*.hesge.ch
- HES-SO Genève -
Issued by SwissSign RSA TLS OV ICA 2022 - 1
About this certificate
This digital certificate with serial number 6e:a9:76:0e:87:05:7d:f2:02:b9:f0:3c:e3:04:25:31:2e:05:c2:81 was issued on by SwissSign AG.
With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
- Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)
HES-SO Genève
Organization:
HES-SO Genève
State / Province:
GE
Locality: Carouge
Country: CH
Locality: Carouge
Country: CH
SwissSign AG
Organization:
SwissSign AG
Country:
CH
This certificate will expire on
Certificate Details
Serial Number (hex): 6e:a9:76:0e:87:05:7d:f2:02:b9:f0:3c:e3:04:25:31:2e:05:c2:81Serial Number (int): 631768094922341402969324010731560702977212007041
Serial Number lenght: 159 bits, 20 octets
SubjectKeyId: ee:82:e3:0d:68:97:57:69:67:62:24:28:d5:7e:55:7c:d1:45:5d:e1
AuthorityKeyId: 7c:6f:0a:6f:13:0f:d9:8c:24:6f:26:34:f3:5c:6b:43:6d:b7:23:b6
Fingerprint (sha1): c0:4e:85:14:2f:71:5b:c6:08:c7:79:5e:9b:06:70:cd:f1:a1:47:90
Fingerprint (sha256): 0a:12:d7:d5:be:bb:3d:9d:d6:0a:6f:41:87:fd:6c:ff:57:85:c0:16:71:cb:b1:fe:04:7e:68:ef:c6:b3:ce:37
Issuing Certificate URL: http://aia.swisssign.ch/air-0f2bf9a5-dd37-48c9-a85b-12acdcb8be45
Revocation information
OCSP Server: http://ocsp.swisssign.ch/sign/ocs-aaccced5-66e8-4069-9b1b-fd29ab73efecCRL Distribution Point: http://crl.swisssign.ch/cdp-96b62f5a-6b73-4da4-87f7-ce4002c1cd34
Check the revocation status for certificate *.hesge.ch
2
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for *.hesge.ch
Public Key Algorithm
RSA
Key Size
2048
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
9 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
*.hesge.ch
hesge.ch
hesge.ch
Other certificates including the domain name hesge.ch
(limited to 100 certificates)
heds.prod.hesge.ch
goldorak.hesge.ch
*.hesge.ch
*.hesge.ch
hepiacloud.hesge.ch
mail.hesge.ch
*.hesge.ch
hepiacloud.hesge.ch
goldorak.hesge.ch
hepiacloud.hesge.ch
m.hesge.ch
*.hesge.ch
idp.hesge.ch
hepiacloud.hesge.ch
idp.hesge.ch
mail.ge.ch
*.hesge.ch
hepiacloud.hesge.ch
vdi.hesge.ch
hepiacloud.hesge.ch
hepiacloud.hesge.ch
candy.hesge.ch
*.hesge.ch
idp.hesge.ch
goldorak.hesge.ch
m.hesge.ch
hepiacloud.hesge.ch
vpn.hesge.ch
*.hesge.ch
mail.ge.ch
m.hesge.ch
idp.hesge.ch
*.hesge.ch
hepiacloud.hesge.ch
*.hesge.ch
*.hesge.ch
m.hesge.ch
*.hesge.ch
vdi.hesge.ch
cucmuserlabo000-ms.ceti.etat-ge.ch
mpp.hesge.ch
m.hesge.ch
goldorak.hesge.ch
head-mdm.hesge.ch
hepiacloud.hesge.ch
*.hesge.ch
goldorak.hesge.ch
*.hesge.ch
*.hesge.ch
hepiacloud.hesge.ch
mail.hesge.ch
*.hesge.ch
hepiacloud.hesge.ch
goldorak.hesge.ch
hepiacloud.hesge.ch
m.hesge.ch
*.hesge.ch
idp.hesge.ch
hepiacloud.hesge.ch
idp.hesge.ch
mail.ge.ch
*.hesge.ch
hepiacloud.hesge.ch
vdi.hesge.ch
hepiacloud.hesge.ch
hepiacloud.hesge.ch
candy.hesge.ch
*.hesge.ch
idp.hesge.ch
goldorak.hesge.ch
m.hesge.ch
hepiacloud.hesge.ch
vpn.hesge.ch
*.hesge.ch
mail.ge.ch
m.hesge.ch
idp.hesge.ch
*.hesge.ch
hepiacloud.hesge.ch
*.hesge.ch
*.hesge.ch
m.hesge.ch
*.hesge.ch
vdi.hesge.ch
cucmuserlabo000-ms.ceti.etat-ge.ch
mpp.hesge.ch
m.hesge.ch
goldorak.hesge.ch
head-mdm.hesge.ch
hepiacloud.hesge.ch
*.hesge.ch
Certificate
The complete raw certificate details for *.hesge.ch in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIIuDCCBqCgAwIBAgIUbql2DocFffICufA84wQlMS4FwoEwDQYJKoZIhvcNAQEL BQAwUDELMAkGA1UEBhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEqMCgGA1UE AxMhU3dpc3NTaWduIFJTQSBUTFMgT1YgSUNBIDIwMjIgLSAxMB4XDTI0MDQyNjEy MzAyMVoXDTI1MDQyNjEyMzAyMVowWjELMAkGA1UEBhMCQ0gxCzAJBgNVBAgMAkdF MRAwDgYDVQQHDAdDYXJvdWdlMRcwFQYDVQQKDA5IRVMtU08gR2Vuw6h2ZTETMBEG A1UEAwwKKi5oZXNnZS5jaDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB AMLt1+bVeBVvA+XE+7t88yN45QaKFhcC43XrT3UoSekOSvsnr4qJ3vZ8mECCwU3Q OOMKqrZO2u3TaawJ74b1hvIPQhTFV97DK9jlOe/l8fMvTVdNynBBLjOBmK1n3HvY 6onv2WG90ZtJUwLfjwWYCoLyxzFw+8HsQpXmvePEfaxhfJrZbx6gh27U4JV4Cko2 OCiPCwi60GmOeiqDSqUodpyuFBqbyL8A5b2mxHj9WFEvGPCjl0sCgCKrZrbrIwKv xWYVR8Yj6FiSprGJ3VE0NJnNf5uH8VYsnGF9CmEE3yYvEN1wumiYbKab2rTHkUwh Zb1d31TeskZthCs/QmqAR5kCAwEAAaOCBH4wggR6MIGyBggrBgEFBQcBAQSBpTCB ojBMBggrBgEFBQcwAoZAaHR0cDovL2FpYS5zd2lzc3NpZ24uY2gvYWlyLTBmMmJm OWE1LWRkMzctNDhjOS1hODViLTEyYWNkY2I4YmU0NTBSBggrBgEFBQcwAYZGaHR0 cDovL29jc3Auc3dpc3NzaWduLmNoL3NpZ24vb2NzLWFhY2NjZWQ1LTY2ZTgtNDA2 OS05YjFiLWZkMjlhYjczZWZlYzBvBgNVHSAEaDBmMAgGBmeBDAECAjAIBgYEAI96 AQcwUAYIYIV0AVkCAQIwRDBCBggrBgEFBQcCARY2aHR0cHM6Ly9yZXBvc2l0b3J5 LnN3aXNzc2lnbi5jb20vU3dpc3NTaWduX0NQU19UTFMucGRmMFEGA1UdHwRKMEgw RqBEoEKGQGh0dHA6Ly9jcmwuc3dpc3NzaWduLmNoL2NkcC05NmI2MmY1YS02Yjcz LTRkYTQtODdmNy1jZTQwMDJjMWNkMzQwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG AQUFBwMCMA4GA1UdDwEB/wQEAwIFoDAfBgNVHREEGDAWggoqLmhlc2dlLmNoggho ZXNnZS5jaDAdBgNVHQ4EFgQU7oLjDWiXV2lnYiQo1X5VfNFFXeEwHwYDVR0jBBgw FoAUfG8KbxMP2YwkbyY081xrQ223I7YwggJtBgorBgEEAdZ5AgQCBIICXQSCAlkC VwB1ACjigTj9gyFF6anWqnU3bYN3qIUSs8B/ckFIIdy96YxmAAABjxpipdgAAAQD AEYwRAIgPVKZzBF0TwGLN6M9GbavYPVo3TbWSvlR/0w+mJ1z/0ECIH26ID+D8A3e WHUHhE+8UsTUjVvZXxLmQugeUnVtGbzQAHUA4JKz/AwdyOdoNh/eYbmWTQpSeBmK ctZyxLBNpW1vVAQAAAGPGmKhwwAABAMARjBEAiBjrLaW/htXaJxPDcB1urGlA29E FO6nJZoNJKVCV6bneAIgCskY/U7y7ej+ozzTv803Ph6Wf6qO1BEsUVFONrORqnAA dwDPEVbu1S58r/OHW9lpLpvpGnFnSrAX7KwB0lt3zsw7CAAAAY8aYqClAAAEAwBI MEYCIQCCMkgM9q05/9drxVTnVGfE7yCMqCsW5J6fdlGdWQ7RYgIhAK/eGBthbPNf LW+QGZKYGltwxRGhUlGUM2qXPiCUrs4JAHcAzPsPaoVxCWX+lZtTzumyfCLphVwN l422qX5UwP5MDbAAAAGPGmKgqwAABAMASDBGAiEAx05pDf5lCy/MYe24JxE8vmwv f7T0StNLPWSy5OG/6tUCIQC4Zs5nfg30rOAmGbpy2M1O0IjVxBXfqoaIyJZxPxcw XwB1AE51oydcmhDDOFts1N8/Uusd8OCOG41pwLH6ZLFimjnfAAABjxpiopAAAAQD AEYwRAIgD3vTBb1/KqQTaSZKiT0EyXZNFrS12UErbOXLpk+m19wCIE4Hru3EdlsF 1LyCaaJ8AVWRseeITK1aS9IrY+5+SuicMA0GCSqGSIb3DQEBCwUAA4ICAQBVODAF CFK3ItePG8G6Xv2rPchz58aucmW4NVyWCpHeehuw2qUgKbQq7fa2lSH8gDsy522U aybbyBYZDBFsiwhMZNUansJspmKkE0+FcxQ63Zu/PIa+FDbdbrSHk5l4q9fPdA09 kyxWuYsA/CRLI85G6xAkUYsgDOS26pSkQ26kYY5egVimZY5/UbSWa0B2Q6UpQQCc iuROmONmJaLoR7BPHfyATWpEeqxnX6ZcbBzAU50aIl5IT14jxIoeiPIks/pmM5C2 X+xQbihzaNW43sBDTNu617DkM9D1gv/Fef6RgQtGqMH+655ii/cVk2l2fQILXSN2 a3e5b5qganWtJXhV7dECsKnp5uRtt7Vspvseq8qEwJu4+8GRyIQblIvF9+A3MflH n3ulz+n4isf4vzEhZXgtsB25aOBIEYNytTYQvV9PrxouJbc9v67XIU3fLqfcI+Y4 ZkrLs3YppxVlhDMlUSYF74Q65ZdelwPIsUrIFdzfKRMxfn9KI4ukR7hBFKwotYNv lAAtE+tyl9KOs9jlYneByZcSg7YsE091lC7zkHXu8kcq8/mbys1JMXuTz+1B1WSQ Snaw5pxFuaesQczQqrN9Dl7N40VBnbzrXFe1HVUr8o5t2bDT7tYjroiHw9x8klvy sCO/0qF97GWRudQAbnszLlJ6fRzpEPTBtQJNgA== -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwu3X5tV4FW8D5cT7u3zz I3jlBooWFwLjdetPdShJ6Q5K+yevione9nyYQILBTdA44wqqtk7a7dNprAnvhvWG 8g9CFMVX3sMr2OU57+Xx8y9NV03KcEEuM4GYrWfce9jqie/ZYb3Rm0lTAt+PBZgK gvLHMXD7wexClea948R9rGF8mtlvHqCHbtTglXgKSjY4KI8LCLrQaY56KoNKpSh2 nK4UGpvIvwDlvabEeP1YUS8Y8KOXSwKAIqtmtusjAq/FZhVHxiPoWJKmsYndUTQ0 mc1/m4fxViycYX0KYQTfJi8Q3XC6aJhsppvatMeRTCFlvV3fVN6yRm2EKz9CaoBH mQIDAQAB -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 631768094922341402969324010731560702977212007041 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CH' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'SwissSign AG' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'SwissSign RSA TLS OV ICA 2022 - 1' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-04-26 12:30:21 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-04-26 12:30:21 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CH' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName) . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'GE' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName) . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Carouge' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'HES-SO Genève' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String '*.hesge.ch' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 24607516098457013758073239675424168984534060771938842227615391446764171862281031079617969406551191563713582803815478709225439562021299122114374923499404141813951883812317932063047829398841961576824090657762828596724278613137079501407107405410365197329085221333253941086506670031490832729315695648648824746396338796737248948324706786364506236626167355693443926157259943245021389027466806926060143326360733973250119101355413574281039912802253945521332372927547797476628760553836654606080133152850380201275661231852116365705439019305857807017914001061225450501425757269751023607749646945950535447217394726638375267223449 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (165 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://aia.swisssign.ch/air-0f2bf9a5-dd37-48c9-a85b-12acdcb8be45' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.swisssign.ch/sign/ocs-aaccced5-66e8-4069-9b1b-fd29ab73efec' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (104 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 0.4.0.2042.1.7 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.756.1.89.2.1.2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://repository.swisssign.com/SwissSign_CPS_TLS.pdf' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (74 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.swisssign.ch/cdp-96b62f5a-6b73-4da4-87f7-ce4002c1cd34' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.hesge.ch' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'hesge.ch' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) ee82e30d6897576967622428d57e557cd1455de1 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 7c6f0a6f130fd98c246f2634f35c6b436db723b6 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (605 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (601 bytes) 025700750028e28138fd832145e9a9d6aa75376d8377a88512b3c07f72414821dcbde98c660000018f1a62a5d8000004030046304402203d5299cc11744f018b37a33d19b6af60f568dd36d64af951ff4c3e989d73ff4102207dba203f83f00dde587507844fbc52c4d48d5bd95f12e642e81e52756d19bcd0007500e092b3fc0c1dc8e768361fde61b9964d0a5278198a72d672c4b04da56d6f54040000018f1a62a1c30000040300463044022063acb696fe1b57689c4f0dc075bab1a5036f4414eea7259a0d24a54257a6e77802200ac918fd4ef2ede8fea33cd3bfcd373e1e967faa8ed4112c51514e36b391aa70007700cf1156eed52e7caff3875bd9692e9be91a71674ab017ecac01d25b77cecc3b080000018f1a62a0a500000403004830460221008232480cf6ad39ffd76bc554e75467c4ef208ca82b16e49e9f76519d590ed162022100afde181b616cf35f2d6f901992981a5b70c511a1525194336a973e2094aece09007700ccfb0f6a85710965fe959b53cee9b27c22e9855c0d978db6a97e54c0fe4c0db00000018f1a62a0ab0000040300483046022100c74e690dfe650b2fcc61edb827113cbe6c2f7fb4f44ad34b3d64b2e4e1bfead5022100b866ce677e0df4ace02619ba72d8cd4ed088d5c415dfaa8688c896713f17305f0075004e75a3275c9a10c3385b6cd4df3f52eb1df0e08e1b8d69c0b1fa64b1629a39df0000018f1a62a290000004030046304402200f7bd305bd7f2aa41369264a893d04c9764d16b4b5d9412b6ce5cba64fa6d7dc02204e07aeedc4765b05d4bc8269a27c015591b1e7884cad5a4bd22b63ee7e4ae89c . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (4096 bits) 00553830050852b722d78f1bc1ba5efdab3dc873e7c6ae7265b8355c960a91de7a1bb0daa52029b42aedf6b69521fc803b32e76d946b26dbc816190c116c8b084c64d51a9ec26ca662a4134f8573143add9bbf3c86be1436dd6eb487939978abd7cf740d3d932c56b98b00fc244b23ce46eb1024518b200ce4b6ea94a4436ea4618e5e8158a6658e7f51b4966b407643a52941009c8ae44e98e36625a2e847b04f1dfc804d6a447aac675fa65c6c1cc0539d1a225e484f5e23c48a1e88f224b3fa663390b65fec506e287368d5b8dec0434cdbbad7b0e433d0f582ffc579fe91810b46a8c1feeb9e628bf7159369767d020b5d23766b77b96f9aa06a75ad257855edd102b0a9e9e6e46db7b56ca6fb1eabca84c09bb8fbc191c8841b948bc5f7e03731f9479f7ba5cfe9f88ac7f8bf312165782db01db968e048118372b53610bd5f4faf1a2e25b73dbfaed7214ddf2ea7dc23e638664acbb37629a71565843325512605ef843ae5975e9703c8b14ac815dcdf2913317e7f4a238ba447b84114ac28b5836f94002d13eb7297d28eb3d8e5627781c9971283b62c134f75942ef39075eef2472af3f99bcacd49317b93cfed41d564904a76b0e69c45b9a7ac41ccd0aab37d0e5ecde345419dbceb5c57b51d552bf28e6dd9b0d3eed623ae8887c3dc7c925bf2b023bfd2a17dec6591b9d4006e7b332e527a7d1ce910f4c1b5024d80