otcmail.nyc.gov
- New York City Office of the Comptroller -
Issued by DigiCert SHA2 High Assurance Server CA
About this certificate
This digital certificate with serial number 09:b2:e5:46:a1:06:ec:4a:a8:f6:90:30:a2:6d:4f:2b was issued on by DigiCert Inc.
With 4 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)
New York City Office of the Comptroller
Organization:
New York City Office of the Comptroller
Organization unit: BIST
Organization unit: BIST
State / Province:
NY
Locality: New York
Country: US
Locality: New York
Country: US
DigiCert Inc
Organization:
DigiCert Inc
Organization unit: www.digicert.com
Organization unit: www.digicert.com
Country:
US
This certificate has expire since
Certificate Details
Serial Number (hex): 09:b2:e5:46:a1:06:ec:4a:a8:f6:90:30:a2:6d:4f:2bSerial Number (int): 12891931070489510396921747069461155627
Serial Number lenght: 124 bits, 16 octets
SubjectKeyId: 45:88:5c:9a:5c:c2:e5:54:1e:ed:ed:5e:e9:d8:63:07:b3:85:2b:9b
AuthorityKeyId: 51:68:ff:90:af:02:07:75:3c:cc:d9:65:64:62:a2:12:b8:59:72:3b
Fingerprint (sha1): fb:5f:65:24:7e:af:c8:76:63:72:93:52:85:d9:1f:a3:bb:20:61:18
Fingerprint (sha256): 0c:8a:4b:4c:4a:23:7d:5c:83:ee:fa:ee:1c:78:14:90:a9:3d:c3:a1:0c:3d:95:b8:c2:ab:4e:5e:1c:57:c1:be
Issuing Certificate URL: http://cacerts.digicert.com/DigiCertSHA2HighAssuranceServerCA.crt
Revocation information
OCSP Server: http://ocsp.digicert.comCRL Distribution Point: http://crl3.digicert.com/sha2-ha-server-g6.crl
CRL Distribution Point: http://crl4.digicert.com/sha2-ha-server-g6.crl
Check the revocation status for certificate otcmail.nyc.gov
4
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for otcmail.nyc.gov
Public Key Algorithm
RSA
Key Size
2048
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
10 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
otcmail.nyc.gov
comptrollermail.nyc.gov
autodiscover.comptroller.nyc.gov
comptrollerlogin.nyc.gov
comptrollermail.nyc.gov
autodiscover.comptroller.nyc.gov
comptrollerlogin.nyc.gov
Other certificates including the domain name nyc.gov
(limited to 100 certificates)
a806-housingconnectAPI.nyc.gov
a858-anltw.nyc.gov
a069-ra1.nyc.gov
webapps.nyc.gov
a127-jobs.nyc.gov
a827-mwbe.nyc.gov
legistar.council.nyc.gov
mspava-vcsxcl01.nyc.gov
*.nyc.gov
foodhelp-stg.nyc.gov
fisa.ctxns.nyc.gov
zap.planning.nyc.gov
5685570869133312-fe1.pantheonsite.io
a858-nycnotify.nyc.gov
psc-esa1.nyc.gov
a860-openrecords.nyc.gov
manhattanbp.nyc.gov
a127-HRFTS.NYC.GOV
a826-depvpn.nyc.gov
enterpriseenrollment.dhs.nyc.gov
A127-uag.nyc.gov
a806-housingconnect.nyc.gov
regional-viz.planninglabs.nyc
zoningresolution.planning.nyc.gov
migration.planning.nyc.gov
a073-ils-web.nyc.gov
Apply.council.nyc.gov
a827-bladerunner.nyc.gov
www.nycbers.org
laws.council.nyc.gov
a816-certifytrn.nyc.gov
enterpriseenrollment.tlc.nyc.gov
a002-oomwap01.nyc.gov
a002-oom03.nyc.gov
a858-nycnotify.nyc.gov
a860-gpp.nyc.gov
Portal.dss.nyc.gov
a810-lmpaca.nyc.gov
a816-evitaltrn.nyc.gov
a858-aaf.nyc.gov
skypeaccess.dep.nyc.gov
enterpriseenrollment.cto.nyc.gov
5685570869133312-fe1.pantheonsite.io
laws.council.nyc.gov
nyc-factfinder.planninglabs.nyc
law.ctxns.nyc.gov
laws.council.nyc.gov
a0333-passportpublic.nyc.gov
gis.nyc.gov
a069-cmg.nyc.gov
on.nyc.gov
a826-web01.nyc.gov
a127-essdr.nyc.gov
transit-survey.council.nyc.gov
iwomm.council.nyc.gov
nycpss.nyc.gov
transit-survey.council.nyc.gov
lotselector.planninglabs.nyc
comptroller.nyc.gov
enterpriseenrollment.dcas.nyc.gov
a856-ptdb.nyc.gov
comptroller.nyc.gov
otcmail.nyc.gov
mentalhealthforall-stg.nyc.gov
a801-sbscssp.nyc.gov
a827-bladerunner.nyc.gov
a858-anltw.nyc.gov
membertimesheet.council.nyc.gov
a127-pip.nyc.gov
depwebmail.nyc.gov
comptroller.nyc.gov
streets.planning.nyc.gov
www2.nyc.gov
*.nyc.gov
a127-ess.nyc.gov
schools.nyc.gov
on.nyc.gov
a826-ocsedge01.nyc.gov
mtpralpwvcse2.nyc.gov
migration.planning.nyc.gov
a841-dotwebpcard01.nyc.gov
mail.council.nyc.gov
psacmeetingadmin.nyc.gov
a127-jobs.nyc.gov
a127-hrp.nyc.gov
maps5.nyc.gov
a826-umax-accssrs.dep.nyc.gov
dotwebmail.nyc.gov
doitt.ctxns.nyc.gov
a827-dsnyftp.nyc.gov
A127-uag.nyc.gov
webapps.nyc.gov
a127-rbp.nyc.gov
a858-eds-tstxf-fa01.nyc.gov
bronxdawebapp.nyc.gov
council.nyc.gov
a032-secure.nyc.gov
securetransport.nyc.gov
mail.nycboe.net
fisa.ctxns.nyc.gov
a858-anltw.nyc.gov
a069-ra1.nyc.gov
webapps.nyc.gov
a127-jobs.nyc.gov
a827-mwbe.nyc.gov
legistar.council.nyc.gov
mspava-vcsxcl01.nyc.gov
*.nyc.gov
foodhelp-stg.nyc.gov
fisa.ctxns.nyc.gov
zap.planning.nyc.gov
5685570869133312-fe1.pantheonsite.io
a858-nycnotify.nyc.gov
psc-esa1.nyc.gov
a860-openrecords.nyc.gov
manhattanbp.nyc.gov
a127-HRFTS.NYC.GOV
a826-depvpn.nyc.gov
enterpriseenrollment.dhs.nyc.gov
A127-uag.nyc.gov
a806-housingconnect.nyc.gov
regional-viz.planninglabs.nyc
zoningresolution.planning.nyc.gov
migration.planning.nyc.gov
a073-ils-web.nyc.gov
Apply.council.nyc.gov
a827-bladerunner.nyc.gov
www.nycbers.org
laws.council.nyc.gov
a816-certifytrn.nyc.gov
enterpriseenrollment.tlc.nyc.gov
a002-oomwap01.nyc.gov
a002-oom03.nyc.gov
a858-nycnotify.nyc.gov
a860-gpp.nyc.gov
Portal.dss.nyc.gov
a810-lmpaca.nyc.gov
a816-evitaltrn.nyc.gov
a858-aaf.nyc.gov
skypeaccess.dep.nyc.gov
enterpriseenrollment.cto.nyc.gov
5685570869133312-fe1.pantheonsite.io
laws.council.nyc.gov
nyc-factfinder.planninglabs.nyc
law.ctxns.nyc.gov
laws.council.nyc.gov
a0333-passportpublic.nyc.gov
gis.nyc.gov
a069-cmg.nyc.gov
on.nyc.gov
a826-web01.nyc.gov
a127-essdr.nyc.gov
transit-survey.council.nyc.gov
iwomm.council.nyc.gov
nycpss.nyc.gov
transit-survey.council.nyc.gov
lotselector.planninglabs.nyc
comptroller.nyc.gov
enterpriseenrollment.dcas.nyc.gov
a856-ptdb.nyc.gov
comptroller.nyc.gov
otcmail.nyc.gov
mentalhealthforall-stg.nyc.gov
a801-sbscssp.nyc.gov
a827-bladerunner.nyc.gov
a858-anltw.nyc.gov
membertimesheet.council.nyc.gov
a127-pip.nyc.gov
depwebmail.nyc.gov
comptroller.nyc.gov
streets.planning.nyc.gov
www2.nyc.gov
*.nyc.gov
a127-ess.nyc.gov
schools.nyc.gov
on.nyc.gov
a826-ocsedge01.nyc.gov
mtpralpwvcse2.nyc.gov
migration.planning.nyc.gov
a841-dotwebpcard01.nyc.gov
mail.council.nyc.gov
psacmeetingadmin.nyc.gov
a127-jobs.nyc.gov
a127-hrp.nyc.gov
maps5.nyc.gov
a826-umax-accssrs.dep.nyc.gov
dotwebmail.nyc.gov
doitt.ctxns.nyc.gov
a827-dsnyftp.nyc.gov
A127-uag.nyc.gov
webapps.nyc.gov
a127-rbp.nyc.gov
a858-eds-tstxf-fa01.nyc.gov
bronxdawebapp.nyc.gov
council.nyc.gov
a032-secure.nyc.gov
securetransport.nyc.gov
mail.nycboe.net
fisa.ctxns.nyc.gov
Certificate
The complete raw certificate details for otcmail.nyc.gov in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIHQzCCBiugAwIBAgIQCbLlRqEG7Eqo9pAwom1PKzANBgkqhkiG9w0BAQsFADBw MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 d3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz dXJhbmNlIFNlcnZlciBDQTAeFw0xODEwMDkwMDAwMDBaFw0yMDAxMTQxMjAwMDBa MIGIMQswCQYDVQQGEwJVUzELMAkGA1UECBMCTlkxETAPBgNVBAcTCE5ldyBZb3Jr MTAwLgYDVQQKEydOZXcgWW9yayBDaXR5IE9mZmljZSBvZiB0aGUgQ29tcHRyb2xs ZXIxDTALBgNVBAsTBEJJU1QxGDAWBgNVBAMTD290Y21haWwubnljLmdvdjCCASIw DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMiUEfXvERB0w9KMCDujK10MkIs6 Ktc8wKCZzJkR8sKSWeUaLXLPdvX/R5Q+vNxJ9BnY4A67Eqp2WHMOrrhniu1MXpUr QFtqEta+3i9iRd2aRHiDKwA+JZWxpxtzak/VowEdW8uqo7FjmKhzX8kD1HYXq5BZ dqktwz+462RnOddGClq/c7ZWYlUEt6h1uLPjIky4ujI99a0XSWXYGpU6RJnXhxtI QqIIW7pZh3Er7oQc7IUXpWj8/rfJ3GDze3pcrLFszJbfm53BeZAGFN7obqU++4dc G+bi8Y+C83rEtvBXSgaXMeoW5Jgwo+Efc9Vi4nfwKKJAjt9xnvttnQvGeBMCAwEA AaOCA74wggO6MB8GA1UdIwQYMBaAFFFo/5CvAgd1PMzZZWRiohK4WXI7MB0GA1Ud DgQWBBRFiFyaXMLlVB7t7V7p2GMHs4UrmzBvBgNVHREEaDBmgg9vdGNtYWlsLm55 Yy5nb3aCF2NvbXB0cm9sbGVybWFpbC5ueWMuZ292giBhdXRvZGlzY292ZXIuY29t cHRyb2xsZXIubnljLmdvdoIYY29tcHRyb2xsZXJsb2dpbi5ueWMuZ292MA4GA1Ud DwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwdQYDVR0f BG4wbDA0oDKgMIYuaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL3NoYTItaGEtc2Vy dmVyLWc2LmNybDA0oDKgMIYuaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL3NoYTIt aGEtc2VydmVyLWc2LmNybDBMBgNVHSAERTBDMDcGCWCGSAGG/WwBATAqMCgGCCsG AQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAgGBmeBDAECAjCB gwYIKwYBBQUHAQEEdzB1MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2Vy dC5jb20wTQYIKwYBBQUHMAKGQWh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9E aWdpQ2VydFNIQTJIaWdoQXNzdXJhbmNlU2VydmVyQ0EuY3J0MAwGA1UdEwEB/wQC MAAwggF9BgorBgEEAdZ5AgQCBIIBbQSCAWkBZwB3AKS5CZC0GFgUh7sTosxncAo8 NZgE+RvfuON3zQ7IDdwQAAABZlqYhA4AAAQDAEgwRgIhALYOZvd9+zW6FxpXEBY3 ivWJ6qV/rJ7+prFA2g9dyr/KAiEAgNwfu1RUQpAQTIhlLwqN44lwsRU2PpPbLtQb DYZ9jQ8AdQCHdb/nWXz4jEOZX73zbv9WjUdWNv9KtWDBtOr/XqCDDwAAAWZamITm AAAEAwBGMEQCIAfb0vM/yr/gMUv7lN4DMCO2L3fb2acPrX7BrIz2/GeBAiAiyFf/ 4rO1OBlxo2PaEzJ8QjoKREFZQzwcpKpCL57FfQB1ALvZ37wfinG1k5Qjl6qSe0c4 V5UKq1LoGpCWZDaOHtGFAAABZlqYhBUAAAQDAEYwRAIgfPfhYt2pAAICSwoL2/3S VRihv0WSq/GdLoDvIResAZwCIGrFylVmfdODIZWOlDRN8Si3uCAJFh+US2tupzd5 2sLyMA0GCSqGSIb3DQEBCwUAA4IBAQBk2InICynPwVb/6fRuP4fCGlak5j2sV+Ub ECfaeHuxSrrnO/MAb/jcfn1qF2nk0LbIqkmmn+U0KLKNX5BEXIRs3er7yLljCKOY vyJ8v25GPHjythE/VU7xQ/qNdgnW+K7EejuNFPQh8eLBu54z01tCKD4mprSYvhr6 BKV1Sm1OrVFLjcLMBYc4hPaF0BijZr6iFQH5BJSQgd+ZGtVpr8TolRApW//5QlXY cINhHJkIgDJi7hoczrC01m/I9EjesHcZsmbTVXf4YKgMR1EhmXbw7y0yUxQeDjvK IRw7xbdbaVUst0y5SF6s3cljLKweXD8hhUxSo0io7b2kgyKUIetA -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyJQR9e8REHTD0owIO6Mr XQyQizoq1zzAoJnMmRHywpJZ5Rotcs929f9HlD683En0GdjgDrsSqnZYcw6uuGeK 7UxelStAW2oS1r7eL2JF3ZpEeIMrAD4llbGnG3NqT9WjAR1by6qjsWOYqHNfyQPU dherkFl2qS3DP7jrZGc510YKWr9ztlZiVQS3qHW4s+MiTLi6Mj31rRdJZdgalTpE mdeHG0hCoghbulmHcSvuhBzshRelaPz+t8ncYPN7elyssWzMlt+bncF5kAYU3uhu pT77h1wb5uLxj4LzesS28FdKBpcx6hbkmDCj4R9z1WLid/AookCO33Ge+22dC8Z4 EwIDAQAB -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 12891931070489510396921747069461155627 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Inc' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.digicert.com' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert SHA2 High Assurance Server CA' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2018-10-09 00:00:00 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2020-01-14 12:00:00 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'NY' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'New York' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'New York City Office of the Comptroller' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'BIST' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'otcmail.nyc.gov' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 25320677109914634096591108889844168181356223119992667033204253155730301801650821993399524419869044161659319840093379628804427459720341630694608088210662211797357345618742900924194440805260701271010131038728260949438648408730547063413592324554491600214924055165327580096525516597087857494715361488962869478777449654109547816040489647184303647349776609944989040570453657822870429973739977925198760118923210772537940287771287900859121696117253712538340864473241655050449228204271269434594671390910577963168607601441749062225499318372937573564554628016968212587011795491843290182038225034564524868316352533721078829578259 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 5168ff90af0207753cccd9656462a212b859723b . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) 45885c9a5cc2e5541eeded5ee9d86307b3852b9b . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (104 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'otcmail.nyc.gov' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'comptrollermail.nyc.gov' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'autodiscover.comptroller.nyc.gov' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'comptrollerlogin.nyc.gov' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (110 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl3.digicert.com/sha2-ha-server-g6.crl' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl4.digicert.com/sha2-ha-server-g6.crl' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (69 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.114412.1.1 (digiCertOVCert) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.digicert.com/CPS' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (119 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.digicert.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.digicert.com/DigiCertSHA2HighAssuranceServerCA.crt' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (365 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (361 bytes) 0167007700a4b90990b418581487bb13a2cc67700a3c359804f91bdfb8e377cd0ec80ddc10000001665a98840e0000040300483046022100b60e66f77dfb35ba171a571016378af589eaa57fac9efea6b140da0f5dcabfca02210080dc1fbb54544290104c88652f0a8de38970b115363e93db2ed41b0d867d8d0f0075008775bfe7597cf88c43995fbdf36eff568d475636ff4ab560c1b4eaff5ea0830f000001665a9884e60000040300463044022007dbd2f33fcabfe0314bfb94de033023b62f77dbd9a70fad7ec1ac8cf6fc6781022022c857ffe2b3b5381971a363da13327c423a0a444159433c1ca4aa422f9ec57d007500bbd9dfbc1f8a71b593942397aa927b473857950aab52e81a909664368e1ed185000001665a988415000004030046304402207cf7e162dda90002024b0a0bdbfdd25518a1bf4592abf19d2e80ef2117ac019c02206ac5ca55667dd38321958e94344df128b7b82009161f944b6b6ea73779dac2f2 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 0064d889c80b29cfc156ffe9f46e3f87c21a56a4e63dac57e51b1027da787bb14abae73bf3006ff8dc7e7d6a1769e4d0b6c8aa49a69fe53428b28d5f90445c846cddeafbc8b96308a398bf227cbf6e463c78f2b6113f554ef143fa8d7609d6f8aec47a3b8d14f421f1e2c1bb9e33d35b42283e26a6b498be1afa04a5754a6d4ead514b8dc2cc05873884f685d018a366bea21501f904949081df991ad569afc4e89510295bfff94255d87083611c9908803262ee1a1cceb0b4d66fc8f448deb07719b266d35577f860a80c4751219976f0ef2d3253141e0e3bca211c3bc5b75b69552cb74cb9485eacddc9632cac1e5c3f21854c52a348a8edbda483229421eb40