retiree-info.usg.edu

- University System of Georgia -

Issued by InCommon RSA Server CA

About this certificate

This digital certificate with serial number 5b:11:61:22:0e:a0:30:40:fc:c0:dd:27:04:63:cc:5c was issued on by Internet2.

With 3 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

University System of Georgia

Organization: University System of Georgia
Organization unit: Information Technology Services
Address: 270 Washington Street, S.W.
Postal code: 30334
State / Province: Geogia
Locality: Atlanta
Country: US

Internet2

Organization: Internet2
Organization unit: InCommon
State / Province: MI
Locality: Ann Arbor
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 5b:11:61:22:0e:a0:30:40:fc:c0:dd:27:04:63:cc:5c
Serial Number (int): 121049986755037962341982832130192034908
Serial Number lenght: 127 bits, 16 octets

SubjectKeyId: 79:62:7a:6c:22:ff:6d:7d:15:60:6d:54:c9:42:e8:c4:80:f9:77:bb
AuthorityKeyId: 1e:05:a3:77:8f:6c:96:e2:5b:87:4b:a6:b4:86:ac:71:00:0c:e7:38

Fingerprint (sha1): c0:fb:00:75:39:ff:35:94:e3:75:c7:6e:db:69:e5:87:ca:84:13:47
Fingerprint (sha256): 09:10:8e:01:b7:7e:a2:36:0e:7b:62:f0:67:09:47:fa:77:6d:ef:f4:45:54:52:64:0f:a3:69:c8:f6:17:7b:da

Issuing Certificate URL: http://crt.usertrust.com/InCommonRSAServerCA_2.crt

Revocation information

OCSP Server: http://ocsp.usertrust.com
CRL Distribution Point: http://crl.incommon-rsa.org/InCommonRSAServerCA.crl

Check the revocation status for certificate retiree-info.usg.edu

3

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for retiree-info.usg.edu

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

retiree-info.usg.edu
dev.retiree-info-faq.usg.edu
test.retiree-info.usg.edu

Other certificates including the domain name usg.edu

(limited to 100 certificates)
statuspage.io
apistatus.pitneybowes.com
statuspage.io
statuspage.io
statuspage.io
gil.uga.edu
spexternal.bor.usg.edu
*.proxygsu-sbul.galileo.usg.edu
epay.usg.edu
filestest.usg.edu
ap1.bor.usg.edu
statuspage.io
idp-demo-prod.bor.usg.edu
gil.uga.edu
jirafeau.galileo.usg.edu
*.hprod.onehcm.usg.edu
www.usg.edu
elver.adm.usg.edu
giluc.usg.edu
gitlab.usg.edu
*.proxygsu-dal1.galileo.usg.edu
ocs-prod-cwa.uso.bor.usg.edu
statuspage.io
statuspage.io
statuspage.io
asurams.gabest.usg.edu
statuspage.io
statuspage.io
*.onehcm.usg.edu
blog.dlg.galileo.usg.edu
oer.galileo.usg.edu
statuspage.io
*.proxygsu-psnd.galileo.usg.edu
dlg.usg.edu
*.proxygsu-gwt1.galileo.usg.edu
statuspage.io
gil.usg.edu
*.fprod.gafirst.usg.edu
statuspage.io
pauth.usg.edu
pauth.usg.edu
adfs.ssc.usg.edu
statuspage.io
statuspage.io
apistatus.pitneybowes.com
apistatus.pitneybowes.com
statuspage.io
bi123.usg.edu
*.dev.usg.edu
*.proxygsu-seff.galileo.usg.edu
ftp.ssc.usg.edu
statuspage.io
statuspage.io
statuspage.io
*.proxygsu-sgai.galileo.usg.edu
statuspage.io
tlsv12-only.bor.usg.edu
exchcas-prod.uso.bor.usg.edu
*.aufdev2.gafirst.usg.edu
*.proxygsu-mac2.galileo.usg.edu
analytics.usg.edu
retiree-info.usg.edu
apps.usg.edu
statuspage.io
ftp.ssc.usg.edu
statuspage.io
www.bor.usg.edu
*.proxygsu-nega.galileo.usg.edu
*.view.usg.edu
apistatus.pitneybowes.com
statuspage.io
www.ssc.usg.edu
statuspage.io
app.usg.edu
ssl.ssc.usg.edu
statuspage.io
access.ssc.usg.edu
sharepoint.ssc.usg.edu
*.gafirst.usg.edu
statuspage.io
apistatus.pitneybowes.com
statuspage.io
emajor.usg.edu
statuspage.io
statuspage.io
gsw.gabest.usg.edu
*.proxygsu-sfor.galileo.usg.edu
statuspage.io
statuspage.io
statuspage.io
apistatus.pitneybowes.com
*.proxygsu-pswf.galileo.usg.edu
statuspage.io
dataviz.usg.edu
statuspage.io
ducs-con.adm.usg.edu
statuspage.io
statuspage.io
statuspage.io
usgtrackit.bor.usg.edu

Certificate

The complete raw certificate details for retiree-info.usg.edu in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIG4jCCBcqgAwIBAgIQWxFhIg6gMED8wN0nBGPMXDANBgkqhkiG9w0BAQsFADB2
MQswCQYDVQQGEwJVUzELMAkGA1UECBMCTUkxEjAQBgNVBAcTCUFubiBBcmJvcjES
MBAGA1UEChMJSW50ZXJuZXQyMREwDwYDVQQLEwhJbkNvbW1vbjEfMB0GA1UEAxMW
SW5Db21tb24gUlNBIFNlcnZlciBDQTAeFw0xODEyMjAwMDAwMDBaFw0xOTEyMjAy
MzU5NTlaMIHWMQswCQYDVQQGEwJVUzEOMAwGA1UEERMFMzAzMzQxDzANBgNVBAgT
Bkdlb2dpYTEQMA4GA1UEBxMHQXRsYW50YTEkMCIGA1UECRMbMjcwIFdhc2hpbmd0
b24gU3RyZWV0LCBTLlcuMSUwIwYDVQQKExxVbml2ZXJzaXR5IFN5c3RlbSBvZiBH
ZW9yZ2lhMSgwJgYDVQQLEx9JbmZvcm1hdGlvbiBUZWNobm9sb2d5IFNlcnZpY2Vz
MR0wGwYDVQQDExRyZXRpcmVlLWluZm8udXNnLmVkdTCCASIwDQYJKoZIhvcNAQEB
BQADggEPADCCAQoCggEBAMzkT4yN1aXrKibmLhn2nT2OmKe+qppkZhfSFownDi+l
srZjXIWptgEJCIsI36Qjxzsxtr5ArLYYbuicApN9M4F1zCsscVMoRTaSoJy9wjn1
2998J5JNbfNEoVKYBlK+vRBU54i2sGNvit8xQlomcJHCs9r6TB415E7zZpS2Q2GK
hy9Wp3TAFOZMLQtSj3hAxVD6U86hIZqORkTZwcjvmt+zncAvle9iZhDl5b46jlpY
UsMLphUewiv8QYvaTNg+9edhvn9QEZL4IDSYtOkEJNwD9ILGCbSgjf6DTeQM63K4
q0K5VKkEexTDyKgU6z5lC7w/wEW2cu8POofRtYpuxbUCAwEAAaOCAwkwggMFMB8G
A1UdIwQYMBaAFB4Fo3ePbJbiW4dLprSGrHEADOc4MB0GA1UdDgQWBBR5YnpsIv9t
fRVgbVTJQujEgPl3uzAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNV
HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwZwYDVR0gBGAwXjBSBgwrBgEEAa4j
AQQDAQEwQjBABggrBgEFBQcCARY0aHR0cHM6Ly93d3cuaW5jb21tb24ub3JnL2Nl
cnQvcmVwb3NpdG9yeS9jcHNfc3NsLnBkZjAIBgZngQwBAgIwRAYDVR0fBD0wOzA5
oDegNYYzaHR0cDovL2NybC5pbmNvbW1vbi1yc2Eub3JnL0luQ29tbW9uUlNBU2Vy
dmVyQ0EuY3JsMHUGCCsGAQUFBwEBBGkwZzA+BggrBgEFBQcwAoYyaHR0cDovL2Ny
dC51c2VydHJ1c3QuY29tL0luQ29tbW9uUlNBU2VydmVyQ0FfMi5jcnQwJQYIKwYB
BQUHMAGGGWh0dHA6Ly9vY3NwLnVzZXJ0cnVzdC5jb20wWAYDVR0RBFEwT4IUcmV0
aXJlZS1pbmZvLnVzZy5lZHWCHGRldi5yZXRpcmVlLWluZm8tZmFxLnVzZy5lZHWC
GXRlc3QucmV0aXJlZS1pbmZvLnVzZy5lZHUwggEEBgorBgEEAdZ5AgQCBIH1BIHy
APAAdgC72d+8H4pxtZOUI5eqkntHOFeVCqtS6BqQlmQ2jh7RhQAAAWfNyqFnAAAE
AwBHMEUCIA5gMNYW0Ue3QdD9nFmJv/qBYezoBnqm6kSKvsTzCXTQAiEAzW/4ab2J
HbC5nwky0PNqiBvROaW5LUoh2VKOrb1CAWoAdgB0ftqDMa0zEJEhnM4lT0Jwwr/9
XkIgCMY3NXnmEHvMVgAAAWfNyqGwAAAEAwBHMEUCIQDDIS6S8fnE2yWXstqvqXo9
hFoIhElN/OVV4K2PQyR/8AIgKXbjhJpautGRw0Yn6juXvHiyOmDckO9s4DlUHmMh
l4MwDQYJKoZIhvcNAQELBQADggEBAIcav9TIWVQ9QMIckMIQwSrTRd0/Tfknppuc
kRt6pdQtxjvjj8hOaUL4aAwFekyLBlY+8dYU/kP3N0CI2aiDrMCi26hzstWu+VXK
U2DxenBNsEEIB4PvP3DDHOa017qoneYp0xz4sF0561AjZiszZILT9YXr7brVMHzU
BJJPlKJYZ2G+kI+jHsFff/tRolBmD88TDqILr26lBK7NY4Xl1acfk3RxhLgq2gnQ
9rGlbn/RlaK7FeSAg55++fdqqDOzldFhOuUKuK6adWGqVpSWznkUHXU9DgLNm2ks
JpDmm+GjObOboTEXOwkDrInjLl5R9ErmPuHofR+iV3D4kNBHQjY=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzORPjI3VpesqJuYuGfad
PY6Yp76qmmRmF9IWjCcOL6WytmNcham2AQkIiwjfpCPHOzG2vkCsthhu6JwCk30z
gXXMKyxxUyhFNpKgnL3COfXb33wnkk1t80ShUpgGUr69EFTniLawY2+K3zFCWiZw
kcKz2vpMHjXkTvNmlLZDYYqHL1andMAU5kwtC1KPeEDFUPpTzqEhmo5GRNnByO+a
37OdwC+V72JmEOXlvjqOWlhSwwumFR7CK/xBi9pM2D7152G+f1ARkvggNJi06QQk
3AP0gsYJtKCN/oNN5AzrcrirQrlUqQR7FMPIqBTrPmULvD/ARbZy7w86h9G1im7F
tQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 121049986755037962341982832130192034908
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'MI'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Ann Arbor'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Internet2'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'InCommon'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'InCommon RSA Server CA'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2018-12-20 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-12-20 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.17 (postalCode)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '30334'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Geogia'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Atlanta'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.9 (streetAddress)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '270 Washington Street, S.W.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'University System of Georgia'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Information Technology Services'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'retiree-info.usg.edu'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 25865198434269382180338444903099004350837093531690425753692765397595251301792638959778391015888797852322421271951180521109652978282591151563234471256003330088714081159150565117262274844508030125746764860014994190285669342055344909131294230188193312013187130542625060317716139390724556522089010599884880894336123102880701437844358039755728773043902188443008200008440849487780640292212605749793050820365892682864043770530073770548523869076335825085904654421785309077598217985860453013801696301310444374808627703285325955265215234751098780278323578189517689044742294531453921206967462904161306342676039721718962268849589
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 1e05a3778f6c96e25b874ba6b486ac71000ce738
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							79627a6c22ff6d7d15606d54c942e8c480f977bb
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (96 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.5923.1.4.3.1.1
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.incommon.org/cert/repository/cps_ssl.pdf'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (61 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.incommon-rsa.org/InCommonRSAServerCA.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (105 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.usertrust.com/InCommonRSAServerCA_2.crt'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.usertrust.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (81 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'retiree-info.usg.edu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dev.retiree-info-faq.usg.edu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'test.retiree-info.usg.edu'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (245 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (242 bytes)
							00f0007600bbd9dfbc1f8a71b593942397aa927b473857950aab52e81a909664368e1ed18500000167cdcaa167000004030047304502200e6030d616d147b741d0fd9c5989bffa8161ece8067aa6ea448abec4f30974d0022100cd6ff869bd891db0b99f0932d0f36a881bd139a5b92d4a21d9528eadbd42016a007600747eda8331ad331091219cce254f4270c2bffd5e422008c6373579e6107bcc5600000167cdcaa1b00000040300473045022100c3212e92f1f9c4db2597b2daafa97a3d845a0884494dfce555e0ad8f43247ff002202976e3849a5abad191c34627ea3b97bc78b23a60dc90ef6ce039541e63219783
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00871abfd4c859543d40c21c90c210c12ad345dd3f4df927a69b9c911b7aa5d42dc63be38fc84e6942f8680c057a4c8b06563ef1d614fe43f7374088d9a883acc0a2dba873b2d5aef955ca5360f17a704db041080783ef3f70c31ce6b4d7baa89de629d31cf8b05d39eb5023662b336482d3f585ebedbad5307cd404924f94a2586761be908fa31ec15f7ffb51a250660fcf130ea20baf6ea504aecd6385e5d5a71f93747184b82ada09d0f6b1a56e7fd195a2bb15e480839e7ef9f76aa833b395d1613ae50ab8ae9a7561aa569496ce79141d753d0e02cd9b692c2690e69be1a339b39ba131173b0903ac89e32e5e51f44ae63ee1e87d1fa25770f890d0474236