identity.microsoft.com
Issued by Microsoft IT TLS CA 1
About this certificate
This digital certificate with serial number 7b:00:04:70:c1:0c:87:c0:c4:72:86:bb:87:00:00:00:04:70:c1 was issued on by Microsoft Corporation.
With 6 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- KeyUsage [DataEncipherment DigitalSignature KeyEncipherment] (00001101) inconsistent with multiple purpose ExtKeyUsage [clientAuth serverAuth] The certificate MUST only be used for a purpose consistent with both key usage extension and extended key usage extension. (RFC 5280, Section 4.2.1.12.)
- Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)
- The keyUsage extension SHOULD be critical (RFC 5280: 4.2.1.3)
Certificate Subject
CN=identity.microsoft.com
Microsoft Corporation
Organization:
Microsoft Corporation
Organization unit: Microsoft IT
Organization unit: Microsoft IT
State / Province:
Washington
Locality: Redmond
Country: US
Locality: Redmond
Country: US
This certificate has expire since
Certificate Details
Serial Number (hex): 7b:00:04:70:c1:0c:87:c0:c4:72:86:bb:87:00:00:00:04:70:c1Serial Number (int): 2742993170424637296146342125795859967678640321
Serial Number lenght: 151 bits, 19 octets
SubjectKeyId: ae:89:db:14:a6:f9:c2:77:48:54:38:d8:f3:c9:aa:60:1d:fd:0a:c4
AuthorityKeyId: 58:88:9f:d6:dc:9c:48:22:b7:14:3e:ff:84:88:e8:e6:85:ff:fa:7d
Fingerprint (sha1): 9a:3e:90:29:fa:14:6f:a1:12:fc:7f:12:57:91:af:b7:04:fa:5b:59
Fingerprint (sha256): 03:32:b6:6c:12:4f:0b:38:00:08:8e:89:f4:d3:be:49:c8:7b:fb:3c:f1:34:08:6b:be:bb:33:c6:10:dc:66:d6
Issuing Certificate URL: http://www.microsoft.com/pki/mscorp/Microsoft%20IT%20TLS%20CA%201.crt
Revocation information
OCSP Server: http://ocsp.msocsp.comCRL Distribution Point: http://mscrl.microsoft.com/pki/mscorp/crl/Microsoft%20IT%20TLS%20CA%201.crl
CRL Distribution Point: http://crl.microsoft.com/pki/mscorp/crl/Microsoft%20IT%20TLS%20CA%201.crl
Check the revocation status for certificate identity.microsoft.com
6
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for identity.microsoft.com
Public Key Algorithm
RSA
Key Size
2048
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Data Encipherment
Extended Key Usages
Client Authentication
Server Authentication
Extensions
11 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
applications.microsoft.com
applications.microsoft-int.com
apps.dev.microsoft.com
apps.dev.microsoft-int.com
identity.microsoft.com
identity.microsoft-int.com
applications.microsoft-int.com
apps.dev.microsoft.com
apps.dev.microsoft-int.com
identity.microsoft.com
identity.microsoft-int.com
Other certificates including the domain name microsoft.com
(limited to 100 certificates)
ppe.gallery.expression.microsoft.com
KeyRecoveryAgent.manage-dogfood.microsoft.com
phoneregistration.gtm.corp.microsoft.com
empowerment.l2o.microsoft.com
iot.dps.mp.microsoft.com
adfutils-us.func.cp.wd.microsoft.com
gmevpn.glbdns2.microsoft.com
workflowservice-int.dps.mp.microsoft.com
FCS1.AMSU1.sconline-int.microsoft.com
azure-management.azurepilot.cp.microsoft.com
politemail4msft.cloudapp.net
msip.clientidentity.microsoft.com
app.aladdindev.microsoft.com
e.microsoft.com
exp3days.ossdatabases-test1.microsoft.com
tip2.vnet.powerplatform.microsoft.com
pitstop.microsoft.com
community-ppe.support.microsoft.com
mail.microsoft.com
solutionsauthor.partners.extranet.microsoft.com
storemanagement-int-client.microsoft.com
000dtk5o40pl2.redmond.corp.microsoft.com
*.contentexplorer.mc.microsoft.com
tip1.api.bap.microsoft.com
quote.mocksubscription.l2o.microsoft.com
tip1.api.bap.microsoft.com
supportactions-dcsteam-actions.services.microsoft.com
*.nus.onlinebackup.microsoft.com
adkaulfake131.ustcms.microsoft.com
afsppweu-cp.afs.azure.net
FCS1.DAMSUA0102.manage-dogfood.microsoft.com
listingsmanagement-int.dps.mp.microsoft.com
selync-lct.redmond.corp.microsoft.com
portfolios.officeppe.com
*.daas.microsoft.com
auth.hcs.microsoft.com
optimizer.asimov.microsoft.com
testdrive.microsoft.com
telemetry.urs.microsoft.com
identity.microsoft.com
vstfmscisext.partners.extranet.microsoft.com
mygroups.microsoft.com
code.msdn.microsoft.com
listapi-us.ppe.func.cp.wd.microsoft.com
centralus.dev.api.medeina.trafficmanager.net
config.edog.officeapps.live.com
services.awasa.microsoft.com
wus-int.GENEVA.KEYVAULT.slkv2.MICROSOFT.COM
eastus2.vnet.powerplatform.microsoft.com
fp.wd.microsoft.com
mygroups.microsoft.com
download.oemsoc.microsoft.com
msats-ppe.commerce.microsoft.com
ATPAppID.manage-selfhost.microsoft.com
edsystems.parttest.extranettest.microsoft.com
*.daas.microsoft.com
tip2.vnet.powerplatform.microsoft.com
netscan.corp.microsoft.com
api.partnercenter.microsoft.com
mail.protection.outlook.com
detego.partners.extranet.microsoft.com
settings.data.microsoft.com
sfcluster.dev.asi.microsoft.com
repos.opensource.microsoft.com
*.falconprod-sf.trafficmanager.net
OpsToolReadOnly.manage.microsoft.com
guidesideasaccess4.microsoft.com
query-amp-data-westus.cms.microsoft.com
mpn-mlxint.microsoft.com
*.redmond.corp.microsoft.com
tip2.vnet.powerplatform.microsoft.com
southeastasia.prod.api.medeina.trafficmanager.net
SpyNet2.Microsoft.com
mysignins-ppe.microsoft.com
regmgmtu1.partners.extranet.microsoft.com
soumay1.ustcms.microsoft.com
api.powerva.microsoft.com
i4.services.social.microsoft.com
msit-bcwebatmpoc-sc.cloudapp.net
noam.eersapi.teams-test.microsoft.com
CH1MBISPOWA.corp.microsoft.com
kailani10.one.microsoft.com
bmslt.partners.extranet.microsoft.com
fulfillmentquery.mcapi.commerce.microsoft.com
azuresqldataloadervcscert4.microsoft.com
testaadoutage.ustcms.microsoft.com
identity.microsoft.com
threatintel-stg.trafficmanager.net
rm2.partners.extranet.microsoft.com
preview.viewer.messaging.microsoft.com
journal.purchase.commerce.microsoft.com
debugoutputest.smltenant.microsoft.com
developertools-test.powerplatform.microsoft.com
zbcmp.pfgold.dev.ustcms.microsoft.com
tip2.vnet.powerplatform.microsoft.com
e.microsoft.com
presence.teams.microsoft.com
beijing-portal.msftvpn.ras.microsoft.com
myprofile-ppe.microsoft.com
adkaulfake050.ustcms.microsoft.com
KeyRecoveryAgent.manage-dogfood.microsoft.com
phoneregistration.gtm.corp.microsoft.com
empowerment.l2o.microsoft.com
iot.dps.mp.microsoft.com
adfutils-us.func.cp.wd.microsoft.com
gmevpn.glbdns2.microsoft.com
workflowservice-int.dps.mp.microsoft.com
FCS1.AMSU1.sconline-int.microsoft.com
azure-management.azurepilot.cp.microsoft.com
politemail4msft.cloudapp.net
msip.clientidentity.microsoft.com
app.aladdindev.microsoft.com
e.microsoft.com
exp3days.ossdatabases-test1.microsoft.com
tip2.vnet.powerplatform.microsoft.com
pitstop.microsoft.com
community-ppe.support.microsoft.com
mail.microsoft.com
solutionsauthor.partners.extranet.microsoft.com
storemanagement-int-client.microsoft.com
000dtk5o40pl2.redmond.corp.microsoft.com
*.contentexplorer.mc.microsoft.com
tip1.api.bap.microsoft.com
quote.mocksubscription.l2o.microsoft.com
tip1.api.bap.microsoft.com
supportactions-dcsteam-actions.services.microsoft.com
*.nus.onlinebackup.microsoft.com
adkaulfake131.ustcms.microsoft.com
afsppweu-cp.afs.azure.net
FCS1.DAMSUA0102.manage-dogfood.microsoft.com
listingsmanagement-int.dps.mp.microsoft.com
selync-lct.redmond.corp.microsoft.com
portfolios.officeppe.com
*.daas.microsoft.com
auth.hcs.microsoft.com
optimizer.asimov.microsoft.com
testdrive.microsoft.com
telemetry.urs.microsoft.com
identity.microsoft.com
vstfmscisext.partners.extranet.microsoft.com
mygroups.microsoft.com
code.msdn.microsoft.com
listapi-us.ppe.func.cp.wd.microsoft.com
centralus.dev.api.medeina.trafficmanager.net
config.edog.officeapps.live.com
services.awasa.microsoft.com
wus-int.GENEVA.KEYVAULT.slkv2.MICROSOFT.COM
eastus2.vnet.powerplatform.microsoft.com
fp.wd.microsoft.com
mygroups.microsoft.com
download.oemsoc.microsoft.com
msats-ppe.commerce.microsoft.com
ATPAppID.manage-selfhost.microsoft.com
edsystems.parttest.extranettest.microsoft.com
*.daas.microsoft.com
tip2.vnet.powerplatform.microsoft.com
netscan.corp.microsoft.com
api.partnercenter.microsoft.com
mail.protection.outlook.com
detego.partners.extranet.microsoft.com
settings.data.microsoft.com
sfcluster.dev.asi.microsoft.com
repos.opensource.microsoft.com
*.falconprod-sf.trafficmanager.net
OpsToolReadOnly.manage.microsoft.com
guidesideasaccess4.microsoft.com
query-amp-data-westus.cms.microsoft.com
mpn-mlxint.microsoft.com
*.redmond.corp.microsoft.com
tip2.vnet.powerplatform.microsoft.com
southeastasia.prod.api.medeina.trafficmanager.net
SpyNet2.Microsoft.com
mysignins-ppe.microsoft.com
regmgmtu1.partners.extranet.microsoft.com
soumay1.ustcms.microsoft.com
api.powerva.microsoft.com
i4.services.social.microsoft.com
msit-bcwebatmpoc-sc.cloudapp.net
noam.eersapi.teams-test.microsoft.com
CH1MBISPOWA.corp.microsoft.com
kailani10.one.microsoft.com
bmslt.partners.extranet.microsoft.com
fulfillmentquery.mcapi.commerce.microsoft.com
azuresqldataloadervcscert4.microsoft.com
testaadoutage.ustcms.microsoft.com
identity.microsoft.com
threatintel-stg.trafficmanager.net
rm2.partners.extranet.microsoft.com
preview.viewer.messaging.microsoft.com
journal.purchase.commerce.microsoft.com
debugoutputest.smltenant.microsoft.com
developertools-test.powerplatform.microsoft.com
zbcmp.pfgold.dev.ustcms.microsoft.com
tip2.vnet.powerplatform.microsoft.com
e.microsoft.com
presence.teams.microsoft.com
beijing-portal.msftvpn.ras.microsoft.com
myprofile-ppe.microsoft.com
adkaulfake050.ustcms.microsoft.com
Certificate
The complete raw certificate details for identity.microsoft.com in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIHYjCCBUqgAwIBAgITewAEcMEMh8DEcoa7hwAAAARwwTANBgkqhkiG9w0BAQsF ADCBizELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcT B1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEVMBMGA1UE CxMMTWljcm9zb2Z0IElUMR4wHAYDVQQDExVNaWNyb3NvZnQgSVQgVExTIENBIDEw HhcNMTkwMzIwMTc0MDA4WhcNMjEwMzIwMTc0MDA4WjAhMR8wHQYDVQQDExZpZGVu dGl0eS5taWNyb3NvZnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC AQEAwNCu+61wgLPOjT/LVKIGmoH0rkRzGa7I+kwrYmlFAmRwbZ+/HtZ55SJUEC+Y gq4TxUalVYLwxmDhChkma53VcHf5W+kPMBI72BC3n8EgDKkR7KieukF4djs1WEWT 3UfjLaYjKl5liOR6lX88OeCuMPqElPOejhF5RlgcJPsq9f8EcfHIaZNyvWh0BMgA G6B1t1OgNehkGIgQYn/xZ63pu5vlZhtwyfsbpdu7vSZ4E71xSDwjSa+lkvQhrLtf bBJssBPxyDd3yD4zJlxIKQGuXncgbpfEZ1n7kHCZcCxs/corDA2+jm+Dh30qDSdb EUZh/e8aQwEf0Kh9GUGB4Nc1fQIDAQABo4IDJjCCAyIwEwYKKwYBBAHWeQIEAwEB /wQCBQAwJwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAKBggrBgEFBQcDATA+ BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFd hNLfQoLnk3oCAWQCAR0wgYUGCCsGAQUFBwEBBHkwdzBRBggrBgEFBQcwAoZFaHR0 cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvTWljcm9zb2Z0JTIwSVQl MjBUTFMlMjBDQSUyMDEuY3J0MCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC5tc29j c3AuY29tMB0GA1UdDgQWBBSuidsUpvnCd0hUONjzyapgHf0KxDALBgNVHQ8EBAMC BLAwga8GA1UdEQSBpzCBpIIaYXBwbGljYXRpb25zLm1pY3Jvc29mdC5jb22CHmFw cGxpY2F0aW9ucy5taWNyb3NvZnQtaW50LmNvbYIWYXBwcy5kZXYubWljcm9zb2Z0 LmNvbYIaYXBwcy5kZXYubWljcm9zb2Z0LWludC5jb22CFmlkZW50aXR5Lm1pY3Jv c29mdC5jb22CGmlkZW50aXR5Lm1pY3Jvc29mdC1pbnQuY29tMIGsBgNVHR8EgaQw gaEwgZ6ggZuggZiGS2h0dHA6Ly9tc2NybC5taWNyb3NvZnQuY29tL3BraS9tc2Nv cnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjAxLmNybIZJaHR0cDov L2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElU JTIwVExTJTIwQ0ElMjAxLmNybDBNBgNVHSAERjBEMEIGCSsGAQQBgjcqATA1MDMG CCsGAQUFBwIBFidodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9j cHMwHwYDVR0jBBgwFoAUWIif1tycSCK3FD7/hIjo5oX/+n0wHQYDVR0lBBYwFAYI KwYBBQUHAwIGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4ICAQAYyXXGnM1+V3d1 oqSU4J1SQuEshlN5bQ3WdvruTvUcUjw5PJPYwQDiK9gFRFTmZrs6fPrN3PXVO41d JPWvu6s//lUn1PLcGqFQWNxtgsWm2jxiWo5+mkPGBGEiyC719qAb/hotYCme2IIE mVyZh6xPfms5mw5+V/tCN0t9taeBiTJsiBdPrUfgoW0FXKz8rTlwhYH7ePtEHpjE bXluFaJvO1Pdz32kId38icQE4AKtc1ZKL5O3JA6ibO/pL+geRKg207UGwaLgGlLj 6XKO39mhnDSUx1lZPu6wA8+hu1eOy4N9p9Dy6zPClwh7+UNtKIBD/Agz7Dhcpp5L JLEG7kAGQMb7WrZQEuJ0SEUAnqx8KWs3+sdt3LbhVbYOaxxkdc40g4iH07M2s+95 fnfEdqUPtxfKPMExSiM2Uc4u87LN/kAGVqqlYZKHUcGwWLLKrRiRVh+MpwAszQly sWBl7NR1TVxVL/wp3dxY17ylSUUgzA6pHQ8+6yrczSq0rb19bVGSSZqRwokR0Y5b 1CJlIa9FE+C3VPCtsAb/xsz3CSDbnqBPtp7zgFMZ2gYJap6HvANgpLEX0svTUXmO zwubcLgYik5Go/5EiDZ5zpN0anlRDkMhMbguuubnv1twCvA7U83HNzLO8Q4urTX6 ObAH2zPTY9Esn48ufDZ9vrEaSfwNXQ== -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwNCu+61wgLPOjT/LVKIG moH0rkRzGa7I+kwrYmlFAmRwbZ+/HtZ55SJUEC+Ygq4TxUalVYLwxmDhChkma53V cHf5W+kPMBI72BC3n8EgDKkR7KieukF4djs1WEWT3UfjLaYjKl5liOR6lX88OeCu MPqElPOejhF5RlgcJPsq9f8EcfHIaZNyvWh0BMgAG6B1t1OgNehkGIgQYn/xZ63p u5vlZhtwyfsbpdu7vSZ4E71xSDwjSa+lkvQhrLtfbBJssBPxyDd3yD4zJlxIKQGu XncgbpfEZ1n7kHCZcCxs/corDA2+jm+Dh30qDSdbEUZh/e8aQwEf0Kh9GUGB4Nc1 fQIDAQAB -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 2742993170424637296146342125795859967678640321 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Washington' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Redmond' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Microsoft Corporation' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Microsoft IT' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Microsoft IT TLS CA 1' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-03-20 17:40:08 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2021-03-20 17:40:08 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'identity.microsoft.com' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 24340660236385729303019408804933500173460972418317181413523415595478764634900851964500922190358381602170319001247362363941642265867125140465803611794078007267825577798498079487967499492357418851087774476417214832901466607782374554717118889812290439086518313485934190650106510808263044925750874028155381695722793550915086630605247209058767513023540436565464135862784960830071688054572738886205545135014447404270612153852759143415187152710675518750650491576444069186283921406999529058088071646421119284201793602573962763429312427568657012360558903913562414344893098038591779041440706045516480801867156322986093979317629 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.21.10 (applicationCertPolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (26 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.21.7 (certificateTemplate) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (49 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.21.8.16155509.8105089.5391003.2969441.12400096.221.9744322.5884410 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 100 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 29 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (121 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://www.microsoft.com/pki/mscorp/Microsoft%20IT%20TLS%20CA%201.crt' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.msocsp.com' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) ae89db14a6f9c277485438d8f3c9aa601dfd0ac4 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4 bits) 04b0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (167 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'applications.microsoft.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'applications.microsoft-int.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'apps.dev.microsoft.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'apps.dev.microsoft-int.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'identity.microsoft.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'identity.microsoft-int.com' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (164 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://mscrl.microsoft.com/pki/mscorp/crl/Microsoft%20IT%20TLS%20CA%201.crl' . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.microsoft.com/pki/mscorp/crl/Microsoft%20IT%20TLS%20CA%201.crl' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (70 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.42.1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.microsoft.com/pki/mscorp/cps' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 58889fd6dc9c4822b7143eff8488e8e685fffa7d . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (4096 bits) 0018c975c69ccd7e577775a2a494e09d5242e12c8653796d0dd676faee4ef51c523c393c93d8c100e22bd8054454e666bb3a7cfacddcf5d53b8d5d24f5afbbab3ffe5527d4f2dc1aa15058dc6d82c5a6da3c625a8e7e9a43c6046122c82ef5f6a01bfe1a2d60299ed88204995c9987ac4f7e6b399b0e7e57fb42374b7db5a78189326c88174fad47e0a16d055cacfcad39708581fb78fb441e98c46d796e15a26f3b53ddcf7da421ddfc89c404e002ad73564a2f93b7240ea26cefe92fe81e44a836d3b506c1a2e01a52e3e9728edfd9a19c3494c759593eeeb003cfa1bb578ecb837da7d0f2eb33c297087bf9436d288043fc0833ec385ca69e4b24b106ee400640c6fb5ab65012e2744845009eac7c296b37fac76ddcb6e155b60e6b1c6475ce34838887d3b336b3ef797e77c476a50fb717ca3cc1314a233651ce2ef3b2cdfe400656aaa561928751c1b058b2caad1891561f8ca7002ccd0972b16065ecd4754d5c552ffc29dddc58d7bca5494520cc0ea91d0f3eeb2adccd2ab4adbd7d6d5192499a91c28911d18e5bd4226521af4513e0b754f0adb006ffc6ccf70920db9ea04fb69ef3805319da06096a9e87bc0360a4b117d2cbd351798ecf0b9b70b8188a4e46a3fe44883679ce93746a79510e432131b82ebae6e7bf5b700af03b53cdc73732cef10e2ead35fa39b007db33d363d12c9f8f2e7c367dbeb11a49fc0d5d