vpn.heg.com

- Host Europe Group Limited -

Issued by GlobalSign Extended Validation CA - SHA256 - G2

About this certificate

This digital certificate with serial number 5f:86:66:1c:e3:d0:e1:f0:e7:38:ff:a6 was issued on by GlobalSign nv-sa.

This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Host Europe Group Limited

Company registration number: 08509568
Organization: Host Europe Group Limited
Address: 5TH FLOOR, THE SHIPPING BUILDING OLD VINYL FACTORY
State / Province: Middlesex
Locality: Hayes
Country: GB

GlobalSign nv-sa

Organization: GlobalSign nv-sa
Country: BE

This certificate has expire since

Certificate Details

Serial Number (hex): 5f:86:66:1c:e3:d0:e1:f0:e7:38:ff:a6
Serial Number (int): 29563554207162097672497201062
Serial Number lenght: 95 bits, 12 octets

SubjectKeyId: af:6b:c9:3d:fa:44:96:e8:78:49:a8:ae:bb:d9:1f:52:de:7e:35:f1
AuthorityKeyId: da:40:77:43:65:1c:f8:fe:a7:e3:f4:64:82:3e:4d:43:13:22:31:02

Fingerprint (sha1): df:72:58:91:1f:1d:64:fe:ee:46:06:82:bf:82:e7:11:e4:00:09:d9
Fingerprint (sha256): 5e:6d:45:79:96:a4:5b:ff:d2:a6:23:ba:0c:40:b3:44:44:d9:37:93:9e:53:4b:67:6e:a3:2e:0f:03:36:db:0b

Issuing Certificate URL: http://secure.globalsign.com/cacert/gsextendvalsha2g2r2.crt

Revocation information

OCSP Server: http://ocsp2.globalsign.com/gsextendvalsha2g2
CRL Distribution Point: http://crl.globalsign.com/gs/gsextendvalsha2g2.crl

Check the revocation status for certificate vpn.heg.com

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for vpn.heg.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

vpn.heg.com

Other certificates including the domain name heg.com

(limited to 100 certificates)
vpn.heg.com
haproxy-0.cgn.ba.heg.com
confluence.dev.heg.com
bamboo.dev.heg.com
bamboo.dev.heg.com
bamboo.heg.com
confluence.heg.com
tools.core.heg.com
elk0.cgn.ba.heg.com
legal.emeaint.godaddy.com
mirrors.uk.heg.com
www.heg.com
www.heg.com
portal.heg.com
mirrors.uk.heg.com
www.heg.com
cgn-dc02.ad.heg.com
wsus.heg.com
kafka-prod0.cgn.ba.heg.com
jira.heg.com
persis.staging.heg.com
calendar.heg.com
drive.heg.com
legal.emeaint.godaddy.com
www.heg.com
axonivy.heg.com
portal.sam.heg.com
owa.heg.com
exchange.heg.com
lg.core.heg.com
n3pwhegssdc002.ad.heg.com
observium.core.heg.com
lg.core.heg.com
cmpro.heg.com
privacyguard.heg.com
restapi.sam.heg.com
vpn.heg.com
*.o365.heg.com
jira.heg.com
lists.heg.com
tools.core.heg.com
vpn.heg.com
calender.heg.com
jira.dev.heg.com
*.loki.ba.heg.com
portal.heg.com
*.artifactory.ba.heg.com
jira.heg.com
www.heg.com
stash.heg.com
confluence.heg.com
stash.dev.heg.com
exchange.heg.com
vpn.heg.com
stash.heg.com
datastore.heg.com
legal.emeaint.godaddy.com
privacyguard.heg.com
*.media.heg.com
vpn.heg.com
privacyguard.heg.com
stash.dev.heg.com
*.mjolnir.ba.heg.com
confluence.heg.com
calendar.heg.com
*.thor.ba.heg.com
elk2.cgn.ba.heg.com
ldap.heg.com
paste.heg.com
timecontrol.heg.com
heg.com
stash.heg.com
privacyguard.heg.com
vault.ba.heg.com
cmpro.heg.com
confluence.heg.com
lg.core.heg.com
vault.ba.heg.com
www.heg.com
confluence.dev.heg.com
bamboo.heg.com
restapi.sam.heg.com
rsaf.sam.heg.com
observium.core.heg.com
owa.heg.com
blog.heg.com
calendar.heg.com
*.media.heg.com
lg.core.heg.com
finance-ax.heg.com
jira.heg.com
*.freya.ba.heg.com
legal.emeaint.godaddy.com
jabber.heg.com
sam.heg.com
*.odin.ba.heg.com
elk1.cgn.ba.heg.com
lg.core.heg.com
owa.heg.com
jira.dev.heg.com

Certificate

The complete raw certificate details for vpn.heg.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIHlTCCBn2gAwIBAgIMX4ZmHOPQ4fDnOP+mMA0GCSqGSIb3DQEBCwUAMGIxCzAJ
BgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTgwNgYDVQQDEy9H
bG9iYWxTaWduIEV4dGVuZGVkIFZhbGlkYXRpb24gQ0EgLSBTSEEyNTYgLSBHMjAe
Fw0xNTAxMjkxMzQwNDNaFw0xNzAxMjkxMzQwNDNaMIHvMR0wGwYDVQQPDBRQcml2
YXRlIE9yZ2FuaXphdGlvbjERMA8GA1UEBRMIMDg1MDk1NjgxEzARBgsrBgEEAYI3
PAIBAxMCR0IxCzAJBgNVBAYTAkdCMRIwEAYDVQQIEwlNaWRkbGVzZXgxDjAMBgNV
BAcTBUhheWVzMTswOQYDVQQJEzI1VEggRkxPT1IsIFRIRSBTSElQUElORyBCVUlM
RElORyBPTEQgVklOWUwgRkFDVE9SWTEiMCAGA1UEChMZSG9zdCBFdXJvcGUgR3Jv
dXAgTGltaXRlZDEUMBIGA1UEAxMLdnBuLmhlZy5jb20wggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQC2QqTFEqbOO8aytmC5ghcEZrrzeW3VijMXo2fUBizM
fYNDSdsBVZrrM+ygmU4Sc95z4ECY94LhTeLeOtjXECETTk93fko4/LWIi3uaX8+t
26PzddRLfSh2euaZ+Z1ywX+Dbo/FnCt/2ZOSEKW5vBb3bwH2DfPaicaOefcRWln9
NMCpuU4805/e+Z3Fzm8SBkfA3bERVG4nLD6n/eB2eSVguto2X2Fb6WcctONczvQk
Z/6Xj5zdJp8VLmrRozAuOyJotD9UmdA/ddwh7EN/H+QZHATYBgRPIzL1dwyXjGnK
5KQnudKmgrTsrX0tI3OZZ84tlsgc4c/slXs9V4eAMAn9AgMBAAGjggO7MIIDtzAO
BgNVHQ8BAf8EBAMCBaAwTAYDVR0gBEUwQzBBBgkrBgEEAaAyAQEwNDAyBggrBgEF
BQcCARYmaHR0cHM6Ly93d3cuZ2xvYmFsc2lnbi5jb20vcmVwb3NpdG9yeS8wQwYD
VR0fBDwwOjA4oDagNIYyaHR0cDovL2NybC5nbG9iYWxzaWduLmNvbS9ncy9nc2V4
dGVuZHZhbHNoYTJnMi5jcmwwgZQGCCsGAQUFBwEBBIGHMIGEMEcGCCsGAQUFBzAC
hjtodHRwOi8vc2VjdXJlLmdsb2JhbHNpZ24uY29tL2NhY2VydC9nc2V4dGVuZHZh
bHNoYTJnMnIyLmNydDA5BggrBgEFBQcwAYYtaHR0cDovL29jc3AyLmdsb2JhbHNp
Z24uY29tL2dzZXh0ZW5kdmFsc2hhMmcyMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr
BgEFBQcDAjAJBgNVHRMEAjAAMBYGA1UdEQQPMA2CC3Zwbi5oZWcuY29tMB0GA1Ud
DgQWBBSva8k9+kSW6HhJqK672R9S3n418TAfBgNVHSMEGDAWgBTaQHdDZRz4/qfj
9GSCPk1DEyIxAjCCAfcGCisGAQQB1nkCBAIEggHnBIIB4wHhAHUAaPaY+B9kgr46
jO65KB1M/HFRXWeT1ETRCmesu09P+8QAAAFLNewuHgAABAMARjBEAiAR6Yqo61vF
B63hKjsaDp/7exldDnNgjz/GOrxxzMs2XQIgLRdp9g6XA9tIyXl/iuBKCkcwI7of
71yg62QiWr0UcogAdgCkuQmQtBhYFIe7E6LMZ3AKPDWYBPkb37jjd80OyA3cEAAA
AUs17DVJAAAEAwBHMEUCIQDVWA/EyBydEu5gMmZBtO5c1/fQZB24o1B55Gwdkhqu
GQIgdeWj6Gc0JMZlAMHPch4psEzqiygtP0xfFEc+xYJbMPQAdwDuS723dc5guuFC
aR+r4Z5mow9+X7By2IMAxHuJeqj9ywAAAUs17EBJAAAEAwBIMEYCIQCqzNknH3E7
hqa75o1KFDFlyHVx7PKNop7OBTy+5HQYUwIhAOuaO8D6aTXJVwyr3OOIFPHsb+5T
TlbcnxhZe5egMVJ2AHcAVhQGmi/XwuzT9eG9RLI+x0Z2ubyZEVzA75SYVdaJ0N0A
AAFLNexEiwAABAMASDBGAiEAs5cBddawTYwzV96whKlGnQncDqVrn5zhR+VdaKzr
gfICIQDZ9FEOOG2GKvFtJLZVlVSd5I/nLOAbqkmX/PEXZ2GCITANBgkqhkiG9w0B
AQsFAAOCAQEAVbegTPJgu87J+1ZyUtIyFSGp9aCb82kubrXlmul9jAWNsSnvlUIf
7A0RZtdEfIaAtP6E32oYP+Xg+pgv5zydXPqbZmafL+tiP69FY8cPT8BMIH1XPE27
ng93gd8FBXmO7vsLJ1mdMTyWlOO29Q62y4JNTH6ctRj9LxECTwOpi/F/Jyk4RFTZ
EzOjbZWWf77xXqnbFoGBBU8WSHOx0RiC1LKfUgW09UtVyp9LnTZM3un2pVoSAhdO
6GeYCrrKZvl3nuOMyQLwdY6aJM+DLvTiKcQYna8ETefERoTHB353e+Yy5rVBb2nV
Oxf+BCsnhu5z0zG78agdJn0/fpnIpkElYA==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtkKkxRKmzjvGsrZguYIX
BGa683lt1YozF6Nn1AYszH2DQ0nbAVWa6zPsoJlOEnPec+BAmPeC4U3i3jrY1xAh
E05Pd35KOPy1iIt7ml/Prduj83XUS30odnrmmfmdcsF/g26PxZwrf9mTkhClubwW
928B9g3z2onGjnn3EVpZ/TTAqblOPNOf3vmdxc5vEgZHwN2xEVRuJyw+p/3gdnkl
YLraNl9hW+lnHLTjXM70JGf+l4+c3SafFS5q0aMwLjsiaLQ/VJnQP3XcIexDfx/k
GRwE2AYETyMy9XcMl4xpyuSkJ7nSpoK07K19LSNzmWfOLZbIHOHP7JV7PVeHgDAJ
/QIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 29563554207162097672497201062
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'BE'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GlobalSign nv-sa'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GlobalSign Extended Validation CA - SHA256 - G2'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2015-01-29 13:40:43 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2017-01-29 13:40:43 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.15 (businessCategory)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Private Organization'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.5 (serialNumber)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '08509568'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.60.2.1.3 (jurisdictionOfIncorporationC)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GB'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GB'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Middlesex'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Hayes'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.9 (streetAddress)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '5TH FLOOR, THE SHIPPING BUILDING OLD VINYL FACTORY'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Host Europe Group Limited'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'vpn.heg.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 23008234703636040145013794621500379346827092901096593996992787457230363428519441411064067642505000594712286795621707919266046357078068060717924756593785179304241435961328366261635756335665570266410784459933769189761358672083457324354485989884892281681186372169565410809772942213050641938199179976725971927188639277410101231384830206526290210364187011167983013385403308882030452590620381907660034321849189623071874290040685444925986085091394604514700899839702106223354906766578223741504411945248756605885832824213542177871193263562072650108704740080887939017084863043271331223313238937070624058646464789617869723798013
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (69 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.4146.1.1 (GlobalSign EV policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.globalsign.com/repository/'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (60 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.globalsign.com/gs/gsextendvalsha2g2.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (135 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://secure.globalsign.com/cacert/gsextendvalsha2g2r2.crt'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp2.globalsign.com/gsextendvalsha2g2'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (15 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'vpn.heg.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							af6bc93dfa4496e87849a8aebbd91f52de7e35f1
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName da407743651cf8fea7e3f464823e4d4313223102
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (487 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (483 bytes)
							01e100750068f698f81f6482be3a8ceeb9281d4cfc71515d6793d444d10a67acbb4f4ffbc40000014b35ec2e1e0000040300463044022011e98aa8eb5bc507ade12a3b1a0e9ffb7b195d0e73608f3fc63abc71cccb365d02202d1769f60e9703db48c9797f8ae04a0a473023ba1fef5ca0eb64225abd147288007600a4b90990b418581487bb13a2cc67700a3c359804f91bdfb8e377cd0ec80ddc100000014b35ec35490000040300473045022100d5580fc4c81c9d12ee60326641b4ee5cd7f7d0641db8a35079e46c1d921aae19022075e5a3e8673424c66500c1cf721e29b04cea8b282d3f4c5f14473ec5825b30f4007700ee4bbdb775ce60bae142691fabe19e66a30f7e5fb072d88300c47b897aa8fdcb0000014b35ec40490000040300483046022100aaccd9271f713b86a6bbe68d4a143165c87571ecf28da29ece053cbee4741853022100eb9a3bc0fa6935c9570cabdce38814f1ec6fee534e56dc9f18597b97a03152760077005614069a2fd7c2ecd3f5e1bd44b23ec74676b9bc99115cc0ef949855d689d0dd0000014b35ec448b0000040300483046022100b3970175d6b04d8c3357deb084a9469d09dc0ea56b9f9ce147e55d68aceb81f2022100d9f4510e386d862af16d24b65595549de48fe72ce01baa4997fcf11767618221
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		0055b7a04cf260bbcec9fb567252d2321521a9f5a09bf3692e6eb5e59ae97d8c058db129ef95421fec0d1166d7447c8680b4fe84df6a183fe5e0fa982fe73c9d5cfa9b66669f2feb623faf4563c70f4fc04c207d573c4dbb9e0f7781df0505798eeefb0b27599d313c9694e3b6f50eb6cb824d4c7e9cb518fd2f11024f03a98bf17f2729384454d91333a36d95967fbef15ea9db168181054f164873b1d11882d4b29f5205b4f54b55ca9f4b9d364cdee9f6a55a1202174ee867980abaca66f9779ee38cc902f0758e9a24cf832ef4e229c4189daf044de7c44684c7077e777be632e6b5416f69d53b17fe042b2786ee73d331bbf1a81d267d3f7e99c8a6412560