becws-gov-us.microsoftonline.com
Issued by Microsoft IT TLS CA 1
About this certificate
This digital certificate with serial number 7b:00:03:21:28:bc:d0:e8:63:bc:40:2b:3c:00:00:00:03:21:28 was issued on by Microsoft Corporation.
With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- KeyUsage [DataEncipherment DigitalSignature KeyEncipherment] (00001101) inconsistent with multiple purpose ExtKeyUsage [clientAuth serverAuth] The certificate MUST only be used for a purpose consistent with both key usage extension and extended key usage extension. (RFC 5280, Section 4.2.1.12.)
- Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)
- The keyUsage extension SHOULD be critical (RFC 5280: 4.2.1.3)
Certificate Subject
CN=becws-gov-us.microsoftonline.com
Microsoft Corporation
Organization:
Microsoft Corporation
Organization unit: Microsoft IT
Organization unit: Microsoft IT
State / Province:
Washington
Locality: Redmond
Country: US
Locality: Redmond
Country: US
This certificate has expire since
Certificate Details
Serial Number (hex): 7b:00:03:21:28:bc:d0:e8:63:bc:40:2b:3c:00:00:00:03:21:28Serial Number (int): 2742992724342412788852285052948014628734181672
Serial Number lenght: 151 bits, 19 octets
SubjectKeyId: d1:7d:21:37:68:91:85:71:ea:e5:5d:53:8a:21:af:e0:26:c8:92:ca
AuthorityKeyId: 58:88:9f:d6:dc:9c:48:22:b7:14:3e:ff:84:88:e8:e6:85:ff:fa:7d
Fingerprint (sha1): fb:2d:f9:89:e4:18:78:55:4b:a5:7c:57:69:cb:c2:48:5e:12:26:59
Fingerprint (sha256): 02:9e:5d:6f:f2:e5:70:d1:c0:21:8a:17:c5:05:6f:2c:ba:4d:32:3a:cb:de:11:5c:eb:8f:d6:40:8d:e5:88:52
Issuing Certificate URL: http://www.microsoft.com/pki/mscorp/Microsoft%20IT%20TLS%20CA%201.crt
Revocation information
OCSP Server: http://ocsp.msocsp.comCRL Distribution Point: http://mscrl.microsoft.com/pki/mscorp/crl/Microsoft%20IT%20TLS%20CA%201.crl
CRL Distribution Point: http://crl.microsoft.com/pki/mscorp/crl/Microsoft%20IT%20TLS%20CA%201.crl
Check the revocation status for certificate becws-gov-us.microsoftonline.com
2
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for becws-gov-us.microsoftonline.com
Public Key Algorithm
RSA
Key Size
2048
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Data Encipherment
Extended Key Usages
Client Authentication
Server Authentication
Extensions
11 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
becws-gov-us.microsoftonline.com
becws.gov.us.microsoftonline.com
becws.gov.us.microsoftonline.com
Other certificates including the domain name microsoftonline.com
(limited to 100 certificates)
syncservice.microsoftonline.com
atv300.microsoftonline.com
becws-gov-us.microsoftonline.com
*.certauth.login.microsoftonline.com
api.cp.microsoft.com
login.microsoftonline.com
cert.ccs.login.microsoftonline.com
outlook.com
stamp2.login.microsoftonline.com
graph.windows.net
login.windows.net
*.sharepoint.com
login.windows.net
tip.passwordreset.microsoftonline.com
syncservice.microsoftonline.com
*.sharepoint.emea.microsoftonline.com
*.segmentation.bdm.microsoftonline.com
graph.windows.net
graph.windows.net
graph.windows.net
outlook.com
mail.apac.microsoftonline.com
login.windows.net
becws-gov-us.microsoftonline.com
outlook.com
management.microsoftonline.com
graph.windows.net
login.windows.net
graph.windows.net
rps-prd.microsoftonline.com
akamai-san17.exacttarget.com
portal.office.com
graph.windows.net
adminwebservice.microsoftonline.com
CompanyManager.microsoftonline.com
g.msn.com
graph.windows.net
syncservice.microsoftonline.com
portal.office.com
login.windows.net
graph.windows.net
portal.office.com
login.windows.net
syncservice.ccsctp.com
dcscheduler.msogov.us.microsoftonline.com
graph.windows.net
provisioningapi.microsoftonline.com
syncservice.microsoftonline.com
ssprdataencrypt.microsoftonline.com
syncservice.eu.microsoftonline.com
login.windows.net
graph.windows.net
login.windows.net
outlook.com
migreports.microsoftonline.com
login.windows.net
companymanager.microsoftonline.com
graph.windows.net
CompanyManager.microsoftonline.com
*.certauth.login.microsoftonline.com
commerce.microsoftonline.com
stamp2.login.microsoftonline.com
graph.windows.net
login.windows.net
syncservice.ccsctp.com
outlook.com
outlook.com
stamp2.login.microsoftonline.com
stamp2.login.microsoftonline.com
graph.windows.net
portal.office.com
syncservice.ccsctp.com
graph.windows.net
syncservice.gov.us.microsoftonline.com
login.windows.net
companymanager.microsoftonline.com
syncservice.ccsctp.com
graph.windows.net
stamp2.login.microsoftonline.com
outlook.com
graph.windows.net
outlook.com
*.mail.emea.microsoftonline.com
stamp2.login.microsoftonline.com
syncservice.microsoftonline.com
portal.office.com
ccs.login.microsoftonline.com
outlook.com
outlook.com
graph.windows.net
ocpclient.microsoftonline.com
login.windows.net
graph.windows.net
stamp2.login.microsoftonline.com
login.windows.net
*.sharepoint.com
outlook.com
*.sharepoint.com
outlook.com
portal.office.com
atv300.microsoftonline.com
becws-gov-us.microsoftonline.com
*.certauth.login.microsoftonline.com
api.cp.microsoft.com
login.microsoftonline.com
cert.ccs.login.microsoftonline.com
outlook.com
stamp2.login.microsoftonline.com
graph.windows.net
login.windows.net
*.sharepoint.com
login.windows.net
tip.passwordreset.microsoftonline.com
syncservice.microsoftonline.com
*.sharepoint.emea.microsoftonline.com
*.segmentation.bdm.microsoftonline.com
graph.windows.net
graph.windows.net
graph.windows.net
outlook.com
mail.apac.microsoftonline.com
login.windows.net
becws-gov-us.microsoftonline.com
outlook.com
management.microsoftonline.com
graph.windows.net
login.windows.net
graph.windows.net
rps-prd.microsoftonline.com
akamai-san17.exacttarget.com
portal.office.com
graph.windows.net
adminwebservice.microsoftonline.com
CompanyManager.microsoftonline.com
g.msn.com
graph.windows.net
syncservice.microsoftonline.com
portal.office.com
login.windows.net
graph.windows.net
portal.office.com
login.windows.net
syncservice.ccsctp.com
dcscheduler.msogov.us.microsoftonline.com
graph.windows.net
provisioningapi.microsoftonline.com
syncservice.microsoftonline.com
ssprdataencrypt.microsoftonline.com
syncservice.eu.microsoftonline.com
login.windows.net
graph.windows.net
login.windows.net
outlook.com
migreports.microsoftonline.com
login.windows.net
companymanager.microsoftonline.com
graph.windows.net
CompanyManager.microsoftonline.com
*.certauth.login.microsoftonline.com
commerce.microsoftonline.com
stamp2.login.microsoftonline.com
graph.windows.net
login.windows.net
syncservice.ccsctp.com
outlook.com
outlook.com
stamp2.login.microsoftonline.com
stamp2.login.microsoftonline.com
graph.windows.net
portal.office.com
syncservice.ccsctp.com
graph.windows.net
syncservice.gov.us.microsoftonline.com
login.windows.net
companymanager.microsoftonline.com
syncservice.ccsctp.com
graph.windows.net
stamp2.login.microsoftonline.com
outlook.com
graph.windows.net
outlook.com
*.mail.emea.microsoftonline.com
stamp2.login.microsoftonline.com
syncservice.microsoftonline.com
portal.office.com
ccs.login.microsoftonline.com
outlook.com
outlook.com
graph.windows.net
ocpclient.microsoftonline.com
login.windows.net
graph.windows.net
stamp2.login.microsoftonline.com
login.windows.net
*.sharepoint.com
outlook.com
*.sharepoint.com
outlook.com
portal.office.com
Certificate
The complete raw certificate details for becws-gov-us.microsoftonline.com in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIII7TCCBtWgAwIBAgITewADISi80OhjvEArPAAAAAMhKDANBgkqhkiG9w0BAQsF ADCBizELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcT B1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEVMBMGA1UE CxMMTWljcm9zb2Z0IElUMR4wHAYDVQQDExVNaWNyb3NvZnQgSVQgVExTIENBIDEw HhcNMTgxMDEzMjI0NzM2WhcNMjAxMDEzMjI0NzM2WjArMSkwJwYDVQQDEyBiZWN3 cy1nb3YtdXMubWljcm9zb2Z0b25saW5lLmNvbTCCASIwDQYJKoZIhvcNAQEBBQAD ggEPADCCAQoCggEBAL22ScFoq5Erauiw0EfgGBdEi/xhfrTlkX1NVBlGhYeqYRVB MEjnhcTrbG6Ew9cHOXAsFlq/vPI1mLDIvYeWTBX1FHqic3eW7S43Dz8FMXPNexIM T6pDeyPpdnn8Z4AaDHcN13V2r18mwQIkS9l4t14fmBpWlm1PL76Zo8ICMZnF2E7I mxBSAuRR4dSXZBD/F2hqfPK3gh5tRhgV6EP/30r6xNrwI1i5f+WZpmYzg2htZp5y Fum8wXujuMQ3S79+eHafPjBHsrX9hQvavJDNQYDQauYgkPq+ZYz+ws+JN5nTra4g y39QqJkBtVc4S5WKbRGulM0xPippicbmg0iPa8cCAwEAAaOCBKcwggSjMIIB9QYK KwYBBAHWeQIEAgSCAeUEggHhAd8AdgC72d+8H4pxtZOUI5eqkntHOFeVCqtS6BqQ lmQ2jh7RhQAAAWZvpkg0AAAEAwBHMEUCIQCxxWbE6z+V7Ii7gLai7q2RvANSCOmx BqglfHOQf1jFKgIgcs4PnGPkaP9T7mrQjjrEeXQ2s41y4NEF/BqUbu5cU50AdgBV gdTCFpA2AUrqC5tXPFPwwOQ4eHAlCBcvo6odBxPTDAAAAWZvpkgFAAAEAwBHMEUC IF86kooqlp8rx4O/v7xKTwj7YshMDf4L62gHUVTV4dZcAiEA+NZokphYT+qmhxaY LJdOhzVIvro4XFXcR513jv5g6xAAdgCkuQmQtBhYFIe7E6LMZ3AKPDWYBPkb37jj d80OyA3cEAAAAWZvpkgiAAAEAwBHMEUCIQC8xfyrWGKeZW2HraZQXWHldOLyGQdt QHY4xyupPDPpDgIgYeQcRjY8fekuXMY7KH9h/+WTqo0xJ+fsBV1nPFmYd3gAdQDw laRZ8gDRgkAQLS+TiI6tS/4dR+OZ4dA0prCoqo6ycwAAAWZvpkcGAAAEAwBGMEQC IERmgqWSeFHw7xBZdzjlShvVSL2Ti33/q1/haylr2ho1AiAwVeBkmn9AS/Z7n4YF /Lxw272ExrHI/i2RrFoS9M5KSjAnBgkrBgEEAYI3FQoEGjAYMAoGCCsGAQUFBwMC MAoGCCsGAQUFBwMBMD4GCSsGAQQBgjcVBwQxMC8GJysGAQQBgjcVCIfahnWD7tkB gsmFG4G1nmGF9OtggV2E0t9CgueTegIBZAIBHTCBhQYIKwYBBQUHAQEEeTB3MFEG CCsGAQUFBzAChkVodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9N aWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwMS5jcnQwIgYIKwYBBQUHMAGGFmh0 dHA6Ly9vY3NwLm1zb2NzcC5jb20wHQYDVR0OBBYEFNF9ITdokYVx6uVdU4ohr+Am yJLKMAsGA1UdDwQEAwIEsDBNBgNVHREERjBEgiBiZWN3cy1nb3YtdXMubWljcm9z b2Z0b25saW5lLmNvbYIgYmVjd3MuZ292LnVzLm1pY3Jvc29mdG9ubGluZS5jb20w gawGA1UdHwSBpDCBoTCBnqCBm6CBmIZLaHR0cDovL21zY3JsLm1pY3Jvc29mdC5j b20vcGtpL21zY29ycC9jcmwvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDEu Y3JshklodHRwOi8vY3JsLm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcmwvTWlj cm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDEuY3JsME0GA1UdIARGMEQwQgYJKwYB BAGCNyoBMDUwMwYIKwYBBQUHAgEWJ2h0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9w a2kvbXNjb3JwL2NwczAfBgNVHSMEGDAWgBRYiJ/W3JxIIrcUPv+EiOjmhf/6fTAd BgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQADggIB AEuB5k/T6yukhLsvpxAPK9crMao1NUANNgb7CQpNRN5v3NFybtSNPDNgOExiKzzQ oohKhYjFo7c5wY3IXsmiR3LpdrrvLDyatWMLsAs6mmSYcwBmlJ7OybtfdXU1u1tX 9V689eCu6MiWcwlzFpP4ZU9/k3cg+Dl95TaDAM0WEfHYY2lzM0U0JYeCz3kFF+Y7 mXCwVA2VSrHwnKEPfVaMlih1KfZww7qr/woYITqEOm8SaIkjqmAT6gjS4jLrd1Vy FhtV5FoC6kGWvEx8kq+pMIq1Kv0oZHxaw6W2D54+hwJ5nszQDL4DXIxXuYbo5h7e Onl1+wLS61zbwjRkd5XREZQFYF7BpIuJPGwT5DuwyKVVDgr5S0PNepwWYEyWFtUD ZrtXOwZDOy0bmKlrV2GHESQyhG7B0H6KdcjqSPL1Y8/c+nEgyRa1peLKl3lgBK6E BoJkL9mtLzHHuE0rhT4Cf0+AZE7CZVAIDqZi2CSzeZen1n5D852TtHsWvzrfEZx+ ImFvRQAS3fpg3sHdvinLlWcuu+XUxwxM9umqJfVTEO5v+ZX455jTXMGtu2QV5Uv2 jqzEqgX6rxLG9VvPZdSlg7F4K2EDjVhSaOf17UiD4LYthR26kqjb/+aK40kYMz1+ o93CvpNvxTZF9s2iwFxj3tt+uBjhMyIttOgWsPb5c4Ia -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvbZJwWirkStq6LDQR+AY F0SL/GF+tOWRfU1UGUaFh6phFUEwSOeFxOtsboTD1wc5cCwWWr+88jWYsMi9h5ZM FfUUeqJzd5btLjcPPwUxc817EgxPqkN7I+l2efxngBoMdw3XdXavXybBAiRL2Xi3 Xh+YGlaWbU8vvpmjwgIxmcXYTsibEFIC5FHh1JdkEP8XaGp88reCHm1GGBXoQ//f SvrE2vAjWLl/5ZmmZjODaG1mnnIW6bzBe6O4xDdLv354dp8+MEeytf2FC9q8kM1B gNBq5iCQ+r5ljP7Cz4k3mdOtriDLf1ComQG1VzhLlYptEa6UzTE+KmmJxuaDSI9r xwIDAQAB -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 2742992724342412788852285052948014628734181672 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Washington' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Redmond' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Microsoft Corporation' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Microsoft IT' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Microsoft IT TLS CA 1' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2018-10-13 22:47:36 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2020-10-13 22:47:36 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'becws-gov-us.microsoftonline.com' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 23948929254593205031752437284008711749547891252385030136623074705990348333390777818478421355181090004671028351491617981882127834529906641511726418567462775292365591155539686795292288698093320563844472402147561759642616403595328779842848224840236146365985733053403417481043544010561874423205736260654397946451085126640532620702057239992944389722271031025776172504449566631831787421884211687862235193154100194127387979696259217571732623124995716837914904678021048328254049719007675181890594032757379715845983965224676715655079942429912187300234205493919155897711431948653220182275369965119326576159984255512978161363911 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (485 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (481 bytes) 01df007600bbd9dfbc1f8a71b593942397aa927b473857950aab52e81a909664368e1ed185000001666fa648340000040300473045022100b1c566c4eb3f95ec88bb80b6a2eead91bc035208e9b106a8257c73907f58c52a022072ce0f9c63e468ff53ee6ad08e3ac4797436b38d72e0d105fc1a946eee5c539d0076005581d4c2169036014aea0b9b573c53f0c0e43878702508172fa3aa1d0713d30c000001666fa64805000004030047304502205f3a928a2a969f2bc783bfbfbc4a4f08fb62c84c0dfe0beb68075154d5e1d65c022100f8d6689298584feaa68716982c974e873548beba385c55dc479d778efe60eb10007600a4b90990b418581487bb13a2cc67700a3c359804f91bdfb8e377cd0ec80ddc10000001666fa648220000040300473045022100bcc5fcab58629e656d87ada6505d61e574e2f219076d407638c72ba93c33e90e022061e41c46363c7de92e5cc63b287f61ffe593aa8d3127e7ec055d673c59987778007500f095a459f200d18240102d2f93888ead4bfe1d47e399e1d034a6b0a8aa8eb273000001666fa6470600000403004630440220446682a5927851f0ef10597738e54a1bd548bd938b7dffab5fe16b296bda1a3502203055e0649a7f404bf67b9f8605fcbc70dbbd84c6b1c8fe2d91ac5a12f4ce4a4a . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.21.10 (applicationCertPolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (26 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.21.7 (certificateTemplate) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (49 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.21.8.16155509.8105089.5391003.2969441.12400096.221.9744322.5884410 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 100 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 29 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (121 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://www.microsoft.com/pki/mscorp/Microsoft%20IT%20TLS%20CA%201.crt' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.msocsp.com' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) d17d213768918571eae55d538a21afe026c892ca . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4 bits) 04b0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (70 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'becws-gov-us.microsoftonline.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'becws.gov.us.microsoftonline.com' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (164 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://mscrl.microsoft.com/pki/mscorp/crl/Microsoft%20IT%20TLS%20CA%201.crl' . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.microsoft.com/pki/mscorp/crl/Microsoft%20IT%20TLS%20CA%201.crl' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (70 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.42.1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.microsoft.com/pki/mscorp/cps' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 58889fd6dc9c4822b7143eff8488e8e685fffa7d . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (4096 bits) 004b81e64fd3eb2ba484bb2fa7100f2bd72b31aa3535400d3606fb090a4d44de6fdcd1726ed48d3c3360384c622b3cd0a2884a8588c5a3b739c18dc85ec9a24772e976baef2c3c9ab5630bb00b3a9a6498730066949ecec9bb5f757535bb5b57f55ebcf5e0aee8c8967309731693f8654f7f937720f8397de5368300cd1611f1d8636973334534258782cf790517e63b9970b0540d954ab1f09ca10f7d568c96287529f670c3baabff0a18213a843a6f12688923aa6013ea08d2e232eb775572161b55e45a02ea4196bc4c7c92afa9308ab52afd28647c5ac3a5b60f9e3e8702799eccd00cbe035c8c57b986e8e61ede3a7975fb02d2eb5cdbc234647795d1119405605ec1a48b893c6c13e43bb0c8a5550e0af94b43cd7a9c16604c9616d50366bb573b06433b2d1b98a96b576187112432846ec1d07e8a75c8ea48f2f563cfdcfa7120c916b5a5e2ca97796004ae840682642fd9ad2f31c7b84d2b853e027f4f80644ec26550080ea662d824b37997a7d67e43f39d93b47b16bf3adf119c7e22616f450012ddfa60dec1ddbe29cb95672ebbe5d4c70c4cf6e9aa25f55310ee6ff995f8e798d35cc1adbb6415e54bf68eacc4aa05faaf12c6f55bcf65d4a583b1782b61038d585268e7f5ed4883e0b62d851dba92a8dbffe68ae34918333d7ea3ddc2be936fc53645f6cda2c05c63dedb7eb818e133222db4e816b0f6f973821a