[cabfpub] Application for SHA-1 Issuance
Dean Coclin
Dean_Coclin at symantec.com
Sat Jul 23 00:28:13 UTC 2016
Thanks, is there another comment, or are you ok?
-----Original Message-----
From: Rob Stradling [mailto:rob.stradling at comodo.com]
Sent: Friday, July 22, 2016 7:57 PM
To: Dean Coclin <Dean_Coclin at symantec.com>; CABFPub <public at cabforum.org>
Subject: Re: [cabfpub] Application for SHA-1 Issuance
On 23/07/16 00:25, Rob Stradling wrote:
> Dean,
>
> I was pleased to see that you'd used PrintableStrings in your previous
> batch of TBSCertificates for TSYS, but it's disappointing to see
> T61Strings in this new batch.
Please ignore that comment. It's been pointed out to me that, since the
Existing Certificates used T61Strings, the new certs should use
T61Strings too.
"Existing Certificate Information
Ideally the proposed tbsCertificate should correspond to an Existing
Certificate logged in at least two Certificate Transparency logs trusted
by one or more Application Software Suppliers, with an audit proof to a
Signed Tree Head with a timestamp prior to 1st January 2016 and
differing only by:
- signature AlgorithmIdentifier
- Serial Number, which must have at least 60 bits of entropy
- Validity, which must have a notAfter on or before 31st December 2016"
> Did Symantec consider Ryan's offer to help with generating the serial
> numbers according to a rigid construction? If not, why not?
>
> Thanks.
>
> On 22/07/16 23:55, Dean Coclin wrote:
>> Based on feedback from the community, TSYS and Symantec have created new
TBS
>> certificates. These use existing keys and do not contain the
miscellaneous
>> characters in the OU that the others contained (and were explained by
TSYS).
>> These TBSCertificates have the same public keys from the existing
>> certificates on which they're based, and should differ only in serial
number
>> and dates
>>
>> You will notice there are only 7 certificates instead of 8 due to a
change
>> TSYS made in early 2016 to align dates into August for Expiration. Most
>> servers have a Dallas and a Reston version; for one server they
duplicated
>> one private key and cert so there's only one cert for both sites.
>>
>> To reconstitute the TBSCertificate in binary DER form, use the Linux
>> command:
>> base64 --decode > tbs.der
>> Then paste in a block of text from below, followed by an EOF (control-D).
>>
>> ----------------------------------------
>>
>> ssl1.tsysacquiring.net (based on https://crt.sh/?id=12924024)
>>
>> -----BEGIN CERTIFICATE-----
>> MIIFOjCCBCKgAwIBAgIQfN9GpTEgg8dMV3KfmuboLjANBgkqhkiG9w0BAQUFADCB
>> vDELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
>> ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug
>> YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykxMDE2MDQGA1UEAxMt
>> VmVyaVNpZ24gQ2xhc3MgMyBJbnRlcm5hdGlvbmFsIFNlcnZlciBDQSAtIEczMB4X
>> DTE0MDcxNTAwMDAwMFoXDTE2MDgzMDIzNTk1OVowdzELMAkGA1UEBhMCVVMxEDAO
>> BgNVBAgTB0dlb3JnaWExETAPBgNVBAcUCENvbHVtYnVzMQ0wCwYDVQQKFARUU1lT
>> MRMwEQYDVQQLFApURFMtUmVzdG9uMR8wHQYDVQQDFBZzc2wxLnRzeXNhY3F1aXJp
>> bmcubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6vbHdGqwEWy0
>> qmpyRlZuZbygE68fAxGrWUqow2YIo2PlVKX74sBC+hK7e7AYpM8P2mueLbbUCjBJ
>> ChIiMLdaQfL9L9ZchoMi0YS3O7cFVFfg7i8BKZ5L4JCisqYVZnT8pJgVMd/Hvqqw
>> 2xLx3pddQzBUK0D4VdJBcDVbyD4/j5/vGe9PUfBBJE/xmDa6T/k+ZH2PtcJ4/eWt
>> mfrtl1Ncz2/vLXg2v+FZLYVc1eQSgyFci0OEmxrK2oNa9OPXDQIO/cjLCxUP4g7I
>> E7U0MSx6lzbLgSR8V1UPlsw2kkZgPUD7JAAITJ5cCcJKx0zT+CZYIjs71kJL7Ne5
>> 7i9fWw6H/QIDAQABo4IBejCCAXYwIQYDVR0RBBowGIIWc3NsMS50c3lzYWNxdWly
>> aW5nLm5ldDAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIFoDAoBgNVHSUEITAfBggr
>> BgEFBQcDAQYIKwYBBQUHAwIGCWCGSAGG+EIEATBlBgNVHSAEXjBcMFoGCmCGSAGG
>> +EUBBzYwTDAjBggrBgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYI
>> KwYBBQUHAgIwGRoXaHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwHwYDVR0jBBgwFoAU
>> 15t82CKgFffdrV/OKZtYw7xGALUwKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3Nl
>> LnN5bWNiLmNvbS9zZS5jcmwwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNo
>> dHRwOi8vc2Uuc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc2Uuc3ltY2Iu
>> Y29tL3NlLmNydDANBgkqhkiG9w0BAQUFAAOCAQEATTAL5DkwpxAeLc9PtdLkpQj0
>> saugkQNsGgtc6PKtxqBF4Slh4Aylnsve2MwDRDj2FNTCO+rUkNzrBSnSXTKnwfkD
>> yM1ymuNqECv9+zHEMo8PNPWq4BNs2YSY6Ri+wH1eXHum+sDiizk2whWniBVYWdiY
>> Yn7aRX8bsiWkjwDWeseHfNzv6KIO/7esmsz8LXyf9qz3OWi++CX4fVEf/0PAbEEE
>> 3nU00fjS77TfC5A5hW991jzvJ8vpvaTHVuh0g+0JhMNpQJljrS0Nq5cOvLLjGkx+
>> vH5d+6Adgjl2C0T76rc6I7PEi+489IoWHXEBSE21JBNu7wZ4Q/KFYI1/EZg1VA==
>> -----END CERTIFICATE-----
>>
>> Parsed TBSCertificate:
>> 0:d=0 hl=4 l=1043 cons: SEQUENCE
>> 4:d=1 hl=2 l= 3 cons: cont [ 0 ]
>> 6:d=2 hl=2 l= 1 prim: INTEGER :02
>> 9:d=1 hl=2 l= 16 prim: INTEGER
>> :70125CA8AAEDC172C8E50707B493E30D
>> 27:d=1 hl=2 l= 13 cons: SEQUENCE
>> 29:d=2 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption
>> 40:d=2 hl=2 l= 0 prim: NULL
>> 42:d=1 hl=3 l= 188 cons: SEQUENCE
>> 45:d=2 hl=2 l= 11 cons: SET
>> 47:d=3 hl=2 l= 9 cons: SEQUENCE
>> 49:d=4 hl=2 l= 3 prim: OBJECT :countryName
>> 54:d=4 hl=2 l= 2 prim: PRINTABLESTRING :US
>> 58:d=2 hl=2 l= 23 cons: SET
>> 60:d=3 hl=2 l= 21 cons: SEQUENCE
>> 62:d=4 hl=2 l= 3 prim: OBJECT :organizationName
>> 67:d=4 hl=2 l= 14 prim: PRINTABLESTRING :VeriSign, Inc.
>> 83:d=2 hl=2 l= 31 cons: SET
>> 85:d=3 hl=2 l= 29 cons: SEQUENCE
>> 87:d=4 hl=2 l= 3 prim: OBJECT :organizationalUnitName
>> 92:d=4 hl=2 l= 22 prim: PRINTABLESTRING :VeriSign Trust Network
>> 116:d=2 hl=2 l= 59 cons: SET
>> 118:d=3 hl=2 l= 57 cons: SEQUENCE
>> 120:d=4 hl=2 l= 3 prim: OBJECT :organizationalUnitName
>> 125:d=4 hl=2 l= 50 prim: PRINTABLESTRING :Terms of use at
>> https://www.verisign.com/rpa (c)10
>> 177:d=2 hl=2 l= 54 cons: SET
>> 179:d=3 hl=2 l= 52 cons: SEQUENCE
>> 181:d=4 hl=2 l= 3 prim: OBJECT :commonName
>> 186:d=4 hl=2 l= 45 prim: PRINTABLESTRING :VeriSign Class 3
>> International Server CA - G3
>> 233:d=1 hl=2 l= 30 cons: SEQUENCE
>> 235:d=2 hl=2 l= 13 prim: UTCTIME :160729000000Z
>> 250:d=2 hl=2 l= 13 prim: UTCTIME :170210235959Z
>> 265:d=1 hl=2 l= 119 cons: SEQUENCE
>> 267:d=2 hl=2 l= 11 cons: SET
>> 269:d=3 hl=2 l= 9 cons: SEQUENCE
>> 271:d=4 hl=2 l= 3 prim: OBJECT :countryName
>> 276:d=4 hl=2 l= 2 prim: PRINTABLESTRING :US
>> 280:d=2 hl=2 l= 16 cons: SET
>> 282:d=3 hl=2 l= 14 cons: SEQUENCE
>> 284:d=4 hl=2 l= 3 prim: OBJECT :stateOrProvinceName
>> 289:d=4 hl=2 l= 7 prim: PRINTABLESTRING :Georgia
>> 298:d=2 hl=2 l= 17 cons: SET
>> 300:d=3 hl=2 l= 15 cons: SEQUENCE
>> 302:d=4 hl=2 l= 3 prim: OBJECT :localityName
>> 307:d=4 hl=2 l= 8 prim: T61STRING :Columbus
>> 317:d=2 hl=2 l= 13 cons: SET
>> 319:d=3 hl=2 l= 11 cons: SEQUENCE
>> 321:d=4 hl=2 l= 3 prim: OBJECT :organizationName
>> 326:d=4 hl=2 l= 4 prim: T61STRING :TSYS
>> 332:d=2 hl=2 l= 19 cons: SET
>> 334:d=3 hl=2 l= 17 cons: SEQUENCE
>> 336:d=4 hl=2 l= 3 prim: OBJECT :organizationalUnitName
>> 341:d=4 hl=2 l= 10 prim: T61STRING :TDS-Reston
>> 353:d=2 hl=2 l= 31 cons: SET
>> 355:d=3 hl=2 l= 29 cons: SEQUENCE
>> 357:d=4 hl=2 l= 3 prim: OBJECT :commonName
>> 362:d=4 hl=2 l= 22 prim: T61STRING :ssl1.tsysacquiring.net
>> 386:d=1 hl=4 l= 290 cons: SEQUENCE
>> 390:d=2 hl=2 l= 13 cons: SEQUENCE
>> 392:d=3 hl=2 l= 9 prim: OBJECT :rsaEncryption
>> 403:d=3 hl=2 l= 0 prim: NULL
>> 405:d=2 hl=4 l= 271 prim: BIT STRING
>> 680:d=1 hl=4 l= 363 cons: cont [ 3 ]
>> 684:d=2 hl=4 l= 359 cons: SEQUENCE
>> 688:d=3 hl=2 l= 9 cons: SEQUENCE
>> 690:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Basic Constraints
>> 695:d=4 hl=2 l= 2 prim: OCTET STRING [HEX DUMP]:3000
>> 699:d=3 hl=2 l= 97 cons: SEQUENCE
>> 701:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Certificate
Policies
>> 706:d=4 hl=2 l= 90 prim: OCTET STRING [HEX
>>
DUMP]:30583056060667810C010202304C302306082B06010505070201161768747470733A2F
>>
2F642E73796D63622E636F6D2F637073302506082B0601050507020230190C1768747470733A
>> 2F2F642E73796D63622E636F6D2F727061
>> 798:d=3 hl=2 l= 43 cons: SEQUENCE
>> 800:d=4 hl=2 l= 3 prim: OBJECT :X509v3 CRL Distribution
>> Points
>> 805:d=4 hl=2 l= 36 prim: OCTET STRING [HEX
>>
DUMP]:30223020A01EA01C861A687474703A2F2F73652E73796D63622E636F6D2F73652E6372
>> 6C
>> 843:d=3 hl=2 l= 29 cons: SEQUENCE
>> 845:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Extended Key Usage
>> 850:d=4 hl=2 l= 22 prim: OCTET STRING [HEX
>> DUMP]:301406082B0601050507030106082B06010505070302
>> 874:d=3 hl=2 l= 14 cons: SEQUENCE
>> 876:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Key Usage
>> 881:d=4 hl=2 l= 1 prim: BOOLEAN :255
>> 884:d=4 hl=2 l= 4 prim: OCTET STRING [HEX DUMP]:030205A0
>> 890:d=3 hl=2 l= 87 cons: SEQUENCE
>> 892:d=4 hl=2 l= 8 prim: OBJECT :Authority Information
Access
>> 902:d=4 hl=2 l= 75 prim: OCTET STRING [HEX
>>
DUMP]:3049301F06082B060105050730018613687474703A2F2F73652E73796D63642E636F6D
>>
302606082B06010505073002861A687474703A2F2F73652E73796D63622E636F6D2F73652E63
>> 7274
>> 979:d=3 hl=2 l= 33 cons: SEQUENCE
>> 981:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Subject
Alternative
>> Name
>> 986:d=4 hl=2 l= 26 prim: OCTET STRING [HEX
>> DUMP]:3018821673736C312E74737973616371756972696E672E6E6574
>> 1014:d=3 hl=2 l= 31 cons: SEQUENCE
>> 1016:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key
>> Identifier
>> 1021:d=4 hl=2 l= 24 prim: OCTET STRING [HEX
>> DUMP]:30168014D79B7CD822A015F7DDAD5FCE299B58C3BC4600B5
>>
>> Base64 TBSCertificate:
>>
MIIEE6ADAgECAhBwElyoqu3BcsjlBwe0k+MNMA0GCSqGSIb3DQEBBQUAMIG8MQswCQYDVQQGEwJV
>>
UzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdv
>>
cmsxOzA5BgNVBAsTMlRlcm1zIG9mIHVzZSBhdCBodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBh
>>
IChjKTEwMTYwNAYDVQQDEy1WZXJpU2lnbiBDbGFzcyAzIEludGVybmF0aW9uYWwgU2VydmVyIENB
>>
IC0gRzMwHhcNMTYwNzI5MDAwMDAwWhcNMTcwMjEwMjM1OTU5WjB3MQswCQYDVQQGEwJVUzEQMA4G
>>
A1UECBMHR2VvcmdpYTERMA8GA1UEBxQIQ29sdW1idXMxDTALBgNVBAoUBFRTWVMxEzARBgNVBAsU
>>
ClREUy1SZXN0b24xHzAdBgNVBAMUFnNzbDEudHN5c2FjcXVpcmluZy5uZXQwggEiMA0GCSqGSIb3
>>
DQEBAQUAA4IBDwAwggEKAoIBAQDq9sd0arARbLSqanJGVm5lvKATrx8DEatZSqjDZgijY+VUpfvi
>>
wEL6Ert7sBikzw/aa54tttQKMEkKEiIwt1pB8v0v1lyGgyLRhLc7twVUV+DuLwEpnkvgkKKyphVm
>>
dPykmBUx38e+qrDbEvHel11DMFQrQPhV0kFwNVvIPj+Pn+8Z709R8EEkT/GYNrpP+T5kfY+1wnj9
>>
5a2Z+u2XU1zPb+8teDa/4VkthVzV5BKDIVyLQ4SbGsrag1r049cNAg79yMsLFQ/iDsgTtTQxLHqX
>>
NsuBJHxXVQ+WzDaSRmA9QPskAAhMnlwJwkrHTNP4JlgiOzvWQkvs17nuL19bDof9AgMBAAGjggFr
>>
MIIBZzAJBgNVHRMEAjAAMGEGA1UdIARaMFgwVgYGZ4EMAQICMEwwIwYIKwYBBQUHAgEWF2h0dHBz
>>
Oi8vZC5zeW1jYi5jb20vY3BzMCUGCCsGAQUFBwICMBkMF2h0dHBzOi8vZC5zeW1jYi5jb20vcnBh
>>
MCsGA1UdHwQkMCIwIKAeoByGGmh0dHA6Ly9zZS5zeW1jYi5jb20vc2UuY3JsMB0GA1UdJQQWMBQG
>>
CCsGAQUFBwMBBggrBgEFBQcDAjAOBgNVHQ8BAf8EBAMCBaAwVwYIKwYBBQUHAQEESzBJMB8GCCsG
>>
AQUFBzABhhNodHRwOi8vc2Uuc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc2Uuc3ltY2Iu
>>
Y29tL3NlLmNydDAhBgNVHREEGjAYghZzc2wxLnRzeXNhY3F1aXJpbmcubmV0MB8GA1UdIwQYMBaA
>> FNebfNgioBX33a1fzimbWMO8RgC1
>>
>>
>> -----------------------------------
>>
>> ssl1.tsysacquiring.net (based on https://crt.sh/?id=10997968)
>>
>> -----BEGIN CERTIFICATE-----
>> MIIFOjCCBCKgAwIBAgIQKlr28BNu+jfBjcv9eaAkzDANBgkqhkiG9w0BAQUFADCB
>> vDELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
>> ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug
>> YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykxMDE2MDQGA1UEAxMt
>> VmVyaVNpZ24gQ2xhc3MgMyBJbnRlcm5hdGlvbmFsIFNlcnZlciBDQSAtIEczMB4X
>> DTE0MDcxMTAwMDAwMFoXDTE2MDgzMDIzNTk1OVowdzELMAkGA1UEBhMCVVMxEDAO
>> BgNVBAgTB0dlb3JnaWExETAPBgNVBAcUCENvbHVtYnVzMQ0wCwYDVQQKFARUU1lT
>> MRMwEQYDVQQLFApURFMtRGFsbGFzMR8wHQYDVQQDFBZzc2wxLnRzeXNhY3F1aXJp
>> bmcubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwFQ4i7PVKE+3
>> fJYa90a+kECKexeIqLIipcsTlnR0waBd318Y7MMwbBWy+NxSq082vYdQRWPChf5D
>> 5SLjgJRc3V/XaJqu9kvFi9a5LzLRZV+Vi5cQ37jrLlVT5vyGv7xROM+zi1aSXUsM
>> Ipu53YDlXLrJm5vsEOx6+htCo3JYoi/bWjL0XQc1hyynk/GW1HQudVAIFIBiyfvs
>> ifl6YEFx3uXFzbA8hNNWoFg1el7wOmjgqeGCzFn6dMULC+YbbS0SKeeK8O+4q6D2
>> 5N4jx4FkPWL0wPb4LHKzDi9IdRJQD8Z1UQaw812CSbpLOCVtZKwKY43ZvSOlx/e1
>> vbyru/jdXwIDAQABo4IBejCCAXYwIQYDVR0RBBowGIIWc3NsMS50c3lzYWNxdWly
>> aW5nLm5ldDAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIFoDAoBgNVHSUEITAfBggr
>> BgEFBQcDAQYIKwYBBQUHAwIGCWCGSAGG+EIEATBlBgNVHSAEXjBcMFoGCmCGSAGG
>> +EUBBzYwTDAjBggrBgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYI
>> KwYBBQUHAgIwGRoXaHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwHwYDVR0jBBgwFoAU
>> 15t82CKgFffdrV/OKZtYw7xGALUwKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3Nl
>> LnN5bWNiLmNvbS9zZS5jcmwwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNo
>> dHRwOi8vc2Uuc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc2Uuc3ltY2Iu
>> Y29tL3NlLmNydDANBgkqhkiG9w0BAQUFAAOCAQEAll6VCK9oIi2VS47wXawNL4a5
>> 2xcWV5efKafdXzfI/CM/cOKaBnhEgpx+cUyPLkwO/2zYiO6nho18LAYsOCJyU5cB
>> +sHmJ8h035IP20LEE6ddiL3DrfCD3bXg04+ATs28W1mhdNsbcsSqtF6FG2hyi1dy
>> 8/BR62rutvyC5OuZP32cXZZgJu8xGwIQxtmzrYqG2WUPA05A8zPImQcj8KeJUM/e
>> AusFQKu5VVxycH8OQb6U6P90H9Zf5W7nzAo2c+wZEx26CMTWqDKhWr58MnehGU9Q
>> W+1glt+DKwHznztq3UQuDF6xuHBbzVbau4VqBAWjRE1gM718xuBLwsRtDSIAWA==
>> -----END CERTIFICATE-----
>>
>> Parsed TBSCertificate:
>> 0:d=0 hl=4 l=1043 cons: SEQUENCE
>> 4:d=1 hl=2 l= 3 cons: cont [ 0 ]
>> 6:d=2 hl=2 l= 1 prim: INTEGER :02
>> 9:d=1 hl=2 l= 16 prim: INTEGER
>> :20924C61364BC9860739A65E150F40E2
>> 27:d=1 hl=2 l= 13 cons: SEQUENCE
>> 29:d=2 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption
>> 40:d=2 hl=2 l= 0 prim: NULL
>> 42:d=1 hl=3 l= 188 cons: SEQUENCE
>> 45:d=2 hl=2 l= 11 cons: SET
>> 47:d=3 hl=2 l= 9 cons: SEQUENCE
>> 49:d=4 hl=2 l= 3 prim: OBJECT :countryName
>> 54:d=4 hl=2 l= 2 prim: PRINTABLESTRING :US
>> 58:d=2 hl=2 l= 23 cons: SET
>> 60:d=3 hl=2 l= 21 cons: SEQUENCE
>> 62:d=4 hl=2 l= 3 prim: OBJECT :organizationName
>> 67:d=4 hl=2 l= 14 prim: PRINTABLESTRING :VeriSign, Inc.
>> 83:d=2 hl=2 l= 31 cons: SET
>> 85:d=3 hl=2 l= 29 cons: SEQUENCE
>> 87:d=4 hl=2 l= 3 prim: OBJECT :organizationalUnitName
>> 92:d=4 hl=2 l= 22 prim: PRINTABLESTRING :VeriSign Trust Network
>> 116:d=2 hl=2 l= 59 cons: SET
>> 118:d=3 hl=2 l= 57 cons: SEQUENCE
>> 120:d=4 hl=2 l= 3 prim: OBJECT :organizationalUnitName
>> 125:d=4 hl=2 l= 50 prim: PRINTABLESTRING :Terms of use at
>> https://www.verisign.com/rpa (c)10
>> 177:d=2 hl=2 l= 54 cons: SET
>> 179:d=3 hl=2 l= 52 cons: SEQUENCE
>> 181:d=4 hl=2 l= 3 prim: OBJECT :commonName
>> 186:d=4 hl=2 l= 45 prim: PRINTABLESTRING :VeriSign Class 3
>> International Server CA - G3
>> 233:d=1 hl=2 l= 30 cons: SEQUENCE
>> 235:d=2 hl=2 l= 13 prim: UTCTIME :160729000000Z
>> 250:d=2 hl=2 l= 13 prim: UTCTIME :170210235959Z
>> 265:d=1 hl=2 l= 119 cons: SEQUENCE
>> 267:d=2 hl=2 l= 11 cons: SET
>> 269:d=3 hl=2 l= 9 cons: SEQUENCE
>> 271:d=4 hl=2 l= 3 prim: OBJECT :countryName
>> 276:d=4 hl=2 l= 2 prim: PRINTABLESTRING :US
>> 280:d=2 hl=2 l= 16 cons: SET
>> 282:d=3 hl=2 l= 14 cons: SEQUENCE
>> 284:d=4 hl=2 l= 3 prim: OBJECT :stateOrProvinceName
>> 289:d=4 hl=2 l= 7 prim: PRINTABLESTRING :Georgia
>> 298:d=2 hl=2 l= 17 cons: SET
>> 300:d=3 hl=2 l= 15 cons: SEQUENCE
>> 302:d=4 hl=2 l= 3 prim: OBJECT :localityName
>> 307:d=4 hl=2 l= 8 prim: T61STRING :Columbus
>> 317:d=2 hl=2 l= 13 cons: SET
>> 319:d=3 hl=2 l= 11 cons: SEQUENCE
>> 321:d=4 hl=2 l= 3 prim: OBJECT :organizationName
>> 326:d=4 hl=2 l= 4 prim: T61STRING :TSYS
>> 332:d=2 hl=2 l= 19 cons: SET
>> 334:d=3 hl=2 l= 17 cons: SEQUENCE
>> 336:d=4 hl=2 l= 3 prim: OBJECT :organizationalUnitName
>> 341:d=4 hl=2 l= 10 prim: T61STRING :TDS-Dallas
>> 353:d=2 hl=2 l= 31 cons: SET
>> 355:d=3 hl=2 l= 29 cons: SEQUENCE
>> 357:d=4 hl=2 l= 3 prim: OBJECT :commonName
>> 362:d=4 hl=2 l= 22 prim: T61STRING :ssl1.tsysacquiring.net
>> 386:d=1 hl=4 l= 290 cons: SEQUENCE
>> 390:d=2 hl=2 l= 13 cons: SEQUENCE
>> 392:d=3 hl=2 l= 9 prim: OBJECT :rsaEncryption
>> 403:d=3 hl=2 l= 0 prim: NULL
>> 405:d=2 hl=4 l= 271 prim: BIT STRING
>> 680:d=1 hl=4 l= 363 cons: cont [ 3 ]
>> 684:d=2 hl=4 l= 359 cons: SEQUENCE
>> 688:d=3 hl=2 l= 9 cons: SEQUENCE
>> 690:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Basic Constraints
>> 695:d=4 hl=2 l= 2 prim: OCTET STRING [HEX DUMP]:3000
>> 699:d=3 hl=2 l= 97 cons: SEQUENCE
>> 701:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Certificate
Policies
>> 706:d=4 hl=2 l= 90 prim: OCTET STRING [HEX
>>
DUMP]:30583056060667810C010202304C302306082B06010505070201161768747470733A2F
>>
2F642E73796D63622E636F6D2F637073302506082B0601050507020230190C1768747470733A
>> 2F2F642E73796D63622E636F6D2F727061
>> 798:d=3 hl=2 l= 43 cons: SEQUENCE
>> 800:d=4 hl=2 l= 3 prim: OBJECT :X509v3 CRL Distribution
>> Points
>> 805:d=4 hl=2 l= 36 prim: OCTET STRING [HEX
>>
DUMP]:30223020A01EA01C861A687474703A2F2F73652E73796D63622E636F6D2F73652E6372
>> 6C
>> 843:d=3 hl=2 l= 29 cons: SEQUENCE
>> 845:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Extended Key Usage
>> 850:d=4 hl=2 l= 22 prim: OCTET STRING [HEX
>> DUMP]:301406082B0601050507030106082B06010505070302
>> 874:d=3 hl=2 l= 14 cons: SEQUENCE
>> 876:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Key Usage
>> 881:d=4 hl=2 l= 1 prim: BOOLEAN :255
>> 884:d=4 hl=2 l= 4 prim: OCTET STRING [HEX DUMP]:030205A0
>> 890:d=3 hl=2 l= 87 cons: SEQUENCE
>> 892:d=4 hl=2 l= 8 prim: OBJECT :Authority Information
Access
>> 902:d=4 hl=2 l= 75 prim: OCTET STRING [HEX
>>
DUMP]:3049301F06082B060105050730018613687474703A2F2F73652E73796D63642E636F6D
>>
302606082B06010505073002861A687474703A2F2F73652E73796D63622E636F6D2F73652E63
>> 7274
>> 979:d=3 hl=2 l= 33 cons: SEQUENCE
>> 981:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Subject
Alternative
>> Name
>> 986:d=4 hl=2 l= 26 prim: OCTET STRING [HEX
>> DUMP]:3018821673736C312E74737973616371756972696E672E6E6574
>> 1014:d=3 hl=2 l= 31 cons: SEQUENCE
>> 1016:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key
>> Identifier
>> 1021:d=4 hl=2 l= 24 prim: OCTET STRING [HEX
>> DUMP]:30168014D79B7CD822A015F7DDAD5FCE299B58C3BC4600B5
>>
>> Base64 TBSCertificate:
>>
MIIEE6ADAgECAhAgkkxhNkvJhgc5pl4VD0DiMA0GCSqGSIb3DQEBBQUAMIG8MQswCQYDVQQGEwJV
>>
UzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdv
>>
cmsxOzA5BgNVBAsTMlRlcm1zIG9mIHVzZSBhdCBodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBh
>>
IChjKTEwMTYwNAYDVQQDEy1WZXJpU2lnbiBDbGFzcyAzIEludGVybmF0aW9uYWwgU2VydmVyIENB
>>
IC0gRzMwHhcNMTYwNzI5MDAwMDAwWhcNMTcwMjEwMjM1OTU5WjB3MQswCQYDVQQGEwJVUzEQMA4G
>>
A1UECBMHR2VvcmdpYTERMA8GA1UEBxQIQ29sdW1idXMxDTALBgNVBAoUBFRTWVMxEzARBgNVBAsU
>>
ClREUy1EYWxsYXMxHzAdBgNVBAMUFnNzbDEudHN5c2FjcXVpcmluZy5uZXQwggEiMA0GCSqGSIb3
>>
DQEBAQUAA4IBDwAwggEKAoIBAQDAVDiLs9UoT7d8lhr3Rr6QQIp7F4iosiKlyxOWdHTBoF3fXxjs
>>
wzBsFbL43FKrTza9h1BFY8KF/kPlIuOAlFzdX9domq72S8WL1rkvMtFlX5WLlxDfuOsuVVPm/Ia/
>>
vFE4z7OLVpJdSwwim7ndgOVcusmbm+wQ7Hr6G0KjcliiL9taMvRdBzWHLKeT8ZbUdC51UAgUgGLJ
>>
++yJ+XpgQXHe5cXNsDyE01agWDV6XvA6aOCp4YLMWfp0xQsL5httLRIp54rw77iroPbk3iPHgWQ9
>>
YvTA9vgscrMOL0h1ElAPxnVRBrDzXYJJuks4JW1krApjjdm9I6XH97W9vKu7+N1fAgMBAAGjggFr
>>
MIIBZzAJBgNVHRMEAjAAMGEGA1UdIARaMFgwVgYGZ4EMAQICMEwwIwYIKwYBBQUHAgEWF2h0dHBz
>>
Oi8vZC5zeW1jYi5jb20vY3BzMCUGCCsGAQUFBwICMBkMF2h0dHBzOi8vZC5zeW1jYi5jb20vcnBh
>>
MCsGA1UdHwQkMCIwIKAeoByGGmh0dHA6Ly9zZS5zeW1jYi5jb20vc2UuY3JsMB0GA1UdJQQWMBQG
>>
CCsGAQUFBwMBBggrBgEFBQcDAjAOBgNVHQ8BAf8EBAMCBaAwVwYIKwYBBQUHAQEESzBJMB8GCCsG
>>
AQUFBzABhhNodHRwOi8vc2Uuc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc2Uuc3ltY2Iu
>>
Y29tL3NlLmNydDAhBgNVHREEGjAYghZzc2wxLnRzeXNhY3F1aXJpbmcubmV0MB8GA1UdIwQYMBaA
>> FNebfNgioBX33a1fzimbWMO8RgC1
>>
>>
>> ----------------------------------------
>>
>> ssl1.vitalps.net (based on https://crt.sh/?id=4858491)
>>
>> -----BEGIN CERTIFICATE-----
>> MIIFLjCCBBagAwIBAgIQZpoeO9e+TCIqp+k4zN0aVDANBgkqhkiG9w0BAQUFADCB
>> vDELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
>> ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug
>> YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykxMDE2MDQGA1UEAxMt
>> VmVyaVNpZ24gQ2xhc3MgMyBJbnRlcm5hdGlvbmFsIFNlcnZlciBDQSAtIEczMB4X
>> DTE0MDcxMTAwMDAwMFoXDTE2MDgzMDIzNTk1OVowcTELMAkGA1UEBhMCVVMxEDAO
>> BgNVBAgTB0dlb3JnaWExETAPBgNVBAcUCENvbHVtYnVzMQ0wCwYDVQQKFARUU1lT
>> MRMwEQYDVQQLFApURFMtUmVzdG9uMRkwFwYDVQQDFBBzc2wxLnZpdGFscHMubmV0
>> MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnmVKgzsstUaQEW8Ab0bx
>> xP3NXPUIzGq8pF2lriBAMlYPVI+Y/sUvZxQk5BYcxRQI3Ux+A0EzN4EbYB3ib9up
>> uu1ORyYjJksGAuMzZz4ovkKc64FCbH/ceBGjd6UOjYEbxrnysX3nNevP1ROUW5YT
>> hrMqLuyoBeK1YvWCUeieXe2A9ysAbF2J2VNaJvtMkMMUrpW3alrkU9pf3re9M68Y
>> dp3jJDR7GiKvNTB7r8fvpCmkImTC//Q9vrvLYUU4Tl6d++gCxLs2Q1pa+mUqr6f8
>> fgSwRTNdzzsUV0eLv2+Ugpki823Hl2zgwuv6XM/rD1/B+B9Yk7j+tkstrzsQYVZ1
>> TQIDAQABo4IBdDCCAXAwGwYDVR0RBBQwEoIQc3NsMS52aXRhbHBzLm5ldDAJBgNV
>> HRMEAjAAMA4GA1UdDwEB/wQEAwIFoDAoBgNVHSUEITAfBggrBgEFBQcDAQYIKwYB
>> BQUHAwIGCWCGSAGG+EIEATBlBgNVHSAEXjBcMFoGCmCGSAGG+EUBBzYwTDAjBggr
>> BgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIwGRoX
>> aHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwHwYDVR0jBBgwFoAU15t82CKgFffdrV/O
>> KZtYw7xGALUwKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3NlLnN5bWNiLmNvbS9z
>> ZS5jcmwwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vc2Uuc3lt
>> Y2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc2Uuc3ltY2IuY29tL3NlLmNydDAN
>> BgkqhkiG9w0BAQUFAAOCAQEACASjUqP+m3+AFB3Ll53kgxpaASFCLbd29Z1X59gR
>> 3fgAUyNL8fLEgKwrBC30b5JDpgMXHSJffx0UvZyVUYEJRPvXlfGdkfIfux+afgWr
>> raXn7PqW5UK4k4wc/iXv19vB1jXEUKNzHMDn5m08g8PAiuhLslInRPO/zUKafVTw
>> PN2je9okqA0opoLpuQbZfkXVmrPag1z1tRaHQ4Es0qm6s0hg9N/Cac++wncO3DzG
>> ZgzkbTbDmt2/OQ0na0goKJxEQanClzq20+oOrP0joIKDJZi4C89duukF1PXIGYLG
>> FVqc0amgbylgiJfZ5aspHG7wydjEToBQmRvqPAZTABZnxA==
>> -----END CERTIFICATE-----
>>
>> Parsed TBSCertificate:
>> 0:d=0 hl=4 l=1031 cons: SEQUENCE
>> 4:d=1 hl=2 l= 3 cons: cont [ 0 ]
>> 6:d=2 hl=2 l= 1 prim: INTEGER :02
>> 9:d=1 hl=2 l= 16 prim: INTEGER
>> :03F1C7694784FFDE1F72888DD69F6319
>> 27:d=1 hl=2 l= 13 cons: SEQUENCE
>> 29:d=2 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption
>> 40:d=2 hl=2 l= 0 prim: NULL
>> 42:d=1 hl=3 l= 188 cons: SEQUENCE
>> 45:d=2 hl=2 l= 11 cons: SET
>> 47:d=3 hl=2 l= 9 cons: SEQUENCE
>> 49:d=4 hl=2 l= 3 prim: OBJECT :countryName
>> 54:d=4 hl=2 l= 2 prim: PRINTABLESTRING :US
>> 58:d=2 hl=2 l= 23 cons: SET
>> 60:d=3 hl=2 l= 21 cons: SEQUENCE
>> 62:d=4 hl=2 l= 3 prim: OBJECT :organizationName
>> 67:d=4 hl=2 l= 14 prim: PRINTABLESTRING :VeriSign, Inc.
>> 83:d=2 hl=2 l= 31 cons: SET
>> 85:d=3 hl=2 l= 29 cons: SEQUENCE
>> 87:d=4 hl=2 l= 3 prim: OBJECT :organizationalUnitName
>> 92:d=4 hl=2 l= 22 prim: PRINTABLESTRING :VeriSign Trust Network
>> 116:d=2 hl=2 l= 59 cons: SET
>> 118:d=3 hl=2 l= 57 cons: SEQUENCE
>> 120:d=4 hl=2 l= 3 prim: OBJECT :organizationalUnitName
>> 125:d=4 hl=2 l= 50 prim: PRINTABLESTRING :Terms of use at
>> https://www.verisign.com/rpa (c)10
>> 177:d=2 hl=2 l= 54 cons: SET
>> 179:d=3 hl=2 l= 52 cons: SEQUENCE
>> 181:d=4 hl=2 l= 3 prim: OBJECT :commonName
>> 186:d=4 hl=2 l= 45 prim: PRINTABLESTRING :VeriSign Class 3
>> International Server CA - G3
>> 233:d=1 hl=2 l= 30 cons: SEQUENCE
>> 235:d=2 hl=2 l= 13 prim: UTCTIME :160729000000Z
>> 250:d=2 hl=2 l= 13 prim: UTCTIME :170210235959Z
>> 265:d=1 hl=2 l= 113 cons: SEQUENCE
>> 267:d=2 hl=2 l= 11 cons: SET
>> 269:d=3 hl=2 l= 9 cons: SEQUENCE
>> 271:d=4 hl=2 l= 3 prim: OBJECT :countryName
>> 276:d=4 hl=2 l= 2 prim: PRINTABLESTRING :US
>> 280:d=2 hl=2 l= 16 cons: SET
>> 282:d=3 hl=2 l= 14 cons: SEQUENCE
>> 284:d=4 hl=2 l= 3 prim: OBJECT :stateOrProvinceName
>> 289:d=4 hl=2 l= 7 prim: PRINTABLESTRING :Georgia
>> 298:d=2 hl=2 l= 17 cons: SET
>> 300:d=3 hl=2 l= 15 cons: SEQUENCE
>> 302:d=4 hl=2 l= 3 prim: OBJECT :localityName
>> 307:d=4 hl=2 l= 8 prim: T61STRING :Columbus
>> 317:d=2 hl=2 l= 13 cons: SET
>> 319:d=3 hl=2 l= 11 cons: SEQUENCE
>> 321:d=4 hl=2 l= 3 prim: OBJECT :organizationName
>> 326:d=4 hl=2 l= 4 prim: T61STRING :TSYS
>> 332:d=2 hl=2 l= 19 cons: SET
>> 334:d=3 hl=2 l= 17 cons: SEQUENCE
>> 336:d=4 hl=2 l= 3 prim: OBJECT :organizationalUnitName
>> 341:d=4 hl=2 l= 10 prim: T61STRING :TDS-Reston
>> 353:d=2 hl=2 l= 25 cons: SET
>> 355:d=3 hl=2 l= 23 cons: SEQUENCE
>> 357:d=4 hl=2 l= 3 prim: OBJECT :commonName
>> 362:d=4 hl=2 l= 16 prim: T61STRING :ssl1.vitalps.net
>> 380:d=1 hl=4 l= 290 cons: SEQUENCE
>> 384:d=2 hl=2 l= 13 cons: SEQUENCE
>> 386:d=3 hl=2 l= 9 prim: OBJECT :rsaEncryption
>> 397:d=3 hl=2 l= 0 prim: NULL
>> 399:d=2 hl=4 l= 271 prim: BIT STRING
>> 674:d=1 hl=4 l= 357 cons: cont [ 3 ]
>> 678:d=2 hl=4 l= 353 cons: SEQUENCE
>> 682:d=3 hl=2 l= 9 cons: SEQUENCE
>> 684:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Basic Constraints
>> 689:d=4 hl=2 l= 2 prim: OCTET STRING [HEX DUMP]:3000
>> 693:d=3 hl=2 l= 97 cons: SEQUENCE
>> 695:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Certificate
Policies
>> 700:d=4 hl=2 l= 90 prim: OCTET STRING [HEX
>>
DUMP]:30583056060667810C010202304C302306082B06010505070201161768747470733A2F
>>
2F642E73796D63622E636F6D2F637073302506082B0601050507020230191A1768747470733A
>> 2F2F642E73796D63622E636F6D2F727061
>> 792:d=3 hl=2 l= 43 cons: SEQUENCE
>> 794:d=4 hl=2 l= 3 prim: OBJECT :X509v3 CRL Distribution
>> Points
>> 799:d=4 hl=2 l= 36 prim: OCTET STRING [HEX
>>
DUMP]:30223020A01EA01C861A687474703A2F2F73652E73796D63622E636F6D2F73652E6372
>> 6C
>> 837:d=3 hl=2 l= 29 cons: SEQUENCE
>> 839:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Extended Key Usage
>> 844:d=4 hl=2 l= 22 prim: OCTET STRING [HEX
>> DUMP]:301406082B0601050507030106082B06010505070302
>> 868:d=3 hl=2 l= 14 cons: SEQUENCE
>> 870:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Key Usage
>> 875:d=4 hl=2 l= 1 prim: BOOLEAN :255
>> 878:d=4 hl=2 l= 4 prim: OCTET STRING [HEX DUMP]:030205A0
>> 884:d=3 hl=2 l= 87 cons: SEQUENCE
>> 886:d=4 hl=2 l= 8 prim: OBJECT :Authority Information
Access
>> 896:d=4 hl=2 l= 75 prim: OCTET STRING [HEX
>>
DUMP]:3049301F06082B060105050730018613687474703A2F2F73652E73796D63642E636F6D
>>
302606082B06010505073002861A687474703A2F2F73652E73796D63622E636F6D2F73652E63
>> 7274
>> 973:d=3 hl=2 l= 27 cons: SEQUENCE
>> 975:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Subject
Alternative
>> Name
>> 980:d=4 hl=2 l= 20 prim: OCTET STRING [HEX
>> DUMP]:3012821073736C312E766974616C70732E6E6574
>> 1002:d=3 hl=2 l= 31 cons: SEQUENCE
>> 1004:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key
>> Identifier
>> 1009:d=4 hl=2 l= 24 prim: OCTET STRING [HEX
>> DUMP]:30168014D79B7CD822A015F7DDAD5FCE299B58C3BC4600B5
>>
>> Base64 TBSCertificate:
>>
MIIEB6ADAgECAhAD8cdpR4T/3h9yiI3Wn2MZMA0GCSqGSIb3DQEBBQUAMIG8MQswCQYDVQQGEwJV
>>
UzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdv
>>
cmsxOzA5BgNVBAsTMlRlcm1zIG9mIHVzZSBhdCBodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBh
>>
IChjKTEwMTYwNAYDVQQDEy1WZXJpU2lnbiBDbGFzcyAzIEludGVybmF0aW9uYWwgU2VydmVyIENB
>>
IC0gRzMwHhcNMTYwNzI5MDAwMDAwWhcNMTcwMjEwMjM1OTU5WjBxMQswCQYDVQQGEwJVUzEQMA4G
>>
A1UECBMHR2VvcmdpYTERMA8GA1UEBxQIQ29sdW1idXMxDTALBgNVBAoUBFRTWVMxEzARBgNVBAsU
>>
ClREUy1SZXN0b24xGTAXBgNVBAMUEHNzbDEudml0YWxwcy5uZXQwggEiMA0GCSqGSIb3DQEBAQUA
>>
A4IBDwAwggEKAoIBAQCeZUqDOyy1RpARbwBvRvHE/c1c9QjMarykXaWuIEAyVg9Uj5j+xS9nFCTk
>>
FhzFFAjdTH4DQTM3gRtgHeJv26m67U5HJiMmSwYC4zNnPii+QpzrgUJsf9x4EaN3pQ6NgRvGufKx
>>
fec168/VE5RblhOGsyou7KgF4rVi9YJR6J5d7YD3KwBsXYnZU1om+0yQwxSulbdqWuRT2l/et70z
>>
rxh2neMkNHsaIq81MHuvx++kKaQiZML/9D2+u8thRThOXp376ALEuzZDWlr6ZSqvp/x+BLBFM13P
>>
OxRXR4u/b5SCmSLzbceXbODC6/pcz+sPX8H4H1iTuP62Sy2vOxBhVnVNAgMBAAGjggFlMIIBYTAJ
>>
BgNVHRMEAjAAMGEGA1UdIARaMFgwVgYGZ4EMAQICMEwwIwYIKwYBBQUHAgEWF2h0dHBzOi8vZC5z
>>
eW1jYi5jb20vY3BzMCUGCCsGAQUFBwICMBkaF2h0dHBzOi8vZC5zeW1jYi5jb20vcnBhMCsGA1Ud
>>
HwQkMCIwIKAeoByGGmh0dHA6Ly9zZS5zeW1jYi5jb20vc2UuY3JsMB0GA1UdJQQWMBQGCCsGAQUF
>>
BwMBBggrBgEFBQcDAjAOBgNVHQ8BAf8EBAMCBaAwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzAB
>>
hhNodHRwOi8vc2Uuc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc2Uuc3ltY2IuY29tL3Nl
>>
LmNydDAbBgNVHREEFDASghBzc2wxLnZpdGFscHMubmV0MB8GA1UdIwQYMBaAFNebfNgioBX33a1f
>> zimbWMO8RgC1
>>
>>
>> --------------------------------------------
>>
>> ssl1.vitalps.net (based on https://crt.sh/?id=4858607)
>>
>> -----BEGIN CERTIFICATE-----
>> MIIFLjCCBBagAwIBAgIQaekgbaF9jW5PDVLXvSSXqDANBgkqhkiG9w0BAQUFADCB
>> vDELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
>> ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug
>> YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykxMDE2MDQGA1UEAxMt
>> VmVyaVNpZ24gQ2xhc3MgMyBJbnRlcm5hdGlvbmFsIFNlcnZlciBDQSAtIEczMB4X
>> DTE0MDcxMTAwMDAwMFoXDTE2MDgzMDIzNTk1OVowcTELMAkGA1UEBhMCVVMxEDAO
>> BgNVBAgTB0dlb3JnaWExETAPBgNVBAcUCENvbHVtYnVzMQ0wCwYDVQQKFARUU1lT
>> MRMwEQYDVQQLFApURFMtRGFsbGFzMRkwFwYDVQQDFBBzc2wxLnZpdGFscHMubmV0
>> MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtD1KH2N5/9LQCnShT3mK
>> Z39xXfZpmYZi8RdhG/MKqDxyZKrplObaYdDQrmOLefa0wPSJYcQQY4/cSJdwBqOr
>> 1sIRQjYl92EQXGPJOSDh7Le4huxtVVXHwpKxpHe4QtVWQ9mmSiuScsofrMq2UhX2
>> RhdDRJISrbGSUsUWkCF/23GRslgTcfCTeK4682Rc9csjAkL8ICxiKarjQ2W2iygJ
>> 8EyfJnJB38AwXhA2F8IVtkXAkKhj90PH5kImlODqF2VSHSSSpgunEpngX3eld0yk
>> Z0BjhYqdnKozWc1FPWursDqKABOHOUcvW4KDdF8aIe+FNoEpbOibLEJ15539DKCQ
>> xQIDAQABo4IBdDCCAXAwGwYDVR0RBBQwEoIQc3NsMS52aXRhbHBzLm5ldDAJBgNV
>> HRMEAjAAMA4GA1UdDwEB/wQEAwIFoDAoBgNVHSUEITAfBggrBgEFBQcDAQYIKwYB
>> BQUHAwIGCWCGSAGG+EIEATBlBgNVHSAEXjBcMFoGCmCGSAGG+EUBBzYwTDAjBggr
>> BgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIwGRoX
>> aHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwHwYDVR0jBBgwFoAU15t82CKgFffdrV/O
>> KZtYw7xGALUwKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3NlLnN5bWNiLmNvbS9z
>> ZS5jcmwwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vc2Uuc3lt
>> Y2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc2Uuc3ltY2IuY29tL3NlLmNydDAN
>> BgkqhkiG9w0BAQUFAAOCAQEAKhkEu8si6mFNJrQFsX3XE/TiA6xt23N9A/ZwaZHY
>> JyTemPmzLYPb189Y2RusZcM/kpyzewJtaBZTEiBMcA/nfiqB2kWGNxZf4MBe6zxO
>> 2+ua3XP/6Ab5DugSGYrIu8uoEZUIW9TnNIhlfzoVHgmC/6PfgBIGYsXKVqRv3rbd
>> 1EmcmRMSLIZjoXUK3I1UkWIGJSFuDzp4mYR77uw0udTDNqBr6WmKucJ+Sl/BQqjt
>> A9urWU+ajhqWqJVR1q0/saKQey4/TpfTNzdWSYXcgE4A0zYf/wNB5HnYIkgzOUiY
>> Ii4HSFH/CTyOqrDLIugM9acjZT/A0YS8ZwMQxZ1N3tfr7Q==
>> -----END CERTIFICATE-----
>>
>> Parsed TBSCertificate:
>> 0:d=0 hl=4 l=1031 cons: SEQUENCE
>> 4:d=1 hl=2 l= 3 cons: cont [ 0 ]
>> 6:d=2 hl=2 l= 1 prim: INTEGER :02
>> 9:d=1 hl=2 l= 16 prim: INTEGER
>> :0EB922276261F1D9C7843749E32235B7
>> 27:d=1 hl=2 l= 13 cons: SEQUENCE
>> 29:d=2 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption
>> 40:d=2 hl=2 l= 0 prim: NULL
>> 42:d=1 hl=3 l= 188 cons: SEQUENCE
>> 45:d=2 hl=2 l= 11 cons: SET
>> 47:d=3 hl=2 l= 9 cons: SEQUENCE
>> 49:d=4 hl=2 l= 3 prim: OBJECT :countryName
>> 54:d=4 hl=2 l= 2 prim: PRINTABLESTRING :US
>> 58:d=2 hl=2 l= 23 cons: SET
>> 60:d=3 hl=2 l= 21 cons: SEQUENCE
>> 62:d=4 hl=2 l= 3 prim: OBJECT :organizationName
>> 67:d=4 hl=2 l= 14 prim: PRINTABLESTRING :VeriSign, Inc.
>> 83:d=2 hl=2 l= 31 cons: SET
>> 85:d=3 hl=2 l= 29 cons: SEQUENCE
>> 87:d=4 hl=2 l= 3 prim: OBJECT :organizationalUnitName
>> 92:d=4 hl=2 l= 22 prim: PRINTABLESTRING :VeriSign Trust Network
>> 116:d=2 hl=2 l= 59 cons: SET
>> 118:d=3 hl=2 l= 57 cons: SEQUENCE
>> 120:d=4 hl=2 l= 3 prim: OBJECT :organizationalUnitName
>> 125:d=4 hl=2 l= 50 prim: PRINTABLESTRING :Terms of use at
>> https://www.verisign.com/rpa (c)10
>> 177:d=2 hl=2 l= 54 cons: SET
>> 179:d=3 hl=2 l= 52 cons: SEQUENCE
>> 181:d=4 hl=2 l= 3 prim: OBJECT :commonName
>> 186:d=4 hl=2 l= 45 prim: PRINTABLESTRING :VeriSign Class 3
>> International Server CA - G3
>> 233:d=1 hl=2 l= 30 cons: SEQUENCE
>> 235:d=2 hl=2 l= 13 prim: UTCTIME :160729000000Z
>> 250:d=2 hl=2 l= 13 prim: UTCTIME :170210235959Z
>> 265:d=1 hl=2 l= 113 cons: SEQUENCE
>> 267:d=2 hl=2 l= 11 cons: SET
>> 269:d=3 hl=2 l= 9 cons: SEQUENCE
>> 271:d=4 hl=2 l= 3 prim: OBJECT :countryName
>> 276:d=4 hl=2 l= 2 prim: PRINTABLESTRING :US
>> 280:d=2 hl=2 l= 16 cons: SET
>> 282:d=3 hl=2 l= 14 cons: SEQUENCE
>> 284:d=4 hl=2 l= 3 prim: OBJECT :stateOrProvinceName
>> 289:d=4 hl=2 l= 7 prim: PRINTABLESTRING :Georgia
>> 298:d=2 hl=2 l= 17 cons: SET
>> 300:d=3 hl=2 l= 15 cons: SEQUENCE
>> 302:d=4 hl=2 l= 3 prim: OBJECT :localityName
>> 307:d=4 hl=2 l= 8 prim: T61STRING :Columbus
>> 317:d=2 hl=2 l= 13 cons: SET
>> 319:d=3 hl=2 l= 11 cons: SEQUENCE
>> 321:d=4 hl=2 l= 3 prim: OBJECT :organizationName
>> 326:d=4 hl=2 l= 4 prim: T61STRING :TSYS
>> 332:d=2 hl=2 l= 19 cons: SET
>> 334:d=3 hl=2 l= 17 cons: SEQUENCE
>> 336:d=4 hl=2 l= 3 prim: OBJECT :organizationalUnitName
>> 341:d=4 hl=2 l= 10 prim: T61STRING :TDS-Dallas
>> 353:d=2 hl=2 l= 25 cons: SET
>> 355:d=3 hl=2 l= 23 cons: SEQUENCE
>> 357:d=4 hl=2 l= 3 prim: OBJECT :commonName
>> 362:d=4 hl=2 l= 16 prim: T61STRING :ssl1.vitalps.net
>> 380:d=1 hl=4 l= 290 cons: SEQUENCE
>> 384:d=2 hl=2 l= 13 cons: SEQUENCE
>> 386:d=3 hl=2 l= 9 prim: OBJECT :rsaEncryption
>> 397:d=3 hl=2 l= 0 prim: NULL
>> 399:d=2 hl=4 l= 271 prim: BIT STRING
>> 674:d=1 hl=4 l= 357 cons: cont [ 3 ]
>> 678:d=2 hl=4 l= 353 cons: SEQUENCE
>> 682:d=3 hl=2 l= 9 cons: SEQUENCE
>> 684:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Basic Constraints
>> 689:d=4 hl=2 l= 2 prim: OCTET STRING [HEX DUMP]:3000
>> 693:d=3 hl=2 l= 97 cons: SEQUENCE
>> 695:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Certificate
Policies
>> 700:d=4 hl=2 l= 90 prim: OCTET STRING [HEX
>>
DUMP]:30583056060667810C010202304C302306082B06010505070201161768747470733A2F
>>
2F642E73796D63622E636F6D2F637073302506082B0601050507020230191A1768747470733A
>> 2F2F642E73796D63622E636F6D2F727061
>> 792:d=3 hl=2 l= 43 cons: SEQUENCE
>> 794:d=4 hl=2 l= 3 prim: OBJECT :X509v3 CRL Distribution
>> Points
>> 799:d=4 hl=2 l= 36 prim: OCTET STRING [HEX
>>
DUMP]:30223020A01EA01C861A687474703A2F2F73652E73796D63622E636F6D2F73652E6372
>> 6C
>> 837:d=3 hl=2 l= 29 cons: SEQUENCE
>> 839:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Extended Key Usage
>> 844:d=4 hl=2 l= 22 prim: OCTET STRING [HEX
>> DUMP]:301406082B0601050507030106082B06010505070302
>> 868:d=3 hl=2 l= 14 cons: SEQUENCE
>> 870:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Key Usage
>> 875:d=4 hl=2 l= 1 prim: BOOLEAN :255
>> 878:d=4 hl=2 l= 4 prim: OCTET STRING [HEX DUMP]:030205A0
>> 884:d=3 hl=2 l= 87 cons: SEQUENCE
>> 886:d=4 hl=2 l= 8 prim: OBJECT :Authority Information
Access
>> 896:d=4 hl=2 l= 75 prim: OCTET STRING [HEX
>>
DUMP]:3049301F06082B060105050730018613687474703A2F2F73652E73796D63642E636F6D
>>
302606082B06010505073002861A687474703A2F2F73652E73796D63622E636F6D2F73652E63
>> 7274
>> 973:d=3 hl=2 l= 27 cons: SEQUENCE
>> 975:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Subject
Alternative
>> Name
>> 980:d=4 hl=2 l= 20 prim: OCTET STRING [HEX
>> DUMP]:3012821073736C312E766974616C70732E6E6574
>> 1002:d=3 hl=2 l= 31 cons: SEQUENCE
>> 1004:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key
>> Identifier
>> 1009:d=4 hl=2 l= 24 prim: OCTET STRING [HEX
>> DUMP]:30168014D79B7CD822A015F7DDAD5FCE299B58C3BC4600B5
>>
>> Base64 TBSCertificate:
>>
MIIEB6ADAgECAhAOuSInYmHx2ceEN0njIjW3MA0GCSqGSIb3DQEBBQUAMIG8MQswCQYDVQQGEwJV
>>
UzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdv
>>
cmsxOzA5BgNVBAsTMlRlcm1zIG9mIHVzZSBhdCBodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBh
>>
IChjKTEwMTYwNAYDVQQDEy1WZXJpU2lnbiBDbGFzcyAzIEludGVybmF0aW9uYWwgU2VydmVyIENB
>>
IC0gRzMwHhcNMTYwNzI5MDAwMDAwWhcNMTcwMjEwMjM1OTU5WjBxMQswCQYDVQQGEwJVUzEQMA4G
>>
A1UECBMHR2VvcmdpYTERMA8GA1UEBxQIQ29sdW1idXMxDTALBgNVBAoUBFRTWVMxEzARBgNVBAsU
>>
ClREUy1EYWxsYXMxGTAXBgNVBAMUEHNzbDEudml0YWxwcy5uZXQwggEiMA0GCSqGSIb3DQEBAQUA
>>
A4IBDwAwggEKAoIBAQC0PUofY3n/0tAKdKFPeYpnf3Fd9mmZhmLxF2Eb8wqoPHJkqumU5tph0NCu
>>
Y4t59rTA9IlhxBBjj9xIl3AGo6vWwhFCNiX3YRBcY8k5IOHst7iG7G1VVcfCkrGkd7hC1VZD2aZK
>>
K5Jyyh+syrZSFfZGF0NEkhKtsZJSxRaQIX/bcZGyWBNx8JN4rjrzZFz1yyMCQvwgLGIpquNDZbaL
>>
KAnwTJ8mckHfwDBeEDYXwhW2RcCQqGP3Q8fmQiaU4OoXZVIdJJKmC6cSmeBfd6V3TKRnQGOFip2c
>>
qjNZzUU9a6uwOooAE4c5Ry9bgoN0Xxoh74U2gSls6JssQnXnnf0MoJDFAgMBAAGjggFlMIIBYTAJ
>>
BgNVHRMEAjAAMGEGA1UdIARaMFgwVgYGZ4EMAQICMEwwIwYIKwYBBQUHAgEWF2h0dHBzOi8vZC5z
>>
eW1jYi5jb20vY3BzMCUGCCsGAQUFBwICMBkaF2h0dHBzOi8vZC5zeW1jYi5jb20vcnBhMCsGA1Ud
>>
HwQkMCIwIKAeoByGGmh0dHA6Ly9zZS5zeW1jYi5jb20vc2UuY3JsMB0GA1UdJQQWMBQGCCsGAQUF
>>
BwMBBggrBgEFBQcDAjAOBgNVHQ8BAf8EBAMCBaAwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzAB
>>
hhNodHRwOi8vc2Uuc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc2Uuc3ltY2IuY29tL3Nl
>>
LmNydDAbBgNVHREEFDASghBzc2wxLnZpdGFscHMubmV0MB8GA1UdIwQYMBaAFNebfNgioBX33a1f
>> zimbWMO8RgC1
>>
>>
>> ----------------------------------------------
>>
>> ssl3.vitalps.net (based on https://crt.sh/?id=24732908)
>>
>> -----BEGIN CERTIFICATE-----
>> MIIFLjCCBBagAwIBAgIQZ+KRKfjS6C/HFeLNU6FfljANBgkqhkiG9w0BAQUFADCB
>> vDELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
>> ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug
>> YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykxMDE2MDQGA1UEAxMt
>> VmVyaVNpZ24gQ2xhc3MgMyBJbnRlcm5hdGlvbmFsIFNlcnZlciBDQSAtIEczMB4X
>> DTE1MDgwNDAwMDAwMFoXDTE2MDgwMzIzNTk1OVowdTELMAkGA1UEBhMCVVMxEDAO
>> BgNVBAgTB0dlb3JnaWExETAPBgNVBAcUCENvbHVtYnVzMQ0wCwYDVQQKFARUU1lT
>> MRcwFQYDVQQLFA5URFMtUE1OX0RhbGxhczEZMBcGA1UEAxQQc3NsMy52aXRhbHBz
>> Lm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALjTwLC8aVNGKOve
>> eaa3TjQRO2CeYlkLAn5Ayk+L4EO+CR+2x9+1Vc8tJ+13/+oP+vA+hNtMnvZ3FREs
>> tA2x1u89v3OWj88E0HUtmA8aPYUpTYeFJVf3j0AUE9KZ02IiXzPyLimJst2wgF4m
>> /TtmN3BPczcAnWX+6UN7ygpc/AFodgAJs82tZsm9rRSrgqNe3z5ZOFPDa2Tj+QPU
>> fKEw3mORc0dwgIdKbdCRNrs7UkymV54a1A3p55j99CD+Byid7Lc9PzJe1XscJlfJ
>> 5gtXcKWRyhRY7e9W5QQ+s4yVDZxvnoAcoAo0yldaSMDrEktPNg7Ydslg0XQYMA+W
>> w2uexxMCAwEAAaOCAXAwggFsMBsGA1UdEQQUMBKCEHNzbDMudml0YWxwcy5uZXQw
>> CQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBaAwKAYDVR0lBCEwHwYIKwYBBQUHAwEG
>> CCsGAQUFBwMCBglghkgBhvhCBAEwYQYDVR0gBFowWDBWBgZngQwBAgIwTDAjBggr
>> BgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIwGRoX
>> aHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwHwYDVR0jBBgwFoAU15t82CKgFffdrV/O
>> KZtYw7xGALUwKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3NlLnN5bWNiLmNvbS9z
>> ZS5jcmwwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vc2Uuc3lt
>> Y2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc2Uuc3ltY2IuY29tL3NlLmNydDAN
>> BgkqhkiG9w0BAQUFAAOCAQEAKuvE4RJZc0cjPjkVRbhQWTYYrKjJ/1BYxmNszNTM
>> P+3rUb3I2k4+UoczYjf/F/qaK9AL5TSopVcn2ds5EnFoKJtpvF/gF6PK1OUM4ViX
>> jOPQFvycZ+mR8JXcvZJVFZVNZ+RahkPKJShIzryj2ktvci/yX8K2asNCE4BjVDAs
>> 1p5mTz4RcjofgCxDy0KYd/d/rGfbA1fNli8nL92UuuzzU+EqrQM3im3iAqlNZSDO
>> XjXxTEqnkrylTnMmzf4aIgz8OxUEvsZmkq5UXySd778kt5oJ3I7URe6NhDJjBCR4
>> VgFSirUTR0Y7lAkNDZ8x+2S7S0SoR6mi9BtxhWP+EFbVWw==
>> -----END CERTIFICATE-----
>>
>> Parsed TBSCertificate:
>> 0:d=0 hl=4 l=1035 cons: SEQUENCE
>> 4:d=1 hl=2 l= 3 cons: cont [ 0 ]
>> 6:d=2 hl=2 l= 1 prim: INTEGER :02
>> 9:d=1 hl=2 l= 16 prim: INTEGER
>> :426F395EE8DCEF5C9123F0FDA116B040
>> 27:d=1 hl=2 l= 13 cons: SEQUENCE
>> 29:d=2 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption
>> 40:d=2 hl=2 l= 0 prim: NULL
>> 42:d=1 hl=3 l= 188 cons: SEQUENCE
>> 45:d=2 hl=2 l= 11 cons: SET
>> 47:d=3 hl=2 l= 9 cons: SEQUENCE
>> 49:d=4 hl=2 l= 3 prim: OBJECT :countryName
>> 54:d=4 hl=2 l= 2 prim: PRINTABLESTRING :US
>> 58:d=2 hl=2 l= 23 cons: SET
>> 60:d=3 hl=2 l= 21 cons: SEQUENCE
>> 62:d=4 hl=2 l= 3 prim: OBJECT :organizationName
>> 67:d=4 hl=2 l= 14 prim: PRINTABLESTRING :VeriSign, Inc.
>> 83:d=2 hl=2 l= 31 cons: SET
>> 85:d=3 hl=2 l= 29 cons: SEQUENCE
>> 87:d=4 hl=2 l= 3 prim: OBJECT :organizationalUnitName
>> 92:d=4 hl=2 l= 22 prim: PRINTABLESTRING :VeriSign Trust Network
>> 116:d=2 hl=2 l= 59 cons: SET
>> 118:d=3 hl=2 l= 57 cons: SEQUENCE
>> 120:d=4 hl=2 l= 3 prim: OBJECT :organizationalUnitName
>> 125:d=4 hl=2 l= 50 prim: PRINTABLESTRING :Terms of use at
>> https://www.verisign.com/rpa (c)10
>> 177:d=2 hl=2 l= 54 cons: SET
>> 179:d=3 hl=2 l= 52 cons: SEQUENCE
>> 181:d=4 hl=2 l= 3 prim: OBJECT :commonName
>> 186:d=4 hl=2 l= 45 prim: PRINTABLESTRING :VeriSign Class 3
>> International Server CA - G3
>> 233:d=1 hl=2 l= 30 cons: SEQUENCE
>> 235:d=2 hl=2 l= 13 prim: UTCTIME :160729000000Z
>> 250:d=2 hl=2 l= 13 prim: UTCTIME :170210235959Z
>> 265:d=1 hl=2 l= 117 cons: SEQUENCE
>> 267:d=2 hl=2 l= 11 cons: SET
>> 269:d=3 hl=2 l= 9 cons: SEQUENCE
>> 271:d=4 hl=2 l= 3 prim: OBJECT :countryName
>> 276:d=4 hl=2 l= 2 prim: PRINTABLESTRING :US
>> 280:d=2 hl=2 l= 16 cons: SET
>> 282:d=3 hl=2 l= 14 cons: SEQUENCE
>> 284:d=4 hl=2 l= 3 prim: OBJECT :stateOrProvinceName
>> 289:d=4 hl=2 l= 7 prim: PRINTABLESTRING :Georgia
>> 298:d=2 hl=2 l= 17 cons: SET
>> 300:d=3 hl=2 l= 15 cons: SEQUENCE
>> 302:d=4 hl=2 l= 3 prim: OBJECT :localityName
>> 307:d=4 hl=2 l= 8 prim: T61STRING :Columbus
>> 317:d=2 hl=2 l= 13 cons: SET
>> 319:d=3 hl=2 l= 11 cons: SEQUENCE
>> 321:d=4 hl=2 l= 3 prim: OBJECT :organizationName
>> 326:d=4 hl=2 l= 4 prim: T61STRING :TSYS
>> 332:d=2 hl=2 l= 23 cons: SET
>> 334:d=3 hl=2 l= 21 cons: SEQUENCE
>> 336:d=4 hl=2 l= 3 prim: OBJECT :organizationalUnitName
>> 341:d=4 hl=2 l= 14 prim: T61STRING :TDS-PMN_Dallas
>> 357:d=2 hl=2 l= 25 cons: SET
>> 359:d=3 hl=2 l= 23 cons: SEQUENCE
>> 361:d=4 hl=2 l= 3 prim: OBJECT :commonName
>> 366:d=4 hl=2 l= 16 prim: T61STRING :ssl3.vitalps.net
>> 384:d=1 hl=4 l= 290 cons: SEQUENCE
>> 388:d=2 hl=2 l= 13 cons: SEQUENCE
>> 390:d=3 hl=2 l= 9 prim: OBJECT :rsaEncryption
>> 401:d=3 hl=2 l= 0 prim: NULL
>> 403:d=2 hl=4 l= 271 prim: BIT STRING
>> 678:d=1 hl=4 l= 357 cons: cont [ 3 ]
>> 682:d=2 hl=4 l= 353 cons: SEQUENCE
>> 686:d=3 hl=2 l= 9 cons: SEQUENCE
>> 688:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Basic Constraints
>> 693:d=4 hl=2 l= 2 prim: OCTET STRING [HEX DUMP]:3000
>> 697:d=3 hl=2 l= 97 cons: SEQUENCE
>> 699:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Certificate
Policies
>> 704:d=4 hl=2 l= 90 prim: OCTET STRING [HEX
>>
DUMP]:30583056060667810C010202304C302306082B06010505070201161768747470733A2F
>>
2F642E73796D63622E636F6D2F637073302506082B0601050507020230191A1768747470733A
>> 2F2F642E73796D63622E636F6D2F727061
>> 796:d=3 hl=2 l= 43 cons: SEQUENCE
>> 798:d=4 hl=2 l= 3 prim: OBJECT :X509v3 CRL Distribution
>> Points
>> 803:d=4 hl=2 l= 36 prim: OCTET STRING [HEX
>>
DUMP]:30223020A01EA01C861A687474703A2F2F73652E73796D63622E636F6D2F73652E6372
>> 6C
>> 841:d=3 hl=2 l= 29 cons: SEQUENCE
>> 843:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Extended Key Usage
>> 848:d=4 hl=2 l= 22 prim: OCTET STRING [HEX
>> DUMP]:301406082B0601050507030106082B06010505070302
>> 872:d=3 hl=2 l= 14 cons: SEQUENCE
>> 874:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Key Usage
>> 879:d=4 hl=2 l= 1 prim: BOOLEAN :255
>> 882:d=4 hl=2 l= 4 prim: OCTET STRING [HEX DUMP]:030205A0
>> 888:d=3 hl=2 l= 87 cons: SEQUENCE
>> 890:d=4 hl=2 l= 8 prim: OBJECT :Authority Information
Access
>> 900:d=4 hl=2 l= 75 prim: OCTET STRING [HEX
>>
DUMP]:3049301F06082B060105050730018613687474703A2F2F73652E73796D63642E636F6D
>>
302606082B06010505073002861A687474703A2F2F73652E73796D63622E636F6D2F73652E63
>> 7274
>> 977:d=3 hl=2 l= 27 cons: SEQUENCE
>> 979:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Subject
Alternative
>> Name
>> 984:d=4 hl=2 l= 20 prim: OCTET STRING [HEX
>> DUMP]:3012821073736C332E766974616C70732E6E6574
>> 1006:d=3 hl=2 l= 31 cons: SEQUENCE
>> 1008:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key
>> Identifier
>> 1013:d=4 hl=2 l= 24 prim: OCTET STRING [HEX
>> DUMP]:30168014D79B7CD822A015F7DDAD5FCE299B58C3BC4600B5
>>
>> Base64 TBSCertificate:
>>
MIIEC6ADAgECAhBCbzle6NzvXJEj8P2hFrBAMA0GCSqGSIb3DQEBBQUAMIG8MQswCQYDVQQGEwJV
>>
UzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdv
>>
cmsxOzA5BgNVBAsTMlRlcm1zIG9mIHVzZSBhdCBodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBh
>>
IChjKTEwMTYwNAYDVQQDEy1WZXJpU2lnbiBDbGFzcyAzIEludGVybmF0aW9uYWwgU2VydmVyIENB
>>
IC0gRzMwHhcNMTYwNzI5MDAwMDAwWhcNMTcwMjEwMjM1OTU5WjB1MQswCQYDVQQGEwJVUzEQMA4G
>>
A1UECBMHR2VvcmdpYTERMA8GA1UEBxQIQ29sdW1idXMxDTALBgNVBAoUBFRTWVMxFzAVBgNVBAsU
>>
DlREUy1QTU5fRGFsbGFzMRkwFwYDVQQDFBBzc2wzLnZpdGFscHMubmV0MIIBIjANBgkqhkiG9w0B
>>
AQEFAAOCAQ8AMIIBCgKCAQEAuNPAsLxpU0Yo6955prdONBE7YJ5iWQsCfkDKT4vgQ74JH7bH37VV
>>
zy0n7Xf/6g/68D6E20ye9ncVESy0DbHW7z2/c5aPzwTQdS2YDxo9hSlNh4UlV/ePQBQT0pnTYiJf
>>
M/IuKYmy3bCAXib9O2Y3cE9zNwCdZf7pQ3vKClz8AWh2AAmzza1myb2tFKuCo17fPlk4U8NrZOP5
>>
A9R8oTDeY5FzR3CAh0pt0JE2uztSTKZXnhrUDennmP30IP4HKJ3stz0/Ml7VexwmV8nmC1dwpZHK
>>
FFjt71blBD6zjJUNnG+egBygCjTKV1pIwOsSS082Dth2yWDRdBgwD5bDa57HEwIDAQABo4IBZTCC
>>
AWEwCQYDVR0TBAIwADBhBgNVHSAEWjBYMFYGBmeBDAECAjBMMCMGCCsGAQUFBwIBFhdodHRwczov
>>
L2Quc3ltY2IuY29tL2NwczAlBggrBgEFBQcCAjAZGhdodHRwczovL2Quc3ltY2IuY29tL3JwYTAr
>>
BgNVHR8EJDAiMCCgHqAchhpodHRwOi8vc2Uuc3ltY2IuY29tL3NlLmNybDAdBgNVHSUEFjAUBggr
>>
BgEFBQcDAQYIKwYBBQUHAwIwDgYDVR0PAQH/BAQDAgWgMFcGCCsGAQUFBwEBBEswSTAfBggrBgEF
>>
BQcwAYYTaHR0cDovL3NlLnN5bWNkLmNvbTAmBggrBgEFBQcwAoYaaHR0cDovL3NlLnN5bWNiLmNv
>>
bS9zZS5jcnQwGwYDVR0RBBQwEoIQc3NsMy52aXRhbHBzLm5ldDAfBgNVHSMEGDAWgBTXm3zYIqAV
>> 992tX84pm1jDvEYAtQ==
>>
>>
>> -------------------------------------------
>>
>> ssl2.vitalps.net (based on a cert not logged in crt.sh)
>>
>> -----BEGIN CERTIFICATE-----
>> MIIFLjCCBBagAwIBAgIQFW3Uf33gwGxNETp8o3IHkzANBgkqhkiG9w0BAQUFADCB
>> vDELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
>> ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug
>> YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykxMDE2MDQGA1UEAxMt
>> VmVyaVNpZ24gQ2xhc3MgMyBJbnRlcm5hdGlvbmFsIFNlcnZlciBDQSAtIEczMB4X
>> DTE0MDcxMTAwMDAwMFoXDTE2MDgzMDIzNTk1OVowcTELMAkGA1UEBhMCVVMxEDAO
>> BgNVBAgTB0dlb3JnaWExETAPBgNVBAcUCENvbHVtYnVzMQ0wCwYDVQQKFARUU1lT
>> MRMwEQYDVQQLFApURFMtUmVzdG9uMRkwFwYDVQQDFBBzc2wyLnZpdGFscHMubmV0
>> MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs7SWO9dIJIhhj27rPAFf
>> DFQNzCB9op6vy8kw566fo7hwRRA3qqTts6tsjsw7qLzblX2wu4vSNkpmCUqbxKge
>> KUGWdxzth7KctXn1MlKA15uSMxkXjlKe7d25MoImWLcZA/sXVGReATzpR0kaXujy
>> 7k2prk5hOZY/PaIc6270PuFh6gukXiaDf7eAIvijS40V4xll52L0WhpjIMaDXnTo
>> WkDbGXH6YqT/IritvAGM2IRZPWrhE2YrvDlwVoXnkxPGlT9is5kDkBJ02OZYTd7/
>> BuRZO9GR1tQY8esd2KQw5KQlFIaW5wXaNTXRlJ3R+13oAzsrq51kPVeUbhzkJ5Ce
>> 6QIDAQABo4IBdDCCAXAwGwYDVR0RBBQwEoIQc3NsMi52aXRhbHBzLm5ldDAJBgNV
>> HRMEAjAAMA4GA1UdDwEB/wQEAwIFoDAoBgNVHSUEITAfBggrBgEFBQcDAQYIKwYB
>> BQUHAwIGCWCGSAGG+EIEATBlBgNVHSAEXjBcMFoGCmCGSAGG+EUBBzYwTDAjBggr
>> BgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIwGRoX
>> aHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwHwYDVR0jBBgwFoAU15t82CKgFffdrV/O
>> KZtYw7xGALUwKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3NlLnN5bWNiLmNvbS9z
>> ZS5jcmwwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vc2Uuc3lt
>> Y2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc2Uuc3ltY2IuY29tL3NlLmNydDAN
>> BgkqhkiG9w0BAQUFAAOCAQEAVwlUXrDLP2LKmX8PmscxPv1k8pzUmOB2XRegkWLj
>> D1Bsc1U/FbuVWlgkg8aIeqm1yqwnX/b/67Jlop1kOxGcTXgl9TA5uQSYRSWqejFO
>> 1CsM56ScFHFuW76EhXHUX36tqRF+MSPcMRr8lWA1DJQeNKmdjfPYvwUggnkH5/rm
>> yRZk0OSRhpQTrCuYTq1xFuS+tyKiYnq6ocaQwDfbD+nvvzVf8x8qvPFt61HMzUzP
>> ydVKbv2QwAQBjy0dUxEkJ6O8hnK1hU8F3qc4wRu+Ge1ofSdfssyWjYLFI66IRBTD
>> 2XmvyE9c680wPZv90uHz9eWBR7yGF1hP0V8fXsM4ldJksA==
>> -----END CERTIFICATE-----
>>
>> Parsed TBSCertificate:
>> 0:d=0 hl=4 l=1031 cons: SEQUENCE
>> 4:d=1 hl=2 l= 3 cons: cont [ 0 ]
>> 6:d=2 hl=2 l= 1 prim: INTEGER :02
>> 9:d=1 hl=2 l= 16 prim: INTEGER
>> :7CD54ACFA6E1738BA8449A38CA09BE1E
>> 27:d=1 hl=2 l= 13 cons: SEQUENCE
>> 29:d=2 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption
>> 40:d=2 hl=2 l= 0 prim: NULL
>> 42:d=1 hl=3 l= 188 cons: SEQUENCE
>> 45:d=2 hl=2 l= 11 cons: SET
>> 47:d=3 hl=2 l= 9 cons: SEQUENCE
>> 49:d=4 hl=2 l= 3 prim: OBJECT :countryName
>> 54:d=4 hl=2 l= 2 prim: PRINTABLESTRING :US
>> 58:d=2 hl=2 l= 23 cons: SET
>> 60:d=3 hl=2 l= 21 cons: SEQUENCE
>> 62:d=4 hl=2 l= 3 prim: OBJECT :organizationName
>> 67:d=4 hl=2 l= 14 prim: PRINTABLESTRING :VeriSign, Inc.
>> 83:d=2 hl=2 l= 31 cons: SET
>> 85:d=3 hl=2 l= 29 cons: SEQUENCE
>> 87:d=4 hl=2 l= 3 prim: OBJECT :organizationalUnitName
>> 92:d=4 hl=2 l= 22 prim: PRINTABLESTRING :VeriSign Trust Network
>> 116:d=2 hl=2 l= 59 cons: SET
>> 118:d=3 hl=2 l= 57 cons: SEQUENCE
>> 120:d=4 hl=2 l= 3 prim: OBJECT :organizationalUnitName
>> 125:d=4 hl=2 l= 50 prim: PRINTABLESTRING :Terms of use at
>> https://www.verisign.com/rpa (c)10
>> 177:d=2 hl=2 l= 54 cons: SET
>> 179:d=3 hl=2 l= 52 cons: SEQUENCE
>> 181:d=4 hl=2 l= 3 prim: OBJECT :commonName
>> 186:d=4 hl=2 l= 45 prim: PRINTABLESTRING :VeriSign Class 3
>> International Server CA - G3
>> 233:d=1 hl=2 l= 30 cons: SEQUENCE
>> 235:d=2 hl=2 l= 13 prim: UTCTIME :160729000000Z
>> 250:d=2 hl=2 l= 13 prim: UTCTIME :170210235959Z
>> 265:d=1 hl=2 l= 113 cons: SEQUENCE
>> 267:d=2 hl=2 l= 11 cons: SET
>> 269:d=3 hl=2 l= 9 cons: SEQUENCE
>> 271:d=4 hl=2 l= 3 prim: OBJECT :countryName
>> 276:d=4 hl=2 l= 2 prim: PRINTABLESTRING :US
>> 280:d=2 hl=2 l= 16 cons: SET
>> 282:d=3 hl=2 l= 14 cons: SEQUENCE
>> 284:d=4 hl=2 l= 3 prim: OBJECT :stateOrProvinceName
>> 289:d=4 hl=2 l= 7 prim: PRINTABLESTRING :Georgia
>> 298:d=2 hl=2 l= 17 cons: SET
>> 300:d=3 hl=2 l= 15 cons: SEQUENCE
>> 302:d=4 hl=2 l= 3 prim: OBJECT :localityName
>> 307:d=4 hl=2 l= 8 prim: T61STRING :Columbus
>> 317:d=2 hl=2 l= 13 cons: SET
>> 319:d=3 hl=2 l= 11 cons: SEQUENCE
>> 321:d=4 hl=2 l= 3 prim: OBJECT :organizationName
>> 326:d=4 hl=2 l= 4 prim: T61STRING :TSYS
>> 332:d=2 hl=2 l= 19 cons: SET
>> 334:d=3 hl=2 l= 17 cons: SEQUENCE
>> 336:d=4 hl=2 l= 3 prim: OBJECT :organizationalUnitName
>> 341:d=4 hl=2 l= 10 prim: T61STRING :TDS-Reston
>> 353:d=2 hl=2 l= 25 cons: SET
>> 355:d=3 hl=2 l= 23 cons: SEQUENCE
>> 357:d=4 hl=2 l= 3 prim: OBJECT :commonName
>> 362:d=4 hl=2 l= 16 prim: T61STRING :ssl2.vitalps.net
>> 380:d=1 hl=4 l= 290 cons: SEQUENCE
>> 384:d=2 hl=2 l= 13 cons: SEQUENCE
>> 386:d=3 hl=2 l= 9 prim: OBJECT :rsaEncryption
>> 397:d=3 hl=2 l= 0 prim: NULL
>> 399:d=2 hl=4 l= 271 prim: BIT STRING
>> 674:d=1 hl=4 l= 357 cons: cont [ 3 ]
>> 678:d=2 hl=4 l= 353 cons: SEQUENCE
>> 682:d=3 hl=2 l= 9 cons: SEQUENCE
>> 684:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Basic Constraints
>> 689:d=4 hl=2 l= 2 prim: OCTET STRING [HEX DUMP]:3000
>> 693:d=3 hl=2 l= 97 cons: SEQUENCE
>> 695:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Certificate
Policies
>> 700:d=4 hl=2 l= 90 prim: OCTET STRING [HEX
>>
DUMP]:30583056060667810C010202304C302306082B06010505070201161768747470733A2F
>>
2F642E73796D63622E636F6D2F637073302506082B0601050507020230191A1768747470733A
>> 2F2F642E73796D63622E636F6D2F727061
>> 792:d=3 hl=2 l= 43 cons: SEQUENCE
>> 794:d=4 hl=2 l= 3 prim: OBJECT :X509v3 CRL Distribution
>> Points
>> 799:d=4 hl=2 l= 36 prim: OCTET STRING [HEX
>>
DUMP]:30223020A01EA01C861A687474703A2F2F73652E73796D63622E636F6D2F73652E6372
>> 6C
>> 837:d=3 hl=2 l= 29 cons: SEQUENCE
>> 839:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Extended Key Usage
>> 844:d=4 hl=2 l= 22 prim: OCTET STRING [HEX
>> DUMP]:301406082B0601050507030106082B06010505070302
>> 868:d=3 hl=2 l= 14 cons: SEQUENCE
>> 870:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Key Usage
>> 875:d=4 hl=2 l= 1 prim: BOOLEAN :255
>> 878:d=4 hl=2 l= 4 prim: OCTET STRING [HEX DUMP]:030205A0
>> 884:d=3 hl=2 l= 87 cons: SEQUENCE
>> 886:d=4 hl=2 l= 8 prim: OBJECT :Authority Information
Access
>> 896:d=4 hl=2 l= 75 prim: OCTET STRING [HEX
>>
DUMP]:3049301F06082B060105050730018613687474703A2F2F73652E73796D63642E636F6D
>>
302606082B06010505073002861A687474703A2F2F73652E73796D63622E636F6D2F73652E63
>> 7274
>> 973:d=3 hl=2 l= 27 cons: SEQUENCE
>> 975:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Subject
Alternative
>> Name
>> 980:d=4 hl=2 l= 20 prim: OCTET STRING [HEX
>> DUMP]:3012821073736C322E766974616C70732E6E6574
>> 1002:d=3 hl=2 l= 31 cons: SEQUENCE
>> 1004:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key
>> Identifier
>> 1009:d=4 hl=2 l= 24 prim: OCTET STRING [HEX
>> DUMP]:30168014D79B7CD822A015F7DDAD5FCE299B58C3BC4600B5
>>
>> Base64 TBSCertificate:
>>
MIIEB6ADAgECAhB81UrPpuFzi6hEmjjKCb4eMA0GCSqGSIb3DQEBBQUAMIG8MQswCQYDVQQGEwJV
>>
UzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdv
>>
cmsxOzA5BgNVBAsTMlRlcm1zIG9mIHVzZSBhdCBodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBh
>>
IChjKTEwMTYwNAYDVQQDEy1WZXJpU2lnbiBDbGFzcyAzIEludGVybmF0aW9uYWwgU2VydmVyIENB
>>
IC0gRzMwHhcNMTYwNzI5MDAwMDAwWhcNMTcwMjEwMjM1OTU5WjBxMQswCQYDVQQGEwJVUzEQMA4G
>>
A1UECBMHR2VvcmdpYTERMA8GA1UEBxQIQ29sdW1idXMxDTALBgNVBAoUBFRTWVMxEzARBgNVBAsU
>>
ClREUy1SZXN0b24xGTAXBgNVBAMUEHNzbDIudml0YWxwcy5uZXQwggEiMA0GCSqGSIb3DQEBAQUA
>>
A4IBDwAwggEKAoIBAQCztJY710gkiGGPbus8AV8MVA3MIH2inq/LyTDnrp+juHBFEDeqpO2zq2yO
>>
zDuovNuVfbC7i9I2SmYJSpvEqB4pQZZ3HO2Hspy1efUyUoDXm5IzGReOUp7t3bkygiZYtxkD+xdU
>>
ZF4BPOlHSRpe6PLuTamuTmE5lj89ohzrbvQ+4WHqC6ReJoN/t4Ai+KNLjRXjGWXnYvRaGmMgxoNe
>>
dOhaQNsZcfpipP8iuK28AYzYhFk9auETZiu8OXBWheeTE8aVP2KzmQOQEnTY5lhN3v8G5Fk70ZHW
>>
1Bjx6x3YpDDkpCUUhpbnBdo1NdGUndH7XegDOyurnWQ9V5RuHOQnkJ7pAgMBAAGjggFlMIIBYTAJ
>>
BgNVHRMEAjAAMGEGA1UdIARaMFgwVgYGZ4EMAQICMEwwIwYIKwYBBQUHAgEWF2h0dHBzOi8vZC5z
>>
eW1jYi5jb20vY3BzMCUGCCsGAQUFBwICMBkaF2h0dHBzOi8vZC5zeW1jYi5jb20vcnBhMCsGA1Ud
>>
HwQkMCIwIKAeoByGGmh0dHA6Ly9zZS5zeW1jYi5jb20vc2UuY3JsMB0GA1UdJQQWMBQGCCsGAQUF
>>
BwMBBggrBgEFBQcDAjAOBgNVHQ8BAf8EBAMCBaAwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzAB
>>
hhNodHRwOi8vc2Uuc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc2Uuc3ltY2IuY29tL3Nl
>>
LmNydDAbBgNVHREEFDASghBzc2wyLnZpdGFscHMubmV0MB8GA1UdIwQYMBaAFNebfNgioBX33a1f
>> zimbWMO8RgC1
>>
>>
>> ---------------------------------------------
>>
>> ssl2.vitalps.net (based https://crt.sh/?id=24732905)
>>
>> -----BEGIN CERTIFICATE-----
>> MIIFLjCCBBagAwIBAgIQC2txgNGyPR3F31kjsev70TANBgkqhkiG9w0BAQUFADCB
>> vDELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
>> ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug
>> YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykxMDE2MDQGA1UEAxMt
>> VmVyaVNpZ24gQ2xhc3MgMyBJbnRlcm5hdGlvbmFsIFNlcnZlciBDQSAtIEczMB4X
>> DTE0MDcxMTAwMDAwMFoXDTE2MDgzMDIzNTk1OVowcTELMAkGA1UEBhMCVVMxEDAO
>> BgNVBAgTB0dlb3JnaWExETAPBgNVBAcUCENvbHVtYnVzMQ0wCwYDVQQKFARUU1lT
>> MRMwEQYDVQQLFApURFMtRGFsbGFzMRkwFwYDVQQDFBBzc2wyLnZpdGFscHMubmV0
>> MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt7h6ItxaeRllDNDzqJSD
>> 6YxRZ/IQjGMAJGSq3vIwo8rof17S2PdtMFZpHA4G0ueZJm0cVcNKprJ1M5ykwzVo
>> fc+i1z3DjmlxSK4HjL9B6vDuUQGLgasYrvR3pAosKGkucQQW0/mFWpOKwrpXfYss
>> zAIgLc0bU1QJHKF14re6FRo1sX4JxU0xlaK/+Q0kdUQVPYdG4A57Uvz7C1/u9/Jt
>> vP+1OKxn0fEwclZa9Hug4yi9llLjEHNHs0sPc2g/2nFmBOSpzUutnr8oqomgM0Of
>> UhgFmPbsRZ0jzYxR0HZ7RQ+Eg3UJcDwQqmp14iw2dWAJKbmVsdOy8FT6TGOk9Paz
>> HQIDAQABo4IBdDCCAXAwGwYDVR0RBBQwEoIQc3NsMi52aXRhbHBzLm5ldDAJBgNV
>> HRMEAjAAMA4GA1UdDwEB/wQEAwIFoDAoBgNVHSUEITAfBggrBgEFBQcDAQYIKwYB
>> BQUHAwIGCWCGSAGG+EIEATBlBgNVHSAEXjBcMFoGCmCGSAGG+EUBBzYwTDAjBggr
>> BgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIwGRoX
>> aHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwHwYDVR0jBBgwFoAU15t82CKgFffdrV/O
>> KZtYw7xGALUwKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3NlLnN5bWNiLmNvbS9z
>> ZS5jcmwwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vc2Uuc3lt
>> Y2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc2Uuc3ltY2IuY29tL3NlLmNydDAN
>> BgkqhkiG9w0BAQUFAAOCAQEAZGQ7qWXzrHZbrnJBbcy8vtTxfz6ScUpmdhNsHtqA
>> zibYmUerfme6vcfI+a3RntUdeh2bP/g28hWsJeUOBWOH2jewa9SvFDWeA+an2ICO
>> qK1aFEM2zbJxRoSmFYNwogISVhNWs895zGyQEGcfSHhh8R+PTZdu1AoSgZ33RKc/
>> mhnVyr1aLdymLzQ+hz4D5j2qVyO3JqJjrqiQKxFKsp/AOVU/UCeWjSumcd2Ff6fw
>> VL6TvBa+QGnHFFFzUadkyf8LjGTFxwN65Ft4Rd/EcI+6hrfLn8ivJ+sh616wesB4
>> OvX9A29d6wJqVPIL9vmD8l+4akKpFZi0rLtb5e6FmpWy1Q==
>> -----END CERTIFICATE-----
>>
>> Parsed TBSCertificate:
>> 0:d=0 hl=4 l=1031 cons: SEQUENCE
>> 4:d=1 hl=2 l= 3 cons: cont [ 0 ]
>> 6:d=2 hl=2 l= 1 prim: INTEGER :02
>> 9:d=1 hl=2 l= 16 prim: INTEGER
>> :1A7737CFE654ED95E0B42A90DB357BB9
>> 27:d=1 hl=2 l= 13 cons: SEQUENCE
>> 29:d=2 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption
>> 40:d=2 hl=2 l= 0 prim: NULL
>> 42:d=1 hl=3 l= 188 cons: SEQUENCE
>> 45:d=2 hl=2 l= 11 cons: SET
>> 47:d=3 hl=2 l= 9 cons: SEQUENCE
>> 49:d=4 hl=2 l= 3 prim: OBJECT :countryName
>> 54:d=4 hl=2 l= 2 prim: PRINTABLESTRING :US
>> 58:d=2 hl=2 l= 23 cons: SET
>> 60:d=3 hl=2 l= 21 cons: SEQUENCE
>> 62:d=4 hl=2 l= 3 prim: OBJECT :organizationName
>> 67:d=4 hl=2 l= 14 prim: PRINTABLESTRING :VeriSign, Inc.
>> 83:d=2 hl=2 l= 31 cons: SET
>> 85:d=3 hl=2 l= 29 cons: SEQUENCE
>> 87:d=4 hl=2 l= 3 prim: OBJECT :organizationalUnitName
>> 92:d=4 hl=2 l= 22 prim: PRINTABLESTRING :VeriSign Trust Network
>> 116:d=2 hl=2 l= 59 cons: SET
>> 118:d=3 hl=2 l= 57 cons: SEQUENCE
>> 120:d=4 hl=2 l= 3 prim: OBJECT :organizationalUnitName
>> 125:d=4 hl=2 l= 50 prim: PRINTABLESTRING :Terms of use at
>> https://www.verisign.com/rpa (c)10
>> 177:d=2 hl=2 l= 54 cons: SET
>> 179:d=3 hl=2 l= 52 cons: SEQUENCE
>> 181:d=4 hl=2 l= 3 prim: OBJECT :commonName
>> 186:d=4 hl=2 l= 45 prim: PRINTABLESTRING :VeriSign Class 3
>> International Server CA - G3
>> 233:d=1 hl=2 l= 30 cons: SEQUENCE
>> 235:d=2 hl=2 l= 13 prim: UTCTIME :160729000000Z
>> 250:d=2 hl=2 l= 13 prim: UTCTIME :170210235959Z
>> 265:d=1 hl=2 l= 113 cons: SEQUENCE
>> 267:d=2 hl=2 l= 11 cons: SET
>> 269:d=3 hl=2 l= 9 cons: SEQUENCE
>> 271:d=4 hl=2 l= 3 prim: OBJECT :countryName
>> 276:d=4 hl=2 l= 2 prim: PRINTABLESTRING :US
>> 280:d=2 hl=2 l= 16 cons: SET
>> 282:d=3 hl=2 l= 14 cons: SEQUENCE
>> 284:d=4 hl=2 l= 3 prim: OBJECT :stateOrProvinceName
>> 289:d=4 hl=2 l= 7 prim: PRINTABLESTRING :Georgia
>> 298:d=2 hl=2 l= 17 cons: SET
>> 300:d=3 hl=2 l= 15 cons: SEQUENCE
>> 302:d=4 hl=2 l= 3 prim: OBJECT :localityName
>> 307:d=4 hl=2 l= 8 prim: T61STRING :Columbus
>> 317:d=2 hl=2 l= 13 cons: SET
>> 319:d=3 hl=2 l= 11 cons: SEQUENCE
>> 321:d=4 hl=2 l= 3 prim: OBJECT :organizationName
>> 326:d=4 hl=2 l= 4 prim: T61STRING :TSYS
>> 332:d=2 hl=2 l= 19 cons: SET
>> 334:d=3 hl=2 l= 17 cons: SEQUENCE
>> 336:d=4 hl=2 l= 3 prim: OBJECT :organizationalUnitName
>> 341:d=4 hl=2 l= 10 prim: T61STRING :TDS-Dallas
>> 353:d=2 hl=2 l= 25 cons: SET
>> 355:d=3 hl=2 l= 23 cons: SEQUENCE
>> 357:d=4 hl=2 l= 3 prim: OBJECT :commonName
>> 362:d=4 hl=2 l= 16 prim: T61STRING :ssl2.vitalps.net
>> 380:d=1 hl=4 l= 290 cons: SEQUENCE
>> 384:d=2 hl=2 l= 13 cons: SEQUENCE
>> 386:d=3 hl=2 l= 9 prim: OBJECT :rsaEncryption
>> 397:d=3 hl=2 l= 0 prim: NULL
>> 399:d=2 hl=4 l= 271 prim: BIT STRING
>> 674:d=1 hl=4 l= 357 cons: cont [ 3 ]
>> 678:d=2 hl=4 l= 353 cons: SEQUENCE
>> 682:d=3 hl=2 l= 9 cons: SEQUENCE
>> 684:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Basic Constraints
>> 689:d=4 hl=2 l= 2 prim: OCTET STRING [HEX DUMP]:3000
>> 693:d=3 hl=2 l= 97 cons: SEQUENCE
>> 695:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Certificate
Policies
>> 700:d=4 hl=2 l= 90 prim: OCTET STRING [HEX
>>
DUMP]:30583056060667810C010202304C302306082B06010505070201161768747470733A2F
>>
2F642E73796D63622E636F6D2F637073302506082B0601050507020230191A1768747470733A
>> 2F2F642E73796D63622E636F6D2F727061
>> 792:d=3 hl=2 l= 43 cons: SEQUENCE
>> 794:d=4 hl=2 l= 3 prim: OBJECT :X509v3 CRL Distribution
>> Points
>> 799:d=4 hl=2 l= 36 prim: OCTET STRING [HEX
>>
DUMP]:30223020A01EA01C861A687474703A2F2F73652E73796D63622E636F6D2F73652E6372
>> 6C
>> 837:d=3 hl=2 l= 29 cons: SEQUENCE
>> 839:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Extended Key Usage
>> 844:d=4 hl=2 l= 22 prim: OCTET STRING [HEX
>> DUMP]:301406082B0601050507030106082B06010505070302
>> 868:d=3 hl=2 l= 14 cons: SEQUENCE
>> 870:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Key Usage
>> 875:d=4 hl=2 l= 1 prim: BOOLEAN :255
>> 878:d=4 hl=2 l= 4 prim: OCTET STRING [HEX DUMP]:030205A0
>> 884:d=3 hl=2 l= 87 cons: SEQUENCE
>> 886:d=4 hl=2 l= 8 prim: OBJECT :Authority Information
Access
>> 896:d=4 hl=2 l= 75 prim: OCTET STRING [HEX
>>
DUMP]:3049301F06082B060105050730018613687474703A2F2F73652E73796D63642E636F6D
>>
302606082B06010505073002861A687474703A2F2F73652E73796D63622E636F6D2F73652E63
>> 7274
>> 973:d=3 hl=2 l= 27 cons: SEQUENCE
>> 975:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Subject
Alternative
>> Name
>> 980:d=4 hl=2 l= 20 prim: OCTET STRING [HEX
>> DUMP]:3012821073736C322E766974616C70732E6E6574
>> 1002:d=3 hl=2 l= 31 cons: SEQUENCE
>> 1004:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key
>> Identifier
>> 1009:d=4 hl=2 l= 24 prim: OCTET STRING [HEX
>> DUMP]:30168014D79B7CD822A015F7DDAD5FCE299B58C3BC4600B5
>>
>> Base64 TBSCertificate:
>>
MIIEB6ADAgECAhAadzfP5lTtleC0KpDbNXu5MA0GCSqGSIb3DQEBBQUAMIG8MQswCQYDVQQGEwJV
>>
UzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdv
>>
cmsxOzA5BgNVBAsTMlRlcm1zIG9mIHVzZSBhdCBodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBh
>>
IChjKTEwMTYwNAYDVQQDEy1WZXJpU2lnbiBDbGFzcyAzIEludGVybmF0aW9uYWwgU2VydmVyIENB
>>
IC0gRzMwHhcNMTYwNzI5MDAwMDAwWhcNMTcwMjEwMjM1OTU5WjBxMQswCQYDVQQGEwJVUzEQMA4G
>>
A1UECBMHR2VvcmdpYTERMA8GA1UEBxQIQ29sdW1idXMxDTALBgNVBAoUBFRTWVMxEzARBgNVBAsU
>>
ClREUy1EYWxsYXMxGTAXBgNVBAMUEHNzbDIudml0YWxwcy5uZXQwggEiMA0GCSqGSIb3DQEBAQUA
>>
A4IBDwAwggEKAoIBAQC3uHoi3Fp5GWUM0POolIPpjFFn8hCMYwAkZKre8jCjyuh/XtLY920wVmkc
>>
DgbS55kmbRxVw0qmsnUznKTDNWh9z6LXPcOOaXFIrgeMv0Hq8O5RAYuBqxiu9HekCiwoaS5xBBbT
>>
+YVak4rCuld9iyzMAiAtzRtTVAkcoXXit7oVGjWxfgnFTTGVor/5DSR1RBU9h0bgDntS/PsLX+73
>>
8m28/7U4rGfR8TByVlr0e6DjKL2WUuMQc0ezSw9zaD/acWYE5KnNS62evyiqiaAzQ59SGAWY9uxF
>>
nSPNjFHQdntFD4SDdQlwPBCqanXiLDZ1YAkpuZWx07LwVPpMY6T09rMdAgMBAAGjggFlMIIBYTAJ
>>
BgNVHRMEAjAAMGEGA1UdIARaMFgwVgYGZ4EMAQICMEwwIwYIKwYBBQUHAgEWF2h0dHBzOi8vZC5z
>>
eW1jYi5jb20vY3BzMCUGCCsGAQUFBwICMBkaF2h0dHBzOi8vZC5zeW1jYi5jb20vcnBhMCsGA1Ud
>>
HwQkMCIwIKAeoByGGmh0dHA6Ly9zZS5zeW1jYi5jb20vc2UuY3JsMB0GA1UdJQQWMBQGCCsGAQUF
>>
BwMBBggrBgEFBQcDAjAOBgNVHQ8BAf8EBAMCBaAwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzAB
>>
hhNodHRwOi8vc2Uuc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc2Uuc3ltY2IuY29tL3Nl
>>
LmNydDAbBgNVHREEFDASghBzc2wyLnZpdGFscHMubmV0MB8GA1UdIwQYMBaAFNebfNgioBX33a1f
>> zimbWMO8RgC1
>>
>>
>> -----Original Message-----
>> From: public-bounces at cabforum.org
>> Sent: Friday, July 15, 2016 7:48 PM
>>
>> Subject: [cabfpub] Application for SHA-1 Issuance
>>
>> Enclosed please find the application for SHA-1 issuance presented on
behalf
>> of our client. Note that the application was fully completed by the
client.
>>
>> In addition, please find the TBS certificates generated by Symantec.
>>
>> Accompanying each TBSCertificate is a crt.sh link to the corresponding
SHA-2
>> certificate issued by our online system as a prerequisite, so that we
>> capture evidence of authentication and verification of the information in
>> the certificate. The TBSCertificates differ from these certificates by
>> Issuer name, because our online systems can sign only with SHA-2 issuers.
>> And since the Issuer name is different, corresponding extensions (CDP,
AIA,
>> AKI) are different as well.
>>
>> The TBSCertificates do not include public keys from older CT-logged
>> certificates; they include public keys that correspond to private keys
that
>> were recently generated on the servers and that await the approval of
these
>> requests. The customer uses a CDN that uses OpenSSL to generate key pairs
>> from a secure server. A separate secure server is used for private key
>> pass-phrase retention.
>>
>> As this is the first time this is being done, there may be follow-up
>> questions or items that were inadvertently omitted which we are happy to
>> address.
>>
>> We ask that the community give good consideration to this request.
>>
>> One thing you will notice is the validity date extends to Feb 10, 2017.
In
>> the payment industry, 31 December is an absolutely horrible time to make
a
>> change as it represents one of the peak times for traffic. The client has
>> aligned the date with the published Microsoft end date for SHA-1.
>>
>> Thank you,
>>
>> Dean Coclin
>> Symantec
>>
>>
>>
>>
>>
>>
>>
>> _______________________________________________
>> Public mailing list
>> Public at cabforum.org
>> https://cabforum.org/mailman/listinfo/public
>>
>
--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
Office Tel: +44.(0)1274.730505
Office Fax: +44.(0)1274.730909
www.comodo.com
COMODO CA Limited, Registered in England No. 04058690
Registered Office:
3rd Floor, 26 Office Village, Exchange Quay,
Trafford Road, Salford, Manchester M5 3EQ
This e-mail and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they are
addressed. If you have received this email in error please notify the
sender by replying to the e-mail containing this attachment. Replies to
this email may be monitored by COMODO for operational or business
reasons. Whilst every endeavour is taken to ensure that e-mails are free
from viruses, no liability can be accepted and the recipient is
requested to use their own virus checking software.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5723 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160723/44938406/attachment-0001.p7s>
More information about the Public
mailing list