otcmail.nyc.gov

- New York City Office of the Comptroller -

Issued by DigiCert SHA2 High Assurance Server CA

About this certificate

This digital certificate with serial number 09:b2:e5:46:a1:06:ec:4a:a8:f6:90:30:a2:6d:4f:2b was issued on by DigiCert Inc.

With 4 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

New York City Office of the Comptroller

Organization: New York City Office of the Comptroller
Organization unit: BIST
State / Province: NY
Locality: New York
Country: US

DigiCert Inc

Organization: DigiCert Inc
Organization unit: www.digicert.com
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 09:b2:e5:46:a1:06:ec:4a:a8:f6:90:30:a2:6d:4f:2b
Serial Number (int): 12891931070489510396921747069461155627
Serial Number lenght: 124 bits, 16 octets

SubjectKeyId: 45:88:5c:9a:5c:c2:e5:54:1e:ed:ed:5e:e9:d8:63:07:b3:85:2b:9b
AuthorityKeyId: 51:68:ff:90:af:02:07:75:3c:cc:d9:65:64:62:a2:12:b8:59:72:3b

Fingerprint (sha1): fb:5f:65:24:7e:af:c8:76:63:72:93:52:85:d9:1f:a3:bb:20:61:18
Fingerprint (sha256): 0c:8a:4b:4c:4a:23:7d:5c:83:ee:fa:ee:1c:78:14:90:a9:3d:c3:a1:0c:3d:95:b8:c2:ab:4e:5e:1c:57:c1:be

Issuing Certificate URL: http://cacerts.digicert.com/DigiCertSHA2HighAssuranceServerCA.crt

Revocation information

OCSP Server: http://ocsp.digicert.com
CRL Distribution Point: http://crl3.digicert.com/sha2-ha-server-g6.crl
CRL Distribution Point: http://crl4.digicert.com/sha2-ha-server-g6.crl

Check the revocation status for certificate otcmail.nyc.gov

4

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for otcmail.nyc.gov

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

otcmail.nyc.gov
comptrollermail.nyc.gov
autodiscover.comptroller.nyc.gov
comptrollerlogin.nyc.gov

Other certificates including the domain name nyc.gov

(limited to 100 certificates)
a806-housingconnectAPI.nyc.gov
a858-anltw.nyc.gov
a069-ra1.nyc.gov
webapps.nyc.gov
a127-jobs.nyc.gov
a827-mwbe.nyc.gov
legistar.council.nyc.gov
mspava-vcsxcl01.nyc.gov
*.nyc.gov
foodhelp-stg.nyc.gov
fisa.ctxns.nyc.gov
zap.planning.nyc.gov
5685570869133312-fe1.pantheonsite.io
a858-nycnotify.nyc.gov
psc-esa1.nyc.gov
a860-openrecords.nyc.gov
manhattanbp.nyc.gov
a127-HRFTS.NYC.GOV
a826-depvpn.nyc.gov
enterpriseenrollment.dhs.nyc.gov
A127-uag.nyc.gov
a806-housingconnect.nyc.gov
regional-viz.planninglabs.nyc
zoningresolution.planning.nyc.gov
migration.planning.nyc.gov
a073-ils-web.nyc.gov
Apply.council.nyc.gov
a827-bladerunner.nyc.gov
www.nycbers.org
laws.council.nyc.gov
a816-certifytrn.nyc.gov
enterpriseenrollment.tlc.nyc.gov
a002-oomwap01.nyc.gov
a002-oom03.nyc.gov
a858-nycnotify.nyc.gov
a860-gpp.nyc.gov
Portal.dss.nyc.gov
a810-lmpaca.nyc.gov
a816-evitaltrn.nyc.gov
a858-aaf.nyc.gov
skypeaccess.dep.nyc.gov
enterpriseenrollment.cto.nyc.gov
5685570869133312-fe1.pantheonsite.io
laws.council.nyc.gov
nyc-factfinder.planninglabs.nyc
law.ctxns.nyc.gov
laws.council.nyc.gov
a0333-passportpublic.nyc.gov
gis.nyc.gov
a069-cmg.nyc.gov
on.nyc.gov
a826-web01.nyc.gov
a127-essdr.nyc.gov
transit-survey.council.nyc.gov
iwomm.council.nyc.gov
nycpss.nyc.gov
transit-survey.council.nyc.gov
lotselector.planninglabs.nyc
comptroller.nyc.gov
enterpriseenrollment.dcas.nyc.gov
a856-ptdb.nyc.gov
comptroller.nyc.gov
otcmail.nyc.gov
mentalhealthforall-stg.nyc.gov
a801-sbscssp.nyc.gov
a827-bladerunner.nyc.gov
a858-anltw.nyc.gov
membertimesheet.council.nyc.gov
a127-pip.nyc.gov
depwebmail.nyc.gov
comptroller.nyc.gov
streets.planning.nyc.gov
www2.nyc.gov
*.nyc.gov
a127-ess.nyc.gov
schools.nyc.gov
on.nyc.gov
a826-ocsedge01.nyc.gov
mtpralpwvcse2.nyc.gov
migration.planning.nyc.gov
a841-dotwebpcard01.nyc.gov
mail.council.nyc.gov
psacmeetingadmin.nyc.gov
a127-jobs.nyc.gov
a127-hrp.nyc.gov
maps5.nyc.gov
a826-umax-accssrs.dep.nyc.gov
dotwebmail.nyc.gov
doitt.ctxns.nyc.gov
a827-dsnyftp.nyc.gov
A127-uag.nyc.gov
webapps.nyc.gov
a127-rbp.nyc.gov
a858-eds-tstxf-fa01.nyc.gov
bronxdawebapp.nyc.gov
council.nyc.gov
a032-secure.nyc.gov
securetransport.nyc.gov
mail.nycboe.net
fisa.ctxns.nyc.gov

Certificate

The complete raw certificate details for otcmail.nyc.gov in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIHQzCCBiugAwIBAgIQCbLlRqEG7Eqo9pAwom1PKzANBgkqhkiG9w0BAQsFADBw
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz
dXJhbmNlIFNlcnZlciBDQTAeFw0xODEwMDkwMDAwMDBaFw0yMDAxMTQxMjAwMDBa
MIGIMQswCQYDVQQGEwJVUzELMAkGA1UECBMCTlkxETAPBgNVBAcTCE5ldyBZb3Jr
MTAwLgYDVQQKEydOZXcgWW9yayBDaXR5IE9mZmljZSBvZiB0aGUgQ29tcHRyb2xs
ZXIxDTALBgNVBAsTBEJJU1QxGDAWBgNVBAMTD290Y21haWwubnljLmdvdjCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMiUEfXvERB0w9KMCDujK10MkIs6
Ktc8wKCZzJkR8sKSWeUaLXLPdvX/R5Q+vNxJ9BnY4A67Eqp2WHMOrrhniu1MXpUr
QFtqEta+3i9iRd2aRHiDKwA+JZWxpxtzak/VowEdW8uqo7FjmKhzX8kD1HYXq5BZ
dqktwz+462RnOddGClq/c7ZWYlUEt6h1uLPjIky4ujI99a0XSWXYGpU6RJnXhxtI
QqIIW7pZh3Er7oQc7IUXpWj8/rfJ3GDze3pcrLFszJbfm53BeZAGFN7obqU++4dc
G+bi8Y+C83rEtvBXSgaXMeoW5Jgwo+Efc9Vi4nfwKKJAjt9xnvttnQvGeBMCAwEA
AaOCA74wggO6MB8GA1UdIwQYMBaAFFFo/5CvAgd1PMzZZWRiohK4WXI7MB0GA1Ud
DgQWBBRFiFyaXMLlVB7t7V7p2GMHs4UrmzBvBgNVHREEaDBmgg9vdGNtYWlsLm55
Yy5nb3aCF2NvbXB0cm9sbGVybWFpbC5ueWMuZ292giBhdXRvZGlzY292ZXIuY29t
cHRyb2xsZXIubnljLmdvdoIYY29tcHRyb2xsZXJsb2dpbi5ueWMuZ292MA4GA1Ud
DwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwdQYDVR0f
BG4wbDA0oDKgMIYuaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL3NoYTItaGEtc2Vy
dmVyLWc2LmNybDA0oDKgMIYuaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL3NoYTIt
aGEtc2VydmVyLWc2LmNybDBMBgNVHSAERTBDMDcGCWCGSAGG/WwBATAqMCgGCCsG
AQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAgGBmeBDAECAjCB
gwYIKwYBBQUHAQEEdzB1MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2Vy
dC5jb20wTQYIKwYBBQUHMAKGQWh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9E
aWdpQ2VydFNIQTJIaWdoQXNzdXJhbmNlU2VydmVyQ0EuY3J0MAwGA1UdEwEB/wQC
MAAwggF9BgorBgEEAdZ5AgQCBIIBbQSCAWkBZwB3AKS5CZC0GFgUh7sTosxncAo8
NZgE+RvfuON3zQ7IDdwQAAABZlqYhA4AAAQDAEgwRgIhALYOZvd9+zW6FxpXEBY3
ivWJ6qV/rJ7+prFA2g9dyr/KAiEAgNwfu1RUQpAQTIhlLwqN44lwsRU2PpPbLtQb
DYZ9jQ8AdQCHdb/nWXz4jEOZX73zbv9WjUdWNv9KtWDBtOr/XqCDDwAAAWZamITm
AAAEAwBGMEQCIAfb0vM/yr/gMUv7lN4DMCO2L3fb2acPrX7BrIz2/GeBAiAiyFf/
4rO1OBlxo2PaEzJ8QjoKREFZQzwcpKpCL57FfQB1ALvZ37wfinG1k5Qjl6qSe0c4
V5UKq1LoGpCWZDaOHtGFAAABZlqYhBUAAAQDAEYwRAIgfPfhYt2pAAICSwoL2/3S
VRihv0WSq/GdLoDvIResAZwCIGrFylVmfdODIZWOlDRN8Si3uCAJFh+US2tupzd5
2sLyMA0GCSqGSIb3DQEBCwUAA4IBAQBk2InICynPwVb/6fRuP4fCGlak5j2sV+Ub
ECfaeHuxSrrnO/MAb/jcfn1qF2nk0LbIqkmmn+U0KLKNX5BEXIRs3er7yLljCKOY
vyJ8v25GPHjythE/VU7xQ/qNdgnW+K7EejuNFPQh8eLBu54z01tCKD4mprSYvhr6
BKV1Sm1OrVFLjcLMBYc4hPaF0BijZr6iFQH5BJSQgd+ZGtVpr8TolRApW//5QlXY
cINhHJkIgDJi7hoczrC01m/I9EjesHcZsmbTVXf4YKgMR1EhmXbw7y0yUxQeDjvK
IRw7xbdbaVUst0y5SF6s3cljLKweXD8hhUxSo0io7b2kgyKUIetA
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyJQR9e8REHTD0owIO6Mr
XQyQizoq1zzAoJnMmRHywpJZ5Rotcs929f9HlD683En0GdjgDrsSqnZYcw6uuGeK
7UxelStAW2oS1r7eL2JF3ZpEeIMrAD4llbGnG3NqT9WjAR1by6qjsWOYqHNfyQPU
dherkFl2qS3DP7jrZGc510YKWr9ztlZiVQS3qHW4s+MiTLi6Mj31rRdJZdgalTpE
mdeHG0hCoghbulmHcSvuhBzshRelaPz+t8ncYPN7elyssWzMlt+bncF5kAYU3uhu
pT77h1wb5uLxj4LzesS28FdKBpcx6hbkmDCj4R9z1WLid/AookCO33Ge+22dC8Z4
EwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 12891931070489510396921747069461155627
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Inc'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.digicert.com'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert SHA2 High Assurance Server CA'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2018-10-09 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2020-01-14 12:00:00 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'NY'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'New York'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'New York City Office of the Comptroller'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'BIST'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'otcmail.nyc.gov'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 25320677109914634096591108889844168181356223119992667033204253155730301801650821993399524419869044161659319840093379628804427459720341630694608088210662211797357345618742900924194440805260701271010131038728260949438648408730547063413592324554491600214924055165327580096525516597087857494715361488962869478777449654109547816040489647184303647349776609944989040570453657822870429973739977925198760118923210772537940287771287900859121696117253712538340864473241655050449228204271269434594671390910577963168607601441749062225499318372937573564554628016968212587011795491843290182038225034564524868316352533721078829578259
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 5168ff90af0207753cccd9656462a212b859723b
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							45885c9a5cc2e5541eeded5ee9d86307b3852b9b
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (104 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'otcmail.nyc.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'comptrollermail.nyc.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'autodiscover.comptroller.nyc.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'comptrollerlogin.nyc.gov'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (110 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl3.digicert.com/sha2-ha-server-g6.crl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl4.digicert.com/sha2-ha-server-g6.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (69 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.114412.1.1 (digiCertOVCert)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.digicert.com/CPS'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (119 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.digicert.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.digicert.com/DigiCertSHA2HighAssuranceServerCA.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (365 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (361 bytes)
							0167007700a4b90990b418581487bb13a2cc67700a3c359804f91bdfb8e377cd0ec80ddc10000001665a98840e0000040300483046022100b60e66f77dfb35ba171a571016378af589eaa57fac9efea6b140da0f5dcabfca02210080dc1fbb54544290104c88652f0a8de38970b115363e93db2ed41b0d867d8d0f0075008775bfe7597cf88c43995fbdf36eff568d475636ff4ab560c1b4eaff5ea0830f000001665a9884e60000040300463044022007dbd2f33fcabfe0314bfb94de033023b62f77dbd9a70fad7ec1ac8cf6fc6781022022c857ffe2b3b5381971a363da13327c423a0a444159433c1ca4aa422f9ec57d007500bbd9dfbc1f8a71b593942397aa927b473857950aab52e81a909664368e1ed185000001665a988415000004030046304402207cf7e162dda90002024b0a0bdbfdd25518a1bf4592abf19d2e80ef2117ac019c02206ac5ca55667dd38321958e94344df128b7b82009161f944b6b6ea73779dac2f2
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		0064d889c80b29cfc156ffe9f46e3f87c21a56a4e63dac57e51b1027da787bb14abae73bf3006ff8dc7e7d6a1769e4d0b6c8aa49a69fe53428b28d5f90445c846cddeafbc8b96308a398bf227cbf6e463c78f2b6113f554ef143fa8d7609d6f8aec47a3b8d14f421f1e2c1bb9e33d35b42283e26a6b498be1afa04a5754a6d4ead514b8dc2cc05873884f685d018a366bea21501f904949081df991ad569afc4e89510295bfff94255d87083611c9908803262ee1a1cceb0b4d66fc8f448deb07719b266d35577f860a80c4751219976f0ef2d3253141e0e3bca211c3bc5b75b69552cb74cb9485eacddc9632cac1e5c3f21854c52a348a8edbda483229421eb40