extern.cic.gc.ca
- Citizenship and Immigration Canada -
Issued by Entrust Certification Authority - L1K
About this certificate
This digital certificate with serial number 7e:ee:61:18:b2:24:f2:4a:19:38:9a:17:9f:da:9e:c8 was issued on by Entrust, Inc..
With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
- Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)
Citizenship and Immigration Canada
Organization:
Citizenship and Immigration Canada
State / Province:
Ontario
Locality: Ottawa
Country: CA
Locality: Ottawa
Country: CA
Entrust, Inc.
Organization:
Entrust, Inc.
Organization unit: See www.entrust.net/legal-terms
Organization unit: (c) 2012 Entrust, Inc. - for authorized use only
Organization unit: See www.entrust.net/legal-terms
Organization unit: (c) 2012 Entrust, Inc. - for authorized use only
Country:
US
This certificate will expire on
Certificate Details
Serial Number (hex): 7e:ee:61:18:b2:24:f2:4a:19:38:9a:17:9f:da:9e:c8Serial Number (int): 168720463471571140773116009517957160648
Serial Number lenght: 127 bits, 16 octets
SubjectKeyId: 47:4c:bf:63:9f:b6:f1:8e:2f:b2:d9:2d:38:29:d6:71:36:6a:e9:be
AuthorityKeyId: 82:a2:70:74:dd:bc:53:3f:cf:7b:d4:f7:cd:7f:a7:60:c6:0a:4c:bf
Fingerprint (sha1): ea:8e:46:9d:d9:5e:e4:3b:9c:4e:80:4d:0a:af:cd:5d:42:8b:19:e5
Fingerprint (sha256): 15:4d:6e:b7:8c:8e:3e:77:46:e3:6d:b1:14:37:69:52:55:55:ed:25:3d:ea:2d:3b:89:6d:99:01:36:16:2a:5f
Issuing Certificate URL: http://aia.entrust.net/l1k-chain256.cer
Revocation information
OCSP Server: http://ocsp.entrust.netCRL Distribution Point: http://crl.entrust.net/level1k.crl
Check the revocation status for certificate extern.cic.gc.ca
2
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for extern.cic.gc.ca
Public Key Algorithm
RSA
Key Size
3072
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Extensions
10 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
extern.cic.gc.ca
www.extern.cic.gc.ca
www.extern.cic.gc.ca
Other certificates including the domain name cic.gc.ca
(limited to 100 certificates)
Secure.cic.gc.ca
remote.cic.gc.ca
refugee-refugie-development.apps.cic.gc.ca
refugee-refugie-staging.apps.cic.gc.ca
newgcs-nouveaussc.cic.gc.ca
cic.gc.ca
icare-iedec.cic.gc.ca
gcs-ssc-stg.cic.gc.ca
portal-portail.apps.cic.gc.ca
prson-srpel-emergency-fix.apps.cic.gc.ca
refugee-refugie-system-test.apps.cic.gc.ca
gcmsjobbank-SYSTESTMEL.cic.gc.ca
eservices.cic.gc.ca
extern.cic.gc.ca
cic.gc.ca
*.cic.gc.ca
mobile.cic.gc.ca
services3.cic.gc.ca
pgp-sandbox.apps.cic.gc.ca
fpt.crp-cpr.apps.cic.gc.ca
ct-tc-pef.apps.cic.gc.ca
gcmsjobbank-PRD.cic.gc.ca
frs-stg.cic.gc.ca
gccic-psoft-gchrms-ig.cic.gc.ca
cicgatewaysigning-aus.cic.gc.ca
extern.cic.gc.ca
refugee-refugie-sandbox.apps.cic.gc.ca
frs-prd.cic.gc.ca
passport-passeport-dev.apps.cic.gc.ca
gccic-psoft-ig-gc89cert.cic.gc.ca
prt-srp.apps.cic.gc.ca
gcs-ssc.cic.gc.ca
onlineservices-servicesenligne.cic.gc.ca
extern.cic.gc.ca
gcmsjobbank-STG.cic.gc.ca
citapply-citdemande.apps.cic.gc.ca
mobile.cic.gc.ca
pgp-development.apps.cic.gc.ca
ccps-stcc-trn.cic.gc.ca
sra-ads.cic.gc.ca
pgp-sandbox.apps.cic.gc.ca
onlineservices-servicesenligne.cic.gc.ca
gcmssir-prd.cic.gc.ca
eservices.cic.gc.ca
extern.cic.gc.ca
refugee-refugie.apps.cic.gc.ca
portal-portail.apps.cic.gc.ca
gcmscasestatus-PRD.cic.gc.ca
*.ra.apps.cic.gc.ca
extern.cic.gc.ca
api.a2sc-csa2-dev.apps.cic.gc.ca
mobile.cic.gc.ca
*.infra.apps.cic.gc.ca
tempo-pef.cic.gc.ca
gcmsjobbank-STG.cic.gc.ca
citapply-citdemande-dev.apps.cic.gc.ca
cicgatewaysigning-aus.cic.gc.ca
esubmission-soumissionenligne.cic.gc.ca
icare-iedec-train.canada.ca
gcs-ssc-stg.cic.gc.ca
extern.cic.gc.ca
gcs-ssc.cic.gc.ca
refugee-refugie-emergency-fix.apps.cic.gc.ca
gcs-ssc-stg.cic.gc.ca
CICPRCard.cic.gc.ca
extern.cic.gc.ca
pgp.cic.gc.ca
citapply-citdemande.apps.cic.gc.ca
services3.cic.gc.ca
gcs-ssc-sys.cic.gc.ca
frs-ste.cic.gc.ca
api.pgp-vt-ov-sandbox.apps.cic.gc.ca
tempo-trn.cic.gc.ca
MAIL.cic.gc.ca
icare-iedec-train.canada.ca
gcmsjobbank-PRD.cic.gc.ca
tempo-pte.cic.gc.ca
b.sra-ads.cic.gc.ca
specialmeasures-mesuresspeciales-emergency-fix.apps.cic.gc.ca
extern.cic.gc.ca
gcmsjobbank-PRD.cic.gc.ca
icare-iedec.cic.gc.ca
tempo-ste.cic.gc.ca
ra.apps.cic.gc.ca
a.sra-ads.cic.gc.ca
onlineservices-servicesenligne.cic.gc.ca
thingate.cic.gc.ca
*.cic.gc.ca
gcs-ssc.cic.gc.ca
cicgateway-dev.cic.gc.ca
gcs-ssc-stg.cic.gc.ca
icare-iedec.cic.gc.ca
NJES1S1106.CI.GC.CA
gcmsPIL005-SYSTESTMEL.cic.gc.ca
frs-ste.cic.gc.ca
cic.gc.ca
gcs-ssc.cic.gc.ca
icare-iedec.cic.gc.ca
dmp-portal.cic.gc.ca
gcs-ssc.cic.gc.ca
remote.cic.gc.ca
refugee-refugie-development.apps.cic.gc.ca
refugee-refugie-staging.apps.cic.gc.ca
newgcs-nouveaussc.cic.gc.ca
cic.gc.ca
icare-iedec.cic.gc.ca
gcs-ssc-stg.cic.gc.ca
portal-portail.apps.cic.gc.ca
prson-srpel-emergency-fix.apps.cic.gc.ca
refugee-refugie-system-test.apps.cic.gc.ca
gcmsjobbank-SYSTESTMEL.cic.gc.ca
eservices.cic.gc.ca
extern.cic.gc.ca
cic.gc.ca
*.cic.gc.ca
mobile.cic.gc.ca
services3.cic.gc.ca
pgp-sandbox.apps.cic.gc.ca
fpt.crp-cpr.apps.cic.gc.ca
ct-tc-pef.apps.cic.gc.ca
gcmsjobbank-PRD.cic.gc.ca
frs-stg.cic.gc.ca
gccic-psoft-gchrms-ig.cic.gc.ca
cicgatewaysigning-aus.cic.gc.ca
extern.cic.gc.ca
refugee-refugie-sandbox.apps.cic.gc.ca
frs-prd.cic.gc.ca
passport-passeport-dev.apps.cic.gc.ca
gccic-psoft-ig-gc89cert.cic.gc.ca
prt-srp.apps.cic.gc.ca
gcs-ssc.cic.gc.ca
onlineservices-servicesenligne.cic.gc.ca
extern.cic.gc.ca
gcmsjobbank-STG.cic.gc.ca
citapply-citdemande.apps.cic.gc.ca
mobile.cic.gc.ca
pgp-development.apps.cic.gc.ca
ccps-stcc-trn.cic.gc.ca
sra-ads.cic.gc.ca
pgp-sandbox.apps.cic.gc.ca
onlineservices-servicesenligne.cic.gc.ca
gcmssir-prd.cic.gc.ca
eservices.cic.gc.ca
extern.cic.gc.ca
refugee-refugie.apps.cic.gc.ca
portal-portail.apps.cic.gc.ca
gcmscasestatus-PRD.cic.gc.ca
*.ra.apps.cic.gc.ca
extern.cic.gc.ca
api.a2sc-csa2-dev.apps.cic.gc.ca
mobile.cic.gc.ca
*.infra.apps.cic.gc.ca
tempo-pef.cic.gc.ca
gcmsjobbank-STG.cic.gc.ca
citapply-citdemande-dev.apps.cic.gc.ca
cicgatewaysigning-aus.cic.gc.ca
esubmission-soumissionenligne.cic.gc.ca
icare-iedec-train.canada.ca
gcs-ssc-stg.cic.gc.ca
extern.cic.gc.ca
gcs-ssc.cic.gc.ca
refugee-refugie-emergency-fix.apps.cic.gc.ca
gcs-ssc-stg.cic.gc.ca
CICPRCard.cic.gc.ca
extern.cic.gc.ca
pgp.cic.gc.ca
citapply-citdemande.apps.cic.gc.ca
services3.cic.gc.ca
gcs-ssc-sys.cic.gc.ca
frs-ste.cic.gc.ca
api.pgp-vt-ov-sandbox.apps.cic.gc.ca
tempo-trn.cic.gc.ca
MAIL.cic.gc.ca
icare-iedec-train.canada.ca
gcmsjobbank-PRD.cic.gc.ca
tempo-pte.cic.gc.ca
b.sra-ads.cic.gc.ca
specialmeasures-mesuresspeciales-emergency-fix.apps.cic.gc.ca
extern.cic.gc.ca
gcmsjobbank-PRD.cic.gc.ca
icare-iedec.cic.gc.ca
tempo-ste.cic.gc.ca
ra.apps.cic.gc.ca
a.sra-ads.cic.gc.ca
onlineservices-servicesenligne.cic.gc.ca
thingate.cic.gc.ca
*.cic.gc.ca
gcs-ssc.cic.gc.ca
cicgateway-dev.cic.gc.ca
gcs-ssc-stg.cic.gc.ca
icare-iedec.cic.gc.ca
NJES1S1106.CI.GC.CA
gcmsPIL005-SYSTESTMEL.cic.gc.ca
frs-ste.cic.gc.ca
cic.gc.ca
gcs-ssc.cic.gc.ca
icare-iedec.cic.gc.ca
dmp-portal.cic.gc.ca
gcs-ssc.cic.gc.ca
Certificate
The complete raw certificate details for extern.cic.gc.ca in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIFsjCCBJqgAwIBAgIQfu5hGLIk8koZOJoXn9qeyDANBgkqhkiG9w0BAQsFADCB ujELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsT H1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAy MDEyIEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEuMCwG A1UEAxMlRW50cnVzdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEwxSzAeFw0y NDAzMDUxNzAyNDVaFw0yNTA0MDUxNzAyNDRaMHgxCzAJBgNVBAYTAkNBMRAwDgYD VQQIEwdPbnRhcmlvMQ8wDQYDVQQHEwZPdHRhd2ExKzApBgNVBAoTIkNpdGl6ZW5z aGlwIGFuZCBJbW1pZ3JhdGlvbiBDYW5hZGExGTAXBgNVBAMTEGV4dGVybi5jaWMu Z2MuY2EwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQCrqRKlSm4NEoJM B3Ph0/BYNxftOFST7csEYn/uP9XvTwpY9ftVZL/ook+ZOUGMJ6IjndJjR5st2Fy2 sBE+tXuz2f+MSIBkDPDypal3wtvgJvi5zWcClRmjaG7NsNwUz59L6bujzHO1m35W 8jzcnhaRWUszKhtq33Q5B1eIFkkeiL/x7yysrmUTjeQKPT2eRX/tGXQGPwHCZ56z JNgGPIuwYeAyOcEescA97KhdWbZmbWvCEhXC8CzPRb2XDFQ5XT7MPei2iWZlNXqR BP0m3vhxm2mmLyVI2l+OCQiZKtLyYIAWcSoVnvAEZlaI1kbsFRdtkJADTkmK970J /ZXgDaPoAFmE/98KT/3UXJuiCbBH/7GZO5VeTJ7djmDTmuj/7vWRHdgPSFB+93jx pkYnWrLv4B6OWFSMlFY8W6Klv4/Qx2PJPh65mm3wyxHali1ylXDrXGY+VbopAXeU IADuZeKwBMr8a//6sQtdAe1LjcA/AvwwfARr5SV3LiyYVCtNY+UCAwEAAaOCAXMw ggFvMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFEdMv2OftvGOL7LZLTgp1nE2aum+ MB8GA1UdIwQYMBaAFIKicHTdvFM/z3vU981/p2DGCky/MGgGCCsGAQUFBwEBBFww WjAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZW50cnVzdC5uZXQwMwYIKwYBBQUH MAKGJ2h0dHA6Ly9haWEuZW50cnVzdC5uZXQvbDFrLWNoYWluMjU2LmNlcjAzBgNV HR8ELDAqMCigJqAkhiJodHRwOi8vY3JsLmVudHJ1c3QubmV0L2xldmVsMWsuY3Js MDEGA1UdEQQqMCiCEGV4dGVybi5jaWMuZ2MuY2GCFHd3dy5leHRlcm4uY2ljLmdj LmNhMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcDATATBgNVHSAE DDAKMAgGBmeBDAECAjATBgorBgEEAdZ5AgQDAQH/BAIFADANBgkqhkiG9w0BAQsF AAOCAQEArO1bJKyWJs21XmHVC/zoGHkBhthKCIK4XJYglbqJl9CkslIqihOYr96Y Ag/hvdjT2d4yTUHJi5QAgkx+vkgAmhQ4GXXWuLgOAhbTAXANFpyyFdM6bqe0aO5V 5ATxK6n7N8INAKe00269AK6Oop49OiVmFUcQXRVhpAVzmtG6S3erEX0DMc6FCtqf hX/RL78DBonNQo8mrWxRclxiI5aZWkDdIJ5kU07X1gMMox3k/2GZkRdpj65aJoAM xtB0QjIUgcazV1C5mCcWrYgBtmFKrndb1knwLsIc0W1883UI9HA1QaC8WnhjDbSv Vb+zDZi2Y9gWR+wA3YCFa2vPgO07Tg== -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAq6kSpUpuDRKCTAdz4dPw WDcX7ThUk+3LBGJ/7j/V708KWPX7VWS/6KJPmTlBjCeiI53SY0ebLdhctrARPrV7 s9n/jEiAZAzw8qWpd8Lb4Cb4uc1nApUZo2huzbDcFM+fS+m7o8xztZt+VvI83J4W kVlLMyobat90OQdXiBZJHoi/8e8srK5lE43kCj09nkV/7Rl0Bj8BwmeesyTYBjyL sGHgMjnBHrHAPeyoXVm2Zm1rwhIVwvAsz0W9lwxUOV0+zD3otolmZTV6kQT9Jt74 cZtppi8lSNpfjgkImSrS8mCAFnEqFZ7wBGZWiNZG7BUXbZCQA05Jive9Cf2V4A2j 6ABZhP/fCk/91FybogmwR/+xmTuVXkye3Y5g05ro/+71kR3YD0hQfvd48aZGJ1qy 7+AejlhUjJRWPFuipb+P0MdjyT4euZpt8MsR2pYtcpVw61xmPlW6KQF3lCAA7mXi sATK/Gv/+rELXQHtS43APwL8MHwEa+Uldy4smFQrTWPlAgMBAAE= -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 168720463471571140773116009517957160648 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Entrust, Inc.' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'See www.entrust.net/legal-terms' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '(c) 2012 Entrust, Inc. - for authorized use only' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Entrust Certification Authority - L1K' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-03-05 17:02:45 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-04-05 17:02:44 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CA' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Ontario' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Ottawa' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Citizenship and Immigration Canada' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'extern.cic.gc.ca' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3184 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 3895623147690949248051415112343622662454912416945586036402692074543080008374950413552087624264977264895982441946402304517432365287301281529544310853997441889127392052765827969081620728737695084762388422506023614291635049372280497910104250498599530862093187915003635926383728724419264616701575274971462664611316594539100253106343898819314723720895245604121332597695885893219171733388977986801509180652785826666429450728686385139476554067686138114544254978842834849235480630456163543430029339134754020551129316917423031345742207499085056982068728817845960809689312380553067237798947848704768948502669140766583215845998017894265874013808540064908289935091285334534929329602062255462373428956710173380404697104536648298429687476879060036648925771001838394488003970697298708447132908872946133064516446230535187881805071647426815595757324683712565125708192051337548746709291378259870909236366348845810592750988213578294995490530277 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) 474cbf639fb6f18e2fb2d92d3829d671366ae9be . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 82a27074ddbc533fcf7bd4f7cd7fa760c60a4cbf . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (92 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.entrust.net' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://aia.entrust.net/l1k-chain256.cer' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (44 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.entrust.net/level1k.crl' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (42 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'extern.cic.gc.ca' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.extern.cic.gc.ca' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 00aced5b24ac9626cdb55e61d50bfce818790186d84a0882b85c962095ba8997d0a4b2522a8a1398afde98020fe1bdd8d3d9de324d41c98b9400824c7ebe48009a14381975d6b8b80e0216d301700d169cb215d33a6ea7b468ee55e404f12ba9fb37c20d00a7b4d36ebd00ae8ea29e3d3a25661547105d1561a405739ad1ba4b77ab117d0331ce850ada9f857fd12fbf030689cd428f26ad6c51725c622396995a40dd209e64534ed7d6030ca31de4ff61999117698fae5a26800cc6d07442321481c6b35750b9982716ad8801b6614aae775bd649f02ec21cd16d7cf37508f4703541a0bc5a78630db4af55bfb30d98b663d81647ec00dd80856b6bcf80ed3b4e