oos.ge.ch

- Republique et Canton de Geneve -

Issued by SwissSign Server Gold CA 2014 - G22

About this certificate

This digital certificate with serial number 5d:70:ff:13:81:11:55:ca:31:96:82:17:37:cb:99:86:a9:de:c2:9c was issued on by SwissSign AG.

With 4 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • KeyUsage [ContentCommitment DataEncipherment DigitalSignature KeyEncipherment] (00001111) inconsistent with multiple purpose ExtKeyUsage [clientAuth serverAuth] The certificate MUST only be used for a purpose consistent with both key usage extension and extended key usage extension. (RFC 5280, Section 4.2.1.12.)
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Republique et Canton de Geneve

Organization: Republique et Canton de Geneve
Organization unit: DI - Office cantonal des systèmes d’information et du numérique
State / Province: Geneva
Locality: Geneva
Country: CH

SwissSign AG

Organization: SwissSign AG
Country: CH

This certificate has expire since

Certificate Details

Serial Number (hex): 5d:70:ff:13:81:11:55:ca:31:96:82:17:37:cb:99:86:a9:de:c2:9c
Serial Number (int): 533456045418690496433361172618024318270420468380
Serial Number lenght: 159 bits, 20 octets

SubjectKeyId: 02:3a:75:98:e1:b1:6a:56:bf:17:a9:d9:2e:10:6b:0c:e8:cf:f3:39
AuthorityKeyId: e7:f1:e7:fd:2e:53:ad:11:e5:81:1a:57:a4:73:8f:12:7d:98:c8:ae

Fingerprint (sha1): 67:45:60:f4:bc:32:2b:23:0a:ec:24:9e:5c:22:42:9f:b4:a8:c1:cf
Fingerprint (sha256): 69:40:c7:bd:66:37:41:b9:11:68:bb:60:af:b3:43:05:00:aa:4e:6c:03:ff:d6:dc:ff:4a:be:cc:14:ef:d4:c8

Issuing Certificate URL: http://swisssign.net/cgi-bin/authority/download/E7F1E7FD2E53AD11E5811A57A4738F127D98C8AE

Revocation information

OCSP Server: http://gold-server-g2.ocsp.swisssign.net/E7F1E7FD2E53AD11E5811A57A4738F127D98C8AE
CRL Distribution Point: http://crl.swisssign.net/E7F1E7FD2E53AD11E5811A57A4738F127D98C8AE
CRL Distribution Point: ldap://directory.swisssign.net/CN=E7F1E7FD2E53AD11E5811A57A4738F127D98C8AE%2CO=SwissSign%2CC=CH?certificateRevocationList?base?objectClass=cRLDistributionPoint

Check the revocation status for certificate oos.ge.ch

4

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for oos.ge.ch

Public Key Algorithm

RSA

Key Size

4096

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Content Commitment
Key Encipherment
Data Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

oos.ge.ch
oos01.ad.etat-ge.ch
oos02.ad.etat-ge.ch
oosint.etat-ge.ch

Other certificates including the domain name ge.ch

(limited to 100 certificates)
impuserlabo000-ms.ceti.etat-ge.ch
gc.ge.ch
contacts.ge.ch
testeaspolb2b.ge.ch
ge.ch
vcscgv2-1.ceti.etat-ge.ch
pol.b2b.ge.ch
cucmuser000-ms.ceti.etat-ge.ch
vcscnhp-1.ceti.etat-ge.ch
justice.ge.ch
test.b2b.ge.ch
testmobilepol.ge.ch
portailadmin.ge.ch
portail.ge.ch
survey.cdc.ge.ch
*.ge.ch
testservices.b2b.ge.ch
vpntest.ge.ch
www.etat.ge.ch
REPUBLIQUE ET CANTON DE GENEVE
epi.ge.ch
testservices.b2b.ge.ch
test.b2b.ge.ch
mobilepol.ge.ch
securebox.epi.ge.ch
imap.gc.ge.ch
appconpol02.ge.ch
ge.ch
pexip.ge.ch
recensement.app.ge.ch
vcsclabo-2.ceti.etat-ge.ch
jabberguest.ge.ch
vcselabo-1.ge.ch
epi.ge.ch
impuser000-ms.ceti.etat-ge.ch
padbleu.ge.ch
idp.ge.ch
dgsiemmensrec.ge.ch
cucmuserlabo000-ms.ceti.etat-ge.ch
padpolice.ge.ch
ssl829352.cloudflaressl.com
testeasadmb2b.ge.ch
ge.ch
pexipedge.ge.ch
vcsenhp-1.ge.ch
pol.b2b.ge.ch
jabberguest.ge.ch
ge.ch
test.b2b.ge.ch
justice-doc-ext.ge.ch
eas.gc.ge.ch
pjdeploy01.ceti.etat-ge.ch
vcselabo-2.ge.ch
webmail.gc.ge.ch
test.b2b.ge.ch
jabbergexpe002.ge.ch
testeasadmb2b.ge.ch
vcscnhp-1.ceti.etat-ge.ch
polmi.b2b.ge.ch
epi.ge.ch
appconsae01.ge.ch
epi.ge.ch
vcselabo-2.ge.ch
www.etat.ge.ch
easpolb2b.ge.ch
padjustice.ge.ch
sni.cloudflaressl.com
www.ge.ch
ssl829350.cloudflaressl.com
securebox.epi.ge.ch
annuaire.ge.ch
epi.ge.ch
*.ge.ch
epi.ge.ch
cucmuserlabo000-ms.ceti.etat-ge.ch
cucmuser000-ms.ceti.etat-ge.ch
survey.cdc.ge.ch
*.ge.ch
portailwifiedu.ge.ch
pocdme.etat.ge.ch
amendes.ge.ch
vcsclabo-2.ceti.etat-ge.ch
videogw.ge.ch
amendes.ge.ch
vpn.ge.ch
test.b2b.ge.ch
portail.ge.ch
vcselabo-1.ge.ch
*.app4.ge.ch
etoile.ge.ch
outlook.ge.ch
amendes-rec.ge.ch
testpolmi.b2b.ge.ch
mdmacore01.ge.ch
ge.ch
ldapedu.ge.ch
testmobilepol.ge.ch
*.epi.ge.ch
participer-rec.ge.ch
*.ge.ch

Certificate

The complete raw certificate details for oos.ge.ch in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIHszCCBpugAwIBAgIUXXD/E4ERVcoxloIXN8uZhqnewpwwDQYJKoZIhvcNAQEL
BQAwUjELMAkGA1UEBhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEsMCoGA1UE
AxMjU3dpc3NTaWduIFNlcnZlciBHb2xkIENBIDIwMTQgLSBHMjIwHhcNMTkwNzA4
MTI1NDA5WhcNMjEwNzA4MTI1NDA5WjCBujELMAkGA1UEBhMCQ0gxDzANBgNVBAgT
BkdlbmV2YTEPMA0GA1UEBxMGR2VuZXZhMScwJQYDVQQKEx5SZXB1YmxpcXVlIGV0
IENhbnRvbiBkZSBHZW5ldmUxTDBKBgNVBAsMQ0RJIC0gT2ZmaWNlIGNhbnRvbmFs
IGRlcyBzeXN0w6htZXMgZOKAmWluZm9ybWF0aW9uIGV0IGR1IG51bcOpcmlxdWUx
EjAQBgNVBAMTCW9vcy5nZS5jaDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
ggIBAMr62B9khch3FRFCM0a6X+CGa4k4Za/+gxuwpdKshJNSXapvWO8/hEnLQB5f
rL6I7MozbFj2SH44EgWjciXD9dIfxtA+7XE6elobLtEG+0Jb2OQm56OmEzYht2/b
EZPSw/EzV39TA9m4GAp1csJKLSHNdJXBAzxOdFSFNyR+1wLcQZZioTfxYB2SYkSU
Gw3XmqknHz/KaeRJ+QVox54FTPCX4wv6LC9Fkp2BgCQikDi/uwJ2fuIVQJSQRDSx
0HYIEO2O31rDn3AsnrmIebMns4+WqqTaTcXkqc8Izl2U5ERVrbF7Hz/pJkRWydUa
4loQuD6C/oMXUZ3Sf9SqPD6sbm3ednGaOkLlZBwzoFG7cMq3+yngTg52Ffz4QPXd
bVPq457ENr3fMLdkhRtOoFJjznH4Pyc5hbLwM8VG357ZY4fGUH4v7Z6WKUQhK52u
NgaWmb+RSdJK2m5se3yDiRo5nHIxk/BFNFJ/++qk3TdX3R3uhCYCxISixtoi9mEf
wYJfpW6QS1AeVf3NrMotsSRsIPisoa3WXWK/BPEx3BtWKS7pAMl87a6lPrDqBc5J
d9gZB09T6KuP8H4vlJb5em3OIIU0/1W6It82jelP92ZCbT+YHo7xqAnAoeJ0CeuC
yIRH9ihmVdVOwtJaUR4eJIg2ypQJUtYO5sU/ycLq3oM1lnbTAgMBAAGjggMWMIID
EjBRBgNVHREESjBIgglvb3MuZ2UuY2iCE29vczAxLmFkLmV0YXQtZ2UuY2iCE29v
czAyLmFkLmV0YXQtZ2UuY2iCEW9vc2ludC5ldGF0LWdlLmNoMA4GA1UdDwEB/wQE
AwIE8DAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFAI6
dZjhsWpWvxep2S4Qawzoz/M5MB8GA1UdIwQYMBaAFOfx5/0uU60R5YEaV6RzjxJ9
mMiuMIH/BgNVHR8EgfcwgfQwR6BFoEOGQWh0dHA6Ly9jcmwuc3dpc3NzaWduLm5l
dC9FN0YxRTdGRDJFNTNBRDExRTU4MTFBNTdBNDczOEYxMjdEOThDOEFFMIGooIGl
oIGihoGfbGRhcDovL2RpcmVjdG9yeS5zd2lzc3NpZ24ubmV0L0NOPUU3RjFFN0ZE
MkU1M0FEMTFFNTgxMUE1N0E0NzM4RjEyN0Q5OEM4QUUlMkNPPVN3aXNzU2lnbiUy
Q0M9Q0g/Y2VydGlmaWNhdGVSZXZvY2F0aW9uTGlzdD9iYXNlP29iamVjdENsYXNz
PWNSTERpc3RyaWJ1dGlvblBvaW50MF8GA1UdIARYMFYwVAYJYIV0AVkBAgELMEcw
RQYIKwYBBQUHAgEWOWh0dHA6Ly9yZXBvc2l0b3J5LnN3aXNzc2lnbi5jb20vU3dp
c3NTaWduLUdvbGQtQ1AtQ1BTLnBkZjCB1QYIKwYBBQUHAQEEgcgwgcUwZAYIKwYB
BQUHMAKGWGh0dHA6Ly9zd2lzc3NpZ24ubmV0L2NnaS1iaW4vYXV0aG9yaXR5L2Rv
d25sb2FkL0U3RjFFN0ZEMkU1M0FEMTFFNTgxMUE1N0E0NzM4RjEyN0Q5OEM4QUUw
XQYIKwYBBQUHMAGGUWh0dHA6Ly9nb2xkLXNlcnZlci1nMi5vY3NwLnN3aXNzc2ln
bi5uZXQvRTdGMUU3RkQyRTUzQUQxMUU1ODExQTU3QTQ3MzhGMTI3RDk4QzhBRTAT
BgorBgEEAdZ5AgQDAQH/BAIFADANBgkqhkiG9w0BAQsFAAOCAQEAZ3yarkssec6n
59/DnjAw0ClO91hq1SVZKgpZE25/qTOMs5/0t4o8RbheMLcPSwFvYD8aZ7zAXK00
8O/J4tk+heHEqCk4p6a+ZSgyJbr7+hIn3OW87mZghkjhBp1tPaQDYHbdrCZJF3++
HM/S2I/v28xJ2bzXoxLQaGazk3mt9l7VSSQ2yu4So92G56e1xrvmdiRNWRqO5Ob6
4tF2Br1kBNljY2bao6AXY5pPNljOEPnNA6ZYIxXKK8iXUU1nwlekInk8ng4sYdD+
QJvO+OUW6lk6yGgUa8lMeCfuUfk064Y2+b/rY9lQ1l9ybN39GnLnTlsnN6RyBffi
cQOIJvTKZg==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAyvrYH2SFyHcVEUIzRrpf
4IZriThlr/6DG7Cl0qyEk1Jdqm9Y7z+ESctAHl+svojsyjNsWPZIfjgSBaNyJcP1
0h/G0D7tcTp6Whsu0Qb7QlvY5Cbno6YTNiG3b9sRk9LD8TNXf1MD2bgYCnVywkot
Ic10lcEDPE50VIU3JH7XAtxBlmKhN/FgHZJiRJQbDdeaqScfP8pp5En5BWjHngVM
8JfjC/osL0WSnYGAJCKQOL+7AnZ+4hVAlJBENLHQdggQ7Y7fWsOfcCyeuYh5syez
j5aqpNpNxeSpzwjOXZTkRFWtsXsfP+kmRFbJ1RriWhC4PoL+gxdRndJ/1Ko8Pqxu
bd52cZo6QuVkHDOgUbtwyrf7KeBODnYV/PhA9d1tU+rjnsQ2vd8wt2SFG06gUmPO
cfg/JzmFsvAzxUbfntljh8ZQfi/tnpYpRCErna42BpaZv5FJ0krabmx7fIOJGjmc
cjGT8EU0Un/76qTdN1fdHe6EJgLEhKLG2iL2YR/Bgl+lbpBLUB5V/c2syi2xJGwg
+KyhrdZdYr8E8THcG1YpLukAyXztrqU+sOoFzkl32BkHT1Poq4/wfi+Ulvl6bc4g
hTT/Vboi3zaN6U/3ZkJtP5gejvGoCcCh4nQJ64LIhEf2KGZV1U7C0lpRHh4kiDbK
lAlS1g7mxT/JwuregzWWdtMCAwEAAQ==
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 533456045418690496433361172618024318270420468380
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CH'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'SwissSign AG'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'SwissSign Server Gold CA 2014 - G22'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-07-08 12:54:09 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2021-07-08 12:54:09 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CH'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Geneva'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Geneva'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Republique et Canton de Geneve'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'DI - Office cantonal des systèmes d’information et du numérique'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'oos.ge.ch'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 828085582876371704837821034996412002567189919280065678573559421564385404786450956817826264682377464784674027421050249447510597637032922047054381476676457904232910131175883228605098311544334956312293854526079012412375477015189067299025850970106604337590401089580967472523219692246473194438019899415186692635438844974637480053499544088370366441513725584314973088082104030388619516109585746904472475355151979593415687445718072570216335826600098996063137847784581366957734948260052895480050486344841973691396468561662664841349530062311024572277712285005322411214871965297115200573331096768791128401304596432996627680091317444770913814822983037335097693225649043145960612012199664247261177304167193536261858038586019861054873654822858345202728832244890737181346300218780223756171222161390342657951650791345844077177073436142695330043800659285982040575118589907557112153011637826437564796158303237476469091152852005435965170656825410250474692844569727919253428448981455454656052092778698734089573590755546799508464227909863851514346785988273111180921074194513259801474173574637797570889639196331437265908995053736391694051920554514649996961623145878482613246720248968420782529844430024533076100849657184486604365095007019277969820275341011
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (74 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'oos.ge.ch'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'oos01.ad.etat-ge.ch'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'oos02.ad.etat-ge.ch'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'oosint.etat-ge.ch'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4 bits)
							04f0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							023a7598e1b16a56bf17a9d92e106b0ce8cff339
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName e7f1e7fd2e53ad11e5811a57a4738f127d98c8ae
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (247 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.swisssign.net/E7F1E7FD2E53AD11E5811A57A4738F127D98C8AE'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'ldap://directory.swisssign.net/CN=E7F1E7FD2E53AD11E5811A57A4738F127D98C8AE%2CO=SwissSign%2CC=CH?certificateRevocationList?base?objectClass=cRLDistributionPoint'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (88 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.756.1.89.1.2.1.11
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://repository.swisssign.com/SwissSign-Gold-CP-CPS.pdf'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (200 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://swisssign.net/cgi-bin/authority/download/E7F1E7FD2E53AD11E5811A57A4738F127D98C8AE'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://gold-server-g2.ocsp.swisssign.net/E7F1E7FD2E53AD11E5811A57A4738F127D98C8AE'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00677c9aae4b2c79cea7e7dfc39e3030d0294ef7586ad525592a0a59136e7fa9338cb39ff4b78a3c45b85e30b70f4b016f603f1a67bcc05cad34f0efc9e2d93e85e1c4a82938a7a6be65283225bafbfa1227dce5bcee66608648e1069d6d3da4036076ddac2649177fbe1ccfd2d88fefdbcc49d9bcd7a312d06866b39379adf65ed5492436caee12a3dd86e7a7b5c6bbe676244d591a8ee4e6fae2d17606bd6404d9636366daa3a017639a4f3658ce10f9cd03a6582315ca2bc897514d67c257a422793c9e0e2c61d0fe409bcef8e516ea593ac868146bc94c7827ee51f934eb8636f9bfeb63d950d65f726cddfd1a72e74e5b2737a47205f7e271038826f4ca66