secure.bankofamerica.com

- Bank of America Corporation -

Issued by Entrust Certification Authority - L1M

About this certificate

This digital certificate with serial number c1:cb:29:78:e0:1a:6d:d2:00:00:00:00:54:d0:14:0c was issued on by Entrust, Inc..

With 10 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Bank of America Corporation

Company registration number: 2927442
Organization: Bank of America Corporation
State / Province: Illinois
Locality: Chicago
Country: US

Entrust, Inc.

Organization: Entrust, Inc.
Organization unit: See www.entrust.net/legal-terms
Organization unit: (c) 2014 Entrust, Inc. - for authorized use only
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): c1:cb:29:78:e0:1a:6d:d2:00:00:00:00:54:d0:14:0c
Serial Number (int): 257595880604301177792288510476165321740
Serial Number lenght: 128 bits, 16 octets

SubjectKeyId: 0d:f6:5e:bf:0a:8e:20:54:4a:e1:eb:01:5f:1f:d1:7b:18:20:8e:81
AuthorityKeyId: c3:f7:d0:b5:2a:30:ad:af:0d:91:21:70:39:54:dd:bc:89:70:c7:3a

Fingerprint (sha1): fb:73:5e:e4:d4:b3:7a:85:97:6c:e5:ed:fe:9f:31:63:c6:79:5a:b8
Fingerprint (sha256): 00:34:52:22:f6:20:72:85:53:ca:eb:5d:39:14:db:d5:05:33:11:d7:25:6c:84:4a:ec:e2:d3:c2:56:0e:fc:57

Issuing Certificate URL: http://aia.entrust.net/l1m-chain256.cer

Revocation information

OCSP Server: http://ocsp.entrust.net
CRL Distribution Point: http://crl.entrust.net/level1m.crl

Check the revocation status for certificate secure.bankofamerica.com

10

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for secure.bankofamerica.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

secure.bankofamerica.com
secure-darkpod.bankofamerica.com
secure.fs.ml.com
secure-darkpod.fs.ml.com
secure.fs.ustrust.com
secure-darkpod.fs.ustrust.com
secure.benefits.ml.com
secure-darkpod.benefits.ml.com
secure.accountmanagement.baml.com
secure-darkpod.accountmanagement.baml.com

Other certificates including the domain name bankofamerica.com

(limited to 100 certificates)
dcpr-apac.bankofamerica.com
b2bservice-dev4.ecnp.bankofamerica.com
elink-mbi-s.bankofamerica.com
atmhold-tt.bankofamerica.com
abwebpay-mbod.bankofamerica.com
webatm-test-dev1b-pipB.bankofamerica.com
webatm-test-cer1a-pipD.bankofamerica.com
fix-mtls-prod-out-ma-order.bankofamerica.com
CAPTIVESERVICE.BANKOFAMERICA.COM
mqt.qtjrchin.bankofamerica.com
secure.bankofamerica.com
travelcenter2.bankofamerica.com
directsso.bankofamerica.com
gpx-discover-diners-pulse-lle-clientcert.ecnp.bankofamerica.com
testingNotifications-CertAdminPlzApprove.bankofamerica.com
origin-bac-assets-cert.ecnp.bankofamerica.com
sso-prd.bankofamerica.com
eib-vgs-sit1.bankofamerica.com
cpo-accelerate-websvcs-test2.bankofamerica.com
usvarchvp2isa01.bankofamerica.com
ibsshopsafedev6.bankofamerica.com
rxserve-9H.bankofamerica.com
Standard_SSL_Digicert_CASpec.bankofamerica.com
globalcommissionpayments.bankofamerica.com
appb1.paymentsinvoicing.bankofamerica.com
secure-devps.ecnp.bankofamerica.com
mservice-qa5.ecnp.bankofamerica.com
mservice-qaps.ecnp.bankofamerica.com
bl-qip.emea.bankofamerica.com
cldirect.bankofamerica.com
fbrm-pssit.bankofamerica.com
sbbankers.ltngp2dev.bankofamerica.com
wmobile.bankofamerica.com
escrowonline-lt.bankofamerica.com
socialapp-pt1.ecnp.bankofamerica.com
MO8XCHRS002.bankofamerica.com
winsso-stg.sm.bankofamerica.com
oos0i.lbxatl.bankofamerica.com
CRDTCTR-70336-nCinoClientAuth-BFUAT.bankofamerica.com
outlookanywhere.bankofamerica.com
epass-uat.bankofamerica.com
eftx-pt1.ecnp.bankofamerica.com
NDM.9M33.bankofamerica.com
mqt.mub1chin.bankofamerica.com
ssologon-deveast.bankofamerica.com
finapp.allmyaccounts.test2.bankofamerica.com
boardvantage-uat.bankofamerica.com
portalb2b-rch.bankofamerica.com
ftp-vmsdf1.bankofamerica.com
uat-authorprimary-merch.bankofamerica.com
travelcenter.bankofamerica.com
cmbsi-uat1.bankofamerica.com
travelpaymentsystem.bankofamerica.com
winsso-prd.sm.bankofamerica.com
rvdealer-cit.bankofamerica.com
ftp-hbs.bankofamerica.com
safepass-cpo.bankofamerica.com
cictsc3a.9s.bankofamerica.com
secure-preview1.ecnp.bankofamerica.com
corp.bankofamerica.com
origin-bac-assets-dev.ecnp.bankofamerica.com
everest-qa.bankofamerica.com
racf-1R.bankofamerica.com
fbrm.bankofamerica.com
symphony-online-dr-vip.bankofamerica.com
rmbs.bankofamerica.com
WAS.prodeu01.bankofamerica.com
crm.fxqa.ml.com
corp.bankofamerica.com
ecsb.bankofamerica.com
elink-as2h8.bankofamerica.com
portal.bankofamerica.com
bofacapital-certs.bankofamerica.com
mqp.mqwxchin.bankofamerica.com
bofacapital-certs-pp.bankofamerica.com
viewinv-techtest.bankofamerica.com
cicpvx62.1s.bankofamerica.com
remotepc-us.bankofamerica.com
akamai-san10.exacttarget.com
tx8aiucm02403.bankofamerica.com
secure-review1.ecnp.bankofamerica.com
socialapp-devflex.ecnp.bankofamerica.com
mlqua400.bankofamerica.com
support-services.bankofamerica.com
ustxrdncu01aac0001.network.bankofamerica.com
soap-aci1.bankofamerica.com
mqp.qpc1chin.bankofamerica.com
ecds-uat.bankofamerica.com
mservice-dev2.ecnp.bankofamerica.com
ccpsbob.bankofamerica.com
cporms-test.bankofamerica.com
resfcmbs.bankofamerica.com
IMSPW3CA.1S.bankofamerica.com
globalroutingdirectory.bankofamerica.com
aeadmin.bankofamerica.com
fedsso.bankofamerica.com
rest-cert2.ecnp.bankofamerica.com
psgws.bankofamerica.com
cboapp01.bankofamerica.com
eib-hrt-cit2.bankofamerica.com

Certificate

The complete raw certificate details for secure.bankofamerica.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIIRTCCBy2gAwIBAgIRAMHLKXjgGm3SAAAAAFTQFAwwDQYJKoZIhvcNAQELBQAw
gboxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQL
Ex9TZWUgd3d3LmVudHJ1c3QubmV0L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykg
MjAxNCBFbnRydXN0LCBJbmMuIC0gZm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxLjAs
BgNVBAMTJUVudHJ1c3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBMMU0wHhcN
MTkwNzI4MjAyODQzWhcNMjAwNzI1MjA1ODQwWjCB3DELMAkGA1UEBhMCVVMxETAP
BgNVBAgTCElsbGlub2lzMRAwDgYDVQQHEwdDaGljYWdvMRMwEQYLKwYBBAGCNzwC
AQMTAlVTMRkwFwYLKwYBBAGCNzwCAQITCERlbGF3YXJlMSQwIgYDVQQKExtCYW5r
IG9mIEFtZXJpY2EgQ29ycG9yYXRpb24xHTAbBgNVBA8TFFByaXZhdGUgT3JnYW5p
emF0aW9uMRAwDgYDVQQFEwcyOTI3NDQyMSEwHwYDVQQDExhzZWN1cmUuYmFua29m
YW1lcmljYS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCr1U5g
VOEblweOEcLStpMkHdj2GZ5Z/gUJSvxtHll4klfM3rb9FYwBCkhQ0t537wh/q9sH
N7ycvZgl6Td4oVZvZH2l853kCJFjVn5pDZkD6bZXG32BORVpepPSsCX9qdWyGaZd
aWR+e26FYeB75oOv050yJp1Dvk3I+X2XeJ2r5fHdiw8JEc3tapLwy8SPMLacgdLA
PfKjkMxUvzBtbL76KSTbIQIxTyKNH8pXvf6gpwacYWmTPuRlCfz3jMTMaTgR980O
12PwUThibCSziz5c8ZSLsllG8xWUYKWPeJ2sNn6KIpXGpyUPR87dUNoaIokWtg/l
FoCOb38suXTwctkVAgMBAAGjggQgMIIEHDCCATEGA1UdEQSCASgwggEkghhzZWN1
cmUuYmFua29mYW1lcmljYS5jb22CIHNlY3VyZS1kYXJrcG9kLmJhbmtvZmFtZXJp
Y2EuY29tghBzZWN1cmUuZnMubWwuY29tghhzZWN1cmUtZGFya3BvZC5mcy5tbC5j
b22CFXNlY3VyZS5mcy51c3RydXN0LmNvbYIdc2VjdXJlLWRhcmtwb2QuZnMudXN0
cnVzdC5jb22CFnNlY3VyZS5iZW5lZml0cy5tbC5jb22CHnNlY3VyZS1kYXJrcG9k
LmJlbmVmaXRzLm1sLmNvbYIhc2VjdXJlLmFjY291bnRtYW5hZ2VtZW50LmJhbWwu
Y29tgilzZWN1cmUtZGFya3BvZC5hY2NvdW50bWFuYWdlbWVudC5iYW1sLmNvbTCC
AX4GCisGAQQB1nkCBAIEggFuBIIBagFoAHcAVYHUwhaQNgFK6gubVzxT8MDkOHhw
JQgXL6OqHQcT0wwAAAFsOmDl7AAABAMASDBGAiEAnUAQ2FB+Ake/Aq5bt8fmhPbw
W4vHeavj5/cCG9uDBmoCIQCRXNokgRJDAlTFK4iRTdQRojL+Wtqki0bzUaxCN17F
cgB2AId1v+dZfPiMQ5lfvfNu/1aNR1Y2/0q1YMG06v9eoIMPAAABbDpg5e8AAAQD
AEcwRQIgUdejlKT7PaNJfkfoCZR4HJ8TS+jDxUMe1HjCrVuYFqECIQC7eN89uftZ
qqEVdm39bFwcwnPI3FjGHOxGASzfX0so6AB1AO5Lvbd1zmC64UJpH6vhnmajD35f
sHLYgwDEe4l6qP3LAAABbDpg5ucAAAQDAEYwRAIgAhDeDWscX/f6DjVr3UsDKr6C
lMPXRo2lzS0WvdMVycQCIAhW5TwCSJbt6f/rVsEf/IQFfQOYm52Ehi0hY2CMSWFR
MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw
aAYIKwYBBQUHAQEEXDBaMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5lbnRydXN0
Lm5ldDAzBggrBgEFBQcwAoYnaHR0cDovL2FpYS5lbnRydXN0Lm5ldC9sMW0tY2hh
aW4yNTYuY2VyMDMGA1UdHwQsMCowKKAmoCSGImh0dHA6Ly9jcmwuZW50cnVzdC5u
ZXQvbGV2ZWwxbS5jcmwwSgYDVR0gBEMwQTA2BgpghkgBhvpsCgECMCgwJgYIKwYB
BQUHAgEWGmh0dHA6Ly93d3cuZW50cnVzdC5uZXQvcnBhMAcGBWeBDAEBMB8GA1Ud
IwQYMBaAFMP30LUqMK2vDZEhcDlU3byJcMc6MB0GA1UdDgQWBBQN9l6/Co4gVErh
6wFfH9F7GCCOgTAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQAvU893AfGo
7vlCfiBN9z+5ewACefEcx/sKhgidxul0L6bGFvF1VKZgA8d1ou9TBvUh40gZFB1K
BfQUg7BKST7E6C8UbnP9RFL0Izp9nEDTJ0yawOVBlQ0TyJkhv0ckxwzzNzGA6COc
4A8exHxNKvX41n6IhlczcYOChFToOuCER7M6t2fWp+mab4ak4PhRDogQf6jzC0Ww
oCtgLuz6P/TidxCB/VKtc1D2KQkKL9mJIZchae8ZHrm2MRnkiabtyq7th586uZqf
y2afT2Bh2ZIo9QmPYZ1e7Nko0HdafLmLbvZt63RUxkD+/9UQjXwCLrlsoEx6K4po
S9wqFPFQgrD/
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq9VOYFThG5cHjhHC0raT
JB3Y9hmeWf4FCUr8bR5ZeJJXzN62/RWMAQpIUNLed+8If6vbBze8nL2YJek3eKFW
b2R9pfOd5AiRY1Z+aQ2ZA+m2Vxt9gTkVaXqT0rAl/anVshmmXWlkfntuhWHge+aD
r9OdMiadQ75NyPl9l3idq+Xx3YsPCRHN7WqS8MvEjzC2nIHSwD3yo5DMVL8wbWy+
+ikk2yECMU8ijR/KV73+oKcGnGFpkz7kZQn894zEzGk4EffNDtdj8FE4Ymwks4s+
XPGUi7JZRvMVlGClj3idrDZ+iiKVxqclD0fO3VDaGiKJFrYP5RaAjm9/LLl08HLZ
FQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 257595880604301177792288510476165321740
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Entrust, Inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'See www.entrust.net/legal-terms'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '(c) 2014 Entrust, Inc. - for authorized use only'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Entrust Certification Authority - L1M'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-07-28 20:28:43 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2020-07-25 20:58:40 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Illinois'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Chicago'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.60.2.1.3 (jurisdictionOfIncorporationC)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.60.2.1.2 (jurisdictionOfIncorporationSP)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Delaware'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Bank of America Corporation'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.15 (businessCategory)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Private Organization'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.5 (serialNumber)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '2927442'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'secure.bankofamerica.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 21691935335717008690748570332923320822494729102252310894582854752094190463704973717803849852558591729306328621197592940010098441990263305980612383322248431800389047645197128547506101572686410671523298526308752357516307975751373824012729889234105153812907930805281667472503547221823479956447264495079377195844912161844038600597675874519628420585318614068595490764228698230845108774478413256923798627842413366530793550349221924265478590783497342058431740160996950027620753081085644609441225472061610262983105160949380911437063045374379824910593315705429643660774637440476812726313039475048850870236233426547095930853653
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (296 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'secure.bankofamerica.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'secure-darkpod.bankofamerica.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'secure.fs.ml.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'secure-darkpod.fs.ml.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'secure.fs.ustrust.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'secure-darkpod.fs.ustrust.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'secure.benefits.ml.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'secure-darkpod.benefits.ml.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'secure.accountmanagement.baml.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'secure-darkpod.accountmanagement.baml.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (366 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (362 bytes)
							01680077005581d4c2169036014aea0b9b573c53f0c0e43878702508172fa3aa1d0713d30c0000016c3a60e5ec00000403004830460221009d4010d8507e0247bf02ae5bb7c7e684f6f05b8bc779abe3e7f7021bdb83066a022100915cda248112430254c52b88914dd411a232fe5adaa48b46f351ac42375ec5720076008775bfe7597cf88c43995fbdf36eff568d475636ff4ab560c1b4eaff5ea0830f0000016c3a60e5ef0000040300473045022051d7a394a4fb3da3497e47e80994781c9f134be8c3c5431ed478c2ad5b9816a1022100bb78df3db9fb59aaa115766dfd6c5c1cc273c8dc58c61cec46012cdf5f4b28e8007500ee4bbdb775ce60bae142691fabe19e66a30f7e5fb072d88300c47b897aa8fdcb0000016c3a60e6e7000004030046304402200210de0d6b1c5ff7fa0e356bdd4b032abe8294c3d7468da5cd2d16bdd315c9c402200856e53c024896ede9ffeb56c11ffc84057d03989b9d84862d2163608c496151
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (92 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.entrust.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://aia.entrust.net/l1m-chain256.cer'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (44 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.entrust.net/level1m.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (67 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.114028.10.1.2 (Entrust EV policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.entrust.net/rpa'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.1
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName c3f7d0b52a30adaf0d9121703954ddbc8970c73a
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							0df65ebf0a8e20544ae1eb015f1fd17b18208e81
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		002f53cf7701f1a8eef9427e204df73fb97b000279f11cc7fb0a86089dc6e9742fa6c616f17554a66003c775a2ef5306f521e34819141d4a05f41483b04a493ec4e82f146e73fd4452f4233a7d9c40d3274c9ac0e541950d13c89921bf4724c70cf3373180e8239ce00f1ec47c4d2af5f8d67e888657337183828454e83ae08447b33ab767d6a7e99a6f86a4e0f8510e88107fa8f30b45b0a02b602eecfa3ff4e2771081fd52ad7350f629090a2fd98921972169ef191eb9b63119e489a6edcaaeed879f3ab99a9fcb669f4f6061d99228f5098f619d5eecd928d0775a7cb98b6ef66deb7454c640feffd5108d7c022eb96ca04c7a2b8a684bdc2a14f15082b0ff