www.principal.com

Issued by VeriSign Class 3 Secure Server CA - G3

About this certificate


This digital certificate with serial number 53:d5:7f:5c:42:5b:85:26:5e:0e:be:37:16:d6:b0:96 was issued on by VeriSign, Inc. .

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. While the certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates.

Cerificate errors/warnings *beta

  • WARNING: Using depricated TeletexString for '[Des Moines]'
  • WARNING: Using depricated TeletexString for '[Principal Financial Group]'
  • WARNING: Using depricated TeletexString for '[Principal Financial Group]'
  • WARNING: Using depricated TeletexString for '[www.principal.com]'

Principal Financial Group

Organization: Principal Financial Group
Organization unit: Principal Financial Group
State / Province: Iowa
Locality: Des Moines
Country: US

VeriSign, Inc.

Organization: VeriSign, Inc.
Organization unit: VeriSign Trust Network
Organization unit: Terms of use at https://www.verisign.com/rpa (c)10
State / Province: Iowa
Locality: Des Moines
Country: US

Time since certificate expired

This certificate has expire since

Certificate Details

Serial Number (hex): 53:d5:7f:5c:42:5b:85:26:5e:0e:be:37:16:d6:b0:96
Serial Number (int): 111434466056563202490645647515914252438
Serial Number lenght: 127 bits, 16 octets

SubjectKeyId:
AuthorityKeyId: 0d:44:5c:16:53:44:c1:82:7e:1d:20:ab:25:f4:01:63:d8:be:79:a5

Fingerprint (sha1): 46:35:2f:64:09:f2:13:35:e2:b1:f0:db:62:4d:21:6a:db:01:c2:ca
Fingerprint (sha256): e0:7e:a2:9f:5c:c7:09:f6:e9:aa:66:25:99:75:42:a2:d1:f6:d3:ac:30:d5:2a:f4:67:77:ad:42:32:c0:a2:11

Issuing Certificate URL: http://SVRSecure-G3-aia.verisign.com/SVRSecureG3.cer

Revocation information

OCSP Server: http://ocsp.verisign.com
CRL Distribution Point: http://SVRSecure-G3-crl.verisign.com/SVRSecureG3.crl

Check the revocation status for the current certificate on www.principal.com
2
DNS Names
0
Email Addresses
0
IP Addresses

Advanced Certificate Properties

Technical details about this certificate


Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA1 with RSA



Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

8 extensions
No unhandled critical extensions



CA Certificate

This is not a CA certificate

Subject Alternative Names

www.principal.com
principal.com

Certificate

The complete raw certificate details in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE----- MIIFaDCCBFCgAwIBAgIQU9V/XEJbhSZeDr43FtawljANBgkqhkiG9w0BAQUFADCB tTELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykxMDEvMC0GA1UEAxMm VmVyaVNpZ24gQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzMwHhcNMTIwODA2 MDAwMDAwWhcNMTQwODMwMjM1OTU5WjCBlTELMAkGA1UEBhMCVVMxDTALBgNVBAgT BElvd2ExEzARBgNVBAcUCkRlcyBNb2luZXMxIjAgBgNVBAoUGVByaW5jaXBhbCBG aW5hbmNpYWwgR3JvdXAxIjAgBgNVBAsUGVByaW5jaXBhbCBGaW5hbmNpYWwgR3Jv dXAxGjAYBgNVBAMUEXd3dy5wcmluY2lwYWwuY29tMIIBIjANBgkqhkiG9w0BAQEF AAOCAQ8AMIIBCgKCAQEAvCRRDKyxSNXbFUj5m9wu1/m8JD8YlUTQbdnVOF2DiX/g D+d/hff8YtgsJezP0Jwn4O1m4Y41NRyzgSCKy/3YDxaLK41RP7avpJBSlHE81igw snV86BvXwLeaZaPt7hai0smqDMXvA3fvC4hxC0yiZ0lfwljtesVt9jaGHPLzJM1h 8ENSHZKz27D6atupD247+lZz1vQ1ASRPNrvJZRItzn0Gdk6UAnTWVeHhPM5OmzyT AHwEQloBs0wCBYZ+WAZcWK14t4hU9oYuS0OAgVGxHrWtuSEMH0cuyUKkBCi4o9w9 WNQlkgeb5piCDnqVlC8Z7IyDzmGSo3P5P0IJbTx0tQIDAQABo4IBkDCCAYwwKwYD VR0RBCQwIoIRd3d3LnByaW5jaXBhbC5jb22CDXByaW5jaXBhbC5jb20wCQYDVR0T BAIwADAOBgNVHQ8BAf8EBAMCBaAwRQYDVR0fBD4wPDA6oDigNoY0aHR0cDovL1NW UlNlY3VyZS1HMy1jcmwudmVyaXNpZ24uY29tL1NWUlNlY3VyZUczLmNybDBDBgNV HSAEPDA6MDgGCmCGSAGG+EUBBzYwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cu dmVyaXNpZ24uY29tL2NwczAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw HwYDVR0jBBgwFoAUDURcFlNEwYJ+HSCrJfQBY9i+eaUwdgYIKwYBBQUHAQEEajBo MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC52ZXJpc2lnbi5jb20wQAYIKwYBBQUH MAKGNGh0dHA6Ly9TVlJTZWN1cmUtRzMtYWlhLnZlcmlzaWduLmNvbS9TVlJTZWN1 cmVHMy5jZXIwDQYJKoZIhvcNAQEFBQADggEBAAQfk3S4izZquabCD8WnC8xRhNxV iWYHta9PRu5NeS7RhOxw6ENyjxRzDQ0hcieCCB1CaOUHBJX3QFNXKHH3FQIIleID pJNfRe15qswm/OoORlTjOF16K/BjpZZGbHFHfSDjUt6PbQBg1wK4E2VMtNNzvJOT Bn8EQBVMrjpQSNFTuwgm19mbXwMK/9A4jDkmx2r9+BCDNTYoa2hM551TyHFuc80g R8TgrUdnhhpmShAOQhaFYqfn5eCDKciTYPAL/8OOuA7YPQJ3UJUs31M4jRzpxesp nLFxZz7lr1YHONVcKpiqcLcgz9c7rOiJAy8gd7ILQxFDStJrcCHOTsCRPEM= -----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvCRRDKyxSNXbFUj5m9wu 1/m8JD8YlUTQbdnVOF2DiX/gD+d/hff8YtgsJezP0Jwn4O1m4Y41NRyzgSCKy/3Y DxaLK41RP7avpJBSlHE81igwsnV86BvXwLeaZaPt7hai0smqDMXvA3fvC4hxC0yi Z0lfwljtesVt9jaGHPLzJM1h8ENSHZKz27D6atupD247+lZz1vQ1ASRPNrvJZRIt zn0Gdk6UAnTWVeHhPM5OmzyTAHwEQloBs0wCBYZ+WAZcWK14t4hU9oYuS0OAgVGx HrWtuSEMH0cuyUKkBCi4o9w9WNQlkgeb5piCDnqVlC8Z7IyDzmGSo3P5P0IJbTx0 tQIDAQAB -----END PUBLIC KEY-----

ASN1 Decoded

[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 111434466056563202490645647515914252438 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.5 (sha1WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'VeriSign, Inc.' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'VeriSign Trust Network' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Terms of use at https://www.verisign.com/rpa (c)10' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'VeriSign Class 3 Secure Server CA - G3' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2012-08-06 00:00:00 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2014-08-30 23:59:59 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Iowa' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName) . . . . . . . . . . . . . . . . . . . . [c:0|t:20|false] TeletexString, T61String 'Des Moines' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:20|false] TeletexString, T61String 'Principal Financial Group' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName) . . . . . . . . . . . . . . . . . . . . [c:0|t:20|false] TeletexString, T61String 'Principal Financial Group' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:20|false] TeletexString, T61String 'www.principal.com' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 23750709716360382386794632167899310069067441549344803279585664047543572244442954868991242972465757321760623253753034166094820163523207097390131021772253487065851396230383380860176257597037550660787106326655994920039025359081297704789853971649403409928610978284486189324294676298674386501888621591015889709759636385856580323639336383162632151300264128893695851556373887395932238592942567931108547368684257464193436004559692222818224799305947594096645945483684341104816261239519767607976977914985503252263761584948515606982236559698795209442946944604134017173405361338933365501960779493881002197025647844432883016823989 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (36 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.principal.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'principal.com' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (62 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://SVRSecure-G3-crl.verisign.com/SVRSecureG3.crl' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (60 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.113733.1.7.54 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.verisign.com/cps' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 0d445c165344c1827e1d20ab25f40163d8be79a5 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (106 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.verisign.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://SVRSecure-G3-aia.verisign.com/SVRSecureG3.cer' . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.5 (sha1WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 00041f9374b88b366ab9a6c20fc5a70bcc5184dc55896607b5af4f46ee4d792ed184ec70e843728f14730d0d21722782081d4268e5070495f74053572871f715020895e203a4935f45ed79aacc26fcea0e4654e3385d7a2bf063a596466c71477d20e352de8f6d0060d702b813654cb4d373bc9393067f0440154cae3a5048d153bb0826d7d99b5f030affd0388c3926c76afdf810833536286b684ce79d53c8716e73cd2047c4e0ad4767861a664a100e42168562a7e7e5e08329c89360f00bffc38eb80ed83d027750952cdf53388d1ce9c5eb299cb171673ee5af560738d55c2a98aa70b720cfd73bace889032f2077b20b4311434ad26b7021ce4ec0913c43