www.tiffany.com
- Tiffany and Co -
Issued by GeoTrust RSA CA 2018
About this certificate
This digital certificate with serial number 09:3b:c6:e4:62:be:ca:5e:2a:74:23:4e:68:77:26:d0 was issued on by DigiCert Inc.
With 25 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
- Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)
Tiffany and Co
Organization:
Tiffany and Co
State / Province:
New York
Locality: New York
Country: US
Locality: New York
Country: US
DigiCert Inc
Organization:
DigiCert Inc
Organization unit: www.digicert.com
Organization unit: www.digicert.com
Country:
US
This certificate will expire on
Certificate Details
Serial Number (hex): 09:3b:c6:e4:62:be:ca:5e:2a:74:23:4e:68:77:26:d0Serial Number (int): 12273431488400556492531663451534599888
Serial Number lenght: 124 bits, 16 octets
SubjectKeyId: 0b:59:e3:36:44:34:6a:7d:4c:d4:38:e3:60:d9:d7:81:07:18:37:db
AuthorityKeyId: 90:58:ff:b0:9c:75:a8:51:54:77:b1:ed:f2:a3:43:16:38:9e:6c:c5
Fingerprint (sha1): e9:43:22:f6:0a:b2:c2:65:27:4c:83:94:60:8c:f7:56:49:8e:7d:73
Fingerprint (sha256): 42:e5:40:d3:69:1a:54:19:49:d2:05:17:c4:a7:89:e1:68:25:bc:77:d0:2a:5d:7a:aa:8e:78:29:cd:31:3e:1e
Issuing Certificate URL: http://cacerts.geotrust.com/GeoTrustRSACA2018.crt
Revocation information
OCSP Server: http://status.geotrust.comCRL Distribution Point: http://cdp.geotrust.com/GeoTrustRSACA2018.crl
Check the revocation status for certificate www.tiffany.com
25
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for www.tiffany.com
Public Key Algorithm
RSA
Key Size
2048
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
10 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
www.tiffany.com
be.tiffany.com
cdn.tiffany.com
fonts.tiffany.com
fr.tiffany.ca
international.tiffany.com
nl.tiffany.com
tiffany.com
www.estore-tco.com
www.estore-tco.jp
www.salesservice.tiffany.com
www.tiffany.at
www.tiffany.cn
www.tiffany.com.au
www.tiffany.de
www.tiffany.es
www.tiffany.fr
www.tiffany.ie
www.tiffany.it
www.tiffany.kr
www.tiffanytrade.com
www.tiffanytrade.jp
www.tiffanywatches.com
www.whatmakeslovetrue.com
www.zh.tiffany.com
be.tiffany.com
cdn.tiffany.com
fonts.tiffany.com
fr.tiffany.ca
international.tiffany.com
nl.tiffany.com
tiffany.com
www.estore-tco.com
www.estore-tco.jp
www.salesservice.tiffany.com
www.tiffany.at
www.tiffany.cn
www.tiffany.com.au
www.tiffany.de
www.tiffany.es
www.tiffany.fr
www.tiffany.ie
www.tiffany.it
www.tiffany.kr
www.tiffanytrade.com
www.tiffanytrade.jp
www.tiffanywatches.com
www.whatmakeslovetrue.com
www.zh.tiffany.com
Other certificates including the domain name tiffany.com
(limited to 100 certificates)
appointments.tiffany.com
neo.tiffany.com
cara.tiffany.com
media.tiffany.com
www.tiffany.com
pa.tiffany.com
international.tiffany.com
subscribe.tiffany.com
ukukcacs02.tiffany.com
dev3.edev.tiffany.com
neo.tiffany.com
media.tiffany.com
san-002.ceros.com
qa2-aem.tiffany.com
uk.tiffany.com
qa2-aem.tiffany.com
www.tiffany.com
leapfrog-ssl-9.gcs-web.com
subscribe.tiffany.com
pkb.tiffany.com
www.tiffany.es
www.tiffany.com
neo.tiffany.com
san-002.ceros.com
www.tiffany.com
fonts.tiffany.com
appfront.tiffany.com
api.tiffany.com
www.tiffany.es
qa3-aem.tiffany.com
subscribe.tiffany.com
www.tiffany.com
sts.tiffany.com
san-002.ceros.com
media.tiffany.com
cara.tiffany.com
secure5s.scene7.com
subscribe.tiffany.com
san-002.ceros.com
mi.tiffany.com
san-002.ceros.com
san-35-s12.tlsprovisioning.exacttarget.com
san-002.ceros.com
uk.tiffany.com
neo.tiffany.com
www.pa.tiffany.com
san-35-s12.tlsprovisioning.exacttarget.com
san-002.ceros.com
sstats.be.tiffany.com
ps2b.tiffany.com
sts.tiffany.com
cybebrark.tiffany.com
san-35-s12.tlsprovisioning.exacttarget.com
san-002.ceros.com
san-002.ceros.com
tconsacsp04.tiffany.com
leapfrog-ssl-9.gcs-web.com
subscribe.tiffany.com
adobeconsole-qa.tiffany.com
qa-cara.tiffany.com
san-002.ceros.com
ps2b.tiffany.com
hk-payment.tiffany.com
mail.tiffany.com
leapfrog-ssl-9.gcs-web.com
mail.tiffany.com
ukukcacs01.tiffany.com
connect.tiffany.com
www.tiffany.com
sftp.tiffany.com
connect.tiffany.com
san-35-s12.tlsprovisioning.exacttarget.com
ukukcacs02.tiffany.com
t.tco.tiffany.com
neo.tiffany.com
media.tiffany.com
ringfinder-stage.tiffany.com
tco.tiffany.com
www.tiffany.com
www.pa.tiffany.com
qa-api.tiffany.com
sts.tiffany.com
qa1-aem.tiffany.com
test1.edev.tiffany.com
mail.tiffany.com
qa-api.tiffany.com
www.estore-tco.com
qa1-aem.tiffany.com
appfront.tiffany.com
san-002.ceros.com
san-002.ceros.com
www.estore-tco.com
sstats.tiffany.com
san-35-s12.tlsprovisioning.exacttarget.com
sftp.tiffany.com
leapfrog-ssl-9.gcs-web.com
www.tiffany.com
www.qa1.tiffany.com
enroll.tiffany.com
www.tiffany.es
neo.tiffany.com
cara.tiffany.com
media.tiffany.com
www.tiffany.com
pa.tiffany.com
international.tiffany.com
subscribe.tiffany.com
ukukcacs02.tiffany.com
dev3.edev.tiffany.com
neo.tiffany.com
media.tiffany.com
san-002.ceros.com
qa2-aem.tiffany.com
uk.tiffany.com
qa2-aem.tiffany.com
www.tiffany.com
leapfrog-ssl-9.gcs-web.com
subscribe.tiffany.com
pkb.tiffany.com
www.tiffany.es
www.tiffany.com
neo.tiffany.com
san-002.ceros.com
www.tiffany.com
fonts.tiffany.com
appfront.tiffany.com
api.tiffany.com
www.tiffany.es
qa3-aem.tiffany.com
subscribe.tiffany.com
www.tiffany.com
sts.tiffany.com
san-002.ceros.com
media.tiffany.com
cara.tiffany.com
secure5s.scene7.com
subscribe.tiffany.com
san-002.ceros.com
mi.tiffany.com
san-002.ceros.com
san-35-s12.tlsprovisioning.exacttarget.com
san-002.ceros.com
uk.tiffany.com
neo.tiffany.com
www.pa.tiffany.com
san-35-s12.tlsprovisioning.exacttarget.com
san-002.ceros.com
sstats.be.tiffany.com
ps2b.tiffany.com
sts.tiffany.com
cybebrark.tiffany.com
san-35-s12.tlsprovisioning.exacttarget.com
san-002.ceros.com
san-002.ceros.com
tconsacsp04.tiffany.com
leapfrog-ssl-9.gcs-web.com
subscribe.tiffany.com
adobeconsole-qa.tiffany.com
qa-cara.tiffany.com
san-002.ceros.com
ps2b.tiffany.com
hk-payment.tiffany.com
mail.tiffany.com
leapfrog-ssl-9.gcs-web.com
mail.tiffany.com
ukukcacs01.tiffany.com
connect.tiffany.com
www.tiffany.com
sftp.tiffany.com
connect.tiffany.com
san-35-s12.tlsprovisioning.exacttarget.com
ukukcacs02.tiffany.com
t.tco.tiffany.com
neo.tiffany.com
media.tiffany.com
ringfinder-stage.tiffany.com
tco.tiffany.com
www.tiffany.com
www.pa.tiffany.com
qa-api.tiffany.com
sts.tiffany.com
qa1-aem.tiffany.com
test1.edev.tiffany.com
mail.tiffany.com
qa-api.tiffany.com
www.estore-tco.com
qa1-aem.tiffany.com
appfront.tiffany.com
san-002.ceros.com
san-002.ceros.com
www.estore-tco.com
sstats.tiffany.com
san-35-s12.tlsprovisioning.exacttarget.com
sftp.tiffany.com
leapfrog-ssl-9.gcs-web.com
www.tiffany.com
www.qa1.tiffany.com
enroll.tiffany.com
www.tiffany.es
Certificate
The complete raw certificate details for www.tiffany.com in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIIMzCCBxugAwIBAgIQCTvG5GK+yl4qdCNOaHcm0DANBgkqhkiG9w0BAQsFADBe MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 d3cuZGlnaWNlcnQuY29tMR0wGwYDVQQDExRHZW9UcnVzdCBSU0EgQ0EgMjAxODAe Fw0yMzEwMTIwMDAwMDBaFw0yNDEwMTEyMzU5NTlaMGYxCzAJBgNVBAYTAlVTMREw DwYDVQQIEwhOZXcgWW9yazERMA8GA1UEBxMITmV3IFlvcmsxFzAVBgNVBAoTDlRp ZmZhbnkgYW5kIENvMRgwFgYDVQQDEw93d3cudGlmZmFueS5jb20wggEiMA0GCSqG SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCi2KHZWI4dXzODV2qYPl9NZjpgURQL0knI 82gWcWoiHUgIuq6jnj6mbzyHLAUbcCNAbk6fp82e+q7tJtBSkqDlunI5PmWHO9ng jZcvSHjwWrd3IboTNwygzqxkyDx66hCJNbKRxTW/ZjusT+mEVq/WFFdoU5sV3dQO aYqQBxkODwxh0SgBXk5upfzpz3ccvCvNXf7npTU8O/GsyQ4CC+2/3rIPg1lRWO8B jGNB/53UMid589fe47F4/Nepr9aG1U2aArnwlCA7lhT9ctB9K5gxpZH7zfYRotdb oO9F6n8LZCFdGaNP/SJEriZKKn5siiXyw6BJtuxHsgDR0YYW/RmFAgMBAAGjggTj MIIE3zAfBgNVHSMEGDAWgBSQWP+wnHWoUVR3se3yo0MWOJ5sxTAdBgNVHQ4EFgQU C1njNkQ0an1M1DjjYNnXgQcYN9swggHkBgNVHREEggHbMIIB14IPd3d3LnRpZmZh bnkuY29tgg5iZS50aWZmYW55LmNvbYIPY2RuLnRpZmZhbnkuY29tghFmb250cy50 aWZmYW55LmNvbYINZnIudGlmZmFueS5jYYIZaW50ZXJuYXRpb25hbC50aWZmYW55 LmNvbYIObmwudGlmZmFueS5jb22CC3RpZmZhbnkuY29tghJ3d3cuZXN0b3JlLXRj by5jb22CEXd3dy5lc3RvcmUtdGNvLmpwghx3d3cuc2FsZXNzZXJ2aWNlLnRpZmZh bnkuY29tgg53d3cudGlmZmFueS5hdIIOd3d3LnRpZmZhbnkuY26CEnd3dy50aWZm YW55LmNvbS5hdYIOd3d3LnRpZmZhbnkuZGWCDnd3dy50aWZmYW55LmVzgg53d3cu dGlmZmFueS5mcoIOd3d3LnRpZmZhbnkuaWWCDnd3dy50aWZmYW55Lml0gg53d3cu dGlmZmFueS5rcoIUd3d3LnRpZmZhbnl0cmFkZS5jb22CE3d3dy50aWZmYW55dHJh ZGUuanCCFnd3dy50aWZmYW55d2F0Y2hlcy5jb22CGXd3dy53aGF0bWFrZXNsb3Zl dHJ1ZS5jb22CEnd3dy56aC50aWZmYW55LmNvbTA+BgNVHSAENzA1MDMGBmeBDAEC AjApMCcGCCsGAQUFBwIBFhtodHRwOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwDgYD VR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjA+BgNV HR8ENzA1MDOgMaAvhi1odHRwOi8vY2RwLmdlb3RydXN0LmNvbS9HZW9UcnVzdFJT QUNBMjAxOC5jcmwwdQYIKwYBBQUHAQEEaTBnMCYGCCsGAQUFBzABhhpodHRwOi8v c3RhdHVzLmdlb3RydXN0LmNvbTA9BggrBgEFBQcwAoYxaHR0cDovL2NhY2VydHMu Z2VvdHJ1c3QuY29tL0dlb1RydXN0UlNBQ0EyMDE4LmNydDAMBgNVHRMBAf8EAjAA MIIBfwYKKwYBBAHWeQIEAgSCAW8EggFrAWkAdQDuzdBk1dsazsVct520zROiModG fLzs3sNRSFlGcR+1mwAAAYslvYMpAAAEAwBGMEQCIBOMyropp77a6Y8mWqBUDyQ7 aonOa8tPRKuqApTDFCBTAiBF/hD0dtnRPHDiFhlCURBNOEuuS8qzqtp3DVoI/o9K bgB3AEiw42vapkc0D+VqAvqdMOscUgHLVt0sgdm7v6s52IRzAAABiyW9gyAAAAQD AEgwRgIhANwlt3j9hRoocf6N5KoprfTpecJY4Kx2M8hL9aMrN3b9AiEAhCRmnlwu Hj1KfaBaw6AZoC5f0HiPbqV1kctZjO3fTQ4AdwDatr9rP7W2Ip+bwrtca+hwkXFs u1GEhTS9pD0wSNf7qwAAAYslvYMyAAAEAwBIMEYCIQDTiOfFmyTDVcLVemU7wsq4 hu2+IWUiHyUww4pgYrdfpgIhAPyWo3GNJQ6KlwCz4Bd73tI5lFiA8FAbgq0wfiX8 mGKDMA0GCSqGSIb3DQEBCwUAA4IBAQAVJOD2jqYq+EAxOje89hM6wT1YtGtLIshn ra8vyMvjnsACvjbNsFYlG1Sb3hw5a/3mlXIOfQCAJ83ZTIB50zlkxCHs+iQOuIeY 5HXLf3vTEX2SAa0b5/5rlbb2wgg/FWzSfcjHtHTXTS8dqK+If08KtGmQ509Cl39/ XHUUFjIHf9priFIm4NTuDVgk8QHR6QAxCrN3CChBIYsMeVuaqXGeJtmNIW2wvR1/ d2qqlraAOxX9BW02liliirhpx9XeEnCTP8VYjSx7OG2Vbs7qjyxQCrfg6xjP5Ft2 u/AU1q/6OJfz1/lvdaXMOmUbqULYYrPzCdgoVTWyz2PzoEipmWSH -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAotih2ViOHV8zg1dqmD5f TWY6YFEUC9JJyPNoFnFqIh1ICLquo54+pm88hywFG3AjQG5On6fNnvqu7SbQUpKg 5bpyOT5lhzvZ4I2XL0h48Fq3dyG6EzcMoM6sZMg8euoQiTWykcU1v2Y7rE/phFav 1hRXaFObFd3UDmmKkAcZDg8MYdEoAV5ObqX86c93HLwrzV3+56U1PDvxrMkOAgvt v96yD4NZUVjvAYxjQf+d1DInefPX3uOxePzXqa/WhtVNmgK58JQgO5YU/XLQfSuY MaWR+832EaLXW6DvRep/C2QhXRmjT/0iRK4mSip+bIol8sOgSbbsR7IA0dGGFv0Z hQIDAQAB -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 12273431488400556492531663451534599888 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Inc' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.digicert.com' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GeoTrust RSA CA 2018' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-10-12 00:00:00 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-10-11 23:59:59 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'New York' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'New York' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Tiffany and Co' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.tiffany.com' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 20557430734942318282564127858595059844535135286667009998071042173274979685199840746969759650364415263910254909896246974441467705641371898640038580756298512712140938175193038777870701122137929015860159420507569370163546803569718864211124380261986484438218955741845345733642619697422485783800621434446917905075885212458403710294493624990292654633427810717616444787358434856317232595828000499561583650826867921213165472491322034150144144954674879200824611600764964509809616832968889174861363445302611051945557323938786429163972655847183208216670887153503510191466717549065672036229630765361541184016508777063417944807813 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 9058ffb09c75a8515477b1edf2a34316389e6cc5 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) 0b59e33644346a7d4cd438e360d9d781071837db . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (475 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.tiffany.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'be.tiffany.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cdn.tiffany.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'fonts.tiffany.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'fr.tiffany.ca' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'international.tiffany.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'nl.tiffany.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'tiffany.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.estore-tco.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.estore-tco.jp' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.salesservice.tiffany.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.tiffany.at' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.tiffany.cn' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.tiffany.com.au' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.tiffany.de' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.tiffany.es' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.tiffany.fr' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.tiffany.ie' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.tiffany.it' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.tiffany.kr' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.tiffanytrade.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.tiffanytrade.jp' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.tiffanywatches.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.whatmakeslovetrue.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.zh.tiffany.com' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (55 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.digicert.com/CPS' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (55 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cdp.geotrust.com/GeoTrustRSACA2018.crl' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (105 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://status.geotrust.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.geotrust.com/GeoTrustRSACA2018.crt' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (367 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (363 bytes) 0169007500eecdd064d5db1acec55cb79db4cd13a23287467cbcecdec351485946711fb59b0000018b25bd832900000403004630440220138ccaba29a7bedae98f265aa0540f243b6a89ce6bcb4f44abaa0294c3142053022045fe10f476d9d13c70e216194251104d384bae4bcab3aada770d5a08fe8f4a6e00770048b0e36bdaa647340fe56a02fa9d30eb1c5201cb56dd2c81d9bbbfab39d884730000018b25bd83200000040300483046022100dc25b778fd851a2871fe8de4aa29adf4e979c258e0ac7633c84bf5a32b3776fd0221008424669e5c2e1e3d4a7da05ac3a019a02e5fd0788f6ea57591cb598ceddf4d0e007700dab6bf6b3fb5b6229f9bc2bb5c6be87091716cbb51848534bda43d3048d7fbab0000018b25bd83320000040300483046022100d388e7c59b24c355c2d57a653bc2cab886edbe2165221f2530c38a6062b75fa6022100fc96a3718d250e8a9700b3e0177bded239945880f0501b82ad307e25fc986283 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 001524e0f68ea62af840313a37bcf6133ac13d58b46b4b22c867adaf2fc8cbe39ec002be36cdb056251b549bde1c396bfde695720e7d008027cdd94c8079d33964c421ecfa240eb88798e475cb7f7bd3117d9201ad1be7fe6b95b6f6c2083f156cd27dc8c7b474d74d2f1da8af887f4f0ab46990e74f42977f7f5c75141632077fda6b885226e0d4ee0d5824f101d1e900310ab377082841218b0c795b9aa9719e26d98d216db0bd1d7f776aaa96b6803b15fd056d369629628ab869c7d5de1270933fc5588d2c7b386d956eceea8f2c500ab7e0eb18cfe45b76bbf014d6affa3897f3d7f96f75a5cc3a651ba942d862b3f309d8285535b2cf63f3a048a9996487