extern.cic.gc.ca
- Citizenship and Immigration Canada -
Issued by Entrust Certification Authority - L1K
About this certificate
This digital certificate with serial number 6e:12:ef:a5:b8:44:3c:9f:92:b7:46:65:e3:01:ad:d6 was issued on by Entrust, Inc..
With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)
Citizenship and Immigration Canada
Organization:
Citizenship and Immigration Canada
State / Province:
Ontario
Locality: Ottawa
Country: CA
Locality: Ottawa
Country: CA
Entrust, Inc.
Organization:
Entrust, Inc.
Organization unit: See www.entrust.net/legal-terms
Organization unit: (c) 2012 Entrust, Inc. - for authorized use only
Organization unit: See www.entrust.net/legal-terms
Organization unit: (c) 2012 Entrust, Inc. - for authorized use only
Country:
US
This certificate has expire since
Certificate Details
Serial Number (hex): 6e:12:ef:a5:b8:44:3c:9f:92:b7:46:65:e3:01:ad:d6Serial Number (int): 146313401505364195568033915274033999318
Serial Number lenght: 127 bits, 16 octets
SubjectKeyId: c1:ba:2f:7b:2d:e9:a3:18:ee:b5:a8:4b:02:8c:58:bf:0c:d1:27:6c
AuthorityKeyId: 82:a2:70:74:dd:bc:53:3f:cf:7b:d4:f7:cd:7f:a7:60:c6:0a:4c:bf
Fingerprint (sha1): 0b:82:64:1f:73:36:25:f7:c1:1c:8a:33:75:60:6e:11:23:70:b6:a0
Fingerprint (sha256): 1d:fc:cb:ab:6d:93:2b:c8:66:59:dd:12:db:1d:ce:52:a0:43:a4:70:91:25:dc:00:e0:84:02:b6:91:0d:df:9f
Issuing Certificate URL: http://aia.entrust.net/l1k-chain256.cer
Revocation information
OCSP Server: http://ocsp.entrust.netCRL Distribution Point: http://crl.entrust.net/level1k.crl
Check the revocation status for certificate extern.cic.gc.ca
2
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for extern.cic.gc.ca
Public Key Algorithm
RSA
Key Size
2048
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Extensions
10 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
extern.cic.gc.ca
www.extern.cic.gc.ca
www.extern.cic.gc.ca
Other certificates including the domain name cic.gc.ca
(limited to 100 certificates)
Secure.cic.gc.ca
remote.cic.gc.ca
refugee-refugie-development.apps.cic.gc.ca
newgcs-nouveaussc.cic.gc.ca
cic.gc.ca
icare-iedec.cic.gc.ca
gcs-ssc-stg.cic.gc.ca
portal-portail.apps.cic.gc.ca
prson-srpel-emergency-fix.apps.cic.gc.ca
refugee-refugie-system-test.apps.cic.gc.ca
gcmsjobbank-SYSTESTMEL.cic.gc.ca
eservices.cic.gc.ca
extern.cic.gc.ca
cic.gc.ca
*.cic.gc.ca
mobile.cic.gc.ca
services3.cic.gc.ca
ct-tc-pef.apps.cic.gc.ca
gcmsjobbank-PRD.cic.gc.ca
frs-stg.cic.gc.ca
gccic-psoft-gchrms-ig.cic.gc.ca
cicgatewaysigning-aus.cic.gc.ca
extern.cic.gc.ca
refugee-refugie-sandbox.apps.cic.gc.ca
frs-prd.cic.gc.ca
passport-passeport-dev.apps.cic.gc.ca
gccic-psoft-ig-gc89cert.cic.gc.ca
prt-srp.apps.cic.gc.ca
gcs-ssc.cic.gc.ca
onlineservices-servicesenligne.cic.gc.ca
extern.cic.gc.ca
citapply-citdemande.apps.cic.gc.ca
mobile.cic.gc.ca
pgp-development.apps.cic.gc.ca
ccps-stcc-trn.cic.gc.ca
sra-ads.cic.gc.ca
pgp-sandbox.apps.cic.gc.ca
onlineservices-servicesenligne.cic.gc.ca
gcmssir-prd.cic.gc.ca
eservices.cic.gc.ca
extern.cic.gc.ca
refugee-refugie.apps.cic.gc.ca
portal-portail.apps.cic.gc.ca
gcmscasestatus-PRD.cic.gc.ca
*.ra.apps.cic.gc.ca
extern.cic.gc.ca
api.a2sc-csa2-dev.apps.cic.gc.ca
mobile.cic.gc.ca
*.infra.apps.cic.gc.ca
tempo-pef.cic.gc.ca
gcmsjobbank-STG.cic.gc.ca
cicgatewaysigning-aus.cic.gc.ca
esubmission-soumissionenligne.cic.gc.ca
icare-iedec-train.canada.ca
gcs-ssc-stg.cic.gc.ca
extern.cic.gc.ca
gcs-ssc.cic.gc.ca
gcs-ssc-stg.cic.gc.ca
CICPRCard.cic.gc.ca
extern.cic.gc.ca
pgp.cic.gc.ca
citapply-citdemande.apps.cic.gc.ca
services3.cic.gc.ca
gcs-ssc-sys.cic.gc.ca
frs-ste.cic.gc.ca
api.pgp-vt-ov-sandbox.apps.cic.gc.ca
tempo-trn.cic.gc.ca
MAIL.cic.gc.ca
icare-iedec-train.canada.ca
gcmsjobbank-PRD.cic.gc.ca
tempo-pte.cic.gc.ca
b.sra-ads.cic.gc.ca
specialmeasures-mesuresspeciales-emergency-fix.apps.cic.gc.ca
extern.cic.gc.ca
gcmsjobbank-PRD.cic.gc.ca
icare-iedec.cic.gc.ca
tempo-ste.cic.gc.ca
ra.apps.cic.gc.ca
a.sra-ads.cic.gc.ca
onlineservices-servicesenligne.cic.gc.ca
thingate.cic.gc.ca
*.cic.gc.ca
gcs-ssc.cic.gc.ca
cicgateway-dev.cic.gc.ca
gcs-ssc-stg.cic.gc.ca
icare-iedec.cic.gc.ca
NJES1S1106.CI.GC.CA
gcmsPIL005-SYSTESTMEL.cic.gc.ca
frs-ste.cic.gc.ca
cic.gc.ca
gcs-ssc.cic.gc.ca
icare-iedec.cic.gc.ca
dmp-portal.cic.gc.ca
gcs-ssc.cic.gc.ca
frs-dev.cic.gc.ca
prson-srpel-dev.apps.cic.gc.ca
thingate.cic.gc.ca
onlineservices-dev.ci.gc.ca
gcmsPIL005-PRD.cic.gc.ca
mobile.cic.gc.ca
remote.cic.gc.ca
refugee-refugie-development.apps.cic.gc.ca
newgcs-nouveaussc.cic.gc.ca
cic.gc.ca
icare-iedec.cic.gc.ca
gcs-ssc-stg.cic.gc.ca
portal-portail.apps.cic.gc.ca
prson-srpel-emergency-fix.apps.cic.gc.ca
refugee-refugie-system-test.apps.cic.gc.ca
gcmsjobbank-SYSTESTMEL.cic.gc.ca
eservices.cic.gc.ca
extern.cic.gc.ca
cic.gc.ca
*.cic.gc.ca
mobile.cic.gc.ca
services3.cic.gc.ca
ct-tc-pef.apps.cic.gc.ca
gcmsjobbank-PRD.cic.gc.ca
frs-stg.cic.gc.ca
gccic-psoft-gchrms-ig.cic.gc.ca
cicgatewaysigning-aus.cic.gc.ca
extern.cic.gc.ca
refugee-refugie-sandbox.apps.cic.gc.ca
frs-prd.cic.gc.ca
passport-passeport-dev.apps.cic.gc.ca
gccic-psoft-ig-gc89cert.cic.gc.ca
prt-srp.apps.cic.gc.ca
gcs-ssc.cic.gc.ca
onlineservices-servicesenligne.cic.gc.ca
extern.cic.gc.ca
citapply-citdemande.apps.cic.gc.ca
mobile.cic.gc.ca
pgp-development.apps.cic.gc.ca
ccps-stcc-trn.cic.gc.ca
sra-ads.cic.gc.ca
pgp-sandbox.apps.cic.gc.ca
onlineservices-servicesenligne.cic.gc.ca
gcmssir-prd.cic.gc.ca
eservices.cic.gc.ca
extern.cic.gc.ca
refugee-refugie.apps.cic.gc.ca
portal-portail.apps.cic.gc.ca
gcmscasestatus-PRD.cic.gc.ca
*.ra.apps.cic.gc.ca
extern.cic.gc.ca
api.a2sc-csa2-dev.apps.cic.gc.ca
mobile.cic.gc.ca
*.infra.apps.cic.gc.ca
tempo-pef.cic.gc.ca
gcmsjobbank-STG.cic.gc.ca
cicgatewaysigning-aus.cic.gc.ca
esubmission-soumissionenligne.cic.gc.ca
icare-iedec-train.canada.ca
gcs-ssc-stg.cic.gc.ca
extern.cic.gc.ca
gcs-ssc.cic.gc.ca
gcs-ssc-stg.cic.gc.ca
CICPRCard.cic.gc.ca
extern.cic.gc.ca
pgp.cic.gc.ca
citapply-citdemande.apps.cic.gc.ca
services3.cic.gc.ca
gcs-ssc-sys.cic.gc.ca
frs-ste.cic.gc.ca
api.pgp-vt-ov-sandbox.apps.cic.gc.ca
tempo-trn.cic.gc.ca
MAIL.cic.gc.ca
icare-iedec-train.canada.ca
gcmsjobbank-PRD.cic.gc.ca
tempo-pte.cic.gc.ca
b.sra-ads.cic.gc.ca
specialmeasures-mesuresspeciales-emergency-fix.apps.cic.gc.ca
extern.cic.gc.ca
gcmsjobbank-PRD.cic.gc.ca
icare-iedec.cic.gc.ca
tempo-ste.cic.gc.ca
ra.apps.cic.gc.ca
a.sra-ads.cic.gc.ca
onlineservices-servicesenligne.cic.gc.ca
thingate.cic.gc.ca
*.cic.gc.ca
gcs-ssc.cic.gc.ca
cicgateway-dev.cic.gc.ca
gcs-ssc-stg.cic.gc.ca
icare-iedec.cic.gc.ca
NJES1S1106.CI.GC.CA
gcmsPIL005-SYSTESTMEL.cic.gc.ca
frs-ste.cic.gc.ca
cic.gc.ca
gcs-ssc.cic.gc.ca
icare-iedec.cic.gc.ca
dmp-portal.cic.gc.ca
gcs-ssc.cic.gc.ca
frs-dev.cic.gc.ca
prson-srpel-dev.apps.cic.gc.ca
thingate.cic.gc.ca
onlineservices-dev.ci.gc.ca
gcmsPIL005-PRD.cic.gc.ca
mobile.cic.gc.ca
Certificate
The complete raw certificate details for extern.cic.gc.ca in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIG2TCCBcGgAwIBAgIQbhLvpbhEPJ+St0Zl4wGt1jANBgkqhkiG9w0BAQsFADCB ujELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsT H1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAy MDEyIEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEuMCwG A1UEAxMlRW50cnVzdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEwxSzAeFw0y MTA0MTYxMzIzMTNaFw0yMjA0MjUxMzIzMTJaMHgxCzAJBgNVBAYTAkNBMRAwDgYD VQQIEwdPbnRhcmlvMQ8wDQYDVQQHEwZPdHRhd2ExKzApBgNVBAoTIkNpdGl6ZW5z aGlwIGFuZCBJbW1pZ3JhdGlvbiBDYW5hZGExGTAXBgNVBAMTEGV4dGVybi5jaWMu Z2MuY2EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDv8sy4O1xtXj9e aKUFxa3YBaCl/oIHlX6GYY37anpPAfUepGlkCRA6snYgiqLc1EhFJJtone3lXGls 12NxYA76oiqsPTpWo7N6GdN8RD7oI5ffC1EeGV1xArP9+jiIj9IXag0M/zDQmmQM 4Kx0oHEQhjZumtw+gK8cz+6XJ0914YpqkZ8GlcATc9pqVBpXm+1TsdrnyCXefeNG 8LD2Jy3lZChAFYMDj2T6ys+cpuSKonlc5EUWqoP/97SYjuWSVjrAE0L9DjjCyTfO gpPYqXmGr6wfeLPbh+muFG6JInQOfnk2youjjtA7JeA33QHG+6vBqUWf/WGCmQ4X vtVqP2SbAgMBAAGjggMaMIIDFjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBTBui97 LemjGO61qEsCjFi/DNEnbDAfBgNVHSMEGDAWgBSConB03bxTP8971PfNf6dgxgpM vzBoBggrBgEFBQcBAQRcMFowIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLmVudHJ1 c3QubmV0MDMGCCsGAQUFBzAChidodHRwOi8vYWlhLmVudHJ1c3QubmV0L2wxay1j aGFpbjI1Ni5jZXIwMwYDVR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5lbnRydXN0 Lm5ldC9sZXZlbDFrLmNybDAxBgNVHREEKjAoghBleHRlcm4uY2ljLmdjLmNhghR3 d3cuZXh0ZXJuLmNpYy5nYy5jYTAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYI KwYBBQUHAwEwTAYDVR0gBEUwQzA3BgpghkgBhvpsCgEFMCkwJwYIKwYBBQUHAgEW G2h0dHBzOi8vd3d3LmVudHJ1c3QubmV0L3JwYTAIBgZngQwBAgIwggF/BgorBgEE AdZ5AgQCBIIBbwSCAWsBaQB2AFYUBpov18Ls0/XhvUSyPsdGdrm8mRFcwO+UmFXW idDdAAABeNrZjaUAAAQDAEcwRQIgLg7VKBWg2IOvOFzS5A0cSsXItpyYTD7jkb4v uxthX44CIQD49J3kFBIunA6AP4YGuGJSBoFJaPh/rkVPe712oUrgcAB3AN+lXqto gk8fbK3uuF9OPlrqzaISpGpejjsSwCBEXCpzAAABeNrZjYwAAAQDAEgwRgIhAPCq ya7XXx838Nuf/xRJjA+pq6s6fDyPmp54evOT1VSdAiEAnp+g0G6fN0AbPMg7Ldux j6BHuM7A8vrGmZrDlKx91rIAdgBGpVXrdfqRIDC1oolp9PN9ESxBdL79SbiFq/L8 cP5tRwAAAXja2Y8jAAAEAwBHMEUCIGi5ovChYpQRg5coK/tfiUkMipnijB1aA0GK Vt+uEAvFAiEAz8F1QCxcY1X+kAseeFuX6Mn6cjdTWc16w2zaIp4Zl6MwDQYJKoZI hvcNAQELBQADggEBAMRLyBUdQjLm6sJcehUuhbR/ioOnMeOJshPtx8AMsvY1Kmyo w2uw2ieduFeFHy/nqEKGyOx05TnV1UmrcuQZ8tApBe295JCTAVYQSLdgoR5lig07 09BiHNNzAec6wOAQGPgioEBEtUkF511ujzBHFzGBdoOXzFV4NkvK1LgtP1eebS6C AEw4umBC6CPuoZYQ5wpjWKpau58yRVdS9cOu4S15OZ04YnEhzHMXBoUNS2Gx+8aH /wkmpji4MYUqcUTLwhrTZtWx/L5Tb0DMAleEIcARfCRv9JKHTcsqgfTM0+7RxfrN cjgKK5E1jlUpva7NbirIEmRQUdU1J1rmVAE/JbI= -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7/LMuDtcbV4/XmilBcWt 2AWgpf6CB5V+hmGN+2p6TwH1HqRpZAkQOrJ2IIqi3NRIRSSbaJ3t5VxpbNdjcWAO +qIqrD06VqOzehnTfEQ+6COX3wtRHhldcQKz/fo4iI/SF2oNDP8w0JpkDOCsdKBx EIY2bprcPoCvHM/ulydPdeGKapGfBpXAE3PaalQaV5vtU7Ha58gl3n3jRvCw9ict 5WQoQBWDA49k+srPnKbkiqJ5XORFFqqD//e0mI7lklY6wBNC/Q44wsk3zoKT2Kl5 hq+sH3iz24fprhRuiSJ0Dn55NsqLo47QOyXgN90BxvurwalFn/1hgpkOF77Vaj9k mwIDAQAB -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 146313401505364195568033915274033999318 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Entrust, Inc.' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'See www.entrust.net/legal-terms' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '(c) 2012 Entrust, Inc. - for authorized use only' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Entrust Certification Authority - L1K' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2021-04-16 13:23:13 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2022-04-25 13:23:12 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CA' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Ontario' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Ottawa' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Citizenship and Immigration Canada' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'extern.cic.gc.ca' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 30290683874491707450986973899758300514093442695210397224249274951496920228541532896721557779544929807603212880273548346822961889515189427034822270761351073803110086216542280758622276406945579848074413269123201155822101658308141206192515629886844083878172428451653691391491355619795087403887319111384786252371861081141222531902056178629732967527626624645174610037984761098345967955240881016465586922007678660525559828504223769883696993103302740317145458798358107746353535036440419144206427469540345616813372037744549933179523217706463489707319283578262696562219426180082262625210507973874049814486589280263494470427803 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) c1ba2f7b2de9a318eeb5a84b028c58bf0cd1276c . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 82a27074ddbc533fcf7bd4f7cd7fa760c60a4cbf . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (92 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.entrust.net' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://aia.entrust.net/l1k-chain256.cer' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (44 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.entrust.net/level1k.crl' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (42 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'extern.cic.gc.ca' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.extern.cic.gc.ca' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (69 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.114028.10.1.5 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.entrust.net/rpa' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (367 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (363 bytes) 01690076005614069a2fd7c2ecd3f5e1bd44b23ec74676b9bc99115cc0ef949855d689d0dd00000178dad98da5000004030047304502202e0ed52815a0d883af385cd2e40d1c4ac5c8b69c984c3ee391be2fbb1b615f8e022100f8f49de414122e9c0e803f8606b8625206814968f87fae454f7bbd76a14ae070007700dfa55eab68824f1f6cadeeb85f4e3e5aeacda212a46a5e8e3b12c020445c2a7300000178dad98d8c0000040300483046022100f0aac9aed75f1f37f0db9fff14498c0fa9abab3a7c3c8f9a9e787af393d5549d0221009e9fa0d06e9f37401b3cc83b2ddbb18fa047b8cec0f2fac6999ac394ac7dd6b200760046a555eb75fa912030b5a28969f4f37d112c4174befd49b885abf2fc70fe6d4700000178dad98f230000040300473045022068b9a2f0a16294118397282bfb5f89490c8a99e28c1d5a03418a56dfae100bc5022100cfc175402c5c6355fe900b1e785b97e8c9fa72375359cd7ac36cda229e1997a3 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 00c44bc8151d4232e6eac25c7a152e85b47f8a83a731e389b213edc7c00cb2f6352a6ca8c36bb0da279db857851f2fe7a84286c8ec74e539d5d549ab72e419f2d02905edbde4909301561048b760a11e658a0d3bd3d0621cd37301e73ac0e01018f822a04044b54905e75d6e8f3047173181768397cc5578364bcad4b82d3f579e6d2e82004c38ba6042e823eea19610e70a6358aa5abb9f32455752f5c3aee12d79399d38627121cc731706850d4b61b1fbc687ff0926a638b831852a7144cbc21ad366d5b1fcbe536f40cc02578421c0117c246ff492874dcb2a81f4ccd3eed1c5facd72380a2b91358e5529bdaecd6e2ac812645051d535275ae654013f25b2