citrixsg.osd.mil

- U.S. Government -

Issued by DOD ID SW CA-38

About this certificate

This digital certificate with serial number 02:82:3b was issued on by U.S. Government.

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: subject:localityName MUST appear if subject:organizationName, subject:givenName, or subject:surname fields are present but the subject:stateOrProvinceName field is absent. (BRs: 7.1.4.2.2)
  • Subscriber Certificate: subject:stateOrProvinceName MUST appear if the subject:organizationName, subject:givenName, or subject:surname fields are present and subject:localityName is absent. (BRs: 7.1.4.2.2)
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)
  • Subscriber Certificate: extKeyUsage values other than id-kp-serverAuth, id-kp-clientAuth, and id-kp-emailProtection SHOULD NOT be present. (BRs: 7.1.2.3)

U.S. Government

Organization: U.S. Government
Organization unit: DoD
Organization unit: PKI
Organization unit: OSD
Country: US

U.S. Government

Organization: U.S. Government
Organization unit: DoD
Organization unit: PKI
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 02:82:3b
Serial Number (int): 164411
Serial Number lenght: 18 bits, 3 octets

SubjectKeyId: 90:c7:71:99:f1:c1:5c:b1:54:ae:6e:78:a9:89:1f:b7:76:5d:47:16
AuthorityKeyId: 8e:c5:b9:cc:fc:ce:8e:53:b4:2a:ce:e8:11:2a:cf:9b:29:6c:67:ca

Fingerprint (sha1): ab:14:eb:7c:60:ea:5e:e7:97:2a:5a:3e:1b:63:f7:87:0b:6b:07:6b
Fingerprint (sha256): 04:49:90:e5:80:aa:80:76:9b:8f:2a:85:df:6a:fb:26:ec:ad:65:82:d8:39:d9:59:10:bd:c3:7d:08:1f:20:fb

Issuing Certificate URL: http://crl.disa.mil/sign/DODIDSWCA_38.cer

Revocation information

OCSP Server: http://ocsp.disa.mil
CRL Distribution Point: http://crl.disa.mil/crl/DODIDSWCA_38.crl

Check the revocation status for certificate citrixsg.osd.mil

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for citrixsg.osd.mil

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

8 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

citrixsg.osd.mil
citrix.osd.mil

Other certificates including the domain name osd.mil

(limited to 100 certificates)
myafn.dodmedia.osd.mil
secureapps.osd.mil
eRoom.tma.osd.mil
stg.service.cade.osd.mil
kbs.nsoc.health.mil
nmcp-root.med.osd.mil
www.dma.mil
bea.osd.mil
repi.osd.mil
nmcsd-root.med.osd.mil
www.dma.mil
afnconnect.myafn.dodmedia.osd.mil
mhse2e.med.osd.mil
cade.osd.mil
titus.cpms.osd.mil
opmverify.dmdc.osd.mil
dtsproweb.defensetravel.osd.mil
compos.dcpds.cpms.osd.mil
www.dma.mil
www.defense.gov
www.dma.mil
repi.osd.mil
www.pentagon.mil
www.dma.mil
afnconnect.myafn.dodmedia.osd.mil
dodmerb.tricare.osd.mil
webct2.dmdc.osd.mil
CAPE eRoom
cade.osd.mil
citrixsg.osd.mil
www.pentagon.mil
web-06-r-p.fhppub.dhhq.local
repi.osd.mil
jacks.jpeocbd.army.mil
jds.cape.osd.mil
repi.osd.mil
dach-era.med.osd.mil
guidanceweb.ousdc.osd.mil
afnconnect.myafn.dodmedia.osd.mil
pentagontours.osd.mil
dmdc.osd.mil
rcc.osd.mil
www.usace.army.mil
myafn.dodmedia.osd.mil
repi.osd.mil
www.pentagon.mil
systemarchitect.tma.osd.mil
*.jacks.jpeocbrnd.army.mil
secureapps.osd.mil
dtscdcvpn02.defensetravel.osd.mil
snap.cape.osd.mil
fermion.dmea.osd.mil
*.jacks.jpeocbrnd.army.mil
myafn.dodmedia.osd.mil
www.usace.army.mil
lms.dcpas.osd.mil
denix.osd.mil
fermion.dmea.osd.mil
SNAP.CAPE.OSD.MIL
bach-era.med.osd.mil
denix.osd.mil
lrmc-root.med.osd.mil
listserver.tma.osd.mil
godefense.dcpas.osd.mil
service.cade.osd.mil
guidanceweb.ousdc.osd.mil
fcom.cape.osd.mil
macstg.ousdc.osd.mil
login.myafn.dodmedia.osd.mil
hrnetapps.cpms.osd.mil
kbs.nsoc.health.mil
jsp-ipm.osd.mil
sepsii.tricare.osd.mil
DORWARD.jte.osd.mil
jcoc.osd.mil
uranus.cpms.osd.mil
itbudget.osd.mil
dod-executiveagent.osd.mil
cerebro-ct.dmdc.osd.mil
denix.osd.mil
dodcioext.osd.mil
www.public.navy.mil
mhse2erecv.med.osd.mil
www.dma.mil
afnconnect.myafn.dodmedia.osd.mil
www.pentagon.mil
ircmstrn.cpms.osd.mil
bolly.cpms.osd.mil
repi.osd.mil
wasp-ad.dmdc.osd.mil
art.tma.osd.mil
webst.dmdc.osd.mil
fmonline.ousdc.osd.mil
fsm.cape.osd.mi
repi.osd.mil
dmdc.mil
dmdc.mil
dmdc.mil
www.dma.mil
learning1.dmdc.osd.mil

Certificate

The complete raw certificate details for citrixsg.osd.mil in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIErjCCA5agAwIBAgIDAoI7MA0GCSqGSIb3DQEBCwUAMF0xCzAJBgNVBAYTAlVT
MRgwFgYDVQQKEw9VLlMuIEdvdmVybm1lbnQxDDAKBgNVBAsTA0RvRDEMMAoGA1UE
CxMDUEtJMRgwFgYDVQQDEw9ET0QgSUQgU1cgQ0EtMzgwHhcNMTcwOTA4MjIxMzE1
WhcNMjAwOTA4MjIxMzE1WjBsMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBH
b3Zlcm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsTA1BLSTEMMAoGA1UECxMD
T1NEMRkwFwYDVQQDExBjaXRyaXhzZy5vc2QubWlsMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAsGjHmlJgmWqB9wSWIapBVG+xOQE/8YM5K5XBYW99dqkU
J6pdKfnD5eOuH9yAdefmvGtne+apz5RuSWskVa9sWCh1TBYh6fm+3XDZRvM7b8B4
NYvtvB7vMPILJec/TGMqpL7xI4vih9C74Nekub/2UDJx6lkDFzd75bQFarJSJzSp
lW1FZwuAp/SuphJlUuU4WccGVAXZjkCs7kREo/5lp9cIR/ZBHr6/CWrYakIT50NP
GwV/AUPb1DThkNHoCMBk0MDkHd1iRdWyPw++p3oPzkrzGkAEyA85sm430jFIyJyI
v4l42X3eyWy1+ZbTH9nJNLQs5OVGgy/2eFNl9/07ywIDAQABo4IBZjCCAWIwHwYD
VR0jBBgwFoAUjsW5zPzOjlO0Ks7oESrPmylsZ8owHQYDVR0OBBYEFJDHcZnxwVyx
VK5ueKmJH7d2XUcWMGcGCCsGAQUFBwEBBFswWTA1BggrBgEFBQcwAoYpaHR0cDov
L2NybC5kaXNhLm1pbC9zaWduL0RPRElEU1dDQV8zOC5jZXIwIAYIKwYBBQUHMAGG
FGh0dHA6Ly9vY3NwLmRpc2EubWlsMA4GA1UdDwEB/wQEAwIFoDA5BgNVHR8EMjAw
MC6gLKAqhihodHRwOi8vY3JsLmRpc2EubWlsL2NybC9ET0RJRFNXQ0FfMzguY3Js
MCsGA1UdEQQkMCKCEGNpdHJpeHNnLm9zZC5taWyCDmNpdHJpeC5vc2QubWlsMBYG
A1UdIAQPMA0wCwYJYIZIAWUCAQsnMCcGA1UdJQQgMB4GCCsGAQUFBwMBBggrBgEF
BQcDAgYIKwYBBQUIAgIwDQYJKoZIhvcNAQELBQADggEBAGxt0LQVDrLuYzQ0TY8Z
chRjjUjPZTwdvdRAhAF66MwZU6Wl9LpypJnNMMCyDBIHOytFB6MEx8u8KumMkDko
RAjCUjflgtTUVRSoI3iQFSiZTm9DW5213VKSoX8UQOR07rEIC5i7K4VWn1lebYWl
CHPahTZs9brIgwuComXEP0y4mHhuincPb0xk0gmVeRhYrLoee1OLcLVWELX27jC/
pZb8kb0IIJ7NtcLPb24NmOFF8DKUbYCn+M5Sno8tTwxkNNjR03tiWA2scqEgPhv9
TR2B4gYXC+ToWK3VUsxrgPD5KAIgsUiZ39rchZYOew7o+fmQyu3GaRnv3TOhJfD0
GZg=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsGjHmlJgmWqB9wSWIapB
VG+xOQE/8YM5K5XBYW99dqkUJ6pdKfnD5eOuH9yAdefmvGtne+apz5RuSWskVa9s
WCh1TBYh6fm+3XDZRvM7b8B4NYvtvB7vMPILJec/TGMqpL7xI4vih9C74Nekub/2
UDJx6lkDFzd75bQFarJSJzSplW1FZwuAp/SuphJlUuU4WccGVAXZjkCs7kREo/5l
p9cIR/ZBHr6/CWrYakIT50NPGwV/AUPb1DThkNHoCMBk0MDkHd1iRdWyPw++p3oP
zkrzGkAEyA85sm430jFIyJyIv4l42X3eyWy1+ZbTH9nJNLQs5OVGgy/2eFNl9/07
ywIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 164411
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'U.S. Government'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DoD'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'PKI'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DOD ID SW CA-38'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2017-09-08 22:13:15 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2020-09-08 22:13:15 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'U.S. Government'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DoD'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'PKI'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'OSD'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'citrixsg.osd.mil'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 22269610469085731472986334038007013203516859530654161724005437943890084417506715345833477213264153875645542539260067395394880347199343618268971286534704398123020693677107578007800068435043559791892049648663821758352612532794653569758615405488721825526953628409873678238572190961798450142237947182172035946214124847438755846167233121017628744807928453021828519182103547020205570521600612800758986448233407488625250868149691395144009237210014382752641321339595793060555830324563075140427912273948152551305554427149812456093816621691609444997282935365356106552806728968342606519240297589921795469385932694723080866315211
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 8ec5b9ccfcce8e53b42acee8112acf9b296c67ca
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							90c77199f1c15cb154ae6e78a9891fb7765d4716
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (91 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.disa.mil/sign/DODIDSWCA_38.cer'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.disa.mil'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (50 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.disa.mil/crl/DODIDSWCA_38.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (36 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'citrixsg.osd.mil'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'citrix.osd.mil'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (15 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.101.2.1.11.39
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (32 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.8.2.2 (iKEIntermediate)
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		006c6dd0b4150eb2ee6334344d8f197214638d48cf653c1dbdd44084017ae8cc1953a5a5f4ba72a499cd30c0b20c12073b2b4507a304c7cbbc2ae98c9039284408c25237e582d4d45514a82378901528994e6f435b9db5dd5292a17f1440e474eeb1080b98bb2b85569f595e6d85a50873da85366cf5bac8830b82a265c43f4cb898786e8a770f6f4c64d20995791858acba1e7b538b70b55610b5f6ee30bfa596fc91bd08209ecdb5c2cf6f6e0d98e145f032946d80a7f8ce529e8f2d4f0c6434d8d1d37b62580dac72a1203e1bfd4d1d81e206170be4e858add552cc6b80f0f9280220b14899dfdadc85960e7b0ee8f9f990caedc66919efdd33a125f0f41998