diffie.med.cornell.edu

- Weill Cornell Medical College -

Issued by InCommon RSA Server CA

About this certificate

This digital certificate with serial number ff:51:27:0c:a5:75:d3:ee:7d:46:33:2a:22:35:d2:76 was issued on by Internet2.

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Weill Cornell Medical College

Organization: Weill Cornell Medical College
Organization unit: Information Technologies and Services
State / Province: New York
Country: US

Internet2

Organization: Internet2
Organization unit: InCommon
State / Province: MI
Locality: Ann Arbor
Country: US

This certificate will expire on

Certificate Details

Serial Number (hex): ff:51:27:0c:a5:75:d3:ee:7d:46:33:2a:22:35:d2:76
Serial Number (int): 339374506986614832974797137389691458166
Serial Number lenght: 128 bits, 16 octets

SubjectKeyId: 49:69:48:14:da:89:d8:c6:b2:2b:fb:2b:cf:4c:b1:cb:88:24:84:94
AuthorityKeyId: 1e:05:a3:77:8f:6c:96:e2:5b:87:4b:a6:b4:86:ac:71:00:0c:e7:38

Fingerprint (sha1): a0:87:49:18:12:4c:a1:98:56:c5:9b:0d:09:52:26:2f:96:12:41:85
Fingerprint (sha256): 33:82:c1:28:e8:f5:4b:d8:b4:10:ef:66:78:ac:8d:27:5f:81:07:e6:24:e2:d1:4e:b2:0b:e5:e4:c1:16:c3:c7

Issuing Certificate URL: http://crt.usertrust.com/InCommonRSAServerCA_2.crt

Revocation information

OCSP Server: http://ocsp.usertrust.com
CRL Distribution Point: http://crl.incommon-rsa.org/InCommonRSAServerCA.crl

Check the revocation status for certificate diffie.med.cornell.edu

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for diffie.med.cornell.edu

Public Key Algorithm

RSA

Key Size

4096

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

diffie.med.cornell.edu
diffie.weill.cornell.edu

Other certificates including the domain name cornell.edu

(limited to 100 certificates)
usda-int.library.cornell.edu
island.cnf.cornell.edu
dbme.dyson.cornell.edu
www.llmoverview.law.cornell.edu
dfbs.cornell.edu
engr-cms-multi-ssl.cit.cornell.edu
staticweb.ssit.scl.cornell.edu
atstaticapps.cit.cornell.edu
newstudents.cornell.edu
www.nys4h.cce.cornell.edu
5769623379116032-fe2.pantheonsite.io
carpepm.almonds.com
5693048138760192-fe2.pantheonsite.io
*.givegab.com
dns-vetting1c.map.fastly.net
5686812383117312-fe3.pantheonsite.io
scholarship.sha.cornell.edu
vertere.ehs.cornell.edu
llmoverview.law.cornell.edu
5764748591235072-fe2.pantheonsite.io
5747286126624768-fe3.pantheonsite.io
manage.esign.cornell.edu
fs-lb-1.fs.cornell.edu
www.pryde.bctr.cornell.edu
cluster3.technolutions.net
lingual.phonetics.cornell.edu
apl.cs.cornell.edu
annualreport.cals.cornell.edu
crane.chem.cornell.edu
resumebook.acsu.cornell.edu
scabusa.ag.cornell.edu
5727217287954432-fe1.pantheonsite.io
ucdc.edu
cluster3.technolutions.net
classcouncil.cornell.edu
5693048138760192-fe2.pantheonsite.io
5202656289095680-fe4.pantheonsite.io
kanbur.aem.cornell.edu
cals.cornell.edu
5691420614590464-fe3.pantheonsite.io
aws-110-042.internal.library.cornell.edu
5709068098338816-fe3.pantheonsite.io
5636647567753216-fe1.pantheonsite.io
hdil.human.cornell.edu
nartc.fcm.arizona.edu
sf-lib-lms-018.serverfarm.cornell.edu
legacy.ece.cornell.edu
verne.soc.cornell.edu
blog.johnson.cornell.edu
5730774057746432-fe4.pantheonsite.io
5654672874405888-fe3.pantheonsite.io
avedon.med.cornell.edu
5763210187636736-fe2.pantheonsite.io
s001.med.cornell.edu
puppet.coecis.cornell.edu
5707324073181184-fe2.pantheonsite.io
5700866052980736-fe2.pantheonsite.io
bearinmind.eclipsco.org
gunalert02.ornith.cornell.edu
d2.shared.global.fastly.net
tier.dyson.cornell.edu
newfit.cit.cornell.edu
5658962204557312-fe4.pantheonsite.io
5736907271045120-fe1.pantheonsite.io
newsletter.research.cornell.edu
5686536431468544-fe1.pantheonsite.io
5763210187636736-fe2.pantheonsite.io
5659822271758336-fe3.pantheonsite.io
5654961308303360-fe2.pantheonsite.io
charon.ece.cornell.edu
www.cmm.cornell.edu
delib-cal.qatar-weill.cornell.edu
urmc.cs.cornell.edu
calscomlabs-multi-ssl.cit.cornell.edu
webeditor.dyson.cornell.edu
5769623379116032-fe2.pantheonsite.io
dns-vetting1g.map.fastly.net
5736907271045120-fe1.pantheonsite.io
5740240702537728-fe2.pantheonsite.io
hotelie.sha.cornell.edu
courses1.cit.cornell.edu
5637369860456448-fe1.pantheonsite.io
www.systems.cs.cornell.edu
forms-dev.serverfarm.cornell.edu
werdle.via.cornell.edu
www.mehta.human.cornell.edu
frenchstudies.cornell.edu
5709068098338816-fe3.pantheonsite.io
5731346630574080-fe3.pantheonsite.io
5728757302165504-fe2.pantheonsite.io
classcouncil.cornell.edu
5747286126624768-fe3.pantheonsite.io
cuems.cornell.edu
fh-remote2.human.cornell.edu
5642779036221440-fe2.pantheonsite.io
5751399832879104-fe1.pantheonsite.io
5673309542809600-fe1.pantheonsite.io
poctin.cornell.edu
classcouncil.cornell.edu
*.givegab.com

Certificate

The complete raw certificate details for diffie.med.cornell.edu in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIGljCCBX6gAwIBAgIRAP9RJwylddPufUYzKiI10nYwDQYJKoZIhvcNAQELBQAw
djELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk1JMRIwEAYDVQQHEwlBbm4gQXJib3Ix
EjAQBgNVBAoTCUludGVybmV0MjERMA8GA1UECxMISW5Db21tb24xHzAdBgNVBAMT
FkluQ29tbW9uIFJTQSBTZXJ2ZXIgQ0EwHhcNMjExMjAzMDAwMDAwWhcNMjMwMTAz
MjM1OTU5WjCBmTELMAkGA1UEBhMCVVMxETAPBgNVBAgTCE5ldyBZb3JrMSYwJAYD
VQQKEx1XZWlsbCBDb3JuZWxsIE1lZGljYWwgQ29sbGVnZTEuMCwGA1UECxMlSW5m
b3JtYXRpb24gVGVjaG5vbG9naWVzIGFuZCBTZXJ2aWNlczEfMB0GA1UEAxMWZGlm
ZmllLm1lZC5jb3JuZWxsLmVkdTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
ggIBAPKY0LpWk344Inj95jT25x5Roc357TqMnhoksc4DON8Y1HGsqEK4CHR9OtRT
K71sAx1v7TXfsGSDqJxiNXwqlWbck1aSr4Aghl5S9jzpB57KhHu3izZhHI8FOcWW
TZ9Q0UqjuAdoY/bwc8bUdxWyGrMQLZuUyJ/DyLY5DWq8cN6pnub87YEkfsntkGSP
KvJ8o9j8q4uPkj3zbDpcr/wQ92j55snmG7wdd7xjJtyYxPDGshxj6Ml9hOxZu88o
N8+bnmGb7K/+xd/ZwAsA/nT8lqdU9JPfdiFIKin4UG7d81lQ5sPdE/cN/Zew1Zun
EZJpLpgDyw92//rGDMGzgZiOh/1FtN/XPaLiPSxuUBqcnWyNndKa8eRruA06xgFg
HKOkvJvG/5oSofNSboiz3IFh1TOjAo3/CaJTid2Jo6cVuAu8wNM1VgRCBebmtLQD
wFXBOiguzCID0KBSGCKJh/szQewCjMgwtlPHUR7sYz5ftOv1MuZbOSmGzhE5eceq
kM5lVCFsubIN0NRhScmRfgx4swp6H/8IpHhvrn5WJ0kUMZ51adBSXEfELBInVdZP
shfkIe9WCXWSfdM2kNTAdsOByWJaVWd0mXgbXblHT9aWbY+CRhaiBn5KCbvemmzi
GFRuWz6Ecrx5G3S6kLKgfSiyWDJyW576TrNEHurMj5i9pNiHAgMBAAGjggH5MIIB
9TAfBgNVHSMEGDAWgBQeBaN3j2yW4luHS6a0hqxxAAznODAdBgNVHQ4EFgQUSWlI
FNqJ2MayK/srz0yxy4gkhJQwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAw
HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMGcGA1UdIARgMF4wUgYMKwYB
BAGuIwEEAwEBMEIwQAYIKwYBBQUHAgEWNGh0dHBzOi8vd3d3LmluY29tbW9uLm9y
Zy9jZXJ0L3JlcG9zaXRvcnkvY3BzX3NzbC5wZGYwCAYGZ4EMAQICMEQGA1UdHwQ9
MDswOaA3oDWGM2h0dHA6Ly9jcmwuaW5jb21tb24tcnNhLm9yZy9JbkNvbW1vblJT
QVNlcnZlckNBLmNybDB1BggrBgEFBQcBAQRpMGcwPgYIKwYBBQUHMAKGMmh0dHA6
Ly9jcnQudXNlcnRydXN0LmNvbS9JbkNvbW1vblJTQVNlcnZlckNBXzIuY3J0MCUG
CCsGAQUFBzABhhlodHRwOi8vb2NzcC51c2VydHJ1c3QuY29tMBMGCisGAQQB1nkC
BAMBAf8EAgUAMDsGA1UdEQQ0MDKCFmRpZmZpZS5tZWQuY29ybmVsbC5lZHWCGGRp
ZmZpZS53ZWlsbC5jb3JuZWxsLmVkdTANBgkqhkiG9w0BAQsFAAOCAQEAAfIkSiqA
OvyYzMGm2B2Z0QZawKU+B419Oi7nZTFHEGBeIGhdtpnTVBpePSL4PRgoTs8mgw0t
eITYvZHp9ayNjwAUeztbvzwMsj+yWduRmLSKXvwNz7q0BkYJ8L/IJolBchpz0MHl
Hv1b+uJd483zim+96eGbW8xr3wSJ68MuhrYSA3VhN8QVzjBiazChRqM3EZIGpSYw
BjKcdQkC3LguOR4eg1F8UoNdJvvTUxI/XIBigHwRw2t36Wqof+iFZGdwNFOsS7ZB
yel2nXVMp08BRkq7JbJg0AYu8jPfeT8jPRJmOOnNuc/cjvsqNv+Fh9RRRT9bCYeW
0jhPqLEStLMS7g==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA8pjQulaTfjgieP3mNPbn
HlGhzfntOoyeGiSxzgM43xjUcayoQrgIdH061FMrvWwDHW/tNd+wZIOonGI1fCqV
ZtyTVpKvgCCGXlL2POkHnsqEe7eLNmEcjwU5xZZNn1DRSqO4B2hj9vBzxtR3FbIa
sxAtm5TIn8PItjkNarxw3qme5vztgSR+ye2QZI8q8nyj2Pyri4+SPfNsOlyv/BD3
aPnmyeYbvB13vGMm3JjE8MayHGPoyX2E7Fm7zyg3z5ueYZvsr/7F39nACwD+dPyW
p1T0k992IUgqKfhQbt3zWVDmw90T9w39l7DVm6cRkmkumAPLD3b/+sYMwbOBmI6H
/UW039c9ouI9LG5QGpydbI2d0prx5Gu4DTrGAWAco6S8m8b/mhKh81JuiLPcgWHV
M6MCjf8JolOJ3YmjpxW4C7zA0zVWBEIF5ua0tAPAVcE6KC7MIgPQoFIYIomH+zNB
7AKMyDC2U8dRHuxjPl+06/Uy5ls5KYbOETl5x6qQzmVUIWy5sg3Q1GFJyZF+DHiz
Cnof/wikeG+uflYnSRQxnnVp0FJcR8QsEidV1k+yF+Qh71YJdZJ90zaQ1MB2w4HJ
YlpVZ3SZeBtduUdP1pZtj4JGFqIGfkoJu96abOIYVG5bPoRyvHkbdLqQsqB9KLJY
MnJbnvpOs0Qe6syPmL2k2IcCAwEAAQ==
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 339374506986614832974797137389691458166
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'MI'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Ann Arbor'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Internet2'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'InCommon'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'InCommon RSA Server CA'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2021-12-03 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-01-03 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'New York'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Weill Cornell Medical College'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Information Technologies and Services'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'diffie.med.cornell.edu'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 989709146526403300778628162384675175460958880488000500022751145626377965585785321668876731414068689069074292579860762468374789484544371864222340465497487518050971786816119656816883397180739101645102689906752305701477999774365610230216970263936797484348308592927412508461844602099234802283262908384233011572173693404291313447480280138698961431697864965425778223574642044451736805698501868257645636944952297947522885232123102890994860846409923063504457779453411220681726799315585298714239941154687156021581737788847013974105047389051114440209254633887252311789578107848772951458599437577105620613150875072546267512029478681996444901523968024235940908069291065193993733862294554081298145434475100159422143488681409695124799613377031663964342391101754260361937983360456692991466196842939496239648179036809637429994858651253407838826507778461497755048138758648552597819425226432597772040468361740748588185385421420519466997306110311364210390217596710686032876665224849814331667007872377494142539033922433082361699452300334074555956224003074841792445242779438674519165127675983440788487461177700978008592003647587506820042809479557675662780290415853463903314858201286078156233590876377732072890815781626694620257065918753172625607358732423
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 1e05a3778f6c96e25b874ba6b486ac71000ce738
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							49694814da89d8c6b22bfb2bcf4cb1cb88248494
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (96 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.5923.1.4.3.1.1
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.incommon.org/cert/repository/cps_ssl.pdf'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (61 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.incommon-rsa.org/InCommonRSAServerCA.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (105 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.usertrust.com/InCommonRSAServerCA_2.crt'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.usertrust.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (52 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'diffie.med.cornell.edu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'diffie.weill.cornell.edu'
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		0001f2244a2a803afc98ccc1a6d81d99d1065ac0a53e078d7d3a2ee765314710605e20685db699d3541a5e3d22f83d18284ecf26830d2d7884d8bd91e9f5ac8d8f00147b3b5bbf3c0cb23fb259db9198b48a5efc0dcfbab4064609f0bfc8268941721a73d0c1e51efd5bfae25de3cdf38a6fbde9e19b5bcc6bdf0489ebc32e86b61203756137c415ce30626b30a146a337119206a5263006329c750902dcb82e391e1e83517c52835d26fbd353123f5c8062807c11c36b77e96aa87fe8856467703453ac4bb641c9e9769d754ca74f01464abb25b260d0062ef233df793f233d126638e9cdb9cfdc8efb2a36ff8587d451453f5b098796d2384fa8b112b4b312ee