[cabfpub] Application for SHA-1 Issuance

Dean Coclin Dean_Coclin at symantec.com
Mon Jul 25 14:27:46 MST 2016


Ryan's last email said: 
" Steps taken to remedy that - either the step suggested by Geoff or as
proposed by Gerv - reasonably address this,..."
Note the words "either...or"

Geoff's email said:
" I would therefore encourage TSYS to remove it (or replace the random data
with 'aaaa' as necessary to fit their format) in a new request.  The new
request should use preferably the public key from a previous certificate, or
at least the key from this certificate, and otherwise have minimal changes."

And that's what was done.

I await further input from the root store operators. 

-----Original Message-----
From: Rob Stradling [mailto:rob.stradling at comodo.com] 
Sent: Monday, July 25, 2016 5:20 PM
To: Dean Coclin <Dean_Coclin at symantec.com>; CABFPub <public at cabforum.org>
Subject: Re: [cabfpub] Application for SHA-1 Issuance

IINM, both Gerv and Ryan indicated (or at least strongly implied) that 
rigid construction was a prerequisite for their (Mozilla's and Google's) 
approval of TSYS's request.  Did I misread something?

Also, I don't see the relevance of "strong consensus".  AIUI, there must 
be unanimous agreement.  If just one root program operator rejects 
TSYS's request, then you can't issue the SHA-1 certs.  Similarly, if 
just one root program operator says rigidly constructed serial numbers 
are required, then you can't use random serial numbers.

On 25/07/16 17:53, Dean Coclin wrote:
> In the interest of time, we chose to make as few changes as possible. Also
> we didn't see strong consensus on the list that rigid construction of
serial
> numbers was required.
>
>
> -----Original Message-----
> From: Rob Stradling [mailto:rob.stradling at comodo.com]
> Sent: Monday, July 25, 2016 5:25 AM
> To: Dean Coclin <Dean_Coclin at symantec.com>; CABFPub <public at cabforum.org>
> Subject: Re: [cabfpub] Application for SHA-1 Issuance
>
> On 23/07/16 01:28, Dean Coclin wrote:
>> Thanks, is there another comment, or are you ok?
>
> Hi Dean.  I had one other comment.
>
> "Did Symantec consider Ryan's offer to help with generating the serial
> numbers according to a rigid construction?  If not, why not?"
>
> Thanks.
>
>> -----Original Message-----
>> From: Rob Stradling [mailto:rob.stradling at comodo.com]
>> Sent: Friday, July 22, 2016 7:57 PM
>> To: Dean Coclin <Dean_Coclin at symantec.com>; CABFPub <public at cabforum.org>
>> Subject: Re: [cabfpub] Application for SHA-1 Issuance
>>
>> On 23/07/16 00:25, Rob Stradling wrote:
>>> Dean,
>>>
>>> I was pleased to see that you'd used PrintableStrings in your previous
>>> batch of TBSCertificates for TSYS, but it's disappointing to see
>>> T61Strings in this new batch.
>>
>> Please ignore that comment.  It's been pointed out to me that, since the
>> Existing Certificates used T61Strings, the new certs should use
>> T61Strings too.
>>
>> "Existing Certificate Information
>>
>> Ideally the proposed tbsCertificate should correspond to an Existing
>> Certificate logged in at least two Certificate Transparency logs trusted
>> by one or more Application Software Suppliers, with an audit proof to a
>> Signed Tree Head with a timestamp prior to 1st January 2016 and
>> differing only by:
>>    - signature AlgorithmIdentifier
>>    - Serial Number, which must have at least 60 bits of entropy
>>    - Validity, which must have a notAfter on or before 31st December
2016"
>>
>>> Did Symantec consider Ryan's offer to help with generating the serial
>>> numbers according to a rigid construction?  If not, why not?
>>>
>>> Thanks.
>>>
>>> On 22/07/16 23:55, Dean Coclin wrote:
>>>> Based on feedback from the community, TSYS and Symantec have created
new
>> TBS
>>>> certificates. These use existing keys and do not contain the
>> miscellaneous
>>>> characters in the OU that the others contained (and were explained by
>> TSYS).
>>>> These TBSCertificates have the same public keys from the existing
>>>> certificates on which they're based, and should differ only in serial
>> number
>>>> and dates
>>>>
>>>> You will notice there are only 7 certificates instead of 8 due to a
>> change
>>>> TSYS made in early 2016 to align dates into August for Expiration. Most
>>>> servers have a Dallas and a Reston version; for one server they
>> duplicated
>>>> one private key and cert so there's only one cert for both sites.
>>>>
>>>> To reconstitute the TBSCertificate in binary DER form, use the Linux
>>>> command:
>>>> base64 --decode > tbs.der
>>>> Then paste in a block of text from below, followed by an EOF
> (control-D).
>>>>
>>>> ----------------------------------------
>>>>
>>>> ssl1.tsysacquiring.net (based on https://crt.sh/?id=12924024)
>>>>
>>>> -----BEGIN CERTIFICATE-----
>>>> MIIFOjCCBCKgAwIBAgIQfN9GpTEgg8dMV3KfmuboLjANBgkqhkiG9w0BAQUFADCB
>>>> vDELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
>>>> ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug
>>>> YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykxMDE2MDQGA1UEAxMt
>>>> VmVyaVNpZ24gQ2xhc3MgMyBJbnRlcm5hdGlvbmFsIFNlcnZlciBDQSAtIEczMB4X
>>>> DTE0MDcxNTAwMDAwMFoXDTE2MDgzMDIzNTk1OVowdzELMAkGA1UEBhMCVVMxEDAO
>>>> BgNVBAgTB0dlb3JnaWExETAPBgNVBAcUCENvbHVtYnVzMQ0wCwYDVQQKFARUU1lT
>>>> MRMwEQYDVQQLFApURFMtUmVzdG9uMR8wHQYDVQQDFBZzc2wxLnRzeXNhY3F1aXJp
>>>> bmcubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6vbHdGqwEWy0
>>>> qmpyRlZuZbygE68fAxGrWUqow2YIo2PlVKX74sBC+hK7e7AYpM8P2mueLbbUCjBJ
>>>> ChIiMLdaQfL9L9ZchoMi0YS3O7cFVFfg7i8BKZ5L4JCisqYVZnT8pJgVMd/Hvqqw
>>>> 2xLx3pddQzBUK0D4VdJBcDVbyD4/j5/vGe9PUfBBJE/xmDa6T/k+ZH2PtcJ4/eWt
>>>> mfrtl1Ncz2/vLXg2v+FZLYVc1eQSgyFci0OEmxrK2oNa9OPXDQIO/cjLCxUP4g7I
>>>> E7U0MSx6lzbLgSR8V1UPlsw2kkZgPUD7JAAITJ5cCcJKx0zT+CZYIjs71kJL7Ne5
>>>> 7i9fWw6H/QIDAQABo4IBejCCAXYwIQYDVR0RBBowGIIWc3NsMS50c3lzYWNxdWly
>>>> aW5nLm5ldDAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIFoDAoBgNVHSUEITAfBggr
>>>> BgEFBQcDAQYIKwYBBQUHAwIGCWCGSAGG+EIEATBlBgNVHSAEXjBcMFoGCmCGSAGG
>>>> +EUBBzYwTDAjBggrBgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYI
>>>> KwYBBQUHAgIwGRoXaHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwHwYDVR0jBBgwFoAU
>>>> 15t82CKgFffdrV/OKZtYw7xGALUwKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3Nl
>>>> LnN5bWNiLmNvbS9zZS5jcmwwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNo
>>>> dHRwOi8vc2Uuc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc2Uuc3ltY2Iu
>>>> Y29tL3NlLmNydDANBgkqhkiG9w0BAQUFAAOCAQEATTAL5DkwpxAeLc9PtdLkpQj0
>>>> saugkQNsGgtc6PKtxqBF4Slh4Aylnsve2MwDRDj2FNTCO+rUkNzrBSnSXTKnwfkD
>>>> yM1ymuNqECv9+zHEMo8PNPWq4BNs2YSY6Ri+wH1eXHum+sDiizk2whWniBVYWdiY
>>>> Yn7aRX8bsiWkjwDWeseHfNzv6KIO/7esmsz8LXyf9qz3OWi++CX4fVEf/0PAbEEE
>>>> 3nU00fjS77TfC5A5hW991jzvJ8vpvaTHVuh0g+0JhMNpQJljrS0Nq5cOvLLjGkx+
>>>> vH5d+6Adgjl2C0T76rc6I7PEi+489IoWHXEBSE21JBNu7wZ4Q/KFYI1/EZg1VA==
>>>> -----END CERTIFICATE-----
>>>>
>>>> Parsed TBSCertificate:
>>>>     0:d=0  hl=4 l=1043 cons: SEQUENCE
>>>>     4:d=1  hl=2 l=   3 cons: cont [ 0 ]
>>>>     6:d=2  hl=2 l=   1 prim: INTEGER           :02
>>>>     9:d=1  hl=2 l=  16 prim: INTEGER
>>>> :70125CA8AAEDC172C8E50707B493E30D
>>>>    27:d=1  hl=2 l=  13 cons: SEQUENCE
>>>>    29:d=2  hl=2 l=   9 prim: OBJECT            :sha1WithRSAEncryption
>>>>    40:d=2  hl=2 l=   0 prim: NULL
>>>>    42:d=1  hl=3 l= 188 cons: SEQUENCE
>>>>    45:d=2  hl=2 l=  11 cons: SET
>>>>    47:d=3  hl=2 l=   9 cons: SEQUENCE
>>>>    49:d=4  hl=2 l=   3 prim: OBJECT            :countryName
>>>>    54:d=4  hl=2 l=   2 prim: PRINTABLESTRING   :US
>>>>    58:d=2  hl=2 l=  23 cons: SET
>>>>    60:d=3  hl=2 l=  21 cons: SEQUENCE
>>>>    62:d=4  hl=2 l=   3 prim: OBJECT            :organizationName
>>>>    67:d=4  hl=2 l=  14 prim: PRINTABLESTRING   :VeriSign, Inc.
>>>>    83:d=2  hl=2 l=  31 cons: SET
>>>>    85:d=3  hl=2 l=  29 cons: SEQUENCE
>>>>    87:d=4  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
>>>>    92:d=4  hl=2 l=  22 prim: PRINTABLESTRING   :VeriSign Trust Network
>>>>   116:d=2  hl=2 l=  59 cons: SET
>>>>   118:d=3  hl=2 l=  57 cons: SEQUENCE
>>>>   120:d=4  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
>>>>   125:d=4  hl=2 l=  50 prim: PRINTABLESTRING   :Terms of use at
>>>> https://www.verisign.com/rpa (c)10
>>>>   177:d=2  hl=2 l=  54 cons: SET
>>>>   179:d=3  hl=2 l=  52 cons: SEQUENCE
>>>>   181:d=4  hl=2 l=   3 prim: OBJECT            :commonName
>>>>   186:d=4  hl=2 l=  45 prim: PRINTABLESTRING   :VeriSign Class 3
>>>> International Server CA - G3
>>>>   233:d=1  hl=2 l=  30 cons: SEQUENCE
>>>>   235:d=2  hl=2 l=  13 prim: UTCTIME           :160729000000Z
>>>>   250:d=2  hl=2 l=  13 prim: UTCTIME           :170210235959Z
>>>>   265:d=1  hl=2 l= 119 cons: SEQUENCE
>>>>   267:d=2  hl=2 l=  11 cons: SET
>>>>   269:d=3  hl=2 l=   9 cons: SEQUENCE
>>>>   271:d=4  hl=2 l=   3 prim: OBJECT            :countryName
>>>>   276:d=4  hl=2 l=   2 prim: PRINTABLESTRING   :US
>>>>   280:d=2  hl=2 l=  16 cons: SET
>>>>   282:d=3  hl=2 l=  14 cons: SEQUENCE
>>>>   284:d=4  hl=2 l=   3 prim: OBJECT            :stateOrProvinceName
>>>>   289:d=4  hl=2 l=   7 prim: PRINTABLESTRING   :Georgia
>>>>   298:d=2  hl=2 l=  17 cons: SET
>>>>   300:d=3  hl=2 l=  15 cons: SEQUENCE
>>>>   302:d=4  hl=2 l=   3 prim: OBJECT            :localityName
>>>>   307:d=4  hl=2 l=   8 prim: T61STRING         :Columbus
>>>>   317:d=2  hl=2 l=  13 cons: SET
>>>>   319:d=3  hl=2 l=  11 cons: SEQUENCE
>>>>   321:d=4  hl=2 l=   3 prim: OBJECT            :organizationName
>>>>   326:d=4  hl=2 l=   4 prim: T61STRING         :TSYS
>>>>   332:d=2  hl=2 l=  19 cons: SET
>>>>   334:d=3  hl=2 l=  17 cons: SEQUENCE
>>>>   336:d=4  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
>>>>   341:d=4  hl=2 l=  10 prim: T61STRING         :TDS-Reston
>>>>   353:d=2  hl=2 l=  31 cons: SET
>>>>   355:d=3  hl=2 l=  29 cons: SEQUENCE
>>>>   357:d=4  hl=2 l=   3 prim: OBJECT            :commonName
>>>>   362:d=4  hl=2 l=  22 prim: T61STRING         :ssl1.tsysacquiring.net
>>>>   386:d=1  hl=4 l= 290 cons: SEQUENCE
>>>>   390:d=2  hl=2 l=  13 cons: SEQUENCE
>>>>   392:d=3  hl=2 l=   9 prim: OBJECT            :rsaEncryption
>>>>   403:d=3  hl=2 l=   0 prim: NULL
>>>>   405:d=2  hl=4 l= 271 prim: BIT STRING
>>>>   680:d=1  hl=4 l= 363 cons: cont [ 3 ]
>>>>   684:d=2  hl=4 l= 359 cons: SEQUENCE
>>>>   688:d=3  hl=2 l=   9 cons: SEQUENCE
>>>>   690:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Basic
Constraints
>>>>   695:d=4  hl=2 l=   2 prim: OCTET STRING      [HEX DUMP]:3000
>>>>   699:d=3  hl=2 l=  97 cons: SEQUENCE
>>>>   701:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Certificate
>> Policies
>>>>   706:d=4  hl=2 l=  90 prim: OCTET STRING      [HEX
>>>>
>>
>
DUMP]:30583056060667810C010202304C302306082B06010505070201161768747470733A2F
>>>>
>>
>
2F642E73796D63622E636F6D2F637073302506082B0601050507020230190C1768747470733A
>>>> 2F2F642E73796D63622E636F6D2F727061
>>>>   798:d=3  hl=2 l=  43 cons: SEQUENCE
>>>>   800:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 CRL Distribution
>>>> Points
>>>>   805:d=4  hl=2 l=  36 prim: OCTET STRING      [HEX
>>>>
>>
>
DUMP]:30223020A01EA01C861A687474703A2F2F73652E73796D63622E636F6D2F73652E6372
>>>> 6C
>>>>   843:d=3  hl=2 l=  29 cons: SEQUENCE
>>>>   845:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Extended Key
> Usage
>>>>   850:d=4  hl=2 l=  22 prim: OCTET STRING      [HEX
>>>> DUMP]:301406082B0601050507030106082B06010505070302
>>>>   874:d=3  hl=2 l=  14 cons: SEQUENCE
>>>>   876:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Key Usage
>>>>   881:d=4  hl=2 l=   1 prim: BOOLEAN           :255
>>>>   884:d=4  hl=2 l=   4 prim: OCTET STRING      [HEX DUMP]:030205A0
>>>>   890:d=3  hl=2 l=  87 cons: SEQUENCE
>>>>   892:d=4  hl=2 l=   8 prim: OBJECT            :Authority Information
>> Access
>>>>   902:d=4  hl=2 l=  75 prim: OCTET STRING      [HEX
>>>>
>>
>
DUMP]:3049301F06082B060105050730018613687474703A2F2F73652E73796D63642E636F6D
>>>>
>>
>
302606082B06010505073002861A687474703A2F2F73652E73796D63622E636F6D2F73652E63
>>>> 7274
>>>>   979:d=3  hl=2 l=  33 cons: SEQUENCE
>>>>   981:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Subject
>> Alternative
>>>> Name
>>>>   986:d=4  hl=2 l=  26 prim: OCTET STRING      [HEX
>>>> DUMP]:3018821673736C312E74737973616371756972696E672E6E6574
>>>>  1014:d=3  hl=2 l=  31 cons: SEQUENCE
>>>>  1016:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Authority Key
>>>> Identifier
>>>>  1021:d=4  hl=2 l=  24 prim: OCTET STRING      [HEX
>>>> DUMP]:30168014D79B7CD822A015F7DDAD5FCE299B58C3BC4600B5
>>>>
>>>> Base64 TBSCertificate:
>>>>
>>
>
MIIEE6ADAgECAhBwElyoqu3BcsjlBwe0k+MNMA0GCSqGSIb3DQEBBQUAMIG8MQswCQYDVQQGEwJV
>>>>
>>
>
UzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdv
>>>>
>>
>
cmsxOzA5BgNVBAsTMlRlcm1zIG9mIHVzZSBhdCBodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBh
>>>>
>>
>
IChjKTEwMTYwNAYDVQQDEy1WZXJpU2lnbiBDbGFzcyAzIEludGVybmF0aW9uYWwgU2VydmVyIENB
>>>>
>>
>
IC0gRzMwHhcNMTYwNzI5MDAwMDAwWhcNMTcwMjEwMjM1OTU5WjB3MQswCQYDVQQGEwJVUzEQMA4G
>>>>
>>
>
A1UECBMHR2VvcmdpYTERMA8GA1UEBxQIQ29sdW1idXMxDTALBgNVBAoUBFRTWVMxEzARBgNVBAsU
>>>>
>>
>
ClREUy1SZXN0b24xHzAdBgNVBAMUFnNzbDEudHN5c2FjcXVpcmluZy5uZXQwggEiMA0GCSqGSIb3
>>>>
>>
>
DQEBAQUAA4IBDwAwggEKAoIBAQDq9sd0arARbLSqanJGVm5lvKATrx8DEatZSqjDZgijY+VUpfvi
>>>>
>>
>
wEL6Ert7sBikzw/aa54tttQKMEkKEiIwt1pB8v0v1lyGgyLRhLc7twVUV+DuLwEpnkvgkKKyphVm
>>>>
>>
>
dPykmBUx38e+qrDbEvHel11DMFQrQPhV0kFwNVvIPj+Pn+8Z709R8EEkT/GYNrpP+T5kfY+1wnj9
>>>>
>>
>
5a2Z+u2XU1zPb+8teDa/4VkthVzV5BKDIVyLQ4SbGsrag1r049cNAg79yMsLFQ/iDsgTtTQxLHqX
>>>>
>>
>
NsuBJHxXVQ+WzDaSRmA9QPskAAhMnlwJwkrHTNP4JlgiOzvWQkvs17nuL19bDof9AgMBAAGjggFr
>>>>
>>
>
MIIBZzAJBgNVHRMEAjAAMGEGA1UdIARaMFgwVgYGZ4EMAQICMEwwIwYIKwYBBQUHAgEWF2h0dHBz
>>>>
>>
>
Oi8vZC5zeW1jYi5jb20vY3BzMCUGCCsGAQUFBwICMBkMF2h0dHBzOi8vZC5zeW1jYi5jb20vcnBh
>>>>
>>
>
MCsGA1UdHwQkMCIwIKAeoByGGmh0dHA6Ly9zZS5zeW1jYi5jb20vc2UuY3JsMB0GA1UdJQQWMBQG
>>>>
>>
>
CCsGAQUFBwMBBggrBgEFBQcDAjAOBgNVHQ8BAf8EBAMCBaAwVwYIKwYBBQUHAQEESzBJMB8GCCsG
>>>>
>>
>
AQUFBzABhhNodHRwOi8vc2Uuc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc2Uuc3ltY2Iu
>>>>
>>
>
Y29tL3NlLmNydDAhBgNVHREEGjAYghZzc2wxLnRzeXNhY3F1aXJpbmcubmV0MB8GA1UdIwQYMBaA
>>>> FNebfNgioBX33a1fzimbWMO8RgC1
>>>>
>>>>
>>>> -----------------------------------
>>>>
>>>> ssl1.tsysacquiring.net (based on https://crt.sh/?id=10997968)
>>>>
>>>> -----BEGIN CERTIFICATE-----
>>>> MIIFOjCCBCKgAwIBAgIQKlr28BNu+jfBjcv9eaAkzDANBgkqhkiG9w0BAQUFADCB
>>>> vDELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
>>>> ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug
>>>> YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykxMDE2MDQGA1UEAxMt
>>>> VmVyaVNpZ24gQ2xhc3MgMyBJbnRlcm5hdGlvbmFsIFNlcnZlciBDQSAtIEczMB4X
>>>> DTE0MDcxMTAwMDAwMFoXDTE2MDgzMDIzNTk1OVowdzELMAkGA1UEBhMCVVMxEDAO
>>>> BgNVBAgTB0dlb3JnaWExETAPBgNVBAcUCENvbHVtYnVzMQ0wCwYDVQQKFARUU1lT
>>>> MRMwEQYDVQQLFApURFMtRGFsbGFzMR8wHQYDVQQDFBZzc2wxLnRzeXNhY3F1aXJp
>>>> bmcubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwFQ4i7PVKE+3
>>>> fJYa90a+kECKexeIqLIipcsTlnR0waBd318Y7MMwbBWy+NxSq082vYdQRWPChf5D
>>>> 5SLjgJRc3V/XaJqu9kvFi9a5LzLRZV+Vi5cQ37jrLlVT5vyGv7xROM+zi1aSXUsM
>>>> Ipu53YDlXLrJm5vsEOx6+htCo3JYoi/bWjL0XQc1hyynk/GW1HQudVAIFIBiyfvs
>>>> ifl6YEFx3uXFzbA8hNNWoFg1el7wOmjgqeGCzFn6dMULC+YbbS0SKeeK8O+4q6D2
>>>> 5N4jx4FkPWL0wPb4LHKzDi9IdRJQD8Z1UQaw812CSbpLOCVtZKwKY43ZvSOlx/e1
>>>> vbyru/jdXwIDAQABo4IBejCCAXYwIQYDVR0RBBowGIIWc3NsMS50c3lzYWNxdWly
>>>> aW5nLm5ldDAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIFoDAoBgNVHSUEITAfBggr
>>>> BgEFBQcDAQYIKwYBBQUHAwIGCWCGSAGG+EIEATBlBgNVHSAEXjBcMFoGCmCGSAGG
>>>> +EUBBzYwTDAjBggrBgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYI
>>>> KwYBBQUHAgIwGRoXaHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwHwYDVR0jBBgwFoAU
>>>> 15t82CKgFffdrV/OKZtYw7xGALUwKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3Nl
>>>> LnN5bWNiLmNvbS9zZS5jcmwwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNo
>>>> dHRwOi8vc2Uuc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc2Uuc3ltY2Iu
>>>> Y29tL3NlLmNydDANBgkqhkiG9w0BAQUFAAOCAQEAll6VCK9oIi2VS47wXawNL4a5
>>>> 2xcWV5efKafdXzfI/CM/cOKaBnhEgpx+cUyPLkwO/2zYiO6nho18LAYsOCJyU5cB
>>>> +sHmJ8h035IP20LEE6ddiL3DrfCD3bXg04+ATs28W1mhdNsbcsSqtF6FG2hyi1dy
>>>> 8/BR62rutvyC5OuZP32cXZZgJu8xGwIQxtmzrYqG2WUPA05A8zPImQcj8KeJUM/e
>>>> AusFQKu5VVxycH8OQb6U6P90H9Zf5W7nzAo2c+wZEx26CMTWqDKhWr58MnehGU9Q
>>>> W+1glt+DKwHznztq3UQuDF6xuHBbzVbau4VqBAWjRE1gM718xuBLwsRtDSIAWA==
>>>> -----END CERTIFICATE-----
>>>>
>>>> Parsed TBSCertificate:
>>>>     0:d=0  hl=4 l=1043 cons: SEQUENCE
>>>>     4:d=1  hl=2 l=   3 cons: cont [ 0 ]
>>>>     6:d=2  hl=2 l=   1 prim: INTEGER           :02
>>>>     9:d=1  hl=2 l=  16 prim: INTEGER
>>>> :20924C61364BC9860739A65E150F40E2
>>>>    27:d=1  hl=2 l=  13 cons: SEQUENCE
>>>>    29:d=2  hl=2 l=   9 prim: OBJECT            :sha1WithRSAEncryption
>>>>    40:d=2  hl=2 l=   0 prim: NULL
>>>>    42:d=1  hl=3 l= 188 cons: SEQUENCE
>>>>    45:d=2  hl=2 l=  11 cons: SET
>>>>    47:d=3  hl=2 l=   9 cons: SEQUENCE
>>>>    49:d=4  hl=2 l=   3 prim: OBJECT            :countryName
>>>>    54:d=4  hl=2 l=   2 prim: PRINTABLESTRING   :US
>>>>    58:d=2  hl=2 l=  23 cons: SET
>>>>    60:d=3  hl=2 l=  21 cons: SEQUENCE
>>>>    62:d=4  hl=2 l=   3 prim: OBJECT            :organizationName
>>>>    67:d=4  hl=2 l=  14 prim: PRINTABLESTRING   :VeriSign, Inc.
>>>>    83:d=2  hl=2 l=  31 cons: SET
>>>>    85:d=3  hl=2 l=  29 cons: SEQUENCE
>>>>    87:d=4  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
>>>>    92:d=4  hl=2 l=  22 prim: PRINTABLESTRING   :VeriSign Trust Network
>>>>   116:d=2  hl=2 l=  59 cons: SET
>>>>   118:d=3  hl=2 l=  57 cons: SEQUENCE
>>>>   120:d=4  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
>>>>   125:d=4  hl=2 l=  50 prim: PRINTABLESTRING   :Terms of use at
>>>> https://www.verisign.com/rpa (c)10
>>>>   177:d=2  hl=2 l=  54 cons: SET
>>>>   179:d=3  hl=2 l=  52 cons: SEQUENCE
>>>>   181:d=4  hl=2 l=   3 prim: OBJECT            :commonName
>>>>   186:d=4  hl=2 l=  45 prim: PRINTABLESTRING   :VeriSign Class 3
>>>> International Server CA - G3
>>>>   233:d=1  hl=2 l=  30 cons: SEQUENCE
>>>>   235:d=2  hl=2 l=  13 prim: UTCTIME           :160729000000Z
>>>>   250:d=2  hl=2 l=  13 prim: UTCTIME           :170210235959Z
>>>>   265:d=1  hl=2 l= 119 cons: SEQUENCE
>>>>   267:d=2  hl=2 l=  11 cons: SET
>>>>   269:d=3  hl=2 l=   9 cons: SEQUENCE
>>>>   271:d=4  hl=2 l=   3 prim: OBJECT            :countryName
>>>>   276:d=4  hl=2 l=   2 prim: PRINTABLESTRING   :US
>>>>   280:d=2  hl=2 l=  16 cons: SET
>>>>   282:d=3  hl=2 l=  14 cons: SEQUENCE
>>>>   284:d=4  hl=2 l=   3 prim: OBJECT            :stateOrProvinceName
>>>>   289:d=4  hl=2 l=   7 prim: PRINTABLESTRING   :Georgia
>>>>   298:d=2  hl=2 l=  17 cons: SET
>>>>   300:d=3  hl=2 l=  15 cons: SEQUENCE
>>>>   302:d=4  hl=2 l=   3 prim: OBJECT            :localityName
>>>>   307:d=4  hl=2 l=   8 prim: T61STRING         :Columbus
>>>>   317:d=2  hl=2 l=  13 cons: SET
>>>>   319:d=3  hl=2 l=  11 cons: SEQUENCE
>>>>   321:d=4  hl=2 l=   3 prim: OBJECT            :organizationName
>>>>   326:d=4  hl=2 l=   4 prim: T61STRING         :TSYS
>>>>   332:d=2  hl=2 l=  19 cons: SET
>>>>   334:d=3  hl=2 l=  17 cons: SEQUENCE
>>>>   336:d=4  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
>>>>   341:d=4  hl=2 l=  10 prim: T61STRING         :TDS-Dallas
>>>>   353:d=2  hl=2 l=  31 cons: SET
>>>>   355:d=3  hl=2 l=  29 cons: SEQUENCE
>>>>   357:d=4  hl=2 l=   3 prim: OBJECT            :commonName
>>>>   362:d=4  hl=2 l=  22 prim: T61STRING         :ssl1.tsysacquiring.net
>>>>   386:d=1  hl=4 l= 290 cons: SEQUENCE
>>>>   390:d=2  hl=2 l=  13 cons: SEQUENCE
>>>>   392:d=3  hl=2 l=   9 prim: OBJECT            :rsaEncryption
>>>>   403:d=3  hl=2 l=   0 prim: NULL
>>>>   405:d=2  hl=4 l= 271 prim: BIT STRING
>>>>   680:d=1  hl=4 l= 363 cons: cont [ 3 ]
>>>>   684:d=2  hl=4 l= 359 cons: SEQUENCE
>>>>   688:d=3  hl=2 l=   9 cons: SEQUENCE
>>>>   690:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Basic
Constraints
>>>>   695:d=4  hl=2 l=   2 prim: OCTET STRING      [HEX DUMP]:3000
>>>>   699:d=3  hl=2 l=  97 cons: SEQUENCE
>>>>   701:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Certificate
>> Policies
>>>>   706:d=4  hl=2 l=  90 prim: OCTET STRING      [HEX
>>>>
>>
>
DUMP]:30583056060667810C010202304C302306082B06010505070201161768747470733A2F
>>>>
>>
>
2F642E73796D63622E636F6D2F637073302506082B0601050507020230190C1768747470733A
>>>> 2F2F642E73796D63622E636F6D2F727061
>>>>   798:d=3  hl=2 l=  43 cons: SEQUENCE
>>>>   800:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 CRL Distribution
>>>> Points
>>>>   805:d=4  hl=2 l=  36 prim: OCTET STRING      [HEX
>>>>
>>
>
DUMP]:30223020A01EA01C861A687474703A2F2F73652E73796D63622E636F6D2F73652E6372
>>>> 6C
>>>>   843:d=3  hl=2 l=  29 cons: SEQUENCE
>>>>   845:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Extended Key
> Usage
>>>>   850:d=4  hl=2 l=  22 prim: OCTET STRING      [HEX
>>>> DUMP]:301406082B0601050507030106082B06010505070302
>>>>   874:d=3  hl=2 l=  14 cons: SEQUENCE
>>>>   876:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Key Usage
>>>>   881:d=4  hl=2 l=   1 prim: BOOLEAN           :255
>>>>   884:d=4  hl=2 l=   4 prim: OCTET STRING      [HEX DUMP]:030205A0
>>>>   890:d=3  hl=2 l=  87 cons: SEQUENCE
>>>>   892:d=4  hl=2 l=   8 prim: OBJECT            :Authority Information
>> Access
>>>>   902:d=4  hl=2 l=  75 prim: OCTET STRING      [HEX
>>>>
>>
>
DUMP]:3049301F06082B060105050730018613687474703A2F2F73652E73796D63642E636F6D
>>>>
>>
>
302606082B06010505073002861A687474703A2F2F73652E73796D63622E636F6D2F73652E63
>>>> 7274
>>>>   979:d=3  hl=2 l=  33 cons: SEQUENCE
>>>>   981:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Subject
>> Alternative
>>>> Name
>>>>   986:d=4  hl=2 l=  26 prim: OCTET STRING      [HEX
>>>> DUMP]:3018821673736C312E74737973616371756972696E672E6E6574
>>>>  1014:d=3  hl=2 l=  31 cons: SEQUENCE
>>>>  1016:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Authority Key
>>>> Identifier
>>>>  1021:d=4  hl=2 l=  24 prim: OCTET STRING      [HEX
>>>> DUMP]:30168014D79B7CD822A015F7DDAD5FCE299B58C3BC4600B5
>>>>
>>>> Base64 TBSCertificate:
>>>>
>>
>
MIIEE6ADAgECAhAgkkxhNkvJhgc5pl4VD0DiMA0GCSqGSIb3DQEBBQUAMIG8MQswCQYDVQQGEwJV
>>>>
>>
>
UzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdv
>>>>
>>
>
cmsxOzA5BgNVBAsTMlRlcm1zIG9mIHVzZSBhdCBodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBh
>>>>
>>
>
IChjKTEwMTYwNAYDVQQDEy1WZXJpU2lnbiBDbGFzcyAzIEludGVybmF0aW9uYWwgU2VydmVyIENB
>>>>
>>
>
IC0gRzMwHhcNMTYwNzI5MDAwMDAwWhcNMTcwMjEwMjM1OTU5WjB3MQswCQYDVQQGEwJVUzEQMA4G
>>>>
>>
>
A1UECBMHR2VvcmdpYTERMA8GA1UEBxQIQ29sdW1idXMxDTALBgNVBAoUBFRTWVMxEzARBgNVBAsU
>>>>
>>
>
ClREUy1EYWxsYXMxHzAdBgNVBAMUFnNzbDEudHN5c2FjcXVpcmluZy5uZXQwggEiMA0GCSqGSIb3
>>>>
>>
>
DQEBAQUAA4IBDwAwggEKAoIBAQDAVDiLs9UoT7d8lhr3Rr6QQIp7F4iosiKlyxOWdHTBoF3fXxjs
>>>>
>>
>
wzBsFbL43FKrTza9h1BFY8KF/kPlIuOAlFzdX9domq72S8WL1rkvMtFlX5WLlxDfuOsuVVPm/Ia/
>>>>
>>
>
vFE4z7OLVpJdSwwim7ndgOVcusmbm+wQ7Hr6G0KjcliiL9taMvRdBzWHLKeT8ZbUdC51UAgUgGLJ
>>>>
>>
>
++yJ+XpgQXHe5cXNsDyE01agWDV6XvA6aOCp4YLMWfp0xQsL5httLRIp54rw77iroPbk3iPHgWQ9
>>>>
>>
>
YvTA9vgscrMOL0h1ElAPxnVRBrDzXYJJuks4JW1krApjjdm9I6XH97W9vKu7+N1fAgMBAAGjggFr
>>>>
>>
>
MIIBZzAJBgNVHRMEAjAAMGEGA1UdIARaMFgwVgYGZ4EMAQICMEwwIwYIKwYBBQUHAgEWF2h0dHBz
>>>>
>>
>
Oi8vZC5zeW1jYi5jb20vY3BzMCUGCCsGAQUFBwICMBkMF2h0dHBzOi8vZC5zeW1jYi5jb20vcnBh
>>>>
>>
>
MCsGA1UdHwQkMCIwIKAeoByGGmh0dHA6Ly9zZS5zeW1jYi5jb20vc2UuY3JsMB0GA1UdJQQWMBQG
>>>>
>>
>
CCsGAQUFBwMBBggrBgEFBQcDAjAOBgNVHQ8BAf8EBAMCBaAwVwYIKwYBBQUHAQEESzBJMB8GCCsG
>>>>
>>
>
AQUFBzABhhNodHRwOi8vc2Uuc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc2Uuc3ltY2Iu
>>>>
>>
>
Y29tL3NlLmNydDAhBgNVHREEGjAYghZzc2wxLnRzeXNhY3F1aXJpbmcubmV0MB8GA1UdIwQYMBaA
>>>> FNebfNgioBX33a1fzimbWMO8RgC1
>>>>
>>>>
>>>> ----------------------------------------
>>>>
>>>> ssl1.vitalps.net (based on https://crt.sh/?id=4858491)
>>>>
>>>> -----BEGIN CERTIFICATE-----
>>>> MIIFLjCCBBagAwIBAgIQZpoeO9e+TCIqp+k4zN0aVDANBgkqhkiG9w0BAQUFADCB
>>>> vDELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
>>>> ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug
>>>> YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykxMDE2MDQGA1UEAxMt
>>>> VmVyaVNpZ24gQ2xhc3MgMyBJbnRlcm5hdGlvbmFsIFNlcnZlciBDQSAtIEczMB4X
>>>> DTE0MDcxMTAwMDAwMFoXDTE2MDgzMDIzNTk1OVowcTELMAkGA1UEBhMCVVMxEDAO
>>>> BgNVBAgTB0dlb3JnaWExETAPBgNVBAcUCENvbHVtYnVzMQ0wCwYDVQQKFARUU1lT
>>>> MRMwEQYDVQQLFApURFMtUmVzdG9uMRkwFwYDVQQDFBBzc2wxLnZpdGFscHMubmV0
>>>> MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnmVKgzsstUaQEW8Ab0bx
>>>> xP3NXPUIzGq8pF2lriBAMlYPVI+Y/sUvZxQk5BYcxRQI3Ux+A0EzN4EbYB3ib9up
>>>> uu1ORyYjJksGAuMzZz4ovkKc64FCbH/ceBGjd6UOjYEbxrnysX3nNevP1ROUW5YT
>>>> hrMqLuyoBeK1YvWCUeieXe2A9ysAbF2J2VNaJvtMkMMUrpW3alrkU9pf3re9M68Y
>>>> dp3jJDR7GiKvNTB7r8fvpCmkImTC//Q9vrvLYUU4Tl6d++gCxLs2Q1pa+mUqr6f8
>>>> fgSwRTNdzzsUV0eLv2+Ugpki823Hl2zgwuv6XM/rD1/B+B9Yk7j+tkstrzsQYVZ1
>>>> TQIDAQABo4IBdDCCAXAwGwYDVR0RBBQwEoIQc3NsMS52aXRhbHBzLm5ldDAJBgNV
>>>> HRMEAjAAMA4GA1UdDwEB/wQEAwIFoDAoBgNVHSUEITAfBggrBgEFBQcDAQYIKwYB
>>>> BQUHAwIGCWCGSAGG+EIEATBlBgNVHSAEXjBcMFoGCmCGSAGG+EUBBzYwTDAjBggr
>>>> BgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIwGRoX
>>>> aHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwHwYDVR0jBBgwFoAU15t82CKgFffdrV/O
>>>> KZtYw7xGALUwKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3NlLnN5bWNiLmNvbS9z
>>>> ZS5jcmwwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vc2Uuc3lt
>>>> Y2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc2Uuc3ltY2IuY29tL3NlLmNydDAN
>>>> BgkqhkiG9w0BAQUFAAOCAQEACASjUqP+m3+AFB3Ll53kgxpaASFCLbd29Z1X59gR
>>>> 3fgAUyNL8fLEgKwrBC30b5JDpgMXHSJffx0UvZyVUYEJRPvXlfGdkfIfux+afgWr
>>>> raXn7PqW5UK4k4wc/iXv19vB1jXEUKNzHMDn5m08g8PAiuhLslInRPO/zUKafVTw
>>>> PN2je9okqA0opoLpuQbZfkXVmrPag1z1tRaHQ4Es0qm6s0hg9N/Cac++wncO3DzG
>>>> ZgzkbTbDmt2/OQ0na0goKJxEQanClzq20+oOrP0joIKDJZi4C89duukF1PXIGYLG
>>>> FVqc0amgbylgiJfZ5aspHG7wydjEToBQmRvqPAZTABZnxA==
>>>> -----END CERTIFICATE-----
>>>>
>>>> Parsed TBSCertificate:
>>>>     0:d=0  hl=4 l=1031 cons: SEQUENCE
>>>>     4:d=1  hl=2 l=   3 cons: cont [ 0 ]
>>>>     6:d=2  hl=2 l=   1 prim: INTEGER           :02
>>>>     9:d=1  hl=2 l=  16 prim: INTEGER
>>>> :03F1C7694784FFDE1F72888DD69F6319
>>>>    27:d=1  hl=2 l=  13 cons: SEQUENCE
>>>>    29:d=2  hl=2 l=   9 prim: OBJECT            :sha1WithRSAEncryption
>>>>    40:d=2  hl=2 l=   0 prim: NULL
>>>>    42:d=1  hl=3 l= 188 cons: SEQUENCE
>>>>    45:d=2  hl=2 l=  11 cons: SET
>>>>    47:d=3  hl=2 l=   9 cons: SEQUENCE
>>>>    49:d=4  hl=2 l=   3 prim: OBJECT            :countryName
>>>>    54:d=4  hl=2 l=   2 prim: PRINTABLESTRING   :US
>>>>    58:d=2  hl=2 l=  23 cons: SET
>>>>    60:d=3  hl=2 l=  21 cons: SEQUENCE
>>>>    62:d=4  hl=2 l=   3 prim: OBJECT            :organizationName
>>>>    67:d=4  hl=2 l=  14 prim: PRINTABLESTRING   :VeriSign, Inc.
>>>>    83:d=2  hl=2 l=  31 cons: SET
>>>>    85:d=3  hl=2 l=  29 cons: SEQUENCE
>>>>    87:d=4  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
>>>>    92:d=4  hl=2 l=  22 prim: PRINTABLESTRING   :VeriSign Trust Network
>>>>   116:d=2  hl=2 l=  59 cons: SET
>>>>   118:d=3  hl=2 l=  57 cons: SEQUENCE
>>>>   120:d=4  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
>>>>   125:d=4  hl=2 l=  50 prim: PRINTABLESTRING   :Terms of use at
>>>> https://www.verisign.com/rpa (c)10
>>>>   177:d=2  hl=2 l=  54 cons: SET
>>>>   179:d=3  hl=2 l=  52 cons: SEQUENCE
>>>>   181:d=4  hl=2 l=   3 prim: OBJECT            :commonName
>>>>   186:d=4  hl=2 l=  45 prim: PRINTABLESTRING   :VeriSign Class 3
>>>> International Server CA - G3
>>>>   233:d=1  hl=2 l=  30 cons: SEQUENCE
>>>>   235:d=2  hl=2 l=  13 prim: UTCTIME           :160729000000Z
>>>>   250:d=2  hl=2 l=  13 prim: UTCTIME           :170210235959Z
>>>>   265:d=1  hl=2 l= 113 cons: SEQUENCE
>>>>   267:d=2  hl=2 l=  11 cons: SET
>>>>   269:d=3  hl=2 l=   9 cons: SEQUENCE
>>>>   271:d=4  hl=2 l=   3 prim: OBJECT            :countryName
>>>>   276:d=4  hl=2 l=   2 prim: PRINTABLESTRING   :US
>>>>   280:d=2  hl=2 l=  16 cons: SET
>>>>   282:d=3  hl=2 l=  14 cons: SEQUENCE
>>>>   284:d=4  hl=2 l=   3 prim: OBJECT            :stateOrProvinceName
>>>>   289:d=4  hl=2 l=   7 prim: PRINTABLESTRING   :Georgia
>>>>   298:d=2  hl=2 l=  17 cons: SET
>>>>   300:d=3  hl=2 l=  15 cons: SEQUENCE
>>>>   302:d=4  hl=2 l=   3 prim: OBJECT            :localityName
>>>>   307:d=4  hl=2 l=   8 prim: T61STRING         :Columbus
>>>>   317:d=2  hl=2 l=  13 cons: SET
>>>>   319:d=3  hl=2 l=  11 cons: SEQUENCE
>>>>   321:d=4  hl=2 l=   3 prim: OBJECT            :organizationName
>>>>   326:d=4  hl=2 l=   4 prim: T61STRING         :TSYS
>>>>   332:d=2  hl=2 l=  19 cons: SET
>>>>   334:d=3  hl=2 l=  17 cons: SEQUENCE
>>>>   336:d=4  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
>>>>   341:d=4  hl=2 l=  10 prim: T61STRING         :TDS-Reston
>>>>   353:d=2  hl=2 l=  25 cons: SET
>>>>   355:d=3  hl=2 l=  23 cons: SEQUENCE
>>>>   357:d=4  hl=2 l=   3 prim: OBJECT            :commonName
>>>>   362:d=4  hl=2 l=  16 prim: T61STRING         :ssl1.vitalps.net
>>>>   380:d=1  hl=4 l= 290 cons: SEQUENCE
>>>>   384:d=2  hl=2 l=  13 cons: SEQUENCE
>>>>   386:d=3  hl=2 l=   9 prim: OBJECT            :rsaEncryption
>>>>   397:d=3  hl=2 l=   0 prim: NULL
>>>>   399:d=2  hl=4 l= 271 prim: BIT STRING
>>>>   674:d=1  hl=4 l= 357 cons: cont [ 3 ]
>>>>   678:d=2  hl=4 l= 353 cons: SEQUENCE
>>>>   682:d=3  hl=2 l=   9 cons: SEQUENCE
>>>>   684:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Basic
Constraints
>>>>   689:d=4  hl=2 l=   2 prim: OCTET STRING      [HEX DUMP]:3000
>>>>   693:d=3  hl=2 l=  97 cons: SEQUENCE
>>>>   695:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Certificate
>> Policies
>>>>   700:d=4  hl=2 l=  90 prim: OCTET STRING      [HEX
>>>>
>>
>
DUMP]:30583056060667810C010202304C302306082B06010505070201161768747470733A2F
>>>>
>>
>
2F642E73796D63622E636F6D2F637073302506082B0601050507020230191A1768747470733A
>>>> 2F2F642E73796D63622E636F6D2F727061
>>>>   792:d=3  hl=2 l=  43 cons: SEQUENCE
>>>>   794:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 CRL Distribution
>>>> Points
>>>>   799:d=4  hl=2 l=  36 prim: OCTET STRING      [HEX
>>>>
>>
>
DUMP]:30223020A01EA01C861A687474703A2F2F73652E73796D63622E636F6D2F73652E6372
>>>> 6C
>>>>   837:d=3  hl=2 l=  29 cons: SEQUENCE
>>>>   839:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Extended Key
> Usage
>>>>   844:d=4  hl=2 l=  22 prim: OCTET STRING      [HEX
>>>> DUMP]:301406082B0601050507030106082B06010505070302
>>>>   868:d=3  hl=2 l=  14 cons: SEQUENCE
>>>>   870:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Key Usage
>>>>   875:d=4  hl=2 l=   1 prim: BOOLEAN           :255
>>>>   878:d=4  hl=2 l=   4 prim: OCTET STRING      [HEX DUMP]:030205A0
>>>>   884:d=3  hl=2 l=  87 cons: SEQUENCE
>>>>   886:d=4  hl=2 l=   8 prim: OBJECT            :Authority Information
>> Access
>>>>   896:d=4  hl=2 l=  75 prim: OCTET STRING      [HEX
>>>>
>>
>
DUMP]:3049301F06082B060105050730018613687474703A2F2F73652E73796D63642E636F6D
>>>>
>>
>
302606082B06010505073002861A687474703A2F2F73652E73796D63622E636F6D2F73652E63
>>>> 7274
>>>>   973:d=3  hl=2 l=  27 cons: SEQUENCE
>>>>   975:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Subject
>> Alternative
>>>> Name
>>>>   980:d=4  hl=2 l=  20 prim: OCTET STRING      [HEX
>>>> DUMP]:3012821073736C312E766974616C70732E6E6574
>>>>  1002:d=3  hl=2 l=  31 cons: SEQUENCE
>>>>  1004:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Authority Key
>>>> Identifier
>>>>  1009:d=4  hl=2 l=  24 prim: OCTET STRING      [HEX
>>>> DUMP]:30168014D79B7CD822A015F7DDAD5FCE299B58C3BC4600B5
>>>>
>>>> Base64 TBSCertificate:
>>>>
>>
>
MIIEB6ADAgECAhAD8cdpR4T/3h9yiI3Wn2MZMA0GCSqGSIb3DQEBBQUAMIG8MQswCQYDVQQGEwJV
>>>>
>>
>
UzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdv
>>>>
>>
>
cmsxOzA5BgNVBAsTMlRlcm1zIG9mIHVzZSBhdCBodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBh
>>>>
>>
>
IChjKTEwMTYwNAYDVQQDEy1WZXJpU2lnbiBDbGFzcyAzIEludGVybmF0aW9uYWwgU2VydmVyIENB
>>>>
>>
>
IC0gRzMwHhcNMTYwNzI5MDAwMDAwWhcNMTcwMjEwMjM1OTU5WjBxMQswCQYDVQQGEwJVUzEQMA4G
>>>>
>>
>
A1UECBMHR2VvcmdpYTERMA8GA1UEBxQIQ29sdW1idXMxDTALBgNVBAoUBFRTWVMxEzARBgNVBAsU
>>>>
>>
>
ClREUy1SZXN0b24xGTAXBgNVBAMUEHNzbDEudml0YWxwcy5uZXQwggEiMA0GCSqGSIb3DQEBAQUA
>>>>
>>
>
A4IBDwAwggEKAoIBAQCeZUqDOyy1RpARbwBvRvHE/c1c9QjMarykXaWuIEAyVg9Uj5j+xS9nFCTk
>>>>
>>
>
FhzFFAjdTH4DQTM3gRtgHeJv26m67U5HJiMmSwYC4zNnPii+QpzrgUJsf9x4EaN3pQ6NgRvGufKx
>>>>
>>
>
fec168/VE5RblhOGsyou7KgF4rVi9YJR6J5d7YD3KwBsXYnZU1om+0yQwxSulbdqWuRT2l/et70z
>>>>
>>
>
rxh2neMkNHsaIq81MHuvx++kKaQiZML/9D2+u8thRThOXp376ALEuzZDWlr6ZSqvp/x+BLBFM13P
>>>>
>>
>
OxRXR4u/b5SCmSLzbceXbODC6/pcz+sPX8H4H1iTuP62Sy2vOxBhVnVNAgMBAAGjggFlMIIBYTAJ
>>>>
>>
>
BgNVHRMEAjAAMGEGA1UdIARaMFgwVgYGZ4EMAQICMEwwIwYIKwYBBQUHAgEWF2h0dHBzOi8vZC5z
>>>>
>>
>
eW1jYi5jb20vY3BzMCUGCCsGAQUFBwICMBkaF2h0dHBzOi8vZC5zeW1jYi5jb20vcnBhMCsGA1Ud
>>>>
>>
>
HwQkMCIwIKAeoByGGmh0dHA6Ly9zZS5zeW1jYi5jb20vc2UuY3JsMB0GA1UdJQQWMBQGCCsGAQUF
>>>>
>>
>
BwMBBggrBgEFBQcDAjAOBgNVHQ8BAf8EBAMCBaAwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzAB
>>>>
>>
>
hhNodHRwOi8vc2Uuc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc2Uuc3ltY2IuY29tL3Nl
>>>>
>>
>
LmNydDAbBgNVHREEFDASghBzc2wxLnZpdGFscHMubmV0MB8GA1UdIwQYMBaAFNebfNgioBX33a1f
>>>> zimbWMO8RgC1
>>>>
>>>>
>>>> --------------------------------------------
>>>>
>>>> ssl1.vitalps.net (based on https://crt.sh/?id=4858607)
>>>>
>>>> -----BEGIN CERTIFICATE-----
>>>> MIIFLjCCBBagAwIBAgIQaekgbaF9jW5PDVLXvSSXqDANBgkqhkiG9w0BAQUFADCB
>>>> vDELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
>>>> ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug
>>>> YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykxMDE2MDQGA1UEAxMt
>>>> VmVyaVNpZ24gQ2xhc3MgMyBJbnRlcm5hdGlvbmFsIFNlcnZlciBDQSAtIEczMB4X
>>>> DTE0MDcxMTAwMDAwMFoXDTE2MDgzMDIzNTk1OVowcTELMAkGA1UEBhMCVVMxEDAO
>>>> BgNVBAgTB0dlb3JnaWExETAPBgNVBAcUCENvbHVtYnVzMQ0wCwYDVQQKFARUU1lT
>>>> MRMwEQYDVQQLFApURFMtRGFsbGFzMRkwFwYDVQQDFBBzc2wxLnZpdGFscHMubmV0
>>>> MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtD1KH2N5/9LQCnShT3mK
>>>> Z39xXfZpmYZi8RdhG/MKqDxyZKrplObaYdDQrmOLefa0wPSJYcQQY4/cSJdwBqOr
>>>> 1sIRQjYl92EQXGPJOSDh7Le4huxtVVXHwpKxpHe4QtVWQ9mmSiuScsofrMq2UhX2
>>>> RhdDRJISrbGSUsUWkCF/23GRslgTcfCTeK4682Rc9csjAkL8ICxiKarjQ2W2iygJ
>>>> 8EyfJnJB38AwXhA2F8IVtkXAkKhj90PH5kImlODqF2VSHSSSpgunEpngX3eld0yk
>>>> Z0BjhYqdnKozWc1FPWursDqKABOHOUcvW4KDdF8aIe+FNoEpbOibLEJ15539DKCQ
>>>> xQIDAQABo4IBdDCCAXAwGwYDVR0RBBQwEoIQc3NsMS52aXRhbHBzLm5ldDAJBgNV
>>>> HRMEAjAAMA4GA1UdDwEB/wQEAwIFoDAoBgNVHSUEITAfBggrBgEFBQcDAQYIKwYB
>>>> BQUHAwIGCWCGSAGG+EIEATBlBgNVHSAEXjBcMFoGCmCGSAGG+EUBBzYwTDAjBggr
>>>> BgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIwGRoX
>>>> aHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwHwYDVR0jBBgwFoAU15t82CKgFffdrV/O
>>>> KZtYw7xGALUwKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3NlLnN5bWNiLmNvbS9z
>>>> ZS5jcmwwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vc2Uuc3lt
>>>> Y2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc2Uuc3ltY2IuY29tL3NlLmNydDAN
>>>> BgkqhkiG9w0BAQUFAAOCAQEAKhkEu8si6mFNJrQFsX3XE/TiA6xt23N9A/ZwaZHY
>>>> JyTemPmzLYPb189Y2RusZcM/kpyzewJtaBZTEiBMcA/nfiqB2kWGNxZf4MBe6zxO
>>>> 2+ua3XP/6Ab5DugSGYrIu8uoEZUIW9TnNIhlfzoVHgmC/6PfgBIGYsXKVqRv3rbd
>>>> 1EmcmRMSLIZjoXUK3I1UkWIGJSFuDzp4mYR77uw0udTDNqBr6WmKucJ+Sl/BQqjt
>>>> A9urWU+ajhqWqJVR1q0/saKQey4/TpfTNzdWSYXcgE4A0zYf/wNB5HnYIkgzOUiY
>>>> Ii4HSFH/CTyOqrDLIugM9acjZT/A0YS8ZwMQxZ1N3tfr7Q==
>>>> -----END CERTIFICATE-----
>>>>
>>>> Parsed TBSCertificate:
>>>>     0:d=0  hl=4 l=1031 cons: SEQUENCE
>>>>     4:d=1  hl=2 l=   3 cons: cont [ 0 ]
>>>>     6:d=2  hl=2 l=   1 prim: INTEGER           :02
>>>>     9:d=1  hl=2 l=  16 prim: INTEGER
>>>> :0EB922276261F1D9C7843749E32235B7
>>>>    27:d=1  hl=2 l=  13 cons: SEQUENCE
>>>>    29:d=2  hl=2 l=   9 prim: OBJECT            :sha1WithRSAEncryption
>>>>    40:d=2  hl=2 l=   0 prim: NULL
>>>>    42:d=1  hl=3 l= 188 cons: SEQUENCE
>>>>    45:d=2  hl=2 l=  11 cons: SET
>>>>    47:d=3  hl=2 l=   9 cons: SEQUENCE
>>>>    49:d=4  hl=2 l=   3 prim: OBJECT            :countryName
>>>>    54:d=4  hl=2 l=   2 prim: PRINTABLESTRING   :US
>>>>    58:d=2  hl=2 l=  23 cons: SET
>>>>    60:d=3  hl=2 l=  21 cons: SEQUENCE
>>>>    62:d=4  hl=2 l=   3 prim: OBJECT            :organizationName
>>>>    67:d=4  hl=2 l=  14 prim: PRINTABLESTRING   :VeriSign, Inc.
>>>>    83:d=2  hl=2 l=  31 cons: SET
>>>>    85:d=3  hl=2 l=  29 cons: SEQUENCE
>>>>    87:d=4  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
>>>>    92:d=4  hl=2 l=  22 prim: PRINTABLESTRING   :VeriSign Trust Network
>>>>   116:d=2  hl=2 l=  59 cons: SET
>>>>   118:d=3  hl=2 l=  57 cons: SEQUENCE
>>>>   120:d=4  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
>>>>   125:d=4  hl=2 l=  50 prim: PRINTABLESTRING   :Terms of use at
>>>> https://www.verisign.com/rpa (c)10
>>>>   177:d=2  hl=2 l=  54 cons: SET
>>>>   179:d=3  hl=2 l=  52 cons: SEQUENCE
>>>>   181:d=4  hl=2 l=   3 prim: OBJECT            :commonName
>>>>   186:d=4  hl=2 l=  45 prim: PRINTABLESTRING   :VeriSign Class 3
>>>> International Server CA - G3
>>>>   233:d=1  hl=2 l=  30 cons: SEQUENCE
>>>>   235:d=2  hl=2 l=  13 prim: UTCTIME           :160729000000Z
>>>>   250:d=2  hl=2 l=  13 prim: UTCTIME           :170210235959Z
>>>>   265:d=1  hl=2 l= 113 cons: SEQUENCE
>>>>   267:d=2  hl=2 l=  11 cons: SET
>>>>   269:d=3  hl=2 l=   9 cons: SEQUENCE
>>>>   271:d=4  hl=2 l=   3 prim: OBJECT            :countryName
>>>>   276:d=4  hl=2 l=   2 prim: PRINTABLESTRING   :US
>>>>   280:d=2  hl=2 l=  16 cons: SET
>>>>   282:d=3  hl=2 l=  14 cons: SEQUENCE
>>>>   284:d=4  hl=2 l=   3 prim: OBJECT            :stateOrProvinceName
>>>>   289:d=4  hl=2 l=   7 prim: PRINTABLESTRING   :Georgia
>>>>   298:d=2  hl=2 l=  17 cons: SET
>>>>   300:d=3  hl=2 l=  15 cons: SEQUENCE
>>>>   302:d=4  hl=2 l=   3 prim: OBJECT            :localityName
>>>>   307:d=4  hl=2 l=   8 prim: T61STRING         :Columbus
>>>>   317:d=2  hl=2 l=  13 cons: SET
>>>>   319:d=3  hl=2 l=  11 cons: SEQUENCE
>>>>   321:d=4  hl=2 l=   3 prim: OBJECT            :organizationName
>>>>   326:d=4  hl=2 l=   4 prim: T61STRING         :TSYS
>>>>   332:d=2  hl=2 l=  19 cons: SET
>>>>   334:d=3  hl=2 l=  17 cons: SEQUENCE
>>>>   336:d=4  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
>>>>   341:d=4  hl=2 l=  10 prim: T61STRING         :TDS-Dallas
>>>>   353:d=2  hl=2 l=  25 cons: SET
>>>>   355:d=3  hl=2 l=  23 cons: SEQUENCE
>>>>   357:d=4  hl=2 l=   3 prim: OBJECT            :commonName
>>>>   362:d=4  hl=2 l=  16 prim: T61STRING         :ssl1.vitalps.net
>>>>   380:d=1  hl=4 l= 290 cons: SEQUENCE
>>>>   384:d=2  hl=2 l=  13 cons: SEQUENCE
>>>>   386:d=3  hl=2 l=   9 prim: OBJECT            :rsaEncryption
>>>>   397:d=3  hl=2 l=   0 prim: NULL
>>>>   399:d=2  hl=4 l= 271 prim: BIT STRING
>>>>   674:d=1  hl=4 l= 357 cons: cont [ 3 ]
>>>>   678:d=2  hl=4 l= 353 cons: SEQUENCE
>>>>   682:d=3  hl=2 l=   9 cons: SEQUENCE
>>>>   684:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Basic
Constraints
>>>>   689:d=4  hl=2 l=   2 prim: OCTET STRING      [HEX DUMP]:3000
>>>>   693:d=3  hl=2 l=  97 cons: SEQUENCE
>>>>   695:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Certificate
>> Policies
>>>>   700:d=4  hl=2 l=  90 prim: OCTET STRING      [HEX
>>>>
>>
>
DUMP]:30583056060667810C010202304C302306082B06010505070201161768747470733A2F
>>>>
>>
>
2F642E73796D63622E636F6D2F637073302506082B0601050507020230191A1768747470733A
>>>> 2F2F642E73796D63622E636F6D2F727061
>>>>   792:d=3  hl=2 l=  43 cons: SEQUENCE
>>>>   794:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 CRL Distribution
>>>> Points
>>>>   799:d=4  hl=2 l=  36 prim: OCTET STRING      [HEX
>>>>
>>
>
DUMP]:30223020A01EA01C861A687474703A2F2F73652E73796D63622E636F6D2F73652E6372
>>>> 6C
>>>>   837:d=3  hl=2 l=  29 cons: SEQUENCE
>>>>   839:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Extended Key
> Usage
>>>>   844:d=4  hl=2 l=  22 prim: OCTET STRING      [HEX
>>>> DUMP]:301406082B0601050507030106082B06010505070302
>>>>   868:d=3  hl=2 l=  14 cons: SEQUENCE
>>>>   870:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Key Usage
>>>>   875:d=4  hl=2 l=   1 prim: BOOLEAN           :255
>>>>   878:d=4  hl=2 l=   4 prim: OCTET STRING      [HEX DUMP]:030205A0
>>>>   884:d=3  hl=2 l=  87 cons: SEQUENCE
>>>>   886:d=4  hl=2 l=   8 prim: OBJECT            :Authority Information
>> Access
>>>>   896:d=4  hl=2 l=  75 prim: OCTET STRING      [HEX
>>>>
>>
>
DUMP]:3049301F06082B060105050730018613687474703A2F2F73652E73796D63642E636F6D
>>>>
>>
>
302606082B06010505073002861A687474703A2F2F73652E73796D63622E636F6D2F73652E63
>>>> 7274
>>>>   973:d=3  hl=2 l=  27 cons: SEQUENCE
>>>>   975:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Subject
>> Alternative
>>>> Name
>>>>   980:d=4  hl=2 l=  20 prim: OCTET STRING      [HEX
>>>> DUMP]:3012821073736C312E766974616C70732E6E6574
>>>>  1002:d=3  hl=2 l=  31 cons: SEQUENCE
>>>>  1004:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Authority Key
>>>> Identifier
>>>>  1009:d=4  hl=2 l=  24 prim: OCTET STRING      [HEX
>>>> DUMP]:30168014D79B7CD822A015F7DDAD5FCE299B58C3BC4600B5
>>>>
>>>> Base64 TBSCertificate:
>>>>
>>
>
MIIEB6ADAgECAhAOuSInYmHx2ceEN0njIjW3MA0GCSqGSIb3DQEBBQUAMIG8MQswCQYDVQQGEwJV
>>>>
>>
>
UzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdv
>>>>
>>
>
cmsxOzA5BgNVBAsTMlRlcm1zIG9mIHVzZSBhdCBodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBh
>>>>
>>
>
IChjKTEwMTYwNAYDVQQDEy1WZXJpU2lnbiBDbGFzcyAzIEludGVybmF0aW9uYWwgU2VydmVyIENB
>>>>
>>
>
IC0gRzMwHhcNMTYwNzI5MDAwMDAwWhcNMTcwMjEwMjM1OTU5WjBxMQswCQYDVQQGEwJVUzEQMA4G
>>>>
>>
>
A1UECBMHR2VvcmdpYTERMA8GA1UEBxQIQ29sdW1idXMxDTALBgNVBAoUBFRTWVMxEzARBgNVBAsU
>>>>
>>
>
ClREUy1EYWxsYXMxGTAXBgNVBAMUEHNzbDEudml0YWxwcy5uZXQwggEiMA0GCSqGSIb3DQEBAQUA
>>>>
>>
>
A4IBDwAwggEKAoIBAQC0PUofY3n/0tAKdKFPeYpnf3Fd9mmZhmLxF2Eb8wqoPHJkqumU5tph0NCu
>>>>
>>
>
Y4t59rTA9IlhxBBjj9xIl3AGo6vWwhFCNiX3YRBcY8k5IOHst7iG7G1VVcfCkrGkd7hC1VZD2aZK
>>>>
>>
>
K5Jyyh+syrZSFfZGF0NEkhKtsZJSxRaQIX/bcZGyWBNx8JN4rjrzZFz1yyMCQvwgLGIpquNDZbaL
>>>>
>>
>
KAnwTJ8mckHfwDBeEDYXwhW2RcCQqGP3Q8fmQiaU4OoXZVIdJJKmC6cSmeBfd6V3TKRnQGOFip2c
>>>>
>>
>
qjNZzUU9a6uwOooAE4c5Ry9bgoN0Xxoh74U2gSls6JssQnXnnf0MoJDFAgMBAAGjggFlMIIBYTAJ
>>>>
>>
>
BgNVHRMEAjAAMGEGA1UdIARaMFgwVgYGZ4EMAQICMEwwIwYIKwYBBQUHAgEWF2h0dHBzOi8vZC5z
>>>>
>>
>
eW1jYi5jb20vY3BzMCUGCCsGAQUFBwICMBkaF2h0dHBzOi8vZC5zeW1jYi5jb20vcnBhMCsGA1Ud
>>>>
>>
>
HwQkMCIwIKAeoByGGmh0dHA6Ly9zZS5zeW1jYi5jb20vc2UuY3JsMB0GA1UdJQQWMBQGCCsGAQUF
>>>>
>>
>
BwMBBggrBgEFBQcDAjAOBgNVHQ8BAf8EBAMCBaAwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzAB
>>>>
>>
>
hhNodHRwOi8vc2Uuc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc2Uuc3ltY2IuY29tL3Nl
>>>>
>>
>
LmNydDAbBgNVHREEFDASghBzc2wxLnZpdGFscHMubmV0MB8GA1UdIwQYMBaAFNebfNgioBX33a1f
>>>> zimbWMO8RgC1
>>>>
>>>>
>>>> ----------------------------------------------
>>>>
>>>> ssl3.vitalps.net (based on https://crt.sh/?id=24732908)
>>>>
>>>> -----BEGIN CERTIFICATE-----
>>>> MIIFLjCCBBagAwIBAgIQZ+KRKfjS6C/HFeLNU6FfljANBgkqhkiG9w0BAQUFADCB
>>>> vDELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
>>>> ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug
>>>> YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykxMDE2MDQGA1UEAxMt
>>>> VmVyaVNpZ24gQ2xhc3MgMyBJbnRlcm5hdGlvbmFsIFNlcnZlciBDQSAtIEczMB4X
>>>> DTE1MDgwNDAwMDAwMFoXDTE2MDgwMzIzNTk1OVowdTELMAkGA1UEBhMCVVMxEDAO
>>>> BgNVBAgTB0dlb3JnaWExETAPBgNVBAcUCENvbHVtYnVzMQ0wCwYDVQQKFARUU1lT
>>>> MRcwFQYDVQQLFA5URFMtUE1OX0RhbGxhczEZMBcGA1UEAxQQc3NsMy52aXRhbHBz
>>>> Lm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALjTwLC8aVNGKOve
>>>> eaa3TjQRO2CeYlkLAn5Ayk+L4EO+CR+2x9+1Vc8tJ+13/+oP+vA+hNtMnvZ3FREs
>>>> tA2x1u89v3OWj88E0HUtmA8aPYUpTYeFJVf3j0AUE9KZ02IiXzPyLimJst2wgF4m
>>>> /TtmN3BPczcAnWX+6UN7ygpc/AFodgAJs82tZsm9rRSrgqNe3z5ZOFPDa2Tj+QPU
>>>> fKEw3mORc0dwgIdKbdCRNrs7UkymV54a1A3p55j99CD+Byid7Lc9PzJe1XscJlfJ
>>>> 5gtXcKWRyhRY7e9W5QQ+s4yVDZxvnoAcoAo0yldaSMDrEktPNg7Ydslg0XQYMA+W
>>>> w2uexxMCAwEAAaOCAXAwggFsMBsGA1UdEQQUMBKCEHNzbDMudml0YWxwcy5uZXQw
>>>> CQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBaAwKAYDVR0lBCEwHwYIKwYBBQUHAwEG
>>>> CCsGAQUFBwMCBglghkgBhvhCBAEwYQYDVR0gBFowWDBWBgZngQwBAgIwTDAjBggr
>>>> BgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIwGRoX
>>>> aHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwHwYDVR0jBBgwFoAU15t82CKgFffdrV/O
>>>> KZtYw7xGALUwKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3NlLnN5bWNiLmNvbS9z
>>>> ZS5jcmwwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vc2Uuc3lt
>>>> Y2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc2Uuc3ltY2IuY29tL3NlLmNydDAN
>>>> BgkqhkiG9w0BAQUFAAOCAQEAKuvE4RJZc0cjPjkVRbhQWTYYrKjJ/1BYxmNszNTM
>>>> P+3rUb3I2k4+UoczYjf/F/qaK9AL5TSopVcn2ds5EnFoKJtpvF/gF6PK1OUM4ViX
>>>> jOPQFvycZ+mR8JXcvZJVFZVNZ+RahkPKJShIzryj2ktvci/yX8K2asNCE4BjVDAs
>>>> 1p5mTz4RcjofgCxDy0KYd/d/rGfbA1fNli8nL92UuuzzU+EqrQM3im3iAqlNZSDO
>>>> XjXxTEqnkrylTnMmzf4aIgz8OxUEvsZmkq5UXySd778kt5oJ3I7URe6NhDJjBCR4
>>>> VgFSirUTR0Y7lAkNDZ8x+2S7S0SoR6mi9BtxhWP+EFbVWw==
>>>> -----END CERTIFICATE-----
>>>>
>>>> Parsed TBSCertificate:
>>>>     0:d=0  hl=4 l=1035 cons: SEQUENCE
>>>>     4:d=1  hl=2 l=   3 cons: cont [ 0 ]
>>>>     6:d=2  hl=2 l=   1 prim: INTEGER           :02
>>>>     9:d=1  hl=2 l=  16 prim: INTEGER
>>>> :426F395EE8DCEF5C9123F0FDA116B040
>>>>    27:d=1  hl=2 l=  13 cons: SEQUENCE
>>>>    29:d=2  hl=2 l=   9 prim: OBJECT            :sha1WithRSAEncryption
>>>>    40:d=2  hl=2 l=   0 prim: NULL
>>>>    42:d=1  hl=3 l= 188 cons: SEQUENCE
>>>>    45:d=2  hl=2 l=  11 cons: SET
>>>>    47:d=3  hl=2 l=   9 cons: SEQUENCE
>>>>    49:d=4  hl=2 l=   3 prim: OBJECT            :countryName
>>>>    54:d=4  hl=2 l=   2 prim: PRINTABLESTRING   :US
>>>>    58:d=2  hl=2 l=  23 cons: SET
>>>>    60:d=3  hl=2 l=  21 cons: SEQUENCE
>>>>    62:d=4  hl=2 l=   3 prim: OBJECT            :organizationName
>>>>    67:d=4  hl=2 l=  14 prim: PRINTABLESTRING   :VeriSign, Inc.
>>>>    83:d=2  hl=2 l=  31 cons: SET
>>>>    85:d=3  hl=2 l=  29 cons: SEQUENCE
>>>>    87:d=4  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
>>>>    92:d=4  hl=2 l=  22 prim: PRINTABLESTRING   :VeriSign Trust Network
>>>>   116:d=2  hl=2 l=  59 cons: SET
>>>>   118:d=3  hl=2 l=  57 cons: SEQUENCE
>>>>   120:d=4  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
>>>>   125:d=4  hl=2 l=  50 prim: PRINTABLESTRING   :Terms of use at
>>>> https://www.verisign.com/rpa (c)10
>>>>   177:d=2  hl=2 l=  54 cons: SET
>>>>   179:d=3  hl=2 l=  52 cons: SEQUENCE
>>>>   181:d=4  hl=2 l=   3 prim: OBJECT            :commonName
>>>>   186:d=4  hl=2 l=  45 prim: PRINTABLESTRING   :VeriSign Class 3
>>>> International Server CA - G3
>>>>   233:d=1  hl=2 l=  30 cons: SEQUENCE
>>>>   235:d=2  hl=2 l=  13 prim: UTCTIME           :160729000000Z
>>>>   250:d=2  hl=2 l=  13 prim: UTCTIME           :170210235959Z
>>>>   265:d=1  hl=2 l= 117 cons: SEQUENCE
>>>>   267:d=2  hl=2 l=  11 cons: SET
>>>>   269:d=3  hl=2 l=   9 cons: SEQUENCE
>>>>   271:d=4  hl=2 l=   3 prim: OBJECT            :countryName
>>>>   276:d=4  hl=2 l=   2 prim: PRINTABLESTRING   :US
>>>>   280:d=2  hl=2 l=  16 cons: SET
>>>>   282:d=3  hl=2 l=  14 cons: SEQUENCE
>>>>   284:d=4  hl=2 l=   3 prim: OBJECT            :stateOrProvinceName
>>>>   289:d=4  hl=2 l=   7 prim: PRINTABLESTRING   :Georgia
>>>>   298:d=2  hl=2 l=  17 cons: SET
>>>>   300:d=3  hl=2 l=  15 cons: SEQUENCE
>>>>   302:d=4  hl=2 l=   3 prim: OBJECT            :localityName
>>>>   307:d=4  hl=2 l=   8 prim: T61STRING         :Columbus
>>>>   317:d=2  hl=2 l=  13 cons: SET
>>>>   319:d=3  hl=2 l=  11 cons: SEQUENCE
>>>>   321:d=4  hl=2 l=   3 prim: OBJECT            :organizationName
>>>>   326:d=4  hl=2 l=   4 prim: T61STRING         :TSYS
>>>>   332:d=2  hl=2 l=  23 cons: SET
>>>>   334:d=3  hl=2 l=  21 cons: SEQUENCE
>>>>   336:d=4  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
>>>>   341:d=4  hl=2 l=  14 prim: T61STRING         :TDS-PMN_Dallas
>>>>   357:d=2  hl=2 l=  25 cons: SET
>>>>   359:d=3  hl=2 l=  23 cons: SEQUENCE
>>>>   361:d=4  hl=2 l=   3 prim: OBJECT            :commonName
>>>>   366:d=4  hl=2 l=  16 prim: T61STRING         :ssl3.vitalps.net
>>>>   384:d=1  hl=4 l= 290 cons: SEQUENCE
>>>>   388:d=2  hl=2 l=  13 cons: SEQUENCE
>>>>   390:d=3  hl=2 l=   9 prim: OBJECT            :rsaEncryption
>>>>   401:d=3  hl=2 l=   0 prim: NULL
>>>>   403:d=2  hl=4 l= 271 prim: BIT STRING
>>>>   678:d=1  hl=4 l= 357 cons: cont [ 3 ]
>>>>   682:d=2  hl=4 l= 353 cons: SEQUENCE
>>>>   686:d=3  hl=2 l=   9 cons: SEQUENCE
>>>>   688:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Basic
Constraints
>>>>   693:d=4  hl=2 l=   2 prim: OCTET STRING      [HEX DUMP]:3000
>>>>   697:d=3  hl=2 l=  97 cons: SEQUENCE
>>>>   699:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Certificate
>> Policies
>>>>   704:d=4  hl=2 l=  90 prim: OCTET STRING      [HEX
>>>>
>>
>
DUMP]:30583056060667810C010202304C302306082B06010505070201161768747470733A2F
>>>>
>>
>
2F642E73796D63622E636F6D2F637073302506082B0601050507020230191A1768747470733A
>>>> 2F2F642E73796D63622E636F6D2F727061
>>>>   796:d=3  hl=2 l=  43 cons: SEQUENCE
>>>>   798:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 CRL Distribution
>>>> Points
>>>>   803:d=4  hl=2 l=  36 prim: OCTET STRING      [HEX
>>>>
>>
>
DUMP]:30223020A01EA01C861A687474703A2F2F73652E73796D63622E636F6D2F73652E6372
>>>> 6C
>>>>   841:d=3  hl=2 l=  29 cons: SEQUENCE
>>>>   843:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Extended Key
> Usage
>>>>   848:d=4  hl=2 l=  22 prim: OCTET STRING      [HEX
>>>> DUMP]:301406082B0601050507030106082B06010505070302
>>>>   872:d=3  hl=2 l=  14 cons: SEQUENCE
>>>>   874:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Key Usage
>>>>   879:d=4  hl=2 l=   1 prim: BOOLEAN           :255
>>>>   882:d=4  hl=2 l=   4 prim: OCTET STRING      [HEX DUMP]:030205A0
>>>>   888:d=3  hl=2 l=  87 cons: SEQUENCE
>>>>   890:d=4  hl=2 l=   8 prim: OBJECT            :Authority Information
>> Access
>>>>   900:d=4  hl=2 l=  75 prim: OCTET STRING      [HEX
>>>>
>>
>
DUMP]:3049301F06082B060105050730018613687474703A2F2F73652E73796D63642E636F6D
>>>>
>>
>
302606082B06010505073002861A687474703A2F2F73652E73796D63622E636F6D2F73652E63
>>>> 7274
>>>>   977:d=3  hl=2 l=  27 cons: SEQUENCE
>>>>   979:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Subject
>> Alternative
>>>> Name
>>>>   984:d=4  hl=2 l=  20 prim: OCTET STRING      [HEX
>>>> DUMP]:3012821073736C332E766974616C70732E6E6574
>>>>  1006:d=3  hl=2 l=  31 cons: SEQUENCE
>>>>  1008:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Authority Key
>>>> Identifier
>>>>  1013:d=4  hl=2 l=  24 prim: OCTET STRING      [HEX
>>>> DUMP]:30168014D79B7CD822A015F7DDAD5FCE299B58C3BC4600B5
>>>>
>>>> Base64 TBSCertificate:
>>>>
>>
>
MIIEC6ADAgECAhBCbzle6NzvXJEj8P2hFrBAMA0GCSqGSIb3DQEBBQUAMIG8MQswCQYDVQQGEwJV
>>>>
>>
>
UzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdv
>>>>
>>
>
cmsxOzA5BgNVBAsTMlRlcm1zIG9mIHVzZSBhdCBodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBh
>>>>
>>
>
IChjKTEwMTYwNAYDVQQDEy1WZXJpU2lnbiBDbGFzcyAzIEludGVybmF0aW9uYWwgU2VydmVyIENB
>>>>
>>
>
IC0gRzMwHhcNMTYwNzI5MDAwMDAwWhcNMTcwMjEwMjM1OTU5WjB1MQswCQYDVQQGEwJVUzEQMA4G
>>>>
>>
>
A1UECBMHR2VvcmdpYTERMA8GA1UEBxQIQ29sdW1idXMxDTALBgNVBAoUBFRTWVMxFzAVBgNVBAsU
>>>>
>>
>
DlREUy1QTU5fRGFsbGFzMRkwFwYDVQQDFBBzc2wzLnZpdGFscHMubmV0MIIBIjANBgkqhkiG9w0B
>>>>
>>
>
AQEFAAOCAQ8AMIIBCgKCAQEAuNPAsLxpU0Yo6955prdONBE7YJ5iWQsCfkDKT4vgQ74JH7bH37VV
>>>>
>>
>
zy0n7Xf/6g/68D6E20ye9ncVESy0DbHW7z2/c5aPzwTQdS2YDxo9hSlNh4UlV/ePQBQT0pnTYiJf
>>>>
>>
>
M/IuKYmy3bCAXib9O2Y3cE9zNwCdZf7pQ3vKClz8AWh2AAmzza1myb2tFKuCo17fPlk4U8NrZOP5
>>>>
>>
>
A9R8oTDeY5FzR3CAh0pt0JE2uztSTKZXnhrUDennmP30IP4HKJ3stz0/Ml7VexwmV8nmC1dwpZHK
>>>>
>>
>
FFjt71blBD6zjJUNnG+egBygCjTKV1pIwOsSS082Dth2yWDRdBgwD5bDa57HEwIDAQABo4IBZTCC
>>>>
>>
>
AWEwCQYDVR0TBAIwADBhBgNVHSAEWjBYMFYGBmeBDAECAjBMMCMGCCsGAQUFBwIBFhdodHRwczov
>>>>
>>
>
L2Quc3ltY2IuY29tL2NwczAlBggrBgEFBQcCAjAZGhdodHRwczovL2Quc3ltY2IuY29tL3JwYTAr
>>>>
>>
>
BgNVHR8EJDAiMCCgHqAchhpodHRwOi8vc2Uuc3ltY2IuY29tL3NlLmNybDAdBgNVHSUEFjAUBggr
>>>>
>>
>
BgEFBQcDAQYIKwYBBQUHAwIwDgYDVR0PAQH/BAQDAgWgMFcGCCsGAQUFBwEBBEswSTAfBggrBgEF
>>>>
>>
>
BQcwAYYTaHR0cDovL3NlLnN5bWNkLmNvbTAmBggrBgEFBQcwAoYaaHR0cDovL3NlLnN5bWNiLmNv
>>>>
>>
>
bS9zZS5jcnQwGwYDVR0RBBQwEoIQc3NsMy52aXRhbHBzLm5ldDAfBgNVHSMEGDAWgBTXm3zYIqAV
>>>> 992tX84pm1jDvEYAtQ==
>>>>
>>>>
>>>> -------------------------------------------
>>>>
>>>> ssl2.vitalps.net (based on a cert not logged in crt.sh)
>>>>
>>>> -----BEGIN CERTIFICATE-----
>>>> MIIFLjCCBBagAwIBAgIQFW3Uf33gwGxNETp8o3IHkzANBgkqhkiG9w0BAQUFADCB
>>>> vDELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
>>>> ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug
>>>> YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykxMDE2MDQGA1UEAxMt
>>>> VmVyaVNpZ24gQ2xhc3MgMyBJbnRlcm5hdGlvbmFsIFNlcnZlciBDQSAtIEczMB4X
>>>> DTE0MDcxMTAwMDAwMFoXDTE2MDgzMDIzNTk1OVowcTELMAkGA1UEBhMCVVMxEDAO
>>>> BgNVBAgTB0dlb3JnaWExETAPBgNVBAcUCENvbHVtYnVzMQ0wCwYDVQQKFARUU1lT
>>>> MRMwEQYDVQQLFApURFMtUmVzdG9uMRkwFwYDVQQDFBBzc2wyLnZpdGFscHMubmV0
>>>> MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs7SWO9dIJIhhj27rPAFf
>>>> DFQNzCB9op6vy8kw566fo7hwRRA3qqTts6tsjsw7qLzblX2wu4vSNkpmCUqbxKge
>>>> KUGWdxzth7KctXn1MlKA15uSMxkXjlKe7d25MoImWLcZA/sXVGReATzpR0kaXujy
>>>> 7k2prk5hOZY/PaIc6270PuFh6gukXiaDf7eAIvijS40V4xll52L0WhpjIMaDXnTo
>>>> WkDbGXH6YqT/IritvAGM2IRZPWrhE2YrvDlwVoXnkxPGlT9is5kDkBJ02OZYTd7/
>>>> BuRZO9GR1tQY8esd2KQw5KQlFIaW5wXaNTXRlJ3R+13oAzsrq51kPVeUbhzkJ5Ce
>>>> 6QIDAQABo4IBdDCCAXAwGwYDVR0RBBQwEoIQc3NsMi52aXRhbHBzLm5ldDAJBgNV
>>>> HRMEAjAAMA4GA1UdDwEB/wQEAwIFoDAoBgNVHSUEITAfBggrBgEFBQcDAQYIKwYB
>>>> BQUHAwIGCWCGSAGG+EIEATBlBgNVHSAEXjBcMFoGCmCGSAGG+EUBBzYwTDAjBggr
>>>> BgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIwGRoX
>>>> aHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwHwYDVR0jBBgwFoAU15t82CKgFffdrV/O
>>>> KZtYw7xGALUwKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3NlLnN5bWNiLmNvbS9z
>>>> ZS5jcmwwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vc2Uuc3lt
>>>> Y2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc2Uuc3ltY2IuY29tL3NlLmNydDAN
>>>> BgkqhkiG9w0BAQUFAAOCAQEAVwlUXrDLP2LKmX8PmscxPv1k8pzUmOB2XRegkWLj
>>>> D1Bsc1U/FbuVWlgkg8aIeqm1yqwnX/b/67Jlop1kOxGcTXgl9TA5uQSYRSWqejFO
>>>> 1CsM56ScFHFuW76EhXHUX36tqRF+MSPcMRr8lWA1DJQeNKmdjfPYvwUggnkH5/rm
>>>> yRZk0OSRhpQTrCuYTq1xFuS+tyKiYnq6ocaQwDfbD+nvvzVf8x8qvPFt61HMzUzP
>>>> ydVKbv2QwAQBjy0dUxEkJ6O8hnK1hU8F3qc4wRu+Ge1ofSdfssyWjYLFI66IRBTD
>>>> 2XmvyE9c680wPZv90uHz9eWBR7yGF1hP0V8fXsM4ldJksA==
>>>> -----END CERTIFICATE-----
>>>>
>>>> Parsed TBSCertificate:
>>>>     0:d=0  hl=4 l=1031 cons: SEQUENCE
>>>>     4:d=1  hl=2 l=   3 cons: cont [ 0 ]
>>>>     6:d=2  hl=2 l=   1 prim: INTEGER           :02
>>>>     9:d=1  hl=2 l=  16 prim: INTEGER
>>>> :7CD54ACFA6E1738BA8449A38CA09BE1E
>>>>    27:d=1  hl=2 l=  13 cons: SEQUENCE
>>>>    29:d=2  hl=2 l=   9 prim: OBJECT            :sha1WithRSAEncryption
>>>>    40:d=2  hl=2 l=   0 prim: NULL
>>>>    42:d=1  hl=3 l= 188 cons: SEQUENCE
>>>>    45:d=2  hl=2 l=  11 cons: SET
>>>>    47:d=3  hl=2 l=   9 cons: SEQUENCE
>>>>    49:d=4  hl=2 l=   3 prim: OBJECT            :countryName
>>>>    54:d=4  hl=2 l=   2 prim: PRINTABLESTRING   :US
>>>>    58:d=2  hl=2 l=  23 cons: SET
>>>>    60:d=3  hl=2 l=  21 cons: SEQUENCE
>>>>    62:d=4  hl=2 l=   3 prim: OBJECT            :organizationName
>>>>    67:d=4  hl=2 l=  14 prim: PRINTABLESTRING   :VeriSign, Inc.
>>>>    83:d=2  hl=2 l=  31 cons: SET
>>>>    85:d=3  hl=2 l=  29 cons: SEQUENCE
>>>>    87:d=4  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
>>>>    92:d=4  hl=2 l=  22 prim: PRINTABLESTRING   :VeriSign Trust Network
>>>>   116:d=2  hl=2 l=  59 cons: SET
>>>>   118:d=3  hl=2 l=  57 cons: SEQUENCE
>>>>   120:d=4  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
>>>>   125:d=4  hl=2 l=  50 prim: PRINTABLESTRING   :Terms of use at
>>>> https://www.verisign.com/rpa (c)10
>>>>   177:d=2  hl=2 l=  54 cons: SET
>>>>   179:d=3  hl=2 l=  52 cons: SEQUENCE
>>>>   181:d=4  hl=2 l=   3 prim: OBJECT            :commonName
>>>>   186:d=4  hl=2 l=  45 prim: PRINTABLESTRING   :VeriSign Class 3
>>>> International Server CA - G3
>>>>   233:d=1  hl=2 l=  30 cons: SEQUENCE
>>>>   235:d=2  hl=2 l=  13 prim: UTCTIME           :160729000000Z
>>>>   250:d=2  hl=2 l=  13 prim: UTCTIME           :170210235959Z
>>>>   265:d=1  hl=2 l= 113 cons: SEQUENCE
>>>>   267:d=2  hl=2 l=  11 cons: SET
>>>>   269:d=3  hl=2 l=   9 cons: SEQUENCE
>>>>   271:d=4  hl=2 l=   3 prim: OBJECT            :countryName
>>>>   276:d=4  hl=2 l=   2 prim: PRINTABLESTRING   :US
>>>>   280:d=2  hl=2 l=  16 cons: SET
>>>>   282:d=3  hl=2 l=  14 cons: SEQUENCE
>>>>   284:d=4  hl=2 l=   3 prim: OBJECT            :stateOrProvinceName
>>>>   289:d=4  hl=2 l=   7 prim: PRINTABLESTRING   :Georgia
>>>>   298:d=2  hl=2 l=  17 cons: SET
>>>>   300:d=3  hl=2 l=  15 cons: SEQUENCE
>>>>   302:d=4  hl=2 l=   3 prim: OBJECT            :localityName
>>>>   307:d=4  hl=2 l=   8 prim: T61STRING         :Columbus
>>>>   317:d=2  hl=2 l=  13 cons: SET
>>>>   319:d=3  hl=2 l=  11 cons: SEQUENCE
>>>>   321:d=4  hl=2 l=   3 prim: OBJECT            :organizationName
>>>>   326:d=4  hl=2 l=   4 prim: T61STRING         :TSYS
>>>>   332:d=2  hl=2 l=  19 cons: SET
>>>>   334:d=3  hl=2 l=  17 cons: SEQUENCE
>>>>   336:d=4  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
>>>>   341:d=4  hl=2 l=  10 prim: T61STRING         :TDS-Reston
>>>>   353:d=2  hl=2 l=  25 cons: SET
>>>>   355:d=3  hl=2 l=  23 cons: SEQUENCE
>>>>   357:d=4  hl=2 l=   3 prim: OBJECT            :commonName
>>>>   362:d=4  hl=2 l=  16 prim: T61STRING         :ssl2.vitalps.net
>>>>   380:d=1  hl=4 l= 290 cons: SEQUENCE
>>>>   384:d=2  hl=2 l=  13 cons: SEQUENCE
>>>>   386:d=3  hl=2 l=   9 prim: OBJECT            :rsaEncryption
>>>>   397:d=3  hl=2 l=   0 prim: NULL
>>>>   399:d=2  hl=4 l= 271 prim: BIT STRING
>>>>   674:d=1  hl=4 l= 357 cons: cont [ 3 ]
>>>>   678:d=2  hl=4 l= 353 cons: SEQUENCE
>>>>   682:d=3  hl=2 l=   9 cons: SEQUENCE
>>>>   684:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Basic
Constraints
>>>>   689:d=4  hl=2 l=   2 prim: OCTET STRING      [HEX DUMP]:3000
>>>>   693:d=3  hl=2 l=  97 cons: SEQUENCE
>>>>   695:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Certificate
>> Policies
>>>>   700:d=4  hl=2 l=  90 prim: OCTET STRING      [HEX
>>>>
>>
>
DUMP]:30583056060667810C010202304C302306082B06010505070201161768747470733A2F
>>>>
>>
>
2F642E73796D63622E636F6D2F637073302506082B0601050507020230191A1768747470733A
>>>> 2F2F642E73796D63622E636F6D2F727061
>>>>   792:d=3  hl=2 l=  43 cons: SEQUENCE
>>>>   794:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 CRL Distribution
>>>> Points
>>>>   799:d=4  hl=2 l=  36 prim: OCTET STRING      [HEX
>>>>
>>
>
DUMP]:30223020A01EA01C861A687474703A2F2F73652E73796D63622E636F6D2F73652E6372
>>>> 6C
>>>>   837:d=3  hl=2 l=  29 cons: SEQUENCE
>>>>   839:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Extended Key
> Usage
>>>>   844:d=4  hl=2 l=  22 prim: OCTET STRING      [HEX
>>>> DUMP]:301406082B0601050507030106082B06010505070302
>>>>   868:d=3  hl=2 l=  14 cons: SEQUENCE
>>>>   870:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Key Usage
>>>>   875:d=4  hl=2 l=   1 prim: BOOLEAN           :255
>>>>   878:d=4  hl=2 l=   4 prim: OCTET STRING      [HEX DUMP]:030205A0
>>>>   884:d=3  hl=2 l=  87 cons: SEQUENCE
>>>>   886:d=4  hl=2 l=   8 prim: OBJECT            :Authority Information
>> Access
>>>>   896:d=4  hl=2 l=  75 prim: OCTET STRING      [HEX
>>>>
>>
>
DUMP]:3049301F06082B060105050730018613687474703A2F2F73652E73796D63642E636F6D
>>>>
>>
>
302606082B06010505073002861A687474703A2F2F73652E73796D63622E636F6D2F73652E63
>>>> 7274
>>>>   973:d=3  hl=2 l=  27 cons: SEQUENCE
>>>>   975:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Subject
>> Alternative
>>>> Name
>>>>   980:d=4  hl=2 l=  20 prim: OCTET STRING      [HEX
>>>> DUMP]:3012821073736C322E766974616C70732E6E6574
>>>>  1002:d=3  hl=2 l=  31 cons: SEQUENCE
>>>>  1004:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Authority Key
>>>> Identifier
>>>>  1009:d=4  hl=2 l=  24 prim: OCTET STRING      [HEX
>>>> DUMP]:30168014D79B7CD822A015F7DDAD5FCE299B58C3BC4600B5
>>>>
>>>> Base64 TBSCertificate:
>>>>
>>
>
MIIEB6ADAgECAhB81UrPpuFzi6hEmjjKCb4eMA0GCSqGSIb3DQEBBQUAMIG8MQswCQYDVQQGEwJV
>>>>
>>
>
UzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdv
>>>>
>>
>
cmsxOzA5BgNVBAsTMlRlcm1zIG9mIHVzZSBhdCBodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBh
>>>>
>>
>
IChjKTEwMTYwNAYDVQQDEy1WZXJpU2lnbiBDbGFzcyAzIEludGVybmF0aW9uYWwgU2VydmVyIENB
>>>>
>>
>
IC0gRzMwHhcNMTYwNzI5MDAwMDAwWhcNMTcwMjEwMjM1OTU5WjBxMQswCQYDVQQGEwJVUzEQMA4G
>>>>
>>
>
A1UECBMHR2VvcmdpYTERMA8GA1UEBxQIQ29sdW1idXMxDTALBgNVBAoUBFRTWVMxEzARBgNVBAsU
>>>>
>>
>
ClREUy1SZXN0b24xGTAXBgNVBAMUEHNzbDIudml0YWxwcy5uZXQwggEiMA0GCSqGSIb3DQEBAQUA
>>>>
>>
>
A4IBDwAwggEKAoIBAQCztJY710gkiGGPbus8AV8MVA3MIH2inq/LyTDnrp+juHBFEDeqpO2zq2yO
>>>>
>>
>
zDuovNuVfbC7i9I2SmYJSpvEqB4pQZZ3HO2Hspy1efUyUoDXm5IzGReOUp7t3bkygiZYtxkD+xdU
>>>>
>>
>
ZF4BPOlHSRpe6PLuTamuTmE5lj89ohzrbvQ+4WHqC6ReJoN/t4Ai+KNLjRXjGWXnYvRaGmMgxoNe
>>>>
>>
>
dOhaQNsZcfpipP8iuK28AYzYhFk9auETZiu8OXBWheeTE8aVP2KzmQOQEnTY5lhN3v8G5Fk70ZHW
>>>>
>>
>
1Bjx6x3YpDDkpCUUhpbnBdo1NdGUndH7XegDOyurnWQ9V5RuHOQnkJ7pAgMBAAGjggFlMIIBYTAJ
>>>>
>>
>
BgNVHRMEAjAAMGEGA1UdIARaMFgwVgYGZ4EMAQICMEwwIwYIKwYBBQUHAgEWF2h0dHBzOi8vZC5z
>>>>
>>
>
eW1jYi5jb20vY3BzMCUGCCsGAQUFBwICMBkaF2h0dHBzOi8vZC5zeW1jYi5jb20vcnBhMCsGA1Ud
>>>>
>>
>
HwQkMCIwIKAeoByGGmh0dHA6Ly9zZS5zeW1jYi5jb20vc2UuY3JsMB0GA1UdJQQWMBQGCCsGAQUF
>>>>
>>
>
BwMBBggrBgEFBQcDAjAOBgNVHQ8BAf8EBAMCBaAwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzAB
>>>>
>>
>
hhNodHRwOi8vc2Uuc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc2Uuc3ltY2IuY29tL3Nl
>>>>
>>
>
LmNydDAbBgNVHREEFDASghBzc2wyLnZpdGFscHMubmV0MB8GA1UdIwQYMBaAFNebfNgioBX33a1f
>>>> zimbWMO8RgC1
>>>>
>>>>
>>>> ---------------------------------------------
>>>>
>>>> ssl2.vitalps.net (based https://crt.sh/?id=24732905)
>>>>
>>>> -----BEGIN CERTIFICATE-----
>>>> MIIFLjCCBBagAwIBAgIQC2txgNGyPR3F31kjsev70TANBgkqhkiG9w0BAQUFADCB
>>>> vDELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
>>>> ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug
>>>> YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykxMDE2MDQGA1UEAxMt
>>>> VmVyaVNpZ24gQ2xhc3MgMyBJbnRlcm5hdGlvbmFsIFNlcnZlciBDQSAtIEczMB4X
>>>> DTE0MDcxMTAwMDAwMFoXDTE2MDgzMDIzNTk1OVowcTELMAkGA1UEBhMCVVMxEDAO
>>>> BgNVBAgTB0dlb3JnaWExETAPBgNVBAcUCENvbHVtYnVzMQ0wCwYDVQQKFARUU1lT
>>>> MRMwEQYDVQQLFApURFMtRGFsbGFzMRkwFwYDVQQDFBBzc2wyLnZpdGFscHMubmV0
>>>> MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt7h6ItxaeRllDNDzqJSD
>>>> 6YxRZ/IQjGMAJGSq3vIwo8rof17S2PdtMFZpHA4G0ueZJm0cVcNKprJ1M5ykwzVo
>>>> fc+i1z3DjmlxSK4HjL9B6vDuUQGLgasYrvR3pAosKGkucQQW0/mFWpOKwrpXfYss
>>>> zAIgLc0bU1QJHKF14re6FRo1sX4JxU0xlaK/+Q0kdUQVPYdG4A57Uvz7C1/u9/Jt
>>>> vP+1OKxn0fEwclZa9Hug4yi9llLjEHNHs0sPc2g/2nFmBOSpzUutnr8oqomgM0Of
>>>> UhgFmPbsRZ0jzYxR0HZ7RQ+Eg3UJcDwQqmp14iw2dWAJKbmVsdOy8FT6TGOk9Paz
>>>> HQIDAQABo4IBdDCCAXAwGwYDVR0RBBQwEoIQc3NsMi52aXRhbHBzLm5ldDAJBgNV
>>>> HRMEAjAAMA4GA1UdDwEB/wQEAwIFoDAoBgNVHSUEITAfBggrBgEFBQcDAQYIKwYB
>>>> BQUHAwIGCWCGSAGG+EIEATBlBgNVHSAEXjBcMFoGCmCGSAGG+EUBBzYwTDAjBggr
>>>> BgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIwGRoX
>>>> aHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwHwYDVR0jBBgwFoAU15t82CKgFffdrV/O
>>>> KZtYw7xGALUwKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3NlLnN5bWNiLmNvbS9z
>>>> ZS5jcmwwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vc2Uuc3lt
>>>> Y2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc2Uuc3ltY2IuY29tL3NlLmNydDAN
>>>> BgkqhkiG9w0BAQUFAAOCAQEAZGQ7qWXzrHZbrnJBbcy8vtTxfz6ScUpmdhNsHtqA
>>>> zibYmUerfme6vcfI+a3RntUdeh2bP/g28hWsJeUOBWOH2jewa9SvFDWeA+an2ICO
>>>> qK1aFEM2zbJxRoSmFYNwogISVhNWs895zGyQEGcfSHhh8R+PTZdu1AoSgZ33RKc/
>>>> mhnVyr1aLdymLzQ+hz4D5j2qVyO3JqJjrqiQKxFKsp/AOVU/UCeWjSumcd2Ff6fw
>>>> VL6TvBa+QGnHFFFzUadkyf8LjGTFxwN65Ft4Rd/EcI+6hrfLn8ivJ+sh616wesB4
>>>> OvX9A29d6wJqVPIL9vmD8l+4akKpFZi0rLtb5e6FmpWy1Q==
>>>> -----END CERTIFICATE-----
>>>>
>>>> Parsed TBSCertificate:
>>>>     0:d=0  hl=4 l=1031 cons: SEQUENCE
>>>>     4:d=1  hl=2 l=   3 cons: cont [ 0 ]
>>>>     6:d=2  hl=2 l=   1 prim: INTEGER           :02
>>>>     9:d=1  hl=2 l=  16 prim: INTEGER
>>>> :1A7737CFE654ED95E0B42A90DB357BB9
>>>>    27:d=1  hl=2 l=  13 cons: SEQUENCE
>>>>    29:d=2  hl=2 l=   9 prim: OBJECT            :sha1WithRSAEncryption
>>>>    40:d=2  hl=2 l=   0 prim: NULL
>>>>    42:d=1  hl=3 l= 188 cons: SEQUENCE
>>>>    45:d=2  hl=2 l=  11 cons: SET
>>>>    47:d=3  hl=2 l=   9 cons: SEQUENCE
>>>>    49:d=4  hl=2 l=   3 prim: OBJECT            :countryName
>>>>    54:d=4  hl=2 l=   2 prim: PRINTABLESTRING   :US
>>>>    58:d=2  hl=2 l=  23 cons: SET
>>>>    60:d=3  hl=2 l=  21 cons: SEQUENCE
>>>>    62:d=4  hl=2 l=   3 prim: OBJECT            :organizationName
>>>>    67:d=4  hl=2 l=  14 prim: PRINTABLESTRING   :VeriSign, Inc.
>>>>    83:d=2  hl=2 l=  31 cons: SET
>>>>    85:d=3  hl=2 l=  29 cons: SEQUENCE
>>>>    87:d=4  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
>>>>    92:d=4  hl=2 l=  22 prim: PRINTABLESTRING   :VeriSign Trust Network
>>>>   116:d=2  hl=2 l=  59 cons: SET
>>>>   118:d=3  hl=2 l=  57 cons: SEQUENCE
>>>>   120:d=4  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
>>>>   125:d=4  hl=2 l=  50 prim: PRINTABLESTRING   :Terms of use at
>>>> https://www.verisign.com/rpa (c)10
>>>>   177:d=2  hl=2 l=  54 cons: SET
>>>>   179:d=3  hl=2 l=  52 cons: SEQUENCE
>>>>   181:d=4  hl=2 l=   3 prim: OBJECT            :commonName
>>>>   186:d=4  hl=2 l=  45 prim: PRINTABLESTRING   :VeriSign Class 3
>>>> International Server CA - G3
>>>>   233:d=1  hl=2 l=  30 cons: SEQUENCE
>>>>   235:d=2  hl=2 l=  13 prim: UTCTIME           :160729000000Z
>>>>   250:d=2  hl=2 l=  13 prim: UTCTIME           :170210235959Z
>>>>   265:d=1  hl=2 l= 113 cons: SEQUENCE
>>>>   267:d=2  hl=2 l=  11 cons: SET
>>>>   269:d=3  hl=2 l=   9 cons: SEQUENCE
>>>>   271:d=4  hl=2 l=   3 prim: OBJECT            :countryName
>>>>   276:d=4  hl=2 l=   2 prim: PRINTABLESTRING   :US
>>>>   280:d=2  hl=2 l=  16 cons: SET
>>>>   282:d=3  hl=2 l=  14 cons: SEQUENCE
>>>>   284:d=4  hl=2 l=   3 prim: OBJECT            :stateOrProvinceName
>>>>   289:d=4  hl=2 l=   7 prim: PRINTABLESTRING   :Georgia
>>>>   298:d=2  hl=2 l=  17 cons: SET
>>>>   300:d=3  hl=2 l=  15 cons: SEQUENCE
>>>>   302:d=4  hl=2 l=   3 prim: OBJECT            :localityName
>>>>   307:d=4  hl=2 l=   8 prim: T61STRING         :Columbus
>>>>   317:d=2  hl=2 l=  13 cons: SET
>>>>   319:d=3  hl=2 l=  11 cons: SEQUENCE
>>>>   321:d=4  hl=2 l=   3 prim: OBJECT            :organizationName
>>>>   326:d=4  hl=2 l=   4 prim: T61STRING         :TSYS
>>>>   332:d=2  hl=2 l=  19 cons: SET
>>>>   334:d=3  hl=2 l=  17 cons: SEQUENCE
>>>>   336:d=4  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
>>>>   341:d=4  hl=2 l=  10 prim: T61STRING         :TDS-Dallas
>>>>   353:d=2  hl=2 l=  25 cons: SET
>>>>   355:d=3  hl=2 l=  23 cons: SEQUENCE
>>>>   357:d=4  hl=2 l=   3 prim: OBJECT            :commonName
>>>>   362:d=4  hl=2 l=  16 prim: T61STRING         :ssl2.vitalps.net
>>>>   380:d=1  hl=4 l= 290 cons: SEQUENCE
>>>>   384:d=2  hl=2 l=  13 cons: SEQUENCE
>>>>   386:d=3  hl=2 l=   9 prim: OBJECT            :rsaEncryption
>>>>   397:d=3  hl=2 l=   0 prim: NULL
>>>>   399:d=2  hl=4 l= 271 prim: BIT STRING
>>>>   674:d=1  hl=4 l= 357 cons: cont [ 3 ]
>>>>   678:d=2  hl=4 l= 353 cons: SEQUENCE
>>>>   682:d=3  hl=2 l=   9 cons: SEQUENCE
>>>>   684:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Basic
Constraints
>>>>   689:d=4  hl=2 l=   2 prim: OCTET STRING      [HEX DUMP]:3000
>>>>   693:d=3  hl=2 l=  97 cons: SEQUENCE
>>>>   695:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Certificate
>> Policies
>>>>   700:d=4  hl=2 l=  90 prim: OCTET STRING      [HEX
>>>>
>>
>
DUMP]:30583056060667810C010202304C302306082B06010505070201161768747470733A2F
>>>>
>>
>
2F642E73796D63622E636F6D2F637073302506082B0601050507020230191A1768747470733A
>>>> 2F2F642E73796D63622E636F6D2F727061
>>>>   792:d=3  hl=2 l=  43 cons: SEQUENCE
>>>>   794:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 CRL Distribution
>>>> Points
>>>>   799:d=4  hl=2 l=  36 prim: OCTET STRING      [HEX
>>>>
>>
>
DUMP]:30223020A01EA01C861A687474703A2F2F73652E73796D63622E636F6D2F73652E6372
>>>> 6C
>>>>   837:d=3  hl=2 l=  29 cons: SEQUENCE
>>>>   839:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Extended Key
> Usage
>>>>   844:d=4  hl=2 l=  22 prim: OCTET STRING      [HEX
>>>> DUMP]:301406082B0601050507030106082B06010505070302
>>>>   868:d=3  hl=2 l=  14 cons: SEQUENCE
>>>>   870:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Key Usage
>>>>   875:d=4  hl=2 l=   1 prim: BOOLEAN           :255
>>>>   878:d=4  hl=2 l=   4 prim: OCTET STRING      [HEX DUMP]:030205A0
>>>>   884:d=3  hl=2 l=  87 cons: SEQUENCE
>>>>   886:d=4  hl=2 l=   8 prim: OBJECT            :Authority Information
>> Access
>>>>   896:d=4  hl=2 l=  75 prim: OCTET STRING      [HEX
>>>>
>>
>
DUMP]:3049301F06082B060105050730018613687474703A2F2F73652E73796D63642E636F6D
>>>>
>>
>
302606082B06010505073002861A687474703A2F2F73652E73796D63622E636F6D2F73652E63
>>>> 7274
>>>>   973:d=3  hl=2 l=  27 cons: SEQUENCE
>>>>   975:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Subject
>> Alternative
>>>> Name
>>>>   980:d=4  hl=2 l=  20 prim: OCTET STRING      [HEX
>>>> DUMP]:3012821073736C322E766974616C70732E6E6574
>>>>  1002:d=3  hl=2 l=  31 cons: SEQUENCE
>>>>  1004:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Authority Key
>>>> Identifier
>>>>  1009:d=4  hl=2 l=  24 prim: OCTET STRING      [HEX
>>>> DUMP]:30168014D79B7CD822A015F7DDAD5FCE299B58C3BC4600B5
>>>>
>>>> Base64 TBSCertificate:
>>>>
>>
>
MIIEB6ADAgECAhAadzfP5lTtleC0KpDbNXu5MA0GCSqGSIb3DQEBBQUAMIG8MQswCQYDVQQGEwJV
>>>>
>>
>
UzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdv
>>>>
>>
>
cmsxOzA5BgNVBAsTMlRlcm1zIG9mIHVzZSBhdCBodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBh
>>>>
>>
>
IChjKTEwMTYwNAYDVQQDEy1WZXJpU2lnbiBDbGFzcyAzIEludGVybmF0aW9uYWwgU2VydmVyIENB
>>>>
>>
>
IC0gRzMwHhcNMTYwNzI5MDAwMDAwWhcNMTcwMjEwMjM1OTU5WjBxMQswCQYDVQQGEwJVUzEQMA4G
>>>>
>>
>
A1UECBMHR2VvcmdpYTERMA8GA1UEBxQIQ29sdW1idXMxDTALBgNVBAoUBFRTWVMxEzARBgNVBAsU
>>>>
>>
>
ClREUy1EYWxsYXMxGTAXBgNVBAMUEHNzbDIudml0YWxwcy5uZXQwggEiMA0GCSqGSIb3DQEBAQUA
>>>>
>>
>
A4IBDwAwggEKAoIBAQC3uHoi3Fp5GWUM0POolIPpjFFn8hCMYwAkZKre8jCjyuh/XtLY920wVmkc
>>>>
>>
>
DgbS55kmbRxVw0qmsnUznKTDNWh9z6LXPcOOaXFIrgeMv0Hq8O5RAYuBqxiu9HekCiwoaS5xBBbT
>>>>
>>
>
+YVak4rCuld9iyzMAiAtzRtTVAkcoXXit7oVGjWxfgnFTTGVor/5DSR1RBU9h0bgDntS/PsLX+73
>>>>
>>
>
8m28/7U4rGfR8TByVlr0e6DjKL2WUuMQc0ezSw9zaD/acWYE5KnNS62evyiqiaAzQ59SGAWY9uxF
>>>>
>>
>
nSPNjFHQdntFD4SDdQlwPBCqanXiLDZ1YAkpuZWx07LwVPpMY6T09rMdAgMBAAGjggFlMIIBYTAJ
>>>>
>>
>
BgNVHRMEAjAAMGEGA1UdIARaMFgwVgYGZ4EMAQICMEwwIwYIKwYBBQUHAgEWF2h0dHBzOi8vZC5z
>>>>
>>
>
eW1jYi5jb20vY3BzMCUGCCsGAQUFBwICMBkaF2h0dHBzOi8vZC5zeW1jYi5jb20vcnBhMCsGA1Ud
>>>>
>>
>
HwQkMCIwIKAeoByGGmh0dHA6Ly9zZS5zeW1jYi5jb20vc2UuY3JsMB0GA1UdJQQWMBQGCCsGAQUF
>>>>
>>
>
BwMBBggrBgEFBQcDAjAOBgNVHQ8BAf8EBAMCBaAwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzAB
>>>>
>>
>
hhNodHRwOi8vc2Uuc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc2Uuc3ltY2IuY29tL3Nl
>>>>
>>
>
LmNydDAbBgNVHREEFDASghBzc2wyLnZpdGFscHMubmV0MB8GA1UdIwQYMBaAFNebfNgioBX33a1f
>>>> zimbWMO8RgC1
>>>>
>>>>
>>>> -----Original Message-----
>>>> From: public-bounces at cabforum.org
>>>> Sent: Friday, July 15, 2016 7:48 PM
>>>>
>>>> Subject: [cabfpub] Application for SHA-1 Issuance
>>>>
>>>> Enclosed please find the application for SHA-1 issuance presented on
>> behalf
>>>> of our client. Note that the application was fully completed by the
>> client.
>>>>
>>>> In addition, please find the TBS certificates generated by Symantec.
>>>>
>>>> Accompanying each TBSCertificate is a crt.sh link to the corresponding
>> SHA-2
>>>> certificate issued by our online system as a prerequisite, so that we
>>>> capture evidence of authentication and verification of the information
> in
>>>> the certificate. The TBSCertificates differ from these certificates by
>>>> Issuer name, because our online systems can sign only with SHA-2
> issuers.
>>>> And since the Issuer name is different, corresponding extensions (CDP,
>> AIA,
>>>> AKI) are different as well.
>>>>
>>>> The TBSCertificates do not include public keys from older CT-logged
>>>> certificates; they include public keys that correspond to private keys
>> that
>>>> were recently generated on the servers and that await the approval of
>> these
>>>> requests. The customer uses a CDN that uses OpenSSL to generate key
> pairs
>>>> from a secure server. A separate secure server is used for private key
>>>> pass-phrase retention.
>>>>
>>>> As this is the first time this is being done, there may be follow-up
>>>> questions or items that were inadvertently omitted which we are happy
to
>>>> address.
>>>>
>>>> We ask that the community give good consideration to this request.
>>>>
>>>> One thing you will notice is the validity date extends to Feb 10, 2017.
>> In
>>>> the payment industry, 31 December is an absolutely horrible time to
make
>> a
>>>> change as it represents one of the peak times for traffic. The client
> has
>>>> aligned the date with the published Microsoft end date for SHA-1.
>>>>
>>>> Thank you,
>>>>
>>>> Dean Coclin
>>>> Symantec
>

-- 
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
Office Tel: +44.(0)1274.730505
Office Fax: +44.(0)1274.730909
www.comodo.com

COMODO CA Limited, Registered in England No. 04058690
Registered Office:
   3rd Floor, 26 Office Village, Exchange Quay,
   Trafford Road, Salford, Manchester M5 3EQ

This e-mail and any files transmitted with it are confidential and 
intended solely for the use of the individual or entity to whom they are 
addressed.  If you have received this email in error please notify the 
sender by replying to the e-mail containing this attachment. Replies to 
this email may be monitored by COMODO for operational or business 
reasons. Whilst every endeavour is taken to ensure that e-mails are free 
from viruses, no liability can be accepted and the recipient is 
requested to use their own virus checking software.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5723 bytes
Desc: not available
Url : https://cabforum.org/pipermail/public/attachments/20160725/9bb89e66/attachment-0001.bin 


More information about the Public mailing list