cmslab001.ceti.etat-ge.ch

- Republique et Canton de Geneve -

Issued by SwissSign Server Gold CA 2014 - G22

About this certificate

This digital certificate with serial number 2a:92:c3:ba:f0:a4:50:9d:74:9f:79:b3:bc:1c:07:8e:2e:c5:78:b8 was issued on by SwissSign AG.

With 4 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Republique et Canton de Geneve

Organization: Republique et Canton de Geneve
Organization unit: OCSIN
State / Province: Geneve
Locality: Geneve
Country: CH

SwissSign AG

Organization: SwissSign AG
Country: CH

This certificate has expire since

Certificate Details

Serial Number (hex): 2a:92:c3:ba:f0:a4:50:9d:74:9f:79:b3:bc:1c:07:8e:2e:c5:78:b8
Serial Number (int): 243050571681731562279968936750990521419618941112
Serial Number lenght: 158 bits, 20 octets

SubjectKeyId: 89:bc:c5:5a:10:d3:5e:aa:d1:05:c2:9c:dd:30:92:05:20:58:5b:ce
AuthorityKeyId: e7:f1:e7:fd:2e:53:ad:11:e5:81:1a:57:a4:73:8f:12:7d:98:c8:ae

Fingerprint (sha1): 80:39:41:42:36:68:80:71:d6:76:09:42:1e:f7:85:e9:b7:c1:b7:4d
Fingerprint (sha256): 7e:b9:df:09:4e:8d:4e:a5:c5:76:a7:32:b9:8a:c2:0f:1c:f7:c7:90:2c:b4:f6:74:08:6c:41:36:f4:3b:8e:61

Issuing Certificate URL: http://swisssign.net/cgi-bin/authority/download/E7F1E7FD2E53AD11E5811A57A4738F127D98C8AE

Revocation information

OCSP Server: http://gold-server-g2.ocsp.swisssign.net/E7F1E7FD2E53AD11E5811A57A4738F127D98C8AE
CRL Distribution Point: http://crl.swisssign.net/E7F1E7FD2E53AD11E5811A57A4738F127D98C8AE
CRL Distribution Point: ldap://directory.swisssign.net/CN=E7F1E7FD2E53AD11E5811A57A4738F127D98C8AE%2CO=SwissSign%2CC=CH?certificateRevocationList?base?objectClass=cRLDistributionPoint

Check the revocation status for certificate cmslab001.ceti.etat-ge.ch

4

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for cmslab001.ceti.etat-ge.ch

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

cmslab001.ceti.etat-ge.ch
cms.labo.ge.ch
join.cms.labo.ge.ch
ceti.etat-ge.ch

Other certificates including the domain name etat-ge.ch

(limited to 100 certificates)
impuserlabo000-ms.ceti.etat-ge.ch
api.soca.lbdev.etat-ge.ch
vcscgv2-1.ceti.etat-ge.ch
uccxuser000-ms.ceti.etat-ge.ch
cucmuser000-ms.ceti.etat-ge.ch
vcscnhp-1.ceti.etat-ge.ch
*.devops.etat-ge.ch
jabbergsrv001.ceti.etat-ge.ch
pexip.ge.ch
vcsclabo-2.ceti.etat-ge.ch
jabberguest.ge.ch
vcselabo-1.ge.ch
impuser000-ms.ceti.etat-ge.ch
prod.etat-ge.ch
pccecuic000.ceti.etat-ge.ch
cucmuserlabo000-ms.ceti.etat-ge.ch
vcsenhp-1.ge.ch
jabberguest.ge.ch
pjdeploy01.ceti.etat-ge.ch
vcselabo-2.ge.ch
uccxuserlabo000-ms.ceti.etat-ge.ch
jabbergexpe002.ge.ch
vcscnhp-1.ceti.etat-ge.ch
pccefin001.ceti.etat-ge.ch
uccxuserlabo000-ms.ceti.etat-ge.ch
cucmsme000-ms.ceti.etat-ge.ch
cucuserlabo000-ms.ceti.etat-ge.ch
vcselabo-2.ge.ch
cucmlabo000.ceti.etat-ge.ch
annuaire.ge.ch
uccxuserlabo000-ms.ceti.etat-ge.ch
cucmuserlabo000-ms.ceti.etat-ge.ch
cucmuser000-ms.ceti.etat-ge.ch
vcsclabo-2.ceti.etat-ge.ch
videogw.ge.ch
cucmsme000-ms.ceti.etat-ge.ch
*.apps.soca.lbprod.etat-ge.ch
cucuserlabo000-ms.ceti.etat-ge.ch
pccefinlab000-ms.ceti.etat-ge.ch
jabbergsrv003.ceti.etat-ge.ch
vcselabo-1.ge.ch
cuacuser000.ad.etat-ge.ch
jabbergsrv003.ceti.etat-ge.ch
ldapedu.ge.ch
cuacuser000.ad.etat-ge.ch
participer-rec.ge.ch
ldapedu.ge.ch
participer-rec.ge.ch
ldapedu-rectech.ceti.etat-ge.ch
vcsegv2-1.ge.ch
vcselabo-2.ge.ch
pccecuiclab000.ceti.etat-ge.ch
vcselabo-1.ge.ch
impuser000-ms.ceti.etat-ge.ch
vcsclabo-1.ceti.etat-ge.ch
ldapedu.ge.ch
*.devops.etat-ge.ch
pexipadm000.ceti.etat-ge.ch
jabbergsrv001.ceti.etat-ge.ch
jabbergsrv002.ceti.etat-ge.ch
vcselabo-2.ge.ch
vcselabo-2.ge.ch
cucmlabo000.ceti.etat-ge.ch
cuacuserlab000.ad.etat-ge.ch
pccefinlab001.ceti.etat-ge.ch
cucuserlabo000-ms.ceti.etat-ge.ch
appconpol11.ceti.etat-ge.ch
vcselabo-1.ge.ch
pccefin000-ms.ceti.etat-ge.ch
*.apps.soca.lbdev.etat-ge.ch
pccefinlab000.ceti.etat-ge.ch
videogwlabo.ge.ch
jabbergexpc002.ceti.etat-ge.ch
jabbergexpc002.ceti.etat-ge.ch
contacts.ge.ch
cuacuserlab000.ad.etat-ge.ch
vcsegv2-1.ge.ch
jabbergexpc001.ceti.etat-ge.ch
cfircf5.dev.etat-ge.ch
mitest.b2b.ge.ch
pccecuiclab000-ms.ceti.etat-ge.ch
cucmuserlabo000-ms.ceti.etat-ge.ch
vcselabo-2.ge.ch
oos.ge.ch
ldapedu.ge.ch
impuserlabo000-ms.ceti.etat-ge.ch
cucuser000-ms.ceti.etat-ge.ch
videogwlabo.ge.ch
jabbergsrv003.ceti.etat-ge.ch
jabbergexpe001.ge.ch
vcscgv2-1.ceti.etat-ge.ch
cucmsme000-ms.ceti.etat-ge.ch
cari.rec.etat-ge.ch
t-racine.t-admin2.t-ad.etat-ge.ch
*.devops.etat-ge.ch
vcselabo-2.ge.ch
jabbergsrv002.ceti.etat-ge.ch
vcsegv2-1.ge.ch
videogwlabo.ge.ch
jabberguest.ge.ch

Certificate

The complete raw certificate details for cmslab001.ceti.etat-ge.ch in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIIEDCCBvigAwIBAgIUKpLDuvCkUJ10n3mzvBwHji7FeLgwDQYJKoZIhvcNAQEL
BQAwUjELMAkGA1UEBhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEsMCoGA1UE
AxMjU3dpc3NTaWduIFNlcnZlciBHb2xkIENBIDIwMTQgLSBHMjIwHhcNMjAwMTA4
MTYwMzUzWhcNMjIwMTA4MTYwMzUzWjCBjDELMAkGA1UEBhMCQ0gxDzANBgNVBAgT
BkdlbmV2ZTEPMA0GA1UEBxMGR2VuZXZlMScwJQYDVQQKEx5SZXB1YmxpcXVlIGV0
IENhbnRvbiBkZSBHZW5ldmUxDjAMBgNVBAsTBU9DU0lOMSIwIAYDVQQDExljbXNs
YWIwMDEuY2V0aS5ldGF0LWdlLmNoMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEA4Z7VlLtYVR2wNClS4j0B3f5XiUqZF8TzMk25OBVT6HpLLj8xXiaaAjg6
hAkSFxUJvdoknIQLG8SRp0xCN0PZeooXXUCJK4a947jJB5tBWPrUfVB0ASAvahnb
+Z2qNyfjkrwLte4gM5t13RRPVkyoJ+feODrtDCdlevzMWtSRNxy5bwX4ZavGQgu4
zFl47dX1KNeaZnRY6yI2w8Htowyn95KbDY+pF7KfYnofnn5sY2WYgLAX9sCf4V64
xK2J9lSTclp5Z65A+ERzWxLJTIWtHPcvIRGtDOUbMWxjMxf8v691J2H5VPR0F9Jt
pGZCSkD7TOj2fVCosMfLHfK2LyEGAQIDAQABo4IEoTCCBJ0wWgYDVR0RBFMwUYIZ
Y21zbGFiMDAxLmNldGkuZXRhdC1nZS5jaIIOY21zLmxhYm8uZ2UuY2iCE2pvaW4u
Y21zLmxhYm8uZ2UuY2iCD2NldGkuZXRhdC1nZS5jaDAOBgNVHQ8BAf8EBAMCBaAw
HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBSJvMVaENNe
qtEFwpzdMJIFIFhbzjAfBgNVHSMEGDAWgBTn8ef9LlOtEeWBGlekc48SfZjIrjCB
/wYDVR0fBIH3MIH0MEegRaBDhkFodHRwOi8vY3JsLnN3aXNzc2lnbi5uZXQvRTdG
MUU3RkQyRTUzQUQxMUU1ODExQTU3QTQ3MzhGMTI3RDk4QzhBRTCBqKCBpaCBooaB
n2xkYXA6Ly9kaXJlY3Rvcnkuc3dpc3NzaWduLm5ldC9DTj1FN0YxRTdGRDJFNTNB
RDExRTU4MTFBNTdBNDczOEYxMjdEOThDOEFFJTJDTz1Td2lzc1NpZ24lMkNDPUNI
P2NlcnRpZmljYXRlUmV2b2NhdGlvbkxpc3Q/YmFzZT9vYmplY3RDbGFzcz1jUkxE
aXN0cmlidXRpb25Qb2ludDBzBgNVHSAEbDBqMFQGCWCFdAFZAQIBDDBHMEUGCCsG
AQUFBwIBFjlodHRwOi8vcmVwb3NpdG9yeS5zd2lzc3NpZ24uY29tL1N3aXNzU2ln
bi1Hb2xkLUNQLUNQUy5wZGYwCAYGBACPegEHMAgGBmeBDAECAjCB1QYIKwYBBQUH
AQEEgcgwgcUwZAYIKwYBBQUHMAKGWGh0dHA6Ly9zd2lzc3NpZ24ubmV0L2NnaS1i
aW4vYXV0aG9yaXR5L2Rvd25sb2FkL0U3RjFFN0ZEMkU1M0FEMTFFNTgxMUE1N0E0
NzM4RjEyN0Q5OEM4QUUwXQYIKwYBBQUHMAGGUWh0dHA6Ly9nb2xkLXNlcnZlci1n
Mi5vY3NwLnN3aXNzc2lnbi5uZXQvRTdGMUU3RkQyRTUzQUQxMUU1ODExQTU3QTQ3
MzhGMTI3RDk4QzhBRTCCAX8GCisGAQQB1nkCBAIEggFvBIIBawFpAHYAb1N2rDHw
MRnYmQCkURX/dxUcEdkCwQApBo2yCJo32RMAAAFvheXugwAABAMARzBFAiAJvZpU
xiroLT07G8uDYyQDCQUKiTBLKGy75wC2ZOTKBwIhAPO68q4KYOfaDJJZyrsnQ+FO
BzMqxSqjUIwrtTwvjr5YAHcAu9nfvB+KcbWTlCOXqpJ7RzhXlQqrUugakJZkNo4e
0YUAAAFvheXt5AAABAMASDBGAiEAqOZqvfjgHlCp66yBsQHX9BfBjzZz9290Ouyu
W5ursXUCIQCmnATgCbC3K8PUuVfbOXQaQCOq9Jd+SW5LgJqUhm+YxgB2AO5Lvbd1
zmC64UJpH6vhnmajD35fsHLYgwDEe4l6qP3LAAABb4Xl7ZYAAAQDAEcwRQIgY9z/
qMplYhwogifxzTUwqtadTdGTJzfVqOh8qnFwN8YCIQC4tyqAYeStWDdmoJyZienv
1gJsqB6MEN2sj+LD5vKtOzANBgkqhkiG9w0BAQsFAAOCAQEAKyaxKII98G3GVCpT
3if/UqLciNHhhhVgPr5ysUbi1clXPlsvwiHDAthmDaBJRMrAQNpX7QjlP7byALvl
4kKOldLcVEoQkIY69fm1LQB/ZD747tCnhAj2NlKMNQjgvtGRMM2pYlfA6GSAW9Sx
wNID5Ii8kjhWQAjAW1ULL5pqFsJJmAv4cjtTMemklnAYxNaHEyanTEqu+cdAlI5n
jyXr7Ffp9CmGe57hjre9X0pX00oI6NECQU1fYKyMgFn5/o9Nbj8GmH4XI+Y+qqbs
7+zTOLbWB+RJBUrQHdy6vlFwCumANbJFa4Ho5EbPhMTsrnVbmn56RCiQPmbUg33R
rEKuTg==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4Z7VlLtYVR2wNClS4j0B
3f5XiUqZF8TzMk25OBVT6HpLLj8xXiaaAjg6hAkSFxUJvdoknIQLG8SRp0xCN0PZ
eooXXUCJK4a947jJB5tBWPrUfVB0ASAvahnb+Z2qNyfjkrwLte4gM5t13RRPVkyo
J+feODrtDCdlevzMWtSRNxy5bwX4ZavGQgu4zFl47dX1KNeaZnRY6yI2w8Htowyn
95KbDY+pF7KfYnofnn5sY2WYgLAX9sCf4V64xK2J9lSTclp5Z65A+ERzWxLJTIWt
HPcvIRGtDOUbMWxjMxf8v691J2H5VPR0F9JtpGZCSkD7TOj2fVCosMfLHfK2LyEG
AQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 243050571681731562279968936750990521419618941112
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CH'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'SwissSign AG'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'SwissSign Server Gold CA 2014 - G22'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2020-01-08 16:03:53 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2022-01-08 16:03:53 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CH'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Geneve'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Geneve'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Republique et Canton de Geneve'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'OCSIN'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'cmslab001.ceti.etat-ge.ch'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 28481942730226611364902623893214518149928369740300737787955734208538997730221610489144813053574044809586798078698879550154086797912127857544798627294913173606116885627483711280220061385023026529520525013547241013493201312252525490501384802285631491025931376150488466861576883210909400561132558446178814725959115373340236921945450178379678202299696227007484094265764881839934303078816140307893679244213953475026154039264621687099272028381253631768792777530236157745674110913901909385929143616097621443386497075053027534282504245634352091823019201767660587899547392995977168879144822021781128940205337298685551192376833
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (83 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cmslab001.ceti.etat-ge.ch'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cms.labo.ge.ch'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'join.cms.labo.ge.ch'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ceti.etat-ge.ch'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							89bcc55a10d35eaad105c29cdd30920520585bce
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName e7f1e7fd2e53ad11e5811a57a4738f127d98c8ae
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (247 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.swisssign.net/E7F1E7FD2E53AD11E5811A57A4738F127D98C8AE'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'ldap://directory.swisssign.net/CN=E7F1E7FD2E53AD11E5811A57A4738F127D98C8AE%2CO=SwissSign%2CC=CH?certificateRevocationList?base?objectClass=cRLDistributionPoint'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (108 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.756.1.89.1.2.1.12
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://repository.swisssign.com/SwissSign-Gold-CP-CPS.pdf'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 0.4.0.2042.1.7
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (200 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://swisssign.net/cgi-bin/authority/download/E7F1E7FD2E53AD11E5811A57A4738F127D98C8AE'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://gold-server-g2.ocsp.swisssign.net/E7F1E7FD2E53AD11E5811A57A4738F127D98C8AE'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (367 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (363 bytes)
							01690076006f5376ac31f03119d89900a45115ff77151c11d902c10029068db2089a37d9130000016f85e5ee830000040300473045022009bd9a54c62ae82d3d3b1bcb8363240309050a89304b286cbbe700b664e4ca07022100f3baf2ae0a60e7da0c9259cabb2743e14e07332ac52aa3508c2bb53c2f8ebe58007700bbd9dfbc1f8a71b593942397aa927b473857950aab52e81a909664368e1ed1850000016f85e5ede40000040300483046022100a8e66abdf8e01e50a9ebac81b101d7f417c18f3673f76f743aecae5b9babb175022100a69c04e009b0b72bc3d4b957db39741a4023aaf4977e496e4b809a94866f98c6007600ee4bbdb775ce60bae142691fabe19e66a30f7e5fb072d88300c47b897aa8fdcb0000016f85e5ed960000040300473045022063dcffa8ca65621c288227f1cd3530aad69d4dd1932737d5a8e87caa717037c6022100b8b72a8061e4ad583766a09c9989e9efd6026ca81e8c10ddac8fe2c3e6f2ad3b
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		002b26b128823df06dc6542a53de27ff52a2dc88d1e18615603ebe72b146e2d5c9573e5b2fc221c302d8660da04944cac040da57ed08e53fb6f200bbe5e2428e95d2dc544a1090863af5f9b52d007f643ef8eed0a78408f636528c3508e0bed19130cda96257c0e864805bd4b1c0d203e488bc9238564008c05b550b2f9a6a16c249980bf8723b5331e9a4967018c4d6871326a74c4aaef9c740948e678f25ebec57e9f429867b9ee18eb7bd5f4a57d34a08e8d102414d5f60ac8c8059f9fe8f4d6e3f06987e1723e63eaaa6ecefecd338b6d607e449054ad01ddcbabe51700ae98035b2456b81e8e446cf84c4ecae755b9a7e7a4428903e66d4837dd1ac42ae4e