vpn.ge.ch

- Republique et Canton de Geneve -

Issued by SwissSign Server Gold CA 2014 - G22

About this certificate

This digital certificate with serial number 6d:09:00:a3:4d:e4:f3:ae:3b:c9:b6:b4:e1:86:d9:f6:27:3b:ed:8c was issued on by SwissSign AG.

This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • KeyUsage [ContentCommitment DataEncipherment DigitalSignature KeyEncipherment] (00001111) inconsistent with multiple purpose ExtKeyUsage [clientAuth serverAuth] The certificate MUST only be used for a purpose consistent with both key usage extension and extended key usage extension. (RFC 5280, Section 4.2.1.12.)
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Republique et Canton de Geneve

Organization: Republique et Canton de Geneve
Organization unit: OCSIN
State / Province: Geneve
Locality: Geneve
Country: CH

SwissSign AG

Organization: SwissSign AG
Country: CH

This certificate has expire since

Certificate Details

Serial Number (hex): 6d:09:00:a3:4d:e4:f3:ae:3b:c9:b6:b4:e1:86:d9:f6:27:3b:ed:8c
Serial Number (int): 622480756296150433651577948901867214376691035532
Serial Number lenght: 159 bits, 20 octets

SubjectKeyId: c4:07:25:84:1e:3b:ab:6e:75:eb:2c:d8:dc:15:47:38:34:21:7a:f0
AuthorityKeyId: e7:f1:e7:fd:2e:53:ad:11:e5:81:1a:57:a4:73:8f:12:7d:98:c8:ae

Fingerprint (sha1): 4b:ef:c3:73:83:19:40:b1:38:4b:35:bb:98:ea:b6:b8:32:a7:3c:9d
Fingerprint (sha256): 2a:da:e7:2e:89:f4:ae:52:ee:b3:0d:41:15:48:a8:e8:ab:40:fa:fe:fc:a1:d4:68:00:d4:bf:d3:43:7e:15:ed

Issuing Certificate URL: http://swisssign.net/cgi-bin/authority/download/E7F1E7FD2E53AD11E5811A57A4738F127D98C8AE

Revocation information

OCSP Server: http://gold-server-g2.ocsp.swisssign.net/E7F1E7FD2E53AD11E5811A57A4738F127D98C8AE
CRL Distribution Point: http://crl.swisssign.net/E7F1E7FD2E53AD11E5811A57A4738F127D98C8AE
CRL Distribution Point: ldap://directory.swisssign.net/CN=E7F1E7FD2E53AD11E5811A57A4738F127D98C8AE%2CO=SwissSign%2CC=CH?certificateRevocationList?base?objectClass=cRLDistributionPoint

Check the revocation status for certificate vpn.ge.ch

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for vpn.ge.ch

Public Key Algorithm

RSA

Key Size

4096

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Content Commitment
Key Encipherment
Data Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

vpn.ge.ch

Other certificates including the domain name ge.ch

(limited to 100 certificates)
impuserlabo000-ms.ceti.etat-ge.ch
gc.ge.ch
contacts.ge.ch
testeaspolb2b.ge.ch
ge.ch
vcscgv2-1.ceti.etat-ge.ch
pol.b2b.ge.ch
cucmuser000-ms.ceti.etat-ge.ch
vcscnhp-1.ceti.etat-ge.ch
justice.ge.ch
test.b2b.ge.ch
testmobilepol.ge.ch
portailadmin.ge.ch
portail.ge.ch
survey.cdc.ge.ch
*.ge.ch
testservices.b2b.ge.ch
vpntest.ge.ch
www.etat.ge.ch
REPUBLIQUE ET CANTON DE GENEVE
epi.ge.ch
testservices.b2b.ge.ch
test.b2b.ge.ch
mobilepol.ge.ch
securebox.epi.ge.ch
imap.gc.ge.ch
appconpol02.ge.ch
ge.ch
pexip.ge.ch
recensement.app.ge.ch
vcsclabo-2.ceti.etat-ge.ch
jabberguest.ge.ch
vcselabo-1.ge.ch
epi.ge.ch
impuser000-ms.ceti.etat-ge.ch
padbleu.ge.ch
idp.ge.ch
dgsiemmensrec.ge.ch
cucmuserlabo000-ms.ceti.etat-ge.ch
padpolice.ge.ch
ssl829352.cloudflaressl.com
testeasadmb2b.ge.ch
ge.ch
pexipedge.ge.ch
vcsenhp-1.ge.ch
pol.b2b.ge.ch
jabberguest.ge.ch
ge.ch
test.b2b.ge.ch
justice-doc-ext.ge.ch
eas.gc.ge.ch
pjdeploy01.ceti.etat-ge.ch
vcselabo-2.ge.ch
webmail.gc.ge.ch
test.b2b.ge.ch
jabbergexpe002.ge.ch
testeasadmb2b.ge.ch
vcscnhp-1.ceti.etat-ge.ch
polmi.b2b.ge.ch
epi.ge.ch
appconsae01.ge.ch
epi.ge.ch
vcselabo-2.ge.ch
www.etat.ge.ch
easpolb2b.ge.ch
padjustice.ge.ch
sni.cloudflaressl.com
www.ge.ch
ssl829350.cloudflaressl.com
securebox.epi.ge.ch
annuaire.ge.ch
epi.ge.ch
*.ge.ch
epi.ge.ch
cucmuserlabo000-ms.ceti.etat-ge.ch
cucmuser000-ms.ceti.etat-ge.ch
survey.cdc.ge.ch
*.ge.ch
portailwifiedu.ge.ch
pocdme.etat.ge.ch
amendes.ge.ch
vcsclabo-2.ceti.etat-ge.ch
videogw.ge.ch
amendes.ge.ch
vpn.ge.ch
test.b2b.ge.ch
portail.ge.ch
vcselabo-1.ge.ch
*.app4.ge.ch
etoile.ge.ch
outlook.ge.ch
amendes-rec.ge.ch
testpolmi.b2b.ge.ch
mdmacore01.ge.ch
ge.ch
ldapedu.ge.ch
testmobilepol.ge.ch
*.epi.ge.ch
participer-rec.ge.ch
*.ge.ch

Certificate

The complete raw certificate details for vpn.ge.ch in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIJGzCCCAOgAwIBAgIUbQkAo03k8647yba04YbZ9ic77YwwDQYJKoZIhvcNAQEL
BQAwUjELMAkGA1UEBhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEsMCoGA1UE
AxMjU3dpc3NTaWduIFNlcnZlciBHb2xkIENBIDIwMTQgLSBHMjIwHhcNMTkwODIy
MDkwNDAwWhcNMjEwODIyMDkwNDAwWjB8MQswCQYDVQQGEwJDSDEPMA0GA1UECBMG
R2VuZXZlMQ8wDQYDVQQHEwZHZW5ldmUxJzAlBgNVBAoTHlJlcHVibGlxdWUgZXQg
Q2FudG9uIGRlIEdlbmV2ZTEOMAwGA1UECxMFT0NTSU4xEjAQBgNVBAMTCXZwbi5n
ZS5jaDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMHZh2ua0ZOLGrip
UPCDwzsCyc1j2htrKm/6fIO2jYlSnHpnp7rRrCUWgBgE1pYCfMFy18ghC8a6CVjo
CyBwcvha3+ISEGKo21Gng0Wed6Kc19mDd+b9LgOZLOtf6X9M+LPIpTbcT73/LyZy
2IXrFTfd1yM9LbMnC3zXEyj77/PswcV+4xsrzTuHJF48MLLdAz0ChWJqrGvdC7YT
23KNKuQIn58r/hTQ6hbDDZxWm4mmCyZEwdFFAIWMQpjU48BJieuFjVHSNQXIZEaS
qO2D1IkT43eZWERz+Rx4fL8HulfMi8JguXbqH3fUNO4s0RKX1oDkYzmgWgB+tlFG
khI+iEoof0o06EXA3yVJXniHivRZuEXUbQIqipw1MYtS5QF+F20SHznnoK/TNvhD
smU90/qwiw5prP/ayGmWqB79XpMEW9HqbpRmY8ltYzBomckZZIU2Ag3aXqWrrqCg
54nKggpP0ZXKtMonUipUpaK61ltzlLW2onpBtxZuhqgxPLhlxr1CwmBg5Umzie2E
vwQjumNDeiQ4a8VStUoVTvTAbWSmIAWrXvYZXI/QBOnGj6CmAEdkJajDvDNgUWo0
mEslF49OYR3CxOkAbxNap8vu3QSyHBn8H5pIecel+jm323zIik0ouzTneqnWU5CB
Us9O7nu8C5/QxfVBGiX38ylpNp89AgMBAAGjggS9MIIEuTAUBgNVHREEDTALggl2
cG4uZ2UuY2gwDgYDVR0PAQH/BAQDAgTwMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr
BgEFBQcDAjAdBgNVHQ4EFgQUxAclhB47q2516yzY3BVHODQhevAwHwYDVR0jBBgw
FoAU5/Hn/S5TrRHlgRpXpHOPEn2YyK4wgf8GA1UdHwSB9zCB9DBHoEWgQ4ZBaHR0
cDovL2NybC5zd2lzc3NpZ24ubmV0L0U3RjFFN0ZEMkU1M0FEMTFFNTgxMUE1N0E0
NzM4RjEyN0Q5OEM4QUUwgaiggaWggaKGgZ9sZGFwOi8vZGlyZWN0b3J5LnN3aXNz
c2lnbi5uZXQvQ049RTdGMUU3RkQyRTUzQUQxMUU1ODExQTU3QTQ3MzhGMTI3RDk4
QzhBRSUyQ089U3dpc3NTaWduJTJDQz1DSD9jZXJ0aWZpY2F0ZVJldm9jYXRpb25M
aXN0P2Jhc2U/b2JqZWN0Q2xhc3M9Y1JMRGlzdHJpYnV0aW9uUG9pbnQwXwYDVR0g
BFgwVjBUBglghXQBWQECAQswRzBFBggrBgEFBQcCARY5aHR0cDovL3JlcG9zaXRv
cnkuc3dpc3NzaWduLmNvbS9Td2lzc1NpZ24tR29sZC1DUC1DUFMucGRmMIHVBggr
BgEFBQcBAQSByDCBxTBkBggrBgEFBQcwAoZYaHR0cDovL3N3aXNzc2lnbi5uZXQv
Y2dpLWJpbi9hdXRob3JpdHkvZG93bmxvYWQvRTdGMUU3RkQyRTUzQUQxMUU1ODEx
QTU3QTQ3MzhGMTI3RDk4QzhBRTBdBggrBgEFBQcwAYZRaHR0cDovL2dvbGQtc2Vy
dmVyLWcyLm9jc3Auc3dpc3NzaWduLm5ldC9FN0YxRTdGRDJFNTNBRDExRTU4MTFB
NTdBNDczOEYxMjdEOThDOEFFMIIB9QYKKwYBBAHWeQIEAgSCAeUEggHhAd8AdQBE
lGUusO7Or8RAB9io/ijA2uaCvtjLMbU/0zOWtbaBqAAAAWy4kZItAAAEAwBGMEQC
IDhG9sM4T+mob2fKLfPsn/HebXWw1DomAETaBa+gaxpJAiB6JF8ciXD8PdvrNvoi
l013e+Tw7NUTtQkGs7VC0M9iOgB2AG9Tdqwx8DEZ2JkApFEV/3cVHBHZAsEAKQaN
sgiaN9kTAAABbLiRjq8AAAQDAEcwRQIhAOUE9d4aaUIvSs5umFmiggJWwYd4iGb4
KR8WzPTunLysAiBuT/NDK/DPGwmhzU1zgFiQAP9YLvJdvZ2nIc5pu8zsjwB2ALvZ
37wfinG1k5Qjl6qSe0c4V5UKq1LoGpCWZDaOHtGFAAABbLiRjdEAAAQDAEcwRQIg
YQ7xz4OK1t1RFY8kfLVx3OVrZQ/OhZ86A/YyC7LonW4CIQCoyhePoNEYdmepR+T1
lFoq74V2KDbxHFuCH3hEswQPiQB2AO5Lvbd1zmC64UJpH6vhnmajD35fsHLYgwDE
e4l6qP3LAAABbLiRjcgAAAQDAEcwRQIhAKMJwz0qsRbkphicHaWrmho8Voyejndb
g/Wf0RXOKVTRAiASf0zxZuTMRiIH1hSlG355gZBo49+ey2voU3WH27/D0TANBgkq
hkiG9w0BAQsFAAOCAQEAm2iHLJewMNVbj8QpmGNfXBFdaJGRB3E3sgONf0xY6bB+
5ztMQ1HqXfySdF+DukR3N1DjiolkhBmp3Fj1E/oDKhHMt+D8HHDD3VVDgyJS9b5i
UOOpXD1xTzeKcL51XbeyeRHvYewMVvhgq9ZbTpKBtUjneatPy4h/tK3ZWc44pBli
H7nd2JDiNMZKdIi2gZFlxspgHVOL2Wt+ETwGeljtqQfgYFJomfogA4FEQjudrYF6
C+XM1PNlDSpFVTTPy/uFQ0hUAI5qfe3m3qaUfPoCVHVT5HJaJvCGZOgtxCf6HyCo
bnC9KYLchwh2dW0FdFxKCmEvs0aHam1pT3uicwbl6Q==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwdmHa5rRk4sauKlQ8IPD
OwLJzWPaG2sqb/p8g7aNiVKcemenutGsJRaAGATWlgJ8wXLXyCELxroJWOgLIHBy
+Frf4hIQYqjbUaeDRZ53opzX2YN35v0uA5ks61/pf0z4s8ilNtxPvf8vJnLYhesV
N93XIz0tsycLfNcTKPvv8+zBxX7jGyvNO4ckXjwwst0DPQKFYmqsa90LthPbco0q
5Aifnyv+FNDqFsMNnFabiaYLJkTB0UUAhYxCmNTjwEmJ64WNUdI1BchkRpKo7YPU
iRPjd5lYRHP5HHh8vwe6V8yLwmC5duofd9Q07izREpfWgORjOaBaAH62UUaSEj6I
Sih/SjToRcDfJUleeIeK9Fm4RdRtAiqKnDUxi1LlAX4XbRIfOeegr9M2+EOyZT3T
+rCLDmms/9rIaZaoHv1ekwRb0epulGZjyW1jMGiZyRlkhTYCDdpepauuoKDnicqC
Ck/Rlcq0yidSKlSlorrWW3OUtbaiekG3Fm6GqDE8uGXGvULCYGDlSbOJ7YS/BCO6
Y0N6JDhrxVK1ShVO9MBtZKYgBate9hlcj9AE6caPoKYAR2QlqMO8M2BRajSYSyUX
j05hHcLE6QBvE1qny+7dBLIcGfwfmkh5x6X6ObfbfMiKTSi7NOd6qdZTkIFSz07u
e7wLn9DF9UEaJffzKWk2nz0CAwEAAQ==
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 622480756296150433651577948901867214376691035532
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CH'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'SwissSign AG'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'SwissSign Server Gold CA 2014 - G22'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-08-22 09:04:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2021-08-22 09:04:00 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CH'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Geneve'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Geneve'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Republique et Canton de Geneve'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'OCSIN'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'vpn.ge.ch'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 790837870893526232268058586144222351515139439024363755243685773171425621902676169305090223583345344910034981944667680720718132256066460002022159621090834307356339390222926915755211987201731156281861889322580720664982766974714449620752421524976599170929248085229066647415271096034630888289971330191126630615485927802982288816284348427347153552675404243232944117233287336894022964133652274093721059853179497563506612227839557359733390827845717932799462128077645723371401875697905773081411236711766259165023739339812018275993620971516381168878991057171628333184529758170783552412778541949811854991967061510056890726624243092902558529136840237981943009183151612504510460077703514907565434477453282230898326048807407396492585412061908775946800350762645375255496267159843041486716366569973182841456023819322443635330854350743292464981703978004314047525780279316437553723156985376782975525949672340885911432844236514796460717721402774663853067095455064786817972023238719834982288313118352335748965450642605735114437690429866307390806884419751002998323179033214496895304481443002979035551450304129098160060814634683695136640275022799967475813242894676589513105755139258447935108972308356342620915859425781799345447063068374425581479349624637
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (13 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'vpn.ge.ch'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4 bits)
							04f0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							c40725841e3bab6e75eb2cd8dc15473834217af0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName e7f1e7fd2e53ad11e5811a57a4738f127d98c8ae
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (247 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.swisssign.net/E7F1E7FD2E53AD11E5811A57A4738F127D98C8AE'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'ldap://directory.swisssign.net/CN=E7F1E7FD2E53AD11E5811A57A4738F127D98C8AE%2CO=SwissSign%2CC=CH?certificateRevocationList?base?objectClass=cRLDistributionPoint'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (88 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.756.1.89.1.2.1.11
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://repository.swisssign.com/SwissSign-Gold-CP-CPS.pdf'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (200 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://swisssign.net/cgi-bin/authority/download/E7F1E7FD2E53AD11E5811A57A4738F127D98C8AE'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://gold-server-g2.ocsp.swisssign.net/E7F1E7FD2E53AD11E5811A57A4738F127D98C8AE'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (485 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (481 bytes)
							01df0075004494652eb0eeceafc44007d8a8fe28c0dae682bed8cb31b53fd33396b5b681a80000016cb891922d000004030046304402203846f6c3384fe9a86f67ca2df3ec9ff1de6d75b0d43a260044da05afa06b1a4902207a245f1c8970fc3ddbeb36fa22974d777be4f0ecd513b50906b3b542d0cf623a0076006f5376ac31f03119d89900a45115ff77151c11d902c10029068db2089a37d9130000016cb8918eaf0000040300473045022100e504f5de1a69422f4ace6e9859a2820256c187788866f8291f16ccf4ee9cbcac02206e4ff3432bf0cf1b09a1cd4d7380589000ff582ef25dbd9da721ce69bbccec8f007600bbd9dfbc1f8a71b593942397aa927b473857950aab52e81a909664368e1ed1850000016cb8918dd100000403004730450220610ef1cf838ad6dd51158f247cb571dce56b650fce859f3a03f6320bb2e89d6e022100a8ca178fa0d1187667a947e4f5945a2aef85762836f11c5b821f7844b3040f89007600ee4bbdb775ce60bae142691fabe19e66a30f7e5fb072d88300c47b897aa8fdcb0000016cb8918dc80000040300473045022100a309c33d2ab116e4a6189c1da5ab9a1a3c568c9e8e775b83f59fd115ce2954d10220127f4cf166e4cc462207d614a51b7e79819068e3df9ecb6be8537587dbbfc3d1
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		009b68872c97b030d55b8fc42998635f5c115d689191077137b2038d7f4c58e9b07ee73b4c4351ea5dfc92745f83ba44773750e38a89648419a9dc58f513fa032a11ccb7e0fc1c70c3dd5543832252f5be6250e3a95c3d714f378a70be755db7b27911ef61ec0c56f860abd65b4e9281b548e779ab4fcb887fb4add959ce38a419621fb9ddd890e234c64a7488b6819165c6ca601d538bd96b7e113c067a58eda907e060526899fa20038144423b9dad817a0be5ccd4f3650d2a455534cfcbfb85434854008e6a7dede6dea6947cfa02547553e4725a26f08664e82dc427fa1f20a86e70bd2982dc870876756d05745c4a0a612fb346876a6d694f7ba27306e5e9