testgold.snb.ch
- Swiss National Bank -
Issued by SwissSign RSA TLS OV ICA 2021 - 1
About this certificate
This digital certificate with serial number 2d:b5:bc:d1:27:4e:e6:fd:9e:89:cf:de:f1:71:31:78:73:a4:79:14 was issued on by SwissSign AG.
With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)
Swiss National Bank
Organization:
Swiss National Bank
State / Province:
ZH
Locality: Zurich
Country: CH
Locality: Zurich
Country: CH
SwissSign AG
Organization:
SwissSign AG
Country:
CH
This certificate has expire since
Certificate Details
Serial Number (hex): 2d:b5:bc:d1:27:4e:e6:fd:9e:89:cf:de:f1:71:31:78:73:a4:79:14Serial Number (int): 260957467849026254820194496269503285124986599700
Serial Number lenght: 158 bits, 20 octets
SubjectKeyId: 69:70:e9:f5:a8:92:08:a8:54:aa:c2:f8:79:fc:01:a7:41:26:32:ce
AuthorityKeyId: ac:d0:3a:c2:c2:57:55:91:69:11:cc:70:6a:59:38:8a:8c:ac:9c:3d
Fingerprint (sha1): b1:a0:0a:04:d7:23:e4:5a:da:88:62:04:7f:3d:e6:2e:5f:bb:b8:98
Fingerprint (sha256): 8b:95:42:ed:4a:a6:92:00:5f:ae:64:a2:73:47:c0:4a:d2:01:58:0f:a0:ee:da:11:ba:d8:fa:a2:8b:0e:2d:0e
Issuing Certificate URL: http://swisssign.net/cgi-bin/authority/download/ACD03AC2C25755916911CC706A59388A8CAC9C3D
Revocation information
OCSP Server: http://ocsp.swisssign.net/ACD03AC2C25755916911CC706A59388A8CAC9C3DCRL Distribution Point: http://crl.swisssign.net/ACD03AC2C25755916911CC706A59388A8CAC9C3D
CRL Distribution Point: ldap://directory.swisssign.net/CN=ACD03AC2C25755916911CC706A59388A8CAC9C3D%2CO=SwissSign%2CC=CH?certificateRevocationList?base?objectClass=cRLDistributionPoint
Check the revocation status for certificate testgold.snb.ch
2
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for testgold.snb.ch
Public Key Algorithm
RSA
Key Size
2048
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
9 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
testgold.snb.ch
www.testgold.snb.ch
www.testgold.snb.ch
Other certificates including the domain name snb.ch
(limited to 100 certificates)
remotemail.snb.ch
bbuem.snb.ch
mailb.snb.ch
ras.snb.ch
ras.snb.ch
ras.snb.ch
surveys.snb.ch
mailz.snb.ch
sip.snb.ch
mailz.snb.ch
rastest.snb.ch
ras.snb.ch
meet.snb.ch
datasharedev.snb.ch
vcse.snb.ch
ras.snb.ch
data.snb.ch
recruiting.snb.ch
rastest.snb.ch
ras.snb.ch
surveys.snb.ch
sip.snb.ch
ras.snb.ch
sip.snb.ch
ras.snb.ch
testgold.snb.ch
remotemail.snb.ch
testgold.snb.ch
ras2.snb.ch
wlanportal1.snb.ch
data.test.snb.ch
sip.snb.ch
testswiss.snb.ch
testgold.snb.ch
surveys-usertest.snb.ch
secmail.snb.ch
surveys.snb.ch
wlanportal1.snb.ch
mailb.snb.ch
snb.ch
surveys.snb.ch
datashare.snb.ch
alert.snb.ch
data.snb.ch
secmail.snb.ch
rastest.snb.ch
secmail.snb.ch
sip3.snb.ch
remotez.snb.ch
snb.ch
testgold.snb.ch
testgold.snb.ch
datasharedev.snb.ch
vcse.snb.ch
bbuem.snb.ch
secmail.snb.ch
ras.snb.ch
ras.snb.ch
sip3.snb.ch
remote.snb.ch
vcse.snb.ch
securemail.snb.ch
ras.snb.ch
surveys.snb.ch
testgold.snb.ch
webstats.snb.ch
securemail.snb.ch
surveys-usertest.snb.ch
snb.ch
careers.snb.ch
ras2.snb.ch
datasharedev.snb.ch
testgold.snb.ch
datasharedev.snb.ch
alert.snb.ch
snb.ch
remotez.snb.ch
data.snb.ch
surveys.snb.ch
datashare.snb.ch
data.snb.ch
testserver.snb.ch
ras-betest1.snb.ch
remoteb.snb.ch
datashare.snb.ch
rastest.snb.ch
rastest.snb.ch
testswiss.snb.ch
securemail.snb.ch
snb.ch
sip.snb.ch
mailb.snb.ch
testgold.snb.ch
bbuem.snb.ch
alert.snb.ch
bbuem.snb.ch
ras.snb.ch
data.test.snb.ch
bbuem.snb.ch
snb.ch
bbuem.snb.ch
mailb.snb.ch
ras.snb.ch
ras.snb.ch
ras.snb.ch
surveys.snb.ch
mailz.snb.ch
sip.snb.ch
mailz.snb.ch
rastest.snb.ch
ras.snb.ch
meet.snb.ch
datasharedev.snb.ch
vcse.snb.ch
ras.snb.ch
data.snb.ch
recruiting.snb.ch
rastest.snb.ch
ras.snb.ch
surveys.snb.ch
sip.snb.ch
ras.snb.ch
sip.snb.ch
ras.snb.ch
testgold.snb.ch
remotemail.snb.ch
testgold.snb.ch
ras2.snb.ch
wlanportal1.snb.ch
data.test.snb.ch
sip.snb.ch
testswiss.snb.ch
testgold.snb.ch
surveys-usertest.snb.ch
secmail.snb.ch
surveys.snb.ch
wlanportal1.snb.ch
mailb.snb.ch
snb.ch
surveys.snb.ch
datashare.snb.ch
alert.snb.ch
data.snb.ch
secmail.snb.ch
rastest.snb.ch
secmail.snb.ch
sip3.snb.ch
remotez.snb.ch
snb.ch
testgold.snb.ch
testgold.snb.ch
datasharedev.snb.ch
vcse.snb.ch
bbuem.snb.ch
secmail.snb.ch
ras.snb.ch
ras.snb.ch
sip3.snb.ch
remote.snb.ch
vcse.snb.ch
securemail.snb.ch
ras.snb.ch
surveys.snb.ch
testgold.snb.ch
webstats.snb.ch
securemail.snb.ch
surveys-usertest.snb.ch
snb.ch
careers.snb.ch
ras2.snb.ch
datasharedev.snb.ch
testgold.snb.ch
datasharedev.snb.ch
alert.snb.ch
snb.ch
remotez.snb.ch
data.snb.ch
surveys.snb.ch
datashare.snb.ch
data.snb.ch
testserver.snb.ch
ras-betest1.snb.ch
remoteb.snb.ch
datashare.snb.ch
rastest.snb.ch
rastest.snb.ch
testswiss.snb.ch
securemail.snb.ch
snb.ch
sip.snb.ch
mailb.snb.ch
testgold.snb.ch
bbuem.snb.ch
alert.snb.ch
bbuem.snb.ch
ras.snb.ch
data.test.snb.ch
bbuem.snb.ch
snb.ch
Certificate
The complete raw certificate details for testgold.snb.ch in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIJlzCCB3+gAwIBAgIULbW80SdO5v2eic/e8XExeHOkeRQwDQYJKoZIhvcNAQEL BQAwUDELMAkGA1UEBhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEqMCgGA1UE AxMhU3dpc3NTaWduIFJTQSBUTFMgT1YgSUNBIDIwMjEgLSAxMB4XDTIyMDMwMjA5 MzMyN1oXDTIzMDMwMjA5MzMyN1owYzELMAkGA1UEBhMCQ0gxCzAJBgNVBAgTAlpI MQ8wDQYDVQQHEwZadXJpY2gxHDAaBgNVBAoTE1N3aXNzIE5hdGlvbmFsIEJhbmsx GDAWBgNVBAMTD3Rlc3Rnb2xkLnNuYi5jaDCCASIwDQYJKoZIhvcNAQEBBQADggEP ADCCAQoCggEBAJV176uHyVkqXtn9Ap8t2MKClhPjwYca1k9nmjgNl3LYrnEr0vTT Szq57blSyUym2AKzpn8OYbrs5FH2hMXQGdHAosgfIQQIY0T9ph0hQxqWudWvy0cv mw3kYXi9SVeRPmoPcL0NRrk8ryX4iDnDgs7qr0uj6ehcpX9UjVxzud64gzCkf7rU 75Mz/Qn9ZhQejc2nTSEWlJn50jX9R4l05SGm/LH09qsh8PYvGYIwID2u8+lWqDLn uSFAV6G2/iFJhlVjuhwaZwlJ40Ub0IOyYJqNGXDAS0W6+HOKBbovM+0VXcHXj/sp XT4XGbHq2TBEXQEF/9JJudCSpo8zFKRRe+cCAwEAAaOCBVQwggVQMC8GA1UdEQQo MCaCD3Rlc3Rnb2xkLnNuYi5jaIITd3d3LnRlc3Rnb2xkLnNuYi5jaDAOBgNVHQ8B Af8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQW BBRpcOn1qJIIqFSqwvh5/AGnQSYyzjAfBgNVHSMEGDAWgBSs0DrCwldVkWkRzHBq WTiKjKycPTCB/wYDVR0fBIH3MIH0MEegRaBDhkFodHRwOi8vY3JsLnN3aXNzc2ln bi5uZXQvQUNEMDNBQzJDMjU3NTU5MTY5MTFDQzcwNkE1OTM4OEE4Q0FDOUMzRDCB qKCBpaCBooaBn2xkYXA6Ly9kaXJlY3Rvcnkuc3dpc3NzaWduLm5ldC9DTj1BQ0Qw M0FDMkMyNTc1NTkxNjkxMUNDNzA2QTU5Mzg4QThDQUM5QzNEJTJDTz1Td2lzc1Np Z24lMkNDPUNIP2NlcnRpZmljYXRlUmV2b2NhdGlvbkxpc3Q/YmFzZT9vYmplY3RD bGFzcz1jUkxEaXN0cmlidXRpb25Qb2ludDBvBgNVHSAEaDBmMFAGCGCFdAFZAgEC MEQwQgYIKwYBBQUHAgEWNmh0dHBzOi8vcmVwb3NpdG9yeS5zd2lzc3NpZ24uY29t L1N3aXNzU2lnbl9DUFNfVExTLnBkZjAIBgYEAI96AQcwCAYGZ4EMAQICMIHGBggr BgEFBQcBAQSBuTCBtjBkBggrBgEFBQcwAoZYaHR0cDovL3N3aXNzc2lnbi5uZXQv Y2dpLWJpbi9hdXRob3JpdHkvZG93bmxvYWQvQUNEMDNBQzJDMjU3NTU5MTY5MTFD QzcwNkE1OTM4OEE4Q0FDOUMzRDBOBggrBgEFBQcwAYZCaHR0cDovL29jc3Auc3dp c3NzaWduLm5ldC9BQ0QwM0FDMkMyNTc1NTkxNjkxMUNDNzA2QTU5Mzg4QThDQUM5 QzNEMIICcAYKKwYBBAHWeQIEAgSCAmAEggJcAloAdgBvU3asMfAxGdiZAKRRFf93 FRwR2QLBACkGjbIImjfZEwAAAX9J+jIjAAAEAwBHMEUCICJgxAxMCb9PR0SYssOc x73q85oARH448Xm7sfRaV8YHAiEA/PMjJhvXFQ1F1X0wIltduZd8fHhIdxxuvBrX 1C1PphgAdwB6MoxU2LcttiDqOOBSHumEFnAyE4VNO9IrwTpXo1LrUgAAAX9J+jFg AAAEAwBIMEYCIQDVKKt19Zw7p7w8mEFFdK1aQYcHVkvZxNEcvhxqkE76xAIhAP9v yGWQYkPavBWqTq6RDxYQSD1FTzsFCnwyr8Q202v9AHcArfe++nz/EMiLnT2cHj4Y arRnKV3PsQwkyoWGNOvcgooAAAF/SfozyAAABAMASDBGAiEApqk/zq9EA8gm0EgC lewDwtxVQwkN5Bj+tJow55NYZMcCIQDw210uwupUUvC8W1nr0O3nVa/8AI+O/H6w UpLnXlnvlgB2ALNzdwfhhFD4Y4bWBancEQlKeS2xZwwLh9zwAw55NqWaAAABf0n6 MsAAAAQDAEcwRQIhAOFFWHuRtCzOJDgq/TplFdILy7LuWPEu3Bgy3pxi5hSTAiAW ScfvnSY2OTFjEeMNVv4+O04u1N2TyPfu+P9jtkeFSwB2AOg+0No+9QY1MudXKLyJ a8kD08vREWvs62nhd31tBr1uAAABf0n6M5AAAAQDAEcwRQIhALvIu9OoKjWNHal0 K9fv71/OI02q6AB910GHJ6WwnXquAiB0X+jXFoRY6rr6g2W5BATh5u7xfREvISa2 9puwPlySuTANBgkqhkiG9w0BAQsFAAOCAgEAu0SE1CNaoYI574FG0HP7/E84X/W7 +6SDV+TNEzqfnMkZJqusAXAlskf3MVt7zcngNbDL6FCRg0jZJkFAujtKtOff5sOW suNu2z5ZJoFoGH9KfAwR5IUhTbXWMibGGi+LfNT5RIiMj56tqQfC0+IwM9MeySge e24rarvk2dSlf4vYvr1JnphzHUCu2C5eH+sqiziRBuuqOUKd5vtH1oq6FscAPs1d +BN2W24ypHdoKZDuaLDSSSh/MPTfCPZo5q5VsHfSpf3sSzRXg22kvBxozCplAGzk yXRx9TiIEPDDtn1PoU0fetJRu4PuPXF183WCs00M929IjlFcy3AK0+U40uZOo1aC meySpOLEwI9CWTDwsg2ceDdirU5HUoklPNQBQIW3ga9jgZQwS+qQI6+BYxIN30Au +7OJw7FZpI8XZtwwxMeDfzcGdtLO1lvuSMsGcQJDf4M99BDvmnRDMj/FVVxbmeYx 9NYKNYwgPlZRu3ogPqfU/JJ/oaourek47Vet844VXqayg8xWuwNl+8TPrndhLQDj zix9ET360fpAJBSM43DULrmZ+t/Jchl4F77VkDKdY+FNN65q5qj3qR+yzUOc1p+u Vn7p16TrnsIbA+ppg37leMSEYD48SV3W7H3xifx8KOKdLFGxfy3FhP3wbRKY//p0 CwK7VzUaqHCmjdI= -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlXXvq4fJWSpe2f0Cny3Y woKWE+PBhxrWT2eaOA2XctiucSvS9NNLOrntuVLJTKbYArOmfw5huuzkUfaExdAZ 0cCiyB8hBAhjRP2mHSFDGpa51a/LRy+bDeRheL1JV5E+ag9wvQ1GuTyvJfiIOcOC zuqvS6Pp6Fylf1SNXHO53riDMKR/utTvkzP9Cf1mFB6NzadNIRaUmfnSNf1HiXTl Iab8sfT2qyHw9i8ZgjAgPa7z6VaoMue5IUBXobb+IUmGVWO6HBpnCUnjRRvQg7Jg mo0ZcMBLRbr4c4oFui8z7RVdwdeP+yldPhcZserZMERdAQX/0km50JKmjzMUpFF7 5wIDAQAB -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 260957467849026254820194496269503285124986599700 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CH' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'SwissSign AG' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'SwissSign RSA TLS OV ICA 2021 - 1' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2022-03-02 09:33:27 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-03-02 09:33:27 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CH' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'ZH' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Zurich' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Swiss National Bank' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'testgold.snb.ch' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 18867663953157318522898397136110642493215676978842657282384560568945156431182588460166503591749180824372621572581814742975629807739592195015297929469289589993043540912246910983550716141299214742259941238418368914222324780515244592992010008487953801981315032483236585311270327155151268541516683631767582534759985254090202390758052330218503535975117949811718565845191659509617608562180876094008392808699081061003984306928380207627963930728884991576540995793642701188398953608481208783277934626357404912418636312563526606532938925521584373900443512477672509872515271264145540795696936088589468582634606204082877184965607 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (40 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'testgold.snb.ch' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.testgold.snb.ch' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) 6970e9f5a89208a854aac2f879fc01a7412632ce . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName acd03ac2c25755916911cc706a59388a8cac9c3d . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (247 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.swisssign.net/ACD03AC2C25755916911CC706A59388A8CAC9C3D' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'ldap://directory.swisssign.net/CN=ACD03AC2C25755916911CC706A59388A8CAC9C3D%2CO=SwissSign%2CC=CH?certificateRevocationList?base?objectClass=cRLDistributionPoint' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (104 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.756.1.89.2.1.2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://repository.swisssign.com/SwissSign_CPS_TLS.pdf' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 0.4.0.2042.1.7 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (185 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://swisssign.net/cgi-bin/authority/download/ACD03AC2C25755916911CC706A59388A8CAC9C3D' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.swisssign.net/ACD03AC2C25755916911CC706A59388A8CAC9C3D' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (608 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (604 bytes) 025a0076006f5376ac31f03119d89900a45115ff77151c11d902c10029068db2089a37d9130000017f49fa3223000004030047304502202260c40c4c09bf4f474498b2c39cc7bdeaf39a00447e38f179bbb1f45a57c607022100fcf323261bd7150d45d57d30225b5db9977c7c7848771c6ebc1ad7d42d4fa6180077007a328c54d8b72db620ea38e0521ee98416703213854d3bd22bc13a57a352eb520000017f49fa31600000040300483046022100d528ab75f59c3ba7bc3c98414574ad5a418707564bd9c4d11cbe1c6a904efac4022100ff6fc865906243dabc15aa4eae910f1610483d454f3b050a7c32afc436d36bfd007700adf7befa7cff10c88b9d3d9c1e3e186ab467295dcfb10c24ca858634ebdc828a0000017f49fa33c80000040300483046022100a6a93fceaf4403c826d0480295ec03c2dc5543090de418feb49a30e7935864c7022100f0db5d2ec2ea5452f0bc5b59ebd0ede755affc008f8efc7eb05292e75e59ef96007600b3737707e18450f86386d605a9dc11094a792db1670c0b87dcf0030e7936a59a0000017f49fa32c00000040300473045022100e145587b91b42cce24382afd3a6515d20bcbb2ee58f12edc1832de9c62e6149302201649c7ef9d263639316311e30d56fe3e3b4e2ed4dd93c8f7eef8ff63b647854b007600e83ed0da3ef5063532e75728bc896bc903d3cbd1116beceb69e1777d6d06bd6e0000017f49fa33900000040300473045022100bbc8bbd3a82a358d1da9742bd7efef5fce234daae8007dd7418727a5b09d7aae0220745fe8d7168458eabafa8365b90404e1e6eef17d112f2126b6f69bb03e5c92b9 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (4096 bits) 00bb4484d4235aa18239ef8146d073fbfc4f385ff5bbfba48357e4cd133a9f9cc91926abac017025b247f7315b7bcdc9e035b0cbe850918348d9264140ba3b4ab4e7dfe6c396b2e36edb3e59268168187f4a7c0c11e485214db5d63226c61a2f8b7cd4f944888c8f9eada907c2d3e23033d31ec9281e7b6e2b6abbe4d9d4a57f8bd8bebd499e98731d40aed82e5e1feb2a8b389106ebaa39429de6fb47d68aba16c7003ecd5df813765b6e32a477682990ee68b0d249287f30f4df08f668e6ae55b077d2a5fdec4b3457836da4bc1c68cc2a65006ce4c97471f5388810f0c3b67d4fa14d1f7ad251bb83ee3d7175f37582b34d0cf76f488e515ccb700ad3e538d2e64ea3568299ec92a4e2c4c08f425930f0b20d9c783762ad4e475289253cd4014085b781af638194304bea9023af8163120ddf402efbb389c3b159a48f1766dc30c4c7837f370676d2ced65bee48cb067102437f833df410ef9a7443323fc5555c5b99e631f4d60a358c203e5651bb7a203ea7d4fc927fa1aa2eade938ed57adf38e155ea6b283cc56bb0365fbc4cfae77612d00e3ce2c7d113dfad1fa4024148ce370d42eb999fadfc972197817bed590329d63e14d37ae6ae6a8f7a91fb2cd439cd69fae567ee9d7a4eb9ec21b03ea69837ee578c484603e3c495dd6ec7df189fc7c28e29d2c51b17f2dc584fdf06d1298fffa740b02bb57351aa870a68dd2