Server3.eRecruitment.State.gov
Issued by U.S. Department of State AD High Assurance CA
About this certificate
This digital certificate with serial number 51:b6:36:b7 was issued on byU.S. Department of State AD High Assurance CA.
With 9 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- DNSNames must have a valid TLD. (BRs: 3.2.2.4)
- 3 DNS name(s) are bare public suffixes: ERECRUIT-WEB02, ERECRUIT-NEA01, ERECRUIT-NEA02 The domain SHOULD NOT have a bare public suffix (awslabs certlint)
- Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)
Certificate Subject
CN=Server3.eRecruitment.State.gov,OU=Enterprise Services+OU=PKI+OU=Web Servers,0.9.2342.19200300.100.1.25=#130b6170707365727669636573,0.9.2342.19200300.100.1.25=#13057374617465,0.9.2342.19200300.100.1.25=#1303736275
U.S. Department of State AD High Assurance CA
This certificate has expire since
Certificate Details
Serial Number (hex): 51:b6:36:b7Serial Number (int): 1370896055
Serial Number lenght: 31 bits, 4 octets
SubjectKeyId: f1:bf:6e:b0:34:60:9c:44:80:34:77:38:a2:78:e5:e3:ce:b8:f2:1c
AuthorityKeyId: 2f:4a:ea:b0:a5:54:3f:07:92:4d:49:9b:3e:7d:08:5a:d2:43:b9:4b
Fingerprint (sha1): 6d:7d:22:a4:90:1d:85:c2:33:c4:12:42:cd:bd:c8:80:9b:df:ad:ca
Fingerprint (sha256): 05:c0:78:d5:3e:10:87:90:0a:a7:f3:18:93:31:dd:27:e1:f9:89:24:eb:7c:c6:c0:2e:b7:bf:ed:de:59:83:7e
Issuing Certificate URL: http://crls.pki.state.gov/AIA/CertsIssuedToDoSADHACA.p7c
Issuing Certificate URL: ldap://certrep.pki.state.gov/cn=U.S.%20Department%20of%20State%20AD%20High%20Assurance%20CA,cn=AIA,cn=Public%20Key%20Services,cn=Services,cn=Configuration,dc=state,dc=sbu?cACertificate;binary
Issuing Certificate URL: ldap://certrep.pki.state.gov/cn=U.S.%20Department%20of%20State%20AD%20High%20Assurance%20CA,cn=AIA,cn=Public%20Key%20Services,cn=Services,cn=Configuration,dc=state,dc=sbu?crossCertificatePair;binary
Revocation information
OCSP Server: http://ocsp.pki.state.gov/OCSP/DoSOCSPResponderCheck the revocation status for certificate Server3.eRecruitment.State.gov
9
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for Server3.eRecruitment.State.gov
Public Key Algorithm
RSA
Key Size
2048
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Extensions
11 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
Server3.eRecruitment.State.gov
ERECRUIT-WEB02
169.253.172.79
Server1.eRecruitment.State.gov
ERECRUIT-NEA01
169.253.172.169
Server2.eRecruitment.State.gov
ERECRUIT-NEA02
169.253.172.170
ERECRUIT-WEB02
169.253.172.79
Server1.eRecruitment.State.gov
ERECRUIT-NEA01
169.253.172.169
Server2.eRecruitment.State.gov
ERECRUIT-NEA02
169.253.172.170
Other certificates including the domain name State.gov
(limited to 100 certificates)
Certificate
The complete raw certificate details for Server3.eRecruitment.State.gov in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIJyDCCCLCgAwIBAgIEUbY2tzANBgkqhkiG9w0BAQsFADCBuzETMBEGCgmSJomT 8ixkARkWA3NidTEVMBMGCgmSJomT8ixkARkWBXN0YXRlMRYwFAYDVQQDDA1Db25m aWd1cmF0aW9uMREwDwYDVQQDDAhTZXJ2aWNlczEcMBoGA1UEAwwTUHVibGljIEtl eSBTZXJ2aWNlczEMMAoGA1UEAwwDQUlBMTYwNAYDVQQDDC1VLlMuIERlcGFydG1l bnQgb2YgU3RhdGUgQUQgSGlnaCBBc3N1cmFuY2UgQ0EwHhcNMTcwODIxMTUxNjMz WhcNMjAwODIxMTU0NjMzWjCBtDETMBEGCgmSJomT8ixkARkWA3NidTEVMBMGCgmS JomT8ixkARkWBXN0YXRlMRswGQYKCZImiZPyLGQBGRYLYXBwc2VydmljZXMxHDAa BgNVBAsME0VudGVycHJpc2UgU2VydmljZXMxDDAKBgNVBAsMA1BLSTEUMBIGA1UE CwwLV2ViIFNlcnZlcnMxJzAlBgNVBAMMHlNlcnZlcjMuZVJlY3J1aXRtZW50LlN0 YXRlLmdvdjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMKoWaAUTOiI aITOTe31ObczivR2vauy9SgofqCc3GrOcLt+CIRDLPmH2sGdf7B/85qRx51Voos3 JYQYk4elKM9a2vio9wBZKtCNFGm5V3GYGEXjnCn8EQ0d7bqv9BGmy/3X4kh0Z2iy gBDeWouVMEwcFkOihcgtqDM70mrrx4+QU+xtOejZNFS2MNYLhQVH/1vWPzWn/qZC c6jIIjqA8tlv/9IzZ7B1xH5gM7MiI/kMRAm7LjD5Ud/YwmNut7gX4azgtnGtNiJ/ geR/N6Rhfui6Hi3Z8Ar6BsSFXQLkMF8Ki73i6Tuv7RME7rivrC5I+08JAvJGp0So JMNzIjzW6TECAwEAAaOCBdcwggXTMA4GA1UdDwEB/wQEAwIFoDAXBgNVHSAEEDAO MAwGCmCGSAFlAwIBBiUwEwYDVR0lBAwwCgYIKwYBBQUHAwEwggI6BggrBgEFBQcB AQSCAiwwggIoMEQGCCsGAQUFBzAChjhodHRwOi8vY3Jscy5wa2kuc3RhdGUuZ292 L0FJQS9DZXJ0c0lzc3VlZFRvRG9TQURIQUNBLnA3YzCBzAYIKwYBBQUHMAKGgb9s ZGFwOi8vY2VydHJlcC5wa2kuc3RhdGUuZ292L2NuPVUuUy4lMjBEZXBhcnRtZW50 JTIwb2YlMjBTdGF0ZSUyMEFEJTIwSGlnaCUyMEFzc3VyYW5jZSUyMENBLGNuPUFJ QSxjbj1QdWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxjbj1TZXJ2aWNlcyxjbj1Db25m aWd1cmF0aW9uLGRjPXN0YXRlLGRjPXNidT9jQUNlcnRpZmljYXRlO2JpbmFyeTCB 0wYIKwYBBQUHMAKGgcZsZGFwOi8vY2VydHJlcC5wa2kuc3RhdGUuZ292L2NuPVUu Uy4lMjBEZXBhcnRtZW50JTIwb2YlMjBTdGF0ZSUyMEFEJTIwSGlnaCUyMEFzc3Vy YW5jZSUyMENBLGNuPUFJQSxjbj1QdWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxjbj1T ZXJ2aWNlcyxjbj1Db25maWd1cmF0aW9uLGRjPXN0YXRlLGRjPXNidT9jcm9zc0Nl cnRpZmljYXRlUGFpcjtiaW5hcnkwOwYIKwYBBQUHMAGGL2h0dHA6Ly9vY3NwLnBr aS5zdGF0ZS5nb3YvT0NTUC9Eb1NPQ1NQUmVzcG9uZGVyMIHNBgNVHREEgcUwgcKC HlNlcnZlcjMuZVJlY3J1aXRtZW50LlN0YXRlLmdvdoIORVJFQ1JVSVQtV0VCMDKC DjE2OS4yNTMuMTcyLjc5gh5TZXJ2ZXIxLmVSZWNydWl0bWVudC5TdGF0ZS5nb3aC DkVSRUNSVUlULU5FQTAxgg8xNjkuMjUzLjE3Mi4xNjmCHlNlcnZlcjIuZVJlY3J1 aXRtZW50LlN0YXRlLmdvdoIORVJFQ1JVSVQtTkVBMDKCDzE2OS4yNTMuMTcyLjE3 MDCCAfAGA1UdHwSCAecwggHjMIIB36CCAdugggHXpIHPMIHMMRMwEQYKCZImiZPy LGQBGRYDc2J1MRUwEwYKCZImiZPyLGQBGRYFc3RhdGUxFjAUBgNVBAMMDUNvbmZp Z3VyYXRpb24xETAPBgNVBAMMCFNlcnZpY2VzMRwwGgYDVQQDDBNQdWJsaWMgS2V5 IFNlcnZpY2VzMQwwCgYDVQQDDANBSUExNjA0BgNVBAMMLVUuUy4gRGVwYXJ0bWVu dCBvZiBTdGF0ZSBBRCBIaWdoIEFzc3VyYW5jZSBDQTEPMA0GA1UEAwwGQ1JMMzYy hjVodHRwOi8vY3Jscy5wa2kuc3RhdGUuZ292L2NybHMvRG9TQURQS0lIQUNBc2hh MjU2LmNybIaBy2xkYXA6Ly9jZXJ0cmVwLnBraS5zdGF0ZS5nb3YvY249VS5TLiUy MERlcGFydG1lbnQlMjBvZiUyMFN0YXRlJTIwQUQlMjBIaWdoJTIwQXNzdXJhbmNl JTIwQ0EsY249QUlBLGNuPVB1YmxpYyUyMEtleSUyMFNlcnZpY2VzLGNuPVNlcnZp Y2VzLGNuPUNvbmZpZ3VyYXRpb24sZGM9c3RhdGUsZGM9c2J1P2NlcnRpZmljYXRl UmV2b2NhdGlvbkxpc3Q7YmluYXJ5MCsGA1UdEAQkMCKADzIwMTcwODIxMTUxNjMz WoEPMjAyMDA4MjExNTQ2MzNaMB8GA1UdIwQYMBaAFC9K6rClVD8Hkk1Jmz59CFrS Q7lLMB0GA1UdDgQWBBTxv26wNGCcRIA0dziieOXjzrjyHDAJBgNVHRMEAjAAMBkG CSqGSIb2fQdBAAQMMAobBFY4LjEDAgOoMA0GCSqGSIb3DQEBCwUAA4IBAQAbzLkH Bsp0oup8n31YSc2OJY/EOFhRIydUhPMBaaDn+bmA5miThilc4B54UdcfXhBKw/Tx sNKperEDciFpVpLJ9NigNezumZILBOlU3tBlYggi2vpLGtorfms58Ek8rVgOdQmn OlILOyfH5PjCajFvihIeFCsJ7QAfinlDDyOm3uHKUJl+mQ6em1/w1C6DqAULyW1d djJUSX1NcgFseN/RltiWMSLLQcOalVSKxu39xhJm7UNoPlayVAr7VSs9gGBnbMRn ZIOjMX2MwjCu/XJdTquua1QqvegszcuAs/WoHnaprgUS5/Tn2qU1Mdn01cdDyJRf MrWeMuEZI2h6Yo7y -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwqhZoBRM6IhohM5N7fU5 tzOK9Ha9q7L1KCh+oJzcas5wu34IhEMs+YfawZ1/sH/zmpHHnVWiizclhBiTh6Uo z1ra+Kj3AFkq0I0UablXcZgYReOcKfwRDR3tuq/0EabL/dfiSHRnaLKAEN5ai5Uw TBwWQ6KFyC2oMzvSauvHj5BT7G056Nk0VLYw1guFBUf/W9Y/Naf+pkJzqMgiOoDy 2W//0jNnsHXEfmAzsyIj+QxECbsuMPlR39jCY263uBfhrOC2ca02In+B5H83pGF+ 6LoeLdnwCvoGxIVdAuQwXwqLveLpO6/tEwTuuK+sLkj7TwkC8kanRKgkw3MiPNbp MQIDAQAB -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 1370896055 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 0.9.2342.19200300.100.1.25 (domainComponent) . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'sbu' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 0.9.2342.19200300.100.1.25 (domainComponent) . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'state' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Configuration' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Services' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Public Key Services' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'AIA' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'U.S. Department of State AD High Assurance CA' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2017-08-21 15:16:33 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2020-08-21 15:46:33 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 0.9.2342.19200300.100.1.25 (domainComponent) . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'sbu' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 0.9.2342.19200300.100.1.25 (domainComponent) . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'state' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 0.9.2342.19200300.100.1.25 (domainComponent) . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'appservices' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName) . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Enterprise Services' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName) . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'PKI' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName) . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Web Servers' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Server3.eRecruitment.State.gov' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 24573247691234684148908711083973096760141609716064224761478239610367137015047264336058684877584282393695374358283382013135467448520259345151354796912432818911666809078774446018478894078959022119167855144721417979417289887408139139061839693470622308536489757381429828415912897208814046265806210519646460576667716838651620966549432005104132943738973144166742819257842932602900101442886513764970462187837959933668376844261359865221888842581861432851635149358794270401308480803333490110242123470763073391958778631468822006503258798876015727091184318568744785531527755222001280753104215713202967061253566528014693405485361 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (16 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.101.3.2.1.6.37 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (556 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crls.pki.state.gov/AIA/CertsIssuedToDoSADHACA.p7c' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'ldap://certrep.pki.state.gov/cn=U.S.%20Department%20of%20State%20AD%20High%20Assurance%20CA,cn=AIA,cn=Public%20Key%20Services,cn=Services,cn=Configuration,dc=state,dc=sbu?cACertificate;binary' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'ldap://certrep.pki.state.gov/cn=U.S.%20Department%20of%20State%20AD%20High%20Assurance%20CA,cn=AIA,cn=Public%20Key%20Services,cn=Services,cn=Configuration,dc=state,dc=sbu?crossCertificatePair;binary' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.pki.state.gov/OCSP/DoSOCSPResponder' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (197 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'Server3.eRecruitment.State.gov' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ERECRUIT-WEB02' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '169.253.172.79' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'Server1.eRecruitment.State.gov' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ERECRUIT-NEA01' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '169.253.172.169' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'Server2.eRecruitment.State.gov' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ERECRUIT-NEA02' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '169.253.172.170' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (487 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:4|true] Name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 0.9.2342.19200300.100.1.25 (domainComponent) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'sbu' . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 0.9.2342.19200300.100.1.25 (domainComponent) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'state' . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Configuration' . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Services' . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Public Key Services' . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'AIA' . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'U.S. Department of State AD High Assurance CA' . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'CRL362' . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crls.pki.state.gov/crls/DoSADPKIHACAsha256.crl' . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'ldap://certrep.pki.state.gov/cn=U.S.%20Department%20of%20State%20AD%20High%20Assurance%20CA,cn=AIA,cn=Public%20Key%20Services,cn=Services,cn=Configuration,dc=state,dc=sbu?certificateRevocationList;binary' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.16 (privateKeyUsagePeriod) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (36 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 32303137303832313135313633335a . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:1|false] IA5String '20200821154633Z' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 2f4aeab0a5543f07924d499b3e7d085ad243b94b . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) f1bf6eb034609c4480347738a278e5e3ceb8f21c . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113533.7.65.0 (entrustVersInfo) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:27|false] GeneralString 'V8.1' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (5 bits) 03a8 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 001bccb90706ca74a2ea7c9f7d5849cd8e258fc438585123275484f30169a0e7f9b980e6689386295ce01e7851d71f5e104ac3f4f1b0d2a97ab1037221695692c9f4d8a035ecee99920b04e954ded065620822dafa4b1ada2b7e6b39f0493cad580e7509a73a520b3b27c7e4f8c26a316f8a121e142b09ed001f8a79430f23a6dee1ca50997e990e9e9b5ff0d42e83a8050bc96d5d763254497d4d72016c78dfd196d8963122cb41c39a95548ac6edfdc61266ed43683e56b2540afb552b3d8060676cc4676483a3317d8cc230aefd725d4eabae6b542abde82ccdcb80b3f5a81e76a9ae0512e7f4e7daa53531d9f4d5c743c8945f32b59e32e11923687a628ef2