Table of Contents

TLS

Verify SSL/TLS Connection

Use OpenSSL to test SSL/TLS on port 443

openssl s_client -verify 1 -showcerts -connect www.apple.com:443

Issue manual GET request

GET / HTTP/1.1
Host: www.apple.com
Connection: close
User-Agent: openssl/s_client
Accept: text/xml,text/html,text/plain
Accept-Charset: ISO-8859-1,utf-8
> openssl s_client -verify 1 -showcerts -connect www.apple.com:443
verify depth is 1
CONNECTED(00000003)
depth=1 C = US, O = Symantec Corporation, OU = Symantec Trust Network, CN = Symantec Class 3 EV SSL CA - G3
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=1 C = US, O = Symantec Corporation, OU = Symantec Trust Network, CN = Symantec Class 3 EV SSL CA - G3
verify error:num=27:certificate not trusted
verify return:1
depth=0 1.3.6.1.4.1.311.60.2.1.3 = US, 1.3.6.1.4.1.311.60.2.1.2 = California, businessCategory = Private Organization, serialNumber = C0806592, C = US, postalCode = 95014, ST = California, L = Cupertino, street = 1 Infinite Loop, O = Apple Inc., OU = Internet Services for Akamai, CN = www.apple.com
verify return:1
---
Certificate chain
 0 s:/1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=California/businessCategory=Private Organization/serialNumber=C0806592/C=US/postalCode=95014/ST=California/L=Cupertino/street=1 Infinite Loop/O=Apple Inc./OU=Internet Services for Akamai/CN=www.apple.com
   i:/C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 3 EV SSL CA - G3
-----BEGIN CERTIFICATE-----
MIIHFTCCBf2gAwIBAgIQLv6SHQ6SuIzpu4FSOaFxejANBgkqhkiG9w0BAQsFADB3
MQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAd
BgNVBAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxKDAmBgNVBAMTH1N5bWFudGVj
IENsYXNzIDMgRVYgU1NMIENBIC0gRzMwHhcNMTQxMjE5MDAwMDAwWhcNMTYwNDE2
MjM1OTU5WjCCARgxEzARBgsrBgEEAYI3PAIBAxMCVVMxGzAZBgsrBgEEAYI3PAIB
AgwKQ2FsaWZvcm5pYTEdMBsGA1UEDxMUUHJpdmF0ZSBPcmdhbml6YXRpb24xETAP
BgNVBAUTCEMwODA2NTkyMQswCQYDVQQGEwJVUzEOMAwGA1UEEQwFOTUwMTQxEzAR
BgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCUN1cGVydGlubzEYMBYGA1UECQwP
MSBJbmZpbml0ZSBMb29wMRMwEQYDVQQKDApBcHBsZSBJbmMuMSUwIwYDVQQLDBxJ
bnRlcm5ldCBTZXJ2aWNlcyBmb3IgQWthbWFpMRYwFAYDVQQDDA13d3cuYXBwbGUu
Y29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxVEUeoj4dtmuoriT
8xsQFQhbdeXnB8VqPmU5v5sYrIQVwXGoGTBrGXCZxJd0tOWuC0uC/9dN3dtGOf7o
aULBURmpRnzDH9lkdG7MzWLH+z+9jFBJp7Lv6Q4bIh45SjtQnyYdJi6PR1pVe1Jk
iLsZVK1YMtsc4zVDdgSnzz3OkNXSOP//G8Gy/uz95Y3Do6E6LfnVJeXyBixL+7GI
+NRh5CHv0gXheIWuROkNzndrAGLP9X2wiLIN+s8sF43viIpE45GhOcA/REG/6vxD
hiXip5bJh4YGSE/3QzrtguBdd84zj6NQ06q6FOUSjYW0av+ROKdhbVrIpzqXMJ6U
JZyr5wIDAQABo4IC+DCCAvQwJwYDVR0RBCAwHoINd3d3LmFwcGxlLmNvbYINc3Ns
LmFwcGxlLmNvbTAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAU
BggrBgEFBQcDAQYIKwYBBQUHAwIwZgYDVR0gBF8wXTBbBgtghkgBhvhFAQcXBjBM
MCMGCCsGAQUFBwIBFhdodHRwczovL2Quc3ltY2IuY29tL2NwczAlBggrBgEFBQcC
AjAZGhdodHRwczovL2Quc3ltY2IuY29tL3JwYTAfBgNVHSMEGDAWgBQBWavn3ToL
WaZkY9bPIAdX1ZHnajArBgNVHR8EJDAiMCCgHqAchhpodHRwOi8vc3Iuc3ltY2Iu
Y29tL3NyLmNybDBXBggrBgEFBQcBAQRLMEkwHwYIKwYBBQUHMAGGE2h0dHA6Ly9z
ci5zeW1jZC5jb20wJgYIKwYBBQUHMAKGGmh0dHA6Ly9zci5zeW1jYi5jb20vc3Iu
Y3J0MIIBfgYKKwYBBAHWeQIEAgSCAW4EggFqAWgAdgCkuQmQtBhYFIe7E6LMZ3AK
PDWYBPkb37jjd80OyA3cEAAAAUpjzUz3AAAEAwBHMEUCIQDjDqQJZ6V6WK9IJ3UX
8MBJJ+9nsaGk92W6WMS+2oG5PAIgcZbiZbATMWnUzGGFZpD/++h8IMwXPlFSjbIn
uviSYlYAdgBo9pj4H2SCvjqM7rkoHUz8cVFdZ5PURNEKZ6y7T0/7xAAAAUpjzU0T
AAAEAwBHMEUCIDktcjXVRcCHGeANyQUv4Xtk2uKr5mGL7y5ISKIC3wY6AiEA2O94
NaQQd8kSUAj6SHJGpZ1yKqIFbL0sE/Go+db6ZE4AdgDuS723dc5guuFCaR+r4Z5m
ow9+X7By2IMAxHuJeqj9ywAAAUpjzU9TAAAEAwBHMEUCIB+TXPnT8Z9KZXCfNO0t
l9QNwEgQeH1q51ZieiE2Hu2lAiEAtdN9oDxV7IjhWDxJo54EmC/aeRPFPQpRPBcg
0mta+iIwDQYJKoZIhvcNAQELBQADggEBAC/Zp3o9h70WnWm/GLZo4VywcwDhDJaT
DXqWD/EVlecAM3jeNUpVSvQyroZyXg/+FwOqnBGsgRUQVe9zvoyTqX6sFJr6S+xj
YILjurqGZ6Jn0rvLhYcQXi/Bye8DYAKhHyEUeJ5BOs7dpeaFTBPQTbUH4sfeZTm+
o+4RKCjv2B+qOpVTnCXh+mgYS106XQWuInSQ4fEfQ1ki5tTQQyY0RiK4t7jJ1euC
Pk23cm2oKi31QpGL3UTKDWL3uDkcQbuAwzNRce3H3/Kmgvwva04nP84xP3KOyWzM
kASJnV6ia1MDJ23rDi18tTLlhB0B5veSQvLJE+P3rFKT81hhYGiVHqo=
-----END CERTIFICATE-----
 1 s:/C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 3 EV SSL CA - G3
   i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgIQfuFKb2/v8tN/P61lTTratDANBgkqhkiG9w0BAQsFADCB
yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp
U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW
ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0
aG9yaXR5IC0gRzUwHhcNMTMxMDMxMDAwMDAwWhcNMjMxMDMwMjM1OTU5WjB3MQsw
CQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAdBgNV
BAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxKDAmBgNVBAMTH1N5bWFudGVjIENs
YXNzIDMgRVYgU1NMIENBIC0gRzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQDYoWV0I+grZOIy1zM3PY71NBZI3U9/hxz4RCMTjvsR2ERaGHGOYBYmkpv9
FwvhcXBC/r/6HMCqo6e1cej/GIP23xAKE2LIPZyn3i4/DNkd5y77Ks7Imn+Hv9hM
BBUyydHMlXGgTihPhNk1++OGb5RT5nKKY2cuvmn2926OnGAE6yn6xEdC0niY4+wL
pZLct5q9gGQrOHw4CVtm9i2VeoayNC6FnpAOX7ddpFFyRnATv2fytqdNFB5suVPu
IxpOjUhVQ0GxiXVqQCjFfd3SbtICGS97JJRL6/EaqZvjI5rq+jOrCiy39GAI3Z8c
zd0tAWaAr7MvKR0juIrhoXAHDDQPAgMBAAGjggFdMIIBWTAvBggrBgEFBQcBAQQj
MCEwHwYIKwYBBQUHMAGGE2h0dHA6Ly9zMi5zeW1jYi5jb20wEgYDVR0TAQH/BAgw
BgEB/wIBADBlBgNVHSAEXjBcMFoGBFUdIAAwUjAmBggrBgEFBQcCARYaaHR0cDov
L3d3dy5zeW1hdXRoLmNvbS9jcHMwKAYIKwYBBQUHAgIwHBoaaHR0cDovL3d3dy5z
eW1hdXRoLmNvbS9ycGEwMAYDVR0fBCkwJzAloCOgIYYfaHR0cDovL3MxLnN5bWNi
LmNvbS9wY2EzLWc1LmNybDAOBgNVHQ8BAf8EBAMCAQYwKQYDVR0RBCIwIKQeMBwx
GjAYBgNVBAMTEVN5bWFudGVjUEtJLTEtNTMzMB0GA1UdDgQWBBQBWavn3ToLWaZk
Y9bPIAdX1ZHnajAfBgNVHSMEGDAWgBR/02Wnwt3su/AwCfNDOfoCrzMxMzANBgkq
hkiG9w0BAQsFAAOCAQEAQgFVe9AWGl1Y6LubqE3X89frE5SG1n8hC0e8V5uSXU8F
nzikEHzPg74GQ0aNCLxq1xCm+quvL2GoY/Jl339MiBKIT7Np2f8nwAqXkY9W+4nE
qLuSLRtzsMarNvSWbCAI7woeZiRFT2cAQMgHVHQzO6atuyOfZu2iRHA0+w7qAf3P
eHTfp61Vt19N9tY/4IbOJMdCqRMURDVLtt/JYKwMf9mTIUvunORJApjTYHtcvNUw
LwfORELEC5n+5p/8sHiGUW3RLJ3GlvuFgrsEL/digO9i2n/2DqyQuFa9eT/ygG6j
2bkPXToHHZGThkspTOHcteHgM52zyzaRS/6htO7w+Q==
-----END CERTIFICATE-----
---
Server certificate
subject=/1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=California/businessCategory=Private Organization/serialNumber=C0806592/C=US/postalCode=95014/ST=California/L=Cupertino/street=1 Infinite Loop/O=Apple Inc./OU=Internet Services for Akamai/CN=www.apple.com
issuer=/C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 3 EV SSL CA - G3
---
No client certificate CA names sent
---
SSL handshake has read 3479 bytes and written 640 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : AES256-SHA
    Session-ID: 1F74FF87878BB74B7B98C53809C856A727846EC199DC310978EFE941F940B40A
    Session-ID-ctx: 
    Master-Key: EA90257DD30E51DB513B5CC4A51147B6FCF4A4A3D2FDD0C12807FCB3B6B4AF57040AC98E97E8D95A702B75A71246D08D
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 7200 (seconds)
    TLS session ticket:
    0000 - 0a 61 56 0a 03 cd 41 a4-e3 10 c8 30 e3 b1 97 9a   .aV...A....0....
    0010 - d6 8c 6b 0e 9a 28 5b e2-48 89 eb ba fb f6 32 c6   ..k..([.H.....2.
    0020 - bf 83 8a c3 c5 26 a4 43-61 1b 56 10 b1 49 32 46   .....&.Ca.V..I2F
    0030 - a3 08 9a 71 e5 ee 3c 94-ae f5 cc 35 8c 85 eb f0   ...q..<....5....
    0040 - 2b f9 d1 b7 5d a4 55 d8-93 89 9f a8 5b ad fb 59   +...].U.....[..Y
    0050 - e0 be f3 d0 88 43 52 0c-74 17 ca 82 d5 0f 95 53   .....CR.t......S
    0060 - be fc e1 69 0c e9 21 0f-fb 24 da d9 66 83 ab ff   ...i..!..$..f...
    0070 - a2 65 7e d5 8b 3a 82 86-39 6c 12 ce ee 57 9e b2   .e~..:..9l...W..
    0080 - 28 65 bf b8 21 0e cd b0-b2 e6 4e 3b 29 f5 1c 31   (e..!.....N;)..1
    0090 - e4 0b cd 07 65 48 ea 47-aa 29 12 a2 3e 67 90 48   ....eH.G.)..>g.H

    Start Time: 1432810471
    Timeout   : 300 (sec)
    Verify return code: 27 (certificate not trusted)
---
GET / HTTP/1.1
Host: www.apple.com
Connection: close
User-Agent: openssl/s_client
Accept: text/xml,text/html,text/plain
Accept-Charset: ISO-8859-1,utf-8

HTTP/1.1 200 OK
Content-Length: 11623
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=455
Expires: Thu, 28 May 2015 11:02:07 GMT
Date: Thu, 28 May 2015 10:54:32 GMT
Connection: close

<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" prefix="og: http://ogp.me/ns#">
<head>
...
</head>
<body class="page-home">
...
</body>
</html>
closed

Example decode X.509 Cert

> cat | /usr/bin/openssl x509 -text -noout
# -------:-----> [ ^C + ^V : copy-paste Cert in PEM format ]
-----BEGIN CERTIFICATE-----
MIIHFTCCBf2gAwIBAgIQLv6SHQ6SuIzpu4FSOaFxejANBgkqhkiG9w0BAQsFADB3
MQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAd
BgNVBAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxKDAmBgNVBAMTH1N5bWFudGVj
IENsYXNzIDMgRVYgU1NMIENBIC0gRzMwHhcNMTQxMjE5MDAwMDAwWhcNMTYwNDE2
MjM1OTU5WjCCARgxEzARBgsrBgEEAYI3PAIBAxMCVVMxGzAZBgsrBgEEAYI3PAIB
AgwKQ2FsaWZvcm5pYTEdMBsGA1UEDxMUUHJpdmF0ZSBPcmdhbml6YXRpb24xETAP
BgNVBAUTCEMwODA2NTkyMQswCQYDVQQGEwJVUzEOMAwGA1UEEQwFOTUwMTQxEzAR
BgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCUN1cGVydGlubzEYMBYGA1UECQwP
MSBJbmZpbml0ZSBMb29wMRMwEQYDVQQKDApBcHBsZSBJbmMuMSUwIwYDVQQLDBxJ
bnRlcm5ldCBTZXJ2aWNlcyBmb3IgQWthbWFpMRYwFAYDVQQDDA13d3cuYXBwbGUu
Y29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxVEUeoj4dtmuoriT
8xsQFQhbdeXnB8VqPmU5v5sYrIQVwXGoGTBrGXCZxJd0tOWuC0uC/9dN3dtGOf7o
aULBURmpRnzDH9lkdG7MzWLH+z+9jFBJp7Lv6Q4bIh45SjtQnyYdJi6PR1pVe1Jk
iLsZVK1YMtsc4zVDdgSnzz3OkNXSOP//G8Gy/uz95Y3Do6E6LfnVJeXyBixL+7GI
+NRh5CHv0gXheIWuROkNzndrAGLP9X2wiLIN+s8sF43viIpE45GhOcA/REG/6vxD
hiXip5bJh4YGSE/3QzrtguBdd84zj6NQ06q6FOUSjYW0av+ROKdhbVrIpzqXMJ6U
JZyr5wIDAQABo4IC+DCCAvQwJwYDVR0RBCAwHoINd3d3LmFwcGxlLmNvbYINc3Ns
LmFwcGxlLmNvbTAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAU
BggrBgEFBQcDAQYIKwYBBQUHAwIwZgYDVR0gBF8wXTBbBgtghkgBhvhFAQcXBjBM
MCMGCCsGAQUFBwIBFhdodHRwczovL2Quc3ltY2IuY29tL2NwczAlBggrBgEFBQcC
AjAZGhdodHRwczovL2Quc3ltY2IuY29tL3JwYTAfBgNVHSMEGDAWgBQBWavn3ToL
WaZkY9bPIAdX1ZHnajArBgNVHR8EJDAiMCCgHqAchhpodHRwOi8vc3Iuc3ltY2Iu
Y29tL3NyLmNybDBXBggrBgEFBQcBAQRLMEkwHwYIKwYBBQUHMAGGE2h0dHA6Ly9z
ci5zeW1jZC5jb20wJgYIKwYBBQUHMAKGGmh0dHA6Ly9zci5zeW1jYi5jb20vc3Iu
Y3J0MIIBfgYKKwYBBAHWeQIEAgSCAW4EggFqAWgAdgCkuQmQtBhYFIe7E6LMZ3AK
PDWYBPkb37jjd80OyA3cEAAAAUpjzUz3AAAEAwBHMEUCIQDjDqQJZ6V6WK9IJ3UX
8MBJJ+9nsaGk92W6WMS+2oG5PAIgcZbiZbATMWnUzGGFZpD/++h8IMwXPlFSjbIn
uviSYlYAdgBo9pj4H2SCvjqM7rkoHUz8cVFdZ5PURNEKZ6y7T0/7xAAAAUpjzU0T
AAAEAwBHMEUCIDktcjXVRcCHGeANyQUv4Xtk2uKr5mGL7y5ISKIC3wY6AiEA2O94
NaQQd8kSUAj6SHJGpZ1yKqIFbL0sE/Go+db6ZE4AdgDuS723dc5guuFCaR+r4Z5m
ow9+X7By2IMAxHuJeqj9ywAAAUpjzU9TAAAEAwBHMEUCIB+TXPnT8Z9KZXCfNO0t
l9QNwEgQeH1q51ZieiE2Hu2lAiEAtdN9oDxV7IjhWDxJo54EmC/aeRPFPQpRPBcg
0mta+iIwDQYJKoZIhvcNAQELBQADggEBAC/Zp3o9h70WnWm/GLZo4VywcwDhDJaT
DXqWD/EVlecAM3jeNUpVSvQyroZyXg/+FwOqnBGsgRUQVe9zvoyTqX6sFJr6S+xj
YILjurqGZ6Jn0rvLhYcQXi/Bye8DYAKhHyEUeJ5BOs7dpeaFTBPQTbUH4sfeZTm+
o+4RKCjv2B+qOpVTnCXh+mgYS106XQWuInSQ4fEfQ1ki5tTQQyY0RiK4t7jJ1euC
Pk23cm2oKi31QpGL3UTKDWL3uDkcQbuAwzNRce3H3/Kmgvwva04nP84xP3KOyWzM
kASJnV6ia1MDJ23rDi18tTLlhB0B5veSQvLJE+P3rFKT81hhYGiVHqo=
-----END CERTIFICATE-----
# -------:-----> [ ^D : copy-paste done ]
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2e:fe:92:1d:0e:92:b8:8c:e9:bb:81:52:39:a1:71:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 EV SSL CA - G3
        Validity
            Not Before: Dec 19 00:00:00 2014 GMT
            Not After : Apr 16 23:59:59 2016 GMT
        Subject: 1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=California/businessCategory=Private Organization/serialNumber=C0806592, C=US/postalCode=95014, ST=California, L=Cupertino/street=1 Infinite Loop, O=Apple Inc., OU=Internet Services for Akamai, CN=www.apple.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:c5:51:14:7a:88:f8:76:d9:ae:a2:b8:93:f3:1b:
                    10:15:08:5b:75:e5:e7:07:c5:6a:3e:65:39:bf:9b:
                    18:ac:84:15:c1:71:a8:19:30:6b:19:70:99:c4:97:
                    74:b4:e5:ae:0b:4b:82:ff:d7:4d:dd:db:46:39:fe:
                    e8:69:42:c1:51:19:a9:46:7c:c3:1f:d9:64:74:6e:
                    cc:cd:62:c7:fb:3f:bd:8c:50:49:a7:b2:ef:e9:0e:
                    1b:22:1e:39:4a:3b:50:9f:26:1d:26:2e:8f:47:5a:
                    55:7b:52:64:88:bb:19:54:ad:58:32:db:1c:e3:35:
                    43:76:04:a7:cf:3d:ce:90:d5:d2:38:ff:ff:1b:c1:
                    b2:fe:ec:fd:e5:8d:c3:a3:a1:3a:2d:f9:d5:25:e5:
                    f2:06:2c:4b:fb:b1:88:f8:d4:61:e4:21:ef:d2:05:
                    e1:78:85:ae:44:e9:0d:ce:77:6b:00:62:cf:f5:7d:
                    b0:88:b2:0d:fa:cf:2c:17:8d:ef:88:8a:44:e3:91:
                    a1:39:c0:3f:44:41:bf:ea:fc:43:86:25:e2:a7:96:
                    c9:87:86:06:48:4f:f7:43:3a:ed:82:e0:5d:77:ce:
                    33:8f:a3:50:d3:aa:ba:14:e5:12:8d:85:b4:6a:ff:
                    91:38:a7:61:6d:5a:c8:a7:3a:97:30:9e:94:25:9c:
                    ab:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Alternative Name: 
                DNS:www.apple.com, DNS:ssl.apple.com
            X509v3 Basic Constraints: 
                CA:FALSE
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Certificate Policies: 
                Policy: 2.16.840.1.113733.1.7.23.6
                  CPS: https://d.symcb.com/cps
                  User Notice:
                    Explicit Text: https://d.symcb.com/rpa

            X509v3 Authority Key Identifier: 
                keyid:01:59:AB:E7:DD:3A:0B:59:A6:64:63:D6:CF:20:07:57:D5:91:E7:6A

            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:http://sr.symcb.com/sr.crl

            Authority Information Access: 
                OCSP - URI:http://sr.symcd.com
                CA Issuers - URI:http://sr.symcb.com/sr.crt

            1.3.6.1.4.1.11129.2.4.2: 
                ...j.h.v.......X......gp
.....Jc.L......G0E.!.....g.zX.H'u...I'.g....e.X.....<. q..e..1i..a.f....| ..>QR..'...bV.v.h....d..:...(.L.qQ]g..D.
.H.x}j.Vbz!6....!...}.<U...X<I..../.y..=.r*..l.,......dN.v..K..u.`..Bi....f..~_.r....{.z......Jc.OS.....G0E. ..\....Jep.4.-..
Q<. .kZ."
    Signature Algorithm: sha256WithRSAEncryption
         2f:d9:a7:7a:3d:87:bd:16:9d:69:bf:18:b6:68:e1:5c:b0:73:
         00:e1:0c:96:93:0d:7a:96:0f:f1:15:95:e7:00:33:78:de:35:
         4a:55:4a:f4:32:ae:86:72:5e:0f:fe:17:03:aa:9c:11:ac:81:
         15:10:55:ef:73:be:8c:93:a9:7e:ac:14:9a:fa:4b:ec:63:60:
         82:e3:ba:ba:86:67:a2:67:d2:bb:cb:85:87:10:5e:2f:c1:c9:
         ef:03:60:02:a1:1f:21:14:78:9e:41:3a:ce:dd:a5:e6:85:4c:
         13:d0:4d:b5:07:e2:c7:de:65:39:be:a3:ee:11:28:28:ef:d8:
         1f:aa:3a:95:53:9c:25:e1:fa:68:18:4b:5d:3a:5d:05:ae:22:
         74:90:e1:f1:1f:43:59:22:e6:d4:d0:43:26:34:46:22:b8:b7:
         b8:c9:d5:eb:82:3e:4d:b7:72:6d:a8:2a:2d:f5:42:91:8b:dd:
         44:ca:0d:62:f7:b8:39:1c:41:bb:80:c3:33:51:71:ed:c7:df:
         f2:a6:82:fc:2f:6b:4e:27:3f:ce:31:3f:72:8e:c9:6c:cc:90:
         04:89:9d:5e:a2:6b:53:03:27:6d:eb:0e:2d:7c:b5:32:e5:84:
         1d:01:e6:f7:92:42:f2:c9:13:e3:f7:ac:52:93:f3:58:61:60:
         68:95:1e:aa