srv137.services.gc.ca

- Shared Services Canada -

Issued by Entrust Certification Authority - L1F

About this certificate

This digital certificate with serial number 24:bd:0d:3d:59:3d:01:b9:fc:29:6e:c7:e3:d4:50:7c was issued on by Entrust, Inc..

With 3 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)
  • Apple recommends that certificates be issued with a maximum validity of 397 days. TLS server certificates issued on or after September 1, 2020 00:00 GMT/UTC should not have a validity period greater than 397 days (https://support.apple.com/en-us/HT211025)

Shared Services Canada

Organization: Shared Services Canada
State / Province: Quebec
Locality: Gatineau
Country: CA

Entrust, Inc.

Organization: Entrust, Inc.
Organization unit: See www.entrust.net/legal-terms
Organization unit: (c) 2016 Entrust, Inc. - for authorized use only
Country: US

This certificate will expire on

Certificate Details

Serial Number (hex): 24:bd:0d:3d:59:3d:01:b9:fc:29:6e:c7:e3:d4:50:7c
Serial Number (int): 48833820486380733190449938475240411260
Serial Number lenght: 126 bits, 16 octets

SubjectKeyId: da:45:65:63:b5:bf:ce:e7:6b:7f:95:59:0e:74:33:30:d3:36:4c:b7
AuthorityKeyId: 2e:62:f0:14:ee:87:cd:b3:35:03:3d:ef:e4:b9:9e:fd:3b:b8:a3:c9

Fingerprint (sha1): 02:70:9c:16:ce:f2:1b:cf:d6:68:23:98:5c:68:28:1a:bd:b2:e2:42
Fingerprint (sha256): 18:c6:0e:ff:f4:bb:8d:4a:7f:e5:be:e4:ae:91:61:d0:85:06:9b:03:dd:e1:2e:83:ef:bd:52:35:23:1f:93:4a

Issuing Certificate URL: http://aia.entrust.net/l1f-ec1.cer

Revocation information

OCSP Server: http://ocsp.entrust.net
CRL Distribution Point: http://crl.entrust.net/level1f.crl

Check the revocation status for certificate srv137.services.gc.ca

3

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for srv137.services.gc.ca

Public Key Algorithm

ECDSA

Key Size

256

Signature Algorithm

ECDSA with SHA384

Key Usage

Digital Signature

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

srv137.services.gc.ca
tfwp.lmia.esdc.gc.ca
ptet.eimt.edsc.gc.ca

Other certificates including the domain name services.gc.ca

(limited to 100 certificates)
srv137.services.gc.ca
srv115.services.gc.ca
srv129.services.gc.ca
srv132.services.gc.ca
ECDSA-srv253.services.gc.ca
srv100.services.gc.ca
srv404s.services.gc.ca
srv130.services.gc.ca
srv253.services.gc.ca
creative.services.gc.ca
srv252.services.gc.ca
srv130.services.gc.ca
srv115.services.gc.ca
srv253.services.gc.ca
srv270.hrdc-drhc.gc.ca
srv146.services.gc.ca
srv265.hrdc-drhc.gc.ca
mah-lb.services.gc.ca
cc.services.gc.ca
srv145.services.gc.ca
srv137.services.gc.ca
srv129.services.gc.ca
srv136.services.gc.ca
srv129.services.gc.ca
srv111.services.gc.ca
srv146.services.gc.ca
srv137.services.gc.ca
srv156.services.gc.ca
srv100.services.gc.ca
srv145.services.gc.ca
creative.services.gc.ca
srv253.services.gc.ca
*.hrdc-drhc.net
srv137.services.gc.ca
srv404s.services.gc.ca
srv270.hrdc-drhc.gc.ca
srv404s.services.gc.ca
srv404s.services.gc.ca
docupl-encaps.services.gc.ca
srv251.services.gc.ca
srv136.services.gc.ca
srv137.services.gc.ca
srv265.hrdc-drhc.gc.ca
srv253.services.gc.ca
srv115.services.gc.ca
templates.services.gc.ca
srv115.services.gc.ca
srv111.services.gc.ca
srv100.services.gc.ca
srv388.services.gc.ca
srv253.services.gc.ca
srv404s.services.gc.ca
benefitsfinder.services.gc.ca
srv146.services.gc.ca
srv114.services.gc.ca
srv263.services.gc.ca
srv253.services.gc.ca
srv404s.services.gc.ca
srv253.services.gc.ca
srv217.services.gc.ca
srv115.services.gc.ca
srv145.services.gc.ca
srv404s.services.gc.ca
srv138.services.gc.ca
srv115.services.gc.ca
srv133.services.gc.ca
creative.services.gc.ca
srv145.services.gc.ca
srv404s.services.gc.ca
srv132.services.gc.ca
srv133.services.gc.ca
srv129.services.gc.ca
srv136.services.gc.ca
srv122.services.gc.ca
srv135.services.gc.ca
srv404s.services.gc.ca
srv144.services.gc.ca
docupl-encaps.services.gc.ca
srv745.services.gc.ca
ssl-templates.services.gc.ca
srv130.services.gc.ca
srv129.services.gc.ca
srv136.services.gc.ca
noc.esdc.gc.ca
srv132.services.gc.ca
srv253.services.gc.ca
*.dev.services.gc.ca
srv251.services.gc.ca
srv132.services.gc.ca
srv132.services.gc.ca
srv136.services.gc.ca
creative.services.gc.ca
srv212.services.gc.ca
srv130.services.gc.ca
srv404s.services.gc.ca
srv602.services.gc.ca
srv130.services.gc.ca
srv144.services.gc.ca
srv156.services.gc.ca
srv111.services.gc.ca

Certificate

The complete raw certificate details for srv137.services.gc.ca in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIFhzCCBQygAwIBAgIQJL0NPVk9Abn8KW7H49RQfDAKBggqhkjOPQQDAzCBujEL
MAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1Nl
ZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDE2
IEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEuMCwGA1UE
AxMlRW50cnVzdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEwxRjAeFw0yMzA1
MDQxNjE3MjBaFw0yNDA2MDQxNjE3MjBaMHIxCzAJBgNVBAYTAkNBMQ8wDQYDVQQI
EwZRdWViZWMxETAPBgNVBAcTCEdhdGluZWF1MR8wHQYDVQQKExZTaGFyZWQgU2Vy
dmljZXMgQ2FuYWRhMR4wHAYDVQQDExVzcnYxMzcuc2VydmljZXMuZ2MuY2EwWTAT
BgcqhkjOPQIBBggqhkjOPQMBBwNCAATHT+KaFi+89OI3kAmjIhogrVPQp6kyphGD
Ih7Uv7hrkKL+QF30TMnaApcsErPwIMMkjrlaNM3V1jAv5BeVDKHMo4IDOTCCAzUw
DAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU2kVlY7W/zudrf5VZDnQzMNM2TLcwHwYD
VR0jBBgwFoAULmLwFO6HzbM1Az3v5Lme/Tu4o8kwYwYIKwYBBQUHAQEEVzBVMCMG
CCsGAQUFBzABhhdodHRwOi8vb2NzcC5lbnRydXN0Lm5ldDAuBggrBgEFBQcwAoYi
aHR0cDovL2FpYS5lbnRydXN0Lm5ldC9sMWYtZWMxLmNlcjAzBgNVHR8ELDAqMCig
JqAkhiJodHRwOi8vY3JsLmVudHJ1c3QubmV0L2xldmVsMWYuY3JsMEwGA1UdEQRF
MEOCFXNydjEzNy5zZXJ2aWNlcy5nYy5jYYIUdGZ3cC5sbWlhLmVzZGMuZ2MuY2GC
FHB0ZXQuZWltdC5lZHNjLmdjLmNhMA4GA1UdDwEB/wQEAwIHgDAdBgNVHSUEFjAU
BggrBgEFBQcDAQYIKwYBBQUHAwIwTAYDVR0gBEUwQzA3BgpghkgBhvpsCgEFMCkw
JwYIKwYBBQUHAgEWG2h0dHBzOi8vd3d3LmVudHJ1c3QubmV0L3JwYTAIBgZngQwB
AgIwggF+BgorBgEEAdZ5AgQCBIIBbgSCAWoBaAB3ADtTd3U+LbmAToswWwb+QDtn
2E/D9Me9AA0tcm/h+tQXAAABh+eNxM0AAAQDAEgwRgIhALU0OTtr/zga5Fep7up+
B4pFE3t0T7NxtmeIizrD2ukWAiEAoj39Mfna2usJXSmYTNkWak1kfC163bCzeRWC
3yLvd1QAdgBz2Z6JG0yWeKAgfUed5rLGHNBRXnEZKoxrgBB6wXdytQAAAYfnjcTz
AAAEAwBHMEUCIQCCfg7Dhddccdw6BkK5LZVMYE+nyD6MK13brLniV1Wa3wIgahZc
b1bsec+lwpuj2cmx5lJemW0XR+XnG0lfj8T8plUAdQDuzdBk1dsazsVct520zROi
ModGfLzs3sNRSFlGcR+1mwAAAYfnjcUdAAAEAwBGMEQCIHRwcvTjT/QVwNoatro1
/xyirZjlCy5gfL65uDjh0FfVAiBYS2ILgDiulW6RNfFMGTyj3VDExxWMEea6D07C
OfnchTAKBggqhkjOPQQDAwNpADBmAjEA3yBIi3OpIfruQwLnec6wA3YjJcdWgt4+
3p+rYgWKU0R/Iy5wKN3T7o7zfcjkxM3iAjEAgYbqHDN8IOPpmXkdI7c0bvy82nWU
QCvFKX+/1ZbjfchWmTCY60yicZlA/zMnnKgW
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEx0/imhYvvPTiN5AJoyIaIK1T0Kep
MqYRgyIe1L+4a5Ci/kBd9EzJ2gKXLBKz8CDDJI65WjTN1dYwL+QXlQyhzA==
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 48833820486380733190449938475240411260
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.10045.4.3.3 (ecdsaWithSHA384)
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Entrust, Inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'See www.entrust.net/legal-terms'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '(c) 2016 Entrust, Inc. - for authorized use only'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Entrust Certification Authority - L1F'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-05-04 16:17:20 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-06-04 16:17:20 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CA'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Quebec'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Gatineau'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Shared Services Canada'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'srv137.services.gc.ca'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.10045.2.1 (ecPublicKey)
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.10045.3.1.7 (prime256v1)
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (520 bits)
				0004c74fe29a162fbcf4e2379009a3221a20ad53d0a7a932a61183221ed4bfb86b90a2fe405df44cc9da02972c12b3f020c3248eb95a34cdd5d6302fe417950ca1cc
 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							da456563b5bfcee76b7f95590e743330d3364cb7
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 2e62f014ee87cdb335033defe4b99efd3bb8a3c9
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (87 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.entrust.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://aia.entrust.net/l1f-ec1.cer'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (44 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.entrust.net/level1f.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (69 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'srv137.services.gc.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'tfwp.lmia.esdc.gc.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ptet.eimt.edsc.gc.ca'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (1 bits)
							0780
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (69 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.114028.10.1.5
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.entrust.net/rpa'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (366 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (362 bytes)
							01680077003b5377753e2db9804e8b305b06fe403b67d84fc3f4c7bd000d2d726fe1fad41700000187e78dc4cd0000040300483046022100b534393b6bff381ae457a9eeea7e078a45137b744fb371b667888b3ac3dae916022100a23dfd31f9dadaeb095d29984cd9166a4d647c2d7addb0b3791582df22ef775400760073d99e891b4c9678a0207d479de6b2c61cd0515e71192a8c6b80107ac17772b500000187e78dc4f30000040300473045022100827e0ec385d75c71dc3a0642b92d954c604fa7c83e8c2b5ddbacb9e257559adf02206a165c6f56ec79cfa5c29ba3d9c9b1e6525e996d1747e5e71b495f8fc4fca655007500eecdd064d5db1acec55cb79db4cd13a23287467cbcecdec351485946711fb59b00000187e78dc51d00000403004630440220747072f4e34ff415c0da1ab6ba35ff1ca2ad98e50b2e607cbeb9b838e1d057d50220584b620b8038ae956e9135f14c193ca3dd50c4c7158c11e6ba0f4ec239f9dc85
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.10045.4.3.3 (ecdsaWithSHA384)
 . . . . [c:0|t:3|false] BIT STRING (832 bits)
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 34342250970374583034845869974750512118051779488175901208529103548654128015599474330584711389207506559272143007567330
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 19936031407342600899668246902624306247130636192434610678909395158851805775990774838510035334525435905647940424476694