impuserlabo000-ms.ceti.etat-ge.ch

- Republique et Canton de Geneve -

Issued by SwissSign Server Gold CA 2014 - G22

About this certificate

This digital certificate with serial number 1f:7e:a4:70:9b:29:ea:5c:9c:21:cc:e7:7a:23:b0:d2:e4:24:0f:2f was issued on by SwissSign AG.

With 14 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • KeyUsage [ContentCommitment DataEncipherment DigitalSignature KeyEncipherment] (00001111) inconsistent with multiple purpose ExtKeyUsage [clientAuth serverAuth] The certificate MUST only be used for a purpose consistent with both key usage extension and extended key usage extension. (RFC 5280, Section 4.2.1.12.)
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Republique et Canton de Geneve

Organization: Republique et Canton de Geneve
Organization unit: DGSI
State / Province: Geneve
Locality: Geneve
Country: CH

SwissSign AG

Organization: SwissSign AG
Country: CH

This certificate has expire since

Certificate Details

Serial Number (hex): 1f:7e:a4:70:9b:29:ea:5c:9c:21:cc:e7:7a:23:b0:d2:e4:24:0f:2f
Serial Number (int): 179802932523319764531639532684562217566629793583
Serial Number lenght: 157 bits, 20 octets

SubjectKeyId: 55:66:28:ac:7d:6a:2b:e7:b6:ee:f1:7f:7f:a8:74:a7:99:96:dc:3b
AuthorityKeyId: e7:f1:e7:fd:2e:53:ad:11:e5:81:1a:57:a4:73:8f:12:7d:98:c8:ae

Fingerprint (sha1): 1b:87:4f:9b:9d:ff:2c:b3:b9:be:4a:ac:5c:2a:01:9c:e2:16:66:73
Fingerprint (sha256): 69:ce:84:d9:8a:27:96:e2:dd:98:0d:aa:25:7f:43:97:4d:cc:5c:e9:72:83:29:33:34:f4:07:a6:5d:98:20:69

Issuing Certificate URL: http://swisssign.net/cgi-bin/authority/download/E7F1E7FD2E53AD11E5811A57A4738F127D98C8AE

Revocation information

OCSP Server: http://gold-server-g2.ocsp.swisssign.net/E7F1E7FD2E53AD11E5811A57A4738F127D98C8AE
CRL Distribution Point: http://crl.swisssign.net/E7F1E7FD2E53AD11E5811A57A4738F127D98C8AE
CRL Distribution Point: ldap://directory.swisssign.net/CN=E7F1E7FD2E53AD11E5811A57A4738F127D98C8AE%2CO=SwissSign%2CC=CH?certificateRevocationList?base?objectClass=cRLDistributionPoint

Check the revocation status for certificate impuserlabo000-ms.ceti.etat-ge.ch

14

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for impuserlabo000-ms.ceti.etat-ge.ch

Public Key Algorithm

RSA

Key Size

4096

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Content Commitment
Key Encipherment
Data Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

impuserlabo000-ms.ceti.etat-ge.ch
impuserlabo000.ceti.etat-ge.ch
justice.ge.ch
ceti.etat-ge.ch
police.ge.ch
police.labo.ge.ch
etat.ge.ch
cdc.ge.ch
impuserlabo001.ceti.etat-ge.ch
csp.ge.ch
labo.ceti.etat-ge.ch
justice.labo.ge.ch
edu.ge.ch
etat.labo.ge.ch

Other certificates including the domain name etat-ge.ch

(limited to 100 certificates)
impuserlabo000-ms.ceti.etat-ge.ch
api.soca.lbdev.etat-ge.ch
vcscgv2-1.ceti.etat-ge.ch
uccxuser000-ms.ceti.etat-ge.ch
cucmuser000-ms.ceti.etat-ge.ch
vcscnhp-1.ceti.etat-ge.ch
*.devops.etat-ge.ch
jabbergsrv001.ceti.etat-ge.ch
pexip.ge.ch
vcsclabo-2.ceti.etat-ge.ch
jabberguest.ge.ch
vcselabo-1.ge.ch
impuser000-ms.ceti.etat-ge.ch
prod.etat-ge.ch
pccecuic000.ceti.etat-ge.ch
cucmuserlabo000-ms.ceti.etat-ge.ch
vcsenhp-1.ge.ch
jabberguest.ge.ch
pjdeploy01.ceti.etat-ge.ch
vcselabo-2.ge.ch
uccxuserlabo000-ms.ceti.etat-ge.ch
jabbergexpe002.ge.ch
vcscnhp-1.ceti.etat-ge.ch
pccefin001.ceti.etat-ge.ch
uccxuserlabo000-ms.ceti.etat-ge.ch
cucmsme000-ms.ceti.etat-ge.ch
cucuserlabo000-ms.ceti.etat-ge.ch
vcselabo-2.ge.ch
cucmlabo000.ceti.etat-ge.ch
annuaire.ge.ch
uccxuserlabo000-ms.ceti.etat-ge.ch
cucmuserlabo000-ms.ceti.etat-ge.ch
cucmuser000-ms.ceti.etat-ge.ch
vcsclabo-2.ceti.etat-ge.ch
videogw.ge.ch
cucmsme000-ms.ceti.etat-ge.ch
*.apps.soca.lbprod.etat-ge.ch
cucuserlabo000-ms.ceti.etat-ge.ch
pccefinlab000-ms.ceti.etat-ge.ch
jabbergsrv003.ceti.etat-ge.ch
vcselabo-1.ge.ch
cuacuser000.ad.etat-ge.ch
jabbergsrv003.ceti.etat-ge.ch
ldapedu.ge.ch
cuacuser000.ad.etat-ge.ch
participer-rec.ge.ch
ldapedu.ge.ch
participer-rec.ge.ch
ldapedu-rectech.ceti.etat-ge.ch
vcsegv2-1.ge.ch
vcselabo-2.ge.ch
pccecuiclab000.ceti.etat-ge.ch
vcselabo-1.ge.ch
impuser000-ms.ceti.etat-ge.ch
vcsclabo-1.ceti.etat-ge.ch
ldapedu.ge.ch
*.devops.etat-ge.ch
pexipadm000.ceti.etat-ge.ch
jabbergsrv001.ceti.etat-ge.ch
jabbergsrv002.ceti.etat-ge.ch
vcselabo-2.ge.ch
vcselabo-2.ge.ch
cucmlabo000.ceti.etat-ge.ch
cuacuserlab000.ad.etat-ge.ch
pccefinlab001.ceti.etat-ge.ch
cucuserlabo000-ms.ceti.etat-ge.ch
appconpol11.ceti.etat-ge.ch
vcselabo-1.ge.ch
pccefin000-ms.ceti.etat-ge.ch
*.apps.soca.lbdev.etat-ge.ch
pccefinlab000.ceti.etat-ge.ch
videogwlabo.ge.ch
jabbergexpc002.ceti.etat-ge.ch
jabbergexpc002.ceti.etat-ge.ch
contacts.ge.ch
cuacuserlab000.ad.etat-ge.ch
vcsegv2-1.ge.ch
jabbergexpc001.ceti.etat-ge.ch
cfircf5.dev.etat-ge.ch
mitest.b2b.ge.ch
pccecuiclab000-ms.ceti.etat-ge.ch
cucmuserlabo000-ms.ceti.etat-ge.ch
vcselabo-2.ge.ch
oos.ge.ch
ldapedu.ge.ch
impuserlabo000-ms.ceti.etat-ge.ch
cucuser000-ms.ceti.etat-ge.ch
videogwlabo.ge.ch
jabbergsrv003.ceti.etat-ge.ch
jabbergexpe001.ge.ch
vcscgv2-1.ceti.etat-ge.ch
cucmsme000-ms.ceti.etat-ge.ch
cari.rec.etat-ge.ch
t-racine.t-admin2.t-ad.etat-ge.ch
*.devops.etat-ge.ch
vcselabo-2.ge.ch
jabbergsrv002.ceti.etat-ge.ch
vcsegv2-1.ge.ch
videogwlabo.ge.ch
jabberguest.ge.ch

Certificate

The complete raw certificate details for impuserlabo000-ms.ceti.etat-ge.ch in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIKOzCCCSOgAwIBAgIUH36kcJsp6lycIczneiOw0uQkDy8wDQYJKoZIhvcNAQEL
BQAwUjELMAkGA1UEBhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEsMCoGA1UE
AxMjU3dpc3NTaWduIFNlcnZlciBHb2xkIENBIDIwMTQgLSBHMjIwHhcNMTkwODIy
MTUwMzI1WhcNMjEwODIyMTUwMzI1WjCBkzELMAkGA1UEBhMCQ0gxDzANBgNVBAgT
BkdlbmV2ZTEPMA0GA1UEBxMGR2VuZXZlMScwJQYDVQQKEx5SZXB1YmxpcXVlIGV0
IENhbnRvbiBkZSBHZW5ldmUxDTALBgNVBAsTBERHU0kxKjAoBgNVBAMTIWltcHVz
ZXJsYWJvMDAwLW1zLmNldGkuZXRhdC1nZS5jaDCCAiIwDQYJKoZIhvcNAQEBBQAD
ggIPADCCAgoCggIBALiJXyqUVvaL6iva7m1CAtJeh3rlHzxuOYaM/oKxaobAv3fT
lAnCyRbEXGTwquBHS74BDZKllTQRwpnV6cVGWwAcZLlcBmJSdx6r2Y6J8ZfxxzjD
HRIGsbwc6QXoBMEi6roMCgwLcv9UhwrUnwMqNZFsDEoob5oWewtKgtoXNJwZLVjz
Aa+l7C5Gc7nc6sywFIThVLAU81Jl2RMqEkR5BA/wxrM3t2/yxefTVqJgOZRYGIC5
jbOcKc3THuDhSM71U2vr2N9a4DBtwCLzm/9LlNM3Y0CktqnAtxY61o4ZeDphdde7
KYLeYjyOsgzqI3cm2eIaeEL/gyU+WRE7jB4C7SAw1SKSzQikCwuaCyxnpD91nfU4
AJyenN1zucQr3embePb3lAeECaOR0Uw02emXSOhIGx0FBClezGcP0O1krHliqfIV
MDY7nSeGM4i92NDlYVko2K9RoBQcpnSg1K47bJqoqYPZM97dKlitrJ7vUPkZaraJ
L0O6cdSkVA8kHnGX/Ha+4Uy3vEoT1bbeAoCDzSFKu4kutN94jcA9Lv/1kpbhw/U+
Yqs0Vw9EioGRPiT/R1t2JDfqp9BtD8vKnkff0s7PviNkY1Lpl+igsd0CLH/tHnYs
9XbknYbPnqj/vhU2re2+R8kLmZRg8aVu7k450/uOc7ngF4NNFFCOfVCxzWyZAgMB
AAGjggXFMIIFwTCCARkGA1UdEQSCARAwggEMgiFpbXB1c2VybGFibzAwMC1tcy5j
ZXRpLmV0YXQtZ2UuY2iCHmltcHVzZXJsYWJvMDAwLmNldGkuZXRhdC1nZS5jaIIN
anVzdGljZS5nZS5jaIIPY2V0aS5ldGF0LWdlLmNoggxwb2xpY2UuZ2UuY2iCEXBv
bGljZS5sYWJvLmdlLmNoggpldGF0LmdlLmNoggljZGMuZ2UuY2iCHmltcHVzZXJs
YWJvMDAxLmNldGkuZXRhdC1nZS5jaIIJY3NwLmdlLmNoghRsYWJvLmNldGkuZXRh
dC1nZS5jaIISanVzdGljZS5sYWJvLmdlLmNoggllZHUuZ2UuY2iCD2V0YXQubGFi
by5nZS5jaDAOBgNVHQ8BAf8EBAMCBPAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
AQUFBwMCMB0GA1UdDgQWBBRVZiisfWor57bu8X9/qHSnmZbcOzAfBgNVHSMEGDAW
gBTn8ef9LlOtEeWBGlekc48SfZjIrjCB/wYDVR0fBIH3MIH0MEegRaBDhkFodHRw
Oi8vY3JsLnN3aXNzc2lnbi5uZXQvRTdGMUU3RkQyRTUzQUQxMUU1ODExQTU3QTQ3
MzhGMTI3RDk4QzhBRTCBqKCBpaCBooaBn2xkYXA6Ly9kaXJlY3Rvcnkuc3dpc3Nz
aWduLm5ldC9DTj1FN0YxRTdGRDJFNTNBRDExRTU4MTFBNTdBNDczOEYxMjdEOThD
OEFFJTJDTz1Td2lzc1NpZ24lMkNDPUNIP2NlcnRpZmljYXRlUmV2b2NhdGlvbkxp
c3Q/YmFzZT9vYmplY3RDbGFzcz1jUkxEaXN0cmlidXRpb25Qb2ludDBfBgNVHSAE
WDBWMFQGCWCFdAFZAQIBCzBHMEUGCCsGAQUFBwIBFjlodHRwOi8vcmVwb3NpdG9y
eS5zd2lzc3NpZ24uY29tL1N3aXNzU2lnbi1Hb2xkLUNQLUNQUy5wZGYwgdUGCCsG
AQUFBwEBBIHIMIHFMGQGCCsGAQUFBzAChlhodHRwOi8vc3dpc3NzaWduLm5ldC9j
Z2ktYmluL2F1dGhvcml0eS9kb3dubG9hZC9FN0YxRTdGRDJFNTNBRDExRTU4MTFB
NTdBNDczOEYxMjdEOThDOEFFMF0GCCsGAQUFBzABhlFodHRwOi8vZ29sZC1zZXJ2
ZXItZzIub2NzcC5zd2lzc3NpZ24ubmV0L0U3RjFFN0ZEMkU1M0FEMTFFNTgxMUE1
N0E0NzM4RjEyN0Q5OEM4QUUwggH2BgorBgEEAdZ5AgQCBIIB5gSCAeIB4AB2AESU
ZS6w7s6vxEAH2Kj+KMDa5oK+2MsxtT/TM5a1toGoAAABbLnaoEAAAAQDAEcwRQIh
AKkofCxR68k/3cEyAI/dExn5DDELHa1271fUDE6sSTOxAiBQg8vrQp110JXSAv/l
Q8f8WZSQT786VosYs4FcJwDEJQB2AG9Tdqwx8DEZ2JkApFEV/3cVHBHZAsEAKQaN
sgiaN9kTAAABbLnanpcAAAQDAEcwRQIhAKcUcZg/xGucsX2qJxPXvuHqQn7LK+Dl
5J5WlDGCMwRAAiBfnM/xNAp6FO67M3DN7q91sVI5DP0DZuJL9eLYXWtLuQB2ALvZ
37wfinG1k5Qjl6qSe0c4V5UKq1LoGpCWZDaOHtGFAAABbLnankwAAAQDAEcwRQIg
ZsjF6lN2n5eua2jf7THX05VGdg55x1xBNMjK0EdvZL4CIQDRHBQca1lEBxG3E9eB
7bcQ050PmcfJQn0LMWJNqmOYfQB2AO5Lvbd1zmC64UJpH6vhnmajD35fsHLYgwDE
e4l6qP3LAAABbLnanRUAAAQDAEcwRQIgOIAT827MLMwWLneUTHpJbB/opfdFjEQD
S5ZiSYHvTigCIQCglqWnWTRgEnjb20AMpdIOwov5aQbQSFNrqJYTe+doODANBgkq
hkiG9w0BAQsFAAOCAQEATW9iNf3mNu4bC4Py1D63Xy9Oq8qx09a3aG19/vOR4rMp
YOc7qkN53qakVA0yRWkRx6gqnDGaiy9ogSVpJZxm1oA5dMM/FVik8woqksG2Tiij
BZ41BepTjtF2NwmUvFIh4ibkcTqgOtY8OlokfoYW0AZUm2L58WoFGFgxHfbeLNRW
7V08OXiDcvO8JQXA3veP1OFUu4wo9o2jJQ4JMfPdDaXtYEvBMKD4rG9sLRcDo4dS
wRmxvIXCjrCFetVEzdIU/uRTAKwY/8VFER/HSLi7CwEwDCz1GrwUgatMP+53r5/q
pGKdJ59UBgAQ1dfdMFaCpDoII4qOPtCrdPFMewGZBQ==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAuIlfKpRW9ovqK9rubUIC
0l6HeuUfPG45hoz+grFqhsC/d9OUCcLJFsRcZPCq4EdLvgENkqWVNBHCmdXpxUZb
ABxkuVwGYlJ3HqvZjonxl/HHOMMdEgaxvBzpBegEwSLqugwKDAty/1SHCtSfAyo1
kWwMSihvmhZ7C0qC2hc0nBktWPMBr6XsLkZzudzqzLAUhOFUsBTzUmXZEyoSRHkE
D/DGsze3b/LF59NWomA5lFgYgLmNs5wpzdMe4OFIzvVTa+vY31rgMG3AIvOb/0uU
0zdjQKS2qcC3FjrWjhl4OmF117spgt5iPI6yDOojdybZ4hp4Qv+DJT5ZETuMHgLt
IDDVIpLNCKQLC5oLLGekP3Wd9TgAnJ6c3XO5xCvd6Zt49veUB4QJo5HRTDTZ6ZdI
6EgbHQUEKV7MZw/Q7WSseWKp8hUwNjudJ4YziL3Y0OVhWSjYr1GgFBymdKDUrjts
mqipg9kz3t0qWK2snu9Q+RlqtokvQ7px1KRUDyQecZf8dr7hTLe8ShPVtt4CgIPN
IUq7iS6033iNwD0u//WSluHD9T5iqzRXD0SKgZE+JP9HW3YkN+qn0G0Py8qeR9/S
zs++I2RjUumX6KCx3QIsf+0ediz1duSdhs+eqP++FTat7b5HyQuZlGDxpW7uTjnT
+45zueAXg00UUI59ULHNbJkCAwEAAQ==
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 179802932523319764531639532684562217566629793583
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CH'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'SwissSign AG'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'SwissSign Server Gold CA 2014 - G22'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-08-22 15:03:25 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2021-08-22 15:03:25 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CH'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Geneve'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Geneve'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Republique et Canton de Geneve'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DGSI'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'impuserlabo000-ms.ceti.etat-ge.ch'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 752843679681030490352466635275813142498899880165261764558787587114533091908050120696394350824331879600508554500916887447969760645852421666403931566313358128129355192255062094836251298180137082560120753605653898493339112729822082032730294683642368462408413205393643111834152426026008124238495160402351369656140168595103118527097309722064800962150080681847761838437390816368201588927008456809421574438759153945361660355931024485884533000498943304439291665586577215125950735636756128656727468016999292295787034075656083327657801832932248046171028772651756337445466707842442295295703872830774703083208416084314642635016684734685037961838480759572986446750746157498388021919571726899208751326443071071032103003980176114812850135676322797996595299199895523744487529603264653792163420819236405193148786843423972212205170345382497448168542030279268698654595979399635728205697282864677867559382498956478050268666525898357090209355548805508194635882835525237981662502500161021416111175825437185515199598033895851763069222582242679855090297448192707619561973898211507821130004569933948780968616332824795259363089851903175233026562547438383362062887218158839438292457910626587562705182601651952425900444611329322842496562581862600874898439892121
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (272 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'impuserlabo000-ms.ceti.etat-ge.ch'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'impuserlabo000.ceti.etat-ge.ch'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'justice.ge.ch'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ceti.etat-ge.ch'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'police.ge.ch'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'police.labo.ge.ch'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'etat.ge.ch'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cdc.ge.ch'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'impuserlabo001.ceti.etat-ge.ch'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'csp.ge.ch'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'labo.ceti.etat-ge.ch'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'justice.labo.ge.ch'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'edu.ge.ch'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'etat.labo.ge.ch'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4 bits)
							04f0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							556628ac7d6a2be7b6eef17f7fa874a79996dc3b
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName e7f1e7fd2e53ad11e5811a57a4738f127d98c8ae
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (247 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.swisssign.net/E7F1E7FD2E53AD11E5811A57A4738F127D98C8AE'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'ldap://directory.swisssign.net/CN=E7F1E7FD2E53AD11E5811A57A4738F127D98C8AE%2CO=SwissSign%2CC=CH?certificateRevocationList?base?objectClass=cRLDistributionPoint'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (88 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.756.1.89.1.2.1.11
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://repository.swisssign.com/SwissSign-Gold-CP-CPS.pdf'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (200 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://swisssign.net/cgi-bin/authority/download/E7F1E7FD2E53AD11E5811A57A4738F127D98C8AE'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://gold-server-g2.ocsp.swisssign.net/E7F1E7FD2E53AD11E5811A57A4738F127D98C8AE'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (486 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (482 bytes)
							01e00076004494652eb0eeceafc44007d8a8fe28c0dae682bed8cb31b53fd33396b5b681a80000016cb9daa0400000040300473045022100a9287c2c51ebc93fddc132008fdd1319f90c310b1dad76ef57d40c4eac4933b102205083cbeb429d75d095d202ffe543c7fc5994904fbf3a568b18b3815c2700c4250076006f5376ac31f03119d89900a45115ff77151c11d902c10029068db2089a37d9130000016cb9da9e970000040300473045022100a71471983fc46b9cb17daa2713d7bee1ea427ecb2be0e5e49e5694318233044002205f9ccff1340a7a14eebb3370cdeeaf75b152390cfd0366e24bf5e2d85d6b4bb9007600bbd9dfbc1f8a71b593942397aa927b473857950aab52e81a909664368e1ed1850000016cb9da9e4c0000040300473045022066c8c5ea53769f97ae6b68dfed31d7d39546760e79c75c4134c8cad0476f64be022100d11c141c6b59440711b713d781edb710d39d0f99c7c9427d0b31624daa63987d007600ee4bbdb775ce60bae142691fabe19e66a30f7e5fb072d88300c47b897aa8fdcb0000016cb9da9d1500000403004730450220388013f36ecc2ccc162e77944c7a496c1fe8a5f7458c44034b96624981ef4e28022100a096a5a75934601278dbdb400ca5d20ec28bf96906d048536ba896137be76838
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		004d6f6235fde636ee1b0b83f2d43eb75f2f4eabcab1d3d6b7686d7dfef391e2b32960e73baa4379dea6a4540d32456911c7a82a9c319a8b2f68812569259c66d6803974c33f1558a4f30a2a92c1b64e28a3059e3505ea538ed176370994bc5221e226e4713aa03ad63c3a5a247e8616d006549b62f9f16a051858311df6de2cd456ed5d3c39788372f3bc2505c0def78fd4e154bb8c28f68da3250e0931f3dd0da5ed604bc130a0f8ac6f6c2d1703a38752c119b1bc85c28eb0857ad544cdd214fee45300ac18ffc545111fc748b8bb0b01300c2cf51abc1481ab4c3fee77af9feaa4629d279f54060010d5d7dd305682a43a08238a8e3ed0ab74f14c7b019905