cmseos-tf1103.fnal.gov
- Fermi Research Alliance -
Issued by InCommon RSA IGTF Server CA 3
About this certificate
This digital certificate with serial number ec:62:a1:01:6a:d4:eb:4b:0f:c8:12:a2:03:57:6b:0b was issued on by Internet2.
With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
- Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)
Fermi Research Alliance
Organization:
Fermi Research Alliance
State / Province:
Illinois
Country: US
Country: US
Internet2
Organization:
Internet2
Country:
US
This certificate will expire on
Certificate Details
Serial Number (hex): ec:62:a1:01:6a:d4:eb:4b:0f:c8:12:a2:03:57:6b:0bSerial Number (int): 314209917677613724001684385925093092107
Serial Number lenght: 128 bits, 16 octets
SubjectKeyId: da:2f:e6:b5:d5:cd:05:11:07:f5:fd:0c:71:b6:2b:c6:25:fa:35:d9
AuthorityKeyId: 16:36:a5:e3:31:7b:bf:67:f6:b2:b7:e7:ea:54:ef:57:30:be:c7:e5
Fingerprint (sha1): 6a:89:1b:fa:76:f0:00:9c:eb:f6:06:3e:b4:34:31:65:3f:55:ef:03
Fingerprint (sha256): 04:dc:6e:c1:16:99:70:89:cb:d4:eb:4b:f5:1d:81:c0:4e:35:50:d1:2c:81:c1:7d:ca:43:3d:07:5c:c1:eb:89
Issuing Certificate URL: http://crt.sectigo.com/InCommonRSAIGTFServerCA3.crt
Revocation information
OCSP Server: http://ocsp.sectigo.comCRL Distribution Point: http://crl.sectigo.com/InCommonRSAIGTFServerCA3.crl
Check the revocation status for certificate cmseos-tf1103.fnal.gov
2
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for cmseos-tf1103.fnal.gov
Public Key Algorithm
RSA
Key Size
4096
Signature Algorithm
SHA384 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
10 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
cmseos-tf1103.fnal.gov
cmseos-tstgridftp.fnal.gov
cmseos-tstgridftp.fnal.gov
Other certificates including the domain name fnal.gov
(limited to 100 certificates)
uboonepro-uboonegpvm01.fnal.gov
gpce03.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
stkendca71a.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
lpcschedd3.fnal.gov
samwebgpvm03.fnal.gov
ftdc2.fermitest.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
uhosts.fnal.gov
*.fnal.gov
pubstor2231.fnal.gov
*.fnal.gov
nsexpe2.fnal.gov
cmsstor341.fnal.gov
*.fnal.gov
uhosts.fnal.gov
www-bss.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
cmssi-factory02.fnal.gov
*.fnal.gov
uhosts.fnal.gov
fermi-rsa-2.fnal.gov
*.fnal.gov
cmseos-tf1103.fnal.gov
rcds01.fnal.gov
*.fnal.gov
*.fnal.gov
ssiadmin3.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
cmseos511.fnal.gov
uhosts.fnal.gov
fcdfcache122.fnal.gov
*.fnal.gov
*.fnal.gov
cmssrv628.fnal.gov
*.fnal.gov
*.fnal.gov
uhosts.fnal.gov
cmseos1144.fnal.gov
*.fnal.gov
uhosts.fnal.gov
*.fnal.gov
icaruspro-icarusgpvm01.fnal.gov
cmsstor907.fnal.gov
*.fnal.gov
*.fnal.gov
fifeutilgpvm01.fnal.gov
fermicloud527.fnal.gov
*.fnal.gov
*.fnal.gov
fndcaitb1.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
cmseos-if1102.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
uhosts.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
fermicloud363.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
cmseos517.fnal.gov
rcodegpvm02.fnal.gov
cmseos56.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
cmsdcadiskitb03.fnal.gov
*.fnal.gov
accelaipro-accelaigpvm01.fnal.gov
*.fnal.gov
*.fnal.gov
cmsdcadiskitb04.fnal.gov
cmseos34.fnal.gov
fndca5b.fnal.gov
*.fnal.gov
gpce03.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
stkendca71a.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
lpcschedd3.fnal.gov
samwebgpvm03.fnal.gov
ftdc2.fermitest.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
uhosts.fnal.gov
*.fnal.gov
pubstor2231.fnal.gov
*.fnal.gov
nsexpe2.fnal.gov
cmsstor341.fnal.gov
*.fnal.gov
uhosts.fnal.gov
www-bss.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
cmssi-factory02.fnal.gov
*.fnal.gov
uhosts.fnal.gov
fermi-rsa-2.fnal.gov
*.fnal.gov
cmseos-tf1103.fnal.gov
rcds01.fnal.gov
*.fnal.gov
*.fnal.gov
ssiadmin3.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
cmseos511.fnal.gov
uhosts.fnal.gov
fcdfcache122.fnal.gov
*.fnal.gov
*.fnal.gov
cmssrv628.fnal.gov
*.fnal.gov
*.fnal.gov
uhosts.fnal.gov
cmseos1144.fnal.gov
*.fnal.gov
uhosts.fnal.gov
*.fnal.gov
icaruspro-icarusgpvm01.fnal.gov
cmsstor907.fnal.gov
*.fnal.gov
*.fnal.gov
fifeutilgpvm01.fnal.gov
fermicloud527.fnal.gov
*.fnal.gov
*.fnal.gov
fndcaitb1.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
cmseos-if1102.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
uhosts.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
fermicloud363.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
cmseos517.fnal.gov
rcodegpvm02.fnal.gov
cmseos56.fnal.gov
*.fnal.gov
*.fnal.gov
*.fnal.gov
cmsdcadiskitb03.fnal.gov
*.fnal.gov
accelaipro-accelaigpvm01.fnal.gov
*.fnal.gov
*.fnal.gov
cmsdcadiskitb04.fnal.gov
cmseos34.fnal.gov
fndca5b.fnal.gov
*.fnal.gov
Certificate
The complete raw certificate details for cmseos-tf1103.fnal.gov in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIIQTCCBqmgAwIBAgIRAOxioQFq1OtLD8gSogNXawswDQYJKoZIhvcNAQEMBQAw STELMAkGA1UEBhMCVVMxEjAQBgNVBAoTCUludGVybmV0MjEmMCQGA1UEAxMdSW5D b21tb24gUlNBIElHVEYgU2VydmVyIENBIDMwHhcNMjMxMjA1MDAwMDAwWhcNMjUw MTAzMjM1OTU5WjCBkjETMBEGCgmSJomT8ixkARkWA29yZzEYMBYGCgmSJomT8ixk ARkWCGluY29tbW9uMQswCQYDVQQGEwJVUzERMA8GA1UECBMISWxsaW5vaXMxIDAe BgNVBAoTF0Zlcm1pIFJlc2VhcmNoIEFsbGlhbmNlMR8wHQYDVQQDExZjbXNlb3Mt dGYxMTAzLmZuYWwuZ292MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA wyN8preD+9zb168Kt3FKI8I25JCjzLyz6ruIxL0fqAQfM93sVFbWqXHYDkyOh0lV 0500vLYuOq/OPHcSdG1LCH0OFCWVtnztfF9o9ZixM7IxAThEx7POMp1wmxwe0fsB RffL4cMia5VYnZm1+X3x+/ejtDTaGmL+2CfLeQ/Vj9XkzsKcFtQXyRJx18CF4o1O aaRjkY3EZTDHnGbiABLwR1WPfe/HVleR1xyF+1OWA/mMfRwO+VBQixLrV1JAiKz7 8bLXMJ01cvag7DUeEvG2epXV32KxCPiA1ixzm6lOVWH+GpMGPbhkSpQ4oRjnppEh TtWlumufFFioaj4OhcF+4ZxmNJdQ9sv+1f7LAyBp/PY33c3m1ir+FHnUOFa6NWVF lOiFXb9xLBCB45F3yqp4DcAHac7Izb8kFLL93mRcGhIM/zsfT3yD1N/4AIUztFZC StdAWUkmAGvatMLlyuVyBNFH6LGvjuYVgPHTenMKUlfP4thqhEeLOzGwUkRvAbBu 0ItzWyDelrhP+oqHsLN8SmGM6sdkCO83jbKR2VUYQ78khPjDRwcUjVFNq0fCU01+ 5vOLHh6gkw3JPyzjvoveYZbumfds3y5xHZOPsonJbA+EuZiNyEwl1SfzAtZ17fBy 4wPZXMYK5bSJjgjp2Qc5BlnVsOiwiMu6oDTuQJxpDCsCAwEAAaOCA1gwggNUMB8G A1UdIwQYMBaAFBY2peMxe79n9rK35+pU71cwvsflMB0GA1UdDgQWBBTaL+a11c0F EQf1/QxxtivGJfo12TAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNV HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwWAYDVR0gBFEwTzA1BgwrBgEEAa4j AQQDBAIwJTAjBggrBgEFBQcCARYXaHR0cHM6Ly9zZWN0aWdvLmNvbS9DUFMwDAYK KoZIhvdMBQICATAIBgZngQwBAgIwRAYDVR0fBD0wOzA5oDegNYYzaHR0cDovL2Ny bC5zZWN0aWdvLmNvbS9JbkNvbW1vblJTQUlHVEZTZXJ2ZXJDQTMuY3JsMHQGCCsG AQUFBwEBBGgwZjA/BggrBgEFBQcwAoYzaHR0cDovL2NydC5zZWN0aWdvLmNvbS9J bkNvbW1vblJTQUlHVEZTZXJ2ZXJDQTMuY3J0MCMGCCsGAQUFBzABhhdodHRwOi8v b2NzcC5zZWN0aWdvLmNvbTCCAX4GCisGAQQB1nkCBAIEggFuBIIBagFoAHUAzxFW 7tUufK/zh1vZaS6b6RpxZ0qwF+ysAdJbd87MOwgAAAGMOkw2/QAABAMARjBEAiA7 pgScpMaHji0Cz8AMLe0ThWGXt2EKMT7gvQmI2/PCXQIgTB0NubzTH4Menp1x6YTl h5zuFJXeDR4r70X1VbbPk9IAdwCi4wrkRe+9rZt+OO1HZ3dT14JbhJTXK14bLMS5 UKRH5wAAAYw6TDYKAAAEAwBIMEYCIQCJiuLDJM8oGif1t7pIoTIzIk7t07Y5V8Jg IS6L/QGlxgIhAJH83azYnIBqZqU052CanuHdIEHTOWQGVD7BQlG6Wx52AHYATnWj J1yaEMM4W2zU3z9S6x3w4I4bjWnAsfpksWKaOd8AAAGMOkw2tgAABAMARzBFAiEA 4X2fv2q+PmW9yhg2tWDMAQXL27lQcrdmu46Q/huk8P4CID8QSkXtj2lQja5umn6C r52BH2ZSu+9DPSrYVepNSgBFMD0GA1UdEQQ2MDSCFmNtc2Vvcy10ZjExMDMuZm5h bC5nb3aCGmNtc2Vvcy10c3RncmlkZnRwLmZuYWwuZ292MA0GCSqGSIb3DQEBDAUA A4IBgQCWtmoWCn9p+B3/0Dp+8DuEiCwcNXEdm0SxYd0u1+pIvaa0sdxoz8JQ1rpr Hprymwrk1gmN3Nbski3gTUhKsQcqaQba3G7w1LkVKdXuRacfv94/3Zs/j9tSroRQ 2jOLMBlwmg5/Z+fYkWClzqg/tiqTpKY/gdcILRzGnQmDdntexGI84PR5reysCaf7 XaHs2RM/Aag5FMSPU2wa4c+8m8D3KbOO5AP3dRl6RAUNc/O9jZr7Tqi54YDYYffy QLsD1m2TFbQ7MovtS1Scz1BLXjLS338CY58WLqvmkBLg3egrfiPWcGaLjQNY94j7 O8nYPrkk6r8NKLqjLOolCSwaxLSNXupWzPXzZY4qagUsV1t4+NeJQgAA1urXHXhv MFJlymYQzJTM3bNu01d1HnzyvPrsYXXw2i++JxwV2dxw2uTHOtV/zGPjlH+9Atl4 MXBH/QqeB+/+Hk2gOFDbQsJ1h3TDPGx8/Axn7iVTjmCrJ9xt3+UKT/TkGfKZbxZJ CSUJ9mY= -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwyN8preD+9zb168Kt3FK I8I25JCjzLyz6ruIxL0fqAQfM93sVFbWqXHYDkyOh0lV0500vLYuOq/OPHcSdG1L CH0OFCWVtnztfF9o9ZixM7IxAThEx7POMp1wmxwe0fsBRffL4cMia5VYnZm1+X3x +/ejtDTaGmL+2CfLeQ/Vj9XkzsKcFtQXyRJx18CF4o1OaaRjkY3EZTDHnGbiABLw R1WPfe/HVleR1xyF+1OWA/mMfRwO+VBQixLrV1JAiKz78bLXMJ01cvag7DUeEvG2 epXV32KxCPiA1ixzm6lOVWH+GpMGPbhkSpQ4oRjnppEhTtWlumufFFioaj4OhcF+ 4ZxmNJdQ9sv+1f7LAyBp/PY33c3m1ir+FHnUOFa6NWVFlOiFXb9xLBCB45F3yqp4 DcAHac7Izb8kFLL93mRcGhIM/zsfT3yD1N/4AIUztFZCStdAWUkmAGvatMLlyuVy BNFH6LGvjuYVgPHTenMKUlfP4thqhEeLOzGwUkRvAbBu0ItzWyDelrhP+oqHsLN8 SmGM6sdkCO83jbKR2VUYQ78khPjDRwcUjVFNq0fCU01+5vOLHh6gkw3JPyzjvove YZbumfds3y5xHZOPsonJbA+EuZiNyEwl1SfzAtZ17fBy4wPZXMYK5bSJjgjp2Qc5 BlnVsOiwiMu6oDTuQJxpDCsCAwEAAQ== -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 314209917677613724001684385925093092107 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.12 (sha384WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Internet2' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'InCommon RSA IGTF Server CA 3' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-12-05 00:00:00 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-01-03 23:59:59 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 0.9.2342.19200300.100.1.25 (domainComponent) . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'org' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 0.9.2342.19200300.100.1.25 (domainComponent) . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'incommon' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Illinois' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Fermi Research Alliance' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'cmseos-tf1103.fnal.gov' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 796096116694283914909904473519971457677225574352264510720159125967069648181721855844722571543360206276311960806009608426195656367744960976303121821692592029212929482250746060878695650671654645914973501292373212670807176524596839823563275886063950479346332476397429088785992810798584025712509759007456344177863269309838559914640951893407308386742924368459356106110201048044139926279755397109121418268872045133422421946546029819613559719683147924262059281711220486339925942721520892624987466706018801628026306482558257856441970101355467596174935059648560242487676282881613426940838152324891333812473791765660590124578930955713006544361537191234505249966218073727380019352335603364747006840210814816758351231551479695155316369137672922795332544103653162325338549961348648246354688318014685874669038604546265265112885100745576237247383188011974314585365729238090396048653817967226355299210247242676021027367413964140056602382802557910041080477452695529512950409804309236614592051189314997155397340524048299668595458100037896703291219020546032804283376171877106881877785081376288310742648373586516038439948584091063064788108945975954389196251463935834797690528532536846705690037796572018823549572391697164592415867608971518495820477959211 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 1636a5e3317bbf67f6b2b7e7ea54ef5730bec7e5 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) da2fe6b5d5cd051107f5fd0c71b62bc625fa35d9 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (81 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.5923.1.4.3.4.2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://sectigo.com/CPS' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113612.5.2.2.1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (61 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.sectigo.com/InCommonRSAIGTFServerCA3.crl' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (104 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.sectigo.com/InCommonRSAIGTFServerCA3.crt' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.sectigo.com' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (366 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (362 bytes) 0168007500cf1156eed52e7caff3875bd9692e9be91a71674ab017ecac01d25b77cecc3b080000018c3a4c36fd000004030046304402203ba6049ca4c6878e2d02cfc00c2ded13856197b7610a313ee0bd0988dbf3c25d02204c1d0db9bcd31f831e9e9d71e984e5879cee1495de0d1e2bef45f555b6cf93d2007700a2e30ae445efbdad9b7e38ed47677753d7825b8494d72b5e1b2cc4b950a447e70000018c3a4c360a0000040300483046022100898ae2c324cf281a27f5b7ba48a13233224eedd3b63957c260212e8bfd01a5c602210091fcddacd89c806a66a534e7609a9ee1dd2041d3396406543ec14251ba5b1e760076004e75a3275c9a10c3385b6cd4df3f52eb1df0e08e1b8d69c0b1fa64b1629a39df0000018c3a4c36b60000040300473045022100e17d9fbf6abe3e65bdca1836b560cc0105cbdbb95072b766bb8e90fe1ba4f0fe02203f104a45ed8f69508dae6e9a7e82af9d811f6652bbef433d2ad855ea4d4a0045 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (54 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cmseos-tf1103.fnal.gov' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cmseos-tstgridftp.fnal.gov' . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.12 (sha384WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (3072 bits) 0096b66a160a7f69f81dffd03a7ef03b84882c1c35711d9b44b161dd2ed7ea48bda6b4b1dc68cfc250d6ba6b1e9af29b0ae4d6098ddcd6ec922de04d484ab1072a6906dadc6ef0d4b91529d5ee45a71fbfde3fdd9b3f8fdb52ae8450da338b3019709a0e7f67e7d89160a5cea83fb62a93a4a63f81d7082d1cc69d0983767b5ec4623ce0f479adecac09a7fb5da1ecd9133f01a83914c48f536c1ae1cfbc9bc0f729b38ee403f775197a44050d73f3bd8d9afb4ea8b9e180d861f7f240bb03d66d9315b43b328bed4b549ccf504b5e32d2df7f02639f162eabe69012e0dde82b7e23d670668b8d0358f788fb3bc9d83eb924eabf0d28baa32cea25092c1ac4b48d5eea56ccf5f3658e2a6a052c575b78f8d789420000d6ead71d786f305265ca6610cc94ccddb36ed357751e7cf2bcfaec6175f0da2fbe271c15d9dc70dae4c73ad57fcc63e3947fbd02d978317047fd0a9e07effe1e4da03850db42c2758774c33c6c7cfc0c67ee25538e60ab27dc6ddfe50a4ff4e419f2996f1649092509f666