secure.dcc.oldmutual.co.za

- Old Mutual Life Assurance Company (South Africa) Ltd -

Issued by Entrust Certification Authority - L1M

About this certificate

This digital certificate with serial number f8:c3:2c:e7:4c:86:67:89:00:00:00:00:54:cf:0a:d9 was issued on by Entrust, Inc..

This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Old Mutual Life Assurance Company (South Africa) Ltd

Company registration number: 1999/004643/06
Organization: Old Mutual Life Assurance Company (South Africa) Ltd
State / Province: Western Cape
Locality: Cape Town
Country: ZA

Entrust, Inc.

Organization: Entrust, Inc.
Organization unit: See www.entrust.net/legal-terms
Organization unit: (c) 2014 Entrust, Inc. - for authorized use only
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): f8:c3:2c:e7:4c:86:67:89:00:00:00:00:54:cf:0a:d9
Serial Number (int): 330661951593484875073470494727014910681
Serial Number lenght: 128 bits, 16 octets

SubjectKeyId: 1a:4c:36:75:f7:91:71:ae:b7:8b:fd:b0:e3:6e:cd:38:d4:fd:e6:07
AuthorityKeyId: c3:f7:d0:b5:2a:30:ad:af:0d:91:21:70:39:54:dd:bc:89:70:c7:3a

Fingerprint (sha1): 85:bc:d1:47:65:4d:38:c2:fb:2f:f9:02:ab:e6:ad:e9:01:9c:67:99
Fingerprint (sha256): 09:8c:cf:da:d0:1a:42:9e:95:19:ed:5c:ec:00:72:5a:bc:a6:ee:d2:a7:3c:37:8c:42:7d:08:60:a5:47:3a:d9

Issuing Certificate URL: http://aia.entrust.net/l1m-chain256.cer

Revocation information

OCSP Server: http://ocsp.entrust.net
CRL Distribution Point: http://crl.entrust.net/level1m.crl

Check the revocation status for certificate secure.dcc.oldmutual.co.za

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for secure.dcc.oldmutual.co.za

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

secure.dcc.oldmutual.co.za

Other certificates including the domain name oldmutual.co.za

(limited to 100 certificates)
unai-test.nonprod.my.oldmutual.co.za
secure.finrisc.oldmutual.co.za
static-dev.nonprod.my.oldmutual.co.za
*.extranet.oldmutual.co.za
secure.mycorporatebusiness.oldmutual.co.za
static-dev.nonprod.my.oldmutual.co.za
momapi.dev.digital.oldmutual.co.za
secure.rfa.oldmutual.co.za
secure.fsa.oldmutual.co.za
secure.gsservice.oldmutual.co.za
*.demo.nonprod.my.oldmutual.co.za
www.sander-catering.cateringportal.io
nomtxt.com
npw-auto-test-qa.nonprod.digitalplatform.oldmutual.co.za
secure.cis.oldmutual.co.za
*.extranet.oldmutual.co.za
*.nonprod.my.oldmutual.co.za
pdrest.oldmutual.co.za
unai-test-east.nonprod.my.oldmutual.co.za
unai-test.nonprod.my.oldmutual.co.za
am.pp.oldmutual.co.za
secure.eb.oldmutual.co.za
secure.dcc.oldmutual.co.za
secure.fc.oldmutual.co.za
secure.channelbiuportal.oldmutual.co.za
dev.contrastpharma.com
secure.omkonecttraining.oldmutual.co.za
unai-test.nonprod.my.oldmutual.co.za
secure.eb.oldmutual.co.za
secure.myclient.oldmutual.co.za
pizza.notprometey.pro
*.extranet.oldmutual.co.za
vacancies.oldmutual.co.za
sts.oldmutual.co.za
my.qa.oldmutual.co.za
secure.dcc.oldmutual.co.za
sso.dev.oldmutual.co.za
secure.adviserweb.training.oldmutual.co.za
secure.productsolutions.oldmutual.co.za
secure.adviserweb.pp.oldmutual.co.za
secure.rewards.oldmutual.co.za
secure.myportfolio.oldmutual.co.za
secure.fc.oldmutual.co.za
sftpweb.oldmutual.co.za
secure.myportfolio.oldmutual.co.za
secure.dcc.oldmutual.co.za
www.nanoelectricim.com
secure.rumba.oldmutual.co.za
iopservices.oldmutual.co.za
secure.omkonect.training.oldmutual.co.za
secure.omkonect.oldmutual.co.za
secure.omem.oldmutual.co.za
rms.oldmutual.co.za
static.my.oldmutual.co.za
api.p1l.oldmutual.co.za
secure.omkonect.oldmutual.co.za
secure.pfmisportal.pp.oldmutual.co.za
secure.finrisc.oldmutual.co.za
iwyze.oldmutual.co.za
unai-test-dev.nonprod.my.oldmutual.co.za
secure.rocs.oldmutual.co.za
frontoffice.oldmutual.co.za
roombooking.oldmutual.co.za
momapi.digital.oldmutual.co.za
Secure.mycorporatebusiness.qa.oldmutual.co.za
secure.fsa.oldmutual.co.za
secure.unittrusts.oldmutual.co.za
secure.gateway.oldmutual.co.za
secsftp.oldmutual.co.za
secure.unittrusts.oldmutual.co.za
secure.omem.oldmutual.co.za
secure.rafpfops.oldmutual.co.za
secure.isc.oldmutual.co.za
secure.omkonecttraining.oldmutual.co.za
secure.rocs.oldmutual.co.za
*.crm.oldmutual.co.za
secure.hrms.oldmutual.co.za
api.magnify.qa.oldmutual.co.za
sftp.oldmutual.co.za
secure.finrisc.oldmutual.co.za
calculators.nonprod.my.oldmutual.co.za
secure.productsolutions.oldmutual.co.za
secure.isc.oldmutual.co.za
secure.fc.oldmutual.co.za
secure.mfc.oldmutual.co.za
new-public-web-qa.nonprod.digitalplatform.oldmutual.co.za
portal.oldmutual.co.za
new-public-web-anch.digitalplatform.oldmutual.co.za
secure.mfc.oldmutual.co.za
secure.omut.oldmutual.co.za
secure.mfc.oldmutual.co.za
test.oldmutual.co.za
opensearch.digital.oldmutual.co.za
secure.adviserweb.oldmutual.co.za
iopservices.oldmutual.co.za
Secure.omwealth.oldmutual.co.za
secure.myservice.oldmutual.co.za
assets-qa.nonprod.my.oldmutual.co.za
*.nonprod.my.oldmutual.co.za
api.mfcwizzit.qa.oldmutual.co.za

Certificate

The complete raw certificate details for secure.dcc.oldmutual.co.za in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIHQzCCBiugAwIBAgIRAPjDLOdMhmeJAAAAAFTPCtkwDQYJKoZIhvcNAQELBQAw
gboxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQL
Ex9TZWUgd3d3LmVudHJ1c3QubmV0L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykg
MjAxNCBFbnRydXN0LCBJbmMuIC0gZm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxLjAs
BgNVBAMTJUVudHJ1c3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBMMU0wHhcN
MTgxMDA1MTEzNTQzWhcNMTkxMDMxMTIwNTQyWjCB6TELMAkGA1UEBhMCWkExFTAT
BgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMRMwEQYLKwYB
BAGCNzwCAQMTAlpBMT0wOwYDVQQKEzRPbGQgTXV0dWFsIExpZmUgQXNzdXJhbmNl
IENvbXBhbnkgKFNvdXRoIEFmcmljYSkgTHRkMR0wGwYDVQQPExRQcml2YXRlIE9y
Z2FuaXphdGlvbjEXMBUGA1UEBRMOMTk5OS8wMDQ2NDMvMDYxIzAhBgNVBAMTGnNl
Y3VyZS5kY2Mub2xkbXV0dWFsLmNvLnphMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAwPqFOtsTxeCdEWkKF3WfaXyUMLlldyDIoNQ9quL2MdyduHKHOYRy
WNSJzqWxsEWm2/Yt4iO0twCfMcnc6pX5hTwbqYg+foMXwShunsAZyCx9RiaLU4MN
tBf1+PX1CFrB5sQ+WDqTb9RHqaJCgnvSgN8VkPjvVS26xls9M+zAxZo+dsNokKrP
YEYa0oLPN6yaa0Czs4UunoFA90UB6zxwv+cHyrU/3YK5dCW1LF+OatsNnNg5B6yx
9IP0eNKoKPvwM5Iy/JrbSS7UBmwMlkUgrtpK2qOhf4yLIJ0tDo2yWTHClNhErixT
raBg2qatuFJ+3KK8JD8lCUD0si9zYUvo2wIDAQABo4IDETCCAw0wJQYDVR0RBB4w
HIIac2VjdXJlLmRjYy5vbGRtdXR1YWwuY28uemEwggF9BgorBgEEAdZ5AgQCBIIB
bQSCAWkBZwB2AId1v+dZfPiMQ5lfvfNu/1aNR1Y2/0q1YMG06v9eoIMPAAABZkQe
h7MAAAQDAEcwRQIgRBmLCLgZCCf9K4YHnI4eB5suYWxPzic9aD/SxFKkpAoCIQCx
5K/j58mEOORWBznGfnKT30LUBR/5KSLZ0hLLHLqGHwB2AFWB1MIWkDYBSuoLm1c8
U/DA5Dh4cCUIFy+jqh0HE9MMAAABZkQeh8MAAAQDAEcwRQIhAMm9dkeYUSjO5hxg
C/2njuvc5ZElE0NNkciRJ0B1AYTrAiBOZsaSSL0Twh9JGF45gHY4bF5lFCxMPLuF
a+gH95Z+xgB1ALvZ37wfinG1k5Qjl6qSe0c4V5UKq1LoGpCWZDaOHtGFAAABZkQe
h9kAAAQDAEYwRAIgIP1qHGrym2u3zjBF7kr0Cr71932N0uPDhf3PbvaWIfoCICUU
ECNi3X5+whpDC6lTAKdc9lkKQuufpJgnfUbD1acTMA4GA1UdDwEB/wQEAwIFoDAd
BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwaAYIKwYBBQUHAQEEXDBaMCMG
CCsGAQUFBzABhhdodHRwOi8vb2NzcC5lbnRydXN0Lm5ldDAzBggrBgEFBQcwAoYn
aHR0cDovL2FpYS5lbnRydXN0Lm5ldC9sMW0tY2hhaW4yNTYuY2VyMDMGA1UdHwQs
MCowKKAmoCSGImh0dHA6Ly9jcmwuZW50cnVzdC5uZXQvbGV2ZWwxbS5jcmwwSgYD
VR0gBEMwQTA2BgpghkgBhvpsCgECMCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly93d3cu
ZW50cnVzdC5uZXQvcnBhMAcGBWeBDAEBMB8GA1UdIwQYMBaAFMP30LUqMK2vDZEh
cDlU3byJcMc6MB0GA1UdDgQWBBQaTDZ195FxrreL/bDjbs041P3mBzAJBgNVHRME
AjAAMA0GCSqGSIb3DQEBCwUAA4IBAQBB/Irl7jjGIfZsHVR0CIHFocR7NviEs2nC
bgueGS6/s2pu//syCZ1hkOJ5637TyxK8bXanbBiT7qBzhuCAAvZzLOtasYNgTP3j
flCF+DiaixztdO1OjvTcNY9yAhdD/63blYSLsIh/uFP1ml0s2C1jCW1x2OjxJltS
3cORxNvVj0iYP224MkByJ+lcsCdW2KTSmuhiGpMhjgHKLLFGDTE2eWe0KgBlp0TV
KoCVCW98hbjqCUOSlSp+7DKKKeIMJR33ah3Z2abfl6iaOtsR67uZrqj8L4O9iinz
cUaAlqovipzXO5zYRBaGb+Gr7cy4lJu2+MaxxybfTxRwJ2txH3Rr
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwPqFOtsTxeCdEWkKF3Wf
aXyUMLlldyDIoNQ9quL2MdyduHKHOYRyWNSJzqWxsEWm2/Yt4iO0twCfMcnc6pX5
hTwbqYg+foMXwShunsAZyCx9RiaLU4MNtBf1+PX1CFrB5sQ+WDqTb9RHqaJCgnvS
gN8VkPjvVS26xls9M+zAxZo+dsNokKrPYEYa0oLPN6yaa0Czs4UunoFA90UB6zxw
v+cHyrU/3YK5dCW1LF+OatsNnNg5B6yx9IP0eNKoKPvwM5Iy/JrbSS7UBmwMlkUg
rtpK2qOhf4yLIJ0tDo2yWTHClNhErixTraBg2qatuFJ+3KK8JD8lCUD0si9zYUvo
2wIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 330661951593484875073470494727014910681
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Entrust, Inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'See www.entrust.net/legal-terms'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '(c) 2014 Entrust, Inc. - for authorized use only'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Entrust Certification Authority - L1M'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2018-10-05 11:35:43 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-10-31 12:05:42 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'ZA'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Western Cape'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Cape Town'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.60.2.1.3 (jurisdictionOfIncorporationC)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'ZA'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Old Mutual Life Assurance Company (South Africa) Ltd'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.15 (businessCategory)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Private Organization'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.5 (serialNumber)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '1999/004643/06'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'secure.dcc.oldmutual.co.za'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 24361290781438125303181904240975629935998417525035458785220902706148306631984639623446943698526254361545353005221660842563463088890386087797258856426655389238335657304170698067429496893750509301957755472250308140816218178975780169401372899267002457950479338524289162056061027506584945757072607636697130550342858811236692781983030038820902372571834635932874612151097278128052177391550070219081157679893528239726653084710184695908004011383120413843801834742866293211267353198673281277428045538229473616035788671607603498083577371990407377695400890074810962079930420782280576786663585013601897457098659362113282714101979
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (30 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'secure.dcc.oldmutual.co.za'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (365 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (361 bytes)
							01670076008775bfe7597cf88c43995fbdf36eff568d475636ff4ab560c1b4eaff5ea0830f00000166441e87b30000040300473045022044198b08b8190827fd2b86079c8e1e079b2e616c4fce273d683fd2c452a4a40a022100b1e4afe3e7c98438e4560739c67e7293df42d4051ff92922d9d212cb1cba861f0076005581d4c2169036014aea0b9b573c53f0c0e43878702508172fa3aa1d0713d30c00000166441e87c30000040300473045022100c9bd7647985128cee61c600bfda78eebdce5912513434d91c8912740750184eb02204e66c69248bd13c21f49185e398076386c5e65142c4c3cbb856be807f7967ec6007500bbd9dfbc1f8a71b593942397aa927b473857950aab52e81a909664368e1ed18500000166441e87d90000040300463044022020fd6a1c6af29b6bb7ce3045ee4af40abef5f77d8dd2e3c385fdcf6ef69621fa02202514102362dd7e7ec21a430ba95300a75cf6590a42eb9fa498277d46c3d5a713
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (92 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.entrust.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://aia.entrust.net/l1m-chain256.cer'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (44 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.entrust.net/level1m.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (67 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.114028.10.1.2 (Entrust EV policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.entrust.net/rpa'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.1
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName c3f7d0b52a30adaf0d9121703954ddbc8970c73a
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							1a4c3675f79171aeb78bfdb0e36ecd38d4fde607
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		0041fc8ae5ee38c621f66c1d54740881c5a1c47b36f884b369c26e0b9e192ebfb36a6efffb32099d6190e279eb7ed3cb12bc6d76a76c1893eea07386e08002f6732ceb5ab183604cfde37e5085f8389a8b1ced74ed4e8ef4dc358f72021743ffaddb95848bb0887fb853f59a5d2cd82d63096d71d8e8f1265b52ddc391c4dbd58f48983f6db832407227e95cb02756d8a4d29ae8621a93218e01ca2cb1460d31367967b42a0065a744d52a8095096f7c85b8ea094392952a7eec328a29e20c251df76a1dd9d9a6df97a89a3adb11ebbb99aea8fc2f83bd8a29f371468096aa2f8a9cd73b9cd84416866fe1abedccb8949bb6f8c6b1c726df4f1470276b711f746b