staging-securedrop.huffpost.net

- AOL, Inc -

Issued by DigiCert SHA2 High Assurance Server CA

About this certificate

This digital certificate with serial number 02:91:7f:24:25:fb:9c:27:da:0e:f3:ca:d2:d5:dc:45 was issued on by DigiCert Inc.

This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

AOL, Inc

Organization: AOL, Inc
State / Province: Virginia
Locality: Sterling
Country: US

DigiCert Inc

Organization: DigiCert Inc
Organization unit: www.digicert.com
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 02:91:7f:24:25:fb:9c:27:da:0e:f3:ca:d2:d5:dc:45
Serial Number (int): 3413917766046019196024680964175551557
Serial Number lenght: 122 bits, 16 octets

SubjectKeyId: 88:e1:9d:d7:b5:cd:ff:db:a9:1b:da:0f:35:71:40:4c:ac:c6:a3:51
AuthorityKeyId: 51:68:ff:90:af:02:07:75:3c:cc:d9:65:64:62:a2:12:b8:59:72:3b

Fingerprint (sha1): 75:9f:42:f3:6d:a2:89:e3:5f:79:59:c6:19:c4:54:d9:1b:b4:b1:75
Fingerprint (sha256): 00:ee:1d:5c:69:34:42:ef:18:21:3f:18:39:c1:8a:c5:41:68:95:e1:9a:da:79:b0:2e:ab:95:0a:2f:bb:9f:68

Issuing Certificate URL: http://cacerts.digicert.com/DigiCertSHA2HighAssuranceServerCA.crt

Revocation information

OCSP Server: http://ocsp.digicert.com
CRL Distribution Point: http://crl3.digicert.com/sha2-ha-server-g1.crl
CRL Distribution Point: http://crl4.digicert.com/sha2-ha-server-g1.crl

Check the revocation status for certificate staging-securedrop.huffpost.net

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for staging-securedrop.huffpost.net

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

staging-securedrop.huffpost.net

Other certificates including the domain name huffpost.net

(limited to 100 certificates)
staging-securedrop.huffpost.net
*.app-west.buzzfeed.io
*.edit.huffpost.net
staging-elections.huffpost.net
accounts.huffingtonpost.com
*.edit.huffpost.net
accounts.huffingtonpost.com
*.edit.huffpost.net
staging-securedrop.huffpost.net
production-securedrop.huffpost.net
staging-securedrop.huffpost.net
accounts.huffingtonpost.com
*.prod.buzzfeed.io
docker.huffpost.net
*.app-west.buzzfeed.io
*.prod.buzzfeed.io
staging-securedrop.huffpost.net
secrets.huffpost.net
staging-athena-mongo-cms.huffpost.net
*.prod.buzzfeed.io
staging-securedrop.huffpost.net
*.blog.huffpost.net
*.edit.huffpost.net
origin-identifiers.huffpost.net
huffpost.net
*.preview.huffpost.net
*.stage.buzzfeed.io
*.edit.huffpost.net
accounts.huffingtonpost.com
*.prod.buzzfeed.io
yamas.huffpost.net
*.stage.buzzfeed.io
staging-athena-mongo-cms.huffpost.net
*.preview.huffpost.net
*.app-west.buzzfeed.io
*.preview.huffpost.net
*.app-west.buzzfeed.io
*.tools.huffpost.net
*.blog.huffpost.net
accounts.huffingtonpost.com
origin-identifiers.huffpost.net
42.huffpost.net
*.preview.huffpost.net
*.prod.buzzfeed.io
*.stage.buzzfeed.io
staging-elections.huffpost.net
secrets.huffpost.net
*.app-west.buzzfeed.io
origin-identifiers.huffpost.net
*.stage.buzzfeed.io
*.app-west.buzzfeed.io
production-securedrop.huffpost.net
*.content-internal.huffpost.net
*.app-west.buzzfeed.io
staging-elections.huffpost.net
*.unstable.buzzfeed.io
*.edit.huffpost.net
*.prod.buzzfeed.io
*.app-west.buzzfeed.io
*.app-west.buzzfeed.io
staging-elections.huffpost.net
huffpost.net
*.content-internal.huffpost.net
*.preview.huffpost.net
*.preview.huffpost.net
*.unstable.buzzfeed.io
gamp.huffpost.net
secrets.huffpost.net
accounts.huffingtonpost.com
*.huffpost.net
*.prod.buzzfeed.io
*.unstable.buzzfeed.io
*.tools.huffpost.net
*.blog.huffpost.net
*.edit.huffpost.net
huffpost.net
*.tools.huffpost.net
*.stage.buzzfeed.io
*.stage.buzzfeed.io
production-securedrop.huffpost.net
*.huffpost.net
*.app-west.buzzfeed.io
*.prod.buzzfeed.io
*.huffpost.net
origin-identifiers.huffpost.net
*.prod.buzzfeed.io
*.app-west.buzzfeed.io
*.preview.huffpost.net
*.stage.buzzfeed.io
*.unstable.buzzfeed.io
huffpost.net
accounts.huffingtonpost.com
*.prod.buzzfeed.io
docker.huffpost.net
*.prod.buzzfeed.io
production-securedrop.huffpost.net
docker.huffpost.net
jumpmanjumpmanjumpman.huffpost.net
*.tools.huffpost.net
*.edit.huffpost.net

Certificate

The complete raw certificate details for staging-securedrop.huffpost.net in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIHXjCCBkagAwIBAgIQApF/JCX7nCfaDvPK0tXcRTANBgkqhkiG9w0BAQsFADBw
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz
dXJhbmNlIFNlcnZlciBDQTAeFw0xNzA2MjAwMDAwMDBaFw0yMDA2MjQxMjAwMDBa
MHAxCzAJBgNVBAYTAlVTMREwDwYDVQQIEwhWaXJnaW5pYTERMA8GA1UEBxMIU3Rl
cmxpbmcxETAPBgNVBAoTCEFPTCwgSW5jMSgwJgYDVQQDEx9zdGFnaW5nLXNlY3Vy
ZWRyb3AuaHVmZnBvc3QubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAmIuXbWkBPbI1cULqy1Gmew3stQBFjcBpeQ421F3QnSZpMU1ipsIOdqdGHSVV
vM5T7d4yi6zRvFgPL2xXccR+IhoMS+pXljVO+BCM8KymoxehSZu44/wwN+jHdmPu
TZp27/7ZFiWs464FzUvcLx/HrUqyddXfN2CrDvFJPkiCag2+Uu6dTJ/v/M1Igxr+
tE5tvJHA1JxXJsC1ONCzodi3YQob6hkfLSvBPQuwSBH3KeiNQtmVUBueQaThBaQB
eg9DJzpZkhQeYwblTPaqoYm3UpELhqvDDxFrXc1W4S5VB98jit5iJ8vcmxbTekJ3
DWH+Dkjxqzh6e21+3zvGnrVNkwIDAQABo4ID8jCCA+4wHwYDVR0jBBgwFoAUUWj/
kK8CB3U8zNllZGKiErhZcjswHQYDVR0OBBYEFIjhnde1zf/bqRvaDzVxQEysxqNR
MCoGA1UdEQQjMCGCH3N0YWdpbmctc2VjdXJlZHJvcC5odWZmcG9zdC5uZXQwDgYD
VR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjB1BgNV
HR8EbjBsMDSgMqAwhi5odHRwOi8vY3JsMy5kaWdpY2VydC5jb20vc2hhMi1oYS1z
ZXJ2ZXItZzEuY3JsMDSgMqAwhi5odHRwOi8vY3JsNC5kaWdpY2VydC5jb20vc2hh
Mi1oYS1zZXJ2ZXItZzEuY3JsMEwGA1UdIARFMEMwNwYJYIZIAYb9bAEBMCowKAYI
KwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQIC
MIGDBggrBgEFBQcBAQR3MHUwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2lj
ZXJ0LmNvbTBNBggrBgEFBQcwAoZBaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29t
L0RpZ2lDZXJ0U0hBMkhpZ2hBc3N1cmFuY2VTZXJ2ZXJDQS5jcnQwDAYDVR0TAQH/
BAIwADCCAfYGCisGAQQB1nkCBAIEggHmBIIB4gHgAHYApLkJkLQYWBSHuxOizGdw
Cjw1mAT5G9+443fNDsgN3BAAAAFcx0eu2AAABAMARzBFAiEA0+Hm7z3YKTaIPqxx
yghW9y1o1PhTFtbA7auf2a6v3fMCID7Y46xMI9nMRFRDiTlCsSqsvBCgNeDvqJuH
XBekX8t9AHYAVhQGmi/XwuzT9eG9RLI+x0Z2ubyZEVzA75SYVdaJ0N0AAAFcx0ev
QwAABAMARzBFAiEAqKivDs1as2XJg3iNHke6urFxn/0FTGkIPXws4CkeZBgCICHS
qCv3TQTkslJEJH6SBznzYBfnuu4ApxE1yW3jGxpjAHUA7ku9t3XOYLrhQmkfq+Ge
ZqMPfl+wctiDAMR7iXqo/csAAAFcx0ex1wAABAMARjBEAiAcjCWbkx0W9IH9m3fx
U2gyR8R8f/eMfqg/+alOmCq9+wIgdijLpm5mfDUqIbtlQCtDmdm5O75cC0nl9lT7
ylMUofsAdwC72d+8H4pxtZOUI5eqkntHOFeVCqtS6BqQlmQ2jh7RhQAAAVzHR6+e
AAAEAwBIMEYCIQCs1su92lzel0jC9Ogt3SqTdL1fLgq95yF34f5X3AzH4QIhANoP
sroZ7tHc2VTLPFk6VPZ7X5osKrKLiaEdcFRjLSOgMA0GCSqGSIb3DQEBCwUAA4IB
AQA/jQQkKd9u4B02V4ORUQ5FqXXVviUnKhG4XXPSAt82CmCojIuVS1OX7ioszrio
seo641RdikkzzzvQgcEjoYMcmnzmT5b72m8VA6OieYJvOnctHf8FfC81cAo5gZaF
uuA8qhS4h719b4r3RDoFaRtO8wh2uHPBo+IN17JF4+wpFIjL308XXUwNLScnxqLI
By92aMCsa41Py4wBaeJBda1td8RgQ3vKHb9bIgWAxl27ynuvMSbPWteAZXFSiei4
Zu9cDzTgCrzq2lkk8TPoxG2/oIkdwe1buXiEKyCN8iJJ2FtwWQKyQ9MyZFbTqVuK
RMxlZhNaq/56+ivuv6PbcOTt
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmIuXbWkBPbI1cULqy1Gm
ew3stQBFjcBpeQ421F3QnSZpMU1ipsIOdqdGHSVVvM5T7d4yi6zRvFgPL2xXccR+
IhoMS+pXljVO+BCM8KymoxehSZu44/wwN+jHdmPuTZp27/7ZFiWs464FzUvcLx/H
rUqyddXfN2CrDvFJPkiCag2+Uu6dTJ/v/M1Igxr+tE5tvJHA1JxXJsC1ONCzodi3
YQob6hkfLSvBPQuwSBH3KeiNQtmVUBueQaThBaQBeg9DJzpZkhQeYwblTPaqoYm3
UpELhqvDDxFrXc1W4S5VB98jit5iJ8vcmxbTekJ3DWH+Dkjxqzh6e21+3zvGnrVN
kwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 3413917766046019196024680964175551557
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Inc'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.digicert.com'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert SHA2 High Assurance Server CA'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2017-06-20 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2020-06-24 12:00:00 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Virginia'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Sterling'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'AOL, Inc'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'staging-securedrop.huffpost.net'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 19257057495528934175058388875642240393017912973378186474110451360358435279663434576884407089735479060161291023234643862816602768182659903734358288887488985820721175673751138211809467323634418442769766516806226821445972078054919583658845723344932330679390450055109407837885452130116997488687801113539702453669051030660711620575004349218290969641116144257255525539308927374700147128734955462878225235460388090881256217607302993671569686260450480257256971153039927723640043342733451943316280214280325276525952037151461725632086598411509597141429522998952468862709189812997392707026232009445231074594006778959737249942931
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 5168ff90af0207753cccd9656462a212b859723b
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							88e19dd7b5cdffdba91bda0f3571404cacc6a351
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (35 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'staging-securedrop.huffpost.net'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (110 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl3.digicert.com/sha2-ha-server-g1.crl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl4.digicert.com/sha2-ha-server-g1.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (69 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.114412.1.1 (digiCertOVCert)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.digicert.com/CPS'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (119 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.digicert.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.digicert.com/DigiCertSHA2HighAssuranceServerCA.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (486 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (482 bytes)
							01e0007600a4b90990b418581487bb13a2cc67700a3c359804f91bdfb8e377cd0ec80ddc100000015cc747aed80000040300473045022100d3e1e6ef3dd82936883eac71ca0856f72d68d4f85316d6c0edab9fd9aeafddf302203ed8e3ac4c23d9cc445443893942b12aacbc10a035e0efa89b875c17a45fcb7d0076005614069a2fd7c2ecd3f5e1bd44b23ec74676b9bc99115cc0ef949855d689d0dd0000015cc747af430000040300473045022100a8a8af0ecd5ab365c983788d1e47babab1719ffd054c69083d7c2ce0291e6418022021d2a82bf74d04e4b25244247e920739f36017e7baee00a71135c96de31b1a63007500ee4bbdb775ce60bae142691fabe19e66a30f7e5fb072d88300c47b897aa8fdcb0000015cc747b1d7000004030046304402201c8c259b931d16f481fd9b77f153683247c47c7ff78c7ea83ff9a94e982abdfb02207628cba66e667c352a21bb65402b4399d9b93bbe5c0b49e5f654fbca5314a1fb007700bbd9dfbc1f8a71b593942397aa927b473857950aab52e81a909664368e1ed1850000015cc747af9e0000040300483046022100acd6cbbdda5cde9748c2f4e82ddd2a9374bd5f2e0abde72177e1fe57dc0cc7e1022100da0fb2ba19eed1dcd954cb3c593a54f67b5f9a2c2ab28b89a11d7054632d23a0
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		003f8d042429df6ee01d36578391510e45a975d5be25272a11b85d73d202df360a60a88c8b954b5397ee2a2cceb8a8b1ea3ae3545d8a4933cf3bd081c123a1831c9a7ce64f96fbda6f1503a3a279826f3a772d1dff057c2f35700a39819685bae03caa14b887bd7d6f8af7443a05691b4ef30876b873c1a3e20dd7b245e3ec291488cbdf4f175d4c0d2d2727c6a2c8072f7668c0ac6b8d4fcb8c0169e24175ad6d77c460437bca1dbf5b220580c65dbbca7baf3126cf5ad78065715289e8b866ef5c0f34e00abceada5924f133e8c46dbfa0891dc1ed5bb978842b208df22249d85b705902b243d3326456d3a95b8a44cc6566135aabfe7afa2beebfa3db70e4ed