g.msn.com
Issued by Microsoft IT TLS CA 4
About this certificate
This digital certificate with serial number 16:00:05:54:08:f8:d5:42:5a:8d:70:43:58:00:00:00:05:54:08 was issued on by Microsoft Corporation.
With 15 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- KeyUsage [DataEncipherment DigitalSignature KeyEncipherment] (00001101) inconsistent with multiple purpose ExtKeyUsage [clientAuth serverAuth] The certificate MUST only be used for a purpose consistent with both key usage extension and extended key usage extension. (RFC 5280, Section 4.2.1.12.)
- Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)
- The keyUsage extension SHOULD be critical (RFC 5280: 4.2.1.3)
Certificate Subject
CN=g.msn.com
Microsoft Corporation
Organization:
Microsoft Corporation
Organization unit: Microsoft IT
Organization unit: Microsoft IT
State / Province:
Washington
Locality: Redmond
Country: US
Locality: Redmond
Country: US
This certificate has expire since
Certificate Details
Serial Number (hex): 16:00:05:54:08:f8:d5:42:5a:8d:70:43:58:00:00:00:05:54:08Serial Number (int): 490618207481245268323118112924525124831761416
Serial Number lenght: 149 bits, 19 octets
SubjectKeyId: 1b:a1:2c:53:3d:71:16:8d:8b:0e:fe:e0:3b:96:90:67:ab:e0:9b:b8
AuthorityKeyId: 7a:7b:8c:c1:cf:e7:a0:ca:1c:d4:6b:fa:fb:e1:33:c3:0f:1a:a2:9d
Fingerprint (sha1): 0e:fa:4f:ec:4a:82:65:ae:4c:b3:18:a0:ed:ff:65:9c:0a:d3:81:2e
Fingerprint (sha256): 03:8e:c4:6a:8b:9e:31:81:89:89:47:8c:f0:29:b4:49:a0:f1:b6:59:76:5a:1b:54:48:9e:5f:32:80:77:c6:da
Issuing Certificate URL: http://www.microsoft.com/pki/mscorp/Microsoft%20IT%20TLS%20CA%204.crt
Revocation information
OCSP Server: http://ocsp.msocsp.comCRL Distribution Point: http://mscrl.microsoft.com/pki/mscorp/crl/Microsoft%20IT%20TLS%20CA%204.crl
CRL Distribution Point: http://crl.microsoft.com/pki/mscorp/crl/Microsoft%20IT%20TLS%20CA%204.crl
Check the revocation status for certificate g.msn.com
15
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for g.msn.com
Public Key Algorithm
RSA
Key Size
2048
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Data Encipherment
Extended Key Usages
Client Authentication
Server Authentication
Extensions
12 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
g.msn.com
w.g.msn.com
unvalidated.g.msn.com
g.bing.com
bat.bing.com
g.live.com
g.microsoft.com
g.microsoftonline.com
g.msn.co.uk
g.live.co.uk
g.msn.co.jp
g.live.co.jp
bat.r.msn.com
azureid.microsoft.com
analyticspixel.microsoft.com
w.g.msn.com
unvalidated.g.msn.com
g.bing.com
bat.bing.com
g.live.com
g.microsoft.com
g.microsoftonline.com
g.msn.co.uk
g.live.co.uk
g.msn.co.jp
g.live.co.jp
bat.r.msn.com
azureid.microsoft.com
analyticspixel.microsoft.com
Other certificates including the domain name msn.com
(limited to 100 certificates)
suppadmgw.css.msn.com
amor.co.msn.com
*.contacts.msn.com
sync-sg1.trusted.msntv.msn.com
storage.live.com
apinternal.messenger.msn.com
ssl003.insnw.net
images.partner.windowsphone.com
account.microsoft.com
*.oneservice.msn.com
music.msn.com
*.vo.msecnd.net
*.events.data.microsoft.com
Reg.msn.com
advertising-uat.microsoft.com
fpt.microsoft.com
ssl003.insnw.net
*.sip.messenger.msn.com
suppsugw.css.msn.com
msniaap.msn.com
support.msn.com
*.msn.com
fpt.microsoft.com
sps-out.msn.com
*.vo.msecnd.net
scstest.msn.com
mail.live.com
arc.msn.com
stda02.zone.msn.com
zone.msn.com
www.mappoint.com
cdn.content.prod.cms.msn.com
omt.msn.com
ac3.msn.com
*.events-sandbox.data.microsoft.com
mobileexplorers.ca.msn.com
*.vo.msecnd.net
virtualearth.at
*.live-ws.msn.com
sendersupport.olc.protection.outlook.com
alerts.push.direct.msn.com
*.vo.msecnd.net
help.msn.com
g.msn.com
beta.it.money.msn.com
storage.live.com
adbroker.mp.dse.microsoft.com
*.ssl.catalog.video.msn.com
analytics.r.msn.com
www.multimap.com
featureupdate.msn.com
ssl003.insnw.net
ssl003.insnw.net
*.storage.msn.com
partnerprovider2.pcs.v2s.msn.com
*.msn.com
toolbar.msn.com
mail.live.com
f.msn.com
feedback.office.microsoft.com
partnerportal.msn.com
spaws.msn.com
api.choice.microsoft.com
fpt.microsoft.com
msniafeed.msn.com
federation.messenger.msn.com
api.partner.msn.com
www.bing.com
stdg02.zone.msn.com
test.cms.cdp.msn.com
storage.live.com
logging.msnia.msn.com
texreg2.msn.com
*.events-sandbox.data.microsoft.com
c.msn.com
querypre.prod.cms.msn.com
*.events.data.microsoft.com
okauth.questionbox.jp.msn.com
beta5.idss.msn.com
g.msn.com
*.events.data.microsoft.com
ssl003.insnw.net
storage.live.com
*.events.data.microsoft.com
api.choice.microsoft.com
*.vo.msecnd.net
storage.live.com
dev.assets.msn.com
ca.moneycentral.msn.com
*.events.data.microsoft.com
answers.msn.com
*.msn.com
uploadlog2.msn.com
*.cn.msn.com
storage.msn.com
blog.msn.com
stda01.zone.msn.com
*.vo.msecnd.net
*.msn.com
client.msn.com
amor.co.msn.com
*.contacts.msn.com
sync-sg1.trusted.msntv.msn.com
storage.live.com
apinternal.messenger.msn.com
ssl003.insnw.net
images.partner.windowsphone.com
account.microsoft.com
*.oneservice.msn.com
music.msn.com
*.vo.msecnd.net
*.events.data.microsoft.com
Reg.msn.com
advertising-uat.microsoft.com
fpt.microsoft.com
ssl003.insnw.net
*.sip.messenger.msn.com
suppsugw.css.msn.com
msniaap.msn.com
support.msn.com
*.msn.com
fpt.microsoft.com
sps-out.msn.com
*.vo.msecnd.net
scstest.msn.com
mail.live.com
arc.msn.com
stda02.zone.msn.com
zone.msn.com
www.mappoint.com
cdn.content.prod.cms.msn.com
omt.msn.com
ac3.msn.com
*.events-sandbox.data.microsoft.com
mobileexplorers.ca.msn.com
*.vo.msecnd.net
virtualearth.at
*.live-ws.msn.com
sendersupport.olc.protection.outlook.com
alerts.push.direct.msn.com
*.vo.msecnd.net
help.msn.com
g.msn.com
beta.it.money.msn.com
storage.live.com
adbroker.mp.dse.microsoft.com
*.ssl.catalog.video.msn.com
analytics.r.msn.com
www.multimap.com
featureupdate.msn.com
ssl003.insnw.net
ssl003.insnw.net
*.storage.msn.com
partnerprovider2.pcs.v2s.msn.com
*.msn.com
toolbar.msn.com
mail.live.com
f.msn.com
feedback.office.microsoft.com
partnerportal.msn.com
spaws.msn.com
api.choice.microsoft.com
fpt.microsoft.com
msniafeed.msn.com
federation.messenger.msn.com
api.partner.msn.com
www.bing.com
stdg02.zone.msn.com
test.cms.cdp.msn.com
storage.live.com
logging.msnia.msn.com
texreg2.msn.com
*.events-sandbox.data.microsoft.com
c.msn.com
querypre.prod.cms.msn.com
*.events.data.microsoft.com
okauth.questionbox.jp.msn.com
beta5.idss.msn.com
g.msn.com
*.events.data.microsoft.com
ssl003.insnw.net
storage.live.com
*.events.data.microsoft.com
api.choice.microsoft.com
*.vo.msecnd.net
storage.live.com
dev.assets.msn.com
ca.moneycentral.msn.com
*.events.data.microsoft.com
answers.msn.com
*.msn.com
uploadlog2.msn.com
*.cn.msn.com
storage.msn.com
blog.msn.com
stda01.zone.msn.com
*.vo.msecnd.net
*.msn.com
client.msn.com
Certificate
The complete raw certificate details for g.msn.com in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIIIzCCBgugAwIBAgITFgAFVAj41UJajXBDWAAAAAVUCDANBgkqhkiG9w0BAQsF ADCBizELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcT B1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEVMBMGA1UE CxMMTWljcm9zb2Z0IElUMR4wHAYDVQQDExVNaWNyb3NvZnQgSVQgVExTIENBIDQw HhcNMTkwNjE1MDAxNzMyWhcNMjEwNjE1MDAxNzMyWjAUMRIwEAYDVQQDEwlnLm1z bi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzU+8sMLOrjyqT mCH2VuZ/5ulWz/0dDNMn8ax7iy1Xt4BEeG67avsznj0EGbfx4ZbRxvcclMv4EaSQ fuoEzPdjp/JC0xnDM2UXjOGWlMtH/M0LUGykISDHZoNN5mUh2RILFB7stM5ttCcr XBi07iAvumtAnOURhEQgxcdItU79FM8DNNn+h2AQ/EBB66NnE/7t0E+YTbR5oHkT aWpE4+qpj5k2EaJcpVNdIXbOdtrVG4aBR56Tqxl6byK2Jw9tGx5BRiaytjkGq++r 5rbhLY0bVezAuzygW6m7pSaoOwO2O1rp6NioMzElUiKQ0TWzUM5WXpapdvyPPqYm 4fK8IRFVAgMBAAGjggP0MIID8DB4BgkqhkiG9w0BCQ8EazBpMA4GCCqGSIb3DQMC AgIAgDAOBggqhkiG9w0DBAICAIAwCwYJYIZIAWUDBAEqMAsGCWCGSAFlAwQBLTAL BglghkgBZQMEAQIwCwYJYIZIAWUDBAEFMAcGBSsOAwIHMAoGCCqGSIb3DQMHMBMG CisGAQQB1nkCBAMBAf8EAgUAMCcGCSsGAQQBgjcVCgQaMBgwCgYIKwYBBQUHAwIw CgYIKwYBBQUHAwEwPgYJKwYBBAGCNxUHBDEwLwYnKwYBBAGCNxUIh9qGdYPu2QGC yYUbgbWeYYX062CBXYTS30KC55N6AgFkAgEdMIGFBggrBgEFBQcBAQR5MHcwUQYI KwYBBQUHMAKGRWh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL01p Y3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA0LmNydDAiBggrBgEFBQcwAYYWaHR0 cDovL29jc3AubXNvY3NwLmNvbTAdBgNVHQ4EFgQUG6EsUz1xFo2LDv7gO5aQZ6vg m7gwCwYDVR0PBAQDAgSwMIIBAgYDVR0RBIH6MIH3gglnLm1zbi5jb22CC3cuZy5t c24uY29tghV1bnZhbGlkYXRlZC5nLm1zbi5jb22CCmcuYmluZy5jb22CDGJhdC5i aW5nLmNvbYIKZy5saXZlLmNvbYIPZy5taWNyb3NvZnQuY29tghVnLm1pY3Jvc29m dG9ubGluZS5jb22CC2cubXNuLmNvLnVrggxnLmxpdmUuY28udWuCC2cubXNuLmNv LmpwggxnLmxpdmUuY28uanCCDWJhdC5yLm1zbi5jb22CFWF6dXJlaWQubWljcm9z b2Z0LmNvbYIcYW5hbHl0aWNzcGl4ZWwubWljcm9zb2Z0LmNvbTCBrAYDVR0fBIGk MIGhMIGeoIGboIGYhktodHRwOi8vbXNjcmwubWljcm9zb2Z0LmNvbS9wa2kvbXNj b3JwL2NybC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwNC5jcmyGSWh0dHA6 Ly9jcmwubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NybC9NaWNyb3NvZnQlMjBJ VCUyMFRMUyUyMENBJTIwNC5jcmwwTQYDVR0gBEYwRDBCBgkrBgEEAYI3KgEwNTAz BggrBgEFBQcCARYnaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAv Y3BzMB8GA1UdIwQYMBaAFHp7jMHP56DKHNRr+vvhM8MPGqKdMB0GA1UdJQQWMBQG CCsGAQUFBwMCBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAgEAjNtRnPk4I0Qf 33d1B76VA64bPMsKyWsMftpHwChU7Q4hrMdAOvaS7FuqlgoeEeCKzDJYPekTDZ/i s6Y1tpro3ZSJGlNO8f7toTt35odzF6yQZBWYqVJAW3pHbQrsGAb5r7rpfTf86B7a z+mlF/qZubAD5YfJdiw5DryH9sq9aQqByZQxWRoHhPj8eZkI7j/+XxWpFFK4qfF4 lSHYH0DIq5BZuE3x2aO8OkneynB0B38VAfbZN2W6/do/GTWQWgOfVjATaZwnC5y/ zzViCtl1VVKQehPlZSS9Kj0vTlQLFaECWRFWGTmQwvdpcK2tjwsAWmyUT6KUWiVC SqY0V94Ehv9e1smHs5ELdb5zyR6oBQf1POHIg/zF5CaOcVdtogLoLN2DZeaSHmHG 0JAfNA+QOgLPd+zcS85CtrTelAt3slE0ZVmI8bVUDzgbHS86um+mVgJtVVhsZpVK Vxk/xHg8wFXlBLxXQqGok7h4kvCZZX4ukS+BEngA5I3C9TnnUPbUeQjmOEP2s0Xf CnBCJPmYtrUv10Bsc6J3lY6SOum2ZEiKHWI+WaWbYBIhpcFEn9P9XJqpcEuSYAXb E9JyN54/9J9M1ue8mAeM9P/E7oc1azagiqjU00+BCq9ia67wrxHxd0TYwJe+l78E KqZHlInPjgPbjRQUQelLDnGn3UEfWt0= -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs1PvLDCzq48qk5gh9lbm f+bpVs/9HQzTJ/Gse4stV7eARHhuu2r7M549BBm38eGW0cb3HJTL+BGkkH7qBMz3 Y6fyQtMZwzNlF4zhlpTLR/zNC1BspCEgx2aDTeZlIdkSCxQe7LTObbQnK1wYtO4g L7prQJzlEYREIMXHSLVO/RTPAzTZ/odgEPxAQeujZxP+7dBPmE20eaB5E2lqROPq qY+ZNhGiXKVTXSF2znba1RuGgUeek6sZem8iticPbRseQUYmsrY5Bqvvq+a24S2N G1XswLs8oFupu6UmqDsDtjta6ejYqDMxJVIikNE1s1DOVl6WqXb8jz6mJuHyvCER VQIDAQAB -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 490618207481245268323118112924525124831761416 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Washington' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Redmond' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Microsoft Corporation' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Microsoft IT' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Microsoft IT TLS CA 4' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-06-15 00:17:32 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2021-06-15 00:17:32 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'g.msn.com' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 22638046119103722693014803559817909577106362122616129556376642502096972776720445697828799580411942972541065623249357212840893298244868270106101000614562481155186860388104817831740699375374648829426549851811405852510252171361405399310464498366362389581518440600312864296642684607753672171166969219016117713428649938889059014007214245472948338737071626721186732417434466182305115586058957391707696750748033516218263663657247063542938884701214208641597795923058912432107814861538371524423753767492722016076469338363460015690545678329696011394538653337458667193131951179178824809577238813930492906976755662889595284033877 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.9.15 (sMIMECapabilities) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (107 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.3.2 (rc2CBC) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 128 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.3.4 (rc4) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 128 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.101.3.4.1.42 (aes256-CBC) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.101.3.4.1.45 (aes256-wrap) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.101.3.4.1.2 (aes128-CBC) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.101.3.4.1.5 (aes128-wrap) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.14.3.2.7 (desCBC) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.3.7 (des-EDE3-CBC) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.21.10 (applicationCertPolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (26 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.21.7 (certificateTemplate) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (49 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.21.8.16155509.8105089.5391003.2969441.12400096.221.9744322.5884410 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 100 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 29 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (121 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://www.microsoft.com/pki/mscorp/Microsoft%20IT%20TLS%20CA%204.crt' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.msocsp.com' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) 1ba12c533d71168d8b0efee03b969067abe09bb8 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4 bits) 04b0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (250 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'g.msn.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'w.g.msn.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'unvalidated.g.msn.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'g.bing.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'bat.bing.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'g.live.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'g.microsoft.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'g.microsoftonline.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'g.msn.co.uk' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'g.live.co.uk' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'g.msn.co.jp' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'g.live.co.jp' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'bat.r.msn.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'azureid.microsoft.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'analyticspixel.microsoft.com' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (164 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://mscrl.microsoft.com/pki/mscorp/crl/Microsoft%20IT%20TLS%20CA%204.crl' . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.microsoft.com/pki/mscorp/crl/Microsoft%20IT%20TLS%20CA%204.crl' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (70 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.42.1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.microsoft.com/pki/mscorp/cps' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 7a7b8cc1cfe7a0ca1cd46bfafbe133c30f1aa29d . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (4096 bits) 008cdb519cf93823441fdf777507be9503ae1b3ccb0ac96b0c7eda47c02854ed0e21acc7403af692ec5baa960a1e11e08acc32583de9130d9fe2b3a635b69ae8dd94891a534ef1feeda13b77e6877317ac90641598a952405b7a476d0aec1806f9afbae97d37fce81edacfe9a517fa99b9b003e587c9762c390ebc87f6cabd690a81c99431591a0784f8fc799908ee3ffe5f15a91452b8a9f1789521d81f40c8ab9059b84df1d9a3bc3a49deca7074077f1501f6d93765bafdda3f1935905a039f563013699c270b9cbfcf35620ad9755552907a13e56524bd2a3d2f4e540b15a102591156193990c2f76970adad8f0b005a6c944fa2945a25424aa63457de0486ff5ed6c987b3910b75be73c91ea80507f53ce1c883fcc5e4268e71576da202e82cdd8365e6921e61c6d0901f340f903a02cf77ecdc4bce42b6b4de940b77b25134655988f1b5540f381b1d2f3aba6fa656026d55586c66954a57193fc4783cc055e504bc5742a1a893b87892f099657e2e912f81127800e48dc2f539e750f6d47908e63843f6b345df0a704224f998b6b52fd7406c73a277958e923ae9b664488a1d623e59a59b601221a5c1449fd3fd5c9aa9704b926005db13d272379e3ff49f4cd6e7bc98078cf4ffc4ee87356b36a08aa8d4d34f810aaf626baef0af11f17744d8c097be97bf042aa6479489cf8e03db8d141441e94b0e71a7dd411f5add