newweb.na.descartes.com

- The Descartes Systems Group Inc. -

Issued by thawte SSL CA - G2

About this certificate

This digital certificate with serial number 49:f9:71:ad:da:dd:20:85:de:4c:0e:ad:99:c3:7f:e2 was issued on by thawte, Inc..

This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)
  • Sub certificates SHOULD include Subject Key Identifier in end entity certs (RFC 5280: 4.2 & 4.2.1.2)

The Descartes Systems Group Inc.

Organization: The Descartes Systems Group Inc.
Organization unit: CITRIX
State / Province: Ontario
Locality: Waterloo
Country: CA

thawte, Inc.

Organization: thawte, Inc.
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 49:f9:71:ad:da:dd:20:85:de:4c:0e:ad:99:c3:7f:e2
Serial Number (int): 98328831296566416740320984483991093218
Serial Number lenght: 127 bits, 16 octets

SubjectKeyId:
AuthorityKeyId: c2:4f:48:57:fc:d1:4f:9a:c0:5d:38:7d:0e:05:db:d9:2e:b5:52:60

Fingerprint (sha1): ad:11:d1:1b:72:e1:99:1c:64:4a:b9:c1:f7:ea:9e:77:ac:69:52:a4
Fingerprint (sha256): 05:b3:03:ea:f6:cf:01:13:42:00:12:36:d5:2e:6c:ed:35:ac:68:a1:fb:cb:bb:b0:69:c9:53:79:b7:da:5c:e2

Issuing Certificate URL: http://tj.symcb.com/tj.crt

Revocation information

OCSP Server: http://tj.symcd.com
CRL Distribution Point: http://tj.symcb.com/tj.crl

Check the revocation status for certificate newweb.na.descartes.com

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for newweb.na.descartes.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

8 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

newweb.na.descartes.com

Other certificates including the domain name descartes.com

(limited to 100 certificates)
status.pipeimob.com.br
adfs.descartes.com
smartcompliance.descartes.com
fseuc-1a.freshservice.com
ecomm.descartes.com
status.markiiieb.com
status.sandsiv.com
status.ngxnetworks.com
foxtrot.status.descartes.com
*.testportal.descartes.com
shw.rmt.status.descartes.com
go-secure.descartes.com
shw.rmt.status.descartes.com
servicedesk.descartes.com
iq.syncd.tech
fmtracks.fmsend.net
*.gct.descartes.com
*.uk-updates.descartes.com
uca.descartes.com
newweb.na.descartes.com
status.us.premium.salusconnect.io
disponibilidade.activecorp.com.br
shw.rmt.status.descartes.com
custom.mindflash.com
status.quarklink.io
*.e-customs.descartes.com
*.uk-updates.descartes.com
status.5starcoms.net
globalcompliance.asia.descartes.com
webdgn.descartes.com
shw.rmt.status.descartes.com
taric.descartes.com
status.anywhere.asolvi.app
crm.descartes.com
globalcompliancetest.descartes.com
desktop.descartes.com
ondemand.descartes.com
shipmentwarehouse.descartes.com
status.sandsiv.com
fmtracks.fmsend.net
status.skynetexpress.com
*.podirect.descartes.com
fseuc-1a.freshservice.com
uca.descartes.com
TILES.APAC.DESCARTES.COM
firstspiritstatus.crownpeak.com
globalcompliancetest.descartes.com
servicedesk.helpforheroes.org.uk
globalcompliance.descartes.com
*.ap.descartes.com
status.mapworks.io
shw.rmt.status.descartes.com
itmtest.descartes.com
status.pipeimob.com.br
status.doccle.be
www.123.descartes.com
status.lenderdock.com
shw.rmt.status.descartes.com
www.descartes.com
status.sandsiv.com
shw.rmt.status.descartes.com
osm-tile.descartes.com
iq.syncd.tech
web.emea.descartes.com
webgc-stg.descartes.com
EDITRADEPREPROD.DESCARTES.COM
globalcompliance.descartes.com
ess.descartes.com
www.descartes.com
fmtracks.fmsend.net
SHIPMENTWAREHOUSE.DESCARTES.COM
status.nwtc.edu
telogis.descartes.com
ssp.descartes.com
status.5starcoms.net
www.descartes.com
webmail.descartes.com
smartcompliance.descartes.com
essqa.descartes.com
lp.descartes.com
iq.syncd.tech
fseuc-1a.freshservice.com
*.testportal.descartes.com
status.skynetexpress.com
shw.rmt.status.descartes.com
services.content.descartes.com
businesscompliance.descartes.com
*.myvan.descartes.com
statuspage.e2open.com
fmtracks.fmsend.net
fseuc-1a.freshservice.com
status.prokurio.com
*.routeplanner.descartes.com
staging.routing-and-scheduling.descartes.com
fseuc-1a.freshservice.com
status.sandsiv.com
status.zoho.uk
go-webedi.descartes.com
lp.descartes.com
webmail.descartes.com

Certificate

The complete raw certificate details for newweb.na.descartes.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIE1zCCA7+gAwIBAgIQSflxrdrdIIXeTA6tmcN/4jANBgkqhkiG9w0BAQsFADBB
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3RlLCBJbmMuMRswGQYDVQQDExJ0
aGF3dGUgU1NMIENBIC0gRzIwHhcNMTUxMTAzMDAwMDAwWhcNMTgxMTAyMjM1OTU5
WjCBkDELMAkGA1UEBhMCQ0ExEDAOBgNVBAgMB09udGFyaW8xETAPBgNVBAcMCFdh
dGVybG9vMSkwJwYDVQQKDCBUaGUgRGVzY2FydGVzIFN5c3RlbXMgR3JvdXAgSW5j
LjEPMA0GA1UECwwGQ0lUUklYMSAwHgYDVQQDDBduZXd3ZWIubmEuZGVzY2FydGVz
LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK1V0ot3hIsEe/1S
lyB6/hYsVu6ls+jxzhkGyTZhxzmFTRIsOlqqBRI+wB+edw1DwbfBM/0PbxA6d5M4
0vILshrHZQFCafvAVEjQNXtcrBN611YhTkyLXSHVpwp4P32edqIr7fnB3mCFgeGJ
EilZhYZaxUqYnPDg05JMkvu9Bdc7rR/8sYCT2TCVoL6JKtswV1PAFkMUKU+6SBoG
vbX3pefluJI3vSONkdWRZH99QnFNM1kW+JQY6kOt7ZmVKTS3Dy3dfJKnezO9/rIh
rmV+gjW6A8NvzVuWSIqHke8mEWbrK12mPb11+1iFiocGg9W9SslZzpOJ3kzc555R
MylNo98CAwEAAaOCAXkwggF1MCIGA1UdEQQbMBmCF25ld3dlYi5uYS5kZXNjYXJ0
ZXMuY29tMAkGA1UdEwQCMAAwbgYDVR0gBGcwZTBjBgZngQwBAgIwWTAmBggrBgEF
BQcCARYaaHR0cHM6Ly93d3cudGhhd3RlLmNvbS9jcHMwLwYIKwYBBQUHAgIwIwwh
aHR0cHM6Ly93d3cudGhhd3RlLmNvbS9yZXBvc2l0b3J5MA4GA1UdDwEB/wQEAwIF
oDAfBgNVHSMEGDAWgBTCT0hX/NFPmsBdOH0OBdvZLrVSYDArBgNVHR8EJDAiMCCg
HqAchhpodHRwOi8vdGouc3ltY2IuY29tL3RqLmNybDAdBgNVHSUEFjAUBggrBgEF
BQcDAQYIKwYBBQUHAwIwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRw
Oi8vdGouc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vdGouc3ltY2IuY29t
L3RqLmNydDANBgkqhkiG9w0BAQsFAAOCAQEAHbdaq8V3oYB5ZiqHcqjGy8FmY/im
+MEor9Kyje5i7IebgfGP1b319kEws6JIwopPWqLZxYY056LPWCCrNvzICK20GZ6e
HMFfNFBI4n837LHR91QwDriGe1KIZZOAaqjgS3t/gSoV6qt2TLp3SvKdpzJnm4SM
nu9pDvAB9RFmCInNNtb5Fcu/Z4yRhMEOTqDTXg5KjzYd9EahlPmtEYRwp3MV9PtB
FJ/nnWH6du67ooKM0pBMLsL2EkBMStTu9Dzr4ZUOwgR3fIRQcJf1V1PPbS2Q5GgS
ieCwQqtf623sVO3wpKdyYSWyBbhMtGzIldRC+L3ipICoA6s68Q5RspfKPA==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArVXSi3eEiwR7/VKXIHr+
FixW7qWz6PHOGQbJNmHHOYVNEiw6WqoFEj7AH553DUPBt8Ez/Q9vEDp3kzjS8guy
GsdlAUJp+8BUSNA1e1ysE3rXViFOTItdIdWnCng/fZ52oivt+cHeYIWB4YkSKVmF
hlrFSpic8ODTkkyS+70F1zutH/yxgJPZMJWgvokq2zBXU8AWQxQpT7pIGga9tfel
5+W4kje9I42R1ZFkf31CcU0zWRb4lBjqQ63tmZUpNLcPLd18kqd7M73+siGuZX6C
NboDw2/NW5ZIioeR7yYRZusrXaY9vXX7WIWKhwaD1b1KyVnOk4neTNznnlEzKU2j
3wIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 98328831296566416740320984483991093218
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'thawte, Inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'thawte SSL CA - G2'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2015-11-03 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2018-11-02 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CA'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Ontario'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Waterloo'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'The Descartes Systems Group Inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'CITRIX'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'newweb.na.descartes.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 21881547381896990213042883782626712706083865127033337579341119805001151846002982222283374005493529593978446800823714589597599499433321741342556218091283693366603418654064408713992960174612418652006814721246255585827567273997658496687097373679378286550428211807215870744473110825843969923097372488743937705792913137125285625974900482905641209565199181271440726198669020778553460830545440645513583839446103151844344972621837042519191956243072569302413945197091816904903195795622527731650371479787777876964978456930536176834679123903275571174234800157903585159414810990573224502403666179297234193782277868728175656018911
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (27 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'newweb.na.descartes.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (103 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.thawte.com/cps'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.2 (unotice)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'https://www.thawte.com/repository'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName c24f4857fcd14f9ac05d387d0e05dbd92eb55260
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (36 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://tj.symcb.com/tj.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (75 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://tj.symcd.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://tj.symcb.com/tj.crt'
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		001db75aabc577a18079662a8772a8c6cbc16663f8a6f8c128afd2b28dee62ec879b81f18fd5bdf5f64130b3a248c28a4f5aa2d9c58634e7a2cf5820ab36fcc808adb4199e9e1cc15f345048e27f37ecb1d1f754300eb8867b52886593806aa8e04b7b7f812a15eaab764cba774af29da732679b848c9eef690ef001f511660889cd36d6f915cbbf678c9184c10e4ea0d35e0e4a8f361df446a194f9ad118470a77315f4fb41149fe79d61fa76eebba2828cd2904c2ec2f612404c4ad4eef43cebe1950ec204777c84507097f55753cf6d2d90e4681289e0b042ab5feb6dec54edf0a4a7726125b205b84cb46cc895d442f8bde2a480a803ab3af10e51b297ca3c