dmapi.service.tietoevry.com

- Tietoevry Oyj -

Issued by Thawte TLS RSA CA G1

About this certificate

This digital certificate with serial number 03:4e:22:38:b5:43:7b:22:86:b2:8b:41:2a:38:0f:29 was issued on by DigiCert Inc.

With 3 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Tietoevry Oyj

Organization: Tietoevry Oyj
Locality: ESPOO
Country: FI

DigiCert Inc

Organization: DigiCert Inc
Organization unit: www.digicert.com
Country: US

This certificate will expire on

Certificate Details

Serial Number (hex): 03:4e:22:38:b5:43:7b:22:86:b2:8b:41:2a:38:0f:29
Serial Number (int): 4393377237122455424884421664836161321
Serial Number lenght: 122 bits, 16 octets

SubjectKeyId: a8:00:ec:d8:36:c5:4c:6c:ef:b2:61:46:f5:16:80:a7:a7:c4:65:ed
AuthorityKeyId: a5:8c:fe:32:cc:eb:0f:2c:d4:19:c6:08:b8:00:24:88:5d:c3:c5:b7

Fingerprint (sha1): 5d:4a:49:61:b3:d7:74:c0:9d:78:07:32:e2:29:d9:6f:ed:af:8f:e9
Fingerprint (sha256): 24:bf:bc:f5:88:4f:f1:7c:eb:99:0a:d1:81:94:15:10:37:0c:3c:f4:81:2b:01:cc:fc:84:d3:8f:0c:d3:4b:1a

Issuing Certificate URL: http://cacerts.thawte.com/ThawteTLSRSACAG1.crt

Revocation information

OCSP Server: http://status.thawte.com
CRL Distribution Point: http://cdp.thawte.com/ThawteTLSRSACAG1.crl

Check the revocation status for certificate dmapi.service.tietoevry.com

3

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for dmapi.service.tietoevry.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

dmapi.service.tietoevry.com
dmapi.base.umnfi.net
dmapi.service.tieto.com

Other certificates including the domain name tietoevry.com

(limited to 100 certificates)
analytics.service.tieto.com
traefik.nextgendevops.tietoevry.com
backoffice-company.main.bauid.tietoevry.com
*.jpproject1.dev.devops.tietoevry.com
dashboard.nextgendevops.tietoevry.com
minio.chronos.tietoevry.com
apm.tietoevry.com
pile-turner.ci.chronos.tietoevry.com
*.tds-mvp18.dev.devops.tietoevry.com
chat-preview.tietoevry.com
test2.chronos.tietoevry.com
credit.api.tietoevry.com
apps.pasfin-qa.energydev.tietoevry.com
identity.bauid.tietoevry.com
live.experimental.chronos.tietoevry.com
sni.cloudflaressl.com
brand.tietoevry.com
*.test-api-test.stage.devops.tietoevry.com
temperature-store.security.nextgendevops.tietoevry.com
oneportal.tietoevry.com
message.tietoevry.com
*.petovsam.dev.devops.tietoevry.com
rancher.bauid.tietoevry.com
pile-turner.ci.stable.chronos.tietoevry.com
bix.tietoevry.com
se.wpa.tietoevry.com
cas.tietoevry.com
pile-turner.demo3.chronos.tietoevry.com
jenkinsdemo.nextgendevops.tietoevry.com
*.jkproject.dev.devops.tietoevry.com
cportal.service.tieto.com
cs-campaign.tietoevry.com
*.sandbox.dev.devops.tietoevry.com
vamui-preprod-tds.vam-saas.tietoevry.com
customer-experience.tieto.com
live.nightly.chronos.tietoevry.com
ui-components.stage.nextgendevops.tietoevry.com
temperature-store.security.nextgendevops.tietoevry.com
chat-preview.tietoevry.com
pre-prod-placeholder.cloud.tietoevry.com
status.test2.chronos.tietoevry.com
monitoring.chronos.tietoevry.com
lifecare-app.service.tietoevry.com
*.ls-project.dev.devops.tietoevry.com
testtest.ru.tietoevry.com
*.jkproject.dev.devops.tietoevry.com
lama.chronos.tietoevry.com
status.staging.stable.chronos.tietoevry.com
pile-turner.test3.chronos.tietoevry.com
www.tietoevry.com
*.tietoevry.com
*.demo3.chronos.tietoevry.com
dmapi.service.tietoevry.com
backoffice-bauid.test1.bauid.tietoevry.com
create.tietoevry.com
napfin.tietoevry.com
aggregation.api.tietoevry.com
lifecare-app.service.tietoevry.com
terpqa.tietoevry.com
bmo-vam-test.cloud.tietoevry.com
*.dpm.tietoevry.com
jenkins.nextgendevops.tietoevry.com
*.prod.chronos.tietoevry.com
pile-turner.stable.chronos.tietoevry.com
portal-employee.test2.bauid.tietoevry.com
status.test3.chronos.tietoevry.com
alertmanager.chronos.tietoevry.com
*.jkproject.dev.devops.tietoevry.com
status.nightly.chronos.tietoevry.com
sni.cloudflaressl.com
ru.tietoevry.com
staging.stable.chronos.tietoevry.com
pile-turner.demo1.chronos.tietoevry.com
*.test-api-test.stage.devops.tietoevry.com
view2.tietoevry.com
prometheus.chronos.tietoevry.com
lama.chronos.tietoevry.com
ar2020.tietoevry.com
lifecare-api.service.tietoevry.com
napind.tietoevry.com
*.tds-mvp10.test1.devops.tietoevry.com
tietoevry.com
rancher.maas.int.tietoevry.com
*.test-api-test.stage.devops.tietoevry.com
status.test1.chronos.tietoevry.com
temperature-store.e2e.nextgendevops.tietoevry.com
pile-turner.nightly.chronos.tietoevry.com
ci.stable.chronos.tietoevry.com
monitoring.chronos.tietoevry.com
banking.tietoevry.com
demo3.chronos.tietoevry.com
sonarqube.nextgendevops.tietoevry.com
sni.cloudflaressl.com
temperature-ui.e2e.nextgendevops.tietoevry.com
qa.chronos.tietoevry.com
bmo-ftp-test.cloud.tietoevry.com
ci.chronos.tietoevry.com
*.test-api-test.stage.devops.tietoevry.com
ar.tietoevry.com
demo.archiving.tietoevry.com

Certificate

The complete raw certificate details for dmapi.service.tietoevry.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIGkDCCBXigAwIBAgIQA04iOLVDeyKGsotBKjgPKTANBgkqhkiG9w0BAQsFADBe
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMR0wGwYDVQQDExRUaGF3dGUgVExTIFJTQSBDQSBHMTAe
Fw0yNDAxMjkwMDAwMDBaFw0yNTAyMjEyMzU5NTlaMFsxCzAJBgNVBAYTAkZJMQ4w
DAYDVQQHEwVFU1BPTzEWMBQGA1UEChMNVGlldG9ldnJ5IE95ajEkMCIGA1UEAxMb
ZG1hcGkuc2VydmljZS50aWV0b2V2cnkuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEArFOPgz57/MjkPZluGUdnrvjsndRwptYNgBsxuuXe1x7sU9jr
XMwn/AfVCsYHaJOrml69QlUgaFPtPZjaPE2AneT9td2ZRWsXL8qGc13FWxVMcngQ
aHgV+PdZuBNn9xI9PRjJxpZe7nPSLbxvNukuLNLRMQHeGYe+MWzXK3aEKAzuylxH
qG1fGOcXUQc5UZpIACGJ/ASJaEmhitmVItbh+ZaoQdf2WwBJv4h9w0iBJ5gbMZWM
9yIPLiQkZ8bzR39Ad/hsUYFAAjbrNt+ECnN2mx6TnRuDsPckYxhCrQDyTl89QJgH
iDeWi7g4vLqzj9tl3+2xyebnsk+N68OsH6mxKwIDAQABo4IDSzCCA0cwHwYDVR0j
BBgwFoAUpYz+MszrDyzUGcYIuAAkiF3DxbcwHQYDVR0OBBYEFKgA7Ng2xUxs77Jh
RvUWgKenxGXtMFUGA1UdEQROMEyCG2RtYXBpLnNlcnZpY2UudGlldG9ldnJ5LmNv
bYIUZG1hcGkuYmFzZS51bW5maS5uZXSCF2RtYXBpLnNlcnZpY2UudGlldG8uY29t
MD4GA1UdIAQ3MDUwMwYGZ4EMAQICMCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cu
ZGlnaWNlcnQuY29tL0NQUzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYB
BQUHAwEGCCsGAQUFBwMCMDsGA1UdHwQ0MDIwMKAuoCyGKmh0dHA6Ly9jZHAudGhh
d3RlLmNvbS9UaGF3dGVUTFNSU0FDQUcxLmNybDBwBggrBgEFBQcBAQRkMGIwJAYI
KwYBBQUHMAGGGGh0dHA6Ly9zdGF0dXMudGhhd3RlLmNvbTA6BggrBgEFBQcwAoYu
aHR0cDovL2NhY2VydHMudGhhd3RlLmNvbS9UaGF3dGVUTFNSU0FDQUcxLmNydDAM
BgNVHRMBAf8EAjAAMIIBgAYKKwYBBAHWeQIEAgSCAXAEggFsAWoAdwBOdaMnXJoQ
wzhbbNTfP1LrHfDgjhuNacCx+mSxYpo53wAAAY1UOJ9LAAAEAwBIMEYCIQCFIT2v
3N2ppcrbFDlDdIft6sHcbvGc8hGnp00Ejzx00wIhAIX/IwVDyEdgLEoejq0D+wqn
sD4YOY0OhJv7C1YPUFwTAHYAfVkeEuF4KnscYWd8Xv340IdcFKBOlZ65Ay/ZDowu
ebgAAAGNVDifUwAABAMARzBFAiEA0qCkonEPTFNDZseUQSC3e6A0ZCJmIopvSvut
NvdS06sCID7xLQU39ki/NiONdIJ4hM3+8rxbM16N110hnLT+dfpXAHcA5tIxY0B3
jMEQQQbXcbnOwdJA9paEhvu6hzId/R43jlAAAAGNVDifggAABAMASDBGAiEAy1ki
jfgBv7f1/P+K2a8uuZzKYSYb6dILTvZFoKiiElsCIQDaJsCFK/SxXzj3n+h/iOgl
TaZOwRrgBujsCN5dypczkTANBgkqhkiG9w0BAQsFAAOCAQEAEzWjzp/qOfnwRZZz
Lldxfxjjdzxc6eiutsgBSXY8/cuqTyfdi6YJeRIDYPa551dmXYdhr7b0q62wMybf
o+5+kklenBzsL8bhRI72FWKwJVLEbFxG5XdGYWfjYnunnl4PawMPW+pvJJHE1+21
6/f/kNnmIzCtb/HxUeSeNW9oPQqEyBdUEcKx2VPzv3ETbr3qSLpofIT16NUHME99
GceknhqYlIf5ylLCtoAWt4E/i5cRrY4iEW4nKCKUepQ6UQ9PZj18c6f7QdaMR+3U
Jtea2UZQmKQd9PubOC41IljHR7asiUoF2uqVqEIBno1zx3/tZUURiezIeRzfliVt
A7LGcA==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArFOPgz57/MjkPZluGUdn
rvjsndRwptYNgBsxuuXe1x7sU9jrXMwn/AfVCsYHaJOrml69QlUgaFPtPZjaPE2A
neT9td2ZRWsXL8qGc13FWxVMcngQaHgV+PdZuBNn9xI9PRjJxpZe7nPSLbxvNuku
LNLRMQHeGYe+MWzXK3aEKAzuylxHqG1fGOcXUQc5UZpIACGJ/ASJaEmhitmVItbh
+ZaoQdf2WwBJv4h9w0iBJ5gbMZWM9yIPLiQkZ8bzR39Ad/hsUYFAAjbrNt+ECnN2
mx6TnRuDsPckYxhCrQDyTl89QJgHiDeWi7g4vLqzj9tl3+2xyebnsk+N68OsH6mx
KwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 4393377237122455424884421664836161321
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Inc'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.digicert.com'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Thawte TLS RSA CA G1'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-01-29 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-02-21 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'FI'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'ESPOO'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Tietoevry Oyj'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'dmapi.service.tietoevry.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 21754193719976240385989643438185505703514059113393896936617998131147842452012197464202843360805797218808167514561711679844620701243361332549221899342849476906084162186184283323932679876684845985390667562949478365133890375754294347996064313466974039694557576314563139171794493996645011393959193792701437008273214048634066148599115113961981710720212583962658766244668601558156170844565771863410380401657926792198360768392998812783612734701915821962250823133974987519388903830744655543471597700060886747389474945883901694897168294756867440027950971175774849612279929354042940637845789680317283649386607234538086620311851
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName a58cfe32cceb0f2cd419c608b80024885dc3c5b7
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							a800ecd836c54c6cefb26146f51680a7a7c465ed
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (78 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dmapi.service.tietoevry.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dmapi.base.umnfi.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dmapi.service.tieto.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (55 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.digicert.com/CPS'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (52 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cdp.thawte.com/ThawteTLSRSACAG1.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (100 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://status.thawte.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.thawte.com/ThawteTLSRSACAG1.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (368 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (364 bytes)
							016a0077004e75a3275c9a10c3385b6cd4df3f52eb1df0e08e1b8d69c0b1fa64b1629a39df0000018d54389f4b000004030048304602210085213dafdcdda9a5cadb1439437487edeac1dc6ef19cf211a7a74d048f3c74d302210085ff230543c847602c4a1e8ead03fb0aa7b03e18398d0e849bfb0b560f505c130076007d591e12e1782a7b1c61677c5efdf8d0875c14a04e959eb9032fd90e8c2e79b80000018d54389f530000040300473045022100d2a0a4a2710f4c534366c7944120b77ba034642266228a6f4afbad36f752d3ab02203ef12d0537f648bf36238d74827884cdfef2bc5b335e8dd75d219cb4fe75fa57007700e6d2316340778cc1104106d771b9cec1d240f6968486fbba87321dfd1e378e500000018d54389f820000040300483046022100cb59228df801bfb7f5fcff8ad9af2eb99cca61261be9d20b4ef645a0a8a2125b022100da26c0852bf4b15f38f79fe87f88e8254da64ec11ae006e8ec08de5dca973391
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		001335a3ce9fea39f9f04596732e57717f18e3773c5ce9e8aeb6c80149763cfdcbaa4f27dd8ba60979120360f6b9e757665d8761afb6f4abadb03326dfa3ee7e92495e9c1cec2fc6e1448ef61562b02552c46c5c46e577466167e3627ba79e5e0f6b030f5bea6f2491c4d7edb5ebf7ff90d9e62330ad6ff1f151e49e356f683d0a84c8175411c2b1d953f3bf71136ebdea48ba687c84f5e8d507304f7d19c7a49e1a989487f9ca52c2b68016b7813f8b9711ad8e22116e272822947a943a510f4f663d7c73a7fb41d68c47edd426d79ad9465098a41df4fb9b382e352258c747b6ac894a05daea95a842019e8d73c77fed65451189ecc8791cdf96256d03b2c670