cuacuser000.ad.etat-ge.ch

- Republique et Canton de Geneve -

Issued by SwissSign Server Gold CA 2014 - G22

About this certificate

This digital certificate with serial number 73:84:78:97:70:3d:c0:9e:20:a9:01:b0:14:93:c7:f1:68:eb:39:49 was issued on by SwissSign AG.

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • KeyUsage [ContentCommitment DataEncipherment DigitalSignature KeyEncipherment] (00001111) inconsistent with multiple purpose ExtKeyUsage [clientAuth serverAuth] The certificate MUST only be used for a purpose consistent with both key usage extension and extended key usage extension. (RFC 5280, Section 4.2.1.12.)
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Republique et Canton de Geneve

Organization: Republique et Canton de Geneve
Organization unit: OCSIN
State / Province: GE
Locality: Geneve
Country: CH

SwissSign AG

Organization: SwissSign AG
Country: CH

This certificate has expire since

Certificate Details

Serial Number (hex): 73:84:78:97:70:3d:c0:9e:20:a9:01:b0:14:93:c7:f1:68:eb:39:49
Serial Number (int): 659488142017090976219882455969590964165221759305
Serial Number lenght: 159 bits, 20 octets

SubjectKeyId: 86:40:3b:f9:05:c8:db:f8:be:26:c8:98:06:ee:75:ac:aa:d8:73:fa
AuthorityKeyId: e7:f1:e7:fd:2e:53:ad:11:e5:81:1a:57:a4:73:8f:12:7d:98:c8:ae

Fingerprint (sha1): 12:ad:6a:4c:e4:08:b0:96:fa:e6:f2:62:98:b3:f7:c5:f3:f8:f8:fa
Fingerprint (sha256): 2f:b2:e6:9a:8a:47:34:05:f7:5d:03:4e:68:f2:56:da:46:e3:31:1c:a8:44:4d:4f:f0:a5:0a:04:5e:ec:f4:b2

Issuing Certificate URL: http://swisssign.net/cgi-bin/authority/download/E7F1E7FD2E53AD11E5811A57A4738F127D98C8AE

Revocation information

OCSP Server: http://gold-server-g2.ocsp.swisssign.net/E7F1E7FD2E53AD11E5811A57A4738F127D98C8AE
CRL Distribution Point: http://crl.swisssign.net/E7F1E7FD2E53AD11E5811A57A4738F127D98C8AE
CRL Distribution Point: ldap://directory.swisssign.net/CN=E7F1E7FD2E53AD11E5811A57A4738F127D98C8AE%2CO=SwissSign%2CC=CH?certificateRevocationList?base?objectClass=cRLDistributionPoint

Check the revocation status for certificate cuacuser000.ad.etat-ge.ch

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for cuacuser000.ad.etat-ge.ch

Public Key Algorithm

RSA

Key Size

4096

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Content Commitment
Key Encipherment
Data Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

cuacuser000.ad.etat-ge.ch
cuacuser001.ad.etat-ge.ch

Other certificates including the domain name etat-ge.ch

(limited to 100 certificates)
impuserlabo000-ms.ceti.etat-ge.ch
api.soca.lbdev.etat-ge.ch
vcscgv2-1.ceti.etat-ge.ch
uccxuser000-ms.ceti.etat-ge.ch
cucmuser000-ms.ceti.etat-ge.ch
vcscnhp-1.ceti.etat-ge.ch
*.devops.etat-ge.ch
jabbergsrv001.ceti.etat-ge.ch
pexip.ge.ch
vcsclabo-2.ceti.etat-ge.ch
jabberguest.ge.ch
vcselabo-1.ge.ch
impuser000-ms.ceti.etat-ge.ch
prod.etat-ge.ch
pccecuic000.ceti.etat-ge.ch
cucmuserlabo000-ms.ceti.etat-ge.ch
vcsenhp-1.ge.ch
jabberguest.ge.ch
pjdeploy01.ceti.etat-ge.ch
vcselabo-2.ge.ch
uccxuserlabo000-ms.ceti.etat-ge.ch
jabbergexpe002.ge.ch
vcscnhp-1.ceti.etat-ge.ch
pccefin001.ceti.etat-ge.ch
uccxuserlabo000-ms.ceti.etat-ge.ch
cucmsme000-ms.ceti.etat-ge.ch
cucuserlabo000-ms.ceti.etat-ge.ch
vcselabo-2.ge.ch
cucmlabo000.ceti.etat-ge.ch
annuaire.ge.ch
uccxuserlabo000-ms.ceti.etat-ge.ch
cucmuserlabo000-ms.ceti.etat-ge.ch
cucmuser000-ms.ceti.etat-ge.ch
vcsclabo-2.ceti.etat-ge.ch
videogw.ge.ch
cucmsme000-ms.ceti.etat-ge.ch
*.apps.soca.lbprod.etat-ge.ch
cucuserlabo000-ms.ceti.etat-ge.ch
pccefinlab000-ms.ceti.etat-ge.ch
jabbergsrv003.ceti.etat-ge.ch
vcselabo-1.ge.ch
cuacuser000.ad.etat-ge.ch
jabbergsrv003.ceti.etat-ge.ch
ldapedu.ge.ch
cuacuser000.ad.etat-ge.ch
participer-rec.ge.ch
ldapedu.ge.ch
participer-rec.ge.ch
ldapedu-rectech.ceti.etat-ge.ch
vcsegv2-1.ge.ch
vcselabo-2.ge.ch
pccecuiclab000.ceti.etat-ge.ch
vcselabo-1.ge.ch
impuser000-ms.ceti.etat-ge.ch
vcsclabo-1.ceti.etat-ge.ch
ldapedu.ge.ch
*.devops.etat-ge.ch
pexipadm000.ceti.etat-ge.ch
jabbergsrv001.ceti.etat-ge.ch
jabbergsrv002.ceti.etat-ge.ch
vcselabo-2.ge.ch
vcselabo-2.ge.ch
cucmlabo000.ceti.etat-ge.ch
cuacuserlab000.ad.etat-ge.ch
pccefinlab001.ceti.etat-ge.ch
cucuserlabo000-ms.ceti.etat-ge.ch
appconpol11.ceti.etat-ge.ch
vcselabo-1.ge.ch
pccefin000-ms.ceti.etat-ge.ch
*.apps.soca.lbdev.etat-ge.ch
pccefinlab000.ceti.etat-ge.ch
videogwlabo.ge.ch
jabbergexpc002.ceti.etat-ge.ch
jabbergexpc002.ceti.etat-ge.ch
contacts.ge.ch
cuacuserlab000.ad.etat-ge.ch
vcsegv2-1.ge.ch
jabbergexpc001.ceti.etat-ge.ch
cfircf5.dev.etat-ge.ch
mitest.b2b.ge.ch
pccecuiclab000-ms.ceti.etat-ge.ch
cucmuserlabo000-ms.ceti.etat-ge.ch
vcselabo-2.ge.ch
oos.ge.ch
ldapedu.ge.ch
impuserlabo000-ms.ceti.etat-ge.ch
cucuser000-ms.ceti.etat-ge.ch
videogwlabo.ge.ch
jabbergsrv003.ceti.etat-ge.ch
jabbergexpe001.ge.ch
vcscgv2-1.ceti.etat-ge.ch
cucmsme000-ms.ceti.etat-ge.ch
cari.rec.etat-ge.ch
t-racine.t-admin2.t-ad.etat-ge.ch
*.devops.etat-ge.ch
vcselabo-2.ge.ch
jabbergsrv002.ceti.etat-ge.ch
vcsegv2-1.ge.ch
videogwlabo.ge.ch
jabberguest.ge.ch

Certificate

The complete raw certificate details for cuacuser000.ad.etat-ge.ch in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIHbzCCBlegAwIBAgIUc4R4l3A9wJ4gqQGwFJPH8WjrOUkwDQYJKoZIhvcNAQEL
BQAwUjELMAkGA1UEBhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEsMCoGA1UE
AxMjU3dpc3NTaWduIFNlcnZlciBHb2xkIENBIDIwMTQgLSBHMjIwHhcNMTkwODIy
MTQwNzU5WhcNMjEwODIyMTQwNzU5WjCBiDELMAkGA1UEBhMCQ0gxCzAJBgNVBAgT
AkdFMQ8wDQYDVQQHEwZHZW5ldmUxJzAlBgNVBAoTHlJlcHVibGlxdWUgZXQgQ2Fu
dG9uIGRlIEdlbmV2ZTEOMAwGA1UECxMFT0NTSU4xIjAgBgNVBAMTGWN1YWN1c2Vy
MDAwLmFkLmV0YXQtZ2UuY2gwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC
AQCnfiwssqhKhb29kCZwdrVSX84ws9oxzV3IfAj4+hlmYJA23VrkYW8BEfEd2p6Z
LaRaZvgF2+V3ujfvHNmpzaLuEHTRHjsytJcWHp/OR5SuiRZk39aumrXCRF/VyiHk
XSVwOT7YWS3OMijXQpmNc0WCFizvWGylpQrKhKXBcCNN6OlfMirrJ10wlLG8np43
cHfruKTS6t2dlSy4gKvA4q3diobJs7BB6LmN+51PMk0VrflphN+ce7lC+WkSXsKa
Hlh/TEWB7qMPc+SG4jjafN3Yy/2v9ZvqcAEsap1GeaLlUCrtAwwsRnTnB8NhYhjI
kqrfMifzGyqgNyGKR7Nv7iCBy/sjNt9puA5WuqwsWYk+kHXEYqN4BEHd6ciafxPk
Nbd4B/IFPC+G8FIzFA53eK8ghP6/ieAL/18z/SVrr1AK09O++FNKF0Iwd770TYBB
CUe7LinFl/Ca+5taCNyzJBR9q6sTfDZELdEu7mlaYrNmo+mopH44CbarSqcmkDnE
NP8a14v/pkOBqxKtaNCTilibPHNsD6M4Qad8yt9EPIUMbdMWC7Ntt+XkylOsz/ck
yx2LO5xnct/89h9GdvJ4JWV19xbZESIm+2qkh2aryrl1Xp/vMTlDQKmWYNeda/Sm
NyKvJj/gusafUYk3swJX6Kr3FuYlYbp2DbnST28HnpN3WQIDAQABo4IDBDCCAwAw
PwYDVR0RBDgwNoIZY3VhY3VzZXIwMDAuYWQuZXRhdC1nZS5jaIIZY3VhY3VzZXIw
MDEuYWQuZXRhdC1nZS5jaDAOBgNVHQ8BAf8EBAMCBPAwHQYDVR0lBBYwFAYIKwYB
BQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBSGQDv5Bcjb+L4myJgG7nWsqthz+jAf
BgNVHSMEGDAWgBTn8ef9LlOtEeWBGlekc48SfZjIrjCB/wYDVR0fBIH3MIH0MEeg
RaBDhkFodHRwOi8vY3JsLnN3aXNzc2lnbi5uZXQvRTdGMUU3RkQyRTUzQUQxMUU1
ODExQTU3QTQ3MzhGMTI3RDk4QzhBRTCBqKCBpaCBooaBn2xkYXA6Ly9kaXJlY3Rv
cnkuc3dpc3NzaWduLm5ldC9DTj1FN0YxRTdGRDJFNTNBRDExRTU4MTFBNTdBNDcz
OEYxMjdEOThDOEFFJTJDTz1Td2lzc1NpZ24lMkNDPUNIP2NlcnRpZmljYXRlUmV2
b2NhdGlvbkxpc3Q/YmFzZT9vYmplY3RDbGFzcz1jUkxEaXN0cmlidXRpb25Qb2lu
dDBfBgNVHSAEWDBWMFQGCWCFdAFZAQIBCzBHMEUGCCsGAQUFBwIBFjlodHRwOi8v
cmVwb3NpdG9yeS5zd2lzc3NpZ24uY29tL1N3aXNzU2lnbi1Hb2xkLUNQLUNQUy5w
ZGYwgdUGCCsGAQUFBwEBBIHIMIHFMGQGCCsGAQUFBzAChlhodHRwOi8vc3dpc3Nz
aWduLm5ldC9jZ2ktYmluL2F1dGhvcml0eS9kb3dubG9hZC9FN0YxRTdGRDJFNTNB
RDExRTU4MTFBNTdBNDczOEYxMjdEOThDOEFFMF0GCCsGAQUFBzABhlFodHRwOi8v
Z29sZC1zZXJ2ZXItZzIub2NzcC5zd2lzc3NpZ24ubmV0L0U3RjFFN0ZEMkU1M0FE
MTFFNTgxMUE1N0E0NzM4RjEyN0Q5OEM4QUUwEwYKKwYBBAHWeQIEAwEB/wQCBQAw
DQYJKoZIhvcNAQELBQADggEBAADUsVZdNMzO/Cx7lz28YcTDIjFT/+smJAWxhHLB
z12HOAoVng5ZvmOMfGd9YoCoW2898Fvxddy99SaiIjfI3NZoavKUSbZiojXsPWe1
BW9/oXF4DLJ7r1WbIHdWteNIkCEEd38OPXsU6gVTqaUMYwPTK65DJJzvpsoun8Ny
G/ndPGM7HlnF2U8zTaXhVc74mlYiRCDc7gti5QAbtvUpbmFl2QqIylfPntSomC44
bHM6sxMDlZ9D1i/nC4LdSFi1/njjTN+msV4tDak4WVWvU2iC85/E3xIIsC4vaOje
aChf8NHG7DVMthYLTZkqyTveAEeIEF7xu4X/yhgnRBXAcrw=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAp34sLLKoSoW9vZAmcHa1
Ul/OMLPaMc1dyHwI+PoZZmCQNt1a5GFvARHxHdqemS2kWmb4Bdvld7o37xzZqc2i
7hB00R47MrSXFh6fzkeUrokWZN/Wrpq1wkRf1coh5F0lcDk+2FktzjIo10KZjXNF
ghYs71hspaUKyoSlwXAjTejpXzIq6yddMJSxvJ6eN3B367ik0urdnZUsuICrwOKt
3YqGybOwQei5jfudTzJNFa35aYTfnHu5QvlpEl7Cmh5Yf0xFge6jD3PkhuI42nzd
2Mv9r/Wb6nABLGqdRnmi5VAq7QMMLEZ05wfDYWIYyJKq3zIn8xsqoDchikezb+4g
gcv7IzbfabgOVrqsLFmJPpB1xGKjeARB3enImn8T5DW3eAfyBTwvhvBSMxQOd3iv
IIT+v4ngC/9fM/0la69QCtPTvvhTShdCMHe+9E2AQQlHuy4pxZfwmvubWgjcsyQU
faurE3w2RC3RLu5pWmKzZqPpqKR+OAm2q0qnJpA5xDT/GteL/6ZDgasSrWjQk4pY
mzxzbA+jOEGnfMrfRDyFDG3TFguzbbfl5MpTrM/3JMsdizucZ3Lf/PYfRnbyeCVl
dfcW2REiJvtqpIdmq8q5dV6f7zE5Q0CplmDXnWv0pjciryY/4LrGn1GJN7MCV+iq
9xbmJWG6dg250k9vB56Td1kCAwEAAQ==
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 659488142017090976219882455969590964165221759305
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CH'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'SwissSign AG'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'SwissSign Server Gold CA 2014 - G22'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-08-22 14:07:59 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2021-08-22 14:07:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CH'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GE'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Geneve'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Republique et Canton de Geneve'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'OCSIN'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'cuacuser000.ad.etat-ge.ch'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 683311259061927324263292256262520439956737044444119901814012569659226233643959488341659796287888222521317497978706495727329710786212474770955633599999398179476393744017473600888443543453199218718370444486004702544610925930490405577765778584652381668116838624740972533547927256220648000889882984851163544023361032198081616582746144793203434552925388128544456776590846202897925863247982217143992141013316933679157338017539257748949764207957349868808963274532334214585667358661104282244039404143908927766005324116055547714686158018226025458820878954347967250024398380174561555105867150562346277775943463619143741021644868396630764863186728109405757218361658535979846845113721543167436654618592132489771129854081174585370148369769236781505550341521653638557972367830327147811651003837378956087442611715380477640629913572940462447579567491930341547480626842192017499808784919911375565609774155366026505278900898906856778807061152665970170686353225177419614581989042646956598117307636858011738859782579506259006580817676611109403322690857592495781096134860473452282254699535594917158446218468718582946750676666885561558640378750834837388603692666127328848922510860873146374695922777439126480400106255097815808120996050166759144679932131161
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (56 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cuacuser000.ad.etat-ge.ch'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cuacuser001.ad.etat-ge.ch'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4 bits)
							04f0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							86403bf905c8dbf8be26c89806ee75acaad873fa
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName e7f1e7fd2e53ad11e5811a57a4738f127d98c8ae
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (247 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.swisssign.net/E7F1E7FD2E53AD11E5811A57A4738F127D98C8AE'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'ldap://directory.swisssign.net/CN=E7F1E7FD2E53AD11E5811A57A4738F127D98C8AE%2CO=SwissSign%2CC=CH?certificateRevocationList?base?objectClass=cRLDistributionPoint'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (88 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.756.1.89.1.2.1.11
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://repository.swisssign.com/SwissSign-Gold-CP-CPS.pdf'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (200 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://swisssign.net/cgi-bin/authority/download/E7F1E7FD2E53AD11E5811A57A4738F127D98C8AE'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://gold-server-g2.ocsp.swisssign.net/E7F1E7FD2E53AD11E5811A57A4738F127D98C8AE'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		0000d4b1565d34cccefc2c7b973dbc61c4c3223153ffeb262405b18472c1cf5d87380a159e0e59be638c7c677d6280a85b6f3df05bf175dcbdf526a22237c8dcd6686af29449b662a235ec3d67b5056f7fa171780cb27baf559b207756b5e348902104777f0e3d7b14ea0553a9a50c6303d32bae43249cefa6ca2e9fc3721bf9dd3c633b1e59c5d94f334da5e155cef89a56224420dcee0b62e5001bb6f5296e6165d90a88ca57cf9ed4a8982e386c733ab31303959f43d62fe70b82dd4858b5fe78e34cdfa6b15e2d0da9385955af536882f39fc4df1208b02e2f68e8de68285ff0d1c6ec354cb6160b4d992ac93bde004788105ef1bb85ffca18274415c072bc