mhsm-win-synthetics.managedhsm.azure.net

- Microsoft Corporation -

Issued by Microsoft Azure RSA TLS Issuing CA 03

About this certificate

This digital certificate with serial number 33:00:2e:4b:13:59:43:31:ab:d9:ab:5e:5c:00:00:00:2e:4b:13 was issued on by Microsoft Corporation.

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Microsoft Corporation

Organization: Microsoft Corporation
State / Province: WA
Locality: Redmond
Country: US

Microsoft Corporation

Organization: Microsoft Corporation
Country: US

This certificate will expire on

Certificate Details

Serial Number (hex): 33:00:2e:4b:13:59:43:31:ab:d9:ab:5e:5c:00:00:00:2e:4b:13
Serial Number (int): 1137353757906503925682626305362306133392247571
Serial Number lenght: 150 bits, 19 octets

SubjectKeyId: 80:57:23:4e:7c:28:f7:f9:2a:57:83:38:8f:18:38:ba:6a:60:1d:d4
AuthorityKeyId: fe:09:71:40:55:05:10:44:d8:a4:81:75:b8:9e:1a:e9:4a:06:88:c8

Fingerprint (sha1): 3e:7d:8d:2d:ca:9d:8f:db:e4:60:73:84:3c:89:71:bb:9c:e2:4f:6f
Fingerprint (sha256): 00:48:55:c4:eb:f9:ce:2d:ef:b3:ac:e2:b3:1b:ee:c6:3b:0f:3e:1e:a4:3c:fb:14:fe:d8:cf:9c:a1:b8:ed:f1

Issuing Certificate URL: http://www.microsoft.com/pkiops/certs/Microsoft%20Azure%20RSA%20TLS%20Issuing%20CA%2003%20-%20xsign.crt

Revocation information

OCSP Server: http://oneocsp.microsoft.com/ocsp
CRL Distribution Point: http://www.microsoft.com/pkiops/crl/Microsoft%20Azure%20RSA%20TLS%20Issuing%20CA%2003.crl

Check the revocation status for certificate mhsm-win-synthetics.managedhsm.azure.net

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for mhsm-win-synthetics.managedhsm.azure.net

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA384 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Client Authentication
Server Authentication

Extensions

12 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

mhsm-win-synthetics.managedhsm.azure.net
*.mhsm-win-synthetics.managedhsm.azure.net

Other certificates including the domain name azure.net

(limited to 100 certificates)
adeidentity-PN1PrdApp07.diskencryption.azure.net
azattesttest.westus.cloudapp.azure.com
*.blob.core.windows.net
*.eastus2.redisenterprise.cache.azure.net
adeidentity-BLAPrdHPC02.diskencryption.azure.net
*.blob.core.windows.net
*.file.core.windows.net
*.table.core.windows.net
*.table.core.windows.net
hsm2.mytestchsmpool1118-hccwg7c4a9dzdja3.cloudhsm.azure.net
adeidentity-DB4PrdHPC01.diskencryption.azure.net
hsm2.mytestchsmpool1118-hccwg7c4a9dzdja3.cloudhsm.azure.net
*.file.core.windows.net
PDBidDigiCertCert.managedhsm.azure.net
hsm1.jesimme-001-akb4bdc7gwc2hpcf.cloudhsm.azure.net
*.queue.core.windows.net
hsm1.mytestchsmpool1118-hccwg7c4a9dzdja3.cloudhsm.azure.net
hsm2.mytestchsmpool1118-hccwg7c4a9dzdja3.cloudhsm.azure.net
*.account.core.windows.net
*.eastus2.redisenterprise.cache.azure.net
adeidentity-MWH04PrdApp14.diskencryption.azure.net
*.file.core.windows.net
*.web.core.windows.net
*.eventgrid-int.azure.net
afsppweu-cp.afs.azure.net
*.dfs.core.windows.net
b2b.azure.net
*.table.core.windows.net
*.dfs.core.windows.net
*.blob.core.windows.net
hsm1.jesimme-001-akb4bdc7gwc2hpcf.cloudhsm.azure.net
*.queue.core.windows.net
adeidentity-BY4PrdDDC15.diskencryption.azure.net
hsm1.mytestchsmpool1118-hccwg7c4a9dzdja3.cloudhsm.azure.net
*.queue.core.windows.net
hsm1.mytestchsmpool1118-hccwg7c4a9dzdja3.cloudhsm.azure.net
*.queue.core.windows.net
hsm1.mytestchsmpool1118-hccwg7c4a9dzdja3.cloudhsm.azure.net
*.account.core.windows.net
mhsm-wus-synthetics.managedhsm.azure.net
hsm2.jesimme-001-akb4bdc7gwc2hpcf.cloudhsm.azure.net
*.blob.core.windows.net
hsm2.mytestchsmpool1118-hccwg7c4a9dzdja3.cloudhsm.azure.net
*.table.core.windows.net
hsm1.jesimme-001-akb4bdc7gwc2hpcf.cloudhsm.azure.net
hsm2.jesimme-001-akb4bdc7gwc2hpcf.cloudhsm.azure.net
*.file.core.windows.net
hsm1.jesimme-001-akb4bdc7gwc2hpcf.cloudhsm.azure.net
*.queue.core.windows.net
hsm1.jesimme-001-akb4bdc7gwc2hpcf.cloudhsm.azure.net
*.blob.core.windows.net
afsppjpw-dp.afs.azure.net
hsm2.jesimme-001-akb4bdc7gwc2hpcf.cloudhsm.azure.net
afsppden-dp.afs.azure.net
*.dfs.core.windows.net
*.centraluseuap.redisenterprise.cache.azure.net
*.account.core.windows.net
hsm2.jesimme-001-akb4bdc7gwc2hpcf.cloudhsm.azure.net
*.dfs.core.windows.net
*.queue.core.windows.net
*.queue.core.windows.net
cp-mhsm-wus2-synthetics.managedhsm.azure.net
CHI21PrdApp01.prod.idns.azure.net
*.file.core.windows.net
cvprhkn01v.cloudvideo.azure.net
*.file.core.windows.net
*.dfs.core.windows.net
hsm2.mytestchsmpool1118-hccwg7c4a9dzdja3.cloudhsm.azure.net
hsm2.jesimme-001-akb4bdc7gwc2hpcf.cloudhsm.azure.net
*.dfs.core.windows.net
hsm1.jesimme-001-akb4bdc7gwc2hpcf.cloudhsm.azure.net
*.blob.core.windows.net
*.table.core.windows.net
*.blob.core.windows.net
CBN06PrdApp01.prod.idns.azure.net
*.dfs.core.windows.net
adeidentity-BL6PrdApp10.diskencryption.azure.net
*.blob.core.windows.net
MhsmKeylessPOCAME.managedhsm.azure.net
*.file.core.windows.net
kvHsm240510011646097002.managedhsm.azure.net
kvHsm240514041830028086.managedhsm.azure.net
adeidentity-AMS20PrdHPC01.diskencryption.azure.net
*.dfs.core.windows.net
hsm2.jesimme-001-akb4bdc7gwc2hpcf.cloudhsm.azure.net
*.blob.core.windows.net
mhsm-win-synthetics.managedhsm.azure.net
*.dfs.core.windows.net
vault.azure.net
CBZ07PrdApp01.prod.idns.azure.net
*.web.core.windows.net
*.queue.core.windows.net
*.queue.core.windows.net
ig-mhsm-uks-synthetics.managedhsm.azure.net
*.blob.core.windows.net
*.identity.azure.net
*.dfs.core.windows.net
*.table.core.windows.net
*.file.core.windows.net
*.queue.core.windows.net

Certificate

The complete raw certificate details for mhsm-win-synthetics.managedhsm.azure.net in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIIwjCCBqqgAwIBAgITMwAuSxNZQzGr2ateXAAAAC5LEzANBgkqhkiG9w0BAQwF
ADBdMQswCQYDVQQGEwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9u
MS4wLAYDVQQDEyVNaWNyb3NvZnQgQXp1cmUgUlNBIFRMUyBJc3N1aW5nIENBIDAz
MB4XDTI0MDQwMzIyMDg0NFoXDTI1MDMyOTIyMDg0NFowfzELMAkGA1UEBhMCVVMx
CzAJBgNVBAgTAldBMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3Nv
ZnQgQ29ycG9yYXRpb24xMTAvBgNVBAMTKG1oc20td2luLXN5bnRoZXRpY3MubWFu
YWdlZGhzbS5henVyZS5uZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDFEpq2equaef6wbmRBg4v77nhilxYuXW98F8eEEW4+v8b9avAeVDM+ZJ1zxJlb
WQMc122JqAyIYxxSA1fcKlgAhRmfZmlVlkMYaTVti3DCbARfP00nqq5NwOiOKL7M
gsO0wFZSiujn8KsBmTWr8Poxa1zDdOMzvtIjBEeEu25dwW2DUVifGlOiX9bS4oeg
Wa3RrjGNXCCubT0DPRs7mF2JPs45BCk/aUTnMkIKN47Cqu0oMx9XC4lx+tk6nLxQ
iZDx8gNuMTQWHuMv8r6li57LGSnHfIJ/5rsrE5ICN0bi9bcUl4m+zkBG7+tRhUK1
mEEFc2xnGjGMTF4FVnXZnOSrAgMBAAGjggRXMIIEUzCCAX8GCisGAQQB1nkCBAIE
ggFvBIIBawFpAHYAzxFW7tUufK/zh1vZaS6b6RpxZ0qwF+ysAdJbd87MOwgAAAGO
pgsSXwAABAMARzBFAiEA6svYeKKCtMGPSd1NWzh7wo0DFPLKDIr0NUD7wfyW17UC
IBp0pP/7PkH6m5swpY3fC6xU8Rteg1TZu+roESY6Y4e5AHYAfVkeEuF4KnscYWd8
Xv340IdcFKBOlZ65Ay/ZDowuebgAAAGOpgsSFgAABAMARzBFAiEA2ZEGXF6qeGP2
5r/yoFrMMLiBudhnYgoi/oeCwPYtqzkCIAVHpTdgY071GG+QWKmUSfeTKBBPw6zP
JekLQB+4f9xkAHcAVYHUwhaQNgFK6gubVzxT8MDkOHhwJQgXL6OqHQcT0wwAAAGO
pgsSmAAABAMASDBGAiEAhFFYDHNyinHf/HVkaAflXo4qAdn6o1lhbviWVMC4AXwC
IQDA8nZaGC//ieaK0P8r7SWpp4HqFrTrbbC/lJiSyAxrfjAnBgkrBgEEAYI3FQoE
GjAYMAoGCCsGAQUFBwMCMAoGCCsGAQUFBwMBMDwGCSsGAQQBgjcVBwQvMC0GJSsG
AQQBgjcVCIe91xuB5+tGgoGdLo7QDIfw2h1dgoTlaYLzpz4CAWQCASYwgbQGCCsG
AQUFBwEBBIGnMIGkMHMGCCsGAQUFBzAChmdodHRwOi8vd3d3Lm1pY3Jvc29mdC5j
b20vcGtpb3BzL2NlcnRzL01pY3Jvc29mdCUyMEF6dXJlJTIwUlNBJTIwVExTJTIw
SXNzdWluZyUyMENBJTIwMDMlMjAtJTIweHNpZ24uY3J0MC0GCCsGAQUFBzABhiFo
dHRwOi8vb25lb2NzcC5taWNyb3NvZnQuY29tL29jc3AwHQYDVR0OBBYEFIBXI058
KPf5KleDOI8YOLpqYB3UMA4GA1UdDwEB/wQEAwIFoDBfBgNVHREEWDBWgihtaHNt
LXdpbi1zeW50aGV0aWNzLm1hbmFnZWRoc20uYXp1cmUubmV0gioqLm1oc20td2lu
LXN5bnRoZXRpY3MubWFuYWdlZGhzbS5henVyZS5uZXQwDAYDVR0TAQH/BAIwADBq
BgNVHR8EYzBhMF+gXaBbhllodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3Bz
L2NybC9NaWNyb3NvZnQlMjBBenVyZSUyMFJTQSUyMFRMUyUyMElzc3VpbmclMjBD
QSUyMDAzLmNybDBmBgNVHSAEXzBdMFEGDCsGAQQBgjdMg30BATBBMD8GCCsGAQUF
BwIBFjNodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL0RvY3MvUmVwb3Np
dG9yeS5odG0wCAYGZ4EMAQICMB8GA1UdIwQYMBaAFP4JcUBVBRBE2KSBdbieGulK
BojIMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATANBgkqhkiG9w0BAQwF
AAOCAgEAYHra+FOxebuK/JZhNGJeYk7O2G6Iw2XDt9wVmcHqmGIfb5EodzjzxeZ7
SDDaSln86CrHa3+qUW6Ks8jNb++dkAr2hCx/RP1l1zo0fY89VQf9udhubPGJdYQ3
gHvPwVPVulc5uq9SCSaXb6mzssRt78KBuoxO+QtnTdt2Hu1jcgAkTL7Fy8xYl/Z/
IoCJPTErTGFHbXvWUQ3ST/ifNohaLYdtv5+LHN7dTb5reenI2Cv4nOAQo3GDP/t8
SzVeGdcKZFY6U8uTpiZbpopOF3wfClQs9M9IlUTBkaPFHk/4ST8P5mTk+h6bAEIk
M/4HfFiW8eeIp4nHOJzd8ybE4lqccoFeD1dowx9OvHBZ+f2kX5WidIeryD+oitnT
Gu6EHrkxaROT4dEZ/sDqkhZvToAHQMwHsCHahnFt5OnEXyfe7CoY6GBQBSIEUm2x
1sN9a90bkmnXb+6X2/+h6zsoO/pbwt6J/rDV2MylIY+TrSn4ehFxDsDnYXCkcOst
fTdO/1FafBcIkfkqu11W3i1kefLgoDYnNkf8bGbv1nO2xpaWVaCPe8Bq/HZnix84
bq3n2zc8X+8wLmQeLdwsYPUwFWY0Y8hsDevc9YLfnnbod4acxq4Iw/ZYuwePFlsE
OkE8lo/sTivAAeUzQ0txmHTSdvtljqg1yHExX98bjEbD9goHCP0=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxRKatnqrmnn+sG5kQYOL
++54YpcWLl1vfBfHhBFuPr/G/WrwHlQzPmSdc8SZW1kDHNdtiagMiGMcUgNX3CpY
AIUZn2ZpVZZDGGk1bYtwwmwEXz9NJ6quTcDojii+zILDtMBWUoro5/CrAZk1q/D6
MWtcw3TjM77SIwRHhLtuXcFtg1FYnxpTol/W0uKHoFmt0a4xjVwgrm09Az0bO5hd
iT7OOQQpP2lE5zJCCjeOwqrtKDMfVwuJcfrZOpy8UImQ8fIDbjE0Fh7jL/K+pYue
yxkpx3yCf+a7KxOSAjdG4vW3FJeJvs5ARu/rUYVCtZhBBXNsZxoxjExeBVZ12Zzk
qwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 1137353757906503925682626305362306133392247571
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.12 (sha384WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Microsoft Corporation'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Microsoft Azure RSA TLS Issuing CA 03'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-04-03 22:08:44 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-03-29 22:08:44 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'WA'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Redmond'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Microsoft Corporation'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'mhsm-win-synthetics.managedhsm.azure.net'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 24878120223700606788819574856227468584270382367374581680604505685859850708125886692453020447810341825863831996939400263557034990974769747259035317984656453594092364071703443145667147712816758923240041672574793154065953623408958155780640806086296826384863558693995398674078181704338407477326096216590498818701625932232657406873133398866809022759344951992710503393462540943285319106844612242966755496055085125683951206397126529432506929266658635238147188565363733695601229905465478355591914471725980161610794615975841437759079116665505957090864431940779633529104291014352575896420530237186494624981426205109421256533163
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (367 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (363 bytes)
							0169007600cf1156eed52e7caff3875bd9692e9be91a71674ab017ecac01d25b77cecc3b080000018ea60b125f0000040300473045022100eacbd878a282b4c18f49dd4d5b387bc28d0314f2ca0c8af43540fbc1fc96d7b502201a74a4fffb3e41fa9b9b30a58ddf0bac54f11b5e8354d9bbeae811263a6387b90076007d591e12e1782a7b1c61677c5efdf8d0875c14a04e959eb9032fd90e8c2e79b80000018ea60b12160000040300473045022100d991065c5eaa7863f6e6bff2a05acc30b881b9d867620a22fe8782c0f62dab3902200547a53760634ef5186f9058a99449f79328104fc3accf25e90b401fb87fdc640077005581d4c2169036014aea0b9b573c53f0c0e43878702508172fa3aa1d0713d30c0000018ea60b129800000403004830460221008451580c73728a71dffc75646807e55e8e2a01d9faa359616ef89654c0b8017c022100c0f2765a182fff89e68ad0ff2bed25a9a781ea16b4eb6db0bf949892c80c6b7e
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.21.10 (applicationCertPolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (26 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.21.7 (certificateTemplate)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (47 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.21.8.15690651.3798470.4214446.239628.16526621.93.4272873.6083518
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 100
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 38
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (167 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://www.microsoft.com/pkiops/certs/Microsoft%20Azure%20RSA%20TLS%20Issuing%20CA%2003%20-%20xsign.crt'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://oneocsp.microsoft.com/ocsp'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							8057234e7c28f7f92a5783388f1838ba6a601dd4
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (88 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mhsm-win-synthetics.managedhsm.azure.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.mhsm-win-synthetics.managedhsm.azure.net'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (99 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://www.microsoft.com/pkiops/crl/Microsoft%20Azure%20RSA%20TLS%20Issuing%20CA%2003.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (95 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.76.509.1.1
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.microsoft.com/pkiops/Docs/Repository.htm'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName fe09714055051044d8a48175b89e1ae94a0688c8
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.12 (sha384WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (4096 bits)
		00607adaf853b179bb8afc966134625e624eced86e88c365c3b7dc1599c1ea98621f6f91287738f3c5e67b4830da4a59fce82ac76b7faa516e8ab3c8cd6fef9d900af6842c7f44fd65d73a347d8f3d5507fdb9d86e6cf189758437807bcfc153d5ba5739baaf520926976fa9b3b2c46defc281ba8c4ef90b674ddb761eed637200244cbec5cbcc5897f67f2280893d312b4c61476d7bd6510dd24ff89f36885a2d876dbf9f8b1cdedd4dbe6b79e9c8d82bf89ce010a371833ffb7c4b355e19d70a64563a53cb93a6265ba68a4e177c1f0a542cf4cf489544c191a3c51e4ff8493f0fe664e4fa1e9b00422433fe077c5896f1e788a789c7389cddf326c4e25a9c72815e0f5768c31f4ebc7059f9fda45f95a27487abc83fa88ad9d31aee841eb931691393e1d119fec0ea92166f4e800740cc07b021da86716de4e9c45f27deec2a18e86050052204526db1d6c37d6bdd1b9269d76fee97dbffa1eb3b283bfa5bc2de89feb0d5d8cca5218f93ad29f87a11710ec0e76170a470eb2d7d374eff515a7c170891f92abb5d56de2d6479f2e0a036273647fc6c66efd673b6c6969655a08f7bc06afc76678b1f386eade7db373c5fef302e641e2ddc2c60f53015663463c86c0debdcf582df9e76e877869cc6ae08c3f658bb078f165b043a413c968fec4e2bc001e533434b719874d276fb658ea835c871315fdf1b8c46c3f60a0708fd