*.ys.yale.edu

- Yale University -

Issued by GlobalSign RSA OV SSL CA 2018

About this certificate

This digital certificate with serial number 31:49:6b:79:5d:0c:73:51:ba:7e:62:c2 was issued on by GlobalSign nv-sa.

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Yale University

Organization: Yale University
State / Province: Connecticut
Locality: New Haven
Country: US

GlobalSign nv-sa

Organization: GlobalSign nv-sa
Country: BE

This certificate has expire since

Certificate Details

Serial Number (hex): 31:49:6b:79:5d:0c:73:51:ba:7e:62:c2
Serial Number (int): 15253524598052337008267649730
Serial Number lenght: 94 bits, 12 octets

SubjectKeyId: 98:83:71:4e:d0:ed:79:22:ff:24:ec:32:89:c7:32:60:65:9d:a1:2f
AuthorityKeyId: f8:ef:7f:f2:cd:78:67:a8:de:6f:8f:24:8d:88:f1:87:03:02:b3:eb

Fingerprint (sha1): e6:1b:39:74:f0:16:c2:5f:5b:cf:39:cb:48:a5:91:1a:b0:ba:f6:06
Fingerprint (sha256): 00:2a:6d:1c:62:73:20:66:a5:a0:7f:5b:5b:cb:8c:bf:81:66:b7:50:db:9a:a3:cd:cd:cb:f0:84:7e:33:11:d8

Issuing Certificate URL: http://secure.globalsign.com/cacert/gsrsaovsslca2018.crt

Revocation information

OCSP Server: http://ocsp.globalsign.com/gsrsaovsslca2018
CRL Distribution Point: http://crl.globalsign.com/gsrsaovsslca2018.crl

Check the revocation status for certificate *.ys.yale.edu

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for *.ys.yale.edu

Public Key Algorithm

RSA

Key Size

4096

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

*.ys.yale.edu
ys.yale.edu

Other certificates including the domain name yale.edu

(limited to 100 certificates)
5648269346603008-fe1.pantheonsite.io
ar2017hr.yale.edu
cds4.cvent.com
5730192894984192-fe4.pantheonsite.io
5732312192909312-fe3.pantheonsite.io
*.drama.yale.edu
stm.yale.edu
5651276360581120-fe3.pantheonsite.io
5640887774216192-fe4.pantheonsite.io
5635220564869120-fe4.pantheonsite.io
5769623379116032-fe2.pantheonsite.io
*.ys.yale.edu
carpepm.almonds.com
5759522421342208-fe1.pantheonsite.io
5688555066097664-fe3.pantheonsite.io
*.dkw2.yale.edu
5755553334689792-fe2.pantheonsite.io
libapp-test.library.yale.edu
coupdebrass.sites.yale.edu
us.prod.campusgroups.com
5648554290839552-fe1.pantheonsite.io
www.yiorecruiting.invest.yale.edu
statml.yale.edu
www.sustainablefood.yale.edu
5633267831144448-fe1.pantheonsite.io
quarantine-tst.its.yale.edu
b3.shared.global.fastly.net
5649648836411392-fe3.pantheonsite.io
5732808731394048-fe3.pantheonsite.io
5723088213770240-fe3.pantheonsite.io
5724466092965888-fe4.pantheonsite.io
tst.ogc.yale.edu
6328556195938304-fe4.pantheonsite.io
cluster.technolutions.net
5651276360581120-fe3.pantheonsite.io
biomedcareerfair.yale.edu
mvms-tstp-ms.ps.yale.edu
yul-pres-tapi.library.yale.edu
5648269346603008-fe1.pantheonsite.io
tst.studyabroad.yale.edu
5714468482842624-fe4.pantheonsite.io
comitalab.yale.edu
ris-store.its.yale.edu
cluster3.technolutions.net
infoed-patch.its.yale.edu
5677090456207360-fe2.pantheonsite.io
diploma-test.yale.edu
stearnslab.yale.edu
5688290254520320-fe2.pantheonsite.io
5720929187397632-fe3.pantheonsite.io
cohoc-dev.its.yale.edu
us.prod.campusgroups.com
5643365030821888-fe1.pantheonsite.io
5745189578604544-fe1.pantheonsite.io
nartc.fcm.arizona.edu
rotc.yale.edu
5680876067225600-fe2.pantheonsite.io
calendar.sdzsafaripark.org
5746821397741568-fe3.pantheonsite.io
apply.nursing.yale.edu
5746821397741568-fe3.pantheonsite.io
application.mam.som.yale.edu
5633267831144448-fe1.pantheonsite.io
5648269346603008-fe1.pantheonsite.io
*.profile.yale.edu
sa105gl.wpc.edgecastcdn.net
5629935204958208-fe2.pantheonsite.io
5677303661068288-fe3.pantheonsite.io
tst.fas.yale.edu
5723088213770240-fe3.pantheonsite.io
5740315998683136-fe1.pantheonsite.io
tls.automattic.com
dev.songlab.yale.edu
5648554290839552-fe1.pantheonsite.io
5743114304094208-fe3.pantheonsite.io
dev.psychologyfaculty.yale.edu
5738940401188864-fe3.pantheonsite.io
5758048710688768-fe3.pantheonsite.io
5640887774216192-fe4.pantheonsite.io
5719378301550592-fe3.pantheonsite.io
6208428913459200-fe4.pantheonsite.io
www.yhpstudentwaiver.yale.edu
effy.yale.edu
5766466041282560-fe4.pantheonsite.io
orbit.astronomy.yale.edu
yh-emposrp.yu.yale.edu
tst.cce.yalecollege.yale.edu
5755812509122560-fe2.pantheonsite.io
ebiz-vendor.yale.edu
application.mam.som.yale.edu
identity.yale.edu
5769623379116032-fe2.pantheonsite.io
cdrom-access.library.yale.edu
seas.yale.edu
designcop.yale.edu
5740240702537728-fe2.pantheonsite.io
5688555066097664-fe3.pantheonsite.io
cds4.cvent.com
uconnectlabs.com
5704837555552256-fe2.pantheonsite.io

Certificate

The complete raw certificate details for *.ys.yale.edu in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIGJTCCBQ2gAwIBAgIMMUlreV0Mc1G6fmLCMA0GCSqGSIb3DQEBCwUAMFAxCzAJ
BgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMSYwJAYDVQQDEx1H
bG9iYWxTaWduIFJTQSBPViBTU0wgQ0EgMjAxODAeFw0yMzAxMDIxMTE2MjlaFw0y
NDAyMDMxMTE2MjhaMGkxCzAJBgNVBAYTAlVTMRQwEgYDVQQIEwtDb25uZWN0aWN1
dDESMBAGA1UEBxMJTmV3IEhhdmVuMRgwFgYDVQQKEw9ZYWxlIFVuaXZlcnNpdHkx
FjAUBgNVBAMMDSoueXMueWFsZS5lZHUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw
ggIKAoICAQC6tua5uXNRyivXVgfdWg6q+JQtTbQEj8rkQYUfg0A+4LK4jrKkdFiG
2mqQF56bB2ivW7SMthVss1s+wJrPHKSIIZndy/p7TJURSHpyCoWXbPF1OcBcY484
PdB09TpU0IwXU+6DgWnAVjuUZV3hJwZt5kYKzyL8hZUCc+TP0TRr8dUZ3F8KLCyq
cm3K7xMpu49x03s1Rmslnw4vKK2lw2+yRp2fOKryVaPpS3Vpm8JcgOcUCZCrphXL
cUwZbYk3ClyZDHUgAT9hUG0zD2szDMBtXTyydh8eM8zv2mNZ27gA3l+VYMUzK6Xn
/aKxS6Rb3Ow5wYGH9xZp5upT4x1y54bxpxmr2BimnlUvVqiXKenx7pkT0359+7Bw
hCdTqOdNulbmobqYHPRc/eEpaBKNWDSoAOSmKaeCWsqcU2MscC89hoKBxZZoPKww
yRpX8bGCY94z8cbIGiuGI03Qeej32vvc0W1dUHZywB1JW909B5//TodySmdEICUb
QChn1+D5yNhqNq4jrtj5FfGLjkONn9kZMDawG8TAJoirTaUcb18wa82vYfkRZCYQ
y0nhvRq9pPjzTq7O3ZrR2qTsqGfUrAh9DUDf9DQ3hGG0QYkObeXKYjlo4O3synk0
JdGF9ojOGT+7T+gMpAnUo7uQZ1zvWdSrlOEb7T81Lt628YQt6VjVaQIDAQABo4IB
5DCCAeAwDgYDVR0PAQH/BAQDAgWgMIGOBggrBgEFBQcBAQSBgTB/MEQGCCsGAQUF
BzAChjhodHRwOi8vc2VjdXJlLmdsb2JhbHNpZ24uY29tL2NhY2VydC9nc3JzYW92
c3NsY2EyMDE4LmNydDA3BggrBgEFBQcwAYYraHR0cDovL29jc3AuZ2xvYmFsc2ln
bi5jb20vZ3Nyc2FvdnNzbGNhMjAxODBWBgNVHSAETzBNMEEGCSsGAQQBoDIBFDA0
MDIGCCsGAQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0
b3J5LzAIBgZngQwBAgIwCQYDVR0TBAIwADA/BgNVHR8EODA2MDSgMqAwhi5odHRw
Oi8vY3JsLmdsb2JhbHNpZ24uY29tL2dzcnNhb3Zzc2xjYTIwMTguY3JsMCUGA1Ud
EQQeMByCDSoueXMueWFsZS5lZHWCC3lzLnlhbGUuZWR1MB0GA1UdJQQWMBQGCCsG
AQUFBwMBBggrBgEFBQcDAjAfBgNVHSMEGDAWgBT473/yzXhnqN5vjySNiPGHAwKz
6zAdBgNVHQ4EFgQUmINxTtDteSL/JOwyiccyYGWdoS8wEwYKKwYBBAHWeQIEAwEB
/wQCBQAwDQYJKoZIhvcNAQELBQADggEBABWqOVHfxb8m9zvlyR8Oue/gfEio6CD6
EHfN+nZcQSIWJWyFfFezMe+sE1tliM/L/xtZMEiFk1jLUclMeJ+vRxeWyiVqZ5Gk
XN4NcV7rfSvkSlgcuKvM4u3OG84nqAqKQwYeK80CSlBHPsewpKgIV8BBG9wlKom9
iOwrlh1gzDITk2fJ2+vEIHbxSzfEi5n1LZMENAiSo7APTSErJ/u+uyYpO2T76l89
EB8P2l2v4K/F5TMaO0pINoQR4+YVmmBwMC/QL9/3J4n2vbHllztRK8z0ewlPP5yj
K6iZZDYCaysLfq3J8XwM6e/NSHAPITHf4GeRmUnV/kqwVzRkPhKJn4E=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAurbmublzUcor11YH3VoO
qviULU20BI/K5EGFH4NAPuCyuI6ypHRYhtpqkBeemwdor1u0jLYVbLNbPsCazxyk
iCGZ3cv6e0yVEUh6cgqFl2zxdTnAXGOPOD3QdPU6VNCMF1Pug4FpwFY7lGVd4ScG
beZGCs8i/IWVAnPkz9E0a/HVGdxfCiwsqnJtyu8TKbuPcdN7NUZrJZ8OLyitpcNv
skadnziq8lWj6Ut1aZvCXIDnFAmQq6YVy3FMGW2JNwpcmQx1IAE/YVBtMw9rMwzA
bV08snYfHjPM79pjWdu4AN5flWDFMyul5/2isUukW9zsOcGBh/cWaebqU+MdcueG
8acZq9gYpp5VL1aolynp8e6ZE9N+ffuwcIQnU6jnTbpW5qG6mBz0XP3hKWgSjVg0
qADkpimnglrKnFNjLHAvPYaCgcWWaDysMMkaV/GxgmPeM/HGyBorhiNN0Hno99r7
3NFtXVB2csAdSVvdPQef/06HckpnRCAlG0AoZ9fg+cjYajauI67Y+RXxi45DjZ/Z
GTA2sBvEwCaIq02lHG9fMGvNr2H5EWQmEMtJ4b0avaT4806uzt2a0dqk7Khn1KwI
fQ1A3/Q0N4RhtEGJDm3lymI5aODt7Mp5NCXRhfaIzhk/u0/oDKQJ1KO7kGdc71nU
q5ThG+0/NS7etvGELelY1WkCAwEAAQ==
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 15253524598052337008267649730
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'BE'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GlobalSign nv-sa'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GlobalSign RSA OV SSL CA 2018'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-01-02 11:16:29 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-02-03 11:16:28 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Connecticut'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'New Haven'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Yale University'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String '*.ys.yale.edu'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 761728531366671183100061394975228039690482273511688710579827317471510060049386216511184938936299964118301145684182215537472113837742046577520721019830404193741797724557598160264031725587848416259571262640015913399816272194895686300520125452068861872996982316355089284955606185250347752890220314222580631871723156368896831493875265279712187992404293385885655795381990157349683717302921876237608910881485839840909434324671274130421572951262424063329923141139381064204750857346890268896433378777344718396467089698092853315346543811328133302668151987265857065512109345355472173654094538819325710398951956228316297505056909558744314264798449474650947412972743282770251454808292201004823469461950740009908812583625160402397527795235302420175712815889360929797695576203297880260559479691377633286290221324642954759340078041240543156036324197414894897609451417601267567226047088130725972890019807922115287209840986324670753298870037460111023938749082634411517572208223452394240704891100987601676025820971144335095352236738267776791874227627538123943823180121941971065123298493412776897735853049751843821815863749949805599285701825532058517339823408869190545949787031161288342402390736745154150827131720420234813926829140235871368371102078313
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (129 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://secure.globalsign.com/cacert/gsrsaovsslca2018.crt'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.globalsign.com/gsrsaovsslca2018'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (79 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.4146.1.20 (globalsignOVPolicy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.globalsign.com/repository/'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (56 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.globalsign.com/gsrsaovsslca2018.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (30 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.ys.yale.edu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ys.yale.edu'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName f8ef7ff2cd7867a8de6f8f248d88f1870302b3eb
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							9883714ed0ed7922ff24ec3289c73260659da12f
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		0015aa3951dfc5bf26f73be5c91f0eb9efe07c48a8e820fa1077cdfa765c412216256c857c57b331efac135b6588cfcbff1b593048859358cb51c94c789faf471796ca256a6791a45cde0d715eeb7d2be44a581cb8abcce2edce1bce27a80a8a43061e2bcd024a50473ec7b0a4a80857c0411bdc252a89bd88ec2b961d60cc32139367c9dbebc42076f14b37c48b99f52d9304340892a3b00f4d212b27fbbebb26293b64fbea5f3d101f0fda5dafe0afc5e5331a3b4a48368411e3e6159a6070302fd02fdff72789f6bdb1e5973b512bccf47b094f3f9ca32ba8996436026b2b0b7eadc9f17c0ce9efcd48700f2131dfe067919949d5fe4ab05734643e12899f81