encryptionservice.mds.Icm.test-dsms.msftcloudes.com

Issued by Microsoft IT TLS CA 2

About this certificate

This digital certificate with serial number 20:00:03:bd:b6:52:86:ae:89:03:bc:83:85:00:00:00:03:bd:b6 was issued on by Microsoft Corporation.

This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • KeyUsage [DataEncipherment DigitalSignature KeyEncipherment] (00001101) inconsistent with multiple purpose ExtKeyUsage [clientAuth serverAuth] The certificate MUST only be used for a purpose consistent with both key usage extension and extended key usage extension. (RFC 5280, Section 4.2.1.12.)
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)
  • The keyUsage extension SHOULD be critical (RFC 5280: 4.2.1.3)

Certificate Subject

CN=encryptionservice.mds.Icm.test-dsms.msftcloudes.com

Microsoft Corporation

Organization: Microsoft Corporation
Organization unit: Microsoft IT
State / Province: Washington
Locality: Redmond
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 20:00:03:bd:b6:52:86:ae:89:03:bc:83:85:00:00:00:03:bd:b6
Serial Number (int): 713625119370843763124280521222217410143305142
Serial Number lenght: 150 bits, 19 octets

SubjectKeyId: 83:25:d4:23:07:5e:d3:ab:4c:cf:f3:9d:5d:b1:7d:b0:06:96:b4:20
AuthorityKeyId: 91:9e:3b:44:6c:3d:57:9c:42:77:2a:34:d7:4f:d1:cc:4a:97:2c:da

Fingerprint (sha1): c4:e7:2f:4d:8b:7f:68:92:ec:79:a3:e7:f8:df:e9:f7:d6:b5:c4:c7
Fingerprint (sha256): 02:4b:a3:0d:25:58:1f:fe:b5:f8:7d:33:cb:40:c2:7a:41:48:3f:86:65:b8:c1:04:f2:d2:55:4e:cb:50:57:48

Issuing Certificate URL: http://www.microsoft.com/pki/mscorp/Microsoft%20IT%20TLS%20CA%202.crt

Revocation information

OCSP Server: http://ocsp.msocsp.com
CRL Distribution Point: http://mscrl.microsoft.com/pki/mscorp/crl/Microsoft%20IT%20TLS%20CA%202.crl
CRL Distribution Point: http://crl.microsoft.com/pki/mscorp/crl/Microsoft%20IT%20TLS%20CA%202.crl

Check the revocation status for certificate encryptionservice.mds.Icm.test-dsms.msftcloudes.com

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for encryptionservice.mds.Icm.test-dsms.msftcloudes.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment
Data Encipherment

Extended Key Usages

Client Authentication
Server Authentication

Extensions

11 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

encryptionservice.mds.icm.test-dsms.msftcloudes.com

Other certificates including the domain name msftcloudes.com

(limited to 100 certificates)
*.analytics.msftcloudes.com
clusterserver.azurenotifications.msftcloudes.com
prod.warm.ingest.monitor.core.windows.net
jarvis.msftcloudes.com
apiclient.icmppe.test-dsms.msftcloudes.com
server.fabric.prod.configuration.msftcloudes.com
armclientcaller.icm.test-dsms.msftcloudes.com
orchclient.v3workflow.icm.msftcloudes.com
prod.warm.ingest.monitor.core.windows.net
metagraph.clients.servicetree.msftcloudes.com
prod.ai.ingestion.msftcloudes.com
prod.warm.ingest.monitor.core.windows.net
arm.azsupport-staging.msftcloudes.com
prod.ai.ingestion.msftcloudes.com
prod.hot.ingest.monitor.core.windows.net
jarvis-int.msftcloudes.com
gcs.prod.monitoring.core.windows.net
ppe.Icm.test-dsms.msftcloudes.com
*.datastudiotest.msftcloudes.com
fcmppe.msftcloudes.com
encryptionservice.mds.Icm.test-dsms.msftcloudes.com
msupdatevsrm.icmppe.msftcloudes.com
prod.la.ingestion.msftcloudes.com
jarvis-int.msftcloudes.com
prod.warm.ingest.monitor.core.windows.net
Aad-hybridproxy-prod.msftcloudes.com
azureadsstagescus.southcentralus.cloudapp.azure.com
azureadsstagescus.southcentralus.cloudapp.azure.com
prod.ai.ingestion.msftcloudes.com
*.vnext.s360.msftcloudes.com
prod.ai.ingestion.msftcloudes.com
ppe.hot.ingest.monitor.core.windows.net
*.fcmint.msftcloudes.com
prod.warm.ingest.monitor.core.windows.net
prod.warm.ingest.monitor.core.windows.net
prod.ai.ingestion.msftcloudes.com
genevaprofiler.analytics.msftcloudes.com
prod.ai.ingestion.msftcloudes.com
*.analyticsppe.msftcloudes.com
azurehealthprodjpe.japaneast.cloudapp.azure.com
azurehealthprodcus.centralus.cloudapp.azure.com
clusterserver.azurenotifications.msftcloudes.com
arm.azsupport-dev.msftcloudes.com
arm.azsupport-dev.msftcloudes.com
prod.warm.ingest.monitor.core.windows.net
prod.ai.ingestion.msftcloudes.com
azuresupportcenter.msftcloudes.com
azuresupportcenter.msftcloudes.com
prod.ai.ingestion.msftcloudes.com
azureexpertprod.eastus.cloudapp.azure.com
test.Icm.test-dsms.msftcloudes.com
*.analytics.msftcloudes.com
prod.hot.ingest.monitor.core.windows.net
prod.warmpath.msftcloudes.com
prod.warm.ingest.monitor.core.windows.net
prod.warm.ingest.monitor.core.windows.net
prod.ai.ingestion.msftcloudes.com
prod.hot.ingest.monitor.core.windows.net
jarvis-int.msftcloudes.com
azurehealthprodscu.southcentralus.cloudapp.azure.com
prod.warm.ingest.monitor.core.windows.net
*.analytics.msftcloudes.com
prod.warm.ingest.monitor.core.windows.net
prod.ai.ingestion.msftcloudes.com
*.icm.msftcloudes.com
prod.la.ingest.monitor.core.windows.net
arm.azsupport.msftcloudes.com
prod.la.ingestion.msftcloudes.com
prod.ai.ingestion.msftcloudes.com
jarvis.msftcloudes.com
prod.ai.ingestion.msftcloudes.com
vnext.s360.msftcloudes.com
prod.warm.ingest.monitor.core.windows.net
prod.warm.ingestion.msftcloudes.com
prod.ai.ingestion.msftcloudes.com
servicemetadata.dscmclient.servicetree.msftcloudes.com
prod.warm.ingest.monitor.core.windows.net
assetlineageppe.analytics.msftcloudes.com
prod.ai.ingestion.msftcloudes.com
feedservice.datastudiotest.msftcloudes.com
arm.azsupport.msftcloudes.com
prod.ai.ingestion.msftcloudes.com
prod.ai.ingestion.msftcloudes.com
azuremgmt.fcmppe.msftcloudes.com
prod.ai.ingestion.msftcloudes.com
pappdocs.msftcloudes.com
test.hot.ingest.monitor.core.windows.net
lens.msftcloudes.com
test.warm.ingest.monitor.core.windows.net
test.Icm.test-dsms.msftcloudes.com
horizon.msftcloudes.com
datastudio.analyticsppe.msftcloudes.com
greenteam.clients.servicetree.msftcloudes.com
icmlxppeoctopus.icm.msftcloudes.com
*.analytics.msftcloudes.com
prod.la.ingest.monitor.core.windows.net
azureexpertprod.westcentralus.cloudapp.azure.com
prod.warm.ingest.monitor.core.windows.net
jarvis-int.msftcloudes.com
prod.hot.ingest.monitor.core.windows.net

Certificate

The complete raw certificate details for encryptionservice.mds.Icm.test-dsms.msftcloudes.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIHDTCCBPWgAwIBAgITIAADvbZShq6JA7yDhQAAAAO9tjANBgkqhkiG9w0BAQsF
ADCBizELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcT
B1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEVMBMGA1UE
CxMMTWljcm9zb2Z0IElUMR4wHAYDVQQDExVNaWNyb3NvZnQgSVQgVExTIENBIDIw
HhcNMTgwODA5MjM0ODUyWhcNMjAwODA5MjM0ODUyWjA+MTwwOgYDVQQDEzNlbmNy
eXB0aW9uc2VydmljZS5tZHMuSWNtLnRlc3QtZHNtcy5tc2Z0Y2xvdWRlcy5jb20w
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCbJiMc5fxpSGSbzlXg2ZMW
n3nMDzNGn1QOiEhENvdoY2UTCbq1+v9xyZ2bRvsoO9sBwBm0LxIAi2C48gOeOwR9
8KTkiNmnYwRjM/C8nuIT+vRX4AOtN8L3RFCmAdj5LRkiHNjivNccyaFUrWfPcBbN
hLgi3DBDUqZ3Msp3+def9RaUTKNDO0LCYGw2uUk2j+FSdtPeKQuu24bxGrm7r0k6
orLOw6RedBuE3TAsoX9pulGog3F9BlLabXvmK66wPFhyrPeXDUSZ4kB1i5aUn9Zk
RNhx0635Bw2iO6Jg6hbWddkH+xcBg916O7TivGMj58JEMCwXZUbRyK2gY62JQxvr
AgMBAAGjggK0MIICsDATBgorBgEEAdZ5AgQDAQH/BAIFADAnBgkrBgEEAYI3FQoE
GjAYMAoGCCsGAQUFBwMCMAoGCCsGAQUFBwMBMD4GCSsGAQQBgjcVBwQxMC8GJysG
AQQBgjcVCIfahnWD7tkBgsmFG4G1nmGF9OtggV2E0t9CgueTegIBZAIBHTCBhQYI
KwYBBQUHAQEEeTB3MFEGCCsGAQUFBzAChkVodHRwOi8vd3d3Lm1pY3Jvc29mdC5j
b20vcGtpL21zY29ycC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwMi5jcnQw
IgYIKwYBBQUHMAGGFmh0dHA6Ly9vY3NwLm1zb2NzcC5jb20wHQYDVR0OBBYEFIMl
1CMHXtOrTM/znV2xfbAGlrQgMAsGA1UdDwQEAwIEsDA+BgNVHREENzA1gjNlbmNy
eXB0aW9uc2VydmljZS5tZHMuaWNtLnRlc3QtZHNtcy5tc2Z0Y2xvdWRlcy5jb20w
gawGA1UdHwSBpDCBoTCBnqCBm6CBmIZLaHR0cDovL21zY3JsLm1pY3Jvc29mdC5j
b20vcGtpL21zY29ycC9jcmwvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDIu
Y3JshklodHRwOi8vY3JsLm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcmwvTWlj
cm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDIuY3JsME0GA1UdIARGMEQwQgYJKwYB
BAGCNyoBMDUwMwYIKwYBBQUHAgEWJ2h0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9w
a2kvbXNjb3JwL2NwczAfBgNVHSMEGDAWgBSRnjtEbD1XnEJ3KjTXT9HMSpcs2jAd
BgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQADggIB
AJgN34FfRfjHg1mDaiVYdGyjligcsQ8JEIBnIaC1EyClRn70ePCdyNLXJSs6X9Vl
eQRIe+ShGIv9QjiyIGi8qkzydsq4XFpCvzUMfgr2/8bgQ02UVLBpssklyqcs79qx
CLjJ0uFrB4sftmPZCYZLVLCGc+o3KCzXbN5nUwVCIp82YebCRuK1PCPB30LgaAI5
O1Y1K8m1txIBuN04iqbZYp62343j5qS/2kmsd+p5f16TgIVrnuPc7y5ZWdNbPNYg
NKeJGEAy2QUgj1KsgQfvFva454UlZOwO7Zso/6whoFz27s1HgrW+aYN06I9BFP+a
qOMsj6EdJFNcQL6wTy2riPydSkHG+VNieuyhqYPGbNrWjGpYvLKl8wOjxwrIhE3s
boX6ZMy6iIuLCD1SID9U38bwiljUxubG0YAztd+76esXFecwQTVbDZymoTifQvNI
R7TAmcjQ4ii0EGTNXExKkKqF60gfEshd9NlpYsOIumDei3a/VGo413U9c05P7K8l
KcalhKDSjNdCBsC2C2JWRdfBMjaMKEQmsTkATqU6q7BjNlwjtrAMM94g+UfEnNTh
np63JWHxULVIIP2GkXzPf/jL5HERVmfap1yKs3zzPKA2EijSp2yllgNO8JOGDNFT
zxx1eDySg8z6yPTw2NfPsgh/Z+0oNRO3ei/jWrCX1/r4
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmyYjHOX8aUhkm85V4NmT
Fp95zA8zRp9UDohIRDb3aGNlEwm6tfr/ccmdm0b7KDvbAcAZtC8SAItguPIDnjsE
ffCk5IjZp2MEYzPwvJ7iE/r0V+ADrTfC90RQpgHY+S0ZIhzY4rzXHMmhVK1nz3AW
zYS4ItwwQ1KmdzLKd/nXn/UWlEyjQztCwmBsNrlJNo/hUnbT3ikLrtuG8Rq5u69J
OqKyzsOkXnQbhN0wLKF/abpRqINxfQZS2m175iuusDxYcqz3lw1EmeJAdYuWlJ/W
ZETYcdOt+QcNojuiYOoW1nXZB/sXAYPdeju04rxjI+fCRDAsF2VG0citoGOtiUMb
6wIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 713625119370843763124280521222217410143305142
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Washington'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Redmond'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Microsoft Corporation'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Microsoft IT'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Microsoft IT TLS CA 2'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2018-08-09 23:48:52 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2020-08-09 23:48:52 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'encryptionservice.mds.Icm.test-dsms.msftcloudes.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 19585743404103516327566134436533312326204395785414335710339725815730528434558210636126315966963582129757370694614413955565407259119951979105491145543772622774564667251018708149733766599426012984604914871827382845503230506305786797874829180413362423282359540051896351351464338473869964167071464234686791890646236437652636831797602692704400058157381205003437323159566988721781926758117498629871070538769096185196395775675028387322385400926268310759441362334078335850785399752166160936521839063132210884581633696994999673515567197656012007038608851027179987429598418777201937909172358736125245452921678670507096005614571
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.21.10 (applicationCertPolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (26 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.21.7 (certificateTemplate)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (49 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.21.8.16155509.8105089.5391003.2969441.12400096.221.9744322.5884410
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 100
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 29
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (121 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://www.microsoft.com/pki/mscorp/Microsoft%20IT%20TLS%20CA%202.crt'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.msocsp.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							8325d423075ed3ab4ccff39d5db17db00696b420
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4 bits)
							04b0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (55 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'encryptionservice.mds.icm.test-dsms.msftcloudes.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (164 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://mscrl.microsoft.com/pki/mscorp/crl/Microsoft%20IT%20TLS%20CA%202.crl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.microsoft.com/pki/mscorp/crl/Microsoft%20IT%20TLS%20CA%202.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (70 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.42.1
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.microsoft.com/pki/mscorp/cps'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 919e3b446c3d579c42772a34d74fd1cc4a972cda
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (4096 bits)
		00980ddf815f45f8c78359836a2558746ca396281cb10f0910806721a0b51320a5467ef478f09dc8d2d7252b3a5fd5657904487be4a1188bfd4238b22068bcaa4cf276cab85c5a42bf350c7e0af6ffc6e0434d9454b069b2c925caa72cefdab108b8c9d2e16b078b1fb663d909864b54b08673ea37282cd76cde67530542229f3661e6c246e2b53c23c1df42e06802393b56352bc9b5b71201b8dd388aa6d9629eb6df8de3e6a4bfda49ac77ea797f5e9380856b9ee3dcef2e5959d35b3cd62034a789184032d905208f52ac8107ef16f6b8e7852564ec0eed9b28ffac21a05cf6eecd4782b5be698374e88f4114ff9aa8e32c8fa11d24535c40beb04f2dab88fc9d4a41c6f953627aeca1a983c66cdad68c6a58bcb2a5f303a3c70ac8844dec6e85fa64ccba888b8b083d52203f54dfc6f08a58d4c6e6c6d18033b5dfbbe9eb1715e73041355b0d9ca6a1389f42f34847b4c099c8d0e228b41064cd5c4c4a90aa85eb481f12c85df4d96962c388ba60de8b76bf546a38d7753d734e4fecaf2529c6a584a0d28cd74206c0b60b625645d7c132368c284426b139004ea53aabb063365c23b6b00c33de20f947c49cd4e19e9eb72561f150b54820fd86917ccf7ff8cbe471115667daa75c8ab37cf33ca0361228d2a76ca596034ef093860cd153cf1c75783c9283ccfac8f4f0d8d7cfb2087f67ed283513b77a2fe35ab097d7faf8