[cabfpub] Application for SHA-1 Issuance

Dean Coclin Dean_Coclin at symantec.com
Sat Jul 16 14:29:46 MST 2016


You are absolutely correct, I neglected to cc the applicant and have added
him to the cc of this email. Since the original email is below, I believe
this is sufficient.

Thanks for the correction.


-----Original Message-----
From: Andrew Ayer [mailto:andrew at sslmate.com] 
Sent: Saturday, July 16, 2016 1:11 PM
To: Dean Coclin <Dean_Coclin at symantec.com>
Cc: public at cabforum.org
Subject: Re: [cabfpub] Application for SHA-1 Issuance

Hi Dean,

Could you resend this email, CCing a representative of the Subscriber,
as required by Step One of the
"Post Jan 2016 SHA­-1 Issuance Request Procedure Version 1.1"?  Besides
being a requirement, I have several questions and it would streamline
the process if the Subscriber could see them.


On Fri, 15 Jul 2016 23:48:00 +0000
Dean Coclin <Dean_Coclin at symantec.com> wrote:

> Enclosed please find the application for SHA-1 issuance presented on
> behalf of our client. Note that the application was fully completed
> by the client. 
> In addition, please find the TBS certificates generated by Symantec.
> Accompanying each TBSCertificate is a crt.sh link to the
> corresponding SHA-2 certificate issued by our online system as a
> prerequisite, so that we capture evidence of authentication and
> verification of the information in the certificate. The
> TBSCertificates differ from these certificates by Issuer name,
> because our online systems can sign only with SHA-2 issuers. And
> since the Issuer name is different, corresponding extensions (CDP,
> AIA, AKI) are different as well.
> The TBSCertificates do not include public keys from older CT-logged
> certificates; they include public keys that correspond to private
> keys that were recently generated on the servers and that await the
> approval of these requests. The customer uses a CDN that uses OpenSSL
> to generate key pairs from a secure server. A separate secure server
> is used for private key pass-phrase retention.
> As this is the first time this is being done, there may be follow-up
> questions or items that were inadvertently omitted which we are happy
> to address. 
> We ask that the community give good consideration to this request.
> One thing you will notice is the validity date extends to Feb 10,
> 2017. In the payment industry, 31 December is an absolutely horrible
> time to make a change as it represents one of the peak times for
> traffic. The client has aligned the date with the published Microsoft
> end date for SHA-1.
> Thank you,
> Dean Coclin
> Symantec
> To reconstitute the TBSCertificate in binary DER form, use the Linux
> command:
> base64 --decode > tbs.der
> Then paste in a block of text from below, followed by an EOF
> (control-D).
> ----------
> https://crt.sh/?id=24605911
>     0:d=0  hl=4 l=1064 cons: SEQUENCE          
>     4:d=1  hl=2 l=   3 cons: cont [ 0 ]        
>     6:d=2  hl=2 l=   1 prim: INTEGER           :02
>     9:d=1  hl=2 l=  16 prim: INTEGER
> :1742B08A1110D4AAA17A559AFA0B045C
>    27:d=1  hl=2 l=  13 cons: SEQUENCE          
>    29:d=2  hl=2 l=   9 prim: OBJECT            :sha1WithRSAEncryption
>    40:d=2  hl=2 l=   0 prim: NULL              
>    42:d=1  hl=3 l= 188 cons: SEQUENCE          
>    45:d=2  hl=2 l=  11 cons: SET               
>    47:d=3  hl=2 l=   9 cons: SEQUENCE          
>    49:d=4  hl=2 l=   3 prim: OBJECT            :countryName
>    54:d=4  hl=2 l=   2 prim: PRINTABLESTRING   :US
>    58:d=2  hl=2 l=  23 cons: SET               
>    60:d=3  hl=2 l=  21 cons: SEQUENCE          
>    62:d=4  hl=2 l=   3 prim: OBJECT            :organizationName
>    67:d=4  hl=2 l=  14 prim: PRINTABLESTRING   :VeriSign, Inc.
>    83:d=2  hl=2 l=  31 cons: SET               
>    85:d=3  hl=2 l=  29 cons: SEQUENCE          
>    87:d=4  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
>    92:d=4  hl=2 l=  22 prim: PRINTABLESTRING   :VeriSign Trust Network
>   116:d=2  hl=2 l=  59 cons: SET               
>   118:d=3  hl=2 l=  57 cons: SEQUENCE          
>   120:d=4  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
>   125:d=4  hl=2 l=  50 prim: PRINTABLESTRING   :Terms of use at
> https://www.verisign.com/rpa (c)10
>   177:d=2  hl=2 l=  54 cons: SET               
>   179:d=3  hl=2 l=  52 cons: SEQUENCE          
>   181:d=4  hl=2 l=   3 prim: OBJECT            :commonName
>   186:d=4  hl=2 l=  45 prim: PRINTABLESTRING   :VeriSign Class 3
> International Server CA - G3
>   233:d=1  hl=2 l=  30 cons: SEQUENCE          
>   235:d=2  hl=2 l=  13 prim: UTCTIME           :160729000000Z
>   250:d=2  hl=2 l=  13 prim: UTCTIME           :170210235959Z
>   265:d=1  hl=3 l= 139 cons: SEQUENCE          
>   268:d=2  hl=2 l=  11 cons: SET               
>   270:d=3  hl=2 l=   9 cons: SEQUENCE          
>   272:d=4  hl=2 l=   3 prim: OBJECT            :countryName
>   277:d=4  hl=2 l=   2 prim: PRINTABLESTRING   :US
>   281:d=2  hl=2 l=  16 cons: SET               
>   283:d=3  hl=2 l=  14 cons: SEQUENCE          
>   285:d=4  hl=2 l=   3 prim: OBJECT            :stateOrProvinceName
>   290:d=4  hl=2 l=   7 prim: PRINTABLESTRING   :Georgia
>   299:d=2  hl=2 l=  17 cons: SET               
>   301:d=3  hl=2 l=  15 cons: SEQUENCE          
>   303:d=4  hl=2 l=   3 prim: OBJECT            :localityName
>   308:d=4  hl=2 l=   8 prim: PRINTABLESTRING   :Columbus
>   318:d=2  hl=2 l=  13 cons: SET               
>   320:d=3  hl=2 l=  11 cons: SEQUENCE          
>   322:d=4  hl=2 l=   3 prim: OBJECT            :organizationName
>   327:d=4  hl=2 l=   4 prim: PRINTABLESTRING   :TSYS
>   333:d=2  hl=2 l=  39 cons: SET               
>   335:d=3  hl=2 l=  37 cons: SEQUENCE          
>   337:d=4  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
>   342:d=4  hl=2 l=  30 prim: PRINTABLESTRING
> :TDS-2-Ashburn-SCA-bbL6gMDyTZU8
>   374:d=2  hl=2 l=  31 cons: SET               
>   376:d=3  hl=2 l=  29 cons: SEQUENCE          
>   378:d=4  hl=2 l=   3 prim: OBJECT            :commonName
>   383:d=4  hl=2 l=  22 prim: PRINTABLESTRING   :ssl1.tsysacquiring.net
>   407:d=1  hl=4 l= 290 cons: SEQUENCE          
>   411:d=2  hl=2 l=  13 cons: SEQUENCE          
>   413:d=3  hl=2 l=   9 prim: OBJECT            :rsaEncryption
>   424:d=3  hl=2 l=   0 prim: NULL              
>   426:d=2  hl=4 l= 271 prim: BIT STRING        
>   701:d=1  hl=4 l= 363 cons: cont [ 3 ]        
>   705:d=2  hl=4 l= 359 cons: SEQUENCE          
>   709:d=3  hl=2 l=   9 cons: SEQUENCE          
>   711:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Basic
> Constraints 716:d=4  hl=2 l=   2 prim: OCTET STRING      [HEX
> DUMP]:3000 720:d=3  hl=2 l=  97 cons: SEQUENCE          
>   722:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Certificate
> Policies 727:d=4  hl=2 l=  90 prim: OCTET STRING      [HEX
> 2F2F642E73796D63622E636F6D2F727061
>   819:d=3  hl=2 l=  43 cons: SEQUENCE          
>   821:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 CRL
> Distribution Points
>   826:d=4  hl=2 l=  36 prim: OCTET STRING      [HEX
> 6C
>   864:d=3  hl=2 l=  29 cons: SEQUENCE          
>   866:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Extended Key
> Usage 871:d=4  hl=2 l=  22 prim: OCTET STRING      [HEX
> DUMP]:301406082B0601050507030106082B06010505070302
>   895:d=3  hl=2 l=  14 cons: SEQUENCE          
>   897:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Key Usage
>   902:d=4  hl=2 l=   1 prim: BOOLEAN           :255
>   905:d=4  hl=2 l=   4 prim: OCTET STRING      [HEX DUMP]:030205A0
>   911:d=3  hl=2 l=  87 cons: SEQUENCE          
>   913:d=4  hl=2 l=   8 prim: OBJECT            :Authority Information
> Access 923:d=4  hl=2 l=  75 prim: OCTET STRING      [HEX
> 7274
>  1000:d=3  hl=2 l=  33 cons: SEQUENCE          
>  1002:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Subject
> Alternative Name
>  1007:d=4  hl=2 l=  26 prim: OCTET STRING      [HEX
> DUMP]:3018821673736C312E74737973616371756972696E672E6E6574
>  1035:d=3  hl=2 l=  31 cons: SEQUENCE          
>  1037:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Authority Key
> Identifier
>  1042:d=4  hl=2 l=  24 prim: OCTET STRING      [HEX
> DUMP]:30168014D79B7CD822A015F7DDAD5FCE299B58C3BC4600B5
> wlPWoBitXir1IDgTWASyLl3oaJR3D5nA1XbR
> +DsHdMmRK72MKTAfpK2xThpqRziBn00Zkfs9kt1r
> aXJpbmcubmV0MB8GA1UdIwQYMBaAFNebfNgioBX33a1fzimbWMO8RgC1
> ----------
> https://crt.sh/?id=24605923
>     0:d=0  hl=4 l=1063 cons: SEQUENCE          
>     4:d=1  hl=2 l=   3 cons: cont [ 0 ]        
>     6:d=2  hl=2 l=   1 prim: INTEGER           :02
>     9:d=1  hl=2 l=  16 prim: INTEGER
>    27:d=1  hl=2 l=  13 cons: SEQUENCE          
>    29:d=2  hl=2 l=   9 prim: OBJECT            :sha1WithRSAEncryption
>    40:d=2  hl=2 l=   0 prim: NULL              
>    42:d=1  hl=3 l= 188 cons: SEQUENCE          
>    45:d=2  hl=2 l=  11 cons: SET               
>    47:d=3  hl=2 l=   9 cons: SEQUENCE          
>    49:d=4  hl=2 l=   3 prim: OBJECT            :countryName
>    54:d=4  hl=2 l=   2 prim: PRINTABLESTRING   :US
>    58:d=2  hl=2 l=  23 cons: SET               
>    60:d=3  hl=2 l=  21 cons: SEQUENCE          
>    62:d=4  hl=2 l=   3 prim: OBJECT            :organizationName
>    67:d=4  hl=2 l=  14 prim: PRINTABLESTRING   :VeriSign, Inc.
>    83:d=2  hl=2 l=  31 cons: SET               
>    85:d=3  hl=2 l=  29 cons: SEQUENCE          
>    87:d=4  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
>    92:d=4  hl=2 l=  22 prim: PRINTABLESTRING   :VeriSign Trust Network
>   116:d=2  hl=2 l=  59 cons: SET               
>   118:d=3  hl=2 l=  57 cons: SEQUENCE          
>   120:d=4  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
>   125:d=4  hl=2 l=  50 prim: PRINTABLESTRING   :Terms of use at
> https://www.verisign.com/rpa (c)10
>   177:d=2  hl=2 l=  54 cons: SET               
>   179:d=3  hl=2 l=  52 cons: SEQUENCE          
>   181:d=4  hl=2 l=   3 prim: OBJECT            :commonName
>   186:d=4  hl=2 l=  45 prim: PRINTABLESTRING   :VeriSign Class 3
> International Server CA - G3
>   233:d=1  hl=2 l=  30 cons: SEQUENCE          
>   235:d=2  hl=2 l=  13 prim: UTCTIME           :160729000000Z
>   250:d=2  hl=2 l=  13 prim: UTCTIME           :170210235959Z
>   265:d=1  hl=3 l= 138 cons: SEQUENCE          
>   268:d=2  hl=2 l=  11 cons: SET               
>   270:d=3  hl=2 l=   9 cons: SEQUENCE          
>   272:d=4  hl=2 l=   3 prim: OBJECT            :countryName
>   277:d=4  hl=2 l=   2 prim: PRINTABLESTRING   :US
>   281:d=2  hl=2 l=  16 cons: SET               
>   283:d=3  hl=2 l=  14 cons: SEQUENCE          
>   285:d=4  hl=2 l=   3 prim: OBJECT            :stateOrProvinceName
>   290:d=4  hl=2 l=   7 prim: PRINTABLESTRING   :Georgia
>   299:d=2  hl=2 l=  17 cons: SET               
>   301:d=3  hl=2 l=  15 cons: SEQUENCE          
>   303:d=4  hl=2 l=   3 prim: OBJECT            :localityName
>   308:d=4  hl=2 l=   8 prim: PRINTABLESTRING   :Columbus
>   318:d=2  hl=2 l=  13 cons: SET               
>   320:d=3  hl=2 l=  11 cons: SEQUENCE          
>   322:d=4  hl=2 l=   3 prim: OBJECT            :organizationName
>   327:d=4  hl=2 l=   4 prim: PRINTABLESTRING   :TSYS
>   333:d=2  hl=2 l=  38 cons: SET               
>   335:d=3  hl=2 l=  36 cons: SEQUENCE          
>   337:d=4  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
>   342:d=4  hl=2 l=  29 prim: PRINTABLESTRING
> :TDS-2-Dallas-SCA-v2PmB4cxayEu
>   373:d=2  hl=2 l=  31 cons: SET               
>   375:d=3  hl=2 l=  29 cons: SEQUENCE          
>   377:d=4  hl=2 l=   3 prim: OBJECT            :commonName
>   382:d=4  hl=2 l=  22 prim: PRINTABLESTRING   :ssl1.tsysacquiring.net
>   406:d=1  hl=4 l= 290 cons: SEQUENCE          
>   410:d=2  hl=2 l=  13 cons: SEQUENCE          
>   412:d=3  hl=2 l=   9 prim: OBJECT            :rsaEncryption
>   423:d=3  hl=2 l=   0 prim: NULL              
>   425:d=2  hl=4 l= 271 prim: BIT STRING        
>   700:d=1  hl=4 l= 363 cons: cont [ 3 ]        
>   704:d=2  hl=4 l= 359 cons: SEQUENCE          
>   708:d=3  hl=2 l=   9 cons: SEQUENCE          
>   710:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Basic
> Constraints 715:d=4  hl=2 l=   2 prim: OCTET STRING      [HEX
> DUMP]:3000 719:d=3  hl=2 l=  97 cons: SEQUENCE          
>   721:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Certificate
> Policies 726:d=4  hl=2 l=  90 prim: OCTET STRING      [HEX
> 2F2F642E73796D63622E636F6D2F727061
>   818:d=3  hl=2 l=  43 cons: SEQUENCE          
>   820:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 CRL
> Distribution Points
>   825:d=4  hl=2 l=  36 prim: OCTET STRING      [HEX
> 6C
>   863:d=3  hl=2 l=  29 cons: SEQUENCE          
>   865:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Extended Key
> Usage 870:d=4  hl=2 l=  22 prim: OCTET STRING      [HEX
> DUMP]:301406082B0601050507030106082B06010505070302
>   894:d=3  hl=2 l=  14 cons: SEQUENCE          
>   896:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Key Usage
>   901:d=4  hl=2 l=   1 prim: BOOLEAN           :255
>   904:d=4  hl=2 l=   4 prim: OCTET STRING      [HEX DUMP]:030205A0
>   910:d=3  hl=2 l=  87 cons: SEQUENCE          
>   912:d=4  hl=2 l=   8 prim: OBJECT            :Authority Information
> Access 922:d=4  hl=2 l=  75 prim: OCTET STRING      [HEX
> 7274
>   999:d=3  hl=2 l=  33 cons: SEQUENCE          
>  1001:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Subject
> Alternative Name
>  1006:d=4  hl=2 l=  26 prim: OCTET STRING      [HEX
> DUMP]:3018821673736C312E74737973616371756972696E672E6E6574
>  1034:d=3  hl=2 l=  31 cons: SEQUENCE          
>  1036:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Authority Key
> Identifier
>  1041:d=4  hl=2 l=  24 prim: OCTET STRING      [HEX
> DUMP]:30168014D79B7CD822A015F7DDAD5FCE299B58C3BC4600B5
> P9WQxuqAolZc
> +2cRgzHPWa0MIMbXq7F15cVdkm83uXMF0vGZx4s7Ja0pMEJ3o07EIvZI6bb/OCua
> xnorucw5p34GOF7gVIXmEGBPoUv4g6AmLIemmKLP7bd7
> +Yw506wTsDbISk4r6K3bn3mdPmJkgWus
> 3NYVbFZbVniZwZ4/u2x6MB8yo8ldHtdfjDNlemk5vtvgWbLHGKhQCFJM/g1kg08
> +snr2bCNWyA+A i5v65+ydfU+mg2lVGdKh8QP6Aj+o8B+AVwYCVsmn3jrM
> +BItpAcrWpv7e/oym9j0TwesssKLtfjq
> cmluZy5uZXQwHwYDVR0jBBgwFoAU15t82CKgFffdrV/OKZtYw7xGALU=
> ----------
> https://crt.sh/?id=24605938
>     0:d=0  hl=4 l=1052 cons: SEQUENCE          
>     4:d=1  hl=2 l=   3 cons: cont [ 0 ]        
>     6:d=2  hl=2 l=   1 prim: INTEGER           :02
>     9:d=1  hl=2 l=  16 prim: INTEGER
> :16A1C0BCE737C9297E2EB0590415884C
>    27:d=1  hl=2 l=  13 cons: SEQUENCE          
>    29:d=2  hl=2 l=   9 prim: OBJECT            :sha1WithRSAEncryption
>    40:d=2  hl=2 l=   0 prim: NULL              
>    42:d=1  hl=3 l= 188 cons: SEQUENCE          
>    45:d=2  hl=2 l=  11 cons: SET               
>    47:d=3  hl=2 l=   9 cons: SEQUENCE          
>    49:d=4  hl=2 l=   3 prim: OBJECT            :countryName
>    54:d=4  hl=2 l=   2 prim: PRINTABLESTRING   :US
>    58:d=2  hl=2 l=  23 cons: SET               
>    60:d=3  hl=2 l=  21 cons: SEQUENCE          
>    62:d=4  hl=2 l=   3 prim: OBJECT            :organizationName
>    67:d=4  hl=2 l=  14 prim: PRINTABLESTRING   :VeriSign, Inc.
>    83:d=2  hl=2 l=  31 cons: SET               
>    85:d=3  hl=2 l=  29 cons: SEQUENCE          
>    87:d=4  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
>    92:d=4  hl=2 l=  22 prim: PRINTABLESTRING   :VeriSign Trust Network
>   116:d=2  hl=2 l=  59 cons: SET               
>   118:d=3  hl=2 l=  57 cons: SEQUENCE          
>   120:d=4  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
>   125:d=4  hl=2 l=  50 prim: PRINTABLESTRING   :Terms of use at
> https://www.verisign.com/rpa (c)10
>   177:d=2  hl=2 l=  54 cons: SET               
>   179:d=3  hl=2 l=  52 cons: SEQUENCE          
>   181:d=4  hl=2 l=   3 prim: OBJECT            :commonName
>   186:d=4  hl=2 l=  45 prim: PRINTABLESTRING   :VeriSign Class 3
> International Server CA - G3
>   233:d=1  hl=2 l=  30 cons: SEQUENCE          
>   235:d=2  hl=2 l=  13 prim: UTCTIME           :160729000000Z
>   250:d=2  hl=2 l=  13 prim: UTCTIME           :170210235959Z
>   265:d=1  hl=3 l= 133 cons: SEQUENCE          
>   268:d=2  hl=2 l=  11 cons: SET               
>   270:d=3  hl=2 l=   9 cons: SEQUENCE          
>   272:d=4  hl=2 l=   3 prim: OBJECT            :countryName
>   277:d=4  hl=2 l=   2 prim: PRINTABLESTRING   :US
>   281:d=2  hl=2 l=  16 cons: SET               
>   283:d=3  hl=2 l=  14 cons: SEQUENCE          
>   285:d=4  hl=2 l=   3 prim: OBJECT            :stateOrProvinceName
>   290:d=4  hl=2 l=   7 prim: PRINTABLESTRING   :Georgia
>   299:d=2  hl=2 l=  17 cons: SET               
>   301:d=3  hl=2 l=  15 cons: SEQUENCE          
>   303:d=4  hl=2 l=   3 prim: OBJECT            :localityName
>   308:d=4  hl=2 l=   8 prim: PRINTABLESTRING   :Columbus
>   318:d=2  hl=2 l=  13 cons: SET               
>   320:d=3  hl=2 l=  11 cons: SEQUENCE          
>   322:d=4  hl=2 l=   3 prim: OBJECT            :organizationName
>   327:d=4  hl=2 l=   4 prim: PRINTABLESTRING   :TSYS
>   333:d=2  hl=2 l=  39 cons: SET               
>   335:d=3  hl=2 l=  37 cons: SEQUENCE          
>   337:d=4  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
>   342:d=4  hl=2 l=  30 prim: PRINTABLESTRING
> :TDS-2-Ashburn-SCA-bbL6gMDyTZU8
>   374:d=2  hl=2 l=  25 cons: SET               
>   376:d=3  hl=2 l=  23 cons: SEQUENCE          
>   378:d=4  hl=2 l=   3 prim: OBJECT            :commonName
>   383:d=4  hl=2 l=  16 prim: PRINTABLESTRING   :ssl1.vitalps.net
>   401:d=1  hl=4 l= 290 cons: SEQUENCE          
>   405:d=2  hl=2 l=  13 cons: SEQUENCE          
>   407:d=3  hl=2 l=   9 prim: OBJECT            :rsaEncryption
>   418:d=3  hl=2 l=   0 prim: NULL              
>   420:d=2  hl=4 l= 271 prim: BIT STRING        
>   695:d=1  hl=4 l= 357 cons: cont [ 3 ]        
>   699:d=2  hl=4 l= 353 cons: SEQUENCE          
>   703:d=3  hl=2 l=   9 cons: SEQUENCE          
>   705:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Basic
> Constraints 710:d=4  hl=2 l=   2 prim: OCTET STRING      [HEX
> DUMP]:3000 714:d=3  hl=2 l=  97 cons: SEQUENCE          
>   716:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Certificate
> Policies 721:d=4  hl=2 l=  90 prim: OCTET STRING      [HEX
> 2F2F642E73796D63622E636F6D2F727061
>   813:d=3  hl=2 l=  43 cons: SEQUENCE          
>   815:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 CRL
> Distribution Points
>   820:d=4  hl=2 l=  36 prim: OCTET STRING      [HEX
> 6C
>   858:d=3  hl=2 l=  29 cons: SEQUENCE          
>   860:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Extended Key
> Usage 865:d=4  hl=2 l=  22 prim: OCTET STRING      [HEX
> DUMP]:301406082B0601050507030106082B06010505070302
>   889:d=3  hl=2 l=  14 cons: SEQUENCE          
>   891:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Key Usage
>   896:d=4  hl=2 l=   1 prim: BOOLEAN           :255
>   899:d=4  hl=2 l=   4 prim: OCTET STRING      [HEX DUMP]:030205A0
>   905:d=3  hl=2 l=  87 cons: SEQUENCE          
>   907:d=4  hl=2 l=   8 prim: OBJECT            :Authority Information
> Access 917:d=4  hl=2 l=  75 prim: OCTET STRING      [HEX
> 7274
>   994:d=3  hl=2 l=  27 cons: SEQUENCE          
>   996:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Subject
> Alternative Name
>  1001:d=4  hl=2 l=  20 prim: OCTET STRING      [HEX
> DUMP]:3012821073736C312E766974616C70732E6E6574
>  1023:d=3  hl=2 l=  31 cons: SEQUENCE          
>  1025:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Authority Key
> Identifier
>  1030:d=4  hl=2 l=  24 prim: OCTET STRING      [HEX
> DUMP]:30168014D79B7CD822A015F7DDAD5FCE299B58C3BC4600B5
> ek5XTaKtYrlPcbeHk6GxGNMqBt
> +q6enleihTLZVuSC1kLt1TImgBEIhKcGns3DWqb3pd4mSYlMy5
> ni3RwANjFwV3bUD2kpSec05EXkr83PO+vJ+4IGukepDxyubxpUlHLGKjN0bZj5Rhyh
> +Z3K6g/UIo a2I9qGxsq27Dyl1weJf7AoO3lFroAXa
> +0d3kFWeWQjpKSfBJJD6IfTa5ekE58hWKyMDgKgsdYmTx
> A1UdIwQYMBaAFNebfNgioBX33a1fzimbWMO8RgC1
> ----------
> https://crt.sh/?id=24603563
>     0:d=0  hl=4 l=1051 cons: SEQUENCE          
>     4:d=1  hl=2 l=   3 cons: cont [ 0 ]        
>     6:d=2  hl=2 l=   1 prim: INTEGER           :02
>     9:d=1  hl=2 l=  16 prim: INTEGER
> :461A77CD27D2E3E75E6A5CB1B84727B5
>    27:d=1  hl=2 l=  13 cons: SEQUENCE          
>    29:d=2  hl=2 l=   9 prim: OBJECT            :sha1WithRSAEncryption
>    40:d=2  hl=2 l=   0 prim: NULL              
>    42:d=1  hl=3 l= 188 cons: SEQUENCE          
>    45:d=2  hl=2 l=  11 cons: SET               
>    47:d=3  hl=2 l=   9 cons: SEQUENCE          
>    49:d=4  hl=2 l=   3 prim: OBJECT            :countryName
>    54:d=4  hl=2 l=   2 prim: PRINTABLESTRING   :US
>    58:d=2  hl=2 l=  23 cons: SET               
>    60:d=3  hl=2 l=  21 cons: SEQUENCE          
>    62:d=4  hl=2 l=   3 prim: OBJECT            :organizationName
>    67:d=4  hl=2 l=  14 prim: PRINTABLESTRING   :VeriSign, Inc.
>    83:d=2  hl=2 l=  31 cons: SET               
>    85:d=3  hl=2 l=  29 cons: SEQUENCE          
>    87:d=4  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
>    92:d=4  hl=2 l=  22 prim: PRINTABLESTRING   :VeriSign Trust Network
>   116:d=2  hl=2 l=  59 cons: SET               
>   118:d=3  hl=2 l=  57 cons: SEQUENCE          
>   120:d=4  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
>   125:d=4  hl=2 l=  50 prim: PRINTABLESTRING   :Terms of use at
> https://www.verisign.com/rpa (c)10
>   177:d=2  hl=2 l=  54 cons: SET               
>   179:d=3  hl=2 l=  52 cons: SEQUENCE          
>   181:d=4  hl=2 l=   3 prim: OBJECT            :commonName
>   186:d=4  hl=2 l=  45 prim: PRINTABLESTRING   :VeriSign Class 3
> International Server CA - G3
>   233:d=1  hl=2 l=  30 cons: SEQUENCE          
>   235:d=2  hl=2 l=  13 prim: UTCTIME           :160729000000Z
>   250:d=2  hl=2 l=  13 prim: UTCTIME           :170210235959Z
>   265:d=1  hl=3 l= 132 cons: SEQUENCE          
>   268:d=2  hl=2 l=  11 cons: SET               
>   270:d=3  hl=2 l=   9 cons: SEQUENCE          
>   272:d=4  hl=2 l=   3 prim: OBJECT            :countryName
>   277:d=4  hl=2 l=   2 prim: PRINTABLESTRING   :US
>   281:d=2  hl=2 l=  16 cons: SET               
>   283:d=3  hl=2 l=  14 cons: SEQUENCE          
>   285:d=4  hl=2 l=   3 prim: OBJECT            :stateOrProvinceName
>   290:d=4  hl=2 l=   7 prim: PRINTABLESTRING   :Georgia
>   299:d=2  hl=2 l=  17 cons: SET               
>   301:d=3  hl=2 l=  15 cons: SEQUENCE          
>   303:d=4  hl=2 l=   3 prim: OBJECT            :localityName
>   308:d=4  hl=2 l=   8 prim: PRINTABLESTRING   :Columbus
>   318:d=2  hl=2 l=  13 cons: SET               
>   320:d=3  hl=2 l=  11 cons: SEQUENCE          
>   322:d=4  hl=2 l=   3 prim: OBJECT            :organizationName
>   327:d=4  hl=2 l=   4 prim: PRINTABLESTRING   :TSYS
>   333:d=2  hl=2 l=  38 cons: SET               
>   335:d=3  hl=2 l=  36 cons: SEQUENCE          
>   337:d=4  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
>   342:d=4  hl=2 l=  29 prim: PRINTABLESTRING
> :TDS-2-Dallas-SCA-v2PmB4cxayEu
>   373:d=2  hl=2 l=  25 cons: SET               
>   375:d=3  hl=2 l=  23 cons: SEQUENCE          
>   377:d=4  hl=2 l=   3 prim: OBJECT            :commonName
>   382:d=4  hl=2 l=  16 prim: PRINTABLESTRING   :ssl1.vitalps.net
>   400:d=1  hl=4 l= 290 cons: SEQUENCE          
>   404:d=2  hl=2 l=  13 cons: SEQUENCE          
>   406:d=3  hl=2 l=   9 prim: OBJECT            :rsaEncryption
>   417:d=3  hl=2 l=   0 prim: NULL              
>   419:d=2  hl=4 l= 271 prim: BIT STRING        
>   694:d=1  hl=4 l= 357 cons: cont [ 3 ]        
>   698:d=2  hl=4 l= 353 cons: SEQUENCE          
>   702:d=3  hl=2 l=   9 cons: SEQUENCE          
>   704:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Basic
> Constraints 709:d=4  hl=2 l=   2 prim: OCTET STRING      [HEX
> DUMP]:3000 713:d=3  hl=2 l=  97 cons: SEQUENCE          
>   715:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Certificate
> Policies 720:d=4  hl=2 l=  90 prim: OCTET STRING      [HEX
> 2F2F642E73796D63622E636F6D2F727061
>   812:d=3  hl=2 l=  43 cons: SEQUENCE          
>   814:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 CRL
> Distribution Points
>   819:d=4  hl=2 l=  36 prim: OCTET STRING      [HEX
> 6C
>   857:d=3  hl=2 l=  29 cons: SEQUENCE          
>   859:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Extended Key
> Usage 864:d=4  hl=2 l=  22 prim: OCTET STRING      [HEX
> DUMP]:301406082B0601050507030106082B06010505070302
>   888:d=3  hl=2 l=  14 cons: SEQUENCE          
>   890:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Key Usage
>   895:d=4  hl=2 l=   1 prim: BOOLEAN           :255
>   898:d=4  hl=2 l=   4 prim: OCTET STRING      [HEX DUMP]:030205A0
>   904:d=3  hl=2 l=  87 cons: SEQUENCE          
>   906:d=4  hl=2 l=   8 prim: OBJECT            :Authority Information
> Access 916:d=4  hl=2 l=  75 prim: OCTET STRING      [HEX
> 7274
>   993:d=3  hl=2 l=  27 cons: SEQUENCE          
>   995:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Subject
> Alternative Name
>  1000:d=4  hl=2 l=  20 prim: OCTET STRING      [HEX
> DUMP]:3012821073736C312E766974616C70732E6E6574
>  1022:d=3  hl=2 l=  31 cons: SEQUENCE          
>  1024:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Authority Key
> Identifier
>  1029:d=4  hl=2 l=  24 prim: OCTET STRING      [HEX
> DUMP]:30168014D79B7CD822A015F7DDAD5FCE299B58C3BC4600B5
> +LD1QAw1S75YJYGRvTsrrMw 1eg6Wkt2s9lY5wzQf61AH+KKPK
> +uwI5xEPUfilYt5iKAGa9mdAXfdiYKJV7lfAbC6LUOzYkS3QSu xM
> +SQIf3cc5OYI3BzK0UDCYwEopHzpUGxQ2KYet94C6gILdzm8eBL3klBxbM
> +HLA8w16g1RgCUx7 Q/OoqLMsaPzj+KZZz
> +aeKAECkDj8rts00LGPK3O404//qJlzmmiva50y3C/nmWTkgpn0v0aaH0BM
> +VdkOs/B9W8a/JPCL16fx
> VR0jBBgwFoAU15t82CKgFffdrV/OKZtYw7xGALU=
> ----------
> https://crt.sh/?id=24605901
>     0:d=0  hl=4 l=1052 cons: SEQUENCE          
>     4:d=1  hl=2 l=   3 cons: cont [ 0 ]        
>     6:d=2  hl=2 l=   1 prim: INTEGER           :02
>     9:d=1  hl=2 l=  16 prim: INTEGER
> :31A4E0A5A052CB270BAAFEB9EDCA561C
>    27:d=1  hl=2 l=  13 cons: SEQUENCE          
>    29:d=2  hl=2 l=   9 prim: OBJECT            :sha1WithRSAEncryption
>    40:d=2  hl=2 l=   0 prim: NULL              
>    42:d=1  hl=3 l= 188 cons: SEQUENCE          
>    45:d=2  hl=2 l=  11 cons: SET               
>    47:d=3  hl=2 l=   9 cons: SEQUENCE          
>    49:d=4  hl=2 l=   3 prim: OBJECT            :countryName
>    54:d=4  hl=2 l=   2 prim: PRINTABLESTRING   :US
>    58:d=2  hl=2 l=  23 cons: SET               
>    60:d=3  hl=2 l=  21 cons: SEQUENCE          
>    62:d=4  hl=2 l=   3 prim: OBJECT            :organizationName
>    67:d=4  hl=2 l=  14 prim: PRINTABLESTRING   :VeriSign, Inc.
>    83:d=2  hl=2 l=  31 cons: SET               
>    85:d=3  hl=2 l=  29 cons: SEQUENCE          
>    87:d=4  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
>    92:d=4  hl=2 l=  22 prim: PRINTABLESTRING   :VeriSign Trust Network
>   116:d=2  hl=2 l=  59 cons: SET               
>   118:d=3  hl=2 l=  57 cons: SEQUENCE          
>   120:d=4  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
>   125:d=4  hl=2 l=  50 prim: PRINTABLESTRING   :Terms of use at
> https://www.verisign.com/rpa (c)10
>   177:d=2  hl=2 l=  54 cons: SET               
>   179:d=3  hl=2 l=  52 cons: SEQUENCE          
>   181:d=4  hl=2 l=   3 prim: OBJECT            :commonName
>   186:d=4  hl=2 l=  45 prim: PRINTABLESTRING   :VeriSign Class 3
> International Server CA - G3
>   233:d=1  hl=2 l=  30 cons: SEQUENCE          
>   235:d=2  hl=2 l=  13 prim: UTCTIME           :160729000000Z
>   250:d=2  hl=2 l=  13 prim: UTCTIME           :170210235959Z
>   265:d=1  hl=3 l= 133 cons: SEQUENCE          
>   268:d=2  hl=2 l=  11 cons: SET               
>   270:d=3  hl=2 l=   9 cons: SEQUENCE          
>   272:d=4  hl=2 l=   3 prim: OBJECT            :countryName
>   277:d=4  hl=2 l=   2 prim: PRINTABLESTRING   :US
>   281:d=2  hl=2 l=  16 cons: SET               
>   283:d=3  hl=2 l=  14 cons: SEQUENCE          
>   285:d=4  hl=2 l=   3 prim: OBJECT            :stateOrProvinceName
>   290:d=4  hl=2 l=   7 prim: PRINTABLESTRING   :Georgia
>   299:d=2  hl=2 l=  17 cons: SET               
>   301:d=3  hl=2 l=  15 cons: SEQUENCE          
>   303:d=4  hl=2 l=   3 prim: OBJECT            :localityName
>   308:d=4  hl=2 l=   8 prim: PRINTABLESTRING   :Columbus
>   318:d=2  hl=2 l=  13 cons: SET               
>   320:d=3  hl=2 l=  11 cons: SEQUENCE          
>   322:d=4  hl=2 l=   3 prim: OBJECT            :organizationName
>   327:d=4  hl=2 l=   4 prim: PRINTABLESTRING   :TSYS
>   333:d=2  hl=2 l=  39 cons: SET               
>   335:d=3  hl=2 l=  37 cons: SEQUENCE          
>   337:d=4  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
>   342:d=4  hl=2 l=  30 prim: PRINTABLESTRING
> :TDS-2-Ashburn-SCA-bbL6gMDyTZU8
>   374:d=2  hl=2 l=  25 cons: SET               
>   376:d=3  hl=2 l=  23 cons: SEQUENCE          
>   378:d=4  hl=2 l=   3 prim: OBJECT            :commonName
>   383:d=4  hl=2 l=  16 prim: PRINTABLESTRING   :ssl2.vitalps.net
>   401:d=1  hl=4 l= 290 cons: SEQUENCE          
>   405:d=2  hl=2 l=  13 cons: SEQUENCE          
>   407:d=3  hl=2 l=   9 prim: OBJECT            :rsaEncryption
>   418:d=3  hl=2 l=   0 prim: NULL              
>   420:d=2  hl=4 l= 271 prim: BIT STRING        
>   695:d=1  hl=4 l= 357 cons: cont [ 3 ]        
>   699:d=2  hl=4 l= 353 cons: SEQUENCE          
>   703:d=3  hl=2 l=   9 cons: SEQUENCE          
>   705:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Basic
> Constraints 710:d=4  hl=2 l=   2 prim: OCTET STRING      [HEX
> DUMP]:3000 714:d=3  hl=2 l=  97 cons: SEQUENCE          
>   716:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Certificate
> Policies 721:d=4  hl=2 l=  90 prim: OCTET STRING      [HEX
> 2F2F642E73796D63622E636F6D2F727061
>   813:d=3  hl=2 l=  43 cons: SEQUENCE          
>   815:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 CRL
> Distribution Points
>   820:d=4  hl=2 l=  36 prim: OCTET STRING      [HEX
> 6C
>   858:d=3  hl=2 l=  29 cons: SEQUENCE          
>   860:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Extended Key
> Usage 865:d=4  hl=2 l=  22 prim: OCTET STRING      [HEX
> DUMP]:301406082B0601050507030106082B06010505070302
>   889:d=3  hl=2 l=  14 cons: SEQUENCE          
>   891:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Key Usage
>   896:d=4  hl=2 l=   1 prim: BOOLEAN           :255
>   899:d=4  hl=2 l=   4 prim: OCTET STRING      [HEX DUMP]:030205A0
>   905:d=3  hl=2 l=  87 cons: SEQUENCE          
>   907:d=4  hl=2 l=   8 prim: OBJECT            :Authority Information
> Access 917:d=4  hl=2 l=  75 prim: OCTET STRING      [HEX
> 7274
>   994:d=3  hl=2 l=  27 cons: SEQUENCE          
>   996:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Subject
> Alternative Name
>  1001:d=4  hl=2 l=  20 prim: OCTET STRING      [HEX
> DUMP]:3012821073736C322E766974616C70732E6E6574
>  1023:d=3  hl=2 l=  31 cons: SEQUENCE          
>  1025:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Authority Key
> Identifier
>  1030:d=4  hl=2 l=  24 prim: OCTET STRING      [HEX
> DUMP]:30168014D79B7CD822A015F7DDAD5FCE299B58C3BC4600B5
> /6ms3Jq5S6E5Jn6HUJpSUMO+YoRkh
> +t/DczoWHuveq7tBGAMtJUk6Y38zboXo58zDLCGngnt7Odg
> H2JxJTBzJ0HW5vqT2R/7oanGZCAEim7FUyJ70prvsfgygqsZq9k7C4DOs1U2Zj2Lq
> +VrSUZgtLB2
> u3Ci
> A1UdIwQYMBaAFNebfNgioBX33a1fzimbWMO8RgC1
> ----------
> https://crt.sh/?id=24605897
>     0:d=0  hl=4 l=1051 cons: SEQUENCE          
>     4:d=1  hl=2 l=   3 cons: cont [ 0 ]        
>     6:d=2  hl=2 l=   1 prim: INTEGER           :02
>     9:d=1  hl=2 l=  16 prim: INTEGER
> :7513714F7C3FDF897563334107892069
>    27:d=1  hl=2 l=  13 cons: SEQUENCE          
>    29:d=2  hl=2 l=   9 prim: OBJECT            :sha1WithRSAEncryption
>    40:d=2  hl=2 l=   0 prim: NULL              
>    42:d=1  hl=3 l= 188 cons: SEQUENCE          
>    45:d=2  hl=2 l=  11 cons: SET               
>    47:d=3  hl=2 l=   9 cons: SEQUENCE          
>    49:d=4  hl=2 l=   3 prim: OBJECT            :countryName
>    54:d=4  hl=2 l=   2 prim: PRINTABLESTRING   :US
>    58:d=2  hl=2 l=  23 cons: SET               
>    60:d=3  hl=2 l=  21 cons: SEQUENCE          
>    62:d=4  hl=2 l=   3 prim: OBJECT            :organizationName
>    67:d=4  hl=2 l=  14 prim: PRINTABLESTRING   :VeriSign, Inc.
>    83:d=2  hl=2 l=  31 cons: SET               
>    85:d=3  hl=2 l=  29 cons: SEQUENCE          
>    87:d=4  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
>    92:d=4  hl=2 l=  22 prim: PRINTABLESTRING   :VeriSign Trust Network
>   116:d=2  hl=2 l=  59 cons: SET               
>   118:d=3  hl=2 l=  57 cons: SEQUENCE          
>   120:d=4  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
>   125:d=4  hl=2 l=  50 prim: PRINTABLESTRING   :Terms of use at
> https://www.verisign.com/rpa (c)10
>   177:d=2  hl=2 l=  54 cons: SET               
>   179:d=3  hl=2 l=  52 cons: SEQUENCE          
>   181:d=4  hl=2 l=   3 prim: OBJECT            :commonName
>   186:d=4  hl=2 l=  45 prim: PRINTABLESTRING   :VeriSign Class 3
> International Server CA - G3
>   233:d=1  hl=2 l=  30 cons: SEQUENCE          
>   235:d=2  hl=2 l=  13 prim: UTCTIME           :160729000000Z
>   250:d=2  hl=2 l=  13 prim: UTCTIME           :170210235959Z
>   265:d=1  hl=3 l= 132 cons: SEQUENCE          
>   268:d=2  hl=2 l=  11 cons: SET               
>   270:d=3  hl=2 l=   9 cons: SEQUENCE          
>   272:d=4  hl=2 l=   3 prim: OBJECT            :countryName
>   277:d=4  hl=2 l=   2 prim: PRINTABLESTRING   :US
>   281:d=2  hl=2 l=  16 cons: SET               
>   283:d=3  hl=2 l=  14 cons: SEQUENCE          
>   285:d=4  hl=2 l=   3 prim: OBJECT            :stateOrProvinceName
>   290:d=4  hl=2 l=   7 prim: PRINTABLESTRING   :Georgia
>   299:d=2  hl=2 l=  17 cons: SET               
>   301:d=3  hl=2 l=  15 cons: SEQUENCE          
>   303:d=4  hl=2 l=   3 prim: OBJECT            :localityName
>   308:d=4  hl=2 l=   8 prim: PRINTABLESTRING   :Columbus
>   318:d=2  hl=2 l=  13 cons: SET               
>   320:d=3  hl=2 l=  11 cons: SEQUENCE          
>   322:d=4  hl=2 l=   3 prim: OBJECT            :organizationName
>   327:d=4  hl=2 l=   4 prim: PRINTABLESTRING   :TSYS
>   333:d=2  hl=2 l=  38 cons: SET               
>   335:d=3  hl=2 l=  36 cons: SEQUENCE          
>   337:d=4  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
>   342:d=4  hl=2 l=  29 prim: PRINTABLESTRING
> :TDS-2-Dallas-SCA-v2PmB4cxayEu
>   373:d=2  hl=2 l=  25 cons: SET               
>   375:d=3  hl=2 l=  23 cons: SEQUENCE          
>   377:d=4  hl=2 l=   3 prim: OBJECT            :commonName
>   382:d=4  hl=2 l=  16 prim: PRINTABLESTRING   :ssl2.vitalps.net
>   400:d=1  hl=4 l= 290 cons: SEQUENCE          
>   404:d=2  hl=2 l=  13 cons: SEQUENCE          
>   406:d=3  hl=2 l=   9 prim: OBJECT            :rsaEncryption
>   417:d=3  hl=2 l=   0 prim: NULL              
>   419:d=2  hl=4 l= 271 prim: BIT STRING        
>   694:d=1  hl=4 l= 357 cons: cont [ 3 ]        
>   698:d=2  hl=4 l= 353 cons: SEQUENCE          
>   702:d=3  hl=2 l=   9 cons: SEQUENCE          
>   704:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Basic
> Constraints 709:d=4  hl=2 l=   2 prim: OCTET STRING      [HEX
> DUMP]:3000 713:d=3  hl=2 l=  97 cons: SEQUENCE          
>   715:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Certificate
> Policies 720:d=4  hl=2 l=  90 prim: OCTET STRING      [HEX
> 2F2F642E73796D63622E636F6D2F727061
>   812:d=3  hl=2 l=  43 cons: SEQUENCE          
>   814:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 CRL
> Distribution Points
>   819:d=4  hl=2 l=  36 prim: OCTET STRING      [HEX
> 6C
>   857:d=3  hl=2 l=  29 cons: SEQUENCE          
>   859:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Extended Key
> Usage 864:d=4  hl=2 l=  22 prim: OCTET STRING      [HEX
> DUMP]:301406082B0601050507030106082B06010505070302
>   888:d=3  hl=2 l=  14 cons: SEQUENCE          
>   890:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Key Usage
>   895:d=4  hl=2 l=   1 prim: BOOLEAN           :255
>   898:d=4  hl=2 l=   4 prim: OCTET STRING      [HEX DUMP]:030205A0
>   904:d=3  hl=2 l=  87 cons: SEQUENCE          
>   906:d=4  hl=2 l=   8 prim: OBJECT            :Authority Information
> Access 916:d=4  hl=2 l=  75 prim: OCTET STRING      [HEX
> 7274
>   993:d=3  hl=2 l=  27 cons: SEQUENCE          
>   995:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Subject
> Alternative Name
>  1000:d=4  hl=2 l=  20 prim: OCTET STRING      [HEX
> DUMP]:3012821073736C322E766974616C70732E6E6574
>  1022:d=3  hl=2 l=  31 cons: SEQUENCE          
>  1024:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Authority Key
> Identifier
>  1029:d=4  hl=2 l=  24 prim: OCTET STRING      [HEX
> DUMP]:30168014D79B7CD822A015F7DDAD5FCE299B58C3BC4600B5
> +RWzXsPxVjSR
> ciubkQtBlxqvJ7baNcmk8/IaaYjEJHcy4ycXdd4RMEaOTvtk5
> +oH8Im7H9WNla4cxU4GUKqtLnGr 5ZF9YnKrmY2dX4Wy2lX
> +sieJXoIhxgg1Xkb4sto4YkpKG0Xl9YP2GMl0XAJtnrjqcKhuJaA1iZPy
> VR0jBBgwFoAU15t82CKgFffdrV/OKZtYw7xGALU=
> ----------
> https://crt.sh/?id=24605892
>     0:d=0  hl=4 l=1052 cons: SEQUENCE          
>     4:d=1  hl=2 l=   3 cons: cont [ 0 ]        
>     6:d=2  hl=2 l=   1 prim: INTEGER           :02
>     9:d=1  hl=2 l=  16 prim: INTEGER
> :0A401380CA911598A9C5D39E1F07D576
>    27:d=1  hl=2 l=  13 cons: SEQUENCE          
>    29:d=2  hl=2 l=   9 prim: OBJECT            :sha1WithRSAEncryption
>    40:d=2  hl=2 l=   0 prim: NULL              
>    42:d=1  hl=3 l= 188 cons: SEQUENCE          
>    45:d=2  hl=2 l=  11 cons: SET               
>    47:d=3  hl=2 l=   9 cons: SEQUENCE          
>    49:d=4  hl=2 l=   3 prim: OBJECT            :countryName
>    54:d=4  hl=2 l=   2 prim: PRINTABLESTRING   :US
>    58:d=2  hl=2 l=  23 cons: SET               
>    60:d=3  hl=2 l=  21 cons: SEQUENCE          
>    62:d=4  hl=2 l=   3 prim: OBJECT            :organizationName
>    67:d=4  hl=2 l=  14 prim: PRINTABLESTRING   :VeriSign, Inc.
>    83:d=2  hl=2 l=  31 cons: SET               
>    85:d=3  hl=2 l=  29 cons: SEQUENCE          
>    87:d=4  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
>    92:d=4  hl=2 l=  22 prim: PRINTABLESTRING   :VeriSign Trust Network
>   116:d=2  hl=2 l=  59 cons: SET               
>   118:d=3  hl=2 l=  57 cons: SEQUENCE          
>   120:d=4  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
>   125:d=4  hl=2 l=  50 prim: PRINTABLESTRING   :Terms of use at
> https://www.verisign.com/rpa (c)10
>   177:d=2  hl=2 l=  54 cons: SET               
>   179:d=3  hl=2 l=  52 cons: SEQUENCE          
>   181:d=4  hl=2 l=   3 prim: OBJECT            :commonName
>   186:d=4  hl=2 l=  45 prim: PRINTABLESTRING   :VeriSign Class 3
> International Server CA - G3
>   233:d=1  hl=2 l=  30 cons: SEQUENCE          
>   235:d=2  hl=2 l=  13 prim: UTCTIME           :160729000000Z
>   250:d=2  hl=2 l=  13 prim: UTCTIME           :170210235959Z
>   265:d=1  hl=3 l= 133 cons: SEQUENCE          
>   268:d=2  hl=2 l=  11 cons: SET               
>   270:d=3  hl=2 l=   9 cons: SEQUENCE          
>   272:d=4  hl=2 l=   3 prim: OBJECT            :countryName
>   277:d=4  hl=2 l=   2 prim: PRINTABLESTRING   :US
>   281:d=2  hl=2 l=  16 cons: SET               
>   283:d=3  hl=2 l=  14 cons: SEQUENCE          
>   285:d=4  hl=2 l=   3 prim: OBJECT            :stateOrProvinceName
>   290:d=4  hl=2 l=   7 prim: PRINTABLESTRING   :Georgia
>   299:d=2  hl=2 l=  17 cons: SET               
>   301:d=3  hl=2 l=  15 cons: SEQUENCE          
>   303:d=4  hl=2 l=   3 prim: OBJECT            :localityName
>   308:d=4  hl=2 l=   8 prim: PRINTABLESTRING   :Columbus
>   318:d=2  hl=2 l=  13 cons: SET               
>   320:d=3  hl=2 l=  11 cons: SEQUENCE          
>   322:d=4  hl=2 l=   3 prim: OBJECT            :organizationName
>   327:d=4  hl=2 l=   4 prim: PRINTABLESTRING   :TSYS
>   333:d=2  hl=2 l=  39 cons: SET               
>   335:d=3  hl=2 l=  37 cons: SEQUENCE          
>   337:d=4  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
>   342:d=4  hl=2 l=  30 prim: PRINTABLESTRING
> :TDS-2-Ashburn-SCA-bbL6gMDyTZU8
>   374:d=2  hl=2 l=  25 cons: SET               
>   376:d=3  hl=2 l=  23 cons: SEQUENCE          
>   378:d=4  hl=2 l=   3 prim: OBJECT            :commonName
>   383:d=4  hl=2 l=  16 prim: PRINTABLESTRING   :ssl3.vitalps.net
>   401:d=1  hl=4 l= 290 cons: SEQUENCE          
>   405:d=2  hl=2 l=  13 cons: SEQUENCE          
>   407:d=3  hl=2 l=   9 prim: OBJECT            :rsaEncryption
>   418:d=3  hl=2 l=   0 prim: NULL              
>   420:d=2  hl=4 l= 271 prim: BIT STRING        
>   695:d=1  hl=4 l= 357 cons: cont [ 3 ]        
>   699:d=2  hl=4 l= 353 cons: SEQUENCE          
>   703:d=3  hl=2 l=   9 cons: SEQUENCE          
>   705:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Basic
> Constraints 710:d=4  hl=2 l=   2 prim: OCTET STRING      [HEX
> DUMP]:3000 714:d=3  hl=2 l=  97 cons: SEQUENCE          
>   716:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Certificate
> Policies 721:d=4  hl=2 l=  90 prim: OCTET STRING      [HEX
> 2F2F642E73796D63622E636F6D2F727061
>   813:d=3  hl=2 l=  43 cons: SEQUENCE          
>   815:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 CRL
> Distribution Points
>   820:d=4  hl=2 l=  36 prim: OCTET STRING      [HEX
> 6C
>   858:d=3  hl=2 l=  29 cons: SEQUENCE          
>   860:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Extended Key
> Usage 865:d=4  hl=2 l=  22 prim: OCTET STRING      [HEX
> DUMP]:301406082B0601050507030106082B06010505070302
>   889:d=3  hl=2 l=  14 cons: SEQUENCE          
>   891:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Key Usage
>   896:d=4  hl=2 l=   1 prim: BOOLEAN           :255
>   899:d=4  hl=2 l=   4 prim: OCTET STRING      [HEX DUMP]:030205A0
>   905:d=3  hl=2 l=  87 cons: SEQUENCE          
>   907:d=4  hl=2 l=   8 prim: OBJECT            :Authority Information
> Access 917:d=4  hl=2 l=  75 prim: OCTET STRING      [HEX
> 7274
>   994:d=3  hl=2 l=  27 cons: SEQUENCE          
>   996:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Subject
> Alternative Name
>  1001:d=4  hl=2 l=  20 prim: OCTET STRING      [HEX
> DUMP]:3012821073736C332E766974616C70732E6E6574
>  1023:d=3  hl=2 l=  31 cons: SEQUENCE          
>  1025:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Authority Key
> Identifier
>  1030:d=4  hl=2 l=  24 prim: OCTET STRING      [HEX
> DUMP]:30168014D79B7CD822A015F7DDAD5FCE299B58C3BC4600B5
> lxDSe/EyOa2MwHakXx4JBqbBtE2SySlO6HvxJ9sbAnjKU
> +3/+KsPZGXJDDllq7JmsRNps3hAdsHA 95h0TKAZDTR6Yk5pwv
> +huIyMfT1NRuEA1HUsv0l8tdyRenL8Aap0+p9Dqohqc+FiE8UaDEECSORw
> B3M3o3C7jC8xFo2O/LvZ1mmeFcFJ0cCLhzjp6hrJ
> +ohk8zdHvB4Kkpa43gfrX1gwDOikQjEUBbz/
> A1UdIwQYMBaAFNebfNgioBX33a1fzimbWMO8RgC1
> ----------
> https://crt.sh/?id=24605907
>     0:d=0  hl=4 l=1051 cons: SEQUENCE          
>     4:d=1  hl=2 l=   3 cons: cont [ 0 ]        
>     6:d=2  hl=2 l=   1 prim: INTEGER           :02
>     9:d=1  hl=2 l=  16 prim: INTEGER
> :2FC508AE1FA00566CD09574181A46C7B
>    27:d=1  hl=2 l=  13 cons: SEQUENCE          
>    29:d=2  hl=2 l=   9 prim: OBJECT            :sha1WithRSAEncryption
>    40:d=2  hl=2 l=   0 prim: NULL              
>    42:d=1  hl=3 l= 188 cons: SEQUENCE          
>    45:d=2  hl=2 l=  11 cons: SET               
>    47:d=3  hl=2 l=   9 cons: SEQUENCE          
>    49:d=4  hl=2 l=   3 prim: OBJECT            :countryName
>    54:d=4  hl=2 l=   2 prim: PRINTABLESTRING   :US
>    58:d=2  hl=2 l=  23 cons: SET               
>    60:d=3  hl=2 l=  21 cons: SEQUENCE          
>    62:d=4  hl=2 l=   3 prim: OBJECT            :organizationName
>    67:d=4  hl=2 l=  14 prim: PRINTABLESTRING   :VeriSign, Inc.
>    83:d=2  hl=2 l=  31 cons: SET               
>    85:d=3  hl=2 l=  29 cons: SEQUENCE          
>    87:d=4  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
>    92:d=4  hl=2 l=  22 prim: PRINTABLESTRING   :VeriSign Trust Network
>   116:d=2  hl=2 l=  59 cons: SET               
>   118:d=3  hl=2 l=  57 cons: SEQUENCE          
>   120:d=4  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
>   125:d=4  hl=2 l=  50 prim: PRINTABLESTRING   :Terms of use at
> https://www.verisign.com/rpa (c)10
>   177:d=2  hl=2 l=  54 cons: SET               
>   179:d=3  hl=2 l=  52 cons: SEQUENCE          
>   181:d=4  hl=2 l=   3 prim: OBJECT            :commonName
>   186:d=4  hl=2 l=  45 prim: PRINTABLESTRING   :VeriSign Class 3
> International Server CA - G3
>   233:d=1  hl=2 l=  30 cons: SEQUENCE          
>   235:d=2  hl=2 l=  13 prim: UTCTIME           :160729000000Z
>   250:d=2  hl=2 l=  13 prim: UTCTIME           :170210235959Z
>   265:d=1  hl=3 l= 132 cons: SEQUENCE          
>   268:d=2  hl=2 l=  11 cons: SET               
>   270:d=3  hl=2 l=   9 cons: SEQUENCE          
>   272:d=4  hl=2 l=   3 prim: OBJECT            :countryName
>   277:d=4  hl=2 l=   2 prim: PRINTABLESTRING   :US
>   281:d=2  hl=2 l=  16 cons: SET               
>   283:d=3  hl=2 l=  14 cons: SEQUENCE          
>   285:d=4  hl=2 l=   3 prim: OBJECT            :stateOrProvinceName
>   290:d=4  hl=2 l=   7 prim: PRINTABLESTRING   :Georgia
>   299:d=2  hl=2 l=  17 cons: SET               
>   301:d=3  hl=2 l=  15 cons: SEQUENCE          
>   303:d=4  hl=2 l=   3 prim: OBJECT            :localityName
>   308:d=4  hl=2 l=   8 prim: PRINTABLESTRING   :Columbus
>   318:d=2  hl=2 l=  13 cons: SET               
>   320:d=3  hl=2 l=  11 cons: SEQUENCE          
>   322:d=4  hl=2 l=   3 prim: OBJECT            :organizationName
>   327:d=4  hl=2 l=   4 prim: PRINTABLESTRING   :TSYS
>   333:d=2  hl=2 l=  38 cons: SET               
>   335:d=3  hl=2 l=  36 cons: SEQUENCE          
>   337:d=4  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
>   342:d=4  hl=2 l=  29 prim: PRINTABLESTRING
> :TDS-2-Dallas-SCA-v2PmB4cxayEu
>   373:d=2  hl=2 l=  25 cons: SET               
>   375:d=3  hl=2 l=  23 cons: SEQUENCE          
>   377:d=4  hl=2 l=   3 prim: OBJECT            :commonName
>   382:d=4  hl=2 l=  16 prim: PRINTABLESTRING   :ssl3.vitalps.net
>   400:d=1  hl=4 l= 290 cons: SEQUENCE          
>   404:d=2  hl=2 l=  13 cons: SEQUENCE          
>   406:d=3  hl=2 l=   9 prim: OBJECT            :rsaEncryption
>   417:d=3  hl=2 l=   0 prim: NULL              
>   419:d=2  hl=4 l= 271 prim: BIT STRING        
>   694:d=1  hl=4 l= 357 cons: cont [ 3 ]        
>   698:d=2  hl=4 l= 353 cons: SEQUENCE          
>   702:d=3  hl=2 l=   9 cons: SEQUENCE          
>   704:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Basic
> Constraints 709:d=4  hl=2 l=   2 prim: OCTET STRING      [HEX
> DUMP]:3000 713:d=3  hl=2 l=  97 cons: SEQUENCE          
>   715:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Certificate
> Policies 720:d=4  hl=2 l=  90 prim: OCTET STRING      [HEX
> 2F2F642E73796D63622E636F6D2F727061
>   812:d=3  hl=2 l=  43 cons: SEQUENCE          
>   814:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 CRL
> Distribution Points
>   819:d=4  hl=2 l=  36 prim: OCTET STRING      [HEX
> 6C
>   857:d=3  hl=2 l=  29 cons: SEQUENCE          
>   859:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Extended Key
> Usage 864:d=4  hl=2 l=  22 prim: OCTET STRING      [HEX
> DUMP]:301406082B0601050507030106082B06010505070302
>   888:d=3  hl=2 l=  14 cons: SEQUENCE          
>   890:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Key Usage
>   895:d=4  hl=2 l=   1 prim: BOOLEAN           :255
>   898:d=4  hl=2 l=   4 prim: OCTET STRING      [HEX DUMP]:030205A0
>   904:d=3  hl=2 l=  87 cons: SEQUENCE          
>   906:d=4  hl=2 l=   8 prim: OBJECT            :Authority Information
> Access 916:d=4  hl=2 l=  75 prim: OCTET STRING      [HEX
> 7274
>   993:d=3  hl=2 l=  27 cons: SEQUENCE          
>   995:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Subject
> Alternative Name
>  1000:d=4  hl=2 l=  20 prim: OCTET STRING      [HEX
> DUMP]:3012821073736C332E766974616C70732E6E6574
>  1022:d=3  hl=2 l=  31 cons: SEQUENCE          
>  1024:d=4  hl=2 l=   3 prim: OBJECT            :X509v3 Authority Key
> Identifier
>  1029:d=4  hl=2 l=  24 prim: OCTET STRING      [HEX
> DUMP]:30168014D79B7CD822A015F7DDAD5FCE299B58C3BC4600B5
> 6btR22h40+G9clnoUWIPPvpPM3ZHiZ7
> +CJe0xCZGFvPlQkc1R8wUV/YroP2pyQfQ0jehUCzfY4Wk dROIfXW3ZpvInDj
> +45NWbUR3Zf4xgolXTNlKS3FjROKnH+QPXgevypFpUFY7+j6Q1+onuTcj5tkb
> +DdPYvDcMmh881MvY5Fs4wfHgqcNa
> VR0jBBgwFoAU15t82CKgFffdrV/OKZtYw7xGALU=
> ----------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5723 bytes
Desc: not available
Url : https://cabforum.org/pipermail/public/attachments/20160716/49d4cc62/attachment-0001.bin 

More information about the Public mailing list