www.privasphere.com

- PrivaSphere AG -

Issued by DigiCert G2 TLS EU RSA4096 SHA384 2022 CA1

About this certificate

This digital certificate with serial number 0c:ad:6f:ad:59:71:ff:9d:1e:0f:c7:59:d7:89:4e:f9 was issued on by DigiCert Ireland Limited.

With 26 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

PrivaSphere AG

Organization: PrivaSphere AG
Locality: Zürich
Country: CH

DigiCert Ireland Limited

Organization: DigiCert Ireland Limited
Country: IE

This certificate will expire on

Certificate Details

Serial Number (hex): 0c:ad:6f:ad:59:71:ff:9d:1e:0f:c7:59:d7:89:4e:f9
Serial Number (int): 16851268387565617551203207095962390265
Serial Number lenght: 124 bits, 16 octets

SubjectKeyId: 24:b5:7a:6e:92:c7:77:54:ff:88:f8:04:7f:83:23:e9:d8:8e:32:2e
AuthorityKeyId: 18:89:e7:af:f0:28:f6:7c:ca:68:05:52:e1:62:d8:91:d6:16:65:60

Fingerprint (sha1): 70:fa:03:c0:c8:10:b4:8a:bc:65:53:f9:08:ec:8a:eb:0c:95:55:a5
Fingerprint (sha256): 9c:ea:2c:c5:78:b6:e2:60:b9:27:27:6b:87:a0:18:31:98:24:da:31:c9:72:14:fa:66:ab:df:ac:f0:f4:c0:36

Issuing Certificate URL: http://cacerts.digicert.eu/DigiCertG2TLSEURSA4096SHA3842022CA1.crt

Revocation information

OCSP Server: http://ocsp.digicert.eu
CRL Distribution Point: http://crl.digicert.eu/DigiCertG2TLSEURSA4096SHA3842022CA1.crl

Check the revocation status for certificate www.privasphere.com

26

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for www.privasphere.com

Public Key Algorithm

RSA

Key Size

4096

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

www.privasphere.com
p4u.ch
www.p4u.ch
www.zh.privasphere.com
vrfy5210.privasphere.com
large.privasphere.com
jusphere.privasphere.com
eeg.lu.ch
ees.lu.ch
securemail.lu.ch
secmail.tg.ch
erv.tg.ch
securemail.holcim.com
securemail.ar.ch
securemail.zg.ch
securemail.bekb.ch
securemail.ifrc.org
secmail.ukb.ch
erv.sh.ch
securemail.bav.admin.ch
securemail.blw.admin.ch
sec-data-exchange.oak-bv.admin.ch
securemail.ba.admin.ch
secmail.bvger.ch
secmail.ti.ch
securemail.mme.ch

Other certificates including the domain name privasphere.com

(limited to 100 certificates)
git.privasphere.com
crm.privasphere.com
crm.privasphere.com
bugs.privasphere.com
www-dev.privasphere.com
www-dev.privasphere.com
crm.privasphere.com
crl-dev.privasphere.com
bugs.privasphere.com
typo3.privasphere.com
git.privasphere.com
www.privasphere.com
crl-dev.privasphere.com
typo3.privasphere.com
*.privasphere.com
bugs.privasphere.com
www.privasphere.com
crm.privasphere.com
bugs.privasphere.com
bugs.privasphere.com
crl-dev.privasphere.com
typo3.privasphere.com
www.privasphere.com
git.privasphere.com
tickets.privasphere.com
www.privasphere.com
crm.privasphere.com
crl-dev.privasphere.com
tickets.privasphere.com
www.privasphere.com
typo3.privasphere.com
www.privasphere.com
www.privasphere.com
typo3.privasphere.com
typo3.privasphere.com
www.privasphere.com
crm.privasphere.com
tickets.privasphere.com
tickets.privasphere.com
www.privasphere.com
tickets.privasphere.com
*.privasphere.com
smtp.privasphere.com
bugs.privasphere.com
www.privasphere.com
typo3.privasphere.com
www.privasphere.com
typo3.privasphere.com
www.privasphere.com
crl-dev.privasphere.com
tickets.privasphere.com
www.privasphere.com
crl-dev.privasphere.com
www-dev.privasphere.com
www.privasphere.com
www.privasphere.com
www.privasphere.com
crl-dev.privasphere.com
crm.privasphere.com
puppet.privasphere.com
www.privasphere.com
tickets.privasphere.com
typo3.privasphere.com
tickets.privasphere.com
typo3.privasphere.com
typo3.privasphere.com
www.privasphere.com
typo3.privasphere.com
www.privasphere.com
www-dev.privasphere.com
git.privasphere.com
www.privasphere.com
bugs.privasphere.com
crm.privasphere.com
crl-dev.privasphere.com
puppet.privasphere.com
www.privasphere.com
www.privasphere.com
git.privasphere.com
git.privasphere.com
tickets.privasphere.com
crl-dev.privasphere.com
tickets.privasphere.com
crl-dev.privasphere.com
bugs.privasphere.com
bugs.privasphere.com
typo3.privasphere.com
*.privasphere.com
www.privasphere.com
www.privasphere.com
crm.privasphere.com
typo3.privasphere.com
crm.privasphere.com
typo3.privasphere.com
bugs.privasphere.com
tickets.privasphere.com
bugs.privasphere.com
tickets.privasphere.com
bugs.privasphere.com
crm.privasphere.com

Certificate

The complete raw certificate details for www.privasphere.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIKXjCCCEagAwIBAgIQDK1vrVlx/50eD8dZ14lO+TANBgkqhkiG9w0BAQsFADBl
MQswCQYDVQQGEwJJRTEhMB8GA1UEChMYRGlnaUNlcnQgSXJlbGFuZCBMaW1pdGVk
MTMwMQYDVQQDEypEaWdpQ2VydCBHMiBUTFMgRVUgUlNBNDA5NiBTSEEzODQgMjAy
MiBDQTEwHhcNMjQwMjI5MDAwMDAwWhcNMjUwMjI4MjM1OTU5WjBWMQswCQYDVQQG
EwJDSDEQMA4GA1UEBwwHWsO8cmljaDEXMBUGA1UEChMOUHJpdmFTcGhlcmUgQUcx
HDAaBgNVBAMTE3d3dy5wcml2YXNwaGVyZS5jb20wggIiMA0GCSqGSIb3DQEBAQUA
A4ICDwAwggIKAoICAQCsIrbtZzCQ/2gQQ/u/zF6XYSOifcKl1Mq+wMos2HU2Omix
ydvQWTQpqROMy3KZ7hqVYEc5R5w9J/+t8lfJMncjxnzdHF0QHkIYQ2VYHltHrzHN
r8jlX5WFUPXBt7Jd+m9hfRc4jL3Bbz9LMACuJ+jigqEZnM6J1EnSG61tIoIvzYK9
72jZMFCDms8tiKBG+98M8tkyTUF+BDSJLeB0glzXVMF0+dsI/0Br1XcpCh20Ouom
wGZ4UYXJUnlaVGeTUUYgNgiG/5wmGQdBy91lixM5af+jjPQaoeoTM5f14hOlnAh0
FBAveLq/1MME6vpZiVmuAgl+mPBxo7Caj4NQ0SMs4btvl6oTaOTBgd3vOksm1Gjx
97TTlQkLF9rLMD29mU80AOWtuS7WyqsnpjPuk1LgKcRq4Tz2URsXAJBXtrA8l663
0I88FhhtBbDvPVvnXLf47aLpLFY+YjbHQ3mxsoxrSB5lypUy0CbAiNpd3s4VInoa
sj+c4ibu2xolaHvVRF2klCfbgalbejMkxx4tnZais2XNqr1LUz3KIMXQHn4rQIeh
wzTzL2y903ng++aWkA0TwFDlBzWLVKbS/jfqaX8yOcwgGhBCxRn69+EUdycBan6R
fevMEcqo7XJqzOUi6HTyjRCo/hrtI85ADVDNZXFh8TtRMlanHyNoKhRmAUPG9QID
AQABo4IFFzCCBRMwHwYDVR0jBBgwFoAUGInnr/Ao9nzKaAVS4WLYkdYWZWAwHQYD
VR0OBBYEFCS1em6Sx3dU/4j4BH+DI+nYjjIuMIIB+wYDVR0RBIIB8jCCAe6CE3d3
dy5wcml2YXNwaGVyZS5jb22CBnA0dS5jaIIKd3d3LnA0dS5jaIIWd3d3LnpoLnBy
aXZhc3BoZXJlLmNvbYIYdnJmeTUyMTAucHJpdmFzcGhlcmUuY29tghVsYXJnZS5w
cml2YXNwaGVyZS5jb22CGGp1c3BoZXJlLnByaXZhc3BoZXJlLmNvbYIJZWVnLmx1
LmNoggllZXMubHUuY2iCEHNlY3VyZW1haWwubHUuY2iCDXNlY21haWwudGcuY2iC
CWVydi50Zy5jaIIVc2VjdXJlbWFpbC5ob2xjaW0uY29tghBzZWN1cmVtYWlsLmFy
LmNoghBzZWN1cmVtYWlsLnpnLmNoghJzZWN1cmVtYWlsLmJla2IuY2iCE3NlY3Vy
ZW1haWwuaWZyYy5vcmeCDnNlY21haWwudWtiLmNoggllcnYuc2guY2iCF3NlY3Vy
ZW1haWwuYmF2LmFkbWluLmNoghdzZWN1cmVtYWlsLmJsdy5hZG1pbi5jaIIhc2Vj
LWRhdGEtZXhjaGFuZ2Uub2FrLWJ2LmFkbWluLmNoghZzZWN1cmVtYWlsLmJhLmFk
bWluLmNoghBzZWNtYWlsLmJ2Z2VyLmNogg1zZWNtYWlsLnRpLmNoghFzZWN1cmVt
YWlsLm1tZS5jaDA+BgNVHSAENzA1MDMGBmeBDAECAjApMCcGCCsGAQUFBwIBFhto
dHRwOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwDgYDVR0PAQH/BAQDAgWgMB0GA1Ud
JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBPBgNVHR8ESDBGMESgQqBAhj5odHRw
Oi8vY3JsLmRpZ2ljZXJ0LmV1L0RpZ2lDZXJ0RzJUTFNFVVJTQTQwOTZTSEEzODQy
MDIyQ0ExLmNybDCBgwYIKwYBBQUHAQEEdzB1MCMGCCsGAQUFBzABhhdodHRwOi8v
b2NzcC5kaWdpY2VydC5ldTBOBggrBgEFBQcwAoZCaHR0cDovL2NhY2VydHMuZGln
aWNlcnQuZXUvRGlnaUNlcnRHMlRMU0VVUlNBNDA5NlNIQTM4NDIwMjJDQTEuY3J0
MAwGA1UdEwEB/wQCMAAwggF8BgorBgEEAdZ5AgQCBIIBbASCAWgBZgB2AE51oydc
mhDDOFts1N8/Uusd8OCOG41pwLH6ZLFimjnfAAABjfU3cKkAAAQDAEcwRQIhANIK
4x58YEftW3/huwDgW+P7doB0DYiTazRCrTGc8VjgAiAXUn8xQIezv0/BSJmqa7kU
sw1E3O10BP/qqTJBrweQmwB1AObSMWNAd4zBEEEG13G5zsHSQPaWhIb7uocyHf0e
N45QAAABjfU3cV0AAAQDAEYwRAIgI8nIzrvGL4XhG5DH8EDPzY7ooSlp5vvjcehR
Xvtto9wCIDLlJgM8/1ateDBP5YN4nxEJjUKxV2vfdIIPsHGQJFD0AHUAzxFW7tUu
fK/zh1vZaS6b6RpxZ0qwF+ysAdJbd87MOwgAAAGN9TdwaQAABAMARjBEAiBWvoQy
5Yn3X3NYAPOQ2ddA9GxCQRlg6WL3TUPWO2wSZQIgHKOiL34HAVnYMim6s3bnnGae
1HhPie2472+uXmsntu0wDQYJKoZIhvcNAQELBQADggIBAD2x8WHFvpQfCFLjeURQ
AH4QGIQ5v/s06O8+mUsuA3VgayYqXmJ3J6hsSiYnzVCvjnUggKguUbUpJHZXjOZa
XNlOXJQHeWDW7jJGKiXPtzng74w/5icUk9NpLuxSM9I8LX38k2r/DsfoFfEz0Nxq
83BOLY8vq1Nku3HTQ2x4efg+A5vUW+9FxijkD2hvaCe5RORwbPgIMwbIXmJmGsYm
lW++2HvydUBihD2KYzXicBNFeUxpyqfVyAQ90Hv6Rk9UBmOW0NXZRNh95QB3f1/2
NeUocegCZ5gmZuMv0HDRZiL8pZOZi3hqUsDl0nCxtTVl6FmhYlI2PJOvaHPSJ4Hz
eP2dXNaWD99nyo3w0qM9fiTIWTkgejDW3kw1VbAAJbZm9eKoOvU2BBszOjwzZsz1
LX49htRr0Zifup59YHEkkmW96aqEvK5Fjhm5VSX1CP4x6T7WrC2OUGR17HzOPDso
sSIui2UG0fT4C1yCyw1I9szQFf4ZWZXWYZ95dJZAte83DgainRiWvIFaWPpVOIgC
vjbOAXqZVhrozGNmAQ/mLC4U5jCmoNvERgXXaw561lnVcMcnDJVLFMI//BrL83nz
zYw2jqSsH45xtc90ZwcbHicsrk9wRzef0VubNoquW0EgULNMcw0ArT7S2MOtqyu6
HKbQc66qmeGT9Jyd5rsY75lu
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEArCK27WcwkP9oEEP7v8xe
l2Ejon3CpdTKvsDKLNh1Njposcnb0Fk0KakTjMtyme4alWBHOUecPSf/rfJXyTJ3
I8Z83RxdEB5CGENlWB5bR68xza/I5V+VhVD1wbeyXfpvYX0XOIy9wW8/SzAArifo
4oKhGZzOidRJ0hutbSKCL82Cve9o2TBQg5rPLYigRvvfDPLZMk1BfgQ0iS3gdIJc
11TBdPnbCP9Aa9V3KQodtDrqJsBmeFGFyVJ5WlRnk1FGIDYIhv+cJhkHQcvdZYsT
OWn/o4z0GqHqEzOX9eITpZwIdBQQL3i6v9TDBOr6WYlZrgIJfpjwcaOwmo+DUNEj
LOG7b5eqE2jkwYHd7zpLJtRo8fe005UJCxfayzA9vZlPNADlrbku1sqrJ6Yz7pNS
4CnEauE89lEbFwCQV7awPJeut9CPPBYYbQWw7z1b51y3+O2i6SxWPmI2x0N5sbKM
a0geZcqVMtAmwIjaXd7OFSJ6GrI/nOIm7tsaJWh71URdpJQn24GpW3ozJMceLZ2W
orNlzaq9S1M9yiDF0B5+K0CHocM08y9svdN54PvmlpANE8BQ5Qc1i1Sm0v436ml/
MjnMIBoQQsUZ+vfhFHcnAWp+kX3rzBHKqO1yaszlIuh08o0QqP4a7SPOQA1QzWVx
YfE7UTJWpx8jaCoUZgFDxvUCAwEAAQ==
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 16851268387565617551203207095962390265
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'IE'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Ireland Limited'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert G2 TLS EU RSA4096 SHA384 2022 CA1'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-02-29 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-02-28 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CH'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Zürich'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'PrivaSphere AG'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.privasphere.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 702251994733489176432685924746767406160813743217509452754690696794093357303455684824806082296809158523012760026084575459654501777509951849371738235966697754797579775873984685081454616866748685389677731220487443150572820802661689177559251495426490969688283484000192731764014321481454105989879649331685377868689348307209588204598957616219903643037396412760817208705679247733241101693386161654079546437515907556475644012479542546479812979247826158577583527299520276867132054286569888363449840626952570148102288554884909333113910316273311806354930463674460522059866774248947929169463976390665126629801459662518526122258180127790164665718715654658325599831991689388142386602470496317262838997230068393826395656104209597185592640220917266199401477876257465649719800300977666561572345879556645557648975075209333696429619457608425668936478872650952404207248678084605324419698910979199550407442401605085042079546141907615097350910243171337776497914043929914935537158293600031669406300628055903292788880310530490579243363851191054350548778388565908214127030347563771777776082063004929366978061545352361542250048066147363353757778547772225233527236370482063828036333820378128460259111402946358635589055713950113318331658089586463278748271888117
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 1889e7aff028f67cca680552e162d891d6166560
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							24b57a6e92c77754ff88f8047f8323e9d88e322e
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (498 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.privasphere.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'p4u.ch'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.p4u.ch'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.zh.privasphere.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'vrfy5210.privasphere.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'large.privasphere.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jusphere.privasphere.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'eeg.lu.ch'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ees.lu.ch'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'securemail.lu.ch'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'secmail.tg.ch'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'erv.tg.ch'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'securemail.holcim.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'securemail.ar.ch'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'securemail.zg.ch'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'securemail.bekb.ch'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'securemail.ifrc.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'secmail.ukb.ch'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'erv.sh.ch'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'securemail.bav.admin.ch'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'securemail.blw.admin.ch'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'sec-data-exchange.oak-bv.admin.ch'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'securemail.ba.admin.ch'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'secmail.bvger.ch'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'secmail.ti.ch'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'securemail.mme.ch'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (55 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.digicert.com/CPS'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (72 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.digicert.eu/DigiCertG2TLSEURSA4096SHA3842022CA1.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (119 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.digicert.eu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.digicert.eu/DigiCertG2TLSEURSA4096SHA3842022CA1.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (364 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (360 bytes)
							01660076004e75a3275c9a10c3385b6cd4df3f52eb1df0e08e1b8d69c0b1fa64b1629a39df0000018df53770a90000040300473045022100d20ae31e7c6047ed5b7fe1bb00e05be3fb7680740d88936b3442ad319cf158e0022017527f314087b3bf4fc14899aa6bb914b30d44dced7404ffeaa93241af07909b007500e6d2316340778cc1104106d771b9cec1d240f6968486fbba87321dfd1e378e500000018df537715d0000040300463044022023c9c8cebbc62f85e11b90c7f040cfcd8ee8a12969e6fbe371e8515efb6da3dc022032e526033cff56ad78304fe583789f11098d42b1576bdf74820fb071902450f4007500cf1156eed52e7caff3875bd9692e9be91a71674ab017ecac01d25b77cecc3b080000018df53770690000040300463044022056be8432e589f75f735800f390d9d740f46c42411960e962f74d43d63b6c126502201ca3a22f7e070159d83229bab376e79c669ed4784f89edb8ef6fae5e6b27b6ed
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (4096 bits)
		003db1f161c5be941f0852e3794450007e10188439bffb34e8ef3e994b2e0375606b262a5e627727a86c4a2627cd50af8e752080a82e51b5292476578ce65a5cd94e5c94077960d6ee32462a25cfb739e0ef8c3fe6271493d3692eec5233d23c2d7dfc936aff0ec7e815f133d0dc6af3704e2d8f2fab5364bb71d3436c7879f83e039bd45bef45c628e40f686f6827b944e4706cf8083306c85e62661ac626956fbed87bf2754062843d8a6335e2701345794c69caa7d5c8043dd07bfa464f54066396d0d5d944d87de500777f5ff635e52871e80267982666e32fd070d16622fca593998b786a52c0e5d270b1b53565e859a16252363c93af6873d22781f378fd9d5cd6960fdf67ca8df0d2a33d7e24c85939207a30d6de4c3555b00025b666f5e2a83af536041b333a3c3366ccf52d7e3d86d46bd1989fba9e7d6071249265bde9aa84bcae458e19b95525f508fe31e93ed6ac2d8e506475ec7cce3c3b28b1222e8b6506d1f4f80b5c82cb0d48f6ccd015fe195995d6619f79749640b5ef370e06a29d1896bc815a58fa55388802be36ce017a99561ae8cc6366010fe62c2e14e630a6a0dbc44605d76b0e7ad659d570c7270c954b14c23ffc1acbf379f3cd8c368ea4ac1f8e71b5cf7467071b1e272cae4f7047379fd15b9b368aae5b412050b34c730d00ad3ed2d8c3adab2bba1ca6d073aeaa99e193f49c9de6bb18ef996e