sesp.northwestern.edu

- Northwestern University -

Issued by InCommon RSA Server CA 2

About this certificate

This digital certificate with serial number 67:04:8c:fc:88:e9:09:42:0c:36:42:64:03:83:f3:d1 was issued on by Internet2.

With 4 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Northwestern University

Organization: Northwestern University
State / Province: Illinois
Country: US

Internet2

Organization: Internet2
Country: US

This certificate will expire on

Certificate Details

Serial Number (hex): 67:04:8c:fc:88:e9:09:42:0c:36:42:64:03:83:f3:d1
Serial Number (int): 136934112298493623819415231792882643921
Serial Number lenght: 127 bits, 16 octets

SubjectKeyId: 86:de:41:83:82:44:b7:12:3c:1d:ab:8c:bd:1a:43:dd:61:7f:31:c3
AuthorityKeyId: ef:4c:00:92:a6:fb:76:2e:5e:95:e2:c9:5f:87:1b:19:d5:4d:e2:d9

Fingerprint (sha1): b5:ec:5a:c1:dd:09:a7:8f:e1:16:ab:b1:60:53:74:ea:f2:31:ed:06
Fingerprint (sha256): 01:34:0f:be:c2:f8:b6:d7:40:86:e5:4d:5c:77:ae:94:00:bc:c9:ea:b1:37:b1:91:ed:4a:7d:d4:51:e2:45:89

Issuing Certificate URL: http://crt.sectigo.com/InCommonRSAServerCA2.crt

Revocation information

OCSP Server: http://ocsp.sectigo.com
CRL Distribution Point: http://crl.sectigo.com/InCommonRSAServerCA2.crl

Check the revocation status for certificate sesp.northwestern.edu

4

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for sesp.northwestern.edu

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA384 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

sesp.northwestern.edu
ocep.northwestern.edu
www.ocep.northwestern.edu
www.sesp.northwestern.edu

Other certificates including the domain name northwestern.edu

(limited to 100 certificates)
evcasper.ci.northwestern.edu
zfsmweb02.fsm.northwestern.edu
*.soc.northwestern.edu
hub.mmlc.northwestern.edu
idmspqa5.ci.northwestern.edu
degree.ai.northwestern.edu
askplrc.law.northwestern.edu
faoadmin-dev.api.fsm.northwestern.edu
carpepm.almonds.com
catalyst-sync-gateway.fsm.northwestern.edu
account-inventory-dev.entapp.northwestern.edu
ssl6901.cloudflare.com
ct-stem.northwestern.edu
cps.northwestern.edu
secure.ard.northwestern.edu
boshercollection.northwestern.edu
5707931811053568-fe1.pantheonsite.io
osep.northwestern.edu
web.madstudio.northwestern.edu
degree.robotics.northwestern.edu
www.alumni.northwestern.edu
tls.automattic.com
sesdlab.northwestern.edu
fed.it.northwestern.edu
admissions.emeritus.org
badges.gmac.com
websso.it.northwestern.edu
teenshealth.qatar.northwestern.edu
cluster.technolutions.net
lingwebx.ci.northwestern.edu
lyncedge.northwestern.edu
medillwatchdog.medill.northwestern.edu
buddhist-art.arthistory.northwestern.edu
nubio.northwestern.edu
nextcloud.sesp.northwestern.edu
scientificpractices.sesp.northwestern.edu
gallery.kellogg.northwestern.edu
dev-websso.it.northwestern.edu
calendar.sdzsafaripark.org
sec-pagely.at.northwestern.edu
ishi.earth.northwestern.edu
lcanresearch.northwestern.edu
dialects.soc.northwestern.edu
evcsdskypse1.adsdev.northwestern.edu
cspac.eecs.northwestern.edu
catracks-dev.northwestern.edu
www.nsis-train.northwestern.edu
childlab.northwestern.edu
tls.automattic.com
labmail.misitlab.northwestern.edu
features.qatar.northwestern.edu
abct.ebbp.northwestern.edu
nuplansqa.northwestern.edu
ssl371003.cloudflaressl.com
lfeev.adsdev.northwestern.edu
apply.music.northwestern.edu
5693200475881472-fe2.pantheonsite.io
nuqcsptmg.qatar.northwestern.edu
tqn.sesp.northwestern.edu
slpd.northwestern.edu
sesp.northwestern.edu
www6.kellogg.northwestern.edu
ansys.mccormick.northwestern.edu
obprodrest.ci.northwestern.edu
ldapqa1.ci.northwestern.edu
ecocasting.northwestern.edu
cms7test2012.kellogg.northwestern.edu
sec-pagely.at.northwestern.edu
cdn-test.battlefields.org
zfsmweb01.fsm.northwestern.edu
ozzie.traffic.northwestern.edu
nuhr.northwestern.edu
vmath.northwestern.edu
ilabcentral.sesp.northwestern.edu
eecs211.cs.northwestern.edu
liszt.northwestern.edu
parisprogram.northwestern.edu
www.mccormick.northwestern.edu
citeak.multidevcom.uaf.edu
illinoisjudges.law.northwestern.edu
compphotolab.northwestern.edu
kisb21a.kellogg.northwestern.edu
securedns1.planmygift.org
securedns1.planmygift.org
chhr92uatibweb1.ci.northwestern.edu
orfa.northwestern.edu
webssodev-vip.ci.northwestern.edu
bora.cs.northwestern.edu
badges.gmac.com
argallab.northwestern.edu
gabrielse.physics.northwestern.edu
allancollins.northwestern.edu
biology.northwestern.edu
ecstest.entapp.northwestern.edu
uec.adea-cloud.northwestern.edu
courses1.northwestern.edu
www.cfp.physics.northwestern.edu
crs-dev.fsm.northwestern.edu
musictherapy.soc.northwestern.edu
www.jlsp.law.northwestern.edu

Certificate

The complete raw certificate details for sesp.northwestern.edu in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIHIzCCBYugAwIBAgIQZwSM/IjpCUIMNkJkA4Pz0TANBgkqhkiG9w0BAQwFADBE
MQswCQYDVQQGEwJVUzESMBAGA1UEChMJSW50ZXJuZXQyMSEwHwYDVQQDExhJbkNv
bW1vbiBSU0EgU2VydmVyIENBIDIwHhcNMjQwMTA1MDAwMDAwWhcNMjUwMTA0MjM1
OTU5WjBiMQswCQYDVQQGEwJVUzERMA8GA1UECBMISWxsaW5vaXMxIDAeBgNVBAoT
F05vcnRod2VzdGVybiBVbml2ZXJzaXR5MR4wHAYDVQQDExVzZXNwLm5vcnRod2Vz
dGVybi5lZHUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHRiJK9Jw/
9CdhIsazesAvQA6IE7QTunj7NnWP8+Okfpkgdv6rNY8d6Mi09+RRfXem4gPj8uj0
ahUVPojtkmxYpdqfxmzA2v85OfZs8CEvOd5/BwUQxCD5YfEh4CwYJiM9RFv2cA2F
GDGUaVw0aM3y3mrfgHECXhXxFp6EPEdiVbd4hZxNlwhhoi7hnhtjnxnEHW622FTY
RwC51pw9c+oRB5w+u073gLJrJCkIi6IJRqARMLqEve1FpgM/M4o/E6tAhv7OBH95
Gw8bz67gAnb/7iwK77OsNx56Hjz3STsqRMesv29G0suOLuM26TaQiDR7NaP6QVyr
y5S53C4N5ZRZAgMBAAGjggNxMIIDbTAfBgNVHSMEGDAWgBTvTACSpvt2Ll6V4slf
hxsZ1U3i2TAdBgNVHQ4EFgQUht5Bg4JEtxI8HauMvRpD3WF/McMwDgYDVR0PAQH/
BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUF
BwMCMEkGA1UdIARCMEAwNAYLKwYBBAGyMQECAmcwJTAjBggrBgEFBQcCARYXaHR0
cHM6Ly9zZWN0aWdvLmNvbS9DUFMwCAYGZ4EMAQICMEAGA1UdHwQ5MDcwNaAzoDGG
L2h0dHA6Ly9jcmwuc2VjdGlnby5jb20vSW5Db21tb25SU0FTZXJ2ZXJDQTIuY3Js
MHAGCCsGAQUFBwEBBGQwYjA7BggrBgEFBQcwAoYvaHR0cDovL2NydC5zZWN0aWdv
LmNvbS9JbkNvbW1vblJTQVNlcnZlckNBMi5jcnQwIwYIKwYBBQUHMAGGF2h0dHA6
Ly9vY3NwLnNlY3RpZ28uY29tMIIBfgYKKwYBBAHWeQIEAgSCAW4EggFqAWgAdgDP
EVbu1S58r/OHW9lpLpvpGnFnSrAX7KwB0lt3zsw7CAAAAYzaucT+AAAEAwBHMEUC
IDxS6FumHFstkDxDgw3PyO51dQhbih5sX0XnWvHCOqZmAiEAk0gjzKfl7ofeEbYT
jOf+3hH26eKbJ1eeBgPaCeuFW6sAdgCi4wrkRe+9rZt+OO1HZ3dT14JbhJTXK14b
LMS5UKRH5wAAAYzaucToAAAEAwBHMEUCICF5hzFBDaUgp8ulkeeWsLb70zpu7E1Z
B+6ujQLkIw7LAiEAqqlCxkUfGsKK2vPte+rzCu8GuX+Mwy4zjKirof0sIWYAdgBO
daMnXJoQwzhbbNTfP1LrHfDgjhuNacCx+mSxYpo53wAAAYzaucTZAAAEAwBHMEUC
IAISk4ZHTnt9jpG4UHhoereQZbSqUMdBJCKNqCp2jaAnAiEAmwMVkI2/xazZaXmv
1eigUdHLHQ+3bHZuQxlSIg5pxpUwbQYDVR0RBGYwZIIVc2VzcC5ub3J0aHdlc3Rl
cm4uZWR1ghVvY2VwLm5vcnRod2VzdGVybi5lZHWCGXd3dy5vY2VwLm5vcnRod2Vz
dGVybi5lZHWCGXd3dy5zZXNwLm5vcnRod2VzdGVybi5lZHUwDQYJKoZIhvcNAQEM
BQADggGBAGIyc+7Agz+Gwda5Ib9SNCk8zH49YPZ/Y1FE5UdDeFlCffZtOHqu1m9B
MvasezPbQqcZArG1RHWZmqPEY+mdAS9vPsm7ZoWwQ8L89ri7J5HxJjpG1+ro7ATk
YQMtlif2esyEdzuHZ1y+Nygaf3tRIDMBBdGGWbLcjA+OmIpRJhfBy6H6WY/Hmy4q
n/1dvOFTrqY7SUo3EGJyjc+cv4Wy1Evh20Q7EGmjJw7o3tAotPk0DxlxX0/fEYSa
8ybmeZiKLUbZXHVVe4t7bMPcRyTrUTLpaM3Bif7+3uBNBtapfxgUp88Az78uTnwb
/ZWEUMgHHy6j4fTn6Fj4Bm0NEPiBRjH4ObAcwbcjK350fmhsK729OnMlL0lXkgin
ZHfVZb+SI0yzlwpmdz8JMwPX991eSs29Tz8r2vTsAkBfi1Lz0cbjosINH5x8sVO+
widjThnYdRMmFdrZUa+SaH4meeOYqSuDA/45xDZs0q4OzEkQ0xMRpAVmMeDxGvwT
V2ZPYX2e2Q==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx0YiSvScP/QnYSLGs3rA
L0AOiBO0E7p4+zZ1j/PjpH6ZIHb+qzWPHejItPfkUX13puID4/Lo9GoVFT6I7ZJs
WKXan8ZswNr/OTn2bPAhLznefwcFEMQg+WHxIeAsGCYjPURb9nANhRgxlGlcNGjN
8t5q34BxAl4V8RaehDxHYlW3eIWcTZcIYaIu4Z4bY58ZxB1utthU2EcAudacPXPq
EQecPrtO94CyayQpCIuiCUagETC6hL3tRaYDPzOKPxOrQIb+zgR/eRsPG8+u4AJ2
/+4sCu+zrDceeh4890k7KkTHrL9vRtLLji7jNuk2kIg0ezWj+kFcq8uUudwuDeWU
WQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 136934112298493623819415231792882643921
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.12 (sha384WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Internet2'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'InCommon RSA Server CA 2'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-01-05 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-01-04 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Illinois'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Northwestern University'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'sesp.northwestern.edu'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 25156007031038936476496314245416767139340374601667199169578740979085430043555523208588889218609042045272535682801843806213943590531369327998154664360183587593255146198418684833766115741729746381821332716023258260275576218231026022854505464543410513814091418865125607010945549847590349027558693378502527586470052867535913597354407339044151572962985090876192985655826095025833175627974765987101799813916853892448839280286214878505242023619348313865068075321617562584221801387458470740551024303562333524321069771533055025920451960507324636844051931962836140447863783266929220708996242246483175808625943441582537520288857
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName ef4c0092a6fb762e5e95e2c95f871b19d54de2d9
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							86de41838244b7123c1dab8cbd1a43dd617f31c3
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (66 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.6449.1.2.2.103
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://sectigo.com/CPS'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (57 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.sectigo.com/InCommonRSAServerCA2.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (100 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.sectigo.com/InCommonRSAServerCA2.crt'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.sectigo.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (366 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (362 bytes)
							0168007600cf1156eed52e7caff3875bd9692e9be91a71674ab017ecac01d25b77cecc3b080000018cdab9c4fe000004030047304502203c52e85ba61c5b2d903c43830dcfc8ee7575085b8a1e6c5f45e75af1c23aa666022100934823cca7e5ee87de11b6138ce7fede11f6e9e29b27579e0603da09eb855bab007600a2e30ae445efbdad9b7e38ed47677753d7825b8494d72b5e1b2cc4b950a447e70000018cdab9c4e80000040300473045022021798731410da520a7cba591e796b0b6fbd33a6eec4d5907eeae8d02e4230ecb022100aaa942c6451f1ac28adaf3ed7beaf30aef06b97f8cc32e338ca8aba1fd2c21660076004e75a3275c9a10c3385b6cd4df3f52eb1df0e08e1b8d69c0b1fa64b1629a39df0000018cdab9c4d90000040300473045022002129386474e7b7d8e91b85078687ab79065b4aa50c74124228da82a768da0270221009b0315908dbfc5acd96979afd5e8a051d1cb1d0fb76c766e431952220e69c695
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (102 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'sesp.northwestern.edu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ocep.northwestern.edu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.ocep.northwestern.edu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.sesp.northwestern.edu'
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.12 (sha384WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (3072 bits)
		00623273eec0833f86c1d6b921bf5234293ccc7e3d60f67f635144e547437859427df66d387aaed66f4132f6ac7b33db42a71902b1b54475999aa3c463e99d012f6f3ec9bb6685b043c2fcf6b8bb2791f1263a46d7eae8ec04e461032d9627f67acc84773b87675cbe37281a7f7b5120330105d18659b2dc8c0f8e988a512617c1cba1fa598fc79b2e2a9ffd5dbce153aea63b494a371062728dcf9cbf85b2d44be1db443b1069a3270ee8ded028b4f9340f19715f4fdf11849af326e679988a2d46d95c75557b8b7b6cc3dc4724eb5132e968cdc189fefedee04d06d6a97f1814a7cf00cfbf2e4e7c1bfd958450c8071f2ea3e1f4e7e858f8066d0d10f8814631f839b01cc1b7232b7e747e686c2bbdbd3a73252f49579208a76477d565bf92234cb3970a66773f093303d7f7dd5e4acdbd4f3f2bdaf4ec02405f8b52f3d1c6e3a2c20d1f9c7cb153bec227634e19d875132615dad951af92687e2679e398a92b8303fe39c4366cd2ae0ecc4910d31311a4056631e0f11afc1357664f617d9ed9