ocm.web.health.state.mn.us

- State of Minnesota -

Issued by Sectigo RSA Extended Validation Secure Server CA

About this certificate

This digital certificate with serial number ce:51:e2:7d:da:a5:0e:91:28:3f:57:ad:9d:6f:e7:99 was issued on by Sectigo Limited.

With 6 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

State of Minnesota

Company registration number: Government Entity
Organization: State of Minnesota
State / Province: Minnesota
Country: US

Sectigo Limited

Organization: Sectigo Limited
State / Province: Greater Manchester
Locality: Salford
Country: GB

This certificate has expire since

Certificate Details

Serial Number (hex): ce:51:e2:7d:da:a5:0e:91:28:3f:57:ad:9d:6f:e7:99
Serial Number (int): 274246136972992004108751658639181211545
Serial Number lenght: 128 bits, 16 octets

SubjectKeyId: b3:22:24:4b:54:55:3e:6b:f8:ad:45:24:66:88:93:b1:0e:c0:b5:a0
AuthorityKeyId: 2c:69:ff:80:c9:87:90:ae:34:e1:b4:e7:4c:93:85:99:40:e9:a7:b2

Fingerprint (sha1): 20:53:bd:d2:10:b6:c4:04:48:8a:cf:f7:bd:7f:13:8d:34:f8:22:46
Fingerprint (sha256): 04:67:3b:42:94:20:53:4a:6b:12:5b:74:f1:cc:15:c3:a3:d7:ec:18:54:78:2d:95:72:46:d0:2f:2d:9a:0a:34

Issuing Certificate URL: http://crt.sectigo.com/SectigoRSAExtendedValidationSecureServerCA.crt

Revocation information

OCSP Server: http://ocsp.sectigo.com
CRL Distribution Point: http://crl.sectigo.com/SectigoRSAExtendedValidationSecureServerCA.crl

Check the revocation status for certificate ocm.web.health.state.mn.us

6

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for ocm.web.health.state.mn.us

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

ocm.web.health.state.mn.us
cannabis.mn.gov
cannabis.state.mn.us
www.cannabis.mn.gov
www.cannabis.state.mn.us
www.ocm.web.health.state.mn.us

Other certificates including the domain name state.mn.us

(limited to 100 certificates)
fyidocs.web.health.state.mn.us
maps1.dnr.state.mn.us
edocs.dhs.state.mn.us
www.brewermiddleschool.wsisd.com
mndatarest.web.health.state.mn.us
drainage.pca.state.mn.us
ww2.commissions.leg.state.mn.us
support.mdor.state.mn.us
autodiscover.state.mn.us
mnhumanservices-test.dhs.state.mn.us
www.westkm.pubdef.state.mn.us
svn.nonprod.health.state.mn.us
guestvdi.dps.state.mn.us
arclookup.dhs.int.state.mn.us
education.mn.gov
printprint.x.state.mn.us
mnwellindex.web.health.state.mn.us
nslp.web.health.state.mn.us
podprecheck.health.state.mn.us
ccbhcreporting.dhs.state.mn.us
evve.health.state.mn.us
archerdev.int.state.mn.us
merc.health.state.mn.us
www.dlan.dps.state.mn.us
trng.mec2.dhs.state.mn.us
mhis.dhs.mn.gov
lic-dev.dnr.state.mn.us
mnchoices-train.dhs.state.mn.us
tmon.dhs.int.state.mn.us
mnch-supplan-train.dhs.state.mn.us
webportal3.dot.state.mn.us
elm.systems.state.mn.us
www2.mainserver.state.mn.us
cannabis.web.health.state.mn.us
support.elm.swift.state.mn.us
dutchelm.dps.state.mn.us
www.cty.dhs.state.mn.us
mnlars-iam-prod-app-v201.dps.int.state.mn.us
mars.doc.state.mn.us
www.msrs.state.mn.us
aurora.msrs.state.mn.us
ftp.sos.state.mn.us
www.cfbreport.state.mn.us
coms.stage.doc.state.mn.us
swa.web.health.state.mn.us
rpo.dev.dhs.int.state.mn.us
passwordreset.mnit.state.mn.us
leadrenovator.web.health.state.mn.us
files.dnr.state.mn.us
www.ecmportal.pubdef.state.mn.us
revvpnsdp.mdor.state.mn.us
wm.courts.state.mn.us
www.gideon2test.pubdef.state.mn.us
www.dashboardtest.pubdef.state.mn.us
www.yorkprepsc.org
webportal2.dot.state.mn.us
pfas400.dhs.int.state.mn.us
www.ble.mn.gov
arsdev.itg.state.mn.us
www.lawyerregulation.mn.gov
mnsurebda2node09.hix.int.state.mn.us
www.mcla.state.mn.us
mnchoices-train.dhs.state.mn.us
g45ppwcsldww001.admin.state.mn.us
neien.pca.state.mn.us
ddi.itg.state.mn.us
g46pilvcmseo104.voice.state.mn.us
asthmahealthyhomes.web.health.state.mn.us
commissionsandappointments.sos.state.mn.us
samtest.dhs.state.mn.us
dps.mn.gov
dev.sema4.systems.state.mn.us
www.selfloan.state.mn.us
analytics.education.state.mn.us
caseworks.x.state.mn.us
*.devapi.hlb.state.mn.us
g46pilvcmsco104.voice.state.mn.us
image.enx.web.health.state.mn.us
www.ag.state.mn.us
www.fafsaweb.state.mn.us
services.swift.state.mn.us
admin.bakerschools.org
*.sos.state.mn.us
forums.doc.state.mn.us
registrationportal.dot.state.mn.us
fimpwreset.ead.state.mn.us
bcacrimestats.x.state.mn.us
iibvhn.mneiam.int.state.mn.us
remote.oah.state.mn.us
www.ohe.state.mn.us
survey.dnr.state.mn.us
edocs.dhs.state.mn.us
west.commerce.state.mn.us
mdaonbaseapp.mda.state.mn.us
mdatwa2.state.mn.us
licensinglookup.dhs.state.mn.us
ocm.web.health.state.mn.us
support.mdor.state.mn.us
mcla.es.state.mn.us
hchhomes.web.health.state.mn.us

Certificate

The complete raw certificate details for ocm.web.health.state.mn.us in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIHoTCCBomgAwIBAgIRAM5R4n3apQ6RKD9XrZ1v55kwDQYJKoZIhvcNAQELBQAw
gZExCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO
BgNVBAcTB1NhbGZvcmQxGDAWBgNVBAoTD1NlY3RpZ28gTGltaXRlZDE5MDcGA1UE
AxMwU2VjdGlnbyBSU0EgRXh0ZW5kZWQgVmFsaWRhdGlvbiBTZWN1cmUgU2VydmVy
IENBMB4XDTIzMDUxMjAwMDAwMFoXDTI0MDUxMTIzNTk1OVowgbAxGjAYBgNVBAUT
EUdvdmVybm1lbnQgRW50aXR5MRMwEQYLKwYBBAGCNzwCAQMTAlVTMRowGAYDVQQP
ExFHb3Zlcm5tZW50IEVudGl0eTELMAkGA1UEBhMCVVMxEjAQBgNVBAgTCU1pbm5l
c290YTEbMBkGA1UEChMSU3RhdGUgb2YgTWlubmVzb3RhMSMwIQYDVQQDExpvY20u
d2ViLmhlYWx0aC5zdGF0ZS5tbi51czCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
AQoCggEBAM59PebtOaHJWqWuf4SXnYXRTiD7h+9CISIi40FjtrWPGgmQL3JijoUI
chURP5K3ctDCSCCncvhR5Gkg6/vL6lmGF43ADhBbuIcW7dfgjGM9ajcEQHgaWRJX
2Vvq4JUWrho4XhB5uq8IdDo3S/0d0wG1lE3WrmvQrlcuXvjT5DcDjbb5YzyE+RP+
5Z+w9TMlBVtIUfdxk5G6csaXVNTvqZfyK/h/d7d81XMBHMGgpGNaAzREKwxIYCVp
s84KOZBFUUD2N3w6HL2J0LsJ3UETJtAq3QH2ZXkpWf6BVHfctxWdLsd/w1xxYAr5
sQ9NUbHf6hWXL31mHAjSqJEbwdy7gw0CAwEAAaOCA9EwggPNMB8GA1UdIwQYMBaA
FCxp/4DJh5CuNOG050yThZlA6aeyMB0GA1UdDgQWBBSzIiRLVFU+a/itRSRmiJOx
DsC1oDAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggr
BgEFBQcDAQYIKwYBBQUHAwIwSQYDVR0gBEIwQDA1BgwrBgEEAbIxAQIBBQEwJTAj
BggrBgEFBQcCARYXaHR0cHM6Ly9zZWN0aWdvLmNvbS9DUFMwBwYFZ4EMAQEwVgYD
VR0fBE8wTTBLoEmgR4ZFaHR0cDovL2NybC5zZWN0aWdvLmNvbS9TZWN0aWdvUlNB
RXh0ZW5kZWRWYWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3JsMIGGBggrBgEFBQcB
AQR6MHgwUQYIKwYBBQUHMAKGRWh0dHA6Ly9jcnQuc2VjdGlnby5jb20vU2VjdGln
b1JTQUV4dGVuZGVkVmFsaWRhdGlvblNlY3VyZVNlcnZlckNBLmNydDAjBggrBgEF
BQcwAYYXaHR0cDovL29jc3Auc2VjdGlnby5jb20wggGABgorBgEEAdZ5AgQCBIIB
cASCAWwBagB3AHb/iD8KtvuVUcJhzPWHujS0pM27KdxoQgqf5mdMWjp0AAABiBEx
XOoAAAQDAEgwRgIhAPpBDxVdGbplI+/MZvK0teCesTUfnLDwX6BkvbDc+wDdAiEA
qkiX1xdftrvOPafa9EWH/+iX4FDQP1X0N4oM4zbJxI8AdwDatr9rP7W2Ip+bwrtc
a+hwkXFsu1GEhTS9pD0wSNf7qwAAAYgRMV1EAAAEAwBIMEYCIQCZFc11XQ6Zljll
x0GIVqDpQ7U7l1q12WicdgfnHerMBQIhAMrrui0kCdvgjoLvVNyJSIp7vH7rQ62m
MsyO3wg/lIsbAHYA7s3QZNXbGs7FXLedtM0TojKHRny87N7DUUhZRnEftZsAAAGI
ETFdEQAABAMARzBFAiEA+3lEQ8RFwFyHof68ODfaXkZ7UZ7bAxWU04gqgpOA6JcC
IBVFjQ4RUcOYHpbe5vOfIKY3tDDrVgEflfgjI4TKpLLVMIGdBgNVHREEgZUwgZKC
Gm9jbS53ZWIuaGVhbHRoLnN0YXRlLm1uLnVzgg9jYW5uYWJpcy5tbi5nb3aCFGNh
bm5hYmlzLnN0YXRlLm1uLnVzghN3d3cuY2FubmFiaXMubW4uZ292ghh3d3cuY2Fu
bmFiaXMuc3RhdGUubW4udXOCHnd3dy5vY20ud2ViLmhlYWx0aC5zdGF0ZS5tbi51
czANBgkqhkiG9w0BAQsFAAOCAQEAc1iMUmicmu0+NUcZtZ60ZXRmNSNdneE4ETHV
ivO1G1Nd63jGpjdBrtqiOjB9oqGKejD1rlzB18C5oGzL4WUrK6DXayXmNKHwHKEZ
idpRK9mfA0HbPO3+GvZ/YVGgxQ5bBSzZEf1tglBh53KQh/CC4raBWP7euBXtVnJd
WwmpkjNWbUZQNWm3yxr2jqjBJtuWeMClpA1GPrP7zqTdJKZ6KHUwsMzrin4b84rn
rI7lWSS3Ejdel2WzyYEpEvUkEDi7lTuhboRKitS1zW71u0rF2tK00dLu+6lamC0A
KINJ88eqt6AjwNm4laJ7bOxLil2ZK9NGxHmdgMJ4bnIB40R6WQ==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzn095u05oclapa5/hJed
hdFOIPuH70IhIiLjQWO2tY8aCZAvcmKOhQhyFRE/krdy0MJIIKdy+FHkaSDr+8vq
WYYXjcAOEFu4hxbt1+CMYz1qNwRAeBpZElfZW+rglRauGjheEHm6rwh0OjdL/R3T
AbWUTdaua9CuVy5e+NPkNwONtvljPIT5E/7ln7D1MyUFW0hR93GTkbpyxpdU1O+p
l/Ir+H93t3zVcwEcwaCkY1oDNEQrDEhgJWmzzgo5kEVRQPY3fDocvYnQuwndQRMm
0CrdAfZleSlZ/oFUd9y3FZ0ux3/DXHFgCvmxD01Rsd/qFZcvfWYcCNKokRvB3LuD
DQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 274246136972992004108751658639181211545
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GB'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Greater Manchester'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Salford'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Sectigo Limited'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Sectigo RSA Extended Validation Secure Server CA'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-05-12 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-05-11 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.5 (serialNumber)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Government Entity'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.60.2.1.3 (jurisdictionOfIncorporationC)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.15 (businessCategory)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Government Entity'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Minnesota'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'State of Minnesota'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'ocm.web.health.state.mn.us'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 26066849858800576766761070357741622071971284277960345761211561486251222962277857273488424348784925719166518158040902590871990361980378980526892986830745311934092498553264926591998867703498180441647276959835954014617316947188651879646669805043351954538831418323298192890567626909858847129486909517797604983300835278905628252236068618503962508157382630635996687387786914492093821529343512460633398425187954641795249581142485677373761273120296891087714216761977895684420447735216213829516546543494072317853828566424632568295454759231299230422511322675327193438883565789036207539555009606138998749142547748591972193633037
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 2c69ff80c98790ae34e1b4e74c93859940e9a7b2
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							b322244b54553e6bf8ad4524668893b10ec0b5a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (66 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.6449.1.2.1.5.1 (Comodo EV policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://sectigo.com/CPS'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.1
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (79 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.sectigo.com/SectigoRSAExtendedValidationSecureServerCA.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (122 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.sectigo.com/SectigoRSAExtendedValidationSecureServerCA.crt'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.sectigo.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (368 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (364 bytes)
							016a00770076ff883f0ab6fb9551c261ccf587ba34b4a4cdbb29dc68420a9fe6674c5a3a740000018811315cea0000040300483046022100fa410f155d19ba6523efcc66f2b4b5e09eb1351f9cb0f05fa064bdb0dcfb00dd022100aa4897d7175fb6bbce3da7daf44587ffe897e050d03f55f4378a0ce336c9c48f007700dab6bf6b3fb5b6229f9bc2bb5c6be87091716cbb51848534bda43d3048d7fbab0000018811315d4400000403004830460221009915cd755d0e99963965c7418856a0e943b53b975ab5d9689c7607e71deacc05022100caebba2d2409dbe08e82ef54dc89488a7bbc7eeb43ada632cc8edf083f948b1b007600eecdd064d5db1acec55cb79db4cd13a23287467cbcecdec351485946711fb59b0000018811315d110000040300473045022100fb794443c445c05c87a1febc3837da5e467b519edb031594d3882a829380e897022015458d0e1151c3981e96dee6f39f20a637b430eb56011f95f8232384caa4b2d5
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (149 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ocm.web.health.state.mn.us'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cannabis.mn.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cannabis.state.mn.us'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.cannabis.mn.gov'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.cannabis.state.mn.us'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.ocm.web.health.state.mn.us'
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		0073588c52689c9aed3e354719b59eb465746635235d9de1381131d58af3b51b535deb78c6a63741aedaa23a307da2a18a7a30f5ae5cc1d7c0b9a06ccbe1652b2ba0d76b25e634a1f01ca11989da512bd99f0341db3cedfe1af67f6151a0c50e5b052cd911fd6d825061e7729087f082e2b68158fedeb815ed56725d5b09a99233566d46503569b7cb1af68ea8c126db9678c0a5a40d463eb3fbcea4dd24a67a287530b0cceb8a7e1bf38ae7ac8ee55924b712375e9765b3c9812912f5241038bb953ba16e844a8ad4b5cd6ef5bb4ac5dad2b4d1d2eefba95a982d00288349f3c7aab7a023c0d9b895a27b6cec4b8a5d992bd346c4799d80c2786e7201e3447a59