candy.hesge.ch
Issued by Gandi Standard SSL CA 2
About this certificate
This digital certificate with serial number 56:24:d4:73:73:e3:01:16:73:3a:95:0a:ff:c4:fa:d9 was issued on by Gandi.
With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)
Certificate Subject
CN=candy.hesge.ch,OU=Domain Control Validated+OU=Gandi Standard SSL
Gandi
Organization:
Gandi
State / Province:
Paris
Locality: Paris
Country: FR
Locality: Paris
Country: FR
This certificate has expire since
Certificate Details
Serial Number (hex): 56:24:d4:73:73:e3:01:16:73:3a:95:0a:ff:c4:fa:d9Serial Number (int): 114504839342349889585888374081536195289
Serial Number lenght: 127 bits, 16 octets
SubjectKeyId: a8:63:6d:12:f9:72:21:68:9c:c4:b3:60:d1:d1:6a:3d:72:25:75:5e
AuthorityKeyId: b3:90:a7:d8:c9:af:4e:cd:61:3c:9f:7c:ad:5d:7f:41:fd:69:30:ea
Fingerprint (sha1): df:d5:25:53:87:75:32:12:31:ff:c1:16:a0:52:49:4c:a3:45:d7:a1
Fingerprint (sha256): 5f:d4:2a:d8:66:68:cf:d2:f5:de:e9:cc:0a:84:ab:5f:58:aa:22:ad:74:09:c0:b9:43:99:1a:07:d8:da:5c:6c
Issuing Certificate URL: http://crt.usertrust.com/GandiStandardSSLCA2.crt
Revocation information
OCSP Server: http://ocsp.usertrust.comCRL Distribution Point: http://crl.usertrust.com/GandiStandardSSLCA2.crl
Check the revocation status for certificate candy.hesge.ch
2
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for candy.hesge.ch
Public Key Algorithm
RSA
Key Size
2048
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
10 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
candy.hesge.ch
www.candy.hesge.ch
www.candy.hesge.ch
Other certificates including the domain name hesge.ch
(limited to 100 certificates)
heds.prod.hesge.ch
goldorak.hesge.ch
*.hesge.ch
hepiacloud.hesge.ch
mail.hesge.ch
*.hesge.ch
hepiacloud.hesge.ch
goldorak.hesge.ch
hepiacloud.hesge.ch
m.hesge.ch
idp.hesge.ch
hepiacloud.hesge.ch
idp.hesge.ch
mail.ge.ch
*.hesge.ch
hepiacloud.hesge.ch
vdi.hesge.ch
hepiacloud.hesge.ch
hepiacloud.hesge.ch
candy.hesge.ch
idp.hesge.ch
goldorak.hesge.ch
m.hesge.ch
hepiacloud.hesge.ch
vpn.hesge.ch
*.hesge.ch
mail.ge.ch
m.hesge.ch
idp.hesge.ch
*.hesge.ch
hepiacloud.hesge.ch
*.hesge.ch
*.hesge.ch
m.hesge.ch
*.hesge.ch
vdi.hesge.ch
cucmuserlabo000-ms.ceti.etat-ge.ch
mpp.hesge.ch
m.hesge.ch
goldorak.hesge.ch
head-mdm.hesge.ch
hepiacloud.hesge.ch
*.hesge.ch
goldorak.hesge.ch
*.hesge.ch
hepiacloud.hesge.ch
mail.hesge.ch
*.hesge.ch
hepiacloud.hesge.ch
goldorak.hesge.ch
hepiacloud.hesge.ch
m.hesge.ch
idp.hesge.ch
hepiacloud.hesge.ch
idp.hesge.ch
mail.ge.ch
*.hesge.ch
hepiacloud.hesge.ch
vdi.hesge.ch
hepiacloud.hesge.ch
hepiacloud.hesge.ch
candy.hesge.ch
idp.hesge.ch
goldorak.hesge.ch
m.hesge.ch
hepiacloud.hesge.ch
vpn.hesge.ch
*.hesge.ch
mail.ge.ch
m.hesge.ch
idp.hesge.ch
*.hesge.ch
hepiacloud.hesge.ch
*.hesge.ch
*.hesge.ch
m.hesge.ch
*.hesge.ch
vdi.hesge.ch
cucmuserlabo000-ms.ceti.etat-ge.ch
mpp.hesge.ch
m.hesge.ch
goldorak.hesge.ch
head-mdm.hesge.ch
hepiacloud.hesge.ch
*.hesge.ch
Certificate
The complete raw certificate details for candy.hesge.ch in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIGeTCCBWGgAwIBAgIQViTUc3PjARZzOpUK/8T62TANBgkqhkiG9w0BAQsFADBf MQswCQYDVQQGEwJGUjEOMAwGA1UECBMFUGFyaXMxDjAMBgNVBAcTBVBhcmlzMQ4w DAYDVQQKEwVHYW5kaTEgMB4GA1UEAxMXR2FuZGkgU3RhbmRhcmQgU1NMIENBIDIw HhcNMTkwNDE2MDAwMDAwWhcNMjEwNDE2MjM1OTU5WjBZMSEwHwYDVQQLExhEb21h aW4gQ29udHJvbCBWYWxpZGF0ZWQxGzAZBgNVBAsTEkdhbmRpIFN0YW5kYXJkIFNT TDEXMBUGA1UEAxMOY2FuZHkuaGVzZ2UuY2gwggEiMA0GCSqGSIb3DQEBAQUAA4IB DwAwggEKAoIBAQCspEPMX8bDwscDcIr/F+dDdXaM5WdoxpvXskwK02Nuc6egMa57 rIMkh2cQb12BVF/wM2PXr2fn+XUvqVOuXXIdzfHo5M67PtJoHiiIT6eoxKAE7rSD 4MWI5MDs8Z7Bypc72wAqhmEdJdMv4e+l/uTUcZrXrg0ku/H3bXv2yK2eP6riQLWB biIojW7DiQdwEjztJ/AzosMM3OfFwUqm6YCI13cDMXG0TOVKrWgZ1eF/6Pp1G76o i0qdzv5oGEEUJAGr5QB/bsZwiitRgKObZXahCGjDkD3hpI6HUjIKhE2xRIl0NVoD PMM+sTzhqYcYo8I5uk1QLBgBbr5Cu+CA6gjpAgMBAAGjggM1MIIDMTAfBgNVHSME GDAWgBSzkKfYya9OzWE8n3ytXX9B/Wkw6jAdBgNVHQ4EFgQUqGNtEvlyIWicxLNg 0dFqPXIldV4wDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYw FAYIKwYBBQUHAwEGCCsGAQUFBwMCMEsGA1UdIAREMEIwNgYLKwYBBAGyMQECAhow JzAlBggrBgEFBQcCARYZaHR0cHM6Ly9jcHMudXNlcnRydXN0LmNvbTAIBgZngQwB AgEwQQYDVR0fBDowODA2oDSgMoYwaHR0cDovL2NybC51c2VydHJ1c3QuY29tL0dh bmRpU3RhbmRhcmRTU0xDQTIuY3JsMHMGCCsGAQUFBwEBBGcwZTA8BggrBgEFBQcw AoYwaHR0cDovL2NydC51c2VydHJ1c3QuY29tL0dhbmRpU3RhbmRhcmRTU0xDQTIu Y3J0MCUGCCsGAQUFBzABhhlodHRwOi8vb2NzcC51c2VydHJ1c3QuY29tMC0GA1Ud EQQmMCSCDmNhbmR5Lmhlc2dlLmNoghJ3d3cuY2FuZHkuaGVzZ2UuY2gwggF8Bgor BgEEAdZ5AgQCBIIBbASCAWgBZgB1ALvZ37wfinG1k5Qjl6qSe0c4V5UKq1LoGpCW ZDaOHtGFAAABaiaRAskAAAQDAEYwRAIgEjTkFm2QVUY4ZtjO0H38SgTMheIqCuAj X+9IMbqUFx0CIHGZPR9AcNaT/krHTGzUdWYtYbHquIjDk/h5UV9/nasGAHUARJRl LrDuzq/EQAfYqP4owNrmgr7YyzG1P9MzlrW2gagAAAFqJpECzgAABAMARjBEAiBR RMUTLb0qqaKqjv99CB6kKebibZNsI1rmt+j/OOg9GAIgMy78tp45nr6Ho+o6q4lP VxamrCTcDjUzu+P+reNHSNoAdgBc3EOS/uarRUSxXprUVuYQN/vV+kfcoXOUsl7m 9scOygAAAWomkQLyAAAEAwBHMEUCIQCvnOLGVfX6ht19VgBj8+vCzFngtVveFPjR rxb3y/0vMgIgace1HLZ2DeGhBWI56M8VGAljlzg3DYEORKcdJ1eyvJ0wDQYJKoZI hvcNAQELBQADggEBAH0nGmk4IePDrNCv0Mt3Hjx0Ez3OF/iUOoVojAPJ8vKX0AVo k7+vtdOmW2enMINUxXaPUtGfaEjStlx9x0TeGkEOeYuXiyx35rNscb/t7audSdcy zkZ0iL4lDidli0JQWigajAmNISIM+rrAU1IDvHsqqJ0VFDSrXKrDFsx4C7PV862f pEDev3GeiD8kTpm7ukb7lBzTJAxnm20lWDOC2my5FCqXWdb0jv4QyjLmZMqngoXa MOgoE/sER2EV9ZqTx+qszQksTI2QswnRV34p1mte/TmAjG/mdk+r3Lyv3i9cgFCK +Kju48PObgjaSdIBcUkjv8Iog1tL+g5Q6CpbTAI= -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArKRDzF/Gw8LHA3CK/xfn Q3V2jOVnaMab17JMCtNjbnOnoDGue6yDJIdnEG9dgVRf8DNj169n5/l1L6lTrl1y Hc3x6OTOuz7SaB4oiE+nqMSgBO60g+DFiOTA7PGewcqXO9sAKoZhHSXTL+Hvpf7k 1HGa164NJLvx92179sitnj+q4kC1gW4iKI1uw4kHcBI87SfwM6LDDNznxcFKpumA iNd3AzFxtEzlSq1oGdXhf+j6dRu+qItKnc7+aBhBFCQBq+UAf27GcIorUYCjm2V2 oQhow5A94aSOh1IyCoRNsUSJdDVaAzzDPrE84amHGKPCObpNUCwYAW6+QrvggOoI 6QIDAQAB -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 114504839342349889585888374081536195289 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'FR' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Paris' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Paris' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Gandi' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Gandi Standard SSL CA 2' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-04-16 00:00:00 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2021-04-16 23:59:59 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Domain Control Validated' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Gandi Standard SSL' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'candy.hesge.ch' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 21793990464397155848827726928254251609843971603312620819976776871252291335028418591025739913052890396891429434563785803917681758120859594046844086566276150244626613088857124547944204195009503329657078729825489451855392850989348553092290448739892154326056869113618087680777612114795838822514737641511163635328046403438327641639091737060950459425616903958158479596336348654757401911153152850400276950301206989706755602995667810612626032602167299062735639449058288955257047705068866158181537877635744747024054546553262354712997845329080403352788906023088150630837102356749068990241625344019008903272562723721375086414057 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName b390a7d8c9af4ecd613c9f7cad5d7f41fd6930ea . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) a8636d12f97221689cc4b360d1d16a3d7225755e . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (68 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.6449.1.2.2.26 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://cps.usertrust.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (58 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.usertrust.com/GandiStandardSSLCA2.crl' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (103 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.usertrust.com/GandiStandardSSLCA2.crt' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.usertrust.com' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (38 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'candy.hesge.ch' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.candy.hesge.ch' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (364 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (360 bytes) 0166007500bbd9dfbc1f8a71b593942397aa927b473857950aab52e81a909664368e1ed1850000016a269102c9000004030046304402201234e4166d9055463866d8ced07dfc4a04cc85e22a0ae0235fef4831ba94171d022071993d1f4070d693fe4ac74c6cd475662d61b1eab888c393f879515f7f9dab060075004494652eb0eeceafc44007d8a8fe28c0dae682bed8cb31b53fd33396b5b681a80000016a269102ce000004030046304402205144c5132dbd2aa9a2aa8eff7d081ea429e6e26d936c235ae6b7e8ff38e83d180220332efcb69e399ebe87a3ea3aab894f5716a6ac24dc0e3533bbe3feade34748da0076005cdc4392fee6ab4544b15e9ad456e61037fbd5fa47dca17394b25ee6f6c70eca0000016a269102f20000040300473045022100af9ce2c655f5fa86dd7d560063f3ebc2cc59e0b55bde14f8d1af16f7cbfd2f32022069c7b51cb6760de1a1056239e8cf151809639738370d810e44a71d2757b2bc9d . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 007d271a693821e3c3acd0afd0cb771e3c74133dce17f8943a85688c03c9f2f297d0056893bfafb5d3a65b67a7308354c5768f52d19f6848d2b65c7dc744de1a410e798b978b2c77e6b36c71bfededab9d49d732ce467488be250e27658b42505a281a8c098d21220cfabac0535203bc7b2aa89d151434ab5caac316cc780bb3d5f3ad9fa440debf719e883f244e99bbba46fb941cd3240c679b6d25583382da6cb9142a9759d6f48efe10ca32e664caa78285da30e82813fb04476115f59a93c7eaaccd092c4c8d90b309d1577e29d66b5efd39808c6fe6764fabdcbcafde2f5c80508af8a8eee3c3ce6e08da49d201714923bfc228835b4bfa0e50e82a5b4c02