sso.principal.com

Issued by VeriSign Class 3 Secure Server CA - G3

About this certificate


This digital certificate with serial number 13:e0:b0:7a:ab:88:ca:dd:f1:f4:03:10:51:b2:8d:e1 was issued on by VeriSign, Inc. .

While the certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates.

Cerificate errors/warnings *beta

  • WARNING: Using depricated TeletexString for '[Des Moines]'
  • WARNING: Using depricated TeletexString for '[Principal Financial Group]'
  • WARNING: Using depricated TeletexString for '[Principal Financial Group]'
  • WARNING: Using depricated TeletexString for '[sso.principal.com]'

Principal Financial Group

Organization: Principal Financial Group
Organization unit: Principal Financial Group
State / Province: Iowa
Locality: Des Moines
Country: US

VeriSign, Inc.

Organization: VeriSign, Inc.
Organization unit: VeriSign Trust Network
Organization unit: Terms of use at https://www.verisign.com/rpa (c)10
State / Province: Iowa
Locality: Des Moines
Country: US

Time since certificate expired

This certificate has expire since

Certificate Details

Serial Number (hex): 13:e0:b0:7a:ab:88:ca:dd:f1:f4:03:10:51:b2:8d:e1
Serial Number (int): 26421985839238581011319106155584851425
Serial Number lenght: 125 bits, 16 octets

SubjectKeyId:
AuthorityKeyId: 0d:44:5c:16:53:44:c1:82:7e:1d:20:ab:25:f4:01:63:d8:be:79:a5

Fingerprint (sha1): 39:de:68:c0:3e:83:d5:ce:fe:16:33:71:5e:8c:26:e0:e0:97:10:6f
Fingerprint (sha256): 0a:18:b9:19:91:44:3d:ef:7a:0c:9a:24:13:ce:87:3e:0b:11:13:7c:c1:3c:86:fd:aa:87:b9:9c:d1:54:36:3e

Issuing Certificate URL: http://SVRSecure-G3-aia.verisign.com/SVRSecureG3.cer

Revocation information

OCSP Server: http://ocsp.verisign.com
CRL Distribution Point: http://SVRSecure-G3-crl.verisign.com/SVRSecureG3.crl

Check the revocation status for the current certificate on sso.principal.com
1
DNS Names
0
Email Addresses
0
IP Addresses

Advanced Certificate Properties

Technical details about this certificate


Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA1 with RSA



Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

8 extensions
No unhandled critical extensions



CA Certificate

This is not a CA certificate

Subject Alternative Names

This certificate doesn't contain any other subject alternative names besides the common name of the subject: sso.principal.com

Certificate

The complete raw certificate details in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE----- MIIFWTCCBEGgAwIBAgIQE+CwequIyt3x9AMQUbKN4TANBgkqhkiG9w0BAQUFADCB tTELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykxMDEvMC0GA1UEAxMm VmVyaVNpZ24gQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzMwHhcNMTIwODI0 MDAwMDAwWhcNMTQwOTE0MjM1OTU5WjCBlTELMAkGA1UEBhMCVVMxDTALBgNVBAgT BElvd2ExEzARBgNVBAcUCkRlcyBNb2luZXMxIjAgBgNVBAoUGVByaW5jaXBhbCBG aW5hbmNpYWwgR3JvdXAxIjAgBgNVBAsUGVByaW5jaXBhbCBGaW5hbmNpYWwgR3Jv dXAxGjAYBgNVBAMUEXNzby5wcmluY2lwYWwuY29tMIIBIjANBgkqhkiG9w0BAQEF AAOCAQ8AMIIBCgKCAQEA1FDDsTYNsY2dk4BAglu8Prqx1NF6ffU2MFzwUFH77UsS Tq5d5AVEnduecslgUwistQJCdc8zVJa4FSheWCcLlFJFw2YvPWc83bFoG1SZfULz jpB1itpNmX9YSHvdhcmp4pSgioxDkwGTMOD6Ug2guO14W1JkkgHxKJJDH1Af6Sbs Uzhq+xXWMX8ieip+xrTk/0DQiPNgUu+TiUlCVsDjENvUiuggF+Fj+YfER3uDSihy TIYPbKhred8fRSpGKMfq+Lv4qSfR0erMJaU1dRfl3jtMPtwjcTV8CCz+EGsPk91t 4iG1k9gryulKvydc74zYRcAIiVBJZKcdGKty3u9xawIDAQABo4IBgTCCAX0wHAYD VR0RBBUwE4IRc3NvLnByaW5jaXBhbC5jb20wCQYDVR0TBAIwADAOBgNVHQ8BAf8E BAMCBaAwRQYDVR0fBD4wPDA6oDigNoY0aHR0cDovL1NWUlNlY3VyZS1HMy1jcmwu dmVyaXNpZ24uY29tL1NWUlNlY3VyZUczLmNybDBDBgNVHSAEPDA6MDgGCmCGSAGG +EUBBzYwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL2Nw czAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHwYDVR0jBBgwFoAUDURc FlNEwYJ+HSCrJfQBY9i+eaUwdgYIKwYBBQUHAQEEajBoMCQGCCsGAQUFBzABhhho dHRwOi8vb2NzcC52ZXJpc2lnbi5jb20wQAYIKwYBBQUHMAKGNGh0dHA6Ly9TVlJT ZWN1cmUtRzMtYWlhLnZlcmlzaWduLmNvbS9TVlJTZWN1cmVHMy5jZXIwDQYJKoZI hvcNAQEFBQADggEBAIoxlxHgQD7JMzX+V82OEIwTWETzElYxdvwSCmI8dulfy0Mq IFPgpTkIthe/Boevc5sheDTotNoMuoyMXTLnKTkXzEgSY297+3ZIZO3ePZrdfCBh PrX1X2bMKniN98YqGJGkxOZZCIaqlkGyvMBTy6KxFK8dy2mOgKGiivH+Ww0ZUCX3 2vmQH271erMHmqY3BrTjJx2s35L8MuMxQny51QscF+pj1HHdNiNwnqU490EmPWOY c1CZNHZgF8DPK/vKUnX8VoahVBNnmjOMniuEmPbcECgqmYYTmm0OtI2p6Eo0k/tb WxQx3h63NZ6/7Ys/BxV0mtAL5NUckIJrGFRUZLs= -----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1FDDsTYNsY2dk4BAglu8 Prqx1NF6ffU2MFzwUFH77UsSTq5d5AVEnduecslgUwistQJCdc8zVJa4FSheWCcL lFJFw2YvPWc83bFoG1SZfULzjpB1itpNmX9YSHvdhcmp4pSgioxDkwGTMOD6Ug2g uO14W1JkkgHxKJJDH1Af6SbsUzhq+xXWMX8ieip+xrTk/0DQiPNgUu+TiUlCVsDj ENvUiuggF+Fj+YfER3uDSihyTIYPbKhred8fRSpGKMfq+Lv4qSfR0erMJaU1dRfl 3jtMPtwjcTV8CCz+EGsPk91t4iG1k9gryulKvydc74zYRcAIiVBJZKcdGKty3u9x awIDAQAB -----END PUBLIC KEY-----

ASN1 Decoded

[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 26421985839238581011319106155584851425 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.5 (sha1WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'VeriSign, Inc.' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'VeriSign Trust Network' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Terms of use at https://www.verisign.com/rpa (c)10' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'VeriSign Class 3 Secure Server CA - G3' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2012-08-24 00:00:00 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2014-09-14 23:59:59 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Iowa' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName) . . . . . . . . . . . . . . . . . . . . [c:0|t:20|false] TeletexString, T61String 'Des Moines' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:20|false] TeletexString, T61String 'Principal Financial Group' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName) . . . . . . . . . . . . . . . . . . . . [c:0|t:20|false] TeletexString, T61String 'Principal Financial Group' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:20|false] TeletexString, T61String 'sso.principal.com' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 26802347074027061262995550240638544619974335080897288733141570217165066681014700038809645719422187796717571303694888537902114628246344053937380050891251838580664424521516644206837397419586781613571846446291697233518268033959577233150077948147550821593543557010952146446464750751739304901926148455383971186606029896562027918622904374124248970781222183439625592401528039946342521566163652986619234294159859232630626301896802842827936820664614082497806808426261966539790255274971659551231785820937390302379536967587288111504792758149516303863765391663006543365734569294992762057516453754901661477088424912277587262140779 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (21 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'sso.principal.com' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (62 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://SVRSecure-G3-crl.verisign.com/SVRSecureG3.crl' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (60 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.113733.1.7.54 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.verisign.com/cps' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 0d445c165344c1827e1d20ab25f40163d8be79a5 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (106 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.verisign.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://SVRSecure-G3-aia.verisign.com/SVRSecureG3.cer' . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.5 (sha1WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 008a319711e0403ec93335fe57cd8e108c135844f312563176fc120a623c76e95fcb432a2053e0a53908b617bf0687af739b217834e8b4da0cba8c8c5d32e7293917cc4812636f7bfb764864edde3d9add7c20613eb5f55f66cc2a788df7c62a1891a4c4e6590886aa9641b2bcc053cba2b114af1dcb698e80a1a28af1fe5b0d195025f7daf9901f6ef57ab3079aa63706b4e3271dacdf92fc32e331427cb9d50b1c17ea63d471dd3623709ea538f741263d639873509934766017c0cf2bfbca5275fc5686a15413679a338c9e2b8498f6dc10282a9986139a6d0eb48da9e84a3493fb5b5b1431de1eb7359ebfed8b3f0715749ad00be4d51c90826b18545464bb