kaba.ebs.swiss

Issued by SwissSign RSA TLS DV ICA 2022 - 1

About this certificate

This digital certificate with serial number 04:81:06:b7:b8:28:3a:7f:94:9e:84:94:cf:a9:73:55:65:82:98:c7 was issued on by SwissSign AG.

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Certificate Subject

CN=kaba.ebs.swiss

SwissSign AG

Organization: SwissSign AG
Country: CH

This certificate will expire on

Certificate Details

Serial Number (hex): 04:81:06:b7:b8:28:3a:7f:94:9e:84:94:cf:a9:73:55:65:82:98:c7
Serial Number (int): 25713344404081375161904359367726579621940074695
Serial Number lenght: 155 bits, 20 octets

SubjectKeyId: 57:82:ec:1c:fd:8b:91:50:b2:af:8b:42:9c:e7:06:76:87:83:80:c6
AuthorityKeyId: eb:bd:7f:49:93:8c:c9:ee:ec:a2:ba:f7:1c:d2:67:f0:83:b1:ea:de

Fingerprint (sha1): 5a:41:d3:4b:cc:01:94:b5:5f:ab:55:c1:2a:c0:35:88:df:97:b2:5c
Fingerprint (sha256): 72:28:39:5c:5b:cf:17:51:8c:e0:91:27:7f:08:b3:03:c2:8b:93:e7:af:e9:00:04:81:49:72:9a:8a:75:c8:a0

Issuing Certificate URL: http://aia.swisssign.ch/air-1b863385-f4a9-47fa-88a5-2a5abfd4a167

Revocation information

OCSP Server: http://ocsp.swisssign.ch/sign/ocs-aaccced5-66e8-4069-9b1b-fd29ab73efec
CRL Distribution Point: http://crl.swisssign.ch/cdp-679723b2-8641-4642-8500-f6d2ff37e6ba

Check the revocation status for certificate kaba.ebs.swiss

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for kaba.ebs.swiss

Public Key Algorithm

RSA

Key Size

4096

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

kaba.ebs.swiss
www.kaba.ebs.swiss

Other certificates including the domain name ebs.swiss

(limited to 100 certificates)
connector.ebs.swiss
stecker.ebs.swiss
sso.ebs.swiss
hybridex.ebs.swiss
testsalary.ebs.swiss
www.ebs.swiss
ebs.swiss
ebs.swiss
www.ebs.swiss
ebs.swiss
www.ebs.swiss
ebs.swiss
*.ebs.swiss
sso.ebs.swiss
ebs.swiss
ebs.swiss
www.ebs.swiss
www.ebs.swiss
geoportal.ebs.swiss
www.ebs.swiss
ebs.swiss
abacus.ebs.swiss
geoportal.ebs.swiss
*.ebs.swiss
www.ebs.swiss
ebs.swiss
elektroform.ebs.swiss
geoportal.ebs.swiss
geoportal.ebs.swiss
kabaapp.ebs.swiss
sftp.ebs.swiss
salary.ebs.swiss
www.ebs.swiss
ebs.swiss
betrieb.ebs.swiss
hybridex.ebs.swiss
mdm.ebs.swiss
www.ebs.swiss
abacustest.ebs.swiss
ebs.swiss
ebs.swiss
lora.ebs.swiss
asset.ebs.swiss
connector.ebs.swiss
qmtest.ebs.swiss
ebs.swiss
testsalary.ebs.swiss
testsalary.ebs.swiss
kaba.ebs.swiss
www.ebs.swiss
salary.ebs.swiss
connector.ebs.swiss
www.ebs.swiss
*.ebs.swiss
lora.ebs.swiss
qmtest.ebs.swiss
geoportal.ebs.swiss
lora.ebs.swiss
www.ebs.swiss
my.ebs.swiss
stecker.ebs.swiss
asset.ebs.swiss
lora.ebs.swiss
*.ebs.swiss
www.ebs.swiss
ebs.swiss
betrieb.ebs.swiss
salary.ebs.swiss
*.ebs.swiss
ebs.swiss
ebs.swiss
my.ebs.swiss
abacustest.ebs.swiss
www.ebs.swiss
asset.ebs.swiss
infoscreen.ebs.swiss
infoscreen.ebs.swiss
salary.ebs.swiss
ebs.swiss
sftp.ebs.swiss
sftp.ebs.swiss
energieportal.ebs.swiss
geoportal.ebs.swiss
www.ebs.swiss
mydata.ebs.swiss
ebs.swiss
mdm.ebs.swiss
sftp.ebs.swiss
infoscreen.ebs.swiss
qm.ebs.swiss
geoportal.ebs.swiss
abacus.ebs.swiss
kabaapp.ebs.swiss
sftp.ebs.swiss
betrieb.ebs.swiss
betrieb.ebs.swiss
energieportal.ebs.swiss
ebs.swiss
infoscreen.ebs.swiss
testsalary.ebs.swiss

Certificate

The complete raw certificate details for kaba.ebs.swiss in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIHKTCCBRGgAwIBAgIUBIEGt7goOn+UnoSUz6lzVWWCmMcwDQYJKoZIhvcNAQEL
BQAwUDELMAkGA1UEBhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEqMCgGA1UE
AxMhU3dpc3NTaWduIFJTQSBUTFMgRFYgSUNBIDIwMjIgLSAxMB4XDTI0MDQxNTEz
MTcyNFoXDTI1MDQxNTEzMTcyNFowGTEXMBUGA1UEAxMOa2FiYS5lYnMuc3dpc3Mw
ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDBiaOqdFpuZA/CHj1eymKR
WClNAk/d9Ffz8KQYmiO91HeJHVXkq0rBnpoXxyL55xF5PesuSVnFxcGpJM+skuLl
mMBVHZ36sskV3DBsARpt0XAIBMjjfV6jzt96iWUV3H6TWtsbSkJuvoVcBmEPdopZ
REwxFKMWGkwhDFWVNQDfH119OJRI/Yjzvcgex2ME22hVqOMOfKW2aill/Jwhzj1M
8+/taHHeSlaJQq6VZCdprg8LdRwa0DhGuDI2bXa3CRJbGSdBzRCxjNiVjE+/mwhF
9H/BTeVuNjvrhkHHZ7U93OyORq7HF2gmzLgAe0rN/bbhGuYravKxuziLPkViCr2W
XQXdtjUXu/jXWg67AzbUDZKD81tqgiiTuoLT4ggHRByC5f5LKPshql+lhECYKalq
dvoR5YUHssSVGAQAgmZ70/RXe4XEVg93aVHpTbr/XD4ga6L9CvncDs7yHd3sWCmP
X5XtcP19dOL1uP2dPikEP/KgBMDiLfaENRbsfcKy0/vFA61zkyHuNsCXRcU0UgMl
L+wbRV3F8Lr42JDsaHqQDIsSR79vTFb6pRVR+gwi9ShTcemiWnB1rOrH0hFhBpR1
MhMLudmZuauezuyP0m8rBXgKf3WzoEKUQFYJinBr7Xm0bx3xC7MlgYcklVr1aoiV
a1szvwb5LvXk++TeSDhf4wIDAQABo4ICMDCCAiwwgbIGCCsGAQUFBwEBBIGlMIGi
MEwGCCsGAQUFBzAChkBodHRwOi8vYWlhLnN3aXNzc2lnbi5jaC9haXItMWI4NjMz
ODUtZjRhOS00N2ZhLTg4YTUtMmE1YWJmZDRhMTY3MFIGCCsGAQUFBzABhkZodHRw
Oi8vb2NzcC5zd2lzc3NpZ24uY2gvc2lnbi9vY3MtYWFjY2NlZDUtNjZlOC00MDY5
LTliMWItZmQyOWFiNzNlZmVjMG8GA1UdIARoMGYwCAYGZ4EMAQIBMAgGBgQAj3oB
BjBQBghghXQBWQIBATBEMEIGCCsGAQUFBwIBFjZodHRwczovL3JlcG9zaXRvcnku
c3dpc3NzaWduLmNvbS9Td2lzc1NpZ25fQ1BTX1RMUy5wZGYwUQYDVR0fBEowSDBG
oESgQoZAaHR0cDovL2NybC5zd2lzc3NpZ24uY2gvY2RwLTY3OTcyM2IyLTg2NDEt
NDY0Mi04NTAwLWY2ZDJmZjM3ZTZiYTAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYB
BQUHAwIwDgYDVR0PAQH/BAQDAgWgMC0GA1UdEQQmMCSCDmthYmEuZWJzLnN3aXNz
ghJ3d3cua2FiYS5lYnMuc3dpc3MwHQYDVR0OBBYEFFeC7Bz9i5FQsq+LQpznBnaH
g4DGMB8GA1UdIwQYMBaAFOu9f0mTjMnu7KK69xzSZ/CDsereMBMGCisGAQQB1nkC
BAMBAf8EAgUAMA0GCSqGSIb3DQEBCwUAA4ICAQAxWbdzU76PSK4BBGdC1Dy/dTcm
q8vY+tF2X4S3OPtce5ICbXTcy7tcOLHAvWKNquZ/QPA7P0m73UzC3UIcKCOP2egZ
F7tC+g9QhzLce/c7axIjVIV94MBkX7SQhcaoKim/wFf7K1NWC87i49ELQZ8QE8Ke
dyakDis0kCX9ltnAjI7z8eoNzcf6ppTya++fDwxXW8mfC44o+kRj25JfJI38TxZK
UNVy5d/rrqGXV95p3Dt/J4kk13cplZWHNPt02YleHwGVzyhm42uwQxHWoL7TUVZ+
L0Lj7N6PMjITTiRIdc+v14R/rVZLceaxN4zgtjIs9LDHsK7rQJkH0zg6AYQ7klON
nNNe7xfAiAAe5ooyeclJKr1RKOG3slNSwMR/rybcxbJNL54i7VOcGi+zyqCLONzG
JW0ihNSK+P1yvbT73OY3kcUtv6ht07/fpXgxYEqfkDdjzb5mjBotSw5A6z2FBrmB
amZa56kDijr+1AI/K6FY62knjvftPyASU0r7UBGYUWMgroB0c3reYUiFShHwZz0z
bDmizeOa6t+6Yc9m/aGbms0QZXQ6DCOddwaIZoRzzqoX8G1OLBMOpGGR2/kDJPoN
uiIMYYtC5zHwKZ6zIE0W5Q/F9NFwbcD1uYNLq73rk+W/3//uI3J862GvFZqOlbJx
KvBYIIezRWc3qd3TeA==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwYmjqnRabmQPwh49Xspi
kVgpTQJP3fRX8/CkGJojvdR3iR1V5KtKwZ6aF8ci+ecReT3rLklZxcXBqSTPrJLi
5ZjAVR2d+rLJFdwwbAEabdFwCATI431eo87feollFdx+k1rbG0pCbr6FXAZhD3aK
WURMMRSjFhpMIQxVlTUA3x9dfTiUSP2I873IHsdjBNtoVajjDnyltmopZfycIc49
TPPv7Whx3kpWiUKulWQnaa4PC3UcGtA4RrgyNm12twkSWxknQc0QsYzYlYxPv5sI
RfR/wU3lbjY764ZBx2e1PdzsjkauxxdoJsy4AHtKzf224RrmK2rysbs4iz5FYgq9
ll0F3bY1F7v411oOuwM21A2Sg/NbaoIok7qC0+IIB0QcguX+Syj7IapfpYRAmCmp
anb6EeWFB7LElRgEAIJme9P0V3uFxFYPd2lR6U26/1w+IGui/Qr53A7O8h3d7Fgp
j1+V7XD9fXTi9bj9nT4pBD/yoATA4i32hDUW7H3CstP7xQOtc5Mh7jbAl0XFNFID
JS/sG0VdxfC6+NiQ7Gh6kAyLEke/b0xW+qUVUfoMIvUoU3Hpolpwdazqx9IRYQaU
dTITC7nZmbmrns7sj9JvKwV4Cn91s6BClEBWCYpwa+15tG8d8QuzJYGHJJVa9WqI
lWtbM78G+S715Pvk3kg4X+MCAwEAAQ==
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 25713344404081375161904359367726579621940074695
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CH'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'SwissSign AG'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'SwissSign RSA TLS DV ICA 2022 - 1'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-04-15 13:17:24 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-04-15 13:17:24 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'kaba.ebs.swiss'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 789564740417166238373418147039606072682954705527284923499943224238214213126158783114951757775947384346105525792283120331796352965908747024373551575640399502989142112743243741311529356575450120233387881603378256969171319287977229037171317233025078723661370438252804506596406226355802591664075931322557152718983427860820045962032299441374588287625701228266779631933283430991540303605981182323757269990150630222848892604827226066947398695686108830012093843519990639385939412837754515806723055247062451632914539237760634050203959831422052967137126513504093053536263617748125376181526152667739464282334232837002508245509301187788383943348459520145591690626938042248201969980395892142881302232097090086298738177353654059877672685379760282857105354186010054122084294222770904963695808255267953827199082474083925123912670627646573074019652797651158167909626610127088082274176704956189057001914003956667404380204259000360359994620558925249780521824256393166940218837436103544794239196252615258388725757601048331012996381730541233864402808260696848384941542221786168098978786473545384324297662713390036651910534551071151534280742873835688000474668871639693311479695165978531497256212828252864600598890724113682355025380921816636678952904581091
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (165 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://aia.swisssign.ch/air-1b863385-f4a9-47fa-88a5-2a5abfd4a167'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.swisssign.ch/sign/ocs-aaccced5-66e8-4069-9b1b-fd29ab73efec'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (104 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 0.4.0.2042.1.6
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.756.1.89.2.1.1
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://repository.swisssign.com/SwissSign_CPS_TLS.pdf'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (74 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.swisssign.ch/cdp-679723b2-8641-4642-8500-f6d2ff37e6ba'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (38 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'kaba.ebs.swiss'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.kaba.ebs.swiss'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							5782ec1cfd8b9150b2af8b429ce70676878380c6
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName ebbd7f49938cc9eeeca2baf71cd267f083b1eade
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (4096 bits)
		003159b77353be8f48ae01046742d43cbf753726abcbd8fad1765f84b738fb5c7b92026d74dccbbb5c38b1c0bd628daae67f40f03b3f49bbdd4cc2dd421c28238fd9e81917bb42fa0f508732dc7bf73b6b122354857de0c0645fb49085c6a82a29bfc057fb2b53560bcee2e3d10b419f1013c29e7726a40e2b349025fd96d9c08c8ef3f1ea0dcdc7faa694f26bef9f0f0c575bc99f0b8e28fa4463db925f248dfc4f164a50d572e5dfebaea19757de69dc3b7f278924d7772995958734fb74d9895e1f0195cf2866e36bb04311d6a0bed351567e2f42e3ecde8f3232134e244875cfafd7847fad564b71e6b1378ce0b6322cf4b0c7b0aeeb409907d3383a01843b92538d9cd35eef17c088001ee68a3279c9492abd5128e1b7b25352c0c47faf26dcc5b24d2f9e22ed539c1a2fb3caa08b38dcc6256d2284d48af8fd72bdb4fbdce63791c52dbfa86dd3bfdfa57831604a9f903763cdbe668c1a2d4b0e40eb3d8506b9816a665ae7a9038a3afed4023f2ba158eb69278ef7ed3f2012534afb501198516320ae8074737ade6148854a11f0673d336c39a2cde39aeadfba61cf66fda19b9acd1065743a0c239d770688668473ceaa17f06d4e2c130ea46191dbf90324fa0dba220c618b42e731f0299eb3204d16e50fc5f4d1706dc0f5b9834babbdeb93e5bfdfffee23727ceb61af159a8e95b2712af0582087b3456737a9ddd378