*.live-ws.msn.com
Issued by Microsoft IT TLS CA 2
About this certificate
This digital certificate with serial number 20:00:05:9f:1c:6e:61:ba:07:d9:5d:29:bf:00:00:00:05:9f:1c was issued on by Microsoft Corporation.
With 8 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- KeyUsage [DataEncipherment DigitalSignature KeyEncipherment] (00001101) inconsistent with multiple purpose ExtKeyUsage [clientAuth serverAuth] The certificate MUST only be used for a purpose consistent with both key usage extension and extended key usage extension. (RFC 5280, Section 4.2.1.12.)
- Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)
- The keyUsage extension SHOULD be critical (RFC 5280: 4.2.1.3)
Certificate Subject
CN=*.live-ws.msn.com
Microsoft Corporation
Organization:
Microsoft Corporation
Organization unit: Microsoft IT
Organization unit: Microsoft IT
State / Province:
Washington
Locality: Redmond
Country: US
Locality: Redmond
Country: US
This certificate has expire since
Certificate Details
Serial Number (hex): 20:00:05:9f:1c:6e:61:ba:07:d9:5d:29:bf:00:00:00:05:9f:1cSerial Number (int): 713625759259688994823925613878931811369066268
Serial Number lenght: 150 bits, 19 octets
SubjectKeyId: f9:88:30:af:05:c1:1a:79:d1:8f:2a:90:f1:f0:ec:78:2b:13:70:54
AuthorityKeyId: 91:9e:3b:44:6c:3d:57:9c:42:77:2a:34:d7:4f:d1:cc:4a:97:2c:da
Fingerprint (sha1): 82:f1:87:57:15:90:d6:5d:62:07:89:f6:50:34:cd:5a:85:cd:43:af
Fingerprint (sha256): 03:58:be:3d:ef:c1:d0:20:5d:c4:67:08:c0:29:7b:2d:07:4c:44:fe:e1:8c:37:d1:e2:73:90:7a:77:ea:98:f5
Issuing Certificate URL: http://www.microsoft.com/pki/mscorp/Microsoft%20IT%20TLS%20CA%202.crt
Revocation information
OCSP Server: http://ocsp.msocsp.comCRL Distribution Point: http://mscrl.microsoft.com/pki/mscorp/crl/Microsoft%20IT%20TLS%20CA%202.crl
CRL Distribution Point: http://crl.microsoft.com/pki/mscorp/crl/Microsoft%20IT%20TLS%20CA%202.crl
Check the revocation status for certificate *.live-ws.msn.com
8
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for *.live-ws.msn.com
Public Key Algorithm
RSA
Key Size
2048
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Data Encipherment
Extended Key Usages
Client Authentication
Server Authentication
Extensions
11 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
rendering-eastus-prod-news-live.cloudapp.net
rendering-westus-prod-news-live.cloudapp.net
rendering-neurope-prod-news-live.cloudapp.net
live.msn.com
*.live-ws.msn.com
*.live.msn.com
live-ws.msn.com
rendering-easia-prod-news-live.cloudapp.net
rendering-westus-prod-news-live.cloudapp.net
rendering-neurope-prod-news-live.cloudapp.net
live.msn.com
*.live-ws.msn.com
*.live.msn.com
live-ws.msn.com
rendering-easia-prod-news-live.cloudapp.net
Other certificates including the domain name msn.com
(limited to 100 certificates)
suppadmgw.css.msn.com
amor.co.msn.com
*.contacts.msn.com
sync-sg1.trusted.msntv.msn.com
storage.live.com
apinternal.messenger.msn.com
ssl003.insnw.net
images.partner.windowsphone.com
account.microsoft.com
*.oneservice.msn.com
music.msn.com
*.vo.msecnd.net
*.events.data.microsoft.com
Reg.msn.com
advertising-uat.microsoft.com
fpt.microsoft.com
ssl003.insnw.net
*.sip.messenger.msn.com
suppsugw.css.msn.com
msniaap.msn.com
support.msn.com
*.msn.com
fpt.microsoft.com
sps-out.msn.com
*.vo.msecnd.net
scstest.msn.com
mail.live.com
arc.msn.com
stda02.zone.msn.com
zone.msn.com
www.mappoint.com
cdn.content.prod.cms.msn.com
omt.msn.com
ac3.msn.com
*.events-sandbox.data.microsoft.com
mobileexplorers.ca.msn.com
*.vo.msecnd.net
virtualearth.at
*.live-ws.msn.com
sendersupport.olc.protection.outlook.com
alerts.push.direct.msn.com
*.vo.msecnd.net
help.msn.com
g.msn.com
beta.it.money.msn.com
storage.live.com
adbroker.mp.dse.microsoft.com
*.ssl.catalog.video.msn.com
analytics.r.msn.com
www.multimap.com
featureupdate.msn.com
ssl003.insnw.net
ssl003.insnw.net
*.storage.msn.com
partnerprovider2.pcs.v2s.msn.com
*.msn.com
toolbar.msn.com
mail.live.com
f.msn.com
feedback.office.microsoft.com
partnerportal.msn.com
spaws.msn.com
api.choice.microsoft.com
fpt.microsoft.com
msniafeed.msn.com
federation.messenger.msn.com
api.partner.msn.com
www.bing.com
stdg02.zone.msn.com
test.cms.cdp.msn.com
storage.live.com
www.bing.com
logging.msnia.msn.com
texreg2.msn.com
*.events-sandbox.data.microsoft.com
c.msn.com
querypre.prod.cms.msn.com
*.events.data.microsoft.com
okauth.questionbox.jp.msn.com
beta5.idss.msn.com
g.msn.com
*.events.data.microsoft.com
ssl003.insnw.net
storage.live.com
*.events.data.microsoft.com
api.choice.microsoft.com
*.vo.msecnd.net
storage.live.com
dev.assets.msn.com
ca.moneycentral.msn.com
*.events.data.microsoft.com
answers.msn.com
*.msn.com
uploadlog2.msn.com
*.cn.msn.com
storage.msn.com
blog.msn.com
stda01.zone.msn.com
*.vo.msecnd.net
*.msn.com
amor.co.msn.com
*.contacts.msn.com
sync-sg1.trusted.msntv.msn.com
storage.live.com
apinternal.messenger.msn.com
ssl003.insnw.net
images.partner.windowsphone.com
account.microsoft.com
*.oneservice.msn.com
music.msn.com
*.vo.msecnd.net
*.events.data.microsoft.com
Reg.msn.com
advertising-uat.microsoft.com
fpt.microsoft.com
ssl003.insnw.net
*.sip.messenger.msn.com
suppsugw.css.msn.com
msniaap.msn.com
support.msn.com
*.msn.com
fpt.microsoft.com
sps-out.msn.com
*.vo.msecnd.net
scstest.msn.com
mail.live.com
arc.msn.com
stda02.zone.msn.com
zone.msn.com
www.mappoint.com
cdn.content.prod.cms.msn.com
omt.msn.com
ac3.msn.com
*.events-sandbox.data.microsoft.com
mobileexplorers.ca.msn.com
*.vo.msecnd.net
virtualearth.at
*.live-ws.msn.com
sendersupport.olc.protection.outlook.com
alerts.push.direct.msn.com
*.vo.msecnd.net
help.msn.com
g.msn.com
beta.it.money.msn.com
storage.live.com
adbroker.mp.dse.microsoft.com
*.ssl.catalog.video.msn.com
analytics.r.msn.com
www.multimap.com
featureupdate.msn.com
ssl003.insnw.net
ssl003.insnw.net
*.storage.msn.com
partnerprovider2.pcs.v2s.msn.com
*.msn.com
toolbar.msn.com
mail.live.com
f.msn.com
feedback.office.microsoft.com
partnerportal.msn.com
spaws.msn.com
api.choice.microsoft.com
fpt.microsoft.com
msniafeed.msn.com
federation.messenger.msn.com
api.partner.msn.com
www.bing.com
stdg02.zone.msn.com
test.cms.cdp.msn.com
storage.live.com
www.bing.com
logging.msnia.msn.com
texreg2.msn.com
*.events-sandbox.data.microsoft.com
c.msn.com
querypre.prod.cms.msn.com
*.events.data.microsoft.com
okauth.questionbox.jp.msn.com
beta5.idss.msn.com
g.msn.com
*.events.data.microsoft.com
ssl003.insnw.net
storage.live.com
*.events.data.microsoft.com
api.choice.microsoft.com
*.vo.msecnd.net
storage.live.com
dev.assets.msn.com
ca.moneycentral.msn.com
*.events.data.microsoft.com
answers.msn.com
*.msn.com
uploadlog2.msn.com
*.cn.msn.com
storage.msn.com
blog.msn.com
stda01.zone.msn.com
*.vo.msecnd.net
*.msn.com
Certificate
The complete raw certificate details for *.live-ws.msn.com in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIJnDCCB4SgAwIBAgITIAAFnxxuYboH2V0pvwAAAAWfHDANBgkqhkiG9w0BAQsF ADCBizELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcT B1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEVMBMGA1UE CxMMTWljcm9zb2Z0IElUMR4wHAYDVQQDExVNaWNyb3NvZnQgSVQgVExTIENBIDIw HhcNMTkwMzEyMjIwMDAxWhcNMjEwMzEyMjIwMDAxWjAcMRowGAYDVQQDDBEqLmxp dmUtd3MubXNuLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAO9g bRyZ/JGhH8vX3oTJ5BBzwKBaZ/zGUpkwymsaOGXBBH1IGNCM91EvyhxL4nmCsigX aoHzfRXGNKCuNizLUPAjE5oMkxKWp97Y8XUgZLRG+ZmF3sUeNuzKxLOOZhAg3OXW BtZn7Z1NUOEXKrCM/nesCoo7V0mGqLbLprdtmzGetQUYljKKbNl+HkPN2jXN5Qgo iJxzGNuXECbqkaY763yDhezxQ0SC65HmUtb3+crZ3lXODWEnU4PLe6AslKuzqyoW M35mbfQRfHSrfaxC5lEOh3TuMVsNz/srk0bE8ATxQy/ZXvTwgBEa8onuw8XphIG6 uve6ekwc24kzGjvFk6ECAwEAAaOCBWUwggVhMIIB+QYKKwYBBAHWeQIEAgSCAekE ggHlAeMAdwC72d+8H4pxtZOUI5eqkntHOFeVCqtS6BqQlmQ2jh7RhQAAAWlz9Jib AAAEAwBIMEYCIQCEZPbpf1AStviqwqu+eFx80WYxyVIroG8JhInpShlmxAIhAPtn cf4Q5djlbbvln4DTiDIVFhzew9gMAKGl4nrRunIeAHcA7ku9t3XOYLrhQmkfq+Ge ZqMPfl+wctiDAMR7iXqo/csAAAFpc/SYnwAABAMASDBGAiEA49xI6cFkK7kqK8G8 u7YYZ9hD1kXHpnT4pezAX51FC2ECIQC+BTfigC2Eh3Yvw6rwrFYKIjwt0eBaL573 jkyti/m8jQB2AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABaXP0 mJ0AAAQDAEcwRQIgMKl+h2uJNp0DnjRilMMbiIzw2Bubgtk20bQ6L1XpQBICIQDm pIqXF2u/9l/CuHTeNj18sPig1sO4hIPLP5p1wwGn5AB3AFzcQ5L+5qtFRLFemtRW 5hA3+9X6R9yhc5SyXub2xw7KAAABaXP0mK0AAAQDAEgwRgIhAPlpiWvHFDUMI5BB 1c4LXEEiFMiAiD/fSp+OXlNYukJWAiEA6fZDMrMfbdAEyATKeX9JC01VHURjGOey D3ghgQfdlwQwJwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAKBggrBgEFBQcD ATA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTr YIFdhNLfQoLnk3oCAWQCAR0wgYUGCCsGAQUFBwEBBHkwdzBRBggrBgEFBQcwAoZF aHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvTWljcm9zb2Z0JTIw SVQlMjBUTFMlMjBDQSUyMDIuY3J0MCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC5t c29jc3AuY29tMB0GA1UdDgQWBBT5iDCvBcEaedGPKpDx8Ox4KxNwVDALBgNVHQ8E BAMCBLAwggEFBgNVHREEgf0wgfqCLHJlbmRlcmluZy1lYXN0dXMtcHJvZC1uZXdz LWxpdmUuY2xvdWRhcHAubmV0gixyZW5kZXJpbmctd2VzdHVzLXByb2QtbmV3cy1s aXZlLmNsb3VkYXBwLm5ldIItcmVuZGVyaW5nLW5ldXJvcGUtcHJvZC1uZXdzLWxp dmUuY2xvdWRhcHAubmV0ggxsaXZlLm1zbi5jb22CESoubGl2ZS13cy5tc24uY29t gg4qLmxpdmUubXNuLmNvbYIPbGl2ZS13cy5tc24uY29tgityZW5kZXJpbmctZWFz aWEtcHJvZC1uZXdzLWxpdmUuY2xvdWRhcHAubmV0MIGsBgNVHR8EgaQwgaEwgZ6g gZuggZiGS2h0dHA6Ly9tc2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3Js L01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjAyLmNybIZJaHR0cDovL2NybC5t aWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExT JTIwQ0ElMjAyLmNybDBNBgNVHSAERjBEMEIGCSsGAQQBgjcqATA1MDMGCCsGAQUF BwIBFidodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcHMwHwYD VR0jBBgwFoAUkZ47RGw9V5xCdyo010/RzEqXLNowHQYDVR0lBBYwFAYIKwYBBQUH AwIGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4ICAQBi9s98rWEb9+IiJSzvp1we BtDsHBr0dJgvNS5FlVNNXkC59m4PCbetqjttUu2H4FPDo0Lw85N1NQ/lrPYY29TA 5BhxLTftR9o0YJJeFSDA6M4FD5KdquxqPp1dwGp/6PCZ6IRMYD9WgHirkNP3AacT jxmCFTBmB1fU5VV6Oc6Nmai9K/xsVzZYK2FXxu7w6g+hZIef80z+5538NLV1hbZd B9XbPerIzSa0ynm9bmn6ZbMknoJYFzGtdXtLydVrccq+IIktFjQHEMiUCt46EjXy cOwzbVJ19p4qvzleFyAZ42mNS+LpbtELti0l8+Oq9RAJyvTT5oeu3O+wytiwOWj0 lfgVt6NTXJaD1PH56z+WBqcQNvCY2xR2GhB4xva+tOZo87sQhPPRF4yhUw73sEV1 bH9HWvcYr4ia2KS3LYNdx7c2oZprKPs+M2YVpmHGV0RyhSq7bGcVarMsYE8cjh3s ewqpJtvfsgiiDfkNubwtrQwv6RqS25MCy4U+ZptLGTQ/srW1pj9e+waAn/7roryI qXeksX3c80lLRu1WjzxkDerQT0MEMqsduGtec+Y3SYTlKXJEVgazzRhaf+bwsk5b kxAd5tTP6fAPzdSpFeWOusjG9z1pL5/R979AGAj1mcMXybpDUXEJdX7fKrBhsmiX br0cOlm3MTfzJflJulE8yg== -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA72BtHJn8kaEfy9fehMnk EHPAoFpn/MZSmTDKaxo4ZcEEfUgY0Iz3US/KHEvieYKyKBdqgfN9FcY0oK42LMtQ 8CMTmgyTEpan3tjxdSBktEb5mYXexR427MrEs45mECDc5dYG1mftnU1Q4RcqsIz+ d6wKijtXSYaotsumt22bMZ61BRiWMops2X4eQ83aNc3lCCiInHMY25cQJuqRpjvr fIOF7PFDRILrkeZS1vf5ytneVc4NYSdTg8t7oCyUq7OrKhYzfmZt9BF8dKt9rELm UQ6HdO4xWw3P+yuTRsTwBPFDL9le9PCAERryie7DxemEgbq697p6TBzbiTMaO8WT oQIDAQAB -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 713625759259688994823925613878931811369066268 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Washington' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Redmond' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Microsoft Corporation' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Microsoft IT' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Microsoft IT TLS CA 2' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-03-12 22:00:01 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2021-03-12 22:00:01 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String '*.live-ws.msn.com' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 30218504427018892531957055294596025982358179938219691845724322886938506139242524893929427676386865385365555369816754734416415026640126796970481416090016663454680713044634133544739683331101053197663677937233904651499627586902519801193495387928100439491496292095866107036052978053862736026637818712426145753098982764041541544387748031302577972342122276970073260492990560498144269003320910889564150933599895316555264540769231042834092412940049700501514591891438689794427507780670995625095493611822517289203417803468044839739795959166201037334239492891553134870808072567532530302566561973349724143763941902734871184642977 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (489 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (485 bytes) 01e3007700bbd9dfbc1f8a71b593942397aa927b473857950aab52e81a909664368e1ed1850000016973f4989b00000403004830460221008464f6e97f5012b6f8aac2abbe785c7cd16631c9522ba06f098489e94a1966c4022100fb6771fe10e5d8e56dbbe59f80d3883215161cdec3d80c00a1a5e27ad1ba721e007700ee4bbdb775ce60bae142691fabe19e66a30f7e5fb072d88300c47b897aa8fdcb0000016973f4989f0000040300483046022100e3dc48e9c1642bb92a2bc1bcbbb61867d843d645c7a674f8a5ecc05f9d450b61022100be0537e2802d8487762fc3aaf0ac560a223c2dd1e05a2f9ef78e4cad8bf9bc8d007600a4b90990b418581487bb13a2cc67700a3c359804f91bdfb8e377cd0ec80ddc100000016973f4989d0000040300473045022030a97e876b89369d039e346294c31b888cf0d81b9b82d936d1b43a2f55e94012022100e6a48a97176bbff65fc2b874de363d7cb0f8a0d6c3b88483cb3f9a75c301a7e40077005cdc4392fee6ab4544b15e9ad456e61037fbd5fa47dca17394b25ee6f6c70eca0000016973f498ad0000040300483046022100f969896bc714350c239041d5ce0b5c412214c880883fdf4a9f8e5e5358ba4256022100e9f64332b31f6dd004c804ca797f490b4d551d446318e7b20f78218107dd9704 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.21.10 (applicationCertPolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (26 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.21.7 (certificateTemplate) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (49 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.21.8.16155509.8105089.5391003.2969441.12400096.221.9744322.5884410 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 100 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 29 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (121 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://www.microsoft.com/pki/mscorp/Microsoft%20IT%20TLS%20CA%202.crt' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.msocsp.com' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) f98830af05c11a79d18f2a90f1f0ec782b137054 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4 bits) 04b0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (253 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'rendering-eastus-prod-news-live.cloudapp.net' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'rendering-westus-prod-news-live.cloudapp.net' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'rendering-neurope-prod-news-live.cloudapp.net' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'live.msn.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.live-ws.msn.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.live.msn.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'live-ws.msn.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'rendering-easia-prod-news-live.cloudapp.net' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (164 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://mscrl.microsoft.com/pki/mscorp/crl/Microsoft%20IT%20TLS%20CA%202.crl' . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.microsoft.com/pki/mscorp/crl/Microsoft%20IT%20TLS%20CA%202.crl' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (70 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.42.1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.microsoft.com/pki/mscorp/cps' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 919e3b446c3d579c42772a34d74fd1cc4a972cda . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (4096 bits) 0062f6cf7cad611bf7e222252cefa75c1e06d0ec1c1af474982f352e4595534d5e40b9f66e0f09b7adaa3b6d52ed87e053c3a342f0f39375350fe5acf618dbd4c0e418712d37ed47da3460925e1520c0e8ce050f929daaec6a3e9d5dc06a7fe8f099e8844c603f568078ab90d3f701a7138f19821530660757d4e5557a39ce8d99a8bd2bfc6c5736582b6157c6eef0ea0fa164879ff34cfee79dfc34b57585b65d07d5db3deac8cd26b4ca79bd6e69fa65b3249e82581731ad757b4bc9d56b71cabe20892d16340710c8940ade3a1235f270ec336d5275f69e2abf395e172019e3698d4be2e96ed10bb62d25f3e3aaf51009caf4d3e687aedcefb0cad8b03968f495f815b7a3535c9683d4f1f9eb3f9606a71036f098db14761a1078c6f6beb4e668f3bb1084f3d1178ca1530ef7b045756c7f475af718af889ad8a4b72d835dc7b736a19a6b28fb3e336615a661c6574472852abb6c67156ab32c604f1c8e1dec7b0aa926dbdfb208a20df90db9bc2dad0c2fe91a92db9302cb853e669b4b19343fb2b5b5a63f5efb06809ffeeba2bc88a977a4b17ddcf3494b46ed568f3c640dead04f430432ab1db86b5e73e6374984e52972445606b3cd185a7fe6f0b24e5b93101de6d4cfe9f00fcdd4a915e58ebac8c6f73d692f9fd1f7bf401808f599c317c9ba43517109757edf2ab061b268976ebd1c3a59b73137f325f949ba513cca