[cabfpub] Application for SHA-1 Issuance

Rob Stradling rob.stradling at comodo.com
Fri Jul 22 23:56:52 UTC 2016


On 23/07/16 00:25, Rob Stradling wrote:
> Dean,
>
> I was pleased to see that you'd used PrintableStrings in your previous
> batch of TBSCertificates for TSYS, but it's disappointing to see
> T61Strings in this new batch.

Please ignore that comment.  It's been pointed out to me that, since the 
Existing Certificates used T61Strings, the new certs should use 
T61Strings too.

"Existing Certificate Information

Ideally the proposed tbsCertificate should correspond to an Existing 
Certificate logged in at least two Certificate Transparency logs trusted 
by one or more Application Software Suppliers, with an audit proof to a 
Signed Tree Head with a timestamp prior to 1st January 2016 and 
differing only by:
   - signature AlgorithmIdentifier
   - Serial Number, which must have at least 60 bits of entropy
   - Validity, which must have a notAfter on or before 31st December 2016"

> Did Symantec consider Ryan's offer to help with generating the serial
> numbers according to a rigid construction?  If not, why not?
>
> Thanks.
>
> On 22/07/16 23:55, Dean Coclin wrote:
>> Based on feedback from the community, TSYS and Symantec have created new TBS
>> certificates. These use existing keys and do not contain the miscellaneous
>> characters in the OU that the others contained (and were explained by TSYS).
>> These TBSCertificates have the same public keys from the existing
>> certificates on which they're based, and should differ only in serial number
>> and dates
>>
>> You will notice there are only 7 certificates instead of 8 due to a change
>> TSYS made in early 2016 to align dates into August for Expiration. Most
>> servers have a Dallas and a Reston version; for one server they duplicated
>> one private key and cert so there's only one cert for both sites.
>>
>> To reconstitute the TBSCertificate in binary DER form, use the Linux
>> command:
>> base64 --decode > tbs.der
>> Then paste in a block of text from below, followed by an EOF (control-D).
>>
>> ----------------------------------------
>>
>> ssl1.tsysacquiring.net (based on https://crt.sh/?id=12924024)
>>
>> -----BEGIN CERTIFICATE-----
>> MIIFOjCCBCKgAwIBAgIQfN9GpTEgg8dMV3KfmuboLjANBgkqhkiG9w0BAQUFADCB
>> vDELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
>> ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug
>> YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykxMDE2MDQGA1UEAxMt
>> VmVyaVNpZ24gQ2xhc3MgMyBJbnRlcm5hdGlvbmFsIFNlcnZlciBDQSAtIEczMB4X
>> DTE0MDcxNTAwMDAwMFoXDTE2MDgzMDIzNTk1OVowdzELMAkGA1UEBhMCVVMxEDAO
>> BgNVBAgTB0dlb3JnaWExETAPBgNVBAcUCENvbHVtYnVzMQ0wCwYDVQQKFARUU1lT
>> MRMwEQYDVQQLFApURFMtUmVzdG9uMR8wHQYDVQQDFBZzc2wxLnRzeXNhY3F1aXJp
>> bmcubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6vbHdGqwEWy0
>> qmpyRlZuZbygE68fAxGrWUqow2YIo2PlVKX74sBC+hK7e7AYpM8P2mueLbbUCjBJ
>> ChIiMLdaQfL9L9ZchoMi0YS3O7cFVFfg7i8BKZ5L4JCisqYVZnT8pJgVMd/Hvqqw
>> 2xLx3pddQzBUK0D4VdJBcDVbyD4/j5/vGe9PUfBBJE/xmDa6T/k+ZH2PtcJ4/eWt
>> mfrtl1Ncz2/vLXg2v+FZLYVc1eQSgyFci0OEmxrK2oNa9OPXDQIO/cjLCxUP4g7I
>> E7U0MSx6lzbLgSR8V1UPlsw2kkZgPUD7JAAITJ5cCcJKx0zT+CZYIjs71kJL7Ne5
>> 7i9fWw6H/QIDAQABo4IBejCCAXYwIQYDVR0RBBowGIIWc3NsMS50c3lzYWNxdWly
>> aW5nLm5ldDAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIFoDAoBgNVHSUEITAfBggr
>> BgEFBQcDAQYIKwYBBQUHAwIGCWCGSAGG+EIEATBlBgNVHSAEXjBcMFoGCmCGSAGG
>> +EUBBzYwTDAjBggrBgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYI
>> KwYBBQUHAgIwGRoXaHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwHwYDVR0jBBgwFoAU
>> 15t82CKgFffdrV/OKZtYw7xGALUwKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3Nl
>> LnN5bWNiLmNvbS9zZS5jcmwwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNo
>> dHRwOi8vc2Uuc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc2Uuc3ltY2Iu
>> Y29tL3NlLmNydDANBgkqhkiG9w0BAQUFAAOCAQEATTAL5DkwpxAeLc9PtdLkpQj0
>> saugkQNsGgtc6PKtxqBF4Slh4Aylnsve2MwDRDj2FNTCO+rUkNzrBSnSXTKnwfkD
>> yM1ymuNqECv9+zHEMo8PNPWq4BNs2YSY6Ri+wH1eXHum+sDiizk2whWniBVYWdiY
>> Yn7aRX8bsiWkjwDWeseHfNzv6KIO/7esmsz8LXyf9qz3OWi++CX4fVEf/0PAbEEE
>> 3nU00fjS77TfC5A5hW991jzvJ8vpvaTHVuh0g+0JhMNpQJljrS0Nq5cOvLLjGkx+
>> vH5d+6Adgjl2C0T76rc6I7PEi+489IoWHXEBSE21JBNu7wZ4Q/KFYI1/EZg1VA==
>> -----END CERTIFICATE-----
>>
>> Parsed TBSCertificate:
>>     0:d=0  hl=4 l=1043 cons: SEQUENCE
>>     4:d=1  hl=2 l=   3 cons: cont [ 0 ]
>>     6:d=2  hl=2 l=   1 prim: INTEGER           :02
>>     9:d=1  hl=2 l=  16 prim: INTEGER
>> :70125CA8AAEDC172C8E50707B493E30D
>>    27:d=1  hl=2 l=  13 cons: SEQUENCE
>>    29:d=2  hl=2 l=   9 prim: OBJECT            :sha1WithRSAEncryption
>>    40:d=2  hl=2 l=   0 prim: NULL
>>    42:d=1  hl=3 l= 188 cons: SEQUENCE
>>    45:d=2  hl=2 l=  11 cons: SET
>>    47:d=3  hl=2 l=   9 cons: SEQUENCE
>>    49:d=4  hl=2 l=   3 prim: OBJECT            :countryName
>>    54:d=4  hl=2 l=   2 prim: PRINTABLESTRING   :US
>>    58:d=2  hl=2 l=  23 cons: SET
>>    60:d=3  hl=2 l=  21 cons: SEQUENCE
>>    62:d=4  hl=2 l=   3 prim: OBJECT            :organizationName
>>    67:d=4  hl=2 l=  14 prim: PRINTABLESTRING   :VeriSign, Inc.
>>    83:d=2  hl=2 l=  31 cons: SET
>>    85:d=3  hl=2 l=  29 cons: SEQUENCE
>>    87:d=4  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
>>    92:d=4  hl=2 l=  22 prim: PRINTABLESTRING   :VeriSign Trust Network
>>   116:d=2  hl=2 l=  59 cons: SET
>>   118:d=3  hl=2 l=  57 cons: SEQUENCE
>>   120:d=4  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
>>   125:d=4  hl=2 l=  50 prim: PRINTABLESTRING   :Terms of use at
>> https://www.verisign.com/rpa (c)10
>>   177:d=2  hl=2 l=  54 cons: SET
>>   179:d=3  hl=2 l=  52 cons: SEQUENCE
>>   181:d=4  hl=2 l=   3 prim: OBJECT            :commonName
>>   186:d=4  hl=2 l=  45 prim: PRINTABLESTRING   :VeriSign Class 3
>> International Server CA - G3
>>   233:d=1  hl=2 l=  30 cons: SEQUENCE
>>   235:d=2  hl=2 l=  13 prim: UTCTIME           :160729000000Z
>>   250:d=2  hl=2 l=  13 prim: UTCTIME           :170210235959Z
>>   265:d=1  hl=2 l= 119 cons: SEQUENCE
>>   267:d=2  hl=2 l=  11 cons: SET
>>   269:d=3  hl=2 l=   9 cons: SEQUENCE
>>   271:d=4  hl=2 l=   3 prim: OBJECT            :countryName
>>   276:d=4  hl=2 l=   2 prim: PRINTABLESTRING   :US
>>   280:d=2  hl=2 l=  16 cons: SET
>>   282:d=3  hl=2 l=  14 cons: SEQUENCE
>>   284:d=4  hl=2 l=   3 prim: OBJECT            :stateOrProvinceName
>>   289:d=4  hl=2 l=   7 prim: PRINTABLESTRING   :Georgia
>>   298:d=2  hl=2 l=  17 cons: SET
>>   300:d=3  hl=2 l=  15 cons: SEQUENCE
>>   302:d=4  hl=2 l=   3 prim: OBJECT            :localityName
>>   307:d=4  hl=2 l=   8 prim: T61STRING         :Columbus
>>   317:d=2  hl=2 l=  13 cons: SET
>>   319:d=3  hl=2 l=  11 cons: SEQUENCE
>>   321:d=4  hl=2 l=   3 prim: OBJECT            :organizationName
>>   326:d=4  hl=2 l=   4 prim: T61STRING         :TSYS
>>   332:d=2  hl=2 l=  19 cons: SET
>>   334:d=3  hl=2 l=  17 cons: SEQUENCE
>>   336:d=4  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
>>   341:d=4  hl=2 l=  10 prim: T61STRING         :TDS-Reston
>>   353:d=2  hl=2 l=  31 cons: SET
>>   355:d=3  hl=2 l=  29 cons: SEQUENCE
>>   357:d=4  hl=2 l=   3 prim: OBJECT            :commonName
>>   362:d=4  hl=2 l=  22 prim: T61STRING         :ssl1.tsysacquiring.net
>>   386:d=1  hl=4 l= 290 cons: SEQUENCE
>>   390:d=2  hl=2 l=  13 cons: SEQUENCE
>>   392:d=3  hl=2 l=   9 prim: OBJECT            :rsaEncryption
>>   403:d=3  hl=2 l=   0 prim: NULL
>>   405:d=2  hl=4 l= 271 prim: BIT STRING
>>   680:d=1  hl=4 l= 363 cons: cont [ 3 ]
>>   684:d=2  hl=4 l= 359 cons: SEQUENCE
>>   688:d=3  hl=2 l=   9 cons: SEQUENCE
>>   690:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Basic Constraints
>>   695:d=4  hl=2 l=   2 prim: OCTET STRING      [HEX DUMP]:3000
>>   699:d=3  hl=2 l=  97 cons: SEQUENCE
>>   701:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Certificate Policies
>>   706:d=4  hl=2 l=  90 prim: OCTET STRING      [HEX
>> DUMP]:30583056060667810C010202304C302306082B06010505070201161768747470733A2F
>> 2F642E73796D63622E636F6D2F637073302506082B0601050507020230190C1768747470733A
>> 2F2F642E73796D63622E636F6D2F727061
>>   798:d=3  hl=2 l=  43 cons: SEQUENCE
>>   800:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 CRL Distribution
>> Points
>>   805:d=4  hl=2 l=  36 prim: OCTET STRING      [HEX
>> DUMP]:30223020A01EA01C861A687474703A2F2F73652E73796D63622E636F6D2F73652E6372
>> 6C
>>   843:d=3  hl=2 l=  29 cons: SEQUENCE
>>   845:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Extended Key Usage
>>   850:d=4  hl=2 l=  22 prim: OCTET STRING      [HEX
>> DUMP]:301406082B0601050507030106082B06010505070302
>>   874:d=3  hl=2 l=  14 cons: SEQUENCE
>>   876:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Key Usage
>>   881:d=4  hl=2 l=   1 prim: BOOLEAN           :255
>>   884:d=4  hl=2 l=   4 prim: OCTET STRING      [HEX DUMP]:030205A0
>>   890:d=3  hl=2 l=  87 cons: SEQUENCE
>>   892:d=4  hl=2 l=   8 prim: OBJECT            :Authority Information Access
>>   902:d=4  hl=2 l=  75 prim: OCTET STRING      [HEX
>> DUMP]:3049301F06082B060105050730018613687474703A2F2F73652E73796D63642E636F6D
>> 302606082B06010505073002861A687474703A2F2F73652E73796D63622E636F6D2F73652E63
>> 7274
>>   979:d=3  hl=2 l=  33 cons: SEQUENCE
>>   981:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Subject Alternative
>> Name
>>   986:d=4  hl=2 l=  26 prim: OCTET STRING      [HEX
>> DUMP]:3018821673736C312E74737973616371756972696E672E6E6574
>>  1014:d=3  hl=2 l=  31 cons: SEQUENCE
>>  1016:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Authority Key
>> Identifier
>>  1021:d=4  hl=2 l=  24 prim: OCTET STRING      [HEX
>> DUMP]:30168014D79B7CD822A015F7DDAD5FCE299B58C3BC4600B5
>>
>> Base64 TBSCertificate:
>> MIIEE6ADAgECAhBwElyoqu3BcsjlBwe0k+MNMA0GCSqGSIb3DQEBBQUAMIG8MQswCQYDVQQGEwJV
>> UzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdv
>> cmsxOzA5BgNVBAsTMlRlcm1zIG9mIHVzZSBhdCBodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBh
>> IChjKTEwMTYwNAYDVQQDEy1WZXJpU2lnbiBDbGFzcyAzIEludGVybmF0aW9uYWwgU2VydmVyIENB
>> IC0gRzMwHhcNMTYwNzI5MDAwMDAwWhcNMTcwMjEwMjM1OTU5WjB3MQswCQYDVQQGEwJVUzEQMA4G
>> A1UECBMHR2VvcmdpYTERMA8GA1UEBxQIQ29sdW1idXMxDTALBgNVBAoUBFRTWVMxEzARBgNVBAsU
>> ClREUy1SZXN0b24xHzAdBgNVBAMUFnNzbDEudHN5c2FjcXVpcmluZy5uZXQwggEiMA0GCSqGSIb3
>> DQEBAQUAA4IBDwAwggEKAoIBAQDq9sd0arARbLSqanJGVm5lvKATrx8DEatZSqjDZgijY+VUpfvi
>> wEL6Ert7sBikzw/aa54tttQKMEkKEiIwt1pB8v0v1lyGgyLRhLc7twVUV+DuLwEpnkvgkKKyphVm
>> dPykmBUx38e+qrDbEvHel11DMFQrQPhV0kFwNVvIPj+Pn+8Z709R8EEkT/GYNrpP+T5kfY+1wnj9
>> 5a2Z+u2XU1zPb+8teDa/4VkthVzV5BKDIVyLQ4SbGsrag1r049cNAg79yMsLFQ/iDsgTtTQxLHqX
>> NsuBJHxXVQ+WzDaSRmA9QPskAAhMnlwJwkrHTNP4JlgiOzvWQkvs17nuL19bDof9AgMBAAGjggFr
>> MIIBZzAJBgNVHRMEAjAAMGEGA1UdIARaMFgwVgYGZ4EMAQICMEwwIwYIKwYBBQUHAgEWF2h0dHBz
>> Oi8vZC5zeW1jYi5jb20vY3BzMCUGCCsGAQUFBwICMBkMF2h0dHBzOi8vZC5zeW1jYi5jb20vcnBh
>> MCsGA1UdHwQkMCIwIKAeoByGGmh0dHA6Ly9zZS5zeW1jYi5jb20vc2UuY3JsMB0GA1UdJQQWMBQG
>> CCsGAQUFBwMBBggrBgEFBQcDAjAOBgNVHQ8BAf8EBAMCBaAwVwYIKwYBBQUHAQEESzBJMB8GCCsG
>> AQUFBzABhhNodHRwOi8vc2Uuc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc2Uuc3ltY2Iu
>> Y29tL3NlLmNydDAhBgNVHREEGjAYghZzc2wxLnRzeXNhY3F1aXJpbmcubmV0MB8GA1UdIwQYMBaA
>> FNebfNgioBX33a1fzimbWMO8RgC1
>>
>>
>> -----------------------------------
>>
>> ssl1.tsysacquiring.net (based on https://crt.sh/?id=10997968)
>>
>> -----BEGIN CERTIFICATE-----
>> MIIFOjCCBCKgAwIBAgIQKlr28BNu+jfBjcv9eaAkzDANBgkqhkiG9w0BAQUFADCB
>> vDELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
>> ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug
>> YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykxMDE2MDQGA1UEAxMt
>> VmVyaVNpZ24gQ2xhc3MgMyBJbnRlcm5hdGlvbmFsIFNlcnZlciBDQSAtIEczMB4X
>> DTE0MDcxMTAwMDAwMFoXDTE2MDgzMDIzNTk1OVowdzELMAkGA1UEBhMCVVMxEDAO
>> BgNVBAgTB0dlb3JnaWExETAPBgNVBAcUCENvbHVtYnVzMQ0wCwYDVQQKFARUU1lT
>> MRMwEQYDVQQLFApURFMtRGFsbGFzMR8wHQYDVQQDFBZzc2wxLnRzeXNhY3F1aXJp
>> bmcubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwFQ4i7PVKE+3
>> fJYa90a+kECKexeIqLIipcsTlnR0waBd318Y7MMwbBWy+NxSq082vYdQRWPChf5D
>> 5SLjgJRc3V/XaJqu9kvFi9a5LzLRZV+Vi5cQ37jrLlVT5vyGv7xROM+zi1aSXUsM
>> Ipu53YDlXLrJm5vsEOx6+htCo3JYoi/bWjL0XQc1hyynk/GW1HQudVAIFIBiyfvs
>> ifl6YEFx3uXFzbA8hNNWoFg1el7wOmjgqeGCzFn6dMULC+YbbS0SKeeK8O+4q6D2
>> 5N4jx4FkPWL0wPb4LHKzDi9IdRJQD8Z1UQaw812CSbpLOCVtZKwKY43ZvSOlx/e1
>> vbyru/jdXwIDAQABo4IBejCCAXYwIQYDVR0RBBowGIIWc3NsMS50c3lzYWNxdWly
>> aW5nLm5ldDAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIFoDAoBgNVHSUEITAfBggr
>> BgEFBQcDAQYIKwYBBQUHAwIGCWCGSAGG+EIEATBlBgNVHSAEXjBcMFoGCmCGSAGG
>> +EUBBzYwTDAjBggrBgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYI
>> KwYBBQUHAgIwGRoXaHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwHwYDVR0jBBgwFoAU
>> 15t82CKgFffdrV/OKZtYw7xGALUwKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3Nl
>> LnN5bWNiLmNvbS9zZS5jcmwwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNo
>> dHRwOi8vc2Uuc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc2Uuc3ltY2Iu
>> Y29tL3NlLmNydDANBgkqhkiG9w0BAQUFAAOCAQEAll6VCK9oIi2VS47wXawNL4a5
>> 2xcWV5efKafdXzfI/CM/cOKaBnhEgpx+cUyPLkwO/2zYiO6nho18LAYsOCJyU5cB
>> +sHmJ8h035IP20LEE6ddiL3DrfCD3bXg04+ATs28W1mhdNsbcsSqtF6FG2hyi1dy
>> 8/BR62rutvyC5OuZP32cXZZgJu8xGwIQxtmzrYqG2WUPA05A8zPImQcj8KeJUM/e
>> AusFQKu5VVxycH8OQb6U6P90H9Zf5W7nzAo2c+wZEx26CMTWqDKhWr58MnehGU9Q
>> W+1glt+DKwHznztq3UQuDF6xuHBbzVbau4VqBAWjRE1gM718xuBLwsRtDSIAWA==
>> -----END CERTIFICATE-----
>>
>> Parsed TBSCertificate:
>>     0:d=0  hl=4 l=1043 cons: SEQUENCE
>>     4:d=1  hl=2 l=   3 cons: cont [ 0 ]
>>     6:d=2  hl=2 l=   1 prim: INTEGER           :02
>>     9:d=1  hl=2 l=  16 prim: INTEGER
>> :20924C61364BC9860739A65E150F40E2
>>    27:d=1  hl=2 l=  13 cons: SEQUENCE
>>    29:d=2  hl=2 l=   9 prim: OBJECT            :sha1WithRSAEncryption
>>    40:d=2  hl=2 l=   0 prim: NULL
>>    42:d=1  hl=3 l= 188 cons: SEQUENCE
>>    45:d=2  hl=2 l=  11 cons: SET
>>    47:d=3  hl=2 l=   9 cons: SEQUENCE
>>    49:d=4  hl=2 l=   3 prim: OBJECT            :countryName
>>    54:d=4  hl=2 l=   2 prim: PRINTABLESTRING   :US
>>    58:d=2  hl=2 l=  23 cons: SET
>>    60:d=3  hl=2 l=  21 cons: SEQUENCE
>>    62:d=4  hl=2 l=   3 prim: OBJECT            :organizationName
>>    67:d=4  hl=2 l=  14 prim: PRINTABLESTRING   :VeriSign, Inc.
>>    83:d=2  hl=2 l=  31 cons: SET
>>    85:d=3  hl=2 l=  29 cons: SEQUENCE
>>    87:d=4  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
>>    92:d=4  hl=2 l=  22 prim: PRINTABLESTRING   :VeriSign Trust Network
>>   116:d=2  hl=2 l=  59 cons: SET
>>   118:d=3  hl=2 l=  57 cons: SEQUENCE
>>   120:d=4  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
>>   125:d=4  hl=2 l=  50 prim: PRINTABLESTRING   :Terms of use at
>> https://www.verisign.com/rpa (c)10
>>   177:d=2  hl=2 l=  54 cons: SET
>>   179:d=3  hl=2 l=  52 cons: SEQUENCE
>>   181:d=4  hl=2 l=   3 prim: OBJECT            :commonName
>>   186:d=4  hl=2 l=  45 prim: PRINTABLESTRING   :VeriSign Class 3
>> International Server CA - G3
>>   233:d=1  hl=2 l=  30 cons: SEQUENCE
>>   235:d=2  hl=2 l=  13 prim: UTCTIME           :160729000000Z
>>   250:d=2  hl=2 l=  13 prim: UTCTIME           :170210235959Z
>>   265:d=1  hl=2 l= 119 cons: SEQUENCE
>>   267:d=2  hl=2 l=  11 cons: SET
>>   269:d=3  hl=2 l=   9 cons: SEQUENCE
>>   271:d=4  hl=2 l=   3 prim: OBJECT            :countryName
>>   276:d=4  hl=2 l=   2 prim: PRINTABLESTRING   :US
>>   280:d=2  hl=2 l=  16 cons: SET
>>   282:d=3  hl=2 l=  14 cons: SEQUENCE
>>   284:d=4  hl=2 l=   3 prim: OBJECT            :stateOrProvinceName
>>   289:d=4  hl=2 l=   7 prim: PRINTABLESTRING   :Georgia
>>   298:d=2  hl=2 l=  17 cons: SET
>>   300:d=3  hl=2 l=  15 cons: SEQUENCE
>>   302:d=4  hl=2 l=   3 prim: OBJECT            :localityName
>>   307:d=4  hl=2 l=   8 prim: T61STRING         :Columbus
>>   317:d=2  hl=2 l=  13 cons: SET
>>   319:d=3  hl=2 l=  11 cons: SEQUENCE
>>   321:d=4  hl=2 l=   3 prim: OBJECT            :organizationName
>>   326:d=4  hl=2 l=   4 prim: T61STRING         :TSYS
>>   332:d=2  hl=2 l=  19 cons: SET
>>   334:d=3  hl=2 l=  17 cons: SEQUENCE
>>   336:d=4  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
>>   341:d=4  hl=2 l=  10 prim: T61STRING         :TDS-Dallas
>>   353:d=2  hl=2 l=  31 cons: SET
>>   355:d=3  hl=2 l=  29 cons: SEQUENCE
>>   357:d=4  hl=2 l=   3 prim: OBJECT            :commonName
>>   362:d=4  hl=2 l=  22 prim: T61STRING         :ssl1.tsysacquiring.net
>>   386:d=1  hl=4 l= 290 cons: SEQUENCE
>>   390:d=2  hl=2 l=  13 cons: SEQUENCE
>>   392:d=3  hl=2 l=   9 prim: OBJECT            :rsaEncryption
>>   403:d=3  hl=2 l=   0 prim: NULL
>>   405:d=2  hl=4 l= 271 prim: BIT STRING
>>   680:d=1  hl=4 l= 363 cons: cont [ 3 ]
>>   684:d=2  hl=4 l= 359 cons: SEQUENCE
>>   688:d=3  hl=2 l=   9 cons: SEQUENCE
>>   690:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Basic Constraints
>>   695:d=4  hl=2 l=   2 prim: OCTET STRING      [HEX DUMP]:3000
>>   699:d=3  hl=2 l=  97 cons: SEQUENCE
>>   701:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Certificate Policies
>>   706:d=4  hl=2 l=  90 prim: OCTET STRING      [HEX
>> DUMP]:30583056060667810C010202304C302306082B06010505070201161768747470733A2F
>> 2F642E73796D63622E636F6D2F637073302506082B0601050507020230190C1768747470733A
>> 2F2F642E73796D63622E636F6D2F727061
>>   798:d=3  hl=2 l=  43 cons: SEQUENCE
>>   800:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 CRL Distribution
>> Points
>>   805:d=4  hl=2 l=  36 prim: OCTET STRING      [HEX
>> DUMP]:30223020A01EA01C861A687474703A2F2F73652E73796D63622E636F6D2F73652E6372
>> 6C
>>   843:d=3  hl=2 l=  29 cons: SEQUENCE
>>   845:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Extended Key Usage
>>   850:d=4  hl=2 l=  22 prim: OCTET STRING      [HEX
>> DUMP]:301406082B0601050507030106082B06010505070302
>>   874:d=3  hl=2 l=  14 cons: SEQUENCE
>>   876:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Key Usage
>>   881:d=4  hl=2 l=   1 prim: BOOLEAN           :255
>>   884:d=4  hl=2 l=   4 prim: OCTET STRING      [HEX DUMP]:030205A0
>>   890:d=3  hl=2 l=  87 cons: SEQUENCE
>>   892:d=4  hl=2 l=   8 prim: OBJECT            :Authority Information Access
>>   902:d=4  hl=2 l=  75 prim: OCTET STRING      [HEX
>> DUMP]:3049301F06082B060105050730018613687474703A2F2F73652E73796D63642E636F6D
>> 302606082B06010505073002861A687474703A2F2F73652E73796D63622E636F6D2F73652E63
>> 7274
>>   979:d=3  hl=2 l=  33 cons: SEQUENCE
>>   981:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Subject Alternative
>> Name
>>   986:d=4  hl=2 l=  26 prim: OCTET STRING      [HEX
>> DUMP]:3018821673736C312E74737973616371756972696E672E6E6574
>>  1014:d=3  hl=2 l=  31 cons: SEQUENCE
>>  1016:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Authority Key
>> Identifier
>>  1021:d=4  hl=2 l=  24 prim: OCTET STRING      [HEX
>> DUMP]:30168014D79B7CD822A015F7DDAD5FCE299B58C3BC4600B5
>>
>> Base64 TBSCertificate:
>> MIIEE6ADAgECAhAgkkxhNkvJhgc5pl4VD0DiMA0GCSqGSIb3DQEBBQUAMIG8MQswCQYDVQQGEwJV
>> UzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdv
>> cmsxOzA5BgNVBAsTMlRlcm1zIG9mIHVzZSBhdCBodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBh
>> IChjKTEwMTYwNAYDVQQDEy1WZXJpU2lnbiBDbGFzcyAzIEludGVybmF0aW9uYWwgU2VydmVyIENB
>> IC0gRzMwHhcNMTYwNzI5MDAwMDAwWhcNMTcwMjEwMjM1OTU5WjB3MQswCQYDVQQGEwJVUzEQMA4G
>> A1UECBMHR2VvcmdpYTERMA8GA1UEBxQIQ29sdW1idXMxDTALBgNVBAoUBFRTWVMxEzARBgNVBAsU
>> ClREUy1EYWxsYXMxHzAdBgNVBAMUFnNzbDEudHN5c2FjcXVpcmluZy5uZXQwggEiMA0GCSqGSIb3
>> DQEBAQUAA4IBDwAwggEKAoIBAQDAVDiLs9UoT7d8lhr3Rr6QQIp7F4iosiKlyxOWdHTBoF3fXxjs
>> wzBsFbL43FKrTza9h1BFY8KF/kPlIuOAlFzdX9domq72S8WL1rkvMtFlX5WLlxDfuOsuVVPm/Ia/
>> vFE4z7OLVpJdSwwim7ndgOVcusmbm+wQ7Hr6G0KjcliiL9taMvRdBzWHLKeT8ZbUdC51UAgUgGLJ
>> ++yJ+XpgQXHe5cXNsDyE01agWDV6XvA6aOCp4YLMWfp0xQsL5httLRIp54rw77iroPbk3iPHgWQ9
>> YvTA9vgscrMOL0h1ElAPxnVRBrDzXYJJuks4JW1krApjjdm9I6XH97W9vKu7+N1fAgMBAAGjggFr
>> MIIBZzAJBgNVHRMEAjAAMGEGA1UdIARaMFgwVgYGZ4EMAQICMEwwIwYIKwYBBQUHAgEWF2h0dHBz
>> Oi8vZC5zeW1jYi5jb20vY3BzMCUGCCsGAQUFBwICMBkMF2h0dHBzOi8vZC5zeW1jYi5jb20vcnBh
>> MCsGA1UdHwQkMCIwIKAeoByGGmh0dHA6Ly9zZS5zeW1jYi5jb20vc2UuY3JsMB0GA1UdJQQWMBQG
>> CCsGAQUFBwMBBggrBgEFBQcDAjAOBgNVHQ8BAf8EBAMCBaAwVwYIKwYBBQUHAQEESzBJMB8GCCsG
>> AQUFBzABhhNodHRwOi8vc2Uuc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc2Uuc3ltY2Iu
>> Y29tL3NlLmNydDAhBgNVHREEGjAYghZzc2wxLnRzeXNhY3F1aXJpbmcubmV0MB8GA1UdIwQYMBaA
>> FNebfNgioBX33a1fzimbWMO8RgC1
>>
>>
>> ----------------------------------------
>>
>> ssl1.vitalps.net (based on https://crt.sh/?id=4858491)
>>
>> -----BEGIN CERTIFICATE-----
>> MIIFLjCCBBagAwIBAgIQZpoeO9e+TCIqp+k4zN0aVDANBgkqhkiG9w0BAQUFADCB
>> vDELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
>> ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug
>> YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykxMDE2MDQGA1UEAxMt
>> VmVyaVNpZ24gQ2xhc3MgMyBJbnRlcm5hdGlvbmFsIFNlcnZlciBDQSAtIEczMB4X
>> DTE0MDcxMTAwMDAwMFoXDTE2MDgzMDIzNTk1OVowcTELMAkGA1UEBhMCVVMxEDAO
>> BgNVBAgTB0dlb3JnaWExETAPBgNVBAcUCENvbHVtYnVzMQ0wCwYDVQQKFARUU1lT
>> MRMwEQYDVQQLFApURFMtUmVzdG9uMRkwFwYDVQQDFBBzc2wxLnZpdGFscHMubmV0
>> MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnmVKgzsstUaQEW8Ab0bx
>> xP3NXPUIzGq8pF2lriBAMlYPVI+Y/sUvZxQk5BYcxRQI3Ux+A0EzN4EbYB3ib9up
>> uu1ORyYjJksGAuMzZz4ovkKc64FCbH/ceBGjd6UOjYEbxrnysX3nNevP1ROUW5YT
>> hrMqLuyoBeK1YvWCUeieXe2A9ysAbF2J2VNaJvtMkMMUrpW3alrkU9pf3re9M68Y
>> dp3jJDR7GiKvNTB7r8fvpCmkImTC//Q9vrvLYUU4Tl6d++gCxLs2Q1pa+mUqr6f8
>> fgSwRTNdzzsUV0eLv2+Ugpki823Hl2zgwuv6XM/rD1/B+B9Yk7j+tkstrzsQYVZ1
>> TQIDAQABo4IBdDCCAXAwGwYDVR0RBBQwEoIQc3NsMS52aXRhbHBzLm5ldDAJBgNV
>> HRMEAjAAMA4GA1UdDwEB/wQEAwIFoDAoBgNVHSUEITAfBggrBgEFBQcDAQYIKwYB
>> BQUHAwIGCWCGSAGG+EIEATBlBgNVHSAEXjBcMFoGCmCGSAGG+EUBBzYwTDAjBggr
>> BgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIwGRoX
>> aHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwHwYDVR0jBBgwFoAU15t82CKgFffdrV/O
>> KZtYw7xGALUwKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3NlLnN5bWNiLmNvbS9z
>> ZS5jcmwwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vc2Uuc3lt
>> Y2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc2Uuc3ltY2IuY29tL3NlLmNydDAN
>> BgkqhkiG9w0BAQUFAAOCAQEACASjUqP+m3+AFB3Ll53kgxpaASFCLbd29Z1X59gR
>> 3fgAUyNL8fLEgKwrBC30b5JDpgMXHSJffx0UvZyVUYEJRPvXlfGdkfIfux+afgWr
>> raXn7PqW5UK4k4wc/iXv19vB1jXEUKNzHMDn5m08g8PAiuhLslInRPO/zUKafVTw
>> PN2je9okqA0opoLpuQbZfkXVmrPag1z1tRaHQ4Es0qm6s0hg9N/Cac++wncO3DzG
>> ZgzkbTbDmt2/OQ0na0goKJxEQanClzq20+oOrP0joIKDJZi4C89duukF1PXIGYLG
>> FVqc0amgbylgiJfZ5aspHG7wydjEToBQmRvqPAZTABZnxA==
>> -----END CERTIFICATE-----
>>
>> Parsed TBSCertificate:
>>     0:d=0  hl=4 l=1031 cons: SEQUENCE
>>     4:d=1  hl=2 l=   3 cons: cont [ 0 ]
>>     6:d=2  hl=2 l=   1 prim: INTEGER           :02
>>     9:d=1  hl=2 l=  16 prim: INTEGER
>> :03F1C7694784FFDE1F72888DD69F6319
>>    27:d=1  hl=2 l=  13 cons: SEQUENCE
>>    29:d=2  hl=2 l=   9 prim: OBJECT            :sha1WithRSAEncryption
>>    40:d=2  hl=2 l=   0 prim: NULL
>>    42:d=1  hl=3 l= 188 cons: SEQUENCE
>>    45:d=2  hl=2 l=  11 cons: SET
>>    47:d=3  hl=2 l=   9 cons: SEQUENCE
>>    49:d=4  hl=2 l=   3 prim: OBJECT            :countryName
>>    54:d=4  hl=2 l=   2 prim: PRINTABLESTRING   :US
>>    58:d=2  hl=2 l=  23 cons: SET
>>    60:d=3  hl=2 l=  21 cons: SEQUENCE
>>    62:d=4  hl=2 l=   3 prim: OBJECT            :organizationName
>>    67:d=4  hl=2 l=  14 prim: PRINTABLESTRING   :VeriSign, Inc.
>>    83:d=2  hl=2 l=  31 cons: SET
>>    85:d=3  hl=2 l=  29 cons: SEQUENCE
>>    87:d=4  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
>>    92:d=4  hl=2 l=  22 prim: PRINTABLESTRING   :VeriSign Trust Network
>>   116:d=2  hl=2 l=  59 cons: SET
>>   118:d=3  hl=2 l=  57 cons: SEQUENCE
>>   120:d=4  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
>>   125:d=4  hl=2 l=  50 prim: PRINTABLESTRING   :Terms of use at
>> https://www.verisign.com/rpa (c)10
>>   177:d=2  hl=2 l=  54 cons: SET
>>   179:d=3  hl=2 l=  52 cons: SEQUENCE
>>   181:d=4  hl=2 l=   3 prim: OBJECT            :commonName
>>   186:d=4  hl=2 l=  45 prim: PRINTABLESTRING   :VeriSign Class 3
>> International Server CA - G3
>>   233:d=1  hl=2 l=  30 cons: SEQUENCE
>>   235:d=2  hl=2 l=  13 prim: UTCTIME           :160729000000Z
>>   250:d=2  hl=2 l=  13 prim: UTCTIME           :170210235959Z
>>   265:d=1  hl=2 l= 113 cons: SEQUENCE
>>   267:d=2  hl=2 l=  11 cons: SET
>>   269:d=3  hl=2 l=   9 cons: SEQUENCE
>>   271:d=4  hl=2 l=   3 prim: OBJECT            :countryName
>>   276:d=4  hl=2 l=   2 prim: PRINTABLESTRING   :US
>>   280:d=2  hl=2 l=  16 cons: SET
>>   282:d=3  hl=2 l=  14 cons: SEQUENCE
>>   284:d=4  hl=2 l=   3 prim: OBJECT            :stateOrProvinceName
>>   289:d=4  hl=2 l=   7 prim: PRINTABLESTRING   :Georgia
>>   298:d=2  hl=2 l=  17 cons: SET
>>   300:d=3  hl=2 l=  15 cons: SEQUENCE
>>   302:d=4  hl=2 l=   3 prim: OBJECT            :localityName
>>   307:d=4  hl=2 l=   8 prim: T61STRING         :Columbus
>>   317:d=2  hl=2 l=  13 cons: SET
>>   319:d=3  hl=2 l=  11 cons: SEQUENCE
>>   321:d=4  hl=2 l=   3 prim: OBJECT            :organizationName
>>   326:d=4  hl=2 l=   4 prim: T61STRING         :TSYS
>>   332:d=2  hl=2 l=  19 cons: SET
>>   334:d=3  hl=2 l=  17 cons: SEQUENCE
>>   336:d=4  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
>>   341:d=4  hl=2 l=  10 prim: T61STRING         :TDS-Reston
>>   353:d=2  hl=2 l=  25 cons: SET
>>   355:d=3  hl=2 l=  23 cons: SEQUENCE
>>   357:d=4  hl=2 l=   3 prim: OBJECT            :commonName
>>   362:d=4  hl=2 l=  16 prim: T61STRING         :ssl1.vitalps.net
>>   380:d=1  hl=4 l= 290 cons: SEQUENCE
>>   384:d=2  hl=2 l=  13 cons: SEQUENCE
>>   386:d=3  hl=2 l=   9 prim: OBJECT            :rsaEncryption
>>   397:d=3  hl=2 l=   0 prim: NULL
>>   399:d=2  hl=4 l= 271 prim: BIT STRING
>>   674:d=1  hl=4 l= 357 cons: cont [ 3 ]
>>   678:d=2  hl=4 l= 353 cons: SEQUENCE
>>   682:d=3  hl=2 l=   9 cons: SEQUENCE
>>   684:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Basic Constraints
>>   689:d=4  hl=2 l=   2 prim: OCTET STRING      [HEX DUMP]:3000
>>   693:d=3  hl=2 l=  97 cons: SEQUENCE
>>   695:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Certificate Policies
>>   700:d=4  hl=2 l=  90 prim: OCTET STRING      [HEX
>> DUMP]:30583056060667810C010202304C302306082B06010505070201161768747470733A2F
>> 2F642E73796D63622E636F6D2F637073302506082B0601050507020230191A1768747470733A
>> 2F2F642E73796D63622E636F6D2F727061
>>   792:d=3  hl=2 l=  43 cons: SEQUENCE
>>   794:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 CRL Distribution
>> Points
>>   799:d=4  hl=2 l=  36 prim: OCTET STRING      [HEX
>> DUMP]:30223020A01EA01C861A687474703A2F2F73652E73796D63622E636F6D2F73652E6372
>> 6C
>>   837:d=3  hl=2 l=  29 cons: SEQUENCE
>>   839:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Extended Key Usage
>>   844:d=4  hl=2 l=  22 prim: OCTET STRING      [HEX
>> DUMP]:301406082B0601050507030106082B06010505070302
>>   868:d=3  hl=2 l=  14 cons: SEQUENCE
>>   870:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Key Usage
>>   875:d=4  hl=2 l=   1 prim: BOOLEAN           :255
>>   878:d=4  hl=2 l=   4 prim: OCTET STRING      [HEX DUMP]:030205A0
>>   884:d=3  hl=2 l=  87 cons: SEQUENCE
>>   886:d=4  hl=2 l=   8 prim: OBJECT            :Authority Information Access
>>   896:d=4  hl=2 l=  75 prim: OCTET STRING      [HEX
>> DUMP]:3049301F06082B060105050730018613687474703A2F2F73652E73796D63642E636F6D
>> 302606082B06010505073002861A687474703A2F2F73652E73796D63622E636F6D2F73652E63
>> 7274
>>   973:d=3  hl=2 l=  27 cons: SEQUENCE
>>   975:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Subject Alternative
>> Name
>>   980:d=4  hl=2 l=  20 prim: OCTET STRING      [HEX
>> DUMP]:3012821073736C312E766974616C70732E6E6574
>>  1002:d=3  hl=2 l=  31 cons: SEQUENCE
>>  1004:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Authority Key
>> Identifier
>>  1009:d=4  hl=2 l=  24 prim: OCTET STRING      [HEX
>> DUMP]:30168014D79B7CD822A015F7DDAD5FCE299B58C3BC4600B5
>>
>> Base64 TBSCertificate:
>> MIIEB6ADAgECAhAD8cdpR4T/3h9yiI3Wn2MZMA0GCSqGSIb3DQEBBQUAMIG8MQswCQYDVQQGEwJV
>> UzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdv
>> cmsxOzA5BgNVBAsTMlRlcm1zIG9mIHVzZSBhdCBodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBh
>> IChjKTEwMTYwNAYDVQQDEy1WZXJpU2lnbiBDbGFzcyAzIEludGVybmF0aW9uYWwgU2VydmVyIENB
>> IC0gRzMwHhcNMTYwNzI5MDAwMDAwWhcNMTcwMjEwMjM1OTU5WjBxMQswCQYDVQQGEwJVUzEQMA4G
>> A1UECBMHR2VvcmdpYTERMA8GA1UEBxQIQ29sdW1idXMxDTALBgNVBAoUBFRTWVMxEzARBgNVBAsU
>> ClREUy1SZXN0b24xGTAXBgNVBAMUEHNzbDEudml0YWxwcy5uZXQwggEiMA0GCSqGSIb3DQEBAQUA
>> A4IBDwAwggEKAoIBAQCeZUqDOyy1RpARbwBvRvHE/c1c9QjMarykXaWuIEAyVg9Uj5j+xS9nFCTk
>> FhzFFAjdTH4DQTM3gRtgHeJv26m67U5HJiMmSwYC4zNnPii+QpzrgUJsf9x4EaN3pQ6NgRvGufKx
>> fec168/VE5RblhOGsyou7KgF4rVi9YJR6J5d7YD3KwBsXYnZU1om+0yQwxSulbdqWuRT2l/et70z
>> rxh2neMkNHsaIq81MHuvx++kKaQiZML/9D2+u8thRThOXp376ALEuzZDWlr6ZSqvp/x+BLBFM13P
>> OxRXR4u/b5SCmSLzbceXbODC6/pcz+sPX8H4H1iTuP62Sy2vOxBhVnVNAgMBAAGjggFlMIIBYTAJ
>> BgNVHRMEAjAAMGEGA1UdIARaMFgwVgYGZ4EMAQICMEwwIwYIKwYBBQUHAgEWF2h0dHBzOi8vZC5z
>> eW1jYi5jb20vY3BzMCUGCCsGAQUFBwICMBkaF2h0dHBzOi8vZC5zeW1jYi5jb20vcnBhMCsGA1Ud
>> HwQkMCIwIKAeoByGGmh0dHA6Ly9zZS5zeW1jYi5jb20vc2UuY3JsMB0GA1UdJQQWMBQGCCsGAQUF
>> BwMBBggrBgEFBQcDAjAOBgNVHQ8BAf8EBAMCBaAwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzAB
>> hhNodHRwOi8vc2Uuc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc2Uuc3ltY2IuY29tL3Nl
>> LmNydDAbBgNVHREEFDASghBzc2wxLnZpdGFscHMubmV0MB8GA1UdIwQYMBaAFNebfNgioBX33a1f
>> zimbWMO8RgC1
>>
>>
>> --------------------------------------------
>>
>> ssl1.vitalps.net (based on https://crt.sh/?id=4858607)
>>
>> -----BEGIN CERTIFICATE-----
>> MIIFLjCCBBagAwIBAgIQaekgbaF9jW5PDVLXvSSXqDANBgkqhkiG9w0BAQUFADCB
>> vDELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
>> ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug
>> YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykxMDE2MDQGA1UEAxMt
>> VmVyaVNpZ24gQ2xhc3MgMyBJbnRlcm5hdGlvbmFsIFNlcnZlciBDQSAtIEczMB4X
>> DTE0MDcxMTAwMDAwMFoXDTE2MDgzMDIzNTk1OVowcTELMAkGA1UEBhMCVVMxEDAO
>> BgNVBAgTB0dlb3JnaWExETAPBgNVBAcUCENvbHVtYnVzMQ0wCwYDVQQKFARUU1lT
>> MRMwEQYDVQQLFApURFMtRGFsbGFzMRkwFwYDVQQDFBBzc2wxLnZpdGFscHMubmV0
>> MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtD1KH2N5/9LQCnShT3mK
>> Z39xXfZpmYZi8RdhG/MKqDxyZKrplObaYdDQrmOLefa0wPSJYcQQY4/cSJdwBqOr
>> 1sIRQjYl92EQXGPJOSDh7Le4huxtVVXHwpKxpHe4QtVWQ9mmSiuScsofrMq2UhX2
>> RhdDRJISrbGSUsUWkCF/23GRslgTcfCTeK4682Rc9csjAkL8ICxiKarjQ2W2iygJ
>> 8EyfJnJB38AwXhA2F8IVtkXAkKhj90PH5kImlODqF2VSHSSSpgunEpngX3eld0yk
>> Z0BjhYqdnKozWc1FPWursDqKABOHOUcvW4KDdF8aIe+FNoEpbOibLEJ15539DKCQ
>> xQIDAQABo4IBdDCCAXAwGwYDVR0RBBQwEoIQc3NsMS52aXRhbHBzLm5ldDAJBgNV
>> HRMEAjAAMA4GA1UdDwEB/wQEAwIFoDAoBgNVHSUEITAfBggrBgEFBQcDAQYIKwYB
>> BQUHAwIGCWCGSAGG+EIEATBlBgNVHSAEXjBcMFoGCmCGSAGG+EUBBzYwTDAjBggr
>> BgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIwGRoX
>> aHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwHwYDVR0jBBgwFoAU15t82CKgFffdrV/O
>> KZtYw7xGALUwKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3NlLnN5bWNiLmNvbS9z
>> ZS5jcmwwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vc2Uuc3lt
>> Y2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc2Uuc3ltY2IuY29tL3NlLmNydDAN
>> BgkqhkiG9w0BAQUFAAOCAQEAKhkEu8si6mFNJrQFsX3XE/TiA6xt23N9A/ZwaZHY
>> JyTemPmzLYPb189Y2RusZcM/kpyzewJtaBZTEiBMcA/nfiqB2kWGNxZf4MBe6zxO
>> 2+ua3XP/6Ab5DugSGYrIu8uoEZUIW9TnNIhlfzoVHgmC/6PfgBIGYsXKVqRv3rbd
>> 1EmcmRMSLIZjoXUK3I1UkWIGJSFuDzp4mYR77uw0udTDNqBr6WmKucJ+Sl/BQqjt
>> A9urWU+ajhqWqJVR1q0/saKQey4/TpfTNzdWSYXcgE4A0zYf/wNB5HnYIkgzOUiY
>> Ii4HSFH/CTyOqrDLIugM9acjZT/A0YS8ZwMQxZ1N3tfr7Q==
>> -----END CERTIFICATE-----
>>
>> Parsed TBSCertificate:
>>     0:d=0  hl=4 l=1031 cons: SEQUENCE
>>     4:d=1  hl=2 l=   3 cons: cont [ 0 ]
>>     6:d=2  hl=2 l=   1 prim: INTEGER           :02
>>     9:d=1  hl=2 l=  16 prim: INTEGER
>> :0EB922276261F1D9C7843749E32235B7
>>    27:d=1  hl=2 l=  13 cons: SEQUENCE
>>    29:d=2  hl=2 l=   9 prim: OBJECT            :sha1WithRSAEncryption
>>    40:d=2  hl=2 l=   0 prim: NULL
>>    42:d=1  hl=3 l= 188 cons: SEQUENCE
>>    45:d=2  hl=2 l=  11 cons: SET
>>    47:d=3  hl=2 l=   9 cons: SEQUENCE
>>    49:d=4  hl=2 l=   3 prim: OBJECT            :countryName
>>    54:d=4  hl=2 l=   2 prim: PRINTABLESTRING   :US
>>    58:d=2  hl=2 l=  23 cons: SET
>>    60:d=3  hl=2 l=  21 cons: SEQUENCE
>>    62:d=4  hl=2 l=   3 prim: OBJECT            :organizationName
>>    67:d=4  hl=2 l=  14 prim: PRINTABLESTRING   :VeriSign, Inc.
>>    83:d=2  hl=2 l=  31 cons: SET
>>    85:d=3  hl=2 l=  29 cons: SEQUENCE
>>    87:d=4  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
>>    92:d=4  hl=2 l=  22 prim: PRINTABLESTRING   :VeriSign Trust Network
>>   116:d=2  hl=2 l=  59 cons: SET
>>   118:d=3  hl=2 l=  57 cons: SEQUENCE
>>   120:d=4  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
>>   125:d=4  hl=2 l=  50 prim: PRINTABLESTRING   :Terms of use at
>> https://www.verisign.com/rpa (c)10
>>   177:d=2  hl=2 l=  54 cons: SET
>>   179:d=3  hl=2 l=  52 cons: SEQUENCE
>>   181:d=4  hl=2 l=   3 prim: OBJECT            :commonName
>>   186:d=4  hl=2 l=  45 prim: PRINTABLESTRING   :VeriSign Class 3
>> International Server CA - G3
>>   233:d=1  hl=2 l=  30 cons: SEQUENCE
>>   235:d=2  hl=2 l=  13 prim: UTCTIME           :160729000000Z
>>   250:d=2  hl=2 l=  13 prim: UTCTIME           :170210235959Z
>>   265:d=1  hl=2 l= 113 cons: SEQUENCE
>>   267:d=2  hl=2 l=  11 cons: SET
>>   269:d=3  hl=2 l=   9 cons: SEQUENCE
>>   271:d=4  hl=2 l=   3 prim: OBJECT            :countryName
>>   276:d=4  hl=2 l=   2 prim: PRINTABLESTRING   :US
>>   280:d=2  hl=2 l=  16 cons: SET
>>   282:d=3  hl=2 l=  14 cons: SEQUENCE
>>   284:d=4  hl=2 l=   3 prim: OBJECT            :stateOrProvinceName
>>   289:d=4  hl=2 l=   7 prim: PRINTABLESTRING   :Georgia
>>   298:d=2  hl=2 l=  17 cons: SET
>>   300:d=3  hl=2 l=  15 cons: SEQUENCE
>>   302:d=4  hl=2 l=   3 prim: OBJECT            :localityName
>>   307:d=4  hl=2 l=   8 prim: T61STRING         :Columbus
>>   317:d=2  hl=2 l=  13 cons: SET
>>   319:d=3  hl=2 l=  11 cons: SEQUENCE
>>   321:d=4  hl=2 l=   3 prim: OBJECT            :organizationName
>>   326:d=4  hl=2 l=   4 prim: T61STRING         :TSYS
>>   332:d=2  hl=2 l=  19 cons: SET
>>   334:d=3  hl=2 l=  17 cons: SEQUENCE
>>   336:d=4  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
>>   341:d=4  hl=2 l=  10 prim: T61STRING         :TDS-Dallas
>>   353:d=2  hl=2 l=  25 cons: SET
>>   355:d=3  hl=2 l=  23 cons: SEQUENCE
>>   357:d=4  hl=2 l=   3 prim: OBJECT            :commonName
>>   362:d=4  hl=2 l=  16 prim: T61STRING         :ssl1.vitalps.net
>>   380:d=1  hl=4 l= 290 cons: SEQUENCE
>>   384:d=2  hl=2 l=  13 cons: SEQUENCE
>>   386:d=3  hl=2 l=   9 prim: OBJECT            :rsaEncryption
>>   397:d=3  hl=2 l=   0 prim: NULL
>>   399:d=2  hl=4 l= 271 prim: BIT STRING
>>   674:d=1  hl=4 l= 357 cons: cont [ 3 ]
>>   678:d=2  hl=4 l= 353 cons: SEQUENCE
>>   682:d=3  hl=2 l=   9 cons: SEQUENCE
>>   684:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Basic Constraints
>>   689:d=4  hl=2 l=   2 prim: OCTET STRING      [HEX DUMP]:3000
>>   693:d=3  hl=2 l=  97 cons: SEQUENCE
>>   695:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Certificate Policies
>>   700:d=4  hl=2 l=  90 prim: OCTET STRING      [HEX
>> DUMP]:30583056060667810C010202304C302306082B06010505070201161768747470733A2F
>> 2F642E73796D63622E636F6D2F637073302506082B0601050507020230191A1768747470733A
>> 2F2F642E73796D63622E636F6D2F727061
>>   792:d=3  hl=2 l=  43 cons: SEQUENCE
>>   794:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 CRL Distribution
>> Points
>>   799:d=4  hl=2 l=  36 prim: OCTET STRING      [HEX
>> DUMP]:30223020A01EA01C861A687474703A2F2F73652E73796D63622E636F6D2F73652E6372
>> 6C
>>   837:d=3  hl=2 l=  29 cons: SEQUENCE
>>   839:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Extended Key Usage
>>   844:d=4  hl=2 l=  22 prim: OCTET STRING      [HEX
>> DUMP]:301406082B0601050507030106082B06010505070302
>>   868:d=3  hl=2 l=  14 cons: SEQUENCE
>>   870:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Key Usage
>>   875:d=4  hl=2 l=   1 prim: BOOLEAN           :255
>>   878:d=4  hl=2 l=   4 prim: OCTET STRING      [HEX DUMP]:030205A0
>>   884:d=3  hl=2 l=  87 cons: SEQUENCE
>>   886:d=4  hl=2 l=   8 prim: OBJECT            :Authority Information Access
>>   896:d=4  hl=2 l=  75 prim: OCTET STRING      [HEX
>> DUMP]:3049301F06082B060105050730018613687474703A2F2F73652E73796D63642E636F6D
>> 302606082B06010505073002861A687474703A2F2F73652E73796D63622E636F6D2F73652E63
>> 7274
>>   973:d=3  hl=2 l=  27 cons: SEQUENCE
>>   975:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Subject Alternative
>> Name
>>   980:d=4  hl=2 l=  20 prim: OCTET STRING      [HEX
>> DUMP]:3012821073736C312E766974616C70732E6E6574
>>  1002:d=3  hl=2 l=  31 cons: SEQUENCE
>>  1004:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Authority Key
>> Identifier
>>  1009:d=4  hl=2 l=  24 prim: OCTET STRING      [HEX
>> DUMP]:30168014D79B7CD822A015F7DDAD5FCE299B58C3BC4600B5
>>
>> Base64 TBSCertificate:
>> MIIEB6ADAgECAhAOuSInYmHx2ceEN0njIjW3MA0GCSqGSIb3DQEBBQUAMIG8MQswCQYDVQQGEwJV
>> UzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdv
>> cmsxOzA5BgNVBAsTMlRlcm1zIG9mIHVzZSBhdCBodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBh
>> IChjKTEwMTYwNAYDVQQDEy1WZXJpU2lnbiBDbGFzcyAzIEludGVybmF0aW9uYWwgU2VydmVyIENB
>> IC0gRzMwHhcNMTYwNzI5MDAwMDAwWhcNMTcwMjEwMjM1OTU5WjBxMQswCQYDVQQGEwJVUzEQMA4G
>> A1UECBMHR2VvcmdpYTERMA8GA1UEBxQIQ29sdW1idXMxDTALBgNVBAoUBFRTWVMxEzARBgNVBAsU
>> ClREUy1EYWxsYXMxGTAXBgNVBAMUEHNzbDEudml0YWxwcy5uZXQwggEiMA0GCSqGSIb3DQEBAQUA
>> A4IBDwAwggEKAoIBAQC0PUofY3n/0tAKdKFPeYpnf3Fd9mmZhmLxF2Eb8wqoPHJkqumU5tph0NCu
>> Y4t59rTA9IlhxBBjj9xIl3AGo6vWwhFCNiX3YRBcY8k5IOHst7iG7G1VVcfCkrGkd7hC1VZD2aZK
>> K5Jyyh+syrZSFfZGF0NEkhKtsZJSxRaQIX/bcZGyWBNx8JN4rjrzZFz1yyMCQvwgLGIpquNDZbaL
>> KAnwTJ8mckHfwDBeEDYXwhW2RcCQqGP3Q8fmQiaU4OoXZVIdJJKmC6cSmeBfd6V3TKRnQGOFip2c
>> qjNZzUU9a6uwOooAE4c5Ry9bgoN0Xxoh74U2gSls6JssQnXnnf0MoJDFAgMBAAGjggFlMIIBYTAJ
>> BgNVHRMEAjAAMGEGA1UdIARaMFgwVgYGZ4EMAQICMEwwIwYIKwYBBQUHAgEWF2h0dHBzOi8vZC5z
>> eW1jYi5jb20vY3BzMCUGCCsGAQUFBwICMBkaF2h0dHBzOi8vZC5zeW1jYi5jb20vcnBhMCsGA1Ud
>> HwQkMCIwIKAeoByGGmh0dHA6Ly9zZS5zeW1jYi5jb20vc2UuY3JsMB0GA1UdJQQWMBQGCCsGAQUF
>> BwMBBggrBgEFBQcDAjAOBgNVHQ8BAf8EBAMCBaAwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzAB
>> hhNodHRwOi8vc2Uuc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc2Uuc3ltY2IuY29tL3Nl
>> LmNydDAbBgNVHREEFDASghBzc2wxLnZpdGFscHMubmV0MB8GA1UdIwQYMBaAFNebfNgioBX33a1f
>> zimbWMO8RgC1
>>
>>
>> ----------------------------------------------
>>
>> ssl3.vitalps.net (based on https://crt.sh/?id=24732908)
>>
>> -----BEGIN CERTIFICATE-----
>> MIIFLjCCBBagAwIBAgIQZ+KRKfjS6C/HFeLNU6FfljANBgkqhkiG9w0BAQUFADCB
>> vDELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
>> ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug
>> YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykxMDE2MDQGA1UEAxMt
>> VmVyaVNpZ24gQ2xhc3MgMyBJbnRlcm5hdGlvbmFsIFNlcnZlciBDQSAtIEczMB4X
>> DTE1MDgwNDAwMDAwMFoXDTE2MDgwMzIzNTk1OVowdTELMAkGA1UEBhMCVVMxEDAO
>> BgNVBAgTB0dlb3JnaWExETAPBgNVBAcUCENvbHVtYnVzMQ0wCwYDVQQKFARUU1lT
>> MRcwFQYDVQQLFA5URFMtUE1OX0RhbGxhczEZMBcGA1UEAxQQc3NsMy52aXRhbHBz
>> Lm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALjTwLC8aVNGKOve
>> eaa3TjQRO2CeYlkLAn5Ayk+L4EO+CR+2x9+1Vc8tJ+13/+oP+vA+hNtMnvZ3FREs
>> tA2x1u89v3OWj88E0HUtmA8aPYUpTYeFJVf3j0AUE9KZ02IiXzPyLimJst2wgF4m
>> /TtmN3BPczcAnWX+6UN7ygpc/AFodgAJs82tZsm9rRSrgqNe3z5ZOFPDa2Tj+QPU
>> fKEw3mORc0dwgIdKbdCRNrs7UkymV54a1A3p55j99CD+Byid7Lc9PzJe1XscJlfJ
>> 5gtXcKWRyhRY7e9W5QQ+s4yVDZxvnoAcoAo0yldaSMDrEktPNg7Ydslg0XQYMA+W
>> w2uexxMCAwEAAaOCAXAwggFsMBsGA1UdEQQUMBKCEHNzbDMudml0YWxwcy5uZXQw
>> CQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBaAwKAYDVR0lBCEwHwYIKwYBBQUHAwEG
>> CCsGAQUFBwMCBglghkgBhvhCBAEwYQYDVR0gBFowWDBWBgZngQwBAgIwTDAjBggr
>> BgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIwGRoX
>> aHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwHwYDVR0jBBgwFoAU15t82CKgFffdrV/O
>> KZtYw7xGALUwKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3NlLnN5bWNiLmNvbS9z
>> ZS5jcmwwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vc2Uuc3lt
>> Y2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc2Uuc3ltY2IuY29tL3NlLmNydDAN
>> BgkqhkiG9w0BAQUFAAOCAQEAKuvE4RJZc0cjPjkVRbhQWTYYrKjJ/1BYxmNszNTM
>> P+3rUb3I2k4+UoczYjf/F/qaK9AL5TSopVcn2ds5EnFoKJtpvF/gF6PK1OUM4ViX
>> jOPQFvycZ+mR8JXcvZJVFZVNZ+RahkPKJShIzryj2ktvci/yX8K2asNCE4BjVDAs
>> 1p5mTz4RcjofgCxDy0KYd/d/rGfbA1fNli8nL92UuuzzU+EqrQM3im3iAqlNZSDO
>> XjXxTEqnkrylTnMmzf4aIgz8OxUEvsZmkq5UXySd778kt5oJ3I7URe6NhDJjBCR4
>> VgFSirUTR0Y7lAkNDZ8x+2S7S0SoR6mi9BtxhWP+EFbVWw==
>> -----END CERTIFICATE-----
>>
>> Parsed TBSCertificate:
>>     0:d=0  hl=4 l=1035 cons: SEQUENCE
>>     4:d=1  hl=2 l=   3 cons: cont [ 0 ]
>>     6:d=2  hl=2 l=   1 prim: INTEGER           :02
>>     9:d=1  hl=2 l=  16 prim: INTEGER
>> :426F395EE8DCEF5C9123F0FDA116B040
>>    27:d=1  hl=2 l=  13 cons: SEQUENCE
>>    29:d=2  hl=2 l=   9 prim: OBJECT            :sha1WithRSAEncryption
>>    40:d=2  hl=2 l=   0 prim: NULL
>>    42:d=1  hl=3 l= 188 cons: SEQUENCE
>>    45:d=2  hl=2 l=  11 cons: SET
>>    47:d=3  hl=2 l=   9 cons: SEQUENCE
>>    49:d=4  hl=2 l=   3 prim: OBJECT            :countryName
>>    54:d=4  hl=2 l=   2 prim: PRINTABLESTRING   :US
>>    58:d=2  hl=2 l=  23 cons: SET
>>    60:d=3  hl=2 l=  21 cons: SEQUENCE
>>    62:d=4  hl=2 l=   3 prim: OBJECT            :organizationName
>>    67:d=4  hl=2 l=  14 prim: PRINTABLESTRING   :VeriSign, Inc.
>>    83:d=2  hl=2 l=  31 cons: SET
>>    85:d=3  hl=2 l=  29 cons: SEQUENCE
>>    87:d=4  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
>>    92:d=4  hl=2 l=  22 prim: PRINTABLESTRING   :VeriSign Trust Network
>>   116:d=2  hl=2 l=  59 cons: SET
>>   118:d=3  hl=2 l=  57 cons: SEQUENCE
>>   120:d=4  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
>>   125:d=4  hl=2 l=  50 prim: PRINTABLESTRING   :Terms of use at
>> https://www.verisign.com/rpa (c)10
>>   177:d=2  hl=2 l=  54 cons: SET
>>   179:d=3  hl=2 l=  52 cons: SEQUENCE
>>   181:d=4  hl=2 l=   3 prim: OBJECT            :commonName
>>   186:d=4  hl=2 l=  45 prim: PRINTABLESTRING   :VeriSign Class 3
>> International Server CA - G3
>>   233:d=1  hl=2 l=  30 cons: SEQUENCE
>>   235:d=2  hl=2 l=  13 prim: UTCTIME           :160729000000Z
>>   250:d=2  hl=2 l=  13 prim: UTCTIME           :170210235959Z
>>   265:d=1  hl=2 l= 117 cons: SEQUENCE
>>   267:d=2  hl=2 l=  11 cons: SET
>>   269:d=3  hl=2 l=   9 cons: SEQUENCE
>>   271:d=4  hl=2 l=   3 prim: OBJECT            :countryName
>>   276:d=4  hl=2 l=   2 prim: PRINTABLESTRING   :US
>>   280:d=2  hl=2 l=  16 cons: SET
>>   282:d=3  hl=2 l=  14 cons: SEQUENCE
>>   284:d=4  hl=2 l=   3 prim: OBJECT            :stateOrProvinceName
>>   289:d=4  hl=2 l=   7 prim: PRINTABLESTRING   :Georgia
>>   298:d=2  hl=2 l=  17 cons: SET
>>   300:d=3  hl=2 l=  15 cons: SEQUENCE
>>   302:d=4  hl=2 l=   3 prim: OBJECT            :localityName
>>   307:d=4  hl=2 l=   8 prim: T61STRING         :Columbus
>>   317:d=2  hl=2 l=  13 cons: SET
>>   319:d=3  hl=2 l=  11 cons: SEQUENCE
>>   321:d=4  hl=2 l=   3 prim: OBJECT            :organizationName
>>   326:d=4  hl=2 l=   4 prim: T61STRING         :TSYS
>>   332:d=2  hl=2 l=  23 cons: SET
>>   334:d=3  hl=2 l=  21 cons: SEQUENCE
>>   336:d=4  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
>>   341:d=4  hl=2 l=  14 prim: T61STRING         :TDS-PMN_Dallas
>>   357:d=2  hl=2 l=  25 cons: SET
>>   359:d=3  hl=2 l=  23 cons: SEQUENCE
>>   361:d=4  hl=2 l=   3 prim: OBJECT            :commonName
>>   366:d=4  hl=2 l=  16 prim: T61STRING         :ssl3.vitalps.net
>>   384:d=1  hl=4 l= 290 cons: SEQUENCE
>>   388:d=2  hl=2 l=  13 cons: SEQUENCE
>>   390:d=3  hl=2 l=   9 prim: OBJECT            :rsaEncryption
>>   401:d=3  hl=2 l=   0 prim: NULL
>>   403:d=2  hl=4 l= 271 prim: BIT STRING
>>   678:d=1  hl=4 l= 357 cons: cont [ 3 ]
>>   682:d=2  hl=4 l= 353 cons: SEQUENCE
>>   686:d=3  hl=2 l=   9 cons: SEQUENCE
>>   688:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Basic Constraints
>>   693:d=4  hl=2 l=   2 prim: OCTET STRING      [HEX DUMP]:3000
>>   697:d=3  hl=2 l=  97 cons: SEQUENCE
>>   699:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Certificate Policies
>>   704:d=4  hl=2 l=  90 prim: OCTET STRING      [HEX
>> DUMP]:30583056060667810C010202304C302306082B06010505070201161768747470733A2F
>> 2F642E73796D63622E636F6D2F637073302506082B0601050507020230191A1768747470733A
>> 2F2F642E73796D63622E636F6D2F727061
>>   796:d=3  hl=2 l=  43 cons: SEQUENCE
>>   798:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 CRL Distribution
>> Points
>>   803:d=4  hl=2 l=  36 prim: OCTET STRING      [HEX
>> DUMP]:30223020A01EA01C861A687474703A2F2F73652E73796D63622E636F6D2F73652E6372
>> 6C
>>   841:d=3  hl=2 l=  29 cons: SEQUENCE
>>   843:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Extended Key Usage
>>   848:d=4  hl=2 l=  22 prim: OCTET STRING      [HEX
>> DUMP]:301406082B0601050507030106082B06010505070302
>>   872:d=3  hl=2 l=  14 cons: SEQUENCE
>>   874:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Key Usage
>>   879:d=4  hl=2 l=   1 prim: BOOLEAN           :255
>>   882:d=4  hl=2 l=   4 prim: OCTET STRING      [HEX DUMP]:030205A0
>>   888:d=3  hl=2 l=  87 cons: SEQUENCE
>>   890:d=4  hl=2 l=   8 prim: OBJECT            :Authority Information Access
>>   900:d=4  hl=2 l=  75 prim: OCTET STRING      [HEX
>> DUMP]:3049301F06082B060105050730018613687474703A2F2F73652E73796D63642E636F6D
>> 302606082B06010505073002861A687474703A2F2F73652E73796D63622E636F6D2F73652E63
>> 7274
>>   977:d=3  hl=2 l=  27 cons: SEQUENCE
>>   979:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Subject Alternative
>> Name
>>   984:d=4  hl=2 l=  20 prim: OCTET STRING      [HEX
>> DUMP]:3012821073736C332E766974616C70732E6E6574
>>  1006:d=3  hl=2 l=  31 cons: SEQUENCE
>>  1008:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Authority Key
>> Identifier
>>  1013:d=4  hl=2 l=  24 prim: OCTET STRING      [HEX
>> DUMP]:30168014D79B7CD822A015F7DDAD5FCE299B58C3BC4600B5
>>
>> Base64 TBSCertificate:
>> MIIEC6ADAgECAhBCbzle6NzvXJEj8P2hFrBAMA0GCSqGSIb3DQEBBQUAMIG8MQswCQYDVQQGEwJV
>> UzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdv
>> cmsxOzA5BgNVBAsTMlRlcm1zIG9mIHVzZSBhdCBodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBh
>> IChjKTEwMTYwNAYDVQQDEy1WZXJpU2lnbiBDbGFzcyAzIEludGVybmF0aW9uYWwgU2VydmVyIENB
>> IC0gRzMwHhcNMTYwNzI5MDAwMDAwWhcNMTcwMjEwMjM1OTU5WjB1MQswCQYDVQQGEwJVUzEQMA4G
>> A1UECBMHR2VvcmdpYTERMA8GA1UEBxQIQ29sdW1idXMxDTALBgNVBAoUBFRTWVMxFzAVBgNVBAsU
>> DlREUy1QTU5fRGFsbGFzMRkwFwYDVQQDFBBzc2wzLnZpdGFscHMubmV0MIIBIjANBgkqhkiG9w0B
>> AQEFAAOCAQ8AMIIBCgKCAQEAuNPAsLxpU0Yo6955prdONBE7YJ5iWQsCfkDKT4vgQ74JH7bH37VV
>> zy0n7Xf/6g/68D6E20ye9ncVESy0DbHW7z2/c5aPzwTQdS2YDxo9hSlNh4UlV/ePQBQT0pnTYiJf
>> M/IuKYmy3bCAXib9O2Y3cE9zNwCdZf7pQ3vKClz8AWh2AAmzza1myb2tFKuCo17fPlk4U8NrZOP5
>> A9R8oTDeY5FzR3CAh0pt0JE2uztSTKZXnhrUDennmP30IP4HKJ3stz0/Ml7VexwmV8nmC1dwpZHK
>> FFjt71blBD6zjJUNnG+egBygCjTKV1pIwOsSS082Dth2yWDRdBgwD5bDa57HEwIDAQABo4IBZTCC
>> AWEwCQYDVR0TBAIwADBhBgNVHSAEWjBYMFYGBmeBDAECAjBMMCMGCCsGAQUFBwIBFhdodHRwczov
>> L2Quc3ltY2IuY29tL2NwczAlBggrBgEFBQcCAjAZGhdodHRwczovL2Quc3ltY2IuY29tL3JwYTAr
>> BgNVHR8EJDAiMCCgHqAchhpodHRwOi8vc2Uuc3ltY2IuY29tL3NlLmNybDAdBgNVHSUEFjAUBggr
>> BgEFBQcDAQYIKwYBBQUHAwIwDgYDVR0PAQH/BAQDAgWgMFcGCCsGAQUFBwEBBEswSTAfBggrBgEF
>> BQcwAYYTaHR0cDovL3NlLnN5bWNkLmNvbTAmBggrBgEFBQcwAoYaaHR0cDovL3NlLnN5bWNiLmNv
>> bS9zZS5jcnQwGwYDVR0RBBQwEoIQc3NsMy52aXRhbHBzLm5ldDAfBgNVHSMEGDAWgBTXm3zYIqAV
>> 992tX84pm1jDvEYAtQ==
>>
>>
>> -------------------------------------------
>>
>> ssl2.vitalps.net (based on a cert not logged in crt.sh)
>>
>> -----BEGIN CERTIFICATE-----
>> MIIFLjCCBBagAwIBAgIQFW3Uf33gwGxNETp8o3IHkzANBgkqhkiG9w0BAQUFADCB
>> vDELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
>> ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug
>> YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykxMDE2MDQGA1UEAxMt
>> VmVyaVNpZ24gQ2xhc3MgMyBJbnRlcm5hdGlvbmFsIFNlcnZlciBDQSAtIEczMB4X
>> DTE0MDcxMTAwMDAwMFoXDTE2MDgzMDIzNTk1OVowcTELMAkGA1UEBhMCVVMxEDAO
>> BgNVBAgTB0dlb3JnaWExETAPBgNVBAcUCENvbHVtYnVzMQ0wCwYDVQQKFARUU1lT
>> MRMwEQYDVQQLFApURFMtUmVzdG9uMRkwFwYDVQQDFBBzc2wyLnZpdGFscHMubmV0
>> MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs7SWO9dIJIhhj27rPAFf
>> DFQNzCB9op6vy8kw566fo7hwRRA3qqTts6tsjsw7qLzblX2wu4vSNkpmCUqbxKge
>> KUGWdxzth7KctXn1MlKA15uSMxkXjlKe7d25MoImWLcZA/sXVGReATzpR0kaXujy
>> 7k2prk5hOZY/PaIc6270PuFh6gukXiaDf7eAIvijS40V4xll52L0WhpjIMaDXnTo
>> WkDbGXH6YqT/IritvAGM2IRZPWrhE2YrvDlwVoXnkxPGlT9is5kDkBJ02OZYTd7/
>> BuRZO9GR1tQY8esd2KQw5KQlFIaW5wXaNTXRlJ3R+13oAzsrq51kPVeUbhzkJ5Ce
>> 6QIDAQABo4IBdDCCAXAwGwYDVR0RBBQwEoIQc3NsMi52aXRhbHBzLm5ldDAJBgNV
>> HRMEAjAAMA4GA1UdDwEB/wQEAwIFoDAoBgNVHSUEITAfBggrBgEFBQcDAQYIKwYB
>> BQUHAwIGCWCGSAGG+EIEATBlBgNVHSAEXjBcMFoGCmCGSAGG+EUBBzYwTDAjBggr
>> BgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIwGRoX
>> aHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwHwYDVR0jBBgwFoAU15t82CKgFffdrV/O
>> KZtYw7xGALUwKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3NlLnN5bWNiLmNvbS9z
>> ZS5jcmwwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vc2Uuc3lt
>> Y2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc2Uuc3ltY2IuY29tL3NlLmNydDAN
>> BgkqhkiG9w0BAQUFAAOCAQEAVwlUXrDLP2LKmX8PmscxPv1k8pzUmOB2XRegkWLj
>> D1Bsc1U/FbuVWlgkg8aIeqm1yqwnX/b/67Jlop1kOxGcTXgl9TA5uQSYRSWqejFO
>> 1CsM56ScFHFuW76EhXHUX36tqRF+MSPcMRr8lWA1DJQeNKmdjfPYvwUggnkH5/rm
>> yRZk0OSRhpQTrCuYTq1xFuS+tyKiYnq6ocaQwDfbD+nvvzVf8x8qvPFt61HMzUzP
>> ydVKbv2QwAQBjy0dUxEkJ6O8hnK1hU8F3qc4wRu+Ge1ofSdfssyWjYLFI66IRBTD
>> 2XmvyE9c680wPZv90uHz9eWBR7yGF1hP0V8fXsM4ldJksA==
>> -----END CERTIFICATE-----
>>
>> Parsed TBSCertificate:
>>     0:d=0  hl=4 l=1031 cons: SEQUENCE
>>     4:d=1  hl=2 l=   3 cons: cont [ 0 ]
>>     6:d=2  hl=2 l=   1 prim: INTEGER           :02
>>     9:d=1  hl=2 l=  16 prim: INTEGER
>> :7CD54ACFA6E1738BA8449A38CA09BE1E
>>    27:d=1  hl=2 l=  13 cons: SEQUENCE
>>    29:d=2  hl=2 l=   9 prim: OBJECT            :sha1WithRSAEncryption
>>    40:d=2  hl=2 l=   0 prim: NULL
>>    42:d=1  hl=3 l= 188 cons: SEQUENCE
>>    45:d=2  hl=2 l=  11 cons: SET
>>    47:d=3  hl=2 l=   9 cons: SEQUENCE
>>    49:d=4  hl=2 l=   3 prim: OBJECT            :countryName
>>    54:d=4  hl=2 l=   2 prim: PRINTABLESTRING   :US
>>    58:d=2  hl=2 l=  23 cons: SET
>>    60:d=3  hl=2 l=  21 cons: SEQUENCE
>>    62:d=4  hl=2 l=   3 prim: OBJECT            :organizationName
>>    67:d=4  hl=2 l=  14 prim: PRINTABLESTRING   :VeriSign, Inc.
>>    83:d=2  hl=2 l=  31 cons: SET
>>    85:d=3  hl=2 l=  29 cons: SEQUENCE
>>    87:d=4  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
>>    92:d=4  hl=2 l=  22 prim: PRINTABLESTRING   :VeriSign Trust Network
>>   116:d=2  hl=2 l=  59 cons: SET
>>   118:d=3  hl=2 l=  57 cons: SEQUENCE
>>   120:d=4  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
>>   125:d=4  hl=2 l=  50 prim: PRINTABLESTRING   :Terms of use at
>> https://www.verisign.com/rpa (c)10
>>   177:d=2  hl=2 l=  54 cons: SET
>>   179:d=3  hl=2 l=  52 cons: SEQUENCE
>>   181:d=4  hl=2 l=   3 prim: OBJECT            :commonName
>>   186:d=4  hl=2 l=  45 prim: PRINTABLESTRING   :VeriSign Class 3
>> International Server CA - G3
>>   233:d=1  hl=2 l=  30 cons: SEQUENCE
>>   235:d=2  hl=2 l=  13 prim: UTCTIME           :160729000000Z
>>   250:d=2  hl=2 l=  13 prim: UTCTIME           :170210235959Z
>>   265:d=1  hl=2 l= 113 cons: SEQUENCE
>>   267:d=2  hl=2 l=  11 cons: SET
>>   269:d=3  hl=2 l=   9 cons: SEQUENCE
>>   271:d=4  hl=2 l=   3 prim: OBJECT            :countryName
>>   276:d=4  hl=2 l=   2 prim: PRINTABLESTRING   :US
>>   280:d=2  hl=2 l=  16 cons: SET
>>   282:d=3  hl=2 l=  14 cons: SEQUENCE
>>   284:d=4  hl=2 l=   3 prim: OBJECT            :stateOrProvinceName
>>   289:d=4  hl=2 l=   7 prim: PRINTABLESTRING   :Georgia
>>   298:d=2  hl=2 l=  17 cons: SET
>>   300:d=3  hl=2 l=  15 cons: SEQUENCE
>>   302:d=4  hl=2 l=   3 prim: OBJECT            :localityName
>>   307:d=4  hl=2 l=   8 prim: T61STRING         :Columbus
>>   317:d=2  hl=2 l=  13 cons: SET
>>   319:d=3  hl=2 l=  11 cons: SEQUENCE
>>   321:d=4  hl=2 l=   3 prim: OBJECT            :organizationName
>>   326:d=4  hl=2 l=   4 prim: T61STRING         :TSYS
>>   332:d=2  hl=2 l=  19 cons: SET
>>   334:d=3  hl=2 l=  17 cons: SEQUENCE
>>   336:d=4  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
>>   341:d=4  hl=2 l=  10 prim: T61STRING         :TDS-Reston
>>   353:d=2  hl=2 l=  25 cons: SET
>>   355:d=3  hl=2 l=  23 cons: SEQUENCE
>>   357:d=4  hl=2 l=   3 prim: OBJECT            :commonName
>>   362:d=4  hl=2 l=  16 prim: T61STRING         :ssl2.vitalps.net
>>   380:d=1  hl=4 l= 290 cons: SEQUENCE
>>   384:d=2  hl=2 l=  13 cons: SEQUENCE
>>   386:d=3  hl=2 l=   9 prim: OBJECT            :rsaEncryption
>>   397:d=3  hl=2 l=   0 prim: NULL
>>   399:d=2  hl=4 l= 271 prim: BIT STRING
>>   674:d=1  hl=4 l= 357 cons: cont [ 3 ]
>>   678:d=2  hl=4 l= 353 cons: SEQUENCE
>>   682:d=3  hl=2 l=   9 cons: SEQUENCE
>>   684:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Basic Constraints
>>   689:d=4  hl=2 l=   2 prim: OCTET STRING      [HEX DUMP]:3000
>>   693:d=3  hl=2 l=  97 cons: SEQUENCE
>>   695:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Certificate Policies
>>   700:d=4  hl=2 l=  90 prim: OCTET STRING      [HEX
>> DUMP]:30583056060667810C010202304C302306082B06010505070201161768747470733A2F
>> 2F642E73796D63622E636F6D2F637073302506082B0601050507020230191A1768747470733A
>> 2F2F642E73796D63622E636F6D2F727061
>>   792:d=3  hl=2 l=  43 cons: SEQUENCE
>>   794:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 CRL Distribution
>> Points
>>   799:d=4  hl=2 l=  36 prim: OCTET STRING      [HEX
>> DUMP]:30223020A01EA01C861A687474703A2F2F73652E73796D63622E636F6D2F73652E6372
>> 6C
>>   837:d=3  hl=2 l=  29 cons: SEQUENCE
>>   839:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Extended Key Usage
>>   844:d=4  hl=2 l=  22 prim: OCTET STRING      [HEX
>> DUMP]:301406082B0601050507030106082B06010505070302
>>   868:d=3  hl=2 l=  14 cons: SEQUENCE
>>   870:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Key Usage
>>   875:d=4  hl=2 l=   1 prim: BOOLEAN           :255
>>   878:d=4  hl=2 l=   4 prim: OCTET STRING      [HEX DUMP]:030205A0
>>   884:d=3  hl=2 l=  87 cons: SEQUENCE
>>   886:d=4  hl=2 l=   8 prim: OBJECT            :Authority Information Access
>>   896:d=4  hl=2 l=  75 prim: OCTET STRING      [HEX
>> DUMP]:3049301F06082B060105050730018613687474703A2F2F73652E73796D63642E636F6D
>> 302606082B06010505073002861A687474703A2F2F73652E73796D63622E636F6D2F73652E63
>> 7274
>>   973:d=3  hl=2 l=  27 cons: SEQUENCE
>>   975:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Subject Alternative
>> Name
>>   980:d=4  hl=2 l=  20 prim: OCTET STRING      [HEX
>> DUMP]:3012821073736C322E766974616C70732E6E6574
>>  1002:d=3  hl=2 l=  31 cons: SEQUENCE
>>  1004:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Authority Key
>> Identifier
>>  1009:d=4  hl=2 l=  24 prim: OCTET STRING      [HEX
>> DUMP]:30168014D79B7CD822A015F7DDAD5FCE299B58C3BC4600B5
>>
>> Base64 TBSCertificate:
>> MIIEB6ADAgECAhB81UrPpuFzi6hEmjjKCb4eMA0GCSqGSIb3DQEBBQUAMIG8MQswCQYDVQQGEwJV
>> UzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdv
>> cmsxOzA5BgNVBAsTMlRlcm1zIG9mIHVzZSBhdCBodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBh
>> IChjKTEwMTYwNAYDVQQDEy1WZXJpU2lnbiBDbGFzcyAzIEludGVybmF0aW9uYWwgU2VydmVyIENB
>> IC0gRzMwHhcNMTYwNzI5MDAwMDAwWhcNMTcwMjEwMjM1OTU5WjBxMQswCQYDVQQGEwJVUzEQMA4G
>> A1UECBMHR2VvcmdpYTERMA8GA1UEBxQIQ29sdW1idXMxDTALBgNVBAoUBFRTWVMxEzARBgNVBAsU
>> ClREUy1SZXN0b24xGTAXBgNVBAMUEHNzbDIudml0YWxwcy5uZXQwggEiMA0GCSqGSIb3DQEBAQUA
>> A4IBDwAwggEKAoIBAQCztJY710gkiGGPbus8AV8MVA3MIH2inq/LyTDnrp+juHBFEDeqpO2zq2yO
>> zDuovNuVfbC7i9I2SmYJSpvEqB4pQZZ3HO2Hspy1efUyUoDXm5IzGReOUp7t3bkygiZYtxkD+xdU
>> ZF4BPOlHSRpe6PLuTamuTmE5lj89ohzrbvQ+4WHqC6ReJoN/t4Ai+KNLjRXjGWXnYvRaGmMgxoNe
>> dOhaQNsZcfpipP8iuK28AYzYhFk9auETZiu8OXBWheeTE8aVP2KzmQOQEnTY5lhN3v8G5Fk70ZHW
>> 1Bjx6x3YpDDkpCUUhpbnBdo1NdGUndH7XegDOyurnWQ9V5RuHOQnkJ7pAgMBAAGjggFlMIIBYTAJ
>> BgNVHRMEAjAAMGEGA1UdIARaMFgwVgYGZ4EMAQICMEwwIwYIKwYBBQUHAgEWF2h0dHBzOi8vZC5z
>> eW1jYi5jb20vY3BzMCUGCCsGAQUFBwICMBkaF2h0dHBzOi8vZC5zeW1jYi5jb20vcnBhMCsGA1Ud
>> HwQkMCIwIKAeoByGGmh0dHA6Ly9zZS5zeW1jYi5jb20vc2UuY3JsMB0GA1UdJQQWMBQGCCsGAQUF
>> BwMBBggrBgEFBQcDAjAOBgNVHQ8BAf8EBAMCBaAwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzAB
>> hhNodHRwOi8vc2Uuc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc2Uuc3ltY2IuY29tL3Nl
>> LmNydDAbBgNVHREEFDASghBzc2wyLnZpdGFscHMubmV0MB8GA1UdIwQYMBaAFNebfNgioBX33a1f
>> zimbWMO8RgC1
>>
>>
>> ---------------------------------------------
>>
>> ssl2.vitalps.net (based https://crt.sh/?id=24732905)
>>
>> -----BEGIN CERTIFICATE-----
>> MIIFLjCCBBagAwIBAgIQC2txgNGyPR3F31kjsev70TANBgkqhkiG9w0BAQUFADCB
>> vDELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
>> ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug
>> YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykxMDE2MDQGA1UEAxMt
>> VmVyaVNpZ24gQ2xhc3MgMyBJbnRlcm5hdGlvbmFsIFNlcnZlciBDQSAtIEczMB4X
>> DTE0MDcxMTAwMDAwMFoXDTE2MDgzMDIzNTk1OVowcTELMAkGA1UEBhMCVVMxEDAO
>> BgNVBAgTB0dlb3JnaWExETAPBgNVBAcUCENvbHVtYnVzMQ0wCwYDVQQKFARUU1lT
>> MRMwEQYDVQQLFApURFMtRGFsbGFzMRkwFwYDVQQDFBBzc2wyLnZpdGFscHMubmV0
>> MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt7h6ItxaeRllDNDzqJSD
>> 6YxRZ/IQjGMAJGSq3vIwo8rof17S2PdtMFZpHA4G0ueZJm0cVcNKprJ1M5ykwzVo
>> fc+i1z3DjmlxSK4HjL9B6vDuUQGLgasYrvR3pAosKGkucQQW0/mFWpOKwrpXfYss
>> zAIgLc0bU1QJHKF14re6FRo1sX4JxU0xlaK/+Q0kdUQVPYdG4A57Uvz7C1/u9/Jt
>> vP+1OKxn0fEwclZa9Hug4yi9llLjEHNHs0sPc2g/2nFmBOSpzUutnr8oqomgM0Of
>> UhgFmPbsRZ0jzYxR0HZ7RQ+Eg3UJcDwQqmp14iw2dWAJKbmVsdOy8FT6TGOk9Paz
>> HQIDAQABo4IBdDCCAXAwGwYDVR0RBBQwEoIQc3NsMi52aXRhbHBzLm5ldDAJBgNV
>> HRMEAjAAMA4GA1UdDwEB/wQEAwIFoDAoBgNVHSUEITAfBggrBgEFBQcDAQYIKwYB
>> BQUHAwIGCWCGSAGG+EIEATBlBgNVHSAEXjBcMFoGCmCGSAGG+EUBBzYwTDAjBggr
>> BgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIwGRoX
>> aHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwHwYDVR0jBBgwFoAU15t82CKgFffdrV/O
>> KZtYw7xGALUwKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3NlLnN5bWNiLmNvbS9z
>> ZS5jcmwwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vc2Uuc3lt
>> Y2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc2Uuc3ltY2IuY29tL3NlLmNydDAN
>> BgkqhkiG9w0BAQUFAAOCAQEAZGQ7qWXzrHZbrnJBbcy8vtTxfz6ScUpmdhNsHtqA
>> zibYmUerfme6vcfI+a3RntUdeh2bP/g28hWsJeUOBWOH2jewa9SvFDWeA+an2ICO
>> qK1aFEM2zbJxRoSmFYNwogISVhNWs895zGyQEGcfSHhh8R+PTZdu1AoSgZ33RKc/
>> mhnVyr1aLdymLzQ+hz4D5j2qVyO3JqJjrqiQKxFKsp/AOVU/UCeWjSumcd2Ff6fw
>> VL6TvBa+QGnHFFFzUadkyf8LjGTFxwN65Ft4Rd/EcI+6hrfLn8ivJ+sh616wesB4
>> OvX9A29d6wJqVPIL9vmD8l+4akKpFZi0rLtb5e6FmpWy1Q==
>> -----END CERTIFICATE-----
>>
>> Parsed TBSCertificate:
>>     0:d=0  hl=4 l=1031 cons: SEQUENCE
>>     4:d=1  hl=2 l=   3 cons: cont [ 0 ]
>>     6:d=2  hl=2 l=   1 prim: INTEGER           :02
>>     9:d=1  hl=2 l=  16 prim: INTEGER
>> :1A7737CFE654ED95E0B42A90DB357BB9
>>    27:d=1  hl=2 l=  13 cons: SEQUENCE
>>    29:d=2  hl=2 l=   9 prim: OBJECT            :sha1WithRSAEncryption
>>    40:d=2  hl=2 l=   0 prim: NULL
>>    42:d=1  hl=3 l= 188 cons: SEQUENCE
>>    45:d=2  hl=2 l=  11 cons: SET
>>    47:d=3  hl=2 l=   9 cons: SEQUENCE
>>    49:d=4  hl=2 l=   3 prim: OBJECT            :countryName
>>    54:d=4  hl=2 l=   2 prim: PRINTABLESTRING   :US
>>    58:d=2  hl=2 l=  23 cons: SET
>>    60:d=3  hl=2 l=  21 cons: SEQUENCE
>>    62:d=4  hl=2 l=   3 prim: OBJECT            :organizationName
>>    67:d=4  hl=2 l=  14 prim: PRINTABLESTRING   :VeriSign, Inc.
>>    83:d=2  hl=2 l=  31 cons: SET
>>    85:d=3  hl=2 l=  29 cons: SEQUENCE
>>    87:d=4  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
>>    92:d=4  hl=2 l=  22 prim: PRINTABLESTRING   :VeriSign Trust Network
>>   116:d=2  hl=2 l=  59 cons: SET
>>   118:d=3  hl=2 l=  57 cons: SEQUENCE
>>   120:d=4  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
>>   125:d=4  hl=2 l=  50 prim: PRINTABLESTRING   :Terms of use at
>> https://www.verisign.com/rpa (c)10
>>   177:d=2  hl=2 l=  54 cons: SET
>>   179:d=3  hl=2 l=  52 cons: SEQUENCE
>>   181:d=4  hl=2 l=   3 prim: OBJECT            :commonName
>>   186:d=4  hl=2 l=  45 prim: PRINTABLESTRING   :VeriSign Class 3
>> International Server CA - G3
>>   233:d=1  hl=2 l=  30 cons: SEQUENCE
>>   235:d=2  hl=2 l=  13 prim: UTCTIME           :160729000000Z
>>   250:d=2  hl=2 l=  13 prim: UTCTIME           :170210235959Z
>>   265:d=1  hl=2 l= 113 cons: SEQUENCE
>>   267:d=2  hl=2 l=  11 cons: SET
>>   269:d=3  hl=2 l=   9 cons: SEQUENCE
>>   271:d=4  hl=2 l=   3 prim: OBJECT            :countryName
>>   276:d=4  hl=2 l=   2 prim: PRINTABLESTRING   :US
>>   280:d=2  hl=2 l=  16 cons: SET
>>   282:d=3  hl=2 l=  14 cons: SEQUENCE
>>   284:d=4  hl=2 l=   3 prim: OBJECT            :stateOrProvinceName
>>   289:d=4  hl=2 l=   7 prim: PRINTABLESTRING   :Georgia
>>   298:d=2  hl=2 l=  17 cons: SET
>>   300:d=3  hl=2 l=  15 cons: SEQUENCE
>>   302:d=4  hl=2 l=   3 prim: OBJECT            :localityName
>>   307:d=4  hl=2 l=   8 prim: T61STRING         :Columbus
>>   317:d=2  hl=2 l=  13 cons: SET
>>   319:d=3  hl=2 l=  11 cons: SEQUENCE
>>   321:d=4  hl=2 l=   3 prim: OBJECT            :organizationName
>>   326:d=4  hl=2 l=   4 prim: T61STRING         :TSYS
>>   332:d=2  hl=2 l=  19 cons: SET
>>   334:d=3  hl=2 l=  17 cons: SEQUENCE
>>   336:d=4  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
>>   341:d=4  hl=2 l=  10 prim: T61STRING         :TDS-Dallas
>>   353:d=2  hl=2 l=  25 cons: SET
>>   355:d=3  hl=2 l=  23 cons: SEQUENCE
>>   357:d=4  hl=2 l=   3 prim: OBJECT            :commonName
>>   362:d=4  hl=2 l=  16 prim: T61STRING         :ssl2.vitalps.net
>>   380:d=1  hl=4 l= 290 cons: SEQUENCE
>>   384:d=2  hl=2 l=  13 cons: SEQUENCE
>>   386:d=3  hl=2 l=   9 prim: OBJECT            :rsaEncryption
>>   397:d=3  hl=2 l=   0 prim: NULL
>>   399:d=2  hl=4 l= 271 prim: BIT STRING
>>   674:d=1  hl=4 l= 357 cons: cont [ 3 ]
>>   678:d=2  hl=4 l= 353 cons: SEQUENCE
>>   682:d=3  hl=2 l=   9 cons: SEQUENCE
>>   684:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Basic Constraints
>>   689:d=4  hl=2 l=   2 prim: OCTET STRING      [HEX DUMP]:3000
>>   693:d=3  hl=2 l=  97 cons: SEQUENCE
>>   695:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Certificate Policies
>>   700:d=4  hl=2 l=  90 prim: OCTET STRING      [HEX
>> DUMP]:30583056060667810C010202304C302306082B06010505070201161768747470733A2F
>> 2F642E73796D63622E636F6D2F637073302506082B0601050507020230191A1768747470733A
>> 2F2F642E73796D63622E636F6D2F727061
>>   792:d=3  hl=2 l=  43 cons: SEQUENCE
>>   794:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 CRL Distribution
>> Points
>>   799:d=4  hl=2 l=  36 prim: OCTET STRING      [HEX
>> DUMP]:30223020A01EA01C861A687474703A2F2F73652E73796D63622E636F6D2F73652E6372
>> 6C
>>   837:d=3  hl=2 l=  29 cons: SEQUENCE
>>   839:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Extended Key Usage
>>   844:d=4  hl=2 l=  22 prim: OCTET STRING      [HEX
>> DUMP]:301406082B0601050507030106082B06010505070302
>>   868:d=3  hl=2 l=  14 cons: SEQUENCE
>>   870:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Key Usage
>>   875:d=4  hl=2 l=   1 prim: BOOLEAN           :255
>>   878:d=4  hl=2 l=   4 prim: OCTET STRING      [HEX DUMP]:030205A0
>>   884:d=3  hl=2 l=  87 cons: SEQUENCE
>>   886:d=4  hl=2 l=   8 prim: OBJECT            :Authority Information Access
>>   896:d=4  hl=2 l=  75 prim: OCTET STRING      [HEX
>> DUMP]:3049301F06082B060105050730018613687474703A2F2F73652E73796D63642E636F6D
>> 302606082B06010505073002861A687474703A2F2F73652E73796D63622E636F6D2F73652E63
>> 7274
>>   973:d=3  hl=2 l=  27 cons: SEQUENCE
>>   975:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Subject Alternative
>> Name
>>   980:d=4  hl=2 l=  20 prim: OCTET STRING      [HEX
>> DUMP]:3012821073736C322E766974616C70732E6E6574
>>  1002:d=3  hl=2 l=  31 cons: SEQUENCE
>>  1004:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Authority Key
>> Identifier
>>  1009:d=4  hl=2 l=  24 prim: OCTET STRING      [HEX
>> DUMP]:30168014D79B7CD822A015F7DDAD5FCE299B58C3BC4600B5
>>
>> Base64 TBSCertificate:
>> MIIEB6ADAgECAhAadzfP5lTtleC0KpDbNXu5MA0GCSqGSIb3DQEBBQUAMIG8MQswCQYDVQQGEwJV
>> UzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdv
>> cmsxOzA5BgNVBAsTMlRlcm1zIG9mIHVzZSBhdCBodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBh
>> IChjKTEwMTYwNAYDVQQDEy1WZXJpU2lnbiBDbGFzcyAzIEludGVybmF0aW9uYWwgU2VydmVyIENB
>> IC0gRzMwHhcNMTYwNzI5MDAwMDAwWhcNMTcwMjEwMjM1OTU5WjBxMQswCQYDVQQGEwJVUzEQMA4G
>> A1UECBMHR2VvcmdpYTERMA8GA1UEBxQIQ29sdW1idXMxDTALBgNVBAoUBFRTWVMxEzARBgNVBAsU
>> ClREUy1EYWxsYXMxGTAXBgNVBAMUEHNzbDIudml0YWxwcy5uZXQwggEiMA0GCSqGSIb3DQEBAQUA
>> A4IBDwAwggEKAoIBAQC3uHoi3Fp5GWUM0POolIPpjFFn8hCMYwAkZKre8jCjyuh/XtLY920wVmkc
>> DgbS55kmbRxVw0qmsnUznKTDNWh9z6LXPcOOaXFIrgeMv0Hq8O5RAYuBqxiu9HekCiwoaS5xBBbT
>> +YVak4rCuld9iyzMAiAtzRtTVAkcoXXit7oVGjWxfgnFTTGVor/5DSR1RBU9h0bgDntS/PsLX+73
>> 8m28/7U4rGfR8TByVlr0e6DjKL2WUuMQc0ezSw9zaD/acWYE5KnNS62evyiqiaAzQ59SGAWY9uxF
>> nSPNjFHQdntFD4SDdQlwPBCqanXiLDZ1YAkpuZWx07LwVPpMY6T09rMdAgMBAAGjggFlMIIBYTAJ
>> BgNVHRMEAjAAMGEGA1UdIARaMFgwVgYGZ4EMAQICMEwwIwYIKwYBBQUHAgEWF2h0dHBzOi8vZC5z
>> eW1jYi5jb20vY3BzMCUGCCsGAQUFBwICMBkaF2h0dHBzOi8vZC5zeW1jYi5jb20vcnBhMCsGA1Ud
>> HwQkMCIwIKAeoByGGmh0dHA6Ly9zZS5zeW1jYi5jb20vc2UuY3JsMB0GA1UdJQQWMBQGCCsGAQUF
>> BwMBBggrBgEFBQcDAjAOBgNVHQ8BAf8EBAMCBaAwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzAB
>> hhNodHRwOi8vc2Uuc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc2Uuc3ltY2IuY29tL3Nl
>> LmNydDAbBgNVHREEFDASghBzc2wyLnZpdGFscHMubmV0MB8GA1UdIwQYMBaAFNebfNgioBX33a1f
>> zimbWMO8RgC1
>>
>>
>> -----Original Message-----
>> From: public-bounces at cabforum.org
>> Sent: Friday, July 15, 2016 7:48 PM
>>
>> Subject: [cabfpub] Application for SHA-1 Issuance
>>
>> Enclosed please find the application for SHA-1 issuance presented on behalf
>> of our client. Note that the application was fully completed by the client.
>>
>> In addition, please find the TBS certificates generated by Symantec.
>>
>> Accompanying each TBSCertificate is a crt.sh link to the corresponding SHA-2
>> certificate issued by our online system as a prerequisite, so that we
>> capture evidence of authentication and verification of the information in
>> the certificate. The TBSCertificates differ from these certificates by
>> Issuer name, because our online systems can sign only with SHA-2 issuers.
>> And since the Issuer name is different, corresponding extensions (CDP, AIA,
>> AKI) are different as well.
>>
>> The TBSCertificates do not include public keys from older CT-logged
>> certificates; they include public keys that correspond to private keys that
>> were recently generated on the servers and that await the approval of these
>> requests. The customer uses a CDN that uses OpenSSL to generate key pairs
>> from a secure server. A separate secure server is used for private key
>> pass-phrase retention.
>>
>> As this is the first time this is being done, there may be follow-up
>> questions or items that were inadvertently omitted which we are happy to
>> address.
>>
>> We ask that the community give good consideration to this request.
>>
>> One thing you will notice is the validity date extends to Feb 10, 2017. In
>> the payment industry, 31 December is an absolutely horrible time to make a
>> change as it represents one of the peak times for traffic. The client has
>> aligned the date with the published Microsoft end date for SHA-1.
>>
>> Thank you,
>>
>> Dean Coclin
>> Symantec
>>
>>
>>
>>
>>
>>
>>
>> _______________________________________________
>> Public mailing list
>> Public at cabforum.org
>> https://cabforum.org/mailman/listinfo/public
>>
>

-- 
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
Office Tel: +44.(0)1274.730505
Office Fax: +44.(0)1274.730909
www.comodo.com

COMODO CA Limited, Registered in England No. 04058690
Registered Office:
   3rd Floor, 26 Office Village, Exchange Quay,
   Trafford Road, Salford, Manchester M5 3EQ

This e-mail and any files transmitted with it are confidential and 
intended solely for the use of the individual or entity to whom they are 
addressed.  If you have received this email in error please notify the 
sender by replying to the e-mail containing this attachment. Replies to 
this email may be monitored by COMODO for operational or business 
reasons. Whilst every endeavour is taken to ensure that e-mails are free 
from viruses, no liability can be accepted and the recipient is 
requested to use their own virus checking software.



More information about the Public mailing list