adfs01.cs.stonybrook.edu

- Stony Brook University -

Issued by InCommon RSA Server CA 2

About this certificate

This digital certificate with serial number 4e:77:a7:38:05:71:f4:6f:d1:da:9f:8c:b5:e3:f2:a4 was issued on by Internet2.

With 6 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Stony Brook University

Organization: Stony Brook University
State / Province: New York
Country: US

Internet2

Organization: Internet2
Country: US

This certificate will expire on

Certificate Details

Serial Number (hex): 4e:77:a7:38:05:71:f4:6f:d1:da:9f:8c:b5:e3:f2:a4
Serial Number (int): 104301058598255181188910949135573840548
Serial Number lenght: 127 bits, 16 octets

SubjectKeyId: a6:fc:c5:26:8f:02:82:6a:0f:2a:df:ac:6f:74:21:85:0b:d9:e5:51
AuthorityKeyId: ef:4c:00:92:a6:fb:76:2e:5e:95:e2:c9:5f:87:1b:19:d5:4d:e2:d9

Fingerprint (sha1): d6:18:bf:26:ba:16:d4:c0:5d:d8:c8:74:33:f2:13:da:09:c6:d8:fd
Fingerprint (sha256): 06:7a:35:4d:76:2d:10:3f:9a:e9:40:4c:cc:30:1a:e4:4e:98:0a:51:f1:41:5d:0a:34:48:3e:f6:10:ad:a5:b2

Issuing Certificate URL: http://crt.sectigo.com/InCommonRSAServerCA2.crt

Revocation information

OCSP Server: http://ocsp.sectigo.com
CRL Distribution Point: http://crl.sectigo.com/InCommonRSAServerCA2.crl

Check the revocation status for certificate adfs01.cs.stonybrook.edu

6

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for adfs01.cs.stonybrook.edu

Public Key Algorithm

RSA

Key Size

4096

Signature Algorithm

SHA384 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

adfs01.cs.stonybrook.edu
*.adfs01.cs.stonybrook.edu
*.adfs01.cs.sunysb.edu
adfs01.cs.sunysb.edu
adfsp01.cs.stonybrook.edu
adfsp01.cs.sunysb.edu

Other certificates including the domain name stonybrook.edu

(limited to 100 certificates)
svn.cs.stonybrook.edu
sql-tmates16-p.uhmc.sbuh.stonybrook.edu
answers.library.stonybrook.edu
statuspage.io
5098030885765120-fe4.pantheonsite.io
givingday.stonybrook.edu
cloud-status.typesense.org
guides.library.stonybrook.edu
statuspage.io
statuspage.io
rdpgw-2fa.cc.stonybrook.edu
5745710343389184-fe4.pantheonsite.io
grading.cse356.compas.cs.stonybrook.edu
sunapsistest.campus.stonybrook.edu
5098030885765120-fe4.pantheonsite.io
5098030885765120-fe4.pantheonsite.io
5707532110659584-fe2.pantheonsite.io
arrive.cs.stonybrook.edu
sbmta2.cc.stonybrook.edu
vsst.stonybrook.edu
webappys.cc.stonybrook.edu
5721185543258112-fe3.pantheonsite.io
nanocas.ece.stonybrook.edu
clubred.stonybrook.edu
5717119551406080-fe2.pantheonsite.io
sqlnode2-p.campus.stonybrook.edu
seniorclasslegacy.stonybrook.edu
5707532110659584-fe2.pantheonsite.io
5699866936213504-fe4.pantheonsite.io
5719980670713856-fe1.pantheonsite.io
6250489796624384-fe1.pantheonsite.io
teams.stonybrook.edu
its.msudenverstatus.com
5707532110659584-fe2.pantheonsite.io
testhighsierra01.sinc.stonybrook.edu
sbmatters.stonybrook.edu
sql-ips16-p1.uhmc.sbuh.stonybrook.edu
icdm2015.stonybrook.edu
5765867027562496-fe4.pantheonsite.io
webapp1.cc.stonybrook.edu
5765867027562496-fe4.pantheonsite.io
enroll.stonybrook.edu
5737664527466496-fe3.pantheonsite.io
redcap.stonybrook.edu
ascomaxess.uhmc.sbuh.stonybrook.edu
sdmwc.uhmc.sbuh.stonybrook.edu
research-pp.stonybrook.edu
stemsoftclinic.uhmc.sbuh.stonybrook.edu
xsrv2.mm.cs.stonybrook.edu
policymanagerd.uhmc.sbuh.stonybrook.edu
testsmg.cc.stonybrook.edu
5717119551406080-fe2.pantheonsite.io
statuspage.io
statuspage.io
coi.myresearch.stonybrook.edu
statuspage.io
dsfrey.javits.stonybrook.edu
statuspage.io
sql-spkctrm16p1.uhmc.sbuh.stonybrook.edu
uhmc-xapp-sf-d.uhmc.sbuh.stonybrook.edu
5759778777202688-fe2.pantheonsite.io
chartcompletion.hospital.stonybrook.edu
6250489796624384-fe1.pantheonsite.io
5766380947243008-fe1.pantheonsite.io
statuspage.io
you.stonybrook.edu
grants.myresearch.stonybrook.edu
mysbfiles.stonybrook.edu
5765867027562496-fe4.pantheonsite.io
disaster.studies.stonybrook.edu
5721185543258112-fe3.pantheonsite.io
5745710343389184-fe4.pantheonsite.io
statuspage.io
cucmpub-ms.cewit.stonybrook.edu
p250.cc.stonybrook.edu
classroomfinder.tlt.stonybrook.edu
statuspage.io
p250.cc.stonybrook.edu
icdm2015.stonybrook.edu
liberalarts.ss.pacific.edu
5766380947243008-fe1.pantheonsite.io
statuspage.io
addc2.campus.stonybrook.edu
5765867027562496-fe4.pantheonsite.io
mypasswords.stonybrook.edu
myresearch.stonybrook.edu
expeditions.sandiegozoo.org
6250489796624384-fe1.pantheonsite.io
adfs01.cs.stonybrook.edu
5714902542974976-fe3.pantheonsite.io
api.stonybrook.edu
statuspage.io
ip-e.stonybrook.edu
5714902542974976-fe3.pantheonsite.io
sp-db16-p.uhmc.sbuh.stonybrook.edu
housing.stonybrook.edu
sql-vsync16-p.uhmc.sbuh.stonybrook.edu
mobile.cc.stonybrook.edu
hctestapp2.campus.stonybrook.edu
addc3.campus.stonybrook.edu

Certificate

The complete raw certificate details for adfs01.cs.stonybrook.edu in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIIWjCCBsKgAwIBAgIQTnenOAVx9G/R2p+MtePypDANBgkqhkiG9w0BAQwFADBE
MQswCQYDVQQGEwJVUzESMBAGA1UEChMJSW50ZXJuZXQyMSEwHwYDVQQDExhJbkNv
bW1vbiBSU0EgU2VydmVyIENBIDIwHhcNMjMxMjEzMDAwMDAwWhcNMjUwMTEyMjM1
OTU5WjBkMQswCQYDVQQGEwJVUzERMA8GA1UECBMITmV3IFlvcmsxHzAdBgNVBAoT
FlN0b255IEJyb29rIFVuaXZlcnNpdHkxITAfBgNVBAMTGGFkZnMwMS5jcy5zdG9u
eWJyb29rLmVkdTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANAv10sb
HMs8clIJBiP8YTdGwPoLRs0yvnwLyJuYPJKfNaN0dmtglusaE5jT7+m9DUAifTev
PK/+HwzrEH3YWBUBC8qdbEbYwtV7ta0pUkjlbiOvI4plnlYi5Ro0IY1hQsf97can
jnHJOphmfMEqsda9q3YyWEaLAJxHmeA2k3SqH8lf9WhJgdraxiH1jSfjmj2dXFEd
DiM+KupqmRdd7d73EifLmYS03GP2p51TLo1LVKsdKAGT1INyJY3tEJRp1rL7xC3l
qSrW60NaY8W/VYXu1adKit+SuK7GqQ1uJhrxUlKDe+iYi1PmtSGF7LzzFpFCr3Jf
7dwbaf+vK2/EvgX4eJCcXGhuXJEmPTIxAg+j6vAgRgbr30VSXsF9c8W4b7m316Gm
kTYQGZCz8tGiVTwUrq/AN46Sr2DC8gnpuh2/RnNG8V6+c/PRcQkk/UswW9PePhjY
LKXNcYYdaDuzsIGjfODl+mU1eXyV3b3ykb8ghtUTR7YzJEOiWZxR891A9fzJfUFE
EsyLUwA0+S8qUEN0ynCTOJxEPBZNTcmNQCQTbkjNyhBJfWbDkOGYFqyttPaq9E6c
4h7pBx5EGl9HVGRaYCVLK4ZiTphEsG5nGahO2tkyuQUQTnQ+xIbdGA5Isfhjr83r
mkndr0hpvk/asTcc4qtM63F4Pqato9N2goDLAgMBAAGjggOmMIIDojAfBgNVHSME
GDAWgBTvTACSpvt2Ll6V4slfhxsZ1U3i2TAdBgNVHQ4EFgQUpvzFJo8CgmoPKt+s
b3QhhQvZ5VEwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYw
FAYIKwYBBQUHAwEGCCsGAQUFBwMCMEkGA1UdIARCMEAwNAYLKwYBBAGyMQECAmcw
JTAjBggrBgEFBQcCARYXaHR0cHM6Ly9zZWN0aWdvLmNvbS9DUFMwCAYGZ4EMAQIC
MEAGA1UdHwQ5MDcwNaAzoDGGL2h0dHA6Ly9jcmwuc2VjdGlnby5jb20vSW5Db21t
b25SU0FTZXJ2ZXJDQTIuY3JsMHAGCCsGAQUFBwEBBGQwYjA7BggrBgEFBQcwAoYv
aHR0cDovL2NydC5zZWN0aWdvLmNvbS9JbkNvbW1vblJTQVNlcnZlckNBMi5jcnQw
IwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLnNlY3RpZ28uY29tMIIBfgYKKwYBBAHW
eQIEAgSCAW4EggFqAWgAdgDPEVbu1S58r/OHW9lpLpvpGnFnSrAX7KwB0lt3zsw7
CAAAAYxkHXpnAAAEAwBHMEUCIQCjTzbW5EhIjatuNr7ce6N9MNT396vCtWKUjmLB
Hr5YKgIgW0gtICWCazzJCUPn2y86jQAHQVCllFsYI4nVc6LvdcAAdQCi4wrkRe+9
rZt+OO1HZ3dT14JbhJTXK14bLMS5UKRH5wAAAYxkHXrAAAAEAwBGMEQCIBPSol1X
ob+rlPAxsOv4RW+CxEefOtG8RjlCDBds2UWwAiBcQgcsAm1nr7Mnp19+EnE1bPjt
VB9B1fHUHnLChw1onAB3AE51oydcmhDDOFts1N8/Uusd8OCOG41pwLH6ZLFimjnf
AAABjGQdekQAAAQDAEgwRgIhAJ69o9/MxiCh6GzvWyOWI1CN8/L8zzVGUaqoJyHh
OXpXAiEAsiL6bzDnkvQtT6a14iMD8qGI3ppGWXTsAURThzhi6R8wgaEGA1UdEQSB
mTCBloIYYWRmczAxLmNzLnN0b255YnJvb2suZWR1ghoqLmFkZnMwMS5jcy5zdG9u
eWJyb29rLmVkdYIWKi5hZGZzMDEuY3Muc3VueXNiLmVkdYIUYWRmczAxLmNzLnN1
bnlzYi5lZHWCGWFkZnNwMDEuY3Muc3Rvbnlicm9vay5lZHWCFWFkZnNwMDEuY3Mu
c3VueXNiLmVkdTANBgkqhkiG9w0BAQwFAAOCAYEAg5yjotQwFOTRsaPp/rGAcHZ3
9utvZr0QtjRRnwpDoqo3VZqIiZ24JgECBp/L+6aa5N00QNwM75xqNkZcfirENZv4
18WpxUefMJ/PR5V68YXX0CB46sh3sgJG2aux436ENXLj4u6rp9vaG6NU9ycTvRw8
9uku4UJzOzr4gcoy7W4+WBml4dSy0Vz8s8T7XscyPvfXSiNszLVSRc2ehz3+2w2w
2MRwtE3dq4ckS03B3u56V9YsVwTyodPaM50NXa699xKzB/f0Wm6d4qVMiqZDUZAQ
vyEJJuM34zBzxcaSNxxElUzP+vf+n7LOoOrpk150rSyIeKwpyEBC5guaWc6zFmak
uIPAJP+AIwMHHnDdrRMTwjg3b9JK+ta6CU6eOOEKCEhEeCkaRncvRNvWzL8xMtBl
ylddHbcsM++J55T03O0M/7HY+GIVwVxiy2OcPiaN+xjEwK9VCRxd8+xp4GY4vqIH
NzmA6zPoYXjv8m6BtzNNy1ymvhxXfzj0pL3wY7BJ
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0C/XSxscyzxyUgkGI/xh
N0bA+gtGzTK+fAvIm5g8kp81o3R2a2CW6xoTmNPv6b0NQCJ9N688r/4fDOsQfdhY
FQELyp1sRtjC1Xu1rSlSSOVuI68jimWeViLlGjQhjWFCx/3txqeOcck6mGZ8wSqx
1r2rdjJYRosAnEeZ4DaTdKofyV/1aEmB2trGIfWNJ+OaPZ1cUR0OIz4q6mqZF13t
3vcSJ8uZhLTcY/annVMujUtUqx0oAZPUg3Ilje0QlGnWsvvELeWpKtbrQ1pjxb9V
he7Vp0qK35K4rsapDW4mGvFSUoN76JiLU+a1IYXsvPMWkUKvcl/t3Btp/68rb8S+
Bfh4kJxcaG5ckSY9MjECD6Pq8CBGBuvfRVJewX1zxbhvubfXoaaRNhAZkLPy0aJV
PBSur8A3jpKvYMLyCem6Hb9Gc0bxXr5z89FxCST9SzBb094+GNgspc1xhh1oO7Ow
gaN84OX6ZTV5fJXdvfKRvyCG1RNHtjMkQ6JZnFHz3UD1/Ml9QUQSzItTADT5LypQ
Q3TKcJM4nEQ8Fk1NyY1AJBNuSM3KEEl9ZsOQ4ZgWrK209qr0TpziHukHHkQaX0dU
ZFpgJUsrhmJOmESwbmcZqE7a2TK5BRBOdD7Eht0YDkix+GOvzeuaSd2vSGm+T9qx
Nxziq0zrcXg+pq2j03aCgMsCAwEAAQ==
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 104301058598255181188910949135573840548
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.12 (sha384WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Internet2'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'InCommon RSA Server CA 2'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-12-13 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-01-12 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'New York'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Stony Brook University'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'adfs01.cs.stonybrook.edu'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 849328365406563926324184101659230702560880541146556510883137190180647681973168535399427453746877658779828910439017090803288331898793184728852228093515272433130140330816036508440293525471506016405873566311766682440964609379091657656563915603701324213884425436400262640612958396413339651392605917360283042484299394469288935129454162218831614852381083194172002419968026364313570640315664170829205224406213487449028092485673333431510802215174740501496371374964097208091537826571127471586175234128183224326903317290579139563825996601024614994039859360525676643410742168601829670738704594899298521697041108095192319161547161152759166470801953238358527161311680375262456396363125648490907610452112163596407844203442941313710378238675380063538471365287232633631676035003897012306338310119211749232614712964151310504998932160454889423538571500651053250139821676489656411301039073046310413847792770630779165291944854653242313305053923619293232800731757095778394821390727285376460578531929928912859117584270196471090059532798013080029354682833325803423858062661617066890677851356242357520371178765005618534923356467208870512451804823268884402550502976033979123071803199770369456703132697501046919124703639019081065039685176131006546940440772811
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName ef4c0092a6fb762e5e95e2c95f871b19d54de2d9
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							a6fcc5268f02826a0f2adfac6f7421850bd9e551
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (66 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.6449.1.2.2.103
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://sectigo.com/CPS'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (57 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.sectigo.com/InCommonRSAServerCA2.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (100 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.sectigo.com/InCommonRSAServerCA2.crt'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.sectigo.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (366 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (362 bytes)
							0168007600cf1156eed52e7caff3875bd9692e9be91a71674ab017ecac01d25b77cecc3b080000018c641d7a670000040300473045022100a34f36d6e448488dab6e36bedc7ba37d30d4f7f7abc2b562948e62c11ebe582a02205b482d2025826b3cc90943e7db2f3a8d00074150a5945b182389d573a2ef75c0007500a2e30ae445efbdad9b7e38ed47677753d7825b8494d72b5e1b2cc4b950a447e70000018c641d7ac00000040300463044022013d2a25d57a1bfab94f031b0ebf8456f82c4479f3ad1bc4639420c176cd945b002205c42072c026d67afb327a75f7e1271356cf8ed541f41d5f1d41e72c2870d689c0077004e75a3275c9a10c3385b6cd4df3f52eb1df0e08e1b8d69c0b1fa64b1629a39df0000018c641d7a4400000403004830460221009ebda3dfccc620a1e86cef5b239623508df3f2fccf354651aaa82721e1397a57022100b222fa6f30e792f42d4fa6b5e22303f2a188de9a465974ec014453873862e91f
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (153 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'adfs01.cs.stonybrook.edu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.adfs01.cs.stonybrook.edu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.adfs01.cs.sunysb.edu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'adfs01.cs.sunysb.edu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'adfsp01.cs.stonybrook.edu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'adfsp01.cs.sunysb.edu'
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.12 (sha384WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (3072 bits)
		00839ca3a2d43014e4d1b1a3e9feb180707677f6eb6f66bd10b634519f0a43a2aa37559a88899db8260102069fcbfba69ae4dd3440dc0cef9c6a36465c7e2ac4359bf8d7c5a9c5479f309fcf47957af185d7d02078eac877b20246d9abb1e37e843572e3e2eeaba7dbda1ba354f72713bd1c3cf6e92ee142733b3af881ca32ed6e3e5819a5e1d4b2d15cfcb3c4fb5ec7323ef7d74a236cccb55245cd9e873dfedb0db0d8c470b44dddab87244b4dc1deee7a57d62c5704f2a1d3da339d0d5daebdf712b307f7f45a6e9de2a54c8aa643519010bf210926e337e33073c5c692371c44954ccffaf7fe9fb2cea0eae9935e74ad2c8878ac29c84042e60b9a59ceb31666a4b883c024ff802303071e70ddad1313c238376fd24afad6ba094e9e38e10a08484478291a46772f44dbd6ccbf3132d065ca575d1db72c33ef89e794f4dced0cffb1d8f86215c15c62cb639c3e268dfb18c4c0af55091c5df3ec69e06638bea207373980eb33e86178eff26e81b7334dcb5ca6be1c577f38f4a4bdf063b049