ms-tunnel-lab.cn.ca
- Canadian National Railway Company -
Issued by Entrust Certification Authority - L1K
About this certificate
This digital certificate with serial number 72:c1:20:7f:a0:ed:40:1c:a8:79:16:11:24:7d:b5:25 was issued on by Entrust, Inc..
With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
- Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)
Canadian National Railway Company
Organization:
Canadian National Railway Company
State / Province:
Quebec
Locality: Montreal
Country: CA
Locality: Montreal
Country: CA
Entrust, Inc.
Organization:
Entrust, Inc.
Organization unit: See www.entrust.net/legal-terms
Organization unit: (c) 2012 Entrust, Inc. - for authorized use only
Organization unit: See www.entrust.net/legal-terms
Organization unit: (c) 2012 Entrust, Inc. - for authorized use only
Country:
US
This certificate will expire on
Certificate Details
Serial Number (hex): 72:c1:20:7f:a0:ed:40:1c:a8:79:16:11:24:7d:b5:25Serial Number (int): 152534763962066007159132205720589415717
Serial Number lenght: 127 bits, 16 octets
SubjectKeyId: 88:1a:bd:0f:fc:5c:ff:f0:1e:e5:e1:3d:9e:01:9e:24:cc:80:f3:d5
AuthorityKeyId: 82:a2:70:74:dd:bc:53:3f:cf:7b:d4:f7:cd:7f:a7:60:c6:0a:4c:bf
Fingerprint (sha1): 2e:6d:1f:46:01:80:62:92:58:cd:70:14:0e:f5:2b:c4:99:d8:10:97
Fingerprint (sha256): 29:3a:42:a2:ad:00:47:07:0e:e4:92:bc:58:45:ad:40:93:b3:1e:cd:bd:14:8a:37:e2:04:81:9a:90:56:31:3a
Issuing Certificate URL: http://aia.entrust.net/l1k-chain256.cer
Revocation information
OCSP Server: http://ocsp.entrust.netCRL Distribution Point: http://crl.entrust.net/level1k.crl
Check the revocation status for certificate ms-tunnel-lab.cn.ca
2
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for ms-tunnel-lab.cn.ca
Public Key Algorithm
RSA
Key Size
2048
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
10 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
ms-tunnel-lab.cn.ca
www.ms-tunnel-lab.cn.ca
www.ms-tunnel-lab.cn.ca
Other certificates including the domain name cn.ca
(limited to 100 certificates)
soagwstg.cn.ca
mqmrsprda.cn.ca
akamai-san35.exacttarget.com
srv.tgbo-fb-qat.web.cn.ca
mft.cn.ca
printeron.cn.ca
ceros4.map.fastly.net
mft.cn.ca
soagwdev.cn.ca
automate.cn.ca
bravo.partners.cn.ca
ceros4.map.fastly.net
mfttest.cn.ca
ecprod.cn.ca
qcomp.cn.ca
ecprod.cn.ca
view.e.cn.ca
cncmg01prd.cn.ca
automate.cn.ca
sra.cn.ca
ceros4.map.fastly.net
bravo.partners.cn.ca
cndeviceppd-uag.cn.ca
*.exp.gumgum.com
mymail-ppd.cn.ca
sra.cn.ca
srv.demoapp1.web.cn.ca
ceros4.map.fastly.net
wifianchors.cn.ca
www.cn.ca
akamai-san35.exacttarget.com
ecprod.cn.ca
cnconnect.cn.ca
click.e.cn.ca
activ8.partners.cn.ca
mqttdev.cn.ca
devportal.partners.cn.ca
mail.cn.ca
akamai-san35.exacttarget.com
api-sbx.cn.ca
ceros4.map.fastly.net
fs-ppd.cn.ca
cnmail.cn.ca
akamai-san35.exacttarget.com
mqttdev.cn.ca
ecprodfast.cn.ca
developer.app.cn.ca
vdesktop.cn.ca
ms-tunnel-lab.cn.ca
ecstg.cn.ca
sra.cn.ca
akamai-san35.exacttarget.com
mydevice.cn.ca
*.exp.gumgum.com
sra-lab.cn.ca
sra.cn.ca
devportal.partners.cn.ca
ceros4.map.fastly.net
*.exp.gumgum.com
srv.cec-fb-dev.web.cn.ca
automate.cn.ca
virtualoffice.cn.ca
ceros4.map.fastly.net
soagw.cn.ca
theresumeofjesus.one
ceros4.map.fastly.net
cndevice-uag.cn.ca
view.e.cn.ca
mfttest.cn.ca
srv.opscal-fb-qat.web.cn.ca
akamai-san35.exacttarget.com
fsbp-dev.cn.ca
developer.cn.ca
cnplus.cn.ca
ceros4.map.fastly.net
soagw.cn.ca
bravo.partners.cn.ca
ceros4.map.fastly.net
mydevice.cn.ca
srv.naas-fb-qat.web.cn.ca
mft.cn.ca
ecprod.cn.ca
cndevice.cn.ca
ecprodfast.cn.ca
ceros4.map.fastly.net
automatestg.cn.ca
*.exp.gumgum.com
srv.demoapp1-dev.web.cn.ca
qcomp.cn.ca
srv.ebill-fb-dev.web.cn.ca
ceros4.map.fastly.net
srv.opscal-fb-dev.web.cn.ca
cncmg01uat.cn.ca
mfttest.cn.ca
ecprod.cn.ca
fs-ppd.cn.ca
ceros4.map.fastly.net
ceros4.map.fastly.net
ceros4.map.fastly.net
akamai-san35.exacttarget.com
mqmrsprda.cn.ca
akamai-san35.exacttarget.com
srv.tgbo-fb-qat.web.cn.ca
mft.cn.ca
printeron.cn.ca
ceros4.map.fastly.net
mft.cn.ca
soagwdev.cn.ca
automate.cn.ca
bravo.partners.cn.ca
ceros4.map.fastly.net
mfttest.cn.ca
ecprod.cn.ca
qcomp.cn.ca
ecprod.cn.ca
view.e.cn.ca
cncmg01prd.cn.ca
automate.cn.ca
sra.cn.ca
ceros4.map.fastly.net
bravo.partners.cn.ca
cndeviceppd-uag.cn.ca
*.exp.gumgum.com
mymail-ppd.cn.ca
sra.cn.ca
srv.demoapp1.web.cn.ca
ceros4.map.fastly.net
wifianchors.cn.ca
www.cn.ca
akamai-san35.exacttarget.com
ecprod.cn.ca
cnconnect.cn.ca
click.e.cn.ca
activ8.partners.cn.ca
mqttdev.cn.ca
devportal.partners.cn.ca
mail.cn.ca
akamai-san35.exacttarget.com
api-sbx.cn.ca
ceros4.map.fastly.net
fs-ppd.cn.ca
cnmail.cn.ca
akamai-san35.exacttarget.com
mqttdev.cn.ca
ecprodfast.cn.ca
developer.app.cn.ca
vdesktop.cn.ca
ms-tunnel-lab.cn.ca
ecstg.cn.ca
sra.cn.ca
akamai-san35.exacttarget.com
mydevice.cn.ca
*.exp.gumgum.com
sra-lab.cn.ca
sra.cn.ca
devportal.partners.cn.ca
ceros4.map.fastly.net
*.exp.gumgum.com
srv.cec-fb-dev.web.cn.ca
automate.cn.ca
virtualoffice.cn.ca
ceros4.map.fastly.net
soagw.cn.ca
theresumeofjesus.one
ceros4.map.fastly.net
cndevice-uag.cn.ca
view.e.cn.ca
mfttest.cn.ca
srv.opscal-fb-qat.web.cn.ca
akamai-san35.exacttarget.com
fsbp-dev.cn.ca
developer.cn.ca
cnplus.cn.ca
ceros4.map.fastly.net
soagw.cn.ca
bravo.partners.cn.ca
ceros4.map.fastly.net
mydevice.cn.ca
srv.naas-fb-qat.web.cn.ca
mft.cn.ca
ecprod.cn.ca
cndevice.cn.ca
ecprodfast.cn.ca
ceros4.map.fastly.net
automatestg.cn.ca
*.exp.gumgum.com
srv.demoapp1-dev.web.cn.ca
qcomp.cn.ca
srv.ebill-fb-dev.web.cn.ca
ceros4.map.fastly.net
srv.opscal-fb-dev.web.cn.ca
cncmg01uat.cn.ca
mfttest.cn.ca
ecprod.cn.ca
fs-ppd.cn.ca
ceros4.map.fastly.net
ceros4.map.fastly.net
ceros4.map.fastly.net
akamai-san35.exacttarget.com
Certificate
The complete raw certificate details for ms-tunnel-lab.cn.ca in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIFRTCCBC2gAwIBAgIQcsEgf6DtQByoeRYRJH21JTANBgkqhkiG9w0BAQsFADCB ujELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsT H1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAy MDEyIEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEuMCwG A1UEAxMlRW50cnVzdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEwxSzAeFw0y NDAzMTQxMjQ1MjlaFw0yNTAzMjIxMjQ1MjhaMHsxCzAJBgNVBAYTAkNBMQ8wDQYD VQQIEwZRdWViZWMxETAPBgNVBAcTCE1vbnRyZWFsMSowKAYDVQQKEyFDYW5hZGlh biBOYXRpb25hbCBSYWlsd2F5IENvbXBhbnkxHDAaBgNVBAMTE21zLXR1bm5lbC1s YWIuY24uY2EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFlFNu5Wor g42so8QRl2L0VyL4Vh61HkDNZriYr8EtNsWsvIMMIfnG+CzknixAa1aZV0xKHiem 437i8Njc9Ube7k6AxkxuUgElKmkUbqPAYZkjEg09aSJ3UAkTSi+rp4Sji7GRBZ3q r3Vlw+UUGUkVWcBSPTK2srehYg7OOD5rY9rq6oJyxwPunWriEhmCRHWbRTwZf6ut gF6wwaXgWsuDGOzfSywu7/03SvElIUsAQpjqaodK+F+1vnWMpj1T0AsoCcZAW1AQ XLzyKRtwwIdB9b117am5Iq4JgsLY2zASeNpwSlJ6bWVaYYBApZeNmgFttpPlDoki wyIi1JzjpRuZAgMBAAGjggGDMIIBfzAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSI Gr0P/Fz/8B7l4T2eAZ4kzIDz1TAfBgNVHSMEGDAWgBSConB03bxTP8971PfNf6dg xgpMvzBoBggrBgEFBQcBAQRcMFowIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLmVu dHJ1c3QubmV0MDMGCCsGAQUFBzAChidodHRwOi8vYWlhLmVudHJ1c3QubmV0L2wx ay1jaGFpbjI1Ni5jZXIwMwYDVR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5lbnRy dXN0Lm5ldC9sZXZlbDFrLmNybDA3BgNVHREEMDAughNtcy10dW5uZWwtbGFiLmNu LmNhghd3d3cubXMtdHVubmVsLWxhYi5jbi5jYTAOBgNVHQ8BAf8EBAMCBaAwHQYD VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBMGA1UdIAQMMAowCAYGZ4EMAQIC MBMGCisGAQQB1nkCBAMBAf8EAgUAMA0GCSqGSIb3DQEBCwUAA4IBAQCwE1lov9sD SqI5zQyCqSCQCinObSTRRgdrTd36Yi8A6wiLmGaF3ROY+O2GRO/mEI6AMvqKDAMB JkuCRCJl4G60dwJb2wZDu0iM/YMDLvVksFZhj0d1qamEwidAjkaPDxFpekk1nMwu Q3lRPOJ7k0Tf7iVPZWFvgV9Ate+im2J8bpOppNiTWbVPvNsuMqhRYFDH6qMFwBen oK7e5x0fGgXyNpdXb10Ine2U5xit0izuk5hFMldk/ofDqvV2mxqqMdIaYBJaZCN0 71i0zekFDjeU8AtzPgawUoov/TS8Hnf+ShgZka2yp6Lx+vSpP9ZDiLLgO4OT8rBA 5liFXrBC3QM6 -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxZRTbuVqK4ONrKPEEZdi 9Fci+FYetR5AzWa4mK/BLTbFrLyDDCH5xvgs5J4sQGtWmVdMSh4npuN+4vDY3PVG 3u5OgMZMblIBJSppFG6jwGGZIxINPWkid1AJE0ovq6eEo4uxkQWd6q91ZcPlFBlJ FVnAUj0ytrK3oWIOzjg+a2Pa6uqCcscD7p1q4hIZgkR1m0U8GX+rrYBesMGl4FrL gxjs30ssLu/9N0rxJSFLAEKY6mqHSvhftb51jKY9U9ALKAnGQFtQEFy88ikbcMCH QfW9de2puSKuCYLC2NswEnjacEpSem1lWmGAQKWXjZoBbbaT5Q6JIsMiItSc46Ub mQIDAQAB -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 152534763962066007159132205720589415717 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Entrust, Inc.' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'See www.entrust.net/legal-terms' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '(c) 2012 Entrust, Inc. - for authorized use only' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Entrust Certification Authority - L1K' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-03-14 12:45:29 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-03-22 12:45:28 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CA' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Quebec' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Montreal' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Canadian National Railway Company' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'ms-tunnel-lab.cn.ca' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 24942088311022236041812521137659647086904424213922109854417040067219149063747758265003466211560734682313554431960176038660903119827207143971700378722827163370418344819206458277920203773397329494111859074125722765219779970891984100262612365160017101765457706334730910437451633325982425056346689415617330390539623153670386657648806066664854817225487574996914017087611638193726330284236213845386818387375176239682098537960926517115520054420158450558151156134842134692329157772507093019087823551327166772036374247551102860898532602592292664221829427465265671462394475592439265524918126335465837464917526640973952433068953 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) 881abd0ffc5cfff01ee5e13d9e019e24cc80f3d5 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 82a27074ddbc533fcf7bd4f7cd7fa760c60a4cbf . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (92 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.entrust.net' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://aia.entrust.net/l1k-chain256.cer' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (44 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.entrust.net/level1k.crl' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (48 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ms-tunnel-lab.cn.ca' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.ms-tunnel-lab.cn.ca' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 00b0135968bfdb034aa239cd0c82a920900a29ce6d24d146076b4dddfa622f00eb088b986685dd1398f8ed8644efe6108e8032fa8a0c0301264b82442265e06eb477025bdb0643bb488cfd83032ef564b056618f4775a9a984c227408e468f0f11697a49359ccc2e4379513ce27b9344dfee254f65616f815f40b5efa29b627c6e93a9a4d89359b54fbcdb2e32a8516050c7eaa305c017a7a0aedee71d1f1a05f23697576f5d089ded94e718add22cee939845325764fe87c3aaf5769b1aaa31d21a60125a642374ef58b4cde9050e3794f00b733e06b0528a2ffd34bc1e77fe4a181991adb2a7a2f1faf4a93fd64388b2e03b8393f2b040e658855eb042dd033a