*.ucsf.edu

- University of California, San Francisco -

Issued by InCommon RSA Server CA

About this certificate

This digital certificate with serial number d6:9f:82:97:52:e2:03:81:72:26:11:3c:49:8e:28:61 was issued on by Internet2.

With 4 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

University of California, San Francisco

Organization: University of California, San Francisco
Organization unit: UCSF-General
Address: 500 Parnassus Ave
Postal code: 94143
State / Province: California
Locality: San Francisco
Country: US

Internet2

Organization: Internet2
Organization unit: InCommon
State / Province: MI
Locality: Ann Arbor
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): d6:9f:82:97:52:e2:03:81:72:26:11:3c:49:8e:28:61
Serial Number (int): 285283015000831053360959066250595412065
Serial Number lenght: 128 bits, 16 octets

SubjectKeyId: 3d:7e:11:3d:1b:5c:68:1f:73:88:24:c3:ee:d2:85:3a:1d:b7:89:cc
AuthorityKeyId: 1e:05:a3:77:8f:6c:96:e2:5b:87:4b:a6:b4:86:ac:71:00:0c:e7:38

Fingerprint (sha1): 63:b5:10:b3:e3:a5:3d:01:9c:16:49:5f:91:1b:be:c5:2f:83:1e:89
Fingerprint (sha256): 00:36:a5:5d:8a:9b:22:67:eb:85:7a:7e:fb:4b:ae:a5:a7:fa:88:b9:17:ef:68:34:62:99:13:f8:e4:e5:1f:c4

Issuing Certificate URL: http://crt.usertrust.com/InCommonRSAServerCA_2.crt

Revocation information

OCSP Server: http://ocsp.usertrust.com
CRL Distribution Point: http://crl.incommon-rsa.org/InCommonRSAServerCA.crl

Check the revocation status for certificate *.ucsf.edu

4

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for *.ucsf.edu

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

*.ucsf.edu
*.ucsfbenioffchildrens.org
*.ucsfhealth.org
*.ucsfmedicalcenter.org

Other certificates including the domain name ucsf.edu

(limited to 100 certificates)
www.suzeelee.ucsf.edu
sni.cloudflaressl.com
*.ucsf.edu
lecturepilot.ucsf.edu
barabanlab.ucsf.edu
sni.cloudflaressl.com
wiki.docking.org
5682617542246400-fe1.pantheonsite.io
alertus.ucsf.edu
ucdc.edu
akamai-san50.exacttarget.com
5720929187397632-fe3.pantheonsite.io
sni.cloudflaressl.com
us.prod.campusgroups.com
sni.cloudflaressl.com
biochem.ucsf.edu
mdadmissions.ucsf.edu
image.serviciokia.com.ec
portfolio.ucsf.edu
5673309542809600-fe1.pantheonsite.io
sni.cloudflaressl.com
sni.cloudflaressl.com
sni.cloudflaressl.com
www.suzeelee.ucsf.edu
modbase.compbio.ucsf.edu
sni.cloudflaressl.com
5673309542809600-fe1.pantheonsite.io
menus.library.ucsf.edu
5673309542809600-fe1.pantheonsite.io
test.eis.uw.edu
incapsula.com
image.serviciokia.com.ec
sni.cloudflaressl.com
gartnerdata.ucsf.edu
sni.cloudflaressl.com
sni.cloudflaressl.com
5682617542246400-fe1.pantheonsite.io
neuroscape.ucsf.edu
scalefunder.net
gmail.ucsf.edu
iris-pa-dev.ucsf.edu
shiehlab.ucsf.edu
sni.cloudflaressl.com
vx105.ucsf.edu
5673309542809600-fe1.pantheonsite.io
view.our.ucsf.edu
5684453372329984-fe2.pantheonsite.io
jdgmail.ucsf.edu
us.prod.campusgroups.com
bionano.ucsf.edu
hivinsite.ucsf.edu
weinbergerlab.ucsf.edu
sni.cloudflaressl.com
suzeelee.ucsf.edu
prospector.ucsf.edu
remote.ucsf.edu
opengut.ucsf.edu
humangenetics.ucsf.edu
na132-2.cdn.salesforce-communities.com
precisionneuro-radiology.ucsf.edu
5632490240737280-fe4.pantheonsite.io
transcare.ucsf.edu
sni.cloudflaressl.com
sni.cloudflaressl.com
moodle.ucsf.edu
dermpath.ucsf.edu
sni.cloudflaressl.com
clinicaltrials.ucsf.edu
sni.cloudflaressl.com
cwms-admin.infra.ucsf.edu
dermpath.ucsf.edu
sni.cloudflaressl.com
sni.cloudflaressl.com
champagne.ucsf.edu
mydocs.ucsf.edu
sni.cloudflaressl.com
www.dermpath.ucsf.edu
sni.cloudflaressl.com
fredchanglab.ucsf.edu
sni.cloudflaressl.com
weinbergerlab.ucsf.edu
tls.automattic.com
sni.cloudflaressl.com
dermatopathology.ucsf.edu
parngti.radiology.ucsf.edu
5706316634914816-fe1.pantheonsite.io
dermatology.ucsf.edu
makeagift.ucsf.edu
prevention.ucsf.edu
sni.cloudflaressl.com
wiki.docking.org
sni.cloudflaressl.com
sni.cloudflaressl.com
wiki.wynton.ucsf.edu
rtemis.mac-internal.ucsf.edu
5682617542246400-fe1.pantheonsite.io
sni.cloudflaressl.com
sni.cloudflaressl.com
bejih.com
mail.ucsf.edu

Certificate

The complete raw certificate details for *.ucsf.edu in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIHTzCCBjegAwIBAgIRANafgpdS4gOBciYRPEmOKGEwDQYJKoZIhvcNAQELBQAw
djELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk1JMRIwEAYDVQQHEwlBbm4gQXJib3Ix
EjAQBgNVBAoTCUludGVybmV0MjERMA8GA1UECxMISW5Db21tb24xHzAdBgNVBAMT
FkluQ29tbW9uIFJTQSBTZXJ2ZXIgQ0EwHhcNMjAwNDE1MDAwMDAwWhcNMjIwNDE1
MjM1OTU5WjCBxDELMAkGA1UEBhMCVVMxDjAMBgNVBBETBTk0MTQzMRMwEQYDVQQI
EwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRowGAYDVQQJExE1
MDAgUGFybmFzc3VzIEF2ZTEwMC4GA1UEChMnVW5pdmVyc2l0eSBvZiBDYWxpZm9y
bmlhLCBTYW4gRnJhbmNpc2NvMRUwEwYDVQQLEwxVQ1NGLUdlbmVyYWwxEzARBgNV
BAMMCioudWNzZi5lZHUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDM
kzj/9E2M3MMbeOp2XXlYfEcWR+I4UurI/7aP+HJuB7oj+gJlTIKVOBu6KAYp0zqy
ON43b0Hpm7Lim9Vu8BccBpXYG3bZKrBOD0/adytW20GEzL2drQ7WeJA7BYYJJkHR
WsC95/Y85KvpqgvAmvDAMm6yRE/vwgzHXpgTvQteGlj/dIQnltUAcZWbt34mMncw
Hq+r0H2SWbFIldwdfiEmUsAQKjx13aMGnYYl74wXehaEjWhMEwy17MmHdyFVrXxM
bGubDIMiZBhARkTj6DwUm46swDKJ7bCO5fOjtHHyVxN3CTLbhF396reAKiUm0Aog
Wt18FI14jruZTY8UHYLPAgMBAAGjggOHMIIDgzAfBgNVHSMEGDAWgBQeBaN3j2yW
4luHS6a0hqxxAAznODAdBgNVHQ4EFgQUPX4RPRtcaB9ziCTD7tKFOh23icwwDgYD
VR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEG
CCsGAQUFBwMCMGcGA1UdIARgMF4wUgYMKwYBBAGuIwEEAwEBMEIwQAYIKwYBBQUH
AgEWNGh0dHBzOi8vd3d3LmluY29tbW9uLm9yZy9jZXJ0L3JlcG9zaXRvcnkvY3Bz
X3NzbC5wZGYwCAYGZ4EMAQICMEQGA1UdHwQ9MDswOaA3oDWGM2h0dHA6Ly9jcmwu
aW5jb21tb24tcnNhLm9yZy9JbkNvbW1vblJTQVNlcnZlckNBLmNybDB1BggrBgEF
BQcBAQRpMGcwPgYIKwYBBQUHMAKGMmh0dHA6Ly9jcnQudXNlcnRydXN0LmNvbS9J
bkNvbW1vblJTQVNlcnZlckNBXzIuY3J0MCUGCCsGAQUFBzABhhlodHRwOi8vb2Nz
cC51c2VydHJ1c3QuY29tMIIBfgYKKwYBBAHWeQIEAgSCAW4EggFqAWgAdwBGpVXr
dfqRIDC1oolp9PN9ESxBdL79SbiFq/L8cP5tRwAAAXF+YKs3AAAEAwBIMEYCIQCo
1hfLOTODoJgldI8y8jOJgyihyzwEyIjZKBJUK8eO8QIhAPrBf187wrrrBrMgcyFB
DeOxzTG3LPl48/Y65sXmSrJzAHYA36Veq2iCTx9sre64X04+WurNohKkal6OOxLA
IERcKnMAAAFxfmCrXQAABAMARzBFAiB4JsE6mADbFClpEQbelVLEOXULl7/th6Ej
IekV6KDxFwIhAIsFoSt2j3DrE10B6G9lO3cHEqozkLbMKTmch57AKO06AHUAQcjK
sd8iRkoQxqE6CUKHXk4xixsD6+tLx2jwkGKWBvYAAAFxfmCrjAAABAMARjBEAiAC
DjfmmLXPihvvQXv3J8klTW6S7ndtb4EnX/Tms7QzFQIgY+x5HUKIJSnsPUJXoQM1
LpfUFXW+p8lQSLIzu4fyXSswXAYDVR0RBFUwU4IKKi51Y3NmLmVkdYIaKi51Y3Nm
YmVuaW9mZmNoaWxkcmVucy5vcmeCECoudWNzZmhlYWx0aC5vcmeCFyoudWNzZm1l
ZGljYWxjZW50ZXIub3JnMA0GCSqGSIb3DQEBCwUAA4IBAQBMuGpQEYK8SNe5C9Z5
MUdGSNeRFsB2GLH2Q9S31kjoTKTBtsXjp7+6WTPur26+ngPSoYEeFUdevC+8POUH
Bi04YSFd2aKqzzpAzDfCVo/uHVexi9evr86PNXX6tH/cF8aAYR4D5pt3tPTdw0kU
iFkCDlrPIb9v6N5mTC6J7iUgzSzzi7Q1fdQug9r9wj9O+ezEA4++wZ45enruMIBV
G9+1zEzWLlkdf0WNerBTXcPZEzVqnrlmXky6y4mzYvFT9LsUrD6Mx21wz1AcvgM+
6kkPnocNK0gOwPUPybG7ozqevya8T5z6RyCUvhgX4kJHDyPelMrkQJim27Hs0N9O
owjP
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzJM4//RNjNzDG3jqdl15
WHxHFkfiOFLqyP+2j/hybge6I/oCZUyClTgbuigGKdM6sjjeN29B6Zuy4pvVbvAX
HAaV2Bt22SqwTg9P2ncrVttBhMy9na0O1niQOwWGCSZB0VrAvef2POSr6aoLwJrw
wDJuskRP78IMx16YE70LXhpY/3SEJ5bVAHGVm7d+JjJ3MB6vq9B9klmxSJXcHX4h
JlLAECo8dd2jBp2GJe+MF3oWhI1oTBMMtezJh3chVa18TGxrmwyDImQYQEZE4+g8
FJuOrMAyie2wjuXzo7Rx8lcTdwky24Rd/eq3gColJtAKIFrdfBSNeI67mU2PFB2C
zwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 285283015000831053360959066250595412065
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'MI'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Ann Arbor'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Internet2'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'InCommon'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'InCommon RSA Server CA'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2020-04-15 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2022-04-15 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.17 (postalCode)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '94143'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'California'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'San Francisco'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.9 (streetAddress)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '500 Parnassus Ave'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'University of California, San Francisco'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'UCSF-General'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String '*.ucsf.edu'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 25825212410300909773360799347671364108788483599101694470034414061750618409162141874628017442145023691217033658238026479139257643429116425393596271370781310757715861145889086762769908968201212523915451847468067934805934678766418179152358834824993178978981933777682162820746387905940315939438722401503670575584080724532147754800844011782494217871629519686450276326215225300701075115123085785151904006256153233168576519781343930155024242158665244565439639840967851940523998887566419374984846908695284247705053843145958814700998317197167082208290998605138730426200560413995943042723958364959860886594785797361880644027087
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 1e05a3778f6c96e25b874ba6b486ac71000ce738
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							3d7e113d1b5c681f738824c3eed2853a1db789cc
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (96 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.5923.1.4.3.1.1
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.incommon.org/cert/repository/cps_ssl.pdf'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (61 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.incommon-rsa.org/InCommonRSAServerCA.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (105 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.usertrust.com/InCommonRSAServerCA_2.crt'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.usertrust.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (366 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (362 bytes)
							016800770046a555eb75fa912030b5a28969f4f37d112c4174befd49b885abf2fc70fe6d47000001717e60ab370000040300483046022100a8d617cb393383a09825748f32f233898328a1cb3c04c888d92812542bc78ef1022100fac17f5f3bc2baeb06b3207321410de3b1cd31b72cf978f3f63ae6c5e64ab273007600dfa55eab68824f1f6cadeeb85f4e3e5aeacda212a46a5e8e3b12c020445c2a73000001717e60ab5d000004030047304502207826c13a9800db1429691106de9552c439750b97bfed87a12321e915e8a0f1170221008b05a12b768f70eb135d01e86f653b770712aa3390b6cc29399c879ec028ed3a00750041c8cab1df22464a10c6a13a0942875e4e318b1b03ebeb4bc768f090629606f6000001717e60ab8c00000403004630440220020e37e698b5cf8a1bef417bf727c9254d6e92ee776d6f81275ff4e6b3b43315022063ec791d42882529ec3d4257a103352e97d41575bea7c95048b233bb87f25d2b
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (85 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.ucsf.edu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.ucsfbenioffchildrens.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.ucsfhealth.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.ucsfmedicalcenter.org'
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		004cb86a501182bc48d7b90bd67931474648d79116c07618b1f643d4b7d648e84ca4c1b6c5e3a7bfba5933eeaf6ebe9e03d2a1811e15475ebc2fbc3ce507062d3861215dd9a2aacf3a40cc37c2568fee1d57b18bd7afafce8f3575fab47fdc17c680611e03e69b77b4f4ddc349148859020e5acf21bf6fe8de664c2e89ee2520cd2cf38bb4357dd42e83dafdc23f4ef9ecc4038fbec19e397a7aee3080551bdfb5cc4cd62e591d7f458d7ab0535dc3d913356a9eb9665e4cbacb89b362f153f4bb14ac3e8cc76d70cf501cbe033eea490f9e870d2b480ec0f50fc9b1bba33a9ebf26bc4f9cfa472094be1817e242470f23de94cae44098a6dbb1ecd0df4ea308cf