prod-mbam.ad.hc-sc.gc.ca

- Health Canada (Department of Health) -

Issued by Entrust Certification Authority - L1K

About this certificate

This digital certificate with serial number f5:8e:fb:e8:db:97:a5:78:00:00:00:00:50:fa:8c:09 was issued on by Entrust, Inc..

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Health Canada (Department of Health)

Organization: Health Canada (Department of Health)
State / Province: Ontario
Locality: Ottawa
Country: CA

Entrust, Inc.

Organization: Entrust, Inc.
Organization unit: See www.entrust.net/legal-terms
Organization unit: (c) 2012 Entrust, Inc. - for authorized use only
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): f5:8e:fb:e8:db:97:a5:78:00:00:00:00:50:fa:8c:09
Serial Number (int): 326403274454921100617002134103775677449
Serial Number lenght: 128 bits, 16 octets

SubjectKeyId: a0:9f:33:01:cf:b9:f6:a6:cc:5b:4a:43:aa:f8:96:25:88:07:88:2f
AuthorityKeyId: 82:a2:70:74:dd:bc:53:3f:cf:7b:d4:f7:cd:7f:a7:60:c6:0a:4c:bf

Fingerprint (sha1): db:b4:50:49:f4:cd:9a:ae:64:63:ba:96:59:d2:82:41:8f:d4:55:fa
Fingerprint (sha256): 3b:77:90:be:6b:ac:fc:cf:fd:0b:45:d6:ec:d0:34:2a:06:84:53:06:92:e2:63:18:df:e6:b4:91:08:90:1c:3c

Issuing Certificate URL: http://aia.entrust.net/l1k-chain256.cer

Revocation information

OCSP Server: http://ocsp.entrust.net
CRL Distribution Point: http://crl.entrust.net/level1k.crl

Check the revocation status for certificate prod-mbam.ad.hc-sc.gc.ca

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for prod-mbam.ad.hc-sc.gc.ca

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

prod-mbam.ad.hc-sc.gc.ca
bitlocker.ad.hc-sc.gc.ca

Other certificates including the domain name hc-sc.gc.ca

(limited to 100 certificates)
training.mtrs-sctrm.hc-sc.gc.ca
HCQCK1AWVDCT001.tqa.hc-sc.gc.ca
ers-ser.hc-sc.gc.ca
HCQCK1AwvAST063.hc-sc.gc.ca
*.uat.hc-sc.gc.ca
ers-auth-ser-lb.hc-sc.gc.ca
h2o.hc-sc.gc.ca
biosecurity-portal.hc-sc.gc.ca
cgnw-01.hc-sc.gc.ca
sdx-edp.hc-sc.gc.ca
wasext-prd-1.hc-sc.gc.ca
eprs-serp.hc-sc.gc.ca
hc4ecc6.hc-sc.gc.ca
hconk2ewvasp001.hc-sc.gc.ca
mtrs-sctrm.hc-sc.gc.ca
PTH-PROXY.hc-sc.gc.ca
HCONK1VWVDCP002.ad.hc-sc.gc.ca
istopxrm.hc-sc.gc.ca
utils-test.hc-sc.gc.ca
gateway-passerelle.preprod.hc-sc.gc.ca
nihb-atl-fax.hc-sc.gc.ca
int-services1.hc-sc.gc.ca
Inotes.hc-sc.gc.ca
SAD-TEM-DV1.hc-sc.gc.ca
HCONK1AwvAST058.hc-sc.gc.ca
int-services3.dev.hc-sc.gc.ca
eprs-serp.hc-sc.gc.ca
sad-pt2-devap1.hc-sc.gc.ca
cloud-vpn.hc-sc.gc.ca
www.mtrs-sctrm.hc-sc.gc.ca
international-health-commitments.canada.ca
training.mtrs-sctrm.hc-sc.gc.ca
sap-cms.hc-sc.gc.ca
HCQCK1AWVDCT002.tqa.hc-sc.gc.ca
training.mtrs-sctrm.hc-sc.gc.ca
dev.mg-dsol.mapgears.com
cgnw-01.hc-sc.gc.ca
int-services1.preprod.hc-sc.gc.ca
sgpp-dt.hc-sc.gc.ca
ocs-bsc.hc-sc.gc.ca
int-services1.uat.hc-sc.gc.ca
sdx-edp.hc-sc.gc.ca
ctls-sscdl.hc-sc.gc.ca
PTH-PROXY-TRAIN.hc-sc.gc.ca
webprod4.hc-sc.gc.ca
*.hc-sc.gc.ca
aero-oitc.phac-aspc.gc.ca
app80.hc-sc.gc.ca
ers-auth-ser.hc-sc.gc.ca
keycloak.hc-sc.gc.ca
lap-dmz-p01.hc-sc.gc.ca
lap-dmz-p01.hc-sc.gc.ca
www.reclassification.hc-sc.gc.ca
sad-pth-qaap1.hc-sc.gc.ca
*.preprod.hc-sc.gc.ca
sad-pth-catap1.hc-sc.gc.ca
gateway-passerelle.uat.hc-sc.gc.ca
nnhpd-pla-dlmm-dpsnso.hc-sc.gc.ca
biosecurity-portal.hc-sc.gc.ca
pub-tom-mono.hc-sc.gc.ca
ocs-bsc.hc-sc.gc.ca
mobile.hc-sc.gc.ca
aids.gc.ca
h2o.hc-sc.gc.ca
www.CNF-CFG-classification-FCEN-GAC.hc-sc.gc.ca
dstsia-sspdai.hc-sc.gc.ca
CTXADC-HC-MCDC.HC-SC.GC.CA
collaboration.hc-sc.gc.ca
SAD-TEM-DV1.tqa.hc-sc.gc.ca
sgpp-dt.hc-sc.gc.ca
inotes.hc-sc.gc.ca
trn-csims-sgici.hc-sc.gc.ca
hc5ecc6.hc-sc.gc.ca
dev.mg-dsol.mapgears.com
fnihis-sispni.hc-sc.gc.ca
biosecurity-portal.hc-sc.gc.ca
uvupdatertest.hc-sc.gc.ca
ers-test-ser.hc-sc.gc.ca
www.CNF-CFG-classification-FCEN-GAC.hc-sc.gc.ca
sec2.hc-sc.gc.ca
HCONK1VWVDCP005.ad.hc-sc.gc.ca
tem01.hc-sc.gc.ca
dev.mg-dsol.mapgears.com
utils-test.hc-sc.gc.ca
lap-dmz-p01.hc-sc.gc.ca
WAS7-SEXT-IHS.hc-sc.gc.ca
pr-rdb.hc-sc.gc.ca
www.reclassification.hc-sc.gc.ca
mfcsg01.hc-sc.gc.ca
ers-auth-ser-lb.hc-sc.gc.ca
sinpappsas-02.hc-sc.gc.ca
nihb-mb-faxfinder.hc-sc.gc.ca
cvp-pcv.hc-sc.gc.ca
int-services2.dev.hc-sc.gc.ca
DSTSIA-SSPDAI.hc-sc.gc.ca
www.fptgn-gnfpt.hc-sc.gc.ca
github.hc-sc.gc.ca
portaildgpsa.hc-sc.gc.ca
weboffice.hc-sc.gc.ca
sec2.hc-sc.gc.ca

Certificate

The complete raw certificate details for prod-mbam.ad.hc-sc.gc.ca in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIFiTCCBHGgAwIBAgIRAPWO++jbl6V4AAAAAFD6jAkwDQYJKoZIhvcNAQELBQAw
gboxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQL
Ex9TZWUgd3d3LmVudHJ1c3QubmV0L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykg
MjAxMiBFbnRydXN0LCBJbmMuIC0gZm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxLjAs
BgNVBAMTJUVudHJ1c3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBMMUswHhcN
MTkxMTIxMTQwODU0WhcNMjIwMjIwMTQzODUzWjCBgjELMAkGA1UEBhMCQ0ExEDAO
BgNVBAgTB09udGFyaW8xDzANBgNVBAcTBk90dGF3YTEtMCsGA1UEChMkSGVhbHRo
IENhbmFkYSAoRGVwYXJ0bWVudCBvZiBIZWFsdGgpMSEwHwYDVQQDExhwcm9kLW1i
YW0uYWQuaGMtc2MuZ2MuY2EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQCzJdbmgAUUtwyAUFVYHAR0j3pwMfrD8HIZzj1i2yLSPlaRW59rqlEhA/TijfDm
3qR3HxCtqffBBY2QlN6LVSnFjUb82OQ76pWn/vlXlBiT9A5R1MAu1Pvk8c/0Xotq
BCkVDmohkbcMPruS+zEi1w4RNmx8yLwAdR5jYgNFrkWWPhZona77e+QlMBtmu2fV
BnBEb4XkVVJLdGfzddf+bBy9J5rI69Ci9hROIJjBzhKjCYjtJq+A6YH642pZcn9i
UgvrN0E8Rq/WYPKGJBxRLgMh/zFi0llQGBf33119lvB3YXwidOcKTSAIC9WocF4B
m5gzEMUUASkmCq3eQGpJSfa9AgMBAAGjggG+MIIBujATBgorBgEEAdZ5AgQDAQH/
BAIFADA9BgNVHREENjA0ghhwcm9kLW1iYW0uYWQuaGMtc2MuZ2MuY2GCGGJpdGxv
Y2tlci5hZC5oYy1zYy5nYy5jYTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYI
KwYBBQUHAwEGCCsGAQUFBwMCMDMGA1UdHwQsMCowKKAmoCSGImh0dHA6Ly9jcmwu
ZW50cnVzdC5uZXQvbGV2ZWwxay5jcmwwSwYDVR0gBEQwQjA2BgpghkgBhvpsCgEF
MCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly93d3cuZW50cnVzdC5uZXQvcnBhMAgGBmeB
DAECAjBoBggrBgEFBQcBAQRcMFowIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLmVu
dHJ1c3QubmV0MDMGCCsGAQUFBzAChidodHRwOi8vYWlhLmVudHJ1c3QubmV0L2wx
ay1jaGFpbjI1Ni5jZXIwHwYDVR0jBBgwFoAUgqJwdN28Uz/Pe9T3zX+nYMYKTL8w
HQYDVR0OBBYEFKCfMwHPufamzFtKQ6r4liWIB4gvMAkGA1UdEwQCMAAwDQYJKoZI
hvcNAQELBQADggEBAFfGOesdtkC0bJkxlg0anPDJWOp3w6FbGo4gFAAbcD52PKpV
T4GBSP3zsS04svqRKCZKsMYIQH+146QyPCOxifkqZ3SXgcUEYdvc0MN7FQ0MulCj
jiEJJm/V6iONDF4quiwCoGEB0Qgh0aaDGqiKCb8sLhpNvDyVl3lwAx0HKAtS1elV
FsEN5XAnYlqbDMRKYuYYLGDkJED9xrLyqYnlTB+4zhFz3dPNVaZqW03DCsyZcBQs
9AlOEzV0GW3v6HNx8d2A99hcISzgBpyOmv+TV4zANUV2T5emRz6cK8p3tQPIu91m
AEaxCH1qdpMxTJ/Of8/LvCwH1CIoDQAgrjFWuWA=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsyXW5oAFFLcMgFBVWBwE
dI96cDH6w/ByGc49Ytsi0j5WkVufa6pRIQP04o3w5t6kdx8Qran3wQWNkJTei1Up
xY1G/NjkO+qVp/75V5QYk/QOUdTALtT75PHP9F6LagQpFQ5qIZG3DD67kvsxItcO
ETZsfMi8AHUeY2IDRa5Flj4WaJ2u+3vkJTAbZrtn1QZwRG+F5FVSS3Rn83XX/mwc
vSeayOvQovYUTiCYwc4SowmI7SavgOmB+uNqWXJ/YlIL6zdBPEav1mDyhiQcUS4D
If8xYtJZUBgX999dfZbwd2F8InTnCk0gCAvVqHBeAZuYMxDFFAEpJgqt3kBqSUn2
vQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 326403274454921100617002134103775677449
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Entrust, Inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'See www.entrust.net/legal-terms'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '(c) 2012 Entrust, Inc. - for authorized use only'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Entrust Certification Authority - L1K'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-11-21 14:08:54 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2022-02-20 14:38:53 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CA'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Ontario'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Ottawa'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Health Canada (Department of Health)'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'prod-mbam.ad.hc-sc.gc.ca'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 22615315919456197822560336295065387466089153872484195735521501859871017669497464125185491208150667080367505919714541988651208144027311942869114775577999847385329562852390968069725351857752402800224154265597520263057814818091696603148425222991617321139436213084290682859758705997705819528382146588615699223768743477885712630229546879555223836813669812281255436701762378437212304162755519291742993015426185207796554309945246130412918739844689851345032935326173354761941022897655250691067844633405073704622339398856027026293390841671881363757564061226330078545678923825356069746600247278799953898715359388803948559857341
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (54 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'prod-mbam.ad.hc-sc.gc.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'bitlocker.ad.hc-sc.gc.ca'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (44 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.entrust.net/level1k.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (68 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.114028.10.1.5
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.entrust.net/rpa'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (92 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.entrust.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://aia.entrust.net/l1k-chain256.cer'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 82a27074ddbc533fcf7bd4f7cd7fa760c60a4cbf
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							a09f3301cfb9f6a6cc5b4a43aaf896258807882f
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		0057c639eb1db640b46c9931960d1a9cf0c958ea77c3a15b1a8e2014001b703e763caa554f818148fdf3b12d38b2fa9128264ab0c608407fb5e3a4323c23b189f92a67749781c50461dbdcd0c37b150d0cba50a38e2109266fd5ea238d0c5e2aba2c02a06101d10821d1a6831aa88a09bf2c2e1a4dbc3c95977970031d07280b52d5e95516c10de57027625a9b0cc44a62e6182c60e42440fdc6b2f2a989e54c1fb8ce1173ddd3cd55a66a5b4dc30acc9970142cf4094e133574196defe87371f1dd80f7d85c212ce0069c8e9aff93578cc03545764f97a6473e9c2bca77b503c8bbdd660046b1087d6a7693314c9fce7fcfcbbc2c07d422280d0020ae3156b960