education.mn.gov

- State of Minnesota -

Issued by Sectigo RSA Extended Validation Secure Server CA

About this certificate

This digital certificate with serial number 39:af:8c:1d:b0:ab:ba:82:ed:27:a3:28:9c:13:ad:0a was issued on by Sectigo Limited.

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

State of Minnesota

Company registration number: 05-11-1858
Organization: State of Minnesota
State / Province: Minnesota
Country: US

Sectigo Limited

Organization: Sectigo Limited
State / Province: Greater Manchester
Locality: Salford
Country: GB

This certificate will expire on

Certificate Details

Serial Number (hex): 39:af:8c:1d:b0:ab:ba:82:ed:27:a3:28:9c:13:ad:0a
Serial Number (int): 76677489599621992557077165848128630026
Serial Number lenght: 126 bits, 16 octets

SubjectKeyId: 6d:49:fc:fa:13:7e:b0:be:5e:3a:58:44:d2:1e:30:9d:66:f7:b1:d8
AuthorityKeyId: 2c:69:ff:80:c9:87:90:ae:34:e1:b4:e7:4c:93:85:99:40:e9:a7:b2

Fingerprint (sha1): 4d:70:46:c1:98:6a:f2:23:74:c3:99:d7:d7:e8:1b:72:62:83:70:e3
Fingerprint (sha256): 00:6e:66:4d:60:82:b6:a2:f8:b4:76:6a:39:c8:f4:a9:3d:c9:9c:ce:1b:ec:31:38:27:61:7b:a7:ae:e7:6d:65

Issuing Certificate URL: http://crt.sectigo.com/SectigoRSAExtendedValidationSecureServerCA.crt

Revocation information

OCSP Server: http://ocsp.sectigo.com
CRL Distribution Point: http://crl.sectigo.com/SectigoRSAExtendedValidationSecureServerCA.crl

Check the revocation status for certificate education.mn.gov

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for education.mn.gov

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

education.mn.gov
education.state.mn.us

Other certificates including the domain name mn.gov

(limited to 100 certificates)
5661601461960704-fe3.pantheonsite.io
preview.ble.mn.gov
mcc.mn.gov
5661601461960704-fe3.pantheonsite.io
education.mn.gov
gisdata.mn.gov
ccbhcreporting.dhs.state.mn.us
dpscrash.gisdata.mn.gov
mhis.dhs.mn.gov
seocportal.dps.mn.gov
mnch-supplan-train.dhs.state.mn.us
mnledc9010fdapp.dps.mn.gov
5687539843203072-fe2.pantheonsite.io
5687539843203072-fe2.pantheonsite.io
renewlicense.dps.mn.gov
mail.co.ym.mn.gov
*.revisor.mn.gov
oimadmin.mneiamstst12.mn.gov
gis.co.ym.mn.gov
dev.eheatnextgen.mn.gov
www.ble.mn.gov
bipdev.dhs.mn.gov
www.lawyerregulation.mn.gov
mail.co.ym.mn.gov
mnchoices-train.dhs.state.mn.us
5687539843203072-fe2.pantheonsite.io
perpich.mn.gov
g46pilvcmseo104.voice.state.mn.us
*.revisor.mn.gov
commissionsandappointments.sos.state.mn.us
5661601461960704-fe3.pantheonsite.io
dps.mn.gov
*.revisor.mn.gov
dpscrash.gisdata.mn.gov
5661601461960704-fe3.pantheonsite.io
osaportal.gisdata.mn.gov
g46pilvcmsco104.voice.state.mn.us
fastmctst.mnlarsdl.dev.dps.mn.gov
edocs.dhs.state.mn.us
licensinglookup.dhs.state.mn.us
lcc.mn.gov
ocm.web.health.state.mn.us
5661601461960704-fe3.pantheonsite.io
sysdes.mnit.mn.gov
remotedhs.dhs.mn.gov
ng911-dev.gisdata.mn.gov
data-securitytraining.dhs.mn.gov
mnhttf.com
cnv-driver.dvs.dps.mn.gov
admin.moms.mn.gov
eheat.commerce.mn.gov
nt.dps.mn.gov
www.lawyerregulation.mn.gov
esupport2.pcrt.dps.mn.gov
5732095699714048-fe1.pantheonsite.io
iibdev-v10.dhs.int.state.mn.us
dps.mn.gov
mnledc9012fddoc.dps.mn.gov
qa2.edit.wcm.mnit.mn.gov
cserapidprod.dhs.state.mn.us
mnvotes.sos.state.mn.us
www.perpich.mn.gov
lccmr.mn.gov
pam.mnit.state.mn.gov
5687539843203072-fe2.pantheonsite.io
intranet.mnit.mn.gov
5732095699714048-fe1.pantheonsite.io
swiftmnsure.dev.intranet.dhs.mn.gov
intranet.dli.mn.gov
hfix-business.mnlars.intg.dps.mn.gov
5661601461960704-fe3.pantheonsite.io
5732095699714048-fe1.pantheonsite.io
www.dhs.state.mn.us
preview.lro.mn.gov
preview.ble.mn.gov
mblsportal.sos.state.mn.us
test.eheatnextgen.mn.gov
mnledc9004fcdoc.dps.mn.gov
qa-md.dps.mn.gov
rc.stage.education.mn.gov
www.health.state.mn.us
5661601461960704-fe3.pantheonsite.io
preview.ble.mn.gov
secanalytics.education.mn.gov
5661601461960704-fe3.pantheonsite.io
stage-db.mnlars.dmz.dps.mn.gov
auth-connect.mnit.mn.gov
dev.sp-eop-office.mn.gov
ssba.dhs.state.mn.us
creports.dhs.mn.gov
datacapdev.dhs.mn.gov
dvs.dps.mn.gov
mnch-supplan-train.dhs.mn.gov
app2.dps.mn.gov
5732095699714048-fe1.pantheonsite.io
perpich.mn.gov
id.mneiamatst.mn.gov
cnotes.dev.intranet.dhs.mn.gov
autotestu.intg.dps.mn.gov
dlancopproxy.dps.mn.gov

Certificate

The complete raw certificate details for education.mn.gov in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIHITCCBgmgAwIBAgIQOa+MHbCruoLtJ6MonBOtCjANBgkqhkiG9w0BAQsFADCB
kTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
A1UEBxMHU2FsZm9yZDEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTkwNwYDVQQD
EzBTZWN0aWdvIFJTQSBFeHRlbmRlZCBWYWxpZGF0aW9uIFNlY3VyZSBTZXJ2ZXIg
Q0EwHhcNMjQwMTA0MDAwMDAwWhcNMjUwMTAzMjM1OTU5WjCBnzETMBEGA1UEBRMK
MDUtMTEtMTg1ODETMBEGCysGAQQBgjc8AgEDEwJVUzEaMBgGA1UEDxMRR292ZXJu
bWVudCBFbnRpdHkxCzAJBgNVBAYTAlVTMRIwEAYDVQQIEwlNaW5uZXNvdGExGzAZ
BgNVBAoTElN0YXRlIG9mIE1pbm5lc290YTEZMBcGA1UEAxMQZWR1Y2F0aW9uLm1u
LmdvdjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALJFoUd1Zh6q47vj
bsxgNpQSRl34rA6px2V15GRH4liDbiGjqE8tVwBEDfMYroxW/j/DaenkW1UYyjoy
pyU+LlsJIaLN5CQGVHa60EFun9JpSZ8Klk8P/zpcQVwXimz05fJWpn4cpDlHsj23
n3P2RUYo7lrAYpTX0QamZc+MmAYWx+ZyufJ5p4sCvmpBSmEggQ0rWP7dBzqq4FmZ
YLxkIHXKPNcQwGjc9foE3M7wXRpCLHukdfwREuV97InUbReDplWL1e6R9b6szshZ
2P9PikruBXmAcxCeR1mPPGcCyPe9TE6JWqsGLZ4ugaTaJoFN4OBiqGjTSBFOumEI
1d2QipsCAwEAAaOCA2MwggNfMB8GA1UdIwQYMBaAFCxp/4DJh5CuNOG050yThZlA
6aeyMB0GA1UdDgQWBBRtSfz6E36wvl46WETSHjCdZvex2DAOBgNVHQ8BAf8EBAMC
BaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw
SQYDVR0gBEIwQDA1BgwrBgEEAbIxAQIBBQEwJTAjBggrBgEFBQcCARYXaHR0cHM6
Ly9zZWN0aWdvLmNvbS9DUFMwBwYFZ4EMAQEwVgYDVR0fBE8wTTBLoEmgR4ZFaHR0
cDovL2NybC5zZWN0aWdvLmNvbS9TZWN0aWdvUlNBRXh0ZW5kZWRWYWxpZGF0aW9u
U2VjdXJlU2VydmVyQ0EuY3JsMIGGBggrBgEFBQcBAQR6MHgwUQYIKwYBBQUHMAKG
RWh0dHA6Ly9jcnQuc2VjdGlnby5jb20vU2VjdGlnb1JTQUV4dGVuZGVkVmFsaWRh
dGlvblNlY3VyZVNlcnZlckNBLmNydDAjBggrBgEFBQcwAYYXaHR0cDovL29jc3Au
c2VjdGlnby5jb20wggF+BgorBgEEAdZ5AgQCBIIBbgSCAWoBaAB2AM8RVu7VLnyv
84db2Wkum+kacWdKsBfsrAHSW3fOzDsIAAABjNYIRWgAAAQDAEcwRQIgEsYxIVyW
HxHQOUR5paY5SnbEGGLPRLw2uu3t0cm379gCIQDe/aGXgslm9nE6clXJwpcaUbwQ
J6XRSPqxKfJJlli56wB3AKLjCuRF772tm3447Udnd1PXgluElNcrXhssxLlQpEfn
AAABjNYIRU8AAAQDAEgwRgIhAIi6UIIahf42pKZpYKpx1KeK1CzANBkf3IO1cYKJ
f0FPAiEA/kykIo4yzGnaUwp2sqcb4IbBCd8iQviufQSv96iGC04AdQBOdaMnXJoQ
wzhbbNTfP1LrHfDgjhuNacCx+mSxYpo53wAAAYzWCEVGAAAEAwBGMEQCIE+7K8J6
VR9Gj1n6J62Gwj2J1ywaAkQ1jVc2MoQN6QwnAiA6jcyPfHThtQiNphjiGMK4dIiJ
Y1aetV9fQU1kCDfWgzAyBgNVHREEKzApghBlZHVjYXRpb24ubW4uZ292ghVlZHVj
YXRpb24uc3RhdGUubW4udXMwDQYJKoZIhvcNAQELBQADggEBACrfR3JIn4clu5Dq
rSfPbYJi2DWSfn4aucQSs06CGzBn8uJUnxSy9GtU2HtAvT66TpqBDhS/iJQwVmWN
6zajJkYyqXHgUqR2oDIQFV8mXh4HlD9w3Vpw0/Jk5qYbhOW7wWfZj3nneuXNDczq
/MExQ9gtCZBQMjdqi7GyQ6RpYZhj5ii8Wf78SccHQCnLfggP2L6kvavpZ+q2sjEi
pmGtMJnLpeQWC1ER1XgFHyNk5AIsqSaiEda8qZn9+exS+k9V5KtZgYve2rlAZFv6
gFH2YuV71U8XftMkLgv0hwLJl+3drVj16ESSO0hOUvI/9ymnb1eWSIKdaC9vq4yJ
P0aOkuY=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAskWhR3VmHqrju+NuzGA2
lBJGXfisDqnHZXXkZEfiWINuIaOoTy1XAEQN8xiujFb+P8Np6eRbVRjKOjKnJT4u
Wwkhos3kJAZUdrrQQW6f0mlJnwqWTw//OlxBXBeKbPTl8lamfhykOUeyPbefc/ZF
RijuWsBilNfRBqZlz4yYBhbH5nK58nmniwK+akFKYSCBDStY/t0HOqrgWZlgvGQg
dco81xDAaNz1+gTczvBdGkIse6R1/BES5X3sidRtF4OmVYvV7pH1vqzOyFnY/0+K
Su4FeYBzEJ5HWY88ZwLI971MTolaqwYtni6BpNomgU3g4GKoaNNIEU66YQjV3ZCK
mwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 76677489599621992557077165848128630026
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GB'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Greater Manchester'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Salford'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Sectigo Limited'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Sectigo RSA Extended Validation Secure Server CA'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-01-04 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-01-03 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.5 (serialNumber)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '05-11-1858'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.60.2.1.3 (jurisdictionOfIncorporationC)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.15 (businessCategory)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Government Entity'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Minnesota'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'State of Minnesota'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'education.mn.gov'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 22504754115006466166625506837808734468255337463382597893999359022491030540897443644581729137334586665446303160775230364213601391271592114832481941168074554630717113100274220822427333598829022854308655798277133339442091958484396253842542474433987568602798746342902786281849464278995446624617702640561110696713162376493270984885045871692583327582641799229116955862175810004747608371185525282817633711400067183779123532744458397199794784895115363053031214946199415179879929795553659595140909944749855422471113213564990697894206932908707347901848106020904685216889606605382919511858567680632303178722223854741281123109531
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 2c69ff80c98790ae34e1b4e74c93859940e9a7b2
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							6d49fcfa137eb0be5e3a5844d21e309d66f7b1d8
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (66 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.6449.1.2.1.5.1 (Comodo EV policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://sectigo.com/CPS'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.1
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (79 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.sectigo.com/SectigoRSAExtendedValidationSecureServerCA.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (122 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.sectigo.com/SectigoRSAExtendedValidationSecureServerCA.crt'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.sectigo.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (366 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (362 bytes)
							0168007600cf1156eed52e7caff3875bd9692e9be91a71674ab017ecac01d25b77cecc3b080000018cd60845680000040300473045022012c631215c961f11d0394479a5a6394a76c41862cf44bc36baededd1c9b7efd8022100defda19782c966f6713a7255c9c2971a51bc1027a5d148fab129f2499658b9eb007700a2e30ae445efbdad9b7e38ed47677753d7825b8494d72b5e1b2cc4b950a447e70000018cd608454f000004030048304602210088ba50821a85fe36a4a66960aa71d4a78ad42cc034191fdc83b57182897f414f022100fe4ca4228e32cc69da530a76b2a71be086c109df2242f8ae7d04aff7a8860b4e0075004e75a3275c9a10c3385b6cd4df3f52eb1df0e08e1b8d69c0b1fa64b1629a39df0000018cd6084546000004030046304402204fbb2bc27a551f468f59fa27ad86c23d89d72c1a0244358d573632840de90c2702203a8dcc8f7c74e1b5088da618e218c2b874888963569eb55f5f414d640837d683
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (43 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'education.mn.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'education.state.mn.us'
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		002adf4772489f8725bb90eaad27cf6d8262d835927e7e1ab9c412b34e821b3067f2e2549f14b2f46b54d87b40bd3eba4e9a810e14bf88943056658deb36a3264632a971e052a476a03210155f265e1e07943f70dd5a70d3f264e6a61b84e5bbc167d98f79e77ae5cd0dcceafcc13143d82d09905032376a8bb1b243a469619863e628bc59fefc49c7074029cb7e080fd8bea4bdabe967eab6b23122a661ad3099cba5e4160b5111d578051f2364e4022ca926a211d6bca999fdf9ec52fa4f55e4ab59818bdedab940645bfa8051f662e57bd54f177ed3242e0bf48702c997edddad58f5e844923b484e52f23ff729a76f579648829d682f6fab8c893f468e92e6