ssl384476.cloudflaressl.com

Issued by COMODO Domain Validation Legacy Server CA 2

About this certificate

This digital certificate with serial number ce:f1:14:7a:94:8f:97:4e:78:20:30:3e:ad:fe:81:fc was issued on by COMODO CA Limited.

With 97 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • CAs MUST NOT issue any new Subscriber certificates or Subordinate CA certificates using SHA-1 after 1 January 2016 (BRs: 7.1.3)
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)
  • Subscriber certificates using the SHA-1 algorithm SHOULD NOT have an expiration date later than 1 Jan 2017 (BRs: 7.1.3)

Certificate Subject

CN=ssl384476.cloudflaressl.com,OU=Domain Control Validated+OU=Legacy Multi-Domain SSL

COMODO CA Limited

Organization: COMODO CA Limited
State / Province: Greater Manchester
Locality: Salford
Country: GB

This certificate has expire since

Certificate Details

Serial Number (hex): ce:f1:14:7a:94:8f:97:4e:78:20:30:3e:ad:fe:81:fc
Serial Number (int): 275072726034604835420922654129074897404
Serial Number lenght: 128 bits, 16 octets

SubjectKeyId: d4:75:58:1e:11:ec:cf:06:a7:bf:d7:a4:36:e3:59:7b:50:5a:e4:91
AuthorityKeyId: 99:8e:02:95:c5:1e:55:22:7b:87:70:8b:5e:1c:01:c2:76:c4:ae:e8

Fingerprint (sha1): 11:fd:a1:65:d7:14:18:99:f0:43:ba:c6:68:b9:26:ad:fc:d3:77:1d
Fingerprint (sha256): 04:16:e4:9f:38:1d:95:7f:80:ee:09:e0:53:cf:51:d8:84:0d:a5:3c:dc:6a:63:11:3f:3f:f4:2d:6a:fa:97:04

Issuing Certificate URL: http://crt.comodoca4.com/COMODODomainValidationLegacyServerCA2.crt

Revocation information

OCSP Server: http://ocsp.comodoca4.com
CRL Distribution Point: http://crl.comodoca4.com/COMODODomainValidationLegacyServerCA2.crl

Check the revocation status for certificate ssl384476.cloudflaressl.com

97

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for ssl384476.cloudflaressl.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA1 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

ssl384476.cloudflaressl.com
*.alcon.co.it
*.alcon.co.kr
*.alconpharma.jp
*.nibr.com
*.novartis.be
*.novartis.ca
*.novartis.ch
*.novartis.co.jp
*.novartis.co.kr
*.novartis.com
*.novartis.com.ar
*.novartis.com.br
*.novartis.com.ec
*.novartis.com.hk
*.novartis.com.my
*.novartis.com.pe
*.novartis.com.ph
*.novartis.com.tw
*.novartis.cz
*.novartis.de
*.novartis.dk
*.novartis.fr
*.novartis.ie
*.novartis.no
*.novartis.pl
*.novartis.se
*.novartis.sk
*.sandoz.ca
*.sandoz.com
*.sandoz.com.ar
*.sandoz.com.au
*.sandoz.com.cn
*.sandoz.com.tr
*.sandoz.cz
*.sandoz.dk
*.sandoz.fi
*.sandoz.fr
*.sandoz.hr
*.sandoz.hu
*.sandoz.it
*.sandoz.nl
*.sandoz.no
*.sandoz.pl
*.sandoz.ru
*.sandoz.se
*.sandoz.ua
*.sandoz.uk.com
*.sandozfarma.es
alcon.co.it
alcon.co.kr
alconpharma.jp
nibr.com
novartis.be
novartis.ca
novartis.ch
novartis.co.jp
novartis.co.kr
novartis.com
novartis.com.ar
novartis.com.br
novartis.com.ec
novartis.com.hk
novartis.com.my
novartis.com.pe
novartis.com.ph
novartis.com.tw
novartis.cz
novartis.de
novartis.dk
novartis.fr
novartis.ie
novartis.no
novartis.pl
novartis.se
novartis.sk
sandoz.ca
sandoz.com
sandoz.com.ar
sandoz.com.au
sandoz.com.cn
sandoz.com.tr
sandoz.cz
sandoz.dk
sandoz.fi
sandoz.fr
sandoz.hr
sandoz.hu
sandoz.it
sandoz.nl
sandoz.no
sandoz.pl
sandoz.ru
sandoz.se
sandoz.ua
sandoz.uk.com
sandozfarma.es

Other certificates including the domain name cloudflaressl.com

(limited to 100 certificates)
ssl381797.cloudflaressl.com
sni32503.cloudflaressl.com
sni.cloudflaressl.com
sni.cloudflaressl.com
sni115750.cloudflaressl.com
sni.cloudflaressl.com
sni155855.cloudflaressl.com
sni59049.cloudflaressl.com
sni.cloudflaressl.com
sni.cloudflaressl.com
sni.cloudflaressl.com
sni.cloudflaressl.com
sni.cloudflaressl.com
sni.cloudflaressl.com
sni211154.cloudflaressl.com
sni.cloudflaressl.com
sni189810.cloudflaressl.com
sni.cloudflaressl.com
sni.cloudflaressl.com
sni.cloudflaressl.com
sni.cloudflaressl.com
sni856209.cloudflaressl.com
sni.cloudflaressl.com
sni.cloudflaressl.com
sni.cloudflaressl.com
sni.cloudflaressl.com
sni.cloudflaressl.com
sni90611.cloudflaressl.com
sni.cloudflaressl.com
sni178904.cloudflaressl.com
sni26581.cloudflaressl.com
sni.cloudflaressl.com
sni.cloudflaressl.com
sni.cloudflaressl.com
sni.cloudflaressl.com
sni.cloudflaressl.com
sni193995.cloudflaressl.com
sni44161.cloudflaressl.com
sni159804.cloudflaressl.com
sni.cloudflaressl.com
sni.cloudflaressl.com
sni.cloudflaressl.com
sni146505.cloudflaressl.com
sni.cloudflaressl.com
sni.cloudflaressl.com
sni.cloudflaressl.com
sni.cloudflaressl.com
sni.cloudflaressl.com
sni.cloudflaressl.com
sni.cloudflaressl.com
sni227751.cloudflaressl.com
sni240860.cloudflaressl.com
sni.cloudflaressl.com
sni.cloudflaressl.com
sni.cloudflaressl.com
sni163960.cloudflaressl.com
sni.cloudflaressl.com
sni.cloudflaressl.com
sni.cloudflaressl.com
ssl829466.cloudflaressl.com
sni.cloudflaressl.com
sni44515.cloudflaressl.com
sni.cloudflaressl.com
sni226824.cloudflaressl.com
sni.cloudflaressl.com
sni238751.cloudflaressl.com
sni.cloudflaressl.com
sni.cloudflaressl.com
sni171982.cloudflaressl.com
sni66010.cloudflaressl.com
sni.cloudflaressl.com
sni.cloudflaressl.com
sni.cloudflaressl.com
sni.cloudflaressl.com
sni.cloudflaressl.com
sni204563.cloudflaressl.com
sni147888.cloudflaressl.com
sni.cloudflaressl.com
sni.cloudflaressl.com
sni70031.cloudflaressl.com
sni59352.cloudflaressl.com
sni165754.cloudflaressl.com
sni.cloudflaressl.com
sni234389.cloudflaressl.com
sni.cloudflaressl.com
sni.cloudflaressl.com
sni.cloudflaressl.com
sni188256.cloudflaressl.com
sni.cloudflaressl.com
sni.cloudflaressl.com
sni.cloudflaressl.com
sni.cloudflaressl.com
sni61492.cloudflaressl.com
sni.cloudflaressl.com
sni110040.cloudflaressl.com
sni.cloudflaressl.com
sni.cloudflaressl.com
sni.cloudflaressl.com
sni.cloudflaressl.com
sni.cloudflaressl.com

Certificate

The complete raw certificate details for ssl384476.cloudflaressl.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIL0DCCCrigAwIBAgIRAM7xFHqUj5dOeCAwPq3+gfwwDQYJKoZIhvcNAQEFBQAw
gY4xCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO
BgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMTQwMgYD
VQQDEytDT01PRE8gRG9tYWluIFZhbGlkYXRpb24gTGVnYWN5IFNlcnZlciBDQSAy
MB4XDTE4MDkyNzAwMDAwMFoXDTE5MDQwNTIzNTk1OVowazEhMB8GA1UECxMYRG9t
YWluIENvbnRyb2wgVmFsaWRhdGVkMSAwHgYDVQQLExdMZWdhY3kgTXVsdGktRG9t
YWluIFNTTDEkMCIGA1UEAxMbc3NsMzg0NDc2LmNsb3VkZmxhcmVzc2wuY29tMIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz69NnIhh/dOG4foiU2fxu7T9
4TXJoIch7VOTx99Gh+5HoA8cmF8JzQjIsN6cFH4goBIw2LM+5XBzg3mBbB7KyXhQ
ZhwrBM7AhPKX/D9AR9i9LGOF9T1a2IPaSOHgGALquphUruOh3sEPLolF+H2Bs4CT
XYqFvnBc7nsd8i/K438KLQ2MrEw326hmQ9X2KC/OGbTh6yzSoJkv+XbRU/klP7FZ
G4Hp8dIgd2nIP/Z1hfY8ooev5L5rZVfByodvmYrGKdSAaO1e5GiJfizUvsBvbPsY
AYKDxCZ+/D8ZjrPof8fJ/HXc/gFeX2tUI9qRxXro97V9DcMFK3G/Jr6+xDnCnwID
AQABo4IISTCCCEUwHwYDVR0jBBgwFoAUmY4ClcUeVSJ7h3CLXhwBwnbErugwHQYD
VR0OBBYEFNR1WB4R7M8Gp7/XpDbjWXtQWuSRMA4GA1UdDwEB/wQEAwIFoDAMBgNV
HRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBFBgNVHSAE
PjA8MDoGCysGAQQBsjEBAgIHMCswKQYIKwYBBQUHAgEWHWh0dHBzOi8vc2VjdXJl
LmNvbW9kby5jb20vQ1BTMFMGA1UdHwRMMEowSKBGoESGQmh0dHA6Ly9jcmwuY29t
b2RvY2E0LmNvbS9DT01PRE9Eb21haW5WYWxpZGF0aW9uTGVnYWN5U2VydmVyQ0Ey
LmNybDCBhQYIKwYBBQUHAQEEeTB3ME4GCCsGAQUFBzAChkJodHRwOi8vY3J0LmNv
bW9kb2NhNC5jb20vQ09NT0RPRG9tYWluVmFsaWRhdGlvbkxlZ2FjeVNlcnZlckNB
Mi5jcnQwJQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3NwLmNvbW9kb2NhNC5jb20wggWY
BgNVHREEggWPMIIFi4Ibc3NsMzg0NDc2LmNsb3VkZmxhcmVzc2wuY29tgg0qLmFs
Y29uLmNvLml0gg0qLmFsY29uLmNvLmtyghAqLmFsY29ucGhhcm1hLmpwggoqLm5p
YnIuY29tgg0qLm5vdmFydGlzLmJlgg0qLm5vdmFydGlzLmNhgg0qLm5vdmFydGlz
LmNoghAqLm5vdmFydGlzLmNvLmpwghAqLm5vdmFydGlzLmNvLmtygg4qLm5vdmFy
dGlzLmNvbYIRKi5ub3ZhcnRpcy5jb20uYXKCESoubm92YXJ0aXMuY29tLmJyghEq
Lm5vdmFydGlzLmNvbS5lY4IRKi5ub3ZhcnRpcy5jb20uaGuCESoubm92YXJ0aXMu
Y29tLm15ghEqLm5vdmFydGlzLmNvbS5wZYIRKi5ub3ZhcnRpcy5jb20ucGiCESou
bm92YXJ0aXMuY29tLnR3gg0qLm5vdmFydGlzLmN6gg0qLm5vdmFydGlzLmRlgg0q
Lm5vdmFydGlzLmRrgg0qLm5vdmFydGlzLmZygg0qLm5vdmFydGlzLmllgg0qLm5v
dmFydGlzLm5vgg0qLm5vdmFydGlzLnBsgg0qLm5vdmFydGlzLnNlgg0qLm5vdmFy
dGlzLnNrggsqLnNhbmRvei5jYYIMKi5zYW5kb3ouY29tgg8qLnNhbmRvei5jb20u
YXKCDyouc2FuZG96LmNvbS5hdYIPKi5zYW5kb3ouY29tLmNugg8qLnNhbmRvei5j
b20udHKCCyouc2FuZG96LmN6ggsqLnNhbmRvei5ka4ILKi5zYW5kb3ouZmmCCyou
c2FuZG96LmZyggsqLnNhbmRvei5ocoILKi5zYW5kb3ouaHWCCyouc2FuZG96Lml0
ggsqLnNhbmRvei5ubIILKi5zYW5kb3oubm+CCyouc2FuZG96LnBsggsqLnNhbmRv
ei5ydYILKi5zYW5kb3ouc2WCCyouc2FuZG96LnVhgg8qLnNhbmRvei51ay5jb22C
ECouc2FuZG96ZmFybWEuZXOCC2FsY29uLmNvLml0ggthbGNvbi5jby5rcoIOYWxj
b25waGFybWEuanCCCG5pYnIuY29tggtub3ZhcnRpcy5iZYILbm92YXJ0aXMuY2GC
C25vdmFydGlzLmNogg5ub3ZhcnRpcy5jby5qcIIObm92YXJ0aXMuY28ua3KCDG5v
dmFydGlzLmNvbYIPbm92YXJ0aXMuY29tLmFygg9ub3ZhcnRpcy5jb20uYnKCD25v
dmFydGlzLmNvbS5lY4IPbm92YXJ0aXMuY29tLmhrgg9ub3ZhcnRpcy5jb20ubXmC
D25vdmFydGlzLmNvbS5wZYIPbm92YXJ0aXMuY29tLnBogg9ub3ZhcnRpcy5jb20u
dHeCC25vdmFydGlzLmN6ggtub3ZhcnRpcy5kZYILbm92YXJ0aXMuZGuCC25vdmFy
dGlzLmZyggtub3ZhcnRpcy5pZYILbm92YXJ0aXMubm+CC25vdmFydGlzLnBsggtu
b3ZhcnRpcy5zZYILbm92YXJ0aXMuc2uCCXNhbmRvei5jYYIKc2FuZG96LmNvbYIN
c2FuZG96LmNvbS5hcoINc2FuZG96LmNvbS5hdYINc2FuZG96LmNvbS5jboINc2Fu
ZG96LmNvbS50coIJc2FuZG96LmN6gglzYW5kb3ouZGuCCXNhbmRvei5maYIJc2Fu
ZG96LmZygglzYW5kb3ouaHKCCXNhbmRvei5odYIJc2FuZG96Lml0gglzYW5kb3ou
bmyCCXNhbmRvei5ub4IJc2FuZG96LnBsgglzYW5kb3oucnWCCXNhbmRvei5zZYIJ
c2FuZG96LnVhgg1zYW5kb3oudWsuY29tgg5zYW5kb3pmYXJtYS5lczCCAQQGCisG
AQQB1nkCBAIEgfUEgfIA8AB2AO5Lvbd1zmC64UJpH6vhnmajD35fsHLYgwDEe4l6
qP3LAAABZhhlKHsAAAQDAEcwRQIgYMQg6W9b5OxqZ4bi7tkwS5HsBNwERBqCFKJJ
4aFYbhwCIQDR2EPFK+oH/YLvd9LJEfAV7mBR0aKwyQ5TAK7W6PH52wB2AHR+2oMx
rTMQkSGcziVPQnDCv/1eQiAIxjc1eeYQe8xWAAABZhhlKLIAAAQDAEcwRQIhAIji
NzXSDedFgic2M2LvugJGdBDGCqFjZuiivkkXNG6UAiAKI4+usHVFiD9qMYOBBrmA
8iJ6K8PdL8MZqe4HbuppwDANBgkqhkiG9w0BAQUFAAOCAQEAgl17vyocrHD2QSou
tcQ50Oo5DJJC9LJ48ncT/pyImRY6M5+ClpLsw7/RLQfl0qX0fiXx5abXt6IfI+ns
FTKaiWNWvn4t4gNagZIobt6BuQUbiwXU6go8Hq3QOt4nAK9oiWTz/dCEjBeAKMU3
DK8ImzPK68SvHvj+JUq4pUPd3VNxV5AdobofcLb+6oBJCbJRnoITwjKbUISTeiAf
1QnKctSOJpTXMGD6hcnXiCjiE8aSqzbrgC/Pkq/sWjbg6ik++NFzJlGc4H3QkTV6
TVH/DB89qO65pDRRJB+i2LPchfmVFnkJjWMl7ogRLV7kpPUP7ho8catwc5I5DV3d
mmPfwg==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz69NnIhh/dOG4foiU2fx
u7T94TXJoIch7VOTx99Gh+5HoA8cmF8JzQjIsN6cFH4goBIw2LM+5XBzg3mBbB7K
yXhQZhwrBM7AhPKX/D9AR9i9LGOF9T1a2IPaSOHgGALquphUruOh3sEPLolF+H2B
s4CTXYqFvnBc7nsd8i/K438KLQ2MrEw326hmQ9X2KC/OGbTh6yzSoJkv+XbRU/kl
P7FZG4Hp8dIgd2nIP/Z1hfY8ooev5L5rZVfByodvmYrGKdSAaO1e5GiJfizUvsBv
bPsYAYKDxCZ+/D8ZjrPof8fJ/HXc/gFeX2tUI9qRxXro97V9DcMFK3G/Jr6+xDnC
nwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 275072726034604835420922654129074897404
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.5 (sha1WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GB'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Greater Manchester'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Salford'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'COMODO CA Limited'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'COMODO Domain Validation Legacy Server CA 2'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2018-09-27 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-04-05 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Domain Control Validated'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Legacy Multi-Domain SSL'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'ssl384476.cloudflaressl.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 26217774342835209127043537194827866656836140381381592091325057944491332890264747844983304459266451058332037691296429302453539227456791081881278012629798330330656052984010907054452616804318261986902170506103250942670778733424835252034973523626965883218684556824535686524052010817730481372522961151263354289380938310903653558228698070155291865003898210707796259549255286829054767109168626848197157623061604446058920527319266523444724265375117161233883221848198523223469102262135813493984855096465547278694625724081623758415835103170276601710532251051926422935229811389106410042033738268969928244683949840048665910690463
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 998e0295c51e55227b87708b5e1c01c276c4aee8
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							d475581e11eccf06a7bfd7a436e3597b505ae491
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (62 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.6449.1.2.2.7
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://secure.comodo.com/CPS'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (76 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.comodoca4.com/COMODODomainValidationLegacyServerCA2.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (121 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.comodoca4.com/COMODODomainValidationLegacyServerCA2.crt'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.comodoca4.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (1423 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ssl384476.cloudflaressl.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.alcon.co.it'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.alcon.co.kr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.alconpharma.jp'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.nibr.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.novartis.be'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.novartis.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.novartis.ch'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.novartis.co.jp'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.novartis.co.kr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.novartis.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.novartis.com.ar'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.novartis.com.br'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.novartis.com.ec'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.novartis.com.hk'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.novartis.com.my'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.novartis.com.pe'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.novartis.com.ph'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.novartis.com.tw'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.novartis.cz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.novartis.de'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.novartis.dk'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.novartis.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.novartis.ie'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.novartis.no'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.novartis.pl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.novartis.se'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.novartis.sk'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.sandoz.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.sandoz.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.sandoz.com.ar'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.sandoz.com.au'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.sandoz.com.cn'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.sandoz.com.tr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.sandoz.cz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.sandoz.dk'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.sandoz.fi'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.sandoz.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.sandoz.hr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.sandoz.hu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.sandoz.it'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.sandoz.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.sandoz.no'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.sandoz.pl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.sandoz.ru'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.sandoz.se'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.sandoz.ua'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.sandoz.uk.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.sandozfarma.es'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'alcon.co.it'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'alcon.co.kr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'alconpharma.jp'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'nibr.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'novartis.be'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'novartis.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'novartis.ch'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'novartis.co.jp'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'novartis.co.kr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'novartis.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'novartis.com.ar'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'novartis.com.br'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'novartis.com.ec'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'novartis.com.hk'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'novartis.com.my'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'novartis.com.pe'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'novartis.com.ph'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'novartis.com.tw'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'novartis.cz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'novartis.de'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'novartis.dk'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'novartis.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'novartis.ie'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'novartis.no'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'novartis.pl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'novartis.se'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'novartis.sk'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'sandoz.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'sandoz.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'sandoz.com.ar'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'sandoz.com.au'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'sandoz.com.cn'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'sandoz.com.tr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'sandoz.cz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'sandoz.dk'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'sandoz.fi'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'sandoz.fr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'sandoz.hr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'sandoz.hu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'sandoz.it'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'sandoz.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'sandoz.no'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'sandoz.pl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'sandoz.ru'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'sandoz.se'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'sandoz.ua'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'sandoz.uk.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'sandozfarma.es'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (245 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (242 bytes)
							00f0007600ee4bbdb775ce60bae142691fabe19e66a30f7e5fb072d88300c47b897aa8fdcb000001661865287b0000040300473045022060c420e96f5be4ec6a6786e2eed9304b91ec04dc04441a8214a249e1a1586e1c022100d1d843c52bea07fd82ef77d2c911f015ee6051d1a2b0c90e5300aed6e8f1f9db007600747eda8331ad331091219cce254f4270c2bffd5e422008c6373579e6107bcc5600000166186528b2000004030047304502210088e23735d20de7458227363362efba02467410c60aa16366e8a2be4917346e9402200a238faeb07545883f6a31838106b980f2227a2bc3dd2fc319a9ee076eea69c0
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.5 (sha1WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00825d7bbf2a1cac70f6412a2eb5c439d0ea390c9242f4b278f27713fe9c8899163a339f829692ecc3bfd12d07e5d2a5f47e25f1e5a6d7b7a21f23e9ec15329a896356be7e2de2035a8192286ede81b9051b8b05d4ea0a3c1eadd03ade2700af688964f3fdd0848c178028c5370caf089b33caebc4af1ef8fe254ab8a543dddd537157901da1ba1f70b6feea804909b2519e8213c2329b5084937a201fd509ca72d48e2694d73060fa85c9d78828e213c692ab36eb802fcf92afec5a36e0ea293ef8d17326519ce07dd091357a4d51ff0c1f3da8eeb9a43451241fa2d8b3dc85f9951679098d6325ee88112d5ee4a4f50fee1a3c71ab707392390d5ddd9a63dfc2