universal.postfinance.ch
- PostFinance AG -
Issued by SwissSign RSA TLS OV ICA 2022 - 1
About this certificate
This digital certificate with serial number 51:62:1d:71:20:d4:47:69:81:70:5e:cf:b0:24:e9:8b:e7:3a:90:59 was issued on by SwissSign AG.
This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
- Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)
PostFinance AG
Organization:
PostFinance AG
State / Province:
BE
Locality: Bern
Country: CH
Locality: Bern
Country: CH
SwissSign AG
Organization:
SwissSign AG
Country:
CH
This certificate will expire on
Certificate Details
Serial Number (hex): 51:62:1d:71:20:d4:47:69:81:70:5e:cf:b0:24:e9:8b:e7:3a:90:59Serial Number (int): 464616290218023996853179306295666307354844631129
Serial Number lenght: 159 bits, 20 octets
SubjectKeyId: 44:27:98:ad:65:6f:7f:7f:33:2b:5a:84:5f:7c:2f:5c:90:e9:30:e3
AuthorityKeyId: 7c:6f:0a:6f:13:0f:d9:8c:24:6f:26:34:f3:5c:6b:43:6d:b7:23:b6
Fingerprint (sha1): ac:53:e7:ed:7f:3a:db:b1:da:8b:fc:67:8d:b0:11:d3:d1:a8:50:25
Fingerprint (sha256): 13:a4:99:be:1a:31:23:8d:8b:58:f7:b6:11:e2:18:de:59:12:e0:e7:75:c8:97:5f:2b:95:5c:a6:b0:86:1a:f1
Issuing Certificate URL: http://aia.swisssign.ch/air-0f2bf9a5-dd37-48c9-a85b-12acdcb8be45
Revocation information
OCSP Server: http://ocsp.swisssign.ch/sign/ocs-aaccced5-66e8-4069-9b1b-fd29ab73efecCRL Distribution Point: http://crl.swisssign.ch/cdp-96b62f5a-6b73-4da4-87f7-ce4002c1cd34
Check the revocation status for certificate universal.postfinance.ch
1
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for universal.postfinance.ch
Public Key Algorithm
RSA
Key Size
4096
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
9 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
universal.postfinance.ch
Other certificates including the domain name postfinance.ch
(limited to 100 certificates)
www.postfinance.ch
e-archiv.postfinance.ch
aliasreg.postfinance.ch
e-finance.postfinance.ch
jobs.postfinance.ch
pfportalmo.postfinance.ch
csgw-test.postfinance.ch
proof.doc-shop.postfinance.ch
commercioestero.postfinance.ch
egw-test.postfinance.ch
e-payment.postfinance.ch
pfsb-admin-test.postfinance.ch
sventest.postfinance.ch
claims.versicherungen.postfinance.ch
youth.postfinance.ch
pfportalext-test.postfinance.ch
sgtm.postfinance.ch
sipskypebe.post.ch
partnerteststatus.postfinance.ch
pfsb-admin-test.postfinance.ch
smartbusiness.postfinance.ch
onlinehypothek-test.postfinance.ch
www-poc-test.postfinance.ch
plano.postfinance.ch
mapps-test.postfinance.ch
www.wcm-test.postfinance.ch
www.doc-shop.postfinance.ch
testplattform.postfinance.ch
oauth.postfinance.ch
privatkredit-peprod.postfinance.ch
www.postfinance.ch
ok-api-test.postfinance.ch
dev.plusfinance.postfinance.ch
outlook.post.ch
benefit.postfinance.ch
egw.postfinance.ch
versicherungen.postfinance.ch
bqztyw.postfinance.ch
ebics-test.postfinance.ch
sventest.postfinance.ch
pfsb-test.postfinance.ch
universal-t2.postfinance.ch
egw-test.postfinance.ch
3dsec.postfinance.ch
dev.tilbago.postfinance.ch
partnerteststatus.postfinance.ch
pfportalmo.postfinance.ch
sipskypebe.post.ch
ep2test2.postfinance.ch
dev.young.postfinance.ch
tilbago.postfinance.ch
statusitservices.postfinance.ch
events-test.postfinance.ch
digitalpfc.int.postfinance.ch
pfportalmo-test.postfinance.ch
sventest.postfinance.ch
survalyzer.postfinance.ch
pizzaportfolio.postfinance.ch
m.commercioestero.postfinance.ch
rivista.postfinance.ch
ai.ep2.postfinance.ch
ef-t2.postfinance.ch
jira-dev.postfinance.ch
epayment.postfinance.ch
www-test.postfinance.ch
sandbox1.postfinance.ch
sandbox1.postfinance.ch
collector-test.postfinance.ch
mapps-test.postfinance.ch
sventest.postfinance.ch
egw.postfinance.ch
hosting.postfinance.ch
nladh-t2.postfinance.ch
aussenhandel.postfinance.ch
plano.postfinance.ch
epayment.postfinance.ch
yellowpay.postfinance.ch
universal.postfinance.ch
nlsec.postfinance.ch
challengethefuture.postfinance.ch
skypeweb.post.ch
pfsb.postfinance.ch
plano.postfinance.ch
pfportalmo.postfinance.ch
events-test.postfinance.ch
csgw-t2.postfinance.ch
ep2test.postfinance.ch
epayment-test.postfinance.ch
dev.magazine.postfinance.ch
mapps.postfinance.ch
ef-t2.postfinance.ch
universal.postfinance.ch
meet.post.ch
young.postfinance.ch
epayment.postfinance.ch
www-test.postfinance.ch
pfportalmo-test.postfinance.ch
e-trading.postfinance.ch
www-test.postfinance.ch
www-poc-test.postfinance.ch
e-archiv.postfinance.ch
aliasreg.postfinance.ch
e-finance.postfinance.ch
jobs.postfinance.ch
pfportalmo.postfinance.ch
csgw-test.postfinance.ch
proof.doc-shop.postfinance.ch
commercioestero.postfinance.ch
egw-test.postfinance.ch
e-payment.postfinance.ch
pfsb-admin-test.postfinance.ch
sventest.postfinance.ch
claims.versicherungen.postfinance.ch
youth.postfinance.ch
pfportalext-test.postfinance.ch
sgtm.postfinance.ch
sipskypebe.post.ch
partnerteststatus.postfinance.ch
pfsb-admin-test.postfinance.ch
smartbusiness.postfinance.ch
onlinehypothek-test.postfinance.ch
www-poc-test.postfinance.ch
plano.postfinance.ch
mapps-test.postfinance.ch
www.wcm-test.postfinance.ch
www.doc-shop.postfinance.ch
testplattform.postfinance.ch
oauth.postfinance.ch
privatkredit-peprod.postfinance.ch
www.postfinance.ch
ok-api-test.postfinance.ch
dev.plusfinance.postfinance.ch
outlook.post.ch
benefit.postfinance.ch
egw.postfinance.ch
versicherungen.postfinance.ch
bqztyw.postfinance.ch
ebics-test.postfinance.ch
sventest.postfinance.ch
pfsb-test.postfinance.ch
universal-t2.postfinance.ch
egw-test.postfinance.ch
3dsec.postfinance.ch
dev.tilbago.postfinance.ch
partnerteststatus.postfinance.ch
pfportalmo.postfinance.ch
sipskypebe.post.ch
ep2test2.postfinance.ch
dev.young.postfinance.ch
tilbago.postfinance.ch
statusitservices.postfinance.ch
events-test.postfinance.ch
digitalpfc.int.postfinance.ch
pfportalmo-test.postfinance.ch
sventest.postfinance.ch
survalyzer.postfinance.ch
pizzaportfolio.postfinance.ch
m.commercioestero.postfinance.ch
rivista.postfinance.ch
ai.ep2.postfinance.ch
ef-t2.postfinance.ch
jira-dev.postfinance.ch
epayment.postfinance.ch
www-test.postfinance.ch
sandbox1.postfinance.ch
sandbox1.postfinance.ch
collector-test.postfinance.ch
mapps-test.postfinance.ch
sventest.postfinance.ch
egw.postfinance.ch
hosting.postfinance.ch
nladh-t2.postfinance.ch
aussenhandel.postfinance.ch
plano.postfinance.ch
epayment.postfinance.ch
yellowpay.postfinance.ch
universal.postfinance.ch
nlsec.postfinance.ch
challengethefuture.postfinance.ch
skypeweb.post.ch
pfsb.postfinance.ch
plano.postfinance.ch
pfportalmo.postfinance.ch
events-test.postfinance.ch
csgw-t2.postfinance.ch
ep2test.postfinance.ch
epayment-test.postfinance.ch
dev.magazine.postfinance.ch
mapps.postfinance.ch
ef-t2.postfinance.ch
universal.postfinance.ch
meet.post.ch
young.postfinance.ch
epayment.postfinance.ch
www-test.postfinance.ch
pfportalmo-test.postfinance.ch
e-trading.postfinance.ch
www-test.postfinance.ch
www-poc-test.postfinance.ch
Certificate
The complete raw certificate details for universal.postfinance.ch in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIJxjCCB66gAwIBAgIUUWIdcSDUR2mBcF7PsCTpi+c6kFkwDQYJKoZIhvcNAQEL BQAwUDELMAkGA1UEBhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEqMCgGA1UE AxMhU3dpc3NTaWduIFJTQSBUTFMgT1YgSUNBIDIwMjIgLSAxMB4XDTI0MDUxMzA3 MzM1M1oXDTI1MDUxMzA3MzM1M1owZTELMAkGA1UEBhMCQ0gxCzAJBgNVBAgMAkJF MQ0wCwYDVQQHDARCZXJuMRcwFQYDVQQKDA5Qb3N0RmluYW5jZSBBRzEhMB8GA1UE AxMYdW5pdmVyc2FsLnBvc3RmaW5hbmNlLmNoMIICIjANBgkqhkiG9w0BAQEFAAOC Ag8AMIICCgKCAgEAqXrXEipoXJZ9NyW6xtvRcJw240GEBqccfATCq0Z61UgIVr/1 DO8SM3cREjQTdn203wEFvbhSnDstMSWnpGYSnSdV3t03LOMbAeQcVGT3TmM+vOSE uvc4I/XunTBF9JskDnTz4sbnvla89UCMd8PjodIYT2CEVTLEweeAsrgDgGqmL7Uo G5mLWfjsLs0Rq5fDsgL1giuoLflzfJDDFXnzUPk7iCmmXsAfNeZ5SO38ZbEYFtKC aBa5mJeuL/nvvRxcMH0wV3chn5Bo11c4Oa/wrYp25NnN1DgKshQ+xvpWQrdJE3Mc bFTd6YlgiGUQHwVb8HQOOv6pZXhKdAx+a6sFErlxGTgvyTQNYcA+0hCK2ezA49do XvebGQScmB899nffKvX7iSEstOZH4PdnDHDqhmRZLk+eDSmEzY3iA9QV6iT6Qgh5 VooocczvPISXI4K8LIKlvS89R0Q7QH3Bq9uQig8QhOUhd8xtdGdZ18rCPeO2h1PB pMVe7aLgAn15qxTD7VYJanWppewWH8bh/DtiEAbKWY84Wei99/CKKpJVMvdoXmDC 6X8G1ppL+grbohA5uySkwwXxSECRLc50YhFCvYSXl+OSC/toKDqxMYe9qC3wJsid lf6QncJttQOmhd5IuUcAHSVEN+Qk0ufYYqq5ofEsbvYtAK4VHDDHssMEx/UCAwEA AaOCBIEwggR9MIGyBggrBgEFBQcBAQSBpTCBojBMBggrBgEFBQcwAoZAaHR0cDov L2FpYS5zd2lzc3NpZ24uY2gvYWlyLTBmMmJmOWE1LWRkMzctNDhjOS1hODViLTEy YWNkY2I4YmU0NTBSBggrBgEFBQcwAYZGaHR0cDovL29jc3Auc3dpc3NzaWduLmNo L3NpZ24vb2NzLWFhY2NjZWQ1LTY2ZTgtNDA2OS05YjFiLWZkMjlhYjczZWZlYzBv BgNVHSAEaDBmMAgGBmeBDAECAjAIBgYEAI96AQcwUAYIYIV0AVkCAQIwRDBCBggr BgEFBQcCARY2aHR0cHM6Ly9yZXBvc2l0b3J5LnN3aXNzc2lnbi5jb20vU3dpc3NT aWduX0NQU19UTFMucGRmMFEGA1UdHwRKMEgwRqBEoEKGQGh0dHA6Ly9jcmwuc3dp c3NzaWduLmNoL2NkcC05NmI2MmY1YS02YjczLTRkYTQtODdmNy1jZTQwMDJjMWNk MzQwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA4GA1UdDwEB/wQEAwIF oDAjBgNVHREEHDAaghh1bml2ZXJzYWwucG9zdGZpbmFuY2UuY2gwHQYDVR0OBBYE FEQnmK1lb39/MytahF98L1yQ6TDjMB8GA1UdIwQYMBaAFHxvCm8TD9mMJG8mNPNc a0NttyO2MIICbAYKKwYBBAHWeQIEAgSCAlwEggJYAlYAdgAo4oE4/YMhRemp1qp1 N22Dd6iFErPAf3JBSCHcvemMZgAAAY9w31MoAAAEAwBHMEUCIDFX6qcQNMn1wROn mQxk8xeZs2++b4XBiyQWzhqJLCvMAiEAwjKgxtKzzYbglkR9A5hjBCLzrDYOAomy CNNFPEAMrRwAdQDgkrP8DB3I52g2H95huZZNClJ4GYpy1nLEsE2lbW9UBAAAAY9w 31DbAAAEAwBGMEQCIF/I3nMbItX/r25+ibqBQ7+wvUcAsmZWyz7OnnNROReqAiAr HKvtytwGd4KYPdCzqmwjEJkKqoxDbNac479NsfA5xwB1AM8RVu7VLnyv84db2Wku m+kacWdKsBfsrAHSW3fOzDsIAAABj3DfT5YAAAQDAEYwRAIgRogop/6O698wChNK hFxM4sQNQ6P00fu+WqFVTH4EpQoCIFLLrQ+hczHr2YnQDbrudL1orOqOfh/VhQor qG6H0stQAHYAzPsPaoVxCWX+lZtTzumyfCLphVwNl422qX5UwP5MDbAAAAGPcN9P 7QAABAMARzBFAiEAglMpSrr24HbqDwNT9JSsjLp8cgBDhEs83D0OYQfSUB8CIF8i YVrpaDE7YVtalRUPn1fSQ8xTzOQzmZIDI9dJHYY/AHYATnWjJ1yaEMM4W2zU3z9S 6x3w4I4bjWnAsfpksWKaOd8AAAGPcN9PywAABAMARzBFAiEA8KRxf7BulwMxuKNO TqRoi4ZY0BbkXJAh06rPp6IzPT4CIBP0P4WE1d2GY8Scbk9yOhE3d66p5NwrVLOA 51HfEULuMA0GCSqGSIb3DQEBCwUAA4ICAQAfnmM+wAUdi+Df2f9AWIyziFXDuEJP XmwhXXF4IkJ8v3MAYjNq4pB9N52hS68xV+glHGeIOvl6mQhO8ZK7YFBhObUp1Au6 eufteJpvWG+s2gDtKvaHFBmrVa8Xe+oEr7EX7Q6co6TuTJvuqGF9l5swVNHTEo4b G9efuNn4PR7niFgU23PsPGt+rp4Jv9ZztYTDqbHpuD68Kh3yE4R7cACO8JqmHPDq ANnsCQ69p7zNjwY0YEr+yT/XbKS/pQTfDtVJLAgtN9RIpBAQtuZKvykODVuE/xhH iemc3l5G5n5ilp9x3gujjInYabwEt2GcDQaERjtkjJdP6rhQUCf7c5/J7ci92owp 36aqqLM574JWiZQYIqBWiuMUKmNTtBRtgppNzCMPIc+yZYdcug63a3fVtQG1xZIP 3pReTAvJvJ1mMM22idIpOPr7SiXl6PmqrNv/MbMQ2A4sQuVlWK5gd00K4a3KM/wh W3i+67tzlNsGx+xZnX1CfdsvSQ/6dzmebBY6U0sinnToAkuzHahNVAKa+kmgjp1R eYGNVsIxwCvZ6yjHdFFbWydSz60N4xXgXUhRi0RBHksDaSH4OY/vjq8r6du5yGxT 5QYZ4sAcKV1msmugCQtQWhG08GewUU+8TJCMhonbR3GELoT07JozCz8u5jekm0aH /ZjLyYi9A7/dCA== -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAqXrXEipoXJZ9NyW6xtvR cJw240GEBqccfATCq0Z61UgIVr/1DO8SM3cREjQTdn203wEFvbhSnDstMSWnpGYS nSdV3t03LOMbAeQcVGT3TmM+vOSEuvc4I/XunTBF9JskDnTz4sbnvla89UCMd8Pj odIYT2CEVTLEweeAsrgDgGqmL7UoG5mLWfjsLs0Rq5fDsgL1giuoLflzfJDDFXnz UPk7iCmmXsAfNeZ5SO38ZbEYFtKCaBa5mJeuL/nvvRxcMH0wV3chn5Bo11c4Oa/w rYp25NnN1DgKshQ+xvpWQrdJE3McbFTd6YlgiGUQHwVb8HQOOv6pZXhKdAx+a6sF ErlxGTgvyTQNYcA+0hCK2ezA49doXvebGQScmB899nffKvX7iSEstOZH4PdnDHDq hmRZLk+eDSmEzY3iA9QV6iT6Qgh5VooocczvPISXI4K8LIKlvS89R0Q7QH3Bq9uQ ig8QhOUhd8xtdGdZ18rCPeO2h1PBpMVe7aLgAn15qxTD7VYJanWppewWH8bh/Dti EAbKWY84Wei99/CKKpJVMvdoXmDC6X8G1ppL+grbohA5uySkwwXxSECRLc50YhFC vYSXl+OSC/toKDqxMYe9qC3wJsidlf6QncJttQOmhd5IuUcAHSVEN+Qk0ufYYqq5 ofEsbvYtAK4VHDDHssMEx/UCAwEAAQ== -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 464616290218023996853179306295666307354844631129 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CH' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'SwissSign AG' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'SwissSign RSA TLS OV ICA 2022 - 1' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-05-13 07:33:53 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-05-13 07:33:53 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CH' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName) . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'BE' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName) . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Bern' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'PostFinance AG' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'universal.postfinance.ch' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 691417441130913203213129471753772321306509971479185020088714282546050409952910974696222924353355741519406087945669963006258674701034169846822059043562661820800504107068573405724975703345369867959744037319551210915610390797524181347410472110365607691716260164498434409764744593677038409329508432345949899499732214360311333716156435988993666505016983466593403013887828667345407651963118817367234957508649976922887149116651449895876593856142370646984303733458765451907692025669854460860008414231601508753126826614473979454942613795801153994758773618599036231025080086104760939880156762806487952392791888301424984692051840565031547576401942588335456351357728384822620213576948715874901123838296365270894181958375223318800837222948228835251709212548841830028100942093413653450465402840437564133657645173164334149603891291596333489580554461899877296493938303806822738031430482312193891408150009319668913201204593678662552147542816218664183149293672367527582325518655877850417783401647667011621276817436077961306270295080213099815620617628905973081808707066858828979885829943204022127189141263471408667335134798211280032943043148415395451659533389488913331589745607363837772065370356711209079921707247756618913426296997595502227337370716149 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (165 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://aia.swisssign.ch/air-0f2bf9a5-dd37-48c9-a85b-12acdcb8be45' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.swisssign.ch/sign/ocs-aaccced5-66e8-4069-9b1b-fd29ab73efec' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (104 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 0.4.0.2042.1.7 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.756.1.89.2.1.2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://repository.swisssign.com/SwissSign_CPS_TLS.pdf' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (74 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.swisssign.ch/cdp-96b62f5a-6b73-4da4-87f7-ce4002c1cd34' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (28 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'universal.postfinance.ch' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) 442798ad656f7f7f332b5a845f7c2f5c90e930e3 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 7c6f0a6f130fd98c246f2634f35c6b436db723b6 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (604 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (600 bytes) 025600760028e28138fd832145e9a9d6aa75376d8377a88512b3c07f72414821dcbde98c660000018f70df5328000004030047304502203157eaa71034c9f5c113a7990c64f31799b36fbe6f85c18b2416ce1a892c2bcc022100c232a0c6d2b3cd86e096447d0398630422f3ac360e0289b208d3453c400cad1c007500e092b3fc0c1dc8e768361fde61b9964d0a5278198a72d672c4b04da56d6f54040000018f70df50db000004030046304402205fc8de731b22d5ffaf6e7e89ba8143bfb0bd4700b26656cb3ece9e73513917aa02202b1cabedcadc067782983dd0b3aa6c2310990aaa8c436cd69ce3bf4db1f039c7007500cf1156eed52e7caff3875bd9692e9be91a71674ab017ecac01d25b77cecc3b080000018f70df4f9600000403004630440220468828a7fe8eebdf300a134a845c4ce2c40d43a3f4d1fbbe5aa1554c7e04a50a022052cbad0fa17331ebd989d00dbaee74bd68acea8e7e1fd5850a2ba86e87d2cb50007600ccfb0f6a85710965fe959b53cee9b27c22e9855c0d978db6a97e54c0fe4c0db00000018f70df4fed00000403004730450221008253294abaf6e076ea0f0353f494ac8cba7c720043844b3cdc3d0e6107d2501f02205f22615ae968313b615b5a95150f9f57d243cc53cce43399920323d7491d863f0076004e75a3275c9a10c3385b6cd4df3f52eb1df0e08e1b8d69c0b1fa64b1629a39df0000018f70df4fcb0000040300473045022100f0a4717fb06e970331b8a34e4ea4688b8658d016e45c9021d3aacfa7a2333d3e022013f43f8584d5dd8663c49c6e4f723a113777aea9e4dc2b54b380e751df1142ee . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (4096 bits) 001f9e633ec0051d8be0dfd9ff40588cb38855c3b8424f5e6c215d717822427cbf730062336ae2907d379da14baf3157e8251c67883af97a99084ef192bb60506139b529d40bba7ae7ed789a6f586facda00ed2af6871419ab55af177bea04afb117ed0e9ca3a4ee4c9beea8617d979b3054d1d3128e1b1bd79fb8d9f83d1ee7885814db73ec3c6b7eae9e09bfd673b584c3a9b1e9b83ebc2a1df213847b70008ef09aa61cf0ea00d9ec090ebda7bccd8f0634604afec93fd76ca4bfa504df0ed5492c082d37d448a41010b6e64abf290e0d5b84ff184789e99cde5e46e67e62969f71de0ba38c89d869bc04b7619c0d0684463b648c974feab8505027fb739fc9edc8bdda8c29dfa6aaa8b339ef825689941822a0568ae3142a6353b4146d829a4dcc230f21cfb265875cba0eb76b77d5b501b5c5920fde945e4c0bc9bc9d6630cdb689d22938fafb4a25e5e8f9aaacdbff31b310d80e2c42e56558ae60774d0ae1adca33fc215b78beebbb7394db06c7ec599d7d427ddb2f490ffa77399e6c163a534b229e74e8024bb31da84d54029afa49a08e9d5179818d56c231c02bd9eb28c774515b5b2752cfad0de315e05d48518b44411e4b036921f8398fef8eaf2be9dbb9c86c53e50619e2c01c295d66b26ba0090b505a11b4f067b0514fbc4c908c8689db4771842e84f4ec9a330b3f2ee637a49b4687fd98cbc988bd03bfdd08