modulus:
Certificate: Data: Version: 3 (0x2) Serial Number: 03:13:1f:e4:7e:3a:b0:14:e1:81:df:2e:46:a4:01:b5:fb:71 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3 Validity Not Before: Mar 5 19:28:46 2018 GMT Not After : Jun 3 19:28:46 2018 GMT Subject: CN=www.skip.org Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:fc:48:9a:d1:42:03:aa:23:27:e8:e9:5a:3c:e4: 63:cc:cc:cc:cc:cc:cc:cc:cc:cc:cc:cc:cc:cc:ac: 1c:cc:88:88:88:cc:88:88:88:cc:88:cc:cc:cc:12: aa:cc:88:cc:cc:cc:88:cc:cc:cc:88:cc:cc:cc:5e: 93:cc:88:88:88:cc:88:88:88:cc:88:cc:cc:cc:df: 02:cc:cc:cc:88:cc:cc:cc:88:cc:88:cc:cc:cc:e4: c7:cc:88:88:88:cc:88:88:88:cc:88:88:88:cc:65: 3b:cc:cc:cc:cc:cc:cc:cc:cc:cc:cc:cc:cc:cc:e2: ff:ff:ff:ff:ff:67:84:7d:b1:90:38:90:37:46:10: 97:70:a4:4d:90:24:c4:1d:8b:24:4e:32:1e:33:61: 4d:ad:2d:14:d7:a2:49:a5:fc:1a:07:a1:76:73:7e: 4a:10:e1:2b:2a:e3:f4:de:fc:0c:5d:38:81:fe:1a: 59:f1:47:de:53:36:fe:c2:0d:6d:96:5d:28:cb:45: 88:04:ee:0c:25:1a:07:73:32:c4:82:bb:5e:f7:6e: f2:36:a3:4b:f3:64:4d:dd:aa:6b:12:92:96:e8:35: ee:fd:5c:a1:14:77:44:1e:01:89:10:cd:24:77:70: 74:92:a0:52:94:a0:ba:78:2d:d4:9d:80:b8:b8:b5: b0:39 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 30:EC:D8:0A:CB:98:9F:C6:A6:46:5D:29:C0:16:0D:9A:10:12:0C:9B X509v3 Authority Key Identifier: keyid:A8:4A:6A:63:04:7D:DD:BA:E6:D1:39:B7:A6:45:65:EF:F3:A8:EC:A1 Authority Information Access: OCSP - URI:http://ocsp.int-x3.letsencrypt.org CA Issuers - URI:http://cert.int-x3.letsencrypt.org/ X509v3 Subject Alternative Name: DNS:www.skip.org X509v3 Certificate Policies: Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org User Notice: Explicit Text: This Certificate may only be relied upon by Relying Parties and only in accordance with the Certificate Policy found at https://letsencrypt.org/repository/ Signature Algorithm: sha256WithRSAEncryption 37:d7:29:d9:07:7e:68:5c:a9:e1:30:0f:19:52:5a:e1:51:24: b3:37:c9:9c:07:d0:f9:0e:7f:08:06:d3:82:ee:dc:b5:de:7e: 13:32:8c:22:44:9b:1a:e3:e0:e5:75:62:66:c2:a1:6c:99:10: df:97:db:59:ad:73:51:11:24:c7:9a:6a:78:18:0b:63:69:f0: fd:6b:9c:a3:ab:ca:d8:c3:01:f1:e7:22:55:84:ff:d9:13:bd: 5a:fe:5f:d7:01:12:a5:38:08:ce:4b:bd:6e:b5:45:2c:18:56: 1d:4b:03:60:61:c0:18:56:d1:e1:e8:9a:26:51:21:09:39:22: 7a:ef:49:a8:77:4c:a4:08:2c:cc:ef:e3:bf:c7:59:5c:91:1d: ec:1f:35:28:16:55:7d:1f:dc:0b:17:1b:97:0f:52:d9:75:e1: f4:7b:91:6f:c6:41:2c:bf:49:95:67:a9:6c:86:e4:22:d7:28: 20:b0:ac:5a:0e:d9:5e:fb:c7:d2:6b:dd:ec:16:af:94:f3:9b: e1:10:1d:7c:33:7b:e7:af:69:af:c6:f2:ea:88:3f:cd:cf:e3: 01:43:be:12:90:6e:92:bb:69:03:8a:59:87:87:82:1f:d0:fc: 95:23:94:b7:80:95:16:e4:a0:44:56:3a:23:ff:c0:0a:48:92: c1:bd:42:4f -----BEGIN CERTIFICATE----- MIIE+zCCA+OgAwIBAgISAxMf5H46sBThgd8uRqQBtftxMA0GCSqGSIb3DQEBCwUA MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xODAzMDUxOTI4NDZaFw0x ODA2MDMxOTI4NDZaMBcxFTATBgNVBAMTDHd3dy5za2lwLm9yZzCCASIwDQYJKoZI hvcNAQEBBQADggEPADCCAQoCggEBAPxImtFCA6ojJ+jpWjzkY8zMzMzMzMzMzMzM zMysHMyIiIjMiIiIzIjMzMwSqsyIzMzMiMzMzIjMzMxek8yIiIjMiIiIzIjMzMzf AszMzIjMzMyIzIjMzMzkx8yIiIjMiIiIzIiIiMxlO8zMzMzMzMzMzMzMzMzi//// //9nhH2xkDiQN0YQl3CkTZAkxB2LJE4yHjNhTa0tFNeiSaX8GgehdnN+ShDhKyrj 9N78DF04gf4aWfFH3lM2/sINbZZdKMtFiATuDCUaB3MyxIK7Xvdu8jajS/NkTd2q axKSlug17v1coRR3RB4BiRDNJHdwdJKgUpSgungt1J2AuLi1sDkCAwEAAaOCAgww ggIIMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH AwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUMOzYCsuYn8amRl0pwBYNmhASDJsw HwYDVR0jBBgwFoAUqEpqYwR93brm0Tm3pkVl7/Oo7KEwbwYIKwYBBQUHAQEEYzBh MC4GCCsGAQUFBzABhiJodHRwOi8vb2NzcC5pbnQteDMubGV0c2VuY3J5cHQub3Jn MC8GCCsGAQUFBzAChiNodHRwOi8vY2VydC5pbnQteDMubGV0c2VuY3J5cHQub3Jn LzAXBgNVHREEEDAOggx3d3cuc2tpcC5vcmcwgf4GA1UdIASB9jCB8zAIBgZngQwB AgEwgeYGCysGAQQBgt8TAQEBMIHWMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxl dHNlbmNyeXB0Lm9yZzCBqwYIKwYBBQUHAgIwgZ4MgZtUaGlzIENlcnRpZmljYXRl IG1heSBvbmx5IGJlIHJlbGllZCB1cG9uIGJ5IFJlbHlpbmcgUGFydGllcyBhbmQg b25seSBpbiBhY2NvcmRhbmNlIHdpdGggdGhlIENlcnRpZmljYXRlIFBvbGljeSBm b3VuZCBhdCBodHRwczovL2xldHNlbmNyeXB0Lm9yZy9yZXBvc2l0b3J5LzANBgkq hkiG9w0BAQsFAAOCAQEAN9cp2Qd+aFyp4TAPGVJa4VEkszfJnAfQ+Q5/CAbTgu7c td5+EzKMIkSbGuPg5XViZsKhbJkQ35fbWa1zUREkx5pqeBgLY2nw/Wuco6vK2MMB 8eciVYT/2RO9Wv5f1wESpTgIzku9brVFLBhWHUsDYGHAGFbR4eiaJlEhCTkieu9J qHdMpAgszO/jv8dZXJEd7B81KBZVfR/cCxcblw9S2XXh9HuRb8ZBLL9JlWepbIbk ItcoILCsWg7ZXvvH0mvd7BavlPOb4RAdfDN7569pr8by6og/zc/jAUO+EpBukrtp A4pZh4eCH9D8lSOUt4CVFuSgRFY6I//ACkiSwb1CTw== -----END CERTIFICATE-----