www.donegalgroup.com

- Donegal Group Inc -

Issued by Entrust Certification Authority - L1M

About this certificate

This digital certificate with serial number 54:cc:20:9a was issued on by Entrust, Inc..

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)
  • The keyUsage extension SHOULD be critical (RFC 5280: 4.2.1.3)

Donegal Group Inc

Company registration number: 2099963
Organization: Donegal Group Inc
State / Province: Pennsylvania
Locality: Marietta
Country: US

Entrust, Inc.

Organization: Entrust, Inc.
Organization unit: See www.entrust.net/legal-terms
Organization unit: (c) 2014 Entrust, Inc. - for authorized use only
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 54:cc:20:9a
Serial Number (int): 1422663834
Serial Number lenght: 31 bits, 4 octets

SubjectKeyId: 19:85:5b:22:4c:e1:c5:64:5b:6f:a2:e6:88:0c:2b:03:6a:ba:83:8d
AuthorityKeyId: c3:f7:d0:b5:2a:30:ad:af:0d:91:21:70:39:54:dd:bc:89:70:c7:3a

Fingerprint (sha1): 8f:7c:d1:bd:1e:95:31:80:4b:0e:12:62:80:9e:78:0e:c5:8b:76:e6
Fingerprint (sha256): 16:3b:23:38:d6:58:39:6b:60:aa:74:24:75:44:07:6c:3b:7d:5b:80:3e:a0:4c:e8:b0:a4:67:fd:d9:d6:55:72

Issuing Certificate URL: http://aia.entrust.net/l1m-chain256.cer

Revocation information

OCSP Server: http://ocsp.entrust.net
CRL Distribution Point: http://crl.entrust.net/level1m.crl

Check the revocation status for certificate www.donegalgroup.com

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for www.donegalgroup.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

www.donegalgroup.com
donegalgroup.com

Other certificates including the domain name donegalgroup.com

(limited to 100 certificates)
qa-user.donegalgroup.com
test-gw-lem-iso.donegalgroup.com
www.donegalgroup.com
test-www.donegalgroup.com
test-qtest-jira.donegalgroup.com
test-cdn.donegalgroup.com
esig.donegalgroup.com
leapfrog-ssl-55.gcs-web.com
selfservice.donegalgroup.com
pilotprod-writebiz.donegalgroup.com
test-www.donegalgroup.com
test-external-ws.donegalgroup.com
sharepoint.donegalgroup.com
test-vueapp2.donegalgroup.com
test-qtest-jira.donegalgroup.com
leapfrog-ssl-55.gcs-web.com
guestportal.donegalgroup.com
qa-external-ws.donegalgroup.com
www.donegalgroup.com
ts-test.donegalgroup.com
test-mobile.donegalgroup.com
mobile.donegalgroup.com
qa-user.donegalgroup.com
test-www.donegalgroup.com
leapfrog-ssl-55.gcs-web.com
test-vueapp.donegalgroup.com
writebiz.donegalgroup.com
test-www.donegalgroup.com
my.donegalgroup.com
leapfrog-ssl-55.gcs-web.com
test-wsag.donegalgroup.com
nautilus.donegalgroup.com
dmi-frw-barracuda.donegalgroup.com
leapfrog-ssl-55.gcs-web.com
qa-www.donegalgroup.com
writebiz.donegalgroup.com
qa-cdn.donegalgroup.com
test-www.donegalgroup.com
test-digportal.donegalgroup.com
vue.donegalgroup.com
api.donegalgroup.com
api.donegalgroup.com
vpn-dr.donegalgroup.com
qa-www.donegalgroup.com
pas.donegalgroup.com
test-user.donegalgroup.com
pas.donegalgroup.com
sso.donegalgroup.com
writebiz.donegalgroup.com
expressway1pri.donegalgroup.com
qa-external-ws.donegalgroup.com
test-writepro.donegalgroup.com
prod-qtest-jira.donegalgroup.com
test-external-ws.donegalgroup.com
esig.donegalgroup.com
qa-user.donegalgroup.com
test-writebiz.donegalgroup.com
test-wbportal.donegalgroup.com
qa-cdn.donegalgroup.com
qa-www.donegalgroup.com
mergers.donegalgroup.com
wbportal.donegalgroup.com
leapfrog-ssl-55.gcs-web.com
teradiciconsole.donegalgroup.com
remotedesktop.donegalgroup.com
smtp.donegalgroup.com
leapfrog-ssl-55.gcs-web.com
wb-portal.donegalgroup.com
leapfrog-ssl-55.gcs-web.com
cdn.donegalgroup.com
test-user.donegalgroup.com
www.donegalgroup.com
isosearchtst.donegalgroup.com
ts-test.donegalgroup.com
expressway1sec.donegalgroup.com
test-vue.donegalgroup.com
test-gw-symbility.donegalgroup.com
perf-vueapp2.donegalgroup.com
qa-user.donegalgroup.com
writepro.donegalgroup.com
www.donegalgroup.com
perf-www.donegalgroup.com
test-user.donegalgroup.com
losscontrol.donegalgroup.com
director.donegalgroup.com
test-wsag.donegalgroup.com
losscontrol.donegalgroup.com
cdn.donegalgroup.com
seg.donegalgroup.com
ts-prod.donegalgroup.com
leapfrog-ssl-55.gcs-web.com
external-ws.donegalgroup.com
www.donegalgroup.com
test-vue2.donegalgroup.com
writebizqa.donegalgroup.com
cdn.donegalgroup.com
leapfrog-ssl-55.gcs-web.com
writepro.donegalgroup.com
user.donegalgroup.com
www.donegalgroup.com

Certificate

The complete raw certificate details for www.donegalgroup.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIHmDCCBoCgAwIBAgIEVMwgmjANBgkqhkiG9w0BAQsFADCBujELMAkGA1UEBhMC
VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50
cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDE0IEVudHJ1c3Qs
IEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEuMCwGA1UEAxMlRW50cnVz
dCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEwxTTAeFw0xNTA2MjUxNzI5NDJa
Fw0xNzAxMDEwMjE4MDRaMIHTMQswCQYDVQQGEwJVUzEVMBMGA1UECBMMUGVubnN5
bHZhbmlhMREwDwYDVQQHEwhNYXJpZXR0YTETMBEGCysGAQQBgjc8AgEDEwJVUzEZ
MBcGCysGAQQBgjc8AgECEwhEZWxhd2FyZTEaMBgGA1UEChMRRG9uZWdhbCBHcm91
cCBJbmMxHTAbBgNVBA8TFFByaXZhdGUgT3JnYW5pemF0aW9uMRAwDgYDVQQFEwcy
MDk5OTYzMR0wGwYDVQQDExR3d3cuZG9uZWdhbGdyb3VwLmNvbTCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBALZEm8J1I4lT5sgoZCRU+VoLnQVAg/K7JEWA
1iVwawJZM8VZD8N2f23ceCnIUvaG3IhcnPOEOMyQnIROyIK3OYLnvIj+lKXk3Eus
GindWP9x8S9iRk476sA+dq1F2oqdH4ttlbEgWCe2JrEEFrnsz8E9AqFsLAfEvNgr
JVya5UfVhJxIhggckUy55KAQjxpIxurC5YVcWHQVdKZOEyOSV92/L28iz3t0wvSZ
LhBjk84YEJ09aWBbWRV+GSPEAHByp0beygs1EzOMacBgfkLg5y+B2/zOMsSxDVXK
JL4H+uAFSsGlLferpq8IC2hIb3h3ppNiQV2aegPx/LeLjV6++08CAwEAAaOCA4kw
ggOFMDEGA1UdEQQqMCiCFHd3dy5kb25lZ2FsZ3JvdXAuY29tghBkb25lZ2FsZ3Jv
dXAuY29tMIIB9QYKKwYBBAHWeQIEAgSCAeUEggHhAd8AdQBo9pj4H2SCvjqM7rko
HUz8cVFdZ5PURNEKZ6y7T0/7xAAAAU4r30psAAAEAwBGMEQCIGBtCUbsPYpPj73n
d+3Ik+go915cMi9ikdNshXAbkYPHAiAa4ONfgmGUtVXxQ3AUR7Z3eE0UCeG1UYUe
0+HJifoPowB1AFYUBpov18Ls0/XhvUSyPsdGdrm8mRFcwO+UmFXWidDdAAABTivf
TiAAAAQDAEYwRAIgaD1ul3jcN3RkgmUanzX4Da2wRcXOOo2fOB7vRHJwu4MCIAvW
AOdUMPq7H3VAhDbyDjGKSigZT5TsgpK4YCrshSMSAHcApLkJkLQYWBSHuxOizGdw
Cjw1mAT5G9+443fNDsgN3BAAAAFOK99O7QAABAMASDBGAiEAnqoIc22mIsTK2iNC
sAwcGMR1LvIvuuY0PHyURcj+fUACIQD48ulY3U8ZTn5yu54eg3mSP6jMEOiTLFjB
K3LnO1fLkgB2AO5Lvbd1zmC64UJpH6vhnmajD35fsHLYgwDEe4l6qP3LAAABTivf
V6kAAAQDAEcwRQIgGCpb46zmWDvHxbtQBRld3LG3A12179f1Aey9ynX+JpgCIQCu
fOMeiMxuAtLqaRqt5z03ut5FrztGJhzkrdeq0/NlkjALBgNVHQ8EBAMCBaAwHQYD
VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMGgGCCsGAQUFBwEBBFwwWjAjBggr
BgEFBQcwAYYXaHR0cDovL29jc3AuZW50cnVzdC5uZXQwMwYIKwYBBQUHMAKGJ2h0
dHA6Ly9haWEuZW50cnVzdC5uZXQvbDFtLWNoYWluMjU2LmNlcjAzBgNVHR8ELDAq
MCigJqAkhiJodHRwOi8vY3JsLmVudHJ1c3QubmV0L2xldmVsMW0uY3JsMEEGA1Ud
IAQ6MDgwNgYKYIZIAYb6bAoBAjAoMCYGCCsGAQUFBwIBFhpodHRwOi8vd3d3LmVu
dHJ1c3QubmV0L3JwYTAfBgNVHSMEGDAWgBTD99C1KjCtrw2RIXA5VN28iXDHOjAd
BgNVHQ4EFgQUGYVbIkzhxWRbb6LmiAwrA2q6g40wCQYDVR0TBAIwADANBgkqhkiG
9w0BAQsFAAOCAQEAAV2BIq6NRvlHRqv/kObzMMVFkl/M3hEctKWaSdkg0fXDNHxc
tMr9/qbAnA1GfeFwYvk2F8Y8dHzsnZ7sktGP+Aj5kgVzN0dRISPGvV6mun+vVG9e
PCmw2xtCmEPesTFAMe4TyryzD80Exebme4qXMd/zUJ7XxsOd7gxb9IBH+MH3oCFe
VifJR+iTcmwhLQDMCM74PN7TdWcAtQ2JW5uPkBC4O35vnH6RVeoawX/IV4Qr2HU7
KQHph/I8PsHGqtYKPdcBnnGdvM0kQ5RvX0Y/wAaeP/PvVRyMgdktwiW0o9k7VHsE
o2Axe+kKgwfA5qAN/X8/i0pxDXKT8HIW5q3aNQ==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtkSbwnUjiVPmyChkJFT5
WgudBUCD8rskRYDWJXBrAlkzxVkPw3Z/bdx4KchS9obciFyc84Q4zJCchE7Igrc5
gue8iP6UpeTcS6waKd1Y/3HxL2JGTjvqwD52rUXaip0fi22VsSBYJ7YmsQQWuezP
wT0CoWwsB8S82CslXJrlR9WEnEiGCByRTLnkoBCPGkjG6sLlhVxYdBV0pk4TI5JX
3b8vbyLPe3TC9JkuEGOTzhgQnT1pYFtZFX4ZI8QAcHKnRt7KCzUTM4xpwGB+QuDn
L4Hb/M4yxLENVcokvgf64AVKwaUt96umrwgLaEhveHemk2JBXZp6A/H8t4uNXr77
TwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 1422663834
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Entrust, Inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'See www.entrust.net/legal-terms'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '(c) 2014 Entrust, Inc. - for authorized use only'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Entrust Certification Authority - L1M'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2015-06-25 17:29:42 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2017-01-01 02:18:04 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Pennsylvania'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Marietta'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.60.2.1.3 (jurisdictionOfIncorporationC)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.60.2.1.2 (jurisdictionOfIncorporationSP)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Delaware'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Donegal Group Inc'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.15 (businessCategory)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Private Organization'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.5 (serialNumber)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '2099963'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.donegalgroup.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 23009203584522166761189745980398518011316147343686240800627559624062669020927899824219625256244337599515320414797999748292198862973357778466823753468690321329211869751011961377652255020318599670898874344472724366214780677039338265985780546745284876881678467278091608019667297203767014372485969021043895824153439357685844871163166041117401712759872708268729890836413808530284113071516042291148642202477048221767711263570406882993930214598118054271461439115009250226554312328887952313253515167696195565295332230574616278079614647925087324009427447831947428091608791914355336400260373267117683053948138529298825288285007
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (42 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.donegalgroup.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'donegalgroup.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (485 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (481 bytes)
							01df00750068f698f81f6482be3a8ceeb9281d4cfc71515d6793d444d10a67acbb4f4ffbc40000014e2bdf4a6c00000403004630440220606d0946ec3d8a4f8fbde777edc893e828f75e5c322f6291d36c85701b9183c702201ae0e35f826194b555f143701447b677784d1409e1b551851ed3e1c989fa0fa30075005614069a2fd7c2ecd3f5e1bd44b23ec74676b9bc99115cc0ef949855d689d0dd0000014e2bdf4e2000000403004630440220683d6e9778dc37746482651a9f35f80dadb045c5ce3a8d9f381eef447270bb8302200bd600e75430fabb1f75408436f20e318a4a28194f94ec8292b8602aec852312007700a4b90990b418581487bb13a2cc67700a3c359804f91bdfb8e377cd0ec80ddc100000014e2bdf4eed00000403004830460221009eaa08736da622c4cada2342b00c1c18c4752ef22fbae6343c7c9445c8fe7d40022100f8f2e958dd4f194e7e72bb9e1e8379923fa8cc10e8932c58c12b72e73b57cb92007600ee4bbdb775ce60bae142691fabe19e66a30f7e5fb072d88300c47b897aa8fdcb0000014e2bdf57a900000403004730450220182a5be3ace6583bc7c5bb5005195ddcb1b7035db5efd7f501ecbdca75fe2698022100ae7ce31e88cc6e02d2ea691aade73d37bade45af3b46261ce4add7aad3f36592
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (92 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.entrust.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://aia.entrust.net/l1m-chain256.cer'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (44 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.entrust.net/level1m.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (58 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.114028.10.1.2 (Entrust EV policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.entrust.net/rpa'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName c3f7d0b52a30adaf0d9121703954ddbc8970c73a
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							19855b224ce1c5645b6fa2e6880c2b036aba838d
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00015d8122ae8d46f94746abff90e6f330c545925fccde111cb4a59a49d920d1f5c3347c5cb4cafdfea6c09c0d467de17062f93617c63c747cec9d9eec92d18ff808f99205733747512123c6bd5ea6ba7faf546f5e3c29b0db1b429843deb1314031ee13cabcb30fcd04c5e6e67b8a9731dff3509ed7c6c39dee0c5bf48047f8c1f7a0215e5627c947e893726c212d00cc08cef83cded3756700b50d895b9b8f9010b83b7e6f9c7e9155ea1ac17fc857842bd8753b2901e987f23c3ec1c6aad60a3dd7019e719dbccd2443946f5f463fc0069e3ff3ef551c8c81d92dc225b4a3d93b547b04a360317be90a8307c0e6a00dfd7f3f8b4a710d7293f07216e6adda35