images.partner.windowsphone.com

Issued by MSIT Machine Auth CA 2

About this certificate

This digital certificate with serial number 50:ff:d0:94:00:01:00:00:44:c5 was issued on byMSIT Machine Auth CA 2.

With 42 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • KeyUsage [DataEncipherment DigitalSignature KeyEncipherment] (00001101) inconsistent with multiple purpose ExtKeyUsage [clientAuth serverAuth] The certificate MUST only be used for a purpose consistent with both key usage extension and extended key usage extension. (RFC 5280, Section 4.2.1.12.)
  • Subscriber Certificate: authorityInformationAccess MUST contain the HTTP URL of the Issuing CA's OSCP responder. (BRs: 7.1.2.3)
  • Subscriber certificates must contain at least one policy identifier that indicates adherence to CAB standards (BRs: 7.1.2.3)
  • Subscriber Certificate: certificatePolicies MUST be present and SHOULD NOT be marked critical. (BRs: 7.1.2.3)
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)
  • The keyUsage extension SHOULD be critical (RFC 5280: 4.2.1.3)
  • Subscriber certificates authorityInformationAccess extension should contain the HTTP URL of the issuing CA’s certificate, for public certificates this should not be an internal name (BRs: 7.1.2.10.3)

Certificate Subject

CN=images.partner.windowsphone.com

MSIT Machine Auth CA 2

This certificate has expire since

Certificate Details

Serial Number (hex): 50:ff:d0:94:00:01:00:00:44:c5
Serial Number (int): 382508268006228289930437
Serial Number lenght: 79 bits, 10 octets

SubjectKeyId: 18:9f:55:14:7e:f4:ee:f2:ae:63:30:07:e5:aa:99:1e:a0:1d:e5:df
AuthorityKeyId: eb:db:11:5e:f8:09:9e:d8:d6:62:9c:fd:62:9d:e3:84:4a:28:e1:27

Fingerprint (sha1): e0:d3:42:95:99:91:9a:0d:3d:42:85:72:1e:3a:8d:db:f7:23:e3:e9
Fingerprint (sha256): 00:d1:06:5c:66:03:a7:c9:93:88:29:27:c0:7e:f5:75:05:87:c5:40:af:c3:47:1c:51:35:bc:38:73:ee:21:62

Issuing Certificate URL: http://www.microsoft.com/pki/mscorp/MSIT%20Machine%20Auth%20CA%202(1).crt
Issuing Certificate URL: http://corppki/aia/MSIT%20Machine%20Auth%20CA%202(1).crt

Revocation information

CRL Distribution Point: http://mscrl.microsoft.com/pki/mscorp/crl/MSIT%20Machine%20Auth%20CA%202(1).crl
CRL Distribution Point: http://crl.microsoft.com/pki/mscorp/crl/MSIT%20Machine%20Auth%20CA%202(1).crl
CRL Distribution Point: http://corppki/crl/MSIT%20Machine%20Auth%20CA%202(1).crl

Check the revocation status for certificate images.partner.windowsphone.com

42

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for images.partner.windowsphone.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA1 with RSA

Key Usage

Digital Signature
Key Encipherment
Data Encipherment

Extended Key Usages

Client Authentication
Server Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

*.microsoft.com
*.msn-int.com
*.msn.com
*.officeapps.live.com
*.live-int.com
*.sharepointonline.com
*.windowsphone-int.com
*.windowsphone.com
*.cmsresources.windowsphone-int.com
*.marketplace.windowsmobile-int.com
*.wlxrs-int.com
*.shared.live-int.com
*.shared.live.com
*.wlxrs.com
*.ads2.msads.net
*.aspnetcdn.com
*.c3scs.jp.msn.com
*.cmsresources.windowsphone.com
*.f1ds.shared.live-int.com
*.f1ds.wlxrs-int.com
*.jp.msn.com
*.live-int.net
*.live.com
*.live.net
*.manage.microsoft.com
*.marketplace.windowsmobile-perf.com
*.marketplace.windowsmobile.com
*.microsoft-sbs-domains.com
*.msads.net
*.partner-df.windowsphone-int.com
*.partners.msn.com
*.s-msn.com
*.st.s-msn.com
*.stb.s-msn.com
*.stc.s-msn.com
*.stj.s-msn.com
*.wlxrsu-int.com
images.partner.windowsphone-int.com
images.partner.windowsphone.com
*.dev.skype.com
*.ucwa.lync.com
*.vo.msecnd.net

Other certificates including the domain name windowsphone.com

(limited to 100 certificates)
dgrepv2-frontend-ppe.trafficmanager.net
accesscontrol.windowsphone.com
images.partner.windowsphone.com
dgrepv2-frontend-ppe.trafficmanager.net
*.vo.msecnd.net
www.windowsphone.com
www.windowsphone.com
*.vo.msecnd.net
dgrepv2-frontend-prod.trafficmanager.net
*.vo.msecnd.net
*.windowsphone.com
workflowservice.dps.mp.microsoft.com
workflowservice.dps.mp.microsoft.com
dgrepv2-frontend-ppe.trafficmanager.net
dcpservice.windowsphone.com
dgrepv2-frontend-ppe.trafficmanager.net
storemanagement.microsoft.com
devx.windows.com
dgrepv2-frontend-ppe.trafficmanager.net
assets.windowsphone.com
*.vo.msecnd.net
*.windowsphone.com
storemanagement.microsoft.com
dgrepv2-frontend-ppe.trafficmanager.net
workflowservice.dps.mp.microsoft.com
*.vo.msecnd.net
simpleuserdeviceservice.windowsphone.com
api.windowsphone.com
www.windowsphone.com
dgrepv2-frontend-ppe.trafficmanager.net
*.windowsphone.com
*.windowsphone.com
nextrealms.windowsphone.com
workflowservice.dps.mp.microsoft.com
dcs-client.windowsphone.com
workflowservice.dps.mp.microsoft.com
dgrepv2-frontend-ppe.trafficmanager.net
www.windowsphone.com
discoveryservice.windowsphone.com
discoveryservice.windowsphone.com
*.scm.windowsphone.com
dgrepv2-frontend-ppe.trafficmanager.net
*.windowsphone.com
manualreview.dps.mp.microsoft.com
dgrepv2-frontend-ppe.trafficmanager.net
*.scm.windowsphone.com
dgrepv2-frontend-ppe.trafficmanager.net
*.vo.msecnd.net
workflowservice.dps.mp.microsoft.com
*.vo.msecnd.net
dgrepv2-frontend-ppe.trafficmanager.net
dgrepv2-frontend-prod.trafficmanager.net
dgrepv2-frontend-ppe.trafficmanager.net
workflowservice.dps.mp.microsoft.com
workflowservice.dps.mp.microsoft.com
workflowservice.dps.mp.microsoft.com
mockpreview.windowsphone.com
dgrepv2-frontend-ppe.trafficmanager.net
*.scm.windowsphone.com
*.vo.msecnd.net
workflowservice.dps.mp.microsoft.com
workflowservice.dps.mp.microsoft.com
devicecertificateservice.windowsphone.com
dgrepv2-frontend-ppe.trafficmanager.net
dgrepv2-frontend-ppe.trafficmanager.net
*.moservices.microsoft.com
ProdGemini.windowsphone.com
*.vo.msecnd.net
workflowservice.dps.mp.microsoft.com
dcpservice.windowsphone.com
workflowservice.dps.mp.microsoft.com
*.vo.msecnd.net
*.vo.msecnd.net
*.vo.msecnd.net
workflowservice.dps.mp.microsoft.com
dgrepv2-frontend-ppe.trafficmanager.net
preview.windowsphone.com
dgrepv2-frontend-ppe.trafficmanager.net
dgrepv2-frontend-ppe.trafficmanager.net
oaspcontent.microsoft.com
feedback.msdn.microsoft.com
loc.cmspreview.windowsphone.com
workflowservice.dps.mp.microsoft.com
dev.windows.com
www.windowsphone.com
oaspcontent.microsoft.com
*.windowsphone.com
wifiservice.windowsphone.com
oas.support.microsoft.com
beta.windowsphone.com
*.vo.msecnd.net
*.windowsphone.com
workflowservice.dps.mp.microsoft.com
*.vo.msecnd.net
dgrepv2-frontend-ppe.trafficmanager.net
manualreview.dps.mp.microsoft.com
manualreview.dps.mp.microsoft.com
www.windowsphone.com
workflowservice.dps.mp.microsoft.com
partner.windowsphone.com

Certificate

The complete raw certificate details for images.partner.windowsphone.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIJQDCCCCigAwIBAgIKUP/QlAABAABExTANBgkqhkiG9w0BAQUFADCBgDETMBEG
CgmSJomT8ixkARkWA2NvbTEZMBcGCgmSJomT8ixkARkWCW1pY3Jvc29mdDEUMBIG
CgmSJomT8ixkARkWBGNvcnAxFzAVBgoJkiaJk/IsZAEZFgdyZWRtb25kMR8wHQYD
VQQDExZNU0lUIE1hY2hpbmUgQXV0aCBDQSAyMB4XDTEzMDIxOTIwNDQzMFoXDTE1
MDIxOTIwNDQzMFowKjEoMCYGA1UEAxMfaW1hZ2VzLnBhcnRuZXIud2luZG93c3Bo
b25lLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMeIF1Az1/yn
cI2R56FDqHaCjfdo/c2sUO0gRfxav2l1uWSnYCXw/qXepwiVRQ/j3A1Y7pjMIS7k
WAFsbmV62Mt9LfdAJOwH/oKq8QbCdq4XxHxM+vv9gARRkCkzzMPgucCHJ/ODmOG8
vpPyK33NSDORI/MhoqwmmOHF8r8jAMevdRKtAXANZN1NGy/go/PZ9hGWp5B10/T5
F1V8wlXFqBZixLRSwoCDPLrQ4je1oCcMVWpbGOZJCkHjCJbuKeh8AhNuYyXmGhPF
X3aHTPM+ASbmbUsJEtp80yAwbI17qWLEyuDXZBVUdIctkUT6B0IFtKxbeQ/QLvNf
h6AhBl/qcJ0CAwEAAaOCBg8wggYLMB0GA1UdDgQWBBQYn1UUfvTu8q5jMAflqpke
oB3l3zALBgNVHQ8EBAMCBLAwHwYDVR0jBBgwFoAU69sRXvgJntjWYpz9Yp3jhEoo
4Scwge4GA1UdHwSB5jCB4zCB4KCB3aCB2oZPaHR0cDovL21zY3JsLm1pY3Jvc29m
dC5jb20vcGtpL21zY29ycC9jcmwvTVNJVCUyME1hY2hpbmUlMjBBdXRoJTIwQ0El
MjAyKDEpLmNybIZNaHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAv
Y3JsL01TSVQlMjBNYWNoaW5lJTIwQXV0aCUyMENBJTIwMigxKS5jcmyGOGh0dHA6
Ly9jb3JwcGtpL2NybC9NU0lUJTIwTWFjaGluZSUyMEF1dGglMjBDQSUyMDIoMSku
Y3JsMIGtBggrBgEFBQcBAQSBoDCBnTBVBggrBgEFBQcwAoZJaHR0cDovL3d3dy5t
aWNyb3NvZnQuY29tL3BraS9tc2NvcnAvTVNJVCUyME1hY2hpbmUlMjBBdXRoJTIw
Q0ElMjAyKDEpLmNydDBEBggrBgEFBQcwAoY4aHR0cDovL2NvcnBwa2kvYWlhL01T
SVQlMjBNYWNoaW5lJTIwQXV0aCUyMENBJTIwMigxKS5jcnQwPwYJKwYBBAGCNxUH
BDIwMAYoKwYBBAGCNxUIg8+JTa3yAoWhnwyC+sp9geH7dIFPg8LthQiOqdKFYwIB
ZAIBCjAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwJwYJKwYBBAGCNxUK
BBowGDAKBggrBgEFBQcDAjAKBggrBgEFBQcDATCCA5AGA1UdEQSCA4cwggODgg8q
Lm1pY3Jvc29mdC5jb22CDSoubXNuLWludC5jb22CCSoubXNuLmNvbYIVKi5vZmZp
Y2VhcHBzLmxpdmUuY29tgg4qLmxpdmUtaW50LmNvbYIWKi5zaGFyZXBvaW50b25s
aW5lLmNvbYIWKi53aW5kb3dzcGhvbmUtaW50LmNvbYISKi53aW5kb3dzcGhvbmUu
Y29tgiMqLmNtc3Jlc291cmNlcy53aW5kb3dzcGhvbmUtaW50LmNvbYIjKi5tYXJr
ZXRwbGFjZS53aW5kb3dzbW9iaWxlLWludC5jb22CDyoud2x4cnMtaW50LmNvbYIV
Ki5zaGFyZWQubGl2ZS1pbnQuY29tghEqLnNoYXJlZC5saXZlLmNvbYILKi53bHhy
cy5jb22CECouYWRzMi5tc2Fkcy5uZXSCDyouYXNwbmV0Y2RuLmNvbYISKi5jM3Nj
cy5qcC5tc24uY29tgh8qLmNtc3Jlc291cmNlcy53aW5kb3dzcGhvbmUuY29tghoq
LmYxZHMuc2hhcmVkLmxpdmUtaW50LmNvbYIUKi5mMWRzLndseHJzLWludC5jb22C
DCouanAubXNuLmNvbYIOKi5saXZlLWludC5uZXSCCioubGl2ZS5jb22CCioubGl2
ZS5uZXSCFioubWFuYWdlLm1pY3Jvc29mdC5jb22CJCoubWFya2V0cGxhY2Uud2lu
ZG93c21vYmlsZS1wZXJmLmNvbYIfKi5tYXJrZXRwbGFjZS53aW5kb3dzbW9iaWxl
LmNvbYIbKi5taWNyb3NvZnQtc2JzLWRvbWFpbnMuY29tggsqLm1zYWRzLm5ldIIh
Ki5wYXJ0bmVyLWRmLndpbmRvd3NwaG9uZS1pbnQuY29tghIqLnBhcnRuZXJzLm1z
bi5jb22CCyoucy1tc24uY29tgg4qLnN0LnMtbXNuLmNvbYIPKi5zdGIucy1tc24u
Y29tgg8qLnN0Yy5zLW1zbi5jb22CDyouc3RqLnMtbXNuLmNvbYIQKi53bHhyc3Ut
aW50LmNvbYIjaW1hZ2VzLnBhcnRuZXIud2luZG93c3Bob25lLWludC5jb22CH2lt
YWdlcy5wYXJ0bmVyLndpbmRvd3NwaG9uZS5jb22CDyouZGV2LnNreXBlLmNvbYIP
Ki51Y3dhLmx5bmMuY29tgg8qLnZvLm1zZWNuZC5uZXQwDQYJKoZIhvcNAQEFBQAD
ggEBAJ/CfomqbWSxidExG4sR0y+rNietrJNrEHDYCRKmKYdBj+oPzJsXgGKkqtQs
Hx1RqEApVNyKsvxpXMRnGvW/52+29jG9IRaJap2PbhD2ziaId7NVktXMzMUVoSU8
r71V3SXrGxRwszGqoOpnRdkO6JTVItOjHI51wi0U2XkDA6DQk7hNRtz2RmSiyeO5
74B0+iRTEYslBEtlVtc74ALKiork7jfj0tNel29ROrcvjQ4mFFS5NNn0bkM6LKoY
hHMIe+kXCc3pE7P+a82UD8l8sjdXd16sf0BJnbG0CHvATnn8zCY0KBywqMZS4r7I
VG0jBL6dckCgDgFfKWDpy7DfV9Q=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx4gXUDPX/KdwjZHnoUOo
doKN92j9zaxQ7SBF/Fq/aXW5ZKdgJfD+pd6nCJVFD+PcDVjumMwhLuRYAWxuZXrY
y30t90Ak7Af+gqrxBsJ2rhfEfEz6+/2ABFGQKTPMw+C5wIcn84OY4by+k/Irfc1I
M5Ej8yGirCaY4cXyvyMAx691Eq0BcA1k3U0bL+Cj89n2EZankHXT9PkXVXzCVcWo
FmLEtFLCgIM8utDiN7WgJwxValsY5kkKQeMIlu4p6HwCE25jJeYaE8VfdodM8z4B
JuZtSwkS2nzTIDBsjXupYsTK4NdkFVR0hy2RRPoHQgW0rFt5D9Au81+HoCEGX+pw
nQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 382508268006228289930437
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.5 (sha1WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 0.9.2342.19200300.100.1.25 (domainComponent)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'com'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 0.9.2342.19200300.100.1.25 (domainComponent)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'microsoft'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 0.9.2342.19200300.100.1.25 (domainComponent)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'corp'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 0.9.2342.19200300.100.1.25 (domainComponent)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'redmond'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'MSIT Machine Auth CA 2'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2013-02-19 20:44:30 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2015-02-19 20:44:30 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'images.partner.windowsphone.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 25188531694838170943195262397532295169238302441552627639958887242660401959594943848721520903679744705241537636266191466939797759302553240940231901998308478285437787845514166911694343411294652645312928027912992018792191641338853807338506263693618269134606469303641034861877930698167352123144903533105213780452001729196460495531083138052302084200365445175379472440705462223568988475990370517789996369196961559699436973667787313449028418965737240601551350274446138819409592281910407002433253967746880956316288968787007815265293814186360332347552935835852978685641973754515652028619596487904093572414566912670277879623837
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							189f55147ef4eef2ae633007e5aa991ea01de5df
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4 bits)
							04b0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName ebdb115ef8099ed8d6629cfd629de3844a28e127
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (230 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://mscrl.microsoft.com/pki/mscorp/crl/MSIT%20Machine%20Auth%20CA%202(1).crl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.microsoft.com/pki/mscorp/crl/MSIT%20Machine%20Auth%20CA%202(1).crl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://corppki/crl/MSIT%20Machine%20Auth%20CA%202(1).crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (160 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://www.microsoft.com/pki/mscorp/MSIT%20Machine%20Auth%20CA%202(1).crt'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://corppki/aia/MSIT%20Machine%20Auth%20CA%202(1).crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.21.7 (certificateTemplate)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (50 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER asn1: structure error: base 128 integer too large
1.3.6.1.4.1.311.21.8.7587021.751874.11030412.6202749.3702260.207.945504904.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 100
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 10
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.21.10 (applicationCertPolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (26 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (903 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.microsoft.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.msn-int.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.msn.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.officeapps.live.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.live-int.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.sharepointonline.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.windowsphone-int.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.windowsphone.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.cmsresources.windowsphone-int.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.marketplace.windowsmobile-int.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.wlxrs-int.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.shared.live-int.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.shared.live.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.wlxrs.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.ads2.msads.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.aspnetcdn.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.c3scs.jp.msn.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.cmsresources.windowsphone.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.f1ds.shared.live-int.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.f1ds.wlxrs-int.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.jp.msn.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.live-int.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.live.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.live.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.manage.microsoft.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.marketplace.windowsmobile-perf.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.marketplace.windowsmobile.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.microsoft-sbs-domains.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.msads.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.partner-df.windowsphone-int.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.partners.msn.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.s-msn.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.st.s-msn.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.stb.s-msn.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.stc.s-msn.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.stj.s-msn.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.wlxrsu-int.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'images.partner.windowsphone-int.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'images.partner.windowsphone.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.dev.skype.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.ucwa.lync.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.vo.msecnd.net'
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.5 (sha1WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		009fc27e89aa6d64b189d1311b8b11d32fab3627adac936b1070d80912a62987418fea0fcc9b178062a4aad42c1f1d51a8402954dc8ab2fc695cc4671af5bfe76fb6f631bd2116896a9d8f6e10f6ce268877b35592d5ccccc515a1253cafbd55dd25eb1b1470b331aaa0ea6745d90ee894d522d3a31c8e75c22d14d9790303a0d093b84d46dcf64664a2c9e3b9ef8074fa2453118b25044b6556d73be002ca8a8ae4ee37e3d2d35e976f513ab72f8d0e261454b934d9f46e433a2caa188473087be91709cde913b3fe6bcd940fc97cb23757775eac7f40499db1b4087bc04e79fccc2634281cb0a8c652e2bec8546d2304be9d7240a00e015f2960e9cbb0df57d4