www.vermont.gov

- State of Vermont -

Issued by GlobalSign Organization Validation CA - SHA256 - G2

About this certificate

This digital certificate with serial number 24:37:a7:d3:f6:56:16:ab:21:c5:00:98 was issued on by GlobalSign nv-sa.

With 54 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

State of Vermont

Organization: State of Vermont
State / Province: Vermont
Locality: Montpelier
Country: US

GlobalSign nv-sa

Organization: GlobalSign nv-sa
Country: BE

This certificate has expire since

Certificate Details

Serial Number (hex): 24:37:a7:d3:f6:56:16:ab:21:c5:00:98
Serial Number (int): 11208743818863265767756202136
Serial Number lenght: 94 bits, 12 octets

SubjectKeyId: df:6b:9e:36:3c:0c:68:97:f4:9a:0f:4a:5b:13:6d:dd:5f:64:6e:17
AuthorityKeyId: 96:de:61:f1:bd:1c:16:29:53:1c:c0:cc:7d:3b:83:00:40:e6:1a:7c

Fingerprint (sha1): 12:04:8b:e4:7d:95:dc:ca:1c:07:12:fa:bf:d6:6e:62:af:eb:83:33
Fingerprint (sha256): 27:f4:a1:e8:cc:68:d9:75:09:6a:e6:b8:27:8d:3b:ab:b4:de:f6:51:f9:fd:f2:5a:7a:3e:8c:0c:61:6e:89:87

Issuing Certificate URL: http://secure.globalsign.com/cacert/gsorganizationvalsha2g2r1.crt

Revocation information

OCSP Server: http://ocsp2.globalsign.com/gsorganizationvalsha2g2
CRL Distribution Point: http://crl.globalsign.com/gs/gsorganizationvalsha2g2.crl

Check the revocation status for certificate www.vermont.gov

54

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for www.vermont.gov

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

www.vermont.gov
www.802spirits.com
802spirits.com
ezpay4kids.vt.gov
accd.vermont.gov
agriculture.vermont.gov
anr.vermont.gov
aoa.vermont.gov
asd.vermont.gov
atp.vermont.gov
auditor.vermont.gov
bgs.vermont.gov
blueprintforhealth.vermont.gov
cispartners.vermont.gov
climatechange.vermont.gov
cmo.vermont.gov
craftcenters.vermont.gov
cto.vermont.gov
dail.vermont.gov
dbvi.vermont.gov
dcf.vermont.gov
dec.vermont.gov
defgen.vermont.gov
digitalservices.vermont.gov
dii.vermont.gov
dlp.vermont.gov
dmv.vermont.gov
dps.vermont.gov
e911.vermont.gov
education.vermont.gov
elearning.vermont.gov
epmo.vermont.gov
ethicscommission.vermont.gov
finance.vermont.gov
firesafety.vermont.gov
floodready.vermont.gov
floodtraining.vermont.gov
fpr.vermont.gov
ghsp.vermont.gov
gmcboard.vermont.gov
governor.vermont.gov
hcr.vermont.gov
healthcareinnovation.vermont.gov
healthdata.vermont.gov
hireus.vermont.gov
historicsites.vermont.gov
hrc.vermont.gov
ezpay4kids.vermont.gov
curator.vermont.gov
ddsd.vermont.gov
cvptaskforce.vermont.gov
secure.vermont.gov
src.vermont.gov
vermont.gov

Other certificates including the domain name vermont.gov

(limited to 100 certificates)
dhriu.vermont.gov
www.myvtax.vermont.gov
inside.vermont.gov
www.vermont.gov
ssl7.revizesites.com
anrmaps.vermont.gov
ismstg.apps.vermont.gov
*.healthconnect.vermont.gov
list.vermont.gov
ljfo.vermont.gov
e911ags.vermont.gov
usaherds.vermont.gov
matsdev.vtrans.vermont.gov
maps.vcgi.vermont.gov
1moreconversation.com
inside.vermont.gov
dev.maps.vcgi.vermont.gov
employerreporting.vermont.gov
gpnh.ngesi.vermont.gov
selfserve.education.state.vt.us
cloud.agriculture.vermont.gov
railtrails.vermont.gov
gs.tax.vermont.gov
*.professionals.vermont.gov
anrgeodata.vermont.gov
secure.vermont.gov
eoc.vermont.gov
1moreconversation.com
bedboard.vermont.gov
slds.education.vermont.gov
staging.mydmv.vermont.gov
geodata.vermont.gov
rms.vermont.gov
cloud.agriculture.vermont.gov
*.hsep.vermont.gov
ssl7.revizesites.com
anrgeodata.vermont.gov
legislature.vermont.gov
apps.health.vermont.gov
uipublic01.labor.vermont.gov
ACCDMaps.Vermont.gov
anrmaps.vermont.gov
list.vermont.gov
www.vermont.gov
Inside.Vermont.Gov
*.id.vermont.gov
peacham.vermont.gov
grants.vermont.gov
www.staging.vtpics.vermont.gov
edwa.vermont.gov
cloud.agriculture.vermont.gov
agriculturegrants.vermont.gov
maps.vermont.gov
secure.accd.vermont.gov
WebDBMS.ngesi.vermont.gov
preprod.slds.vermont.gov
anrmaps.vermont.gov
gs.vtrans.vermont.gov
*.healthconnect.vermont.gov
vtlottery.com
my.vermont.gov
retire.vermont.gov
ljfo.vermont.gov
apps.health.vermont.gov
bedboard.vermont.gov
dev.maps.vcgi.vermont.gov
legislature.vermont.gov
ssl7.revizesites.com
uipublic.labor.vermont.gov
maps.vermont.gov
1moreconversation.com
*.id.vermont.gov
sos.vermont.gov
*.hsep.vermont.gov
ssl7.revizesites.com
roadsidemarkers.vermont.gov
design.education.vermont.gov
*.ngesi.vermont.gov
childcareproviders.vermont.gov
160.166.tmcapital.com
*.apps.vermont.gov
vitws.labor.vermont.gov
www.usaplants.vermont.gov
test.slds.vermont.gov
www.rms.vermont.gov
cloud.agriculture.vermont.gov
ssl7.revizesites.com
*.professionals.vermont.gov
*.hsep.in.vermont.gov
maps.vcgi.vermont.gov
infotest.my.vermont.gov
www.vermont.gov
uipublic.labor.vermont.gov
apps.health.vermont.gov
dualenrollment.vermont.gov
ljfo.vermont.gov
lobbying.vermont.gov
orc.vermont.gov
*.hsep.vermont.gov
dev-dfr.gs.vermont.gov

Certificate

The complete raw certificate details for www.vermont.gov in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIJnjCCCIagAwIBAgIMJDen0/ZWFqshxQCYMA0GCSqGSIb3DQEBCwUAMGYxCzAJ
BgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTwwOgYDVQQDEzNH
bG9iYWxTaWduIE9yZ2FuaXphdGlvbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0g
RzIwHhcNMTkwNDA5MTQzODA2WhcNMTkwNzE0MTkxMTA0WjBpMQswCQYDVQQGEwJV
UzEQMA4GA1UECBMHVmVybW9udDETMBEGA1UEBxMKTW9udHBlbGllcjEZMBcGA1UE
ChMQU3RhdGUgb2YgVmVybW9udDEYMBYGA1UEAxMPd3d3LnZlcm1vbnQuZ292MIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw84U2XqYln3ktXPfA1Ts17Ko
r8WJfZhXB01WxGSOaiZB0wXLiZpPH94Nwq6ix2OqWGSb6v9CuARh0edg/EqiUauO
IhBOKBus1ST3MoL4eC1QB0hsy/DPSpjT47EDZXQ1D11KVVA7iWEUlE0jXOjwupon
q7OcYDe38gfUecqFt7VFaPZXBEkbpnKivJb4mM8IwsKYTDZmTyRg0tnxxyQYfqlX
En5x+kid3AmHolYTSw9BHDHUz1DZuyrwta+WNj+9U7zMsqP7ADhhyExnFd9SUBeD
XL/REmo2EUNQ2hTOTpFEmDc9IppV9HGPi5+3SMd6dVK8eMFD0p2XhEIei2/nKwID
AQABo4IGRzCCBkMwDgYDVR0PAQH/BAQDAgWgMIGgBggrBgEFBQcBAQSBkzCBkDBN
BggrBgEFBQcwAoZBaHR0cDovL3NlY3VyZS5nbG9iYWxzaWduLmNvbS9jYWNlcnQv
Z3Nvcmdhbml6YXRpb252YWxzaGEyZzJyMS5jcnQwPwYIKwYBBQUHMAGGM2h0dHA6
Ly9vY3NwMi5nbG9iYWxzaWduLmNvbS9nc29yZ2FuaXphdGlvbnZhbHNoYTJnMjBW
BgNVHSAETzBNMEEGCSsGAQQBoDIBFDA0MDIGCCsGAQUFBwIBFiZodHRwczovL3d3
dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzAIBgZngQwBAgIwCQYDVR0TBAIw
ADBJBgNVHR8EQjBAMD6gPKA6hjhodHRwOi8vY3JsLmdsb2JhbHNpZ24uY29tL2dz
L2dzb3JnYW5pemF0aW9udmFsc2hhMmcyLmNybDCCBGoGA1UdEQSCBGEwggRdgg93
d3cudmVybW9udC5nb3aCEnd3dy44MDJzcGlyaXRzLmNvbYIOODAyc3Bpcml0cy5j
b22CEWV6cGF5NGtpZHMudnQuZ292ghBhY2NkLnZlcm1vbnQuZ292ghdhZ3JpY3Vs
dHVyZS52ZXJtb250LmdvdoIPYW5yLnZlcm1vbnQuZ292gg9hb2EudmVybW9udC5n
b3aCD2FzZC52ZXJtb250LmdvdoIPYXRwLnZlcm1vbnQuZ292ghNhdWRpdG9yLnZl
cm1vbnQuZ292gg9iZ3MudmVybW9udC5nb3aCHmJsdWVwcmludGZvcmhlYWx0aC52
ZXJtb250LmdvdoIXY2lzcGFydG5lcnMudmVybW9udC5nb3aCGWNsaW1hdGVjaGFu
Z2UudmVybW9udC5nb3aCD2Ntby52ZXJtb250LmdvdoIYY3JhZnRjZW50ZXJzLnZl
cm1vbnQuZ292gg9jdG8udmVybW9udC5nb3aCEGRhaWwudmVybW9udC5nb3aCEGRi
dmkudmVybW9udC5nb3aCD2RjZi52ZXJtb250LmdvdoIPZGVjLnZlcm1vbnQuZ292
ghJkZWZnZW4udmVybW9udC5nb3aCG2RpZ2l0YWxzZXJ2aWNlcy52ZXJtb250Lmdv
doIPZGlpLnZlcm1vbnQuZ292gg9kbHAudmVybW9udC5nb3aCD2Rtdi52ZXJtb250
LmdvdoIPZHBzLnZlcm1vbnQuZ292ghBlOTExLnZlcm1vbnQuZ292ghVlZHVjYXRp
b24udmVybW9udC5nb3aCFWVsZWFybmluZy52ZXJtb250LmdvdoIQZXBtby52ZXJt
b250LmdvdoIcZXRoaWNzY29tbWlzc2lvbi52ZXJtb250LmdvdoITZmluYW5jZS52
ZXJtb250LmdvdoIWZmlyZXNhZmV0eS52ZXJtb250LmdvdoIWZmxvb2RyZWFkeS52
ZXJtb250LmdvdoIZZmxvb2R0cmFpbmluZy52ZXJtb250LmdvdoIPZnByLnZlcm1v
bnQuZ292ghBnaHNwLnZlcm1vbnQuZ292ghRnbWNib2FyZC52ZXJtb250LmdvdoIU
Z292ZXJub3IudmVybW9udC5nb3aCD2hjci52ZXJtb250LmdvdoIgaGVhbHRoY2Fy
ZWlubm92YXRpb24udmVybW9udC5nb3aCFmhlYWx0aGRhdGEudmVybW9udC5nb3aC
EmhpcmV1cy52ZXJtb250LmdvdoIZaGlzdG9yaWNzaXRlcy52ZXJtb250LmdvdoIP
aHJjLnZlcm1vbnQuZ292ghZlenBheTRraWRzLnZlcm1vbnQuZ292ghNjdXJhdG9y
LnZlcm1vbnQuZ292ghBkZHNkLnZlcm1vbnQuZ292ghhjdnB0YXNrZm9yY2UudmVy
bW9udC5nb3aCEnNlY3VyZS52ZXJtb250LmdvdoIPc3JjLnZlcm1vbnQuZ292ggt2
ZXJtb250LmdvdjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0O
BBYEFN9rnjY8DGiX9JoPSlsTbd1fZG4XMB8GA1UdIwQYMBaAFJbeYfG9HBYpUxzA
zH07gwBA5hp8MBMGCisGAQQB1nkCBAMBAf8EAgUAMA0GCSqGSIb3DQEBCwUAA4IB
AQCewyGTdztqAVKRycs+MrSyDCYKhG/NAaxC7WgsPZYURoxBMYkoVZbbVVEJxL5J
BSdJTSTLrV3452HtRLjqJo7IIUKhiJFQwuuDylSDpaIjpyNgQ6PSMbqXWyVqxz1G
Jar5ZyA6+hKrNrGGXtBLvDFBNlwCq9mwqBlEnNCYw64D1F0oxP79IBZxcpgr/XUt
Q2TfMZKayhu4JyhzksufbHIK1NPL3F6A6L5c8jsbzXuFu1HqoPpK5qRztS4PVmpc
6IOGg/IZQadXpH9N2he9MqcGToDk8xg1yNBoA9DMTk6pSrrGGQ6i33EAhzueh2By
Sns+szA+45IVbJINYjp7ghrN
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw84U2XqYln3ktXPfA1Ts
17Kor8WJfZhXB01WxGSOaiZB0wXLiZpPH94Nwq6ix2OqWGSb6v9CuARh0edg/Eqi
UauOIhBOKBus1ST3MoL4eC1QB0hsy/DPSpjT47EDZXQ1D11KVVA7iWEUlE0jXOjw
uponq7OcYDe38gfUecqFt7VFaPZXBEkbpnKivJb4mM8IwsKYTDZmTyRg0tnxxyQY
fqlXEn5x+kid3AmHolYTSw9BHDHUz1DZuyrwta+WNj+9U7zMsqP7ADhhyExnFd9S
UBeDXL/REmo2EUNQ2hTOTpFEmDc9IppV9HGPi5+3SMd6dVK8eMFD0p2XhEIei2/n
KwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 11208743818863265767756202136
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'BE'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GlobalSign nv-sa'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GlobalSign Organization Validation CA - SHA256 - G2'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-04-09 14:38:06 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-07-14 19:11:04 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Vermont'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Montpelier'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'State of Vermont'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.vermont.gov'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 24718092015677992627738068725672787352159131804000026263150768636737551912972181218189960249032263850339926644994154189036599015950118065141623604251368151132870952003390137813131615275785830045054451832070195305821309156524703937300746847216587946253425416853599117089922423256003658226986421289464627843583014227794544708558211909791055230434742064540697869878939459114181768976459180881205026827393792806480534518011491157980019709480916864440640007253115715758297133374234742317398893569949119879961684238236115379447598367919724170841966766063647926238278342754281062435130359651992682427928688361775412116711211
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (147 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://secure.globalsign.com/cacert/gsorganizationvalsha2g2r1.crt'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp2.globalsign.com/gsorganizationvalsha2g2'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (79 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.4146.1.20 (globalsignOVPolicy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.globalsign.com/repository/'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (66 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.globalsign.com/gs/gsorganizationvalsha2g2.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (1121 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.vermont.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.802spirits.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '802spirits.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ezpay4kids.vt.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'accd.vermont.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'agriculture.vermont.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'anr.vermont.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'aoa.vermont.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'asd.vermont.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'atp.vermont.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'auditor.vermont.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'bgs.vermont.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'blueprintforhealth.vermont.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cispartners.vermont.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'climatechange.vermont.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cmo.vermont.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'craftcenters.vermont.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cto.vermont.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dail.vermont.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dbvi.vermont.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dcf.vermont.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dec.vermont.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'defgen.vermont.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'digitalservices.vermont.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dii.vermont.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dlp.vermont.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dmv.vermont.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dps.vermont.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'e911.vermont.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'education.vermont.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'elearning.vermont.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'epmo.vermont.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ethicscommission.vermont.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'finance.vermont.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'firesafety.vermont.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'floodready.vermont.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'floodtraining.vermont.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'fpr.vermont.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ghsp.vermont.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'gmcboard.vermont.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'governor.vermont.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'hcr.vermont.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'healthcareinnovation.vermont.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'healthdata.vermont.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'hireus.vermont.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'historicsites.vermont.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'hrc.vermont.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ezpay4kids.vermont.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'curator.vermont.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ddsd.vermont.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cvptaskforce.vermont.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'secure.vermont.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'src.vermont.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'vermont.gov'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							df6b9e363c0c6897f49a0f4a5b136ddd5f646e17
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 96de61f1bd1c1629531cc0cc7d3b830040e61a7c
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		009ec32193773b6a015291c9cb3e32b4b20c260a846fcd01ac42ed682c3d9614468c413189285596db555109c4be490527494d24cbad5df8e761ed44b8ea268ec82142a1889150c2eb83ca5483a5a223a7236043a3d231ba975b256ac73d4625aaf967203afa12ab36b1865ed04bbc3141365c02abd9b0a819449cd098c3ae03d45d28c4fefd20167172982bfd752d4364df31929aca1bb827287392cb9f6c720ad4d3cbdc5e80e8be5cf23b1bcd7b85bb51eaa0fa4ae6a473b52e0f566a5ce8838683f21941a757a47f4dda17bd32a7064e80e4f31835c8d06803d0cc4e4ea94abac6190ea2df7100873b9e8760724a7b3eb3303ee392156c920d623a7b821acd