Often we are given trust chains and client certificates, and go through this scenario:

1. Believe there is some TLS configuration problem
2. Try to verify the client cert with the trust, and it verifies
3. Wonder why the verification is successful but the TLS connection fails due to a certificate problem.

It would be nice to be able to recreate a certificate chain given a set of certificates.

The proposal is thus:

• Given a chain, generate a new private key and certificate with the same attributes as the certificate being cloned.
• Specific properties to care about: Subject Alternative Name, Subject, Issuer, Key Usage, Extended Key Usage, Validity (not before/not after), and signature algorithm

This would allow me to reproduce someone's TLS hierarchy quickly to help me reproduce any certificate verification bugs.