ssl-templates.services.gc.ca
- Department of Employment and Social Development Canada (ESDC) -
Issued by Entrust Certification Authority - L1M
About this certificate
This digital certificate with serial number 54:cb:ec:39 was issued on by Entrust, Inc..
This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- EV certificates must be 27 months in validity or less (EVGs 1.0: 8(a), EVGs 1.6.1: 9.4)
- Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)
- The keyUsage extension SHOULD be critical (RFC 5280: 4.2.1.3)
Department of Employment and Social Development Canada (ESDC)
Company registration number:
20-07-2005
Organization: Department of Employment and Social Development Canada (ESDC)
Organization unit: HRSDC-RHDCC
Organization: Department of Employment and Social Development Canada (ESDC)
Organization unit: HRSDC-RHDCC
State / Province:
Quebec
Locality: Gatineau
Country: CA
Locality: Gatineau
Country: CA
Entrust, Inc.
Organization:
Entrust, Inc.
Organization unit: See www.entrust.net/legal-terms
Organization unit: (c) 2014 Entrust, Inc. - for authorized use only
Organization unit: See www.entrust.net/legal-terms
Organization unit: (c) 2014 Entrust, Inc. - for authorized use only
Country:
US
This certificate has expire since
Certificate Details
Serial Number (hex): 54:cb:ec:39Serial Number (int): 1422650425
Serial Number lenght: 31 bits, 4 octets
SubjectKeyId: b0:e0:40:99:6d:d0:77:d9:87:c0:a6:f1:09:39:23:6e:92:56:03:a6
AuthorityKeyId: c3:f7:d0:b5:2a:30:ad:af:0d:91:21:70:39:54:dd:bc:89:70:c7:3a
Fingerprint (sha1): 46:f3:99:e1:da:ec:d7:6a:af:5f:82:be:4a:8c:13:c7:03:38:20:17
Fingerprint (sha256): 47:60:22:d4:97:f5:17:70:2c:49:75:67:9d:15:f0:8c:66:f1:4a:a1:49:bc:00:c7:2c:e6:ed:f8:cb:f6:fb:58
Issuing Certificate URL: http://aia.entrust.net/l1m-chain256.cer
Revocation information
OCSP Server: http://ocsp.entrust.netCRL Distribution Point: http://crl.entrust.net/level1m.crl
Check the revocation status for certificate ssl-templates.services.gc.ca
1
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for ssl-templates.services.gc.ca
Public Key Algorithm
RSA
Key Size
2048
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
10 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
ssl-templates.services.gc.ca
Other certificates including the domain name services.gc.ca
(limited to 100 certificates)
srv137.services.gc.ca
srv115.services.gc.ca
srv129.services.gc.ca
srv132.services.gc.ca
ECDSA-srv253.services.gc.ca
srv100.services.gc.ca
srv404s.services.gc.ca
srv130.services.gc.ca
srv253.services.gc.ca
creative.services.gc.ca
srv252.services.gc.ca
srv130.services.gc.ca
srv115.services.gc.ca
srv253.services.gc.ca
srv270.hrdc-drhc.gc.ca
srv146.services.gc.ca
srv265.hrdc-drhc.gc.ca
mah-lb.services.gc.ca
cc.services.gc.ca
srv145.services.gc.ca
srv137.services.gc.ca
srv129.services.gc.ca
srv136.services.gc.ca
srv129.services.gc.ca
srv111.services.gc.ca
srv146.services.gc.ca
srv137.services.gc.ca
srv156.services.gc.ca
srv100.services.gc.ca
srv145.services.gc.ca
creative.services.gc.ca
srv253.services.gc.ca
*.hrdc-drhc.net
srv137.services.gc.ca
srv404s.services.gc.ca
srv270.hrdc-drhc.gc.ca
srv404s.services.gc.ca
srv404s.services.gc.ca
docupl-encaps.services.gc.ca
srv251.services.gc.ca
srv136.services.gc.ca
srv137.services.gc.ca
srv265.hrdc-drhc.gc.ca
srv253.services.gc.ca
srv115.services.gc.ca
templates.services.gc.ca
srv115.services.gc.ca
srv111.services.gc.ca
srv100.services.gc.ca
srv388.services.gc.ca
srv253.services.gc.ca
srv404s.services.gc.ca
benefitsfinder.services.gc.ca
srv146.services.gc.ca
srv114.services.gc.ca
srv263.services.gc.ca
srv253.services.gc.ca
srv404s.services.gc.ca
srv253.services.gc.ca
srv217.services.gc.ca
srv115.services.gc.ca
srv145.services.gc.ca
srv404s.services.gc.ca
srv138.services.gc.ca
srv115.services.gc.ca
srv133.services.gc.ca
creative.services.gc.ca
srv145.services.gc.ca
srv404s.services.gc.ca
srv132.services.gc.ca
srv133.services.gc.ca
srv129.services.gc.ca
srv136.services.gc.ca
srv122.services.gc.ca
srv135.services.gc.ca
srv404s.services.gc.ca
srv144.services.gc.ca
docupl-encaps.services.gc.ca
srv745.services.gc.ca
ssl-templates.services.gc.ca
srv130.services.gc.ca
srv129.services.gc.ca
srv136.services.gc.ca
noc.esdc.gc.ca
srv132.services.gc.ca
srv253.services.gc.ca
*.dev.services.gc.ca
srv251.services.gc.ca
srv132.services.gc.ca
srv132.services.gc.ca
srv136.services.gc.ca
creative.services.gc.ca
srv212.services.gc.ca
srv130.services.gc.ca
srv404s.services.gc.ca
srv602.services.gc.ca
srv130.services.gc.ca
srv144.services.gc.ca
srv156.services.gc.ca
srv111.services.gc.ca
srv115.services.gc.ca
srv129.services.gc.ca
srv132.services.gc.ca
ECDSA-srv253.services.gc.ca
srv100.services.gc.ca
srv404s.services.gc.ca
srv130.services.gc.ca
srv253.services.gc.ca
creative.services.gc.ca
srv252.services.gc.ca
srv130.services.gc.ca
srv115.services.gc.ca
srv253.services.gc.ca
srv270.hrdc-drhc.gc.ca
srv146.services.gc.ca
srv265.hrdc-drhc.gc.ca
mah-lb.services.gc.ca
cc.services.gc.ca
srv145.services.gc.ca
srv137.services.gc.ca
srv129.services.gc.ca
srv136.services.gc.ca
srv129.services.gc.ca
srv111.services.gc.ca
srv146.services.gc.ca
srv137.services.gc.ca
srv156.services.gc.ca
srv100.services.gc.ca
srv145.services.gc.ca
creative.services.gc.ca
srv253.services.gc.ca
*.hrdc-drhc.net
srv137.services.gc.ca
srv404s.services.gc.ca
srv270.hrdc-drhc.gc.ca
srv404s.services.gc.ca
srv404s.services.gc.ca
docupl-encaps.services.gc.ca
srv251.services.gc.ca
srv136.services.gc.ca
srv137.services.gc.ca
srv265.hrdc-drhc.gc.ca
srv253.services.gc.ca
srv115.services.gc.ca
templates.services.gc.ca
srv115.services.gc.ca
srv111.services.gc.ca
srv100.services.gc.ca
srv388.services.gc.ca
srv253.services.gc.ca
srv404s.services.gc.ca
benefitsfinder.services.gc.ca
srv146.services.gc.ca
srv114.services.gc.ca
srv263.services.gc.ca
srv253.services.gc.ca
srv404s.services.gc.ca
srv253.services.gc.ca
srv217.services.gc.ca
srv115.services.gc.ca
srv145.services.gc.ca
srv404s.services.gc.ca
srv138.services.gc.ca
srv115.services.gc.ca
srv133.services.gc.ca
creative.services.gc.ca
srv145.services.gc.ca
srv404s.services.gc.ca
srv132.services.gc.ca
srv133.services.gc.ca
srv129.services.gc.ca
srv136.services.gc.ca
srv122.services.gc.ca
srv135.services.gc.ca
srv404s.services.gc.ca
srv144.services.gc.ca
docupl-encaps.services.gc.ca
srv745.services.gc.ca
ssl-templates.services.gc.ca
srv130.services.gc.ca
srv129.services.gc.ca
srv136.services.gc.ca
noc.esdc.gc.ca
srv132.services.gc.ca
srv253.services.gc.ca
*.dev.services.gc.ca
srv251.services.gc.ca
srv132.services.gc.ca
srv132.services.gc.ca
srv136.services.gc.ca
creative.services.gc.ca
srv212.services.gc.ca
srv130.services.gc.ca
srv404s.services.gc.ca
srv602.services.gc.ca
srv130.services.gc.ca
srv144.services.gc.ca
srv156.services.gc.ca
srv111.services.gc.ca
Certificate
The complete raw certificate details for ssl-templates.services.gc.ca in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIHuDCCBqCgAwIBAgIEVMvsOTANBgkqhkiG9w0BAQsFADCBujELMAkGA1UEBhMC VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50 cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDE0IEVudHJ1c3Qs IEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEuMCwGA1UEAxMlRW50cnVz dCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEwxTTAeFw0xNTAyMjYxNjE0NTRa Fw0xNzA1MjcwNTA3MTVaMIH8MQswCQYDVQQGEwJDQTEPMA0GA1UECBMGUXVlYmVj MREwDwYDVQQHEwhHYXRpbmVhdTETMBEGCysGAQQBgjc8AgEDEwJDQTFGMEQGA1UE ChM9RGVwYXJ0bWVudCBvZiBFbXBsb3ltZW50IGFuZCBTb2NpYWwgRGV2ZWxvcG1l bnQgQ2FuYWRhIChFU0RDKTEaMBgGA1UEDxMRR292ZXJubWVudCBFbnRpdHkxFDAS BgNVBAsTC0hSU0RDLVJIRENDMRMwEQYDVQQFEwoyMC0wNy0yMDA1MSUwIwYDVQQD Exxzc2wtdGVtcGxhdGVzLnNlcnZpY2VzLmdjLmNhMIIBIjANBgkqhkiG9w0BAQEF AAOCAQ8AMIIBCgKCAQEAr9jDHpuGTSlcLVQ6rSgxkh0+z2VjvKR+s0PK/ZDguWmF wuc6mnurYBZKMI0lLttICYjDijnQISGW1xK+5ciYSkTyIwVgqktbzfx+zWPB3pBi +kCAQXcVr3LRK3CMFSWaJa+aEqQWDIBP5zMCgqB+wUpJ+ujTgXfifvYjFPE25tT5 wRXQecHCUFoulnKnWoHILvuD2BQGF7Gn2iPvvcegXK7sdWj6SpuLDIyMkY6kivfe N/mtqSMWXa0g+smmkJV1Bkx+3Cbps/eTnAAYrdiIJaXGGprgacLUZDLGxNerlYkh G8LkOF6CMbIPvm76j6zHcpIIvy5PpNy+8NEizIsBIwIDAQABo4IDgDCCA3wwJwYD VR0RBCAwHoIcc3NsLXRlbXBsYXRlcy5zZXJ2aWNlcy5nYy5jYTCCAfYGCisGAQQB 1nkCBAIEggHmBIIB4gHgAHYAaPaY+B9kgr46jO65KB1M/HFRXWeT1ETRCmesu09P +8QAAAFLxsZ15wAABAMARzBFAiEA27O0/MaTpS/pb9/8mLBHdlECPCFSpqJ3uuoO VyUTiqcCIG2kswe3bW9a2zTFgKafsJFY0RvGuEpV4AvdPUBg22SnAHUAVhQGmi/X wuzT9eG9RLI+x0Z2ubyZEVzA75SYVdaJ0N0AAAFLxsZ63AAABAMARjBEAiBJuuWI Sneki9+PdnBnw8KMxiqNJvLYsmtwRW2K2+Ke9AIgaAObILMB1zCHL/bqdqaj/9UK ZEM5qg8hhuX4OwxgVmMAdwCkuQmQtBhYFIe7E6LMZ3AKPDWYBPkb37jjd80OyA3c EAAAAUvGxn4tAAAEAwBIMEYCIQCLH++fBmu7Ts0mIgdfhpvQR1TehzCY5pTfACli XGjFaAIhANjEsrnpZpfhtbCeamfnxYArS69nFlVvSApJciMoLcOhAHYA7ku9t3XO YLrhQmkfq+GeZqMPfl+wctiDAMR7iXqo/csAAAFLxsaC7AAABAMARzBFAiEAnLSI FVQz1Ml24Q1qwBW6EKyosH8k3pY26LrZNMZuQr0CIEzqqRQqTT55jas2QC1cxHt6 eX/JnSqftmYhLcRn+2xuMAsGA1UdDwQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcD AQYIKwYBBQUHAwIwaAYIKwYBBQUHAQEEXDBaMCMGCCsGAQUFBzABhhdodHRwOi8v b2NzcC5lbnRydXN0Lm5ldDAzBggrBgEFBQcwAoYnaHR0cDovL2FpYS5lbnRydXN0 Lm5ldC9sMW0tY2hhaW4yNTYuY2VyMDMGA1UdHwQsMCowKKAmoCSGImh0dHA6Ly9j cmwuZW50cnVzdC5uZXQvbGV2ZWwxbS5jcmwwQQYDVR0gBDowODA2BgpghkgBhvps CgECMCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly93d3cuZW50cnVzdC5uZXQvcnBhMB8G A1UdIwQYMBaAFMP30LUqMK2vDZEhcDlU3byJcMc6MB0GA1UdDgQWBBSw4ECZbdB3 2YfApvEJOSNuklYDpjAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQArqgPp vRYNRau9aYyieAm6/s3VS6DRo+6T21eQ3Y4cFzFzcdjXkTXfTi5TE+btRYgx0wqv iotvCV8CIvWsY/tOmRgaQ+d7K3a1W5tz8/DP77FxB2RgvYAK3sSYRNDeTpkXzGDw 9yUWQGe6iwLSOZB58k4I+t+kxquBrcNkJp2ik4r1/a2BQaJVk6KYqTXo38XCZbSo BPtcwjLjk1vAK3MSBntPUi8VDNigkrLvvlDZz5Cc57N68jLMVSZiQs7niddHC5QS Fm9/nK20E3sUd6jT7AJLcuEy9kQ8t66nX5Xkdyb9pY7DQdNEbGZWJDMiMnNCiZFd p3Z0J74r8cp/Sb0m -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr9jDHpuGTSlcLVQ6rSgx kh0+z2VjvKR+s0PK/ZDguWmFwuc6mnurYBZKMI0lLttICYjDijnQISGW1xK+5ciY SkTyIwVgqktbzfx+zWPB3pBi+kCAQXcVr3LRK3CMFSWaJa+aEqQWDIBP5zMCgqB+ wUpJ+ujTgXfifvYjFPE25tT5wRXQecHCUFoulnKnWoHILvuD2BQGF7Gn2iPvvceg XK7sdWj6SpuLDIyMkY6kivfeN/mtqSMWXa0g+smmkJV1Bkx+3Cbps/eTnAAYrdiI JaXGGprgacLUZDLGxNerlYkhG8LkOF6CMbIPvm76j6zHcpIIvy5PpNy+8NEizIsB IwIDAQAB -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 1422650425 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Entrust, Inc.' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'See www.entrust.net/legal-terms' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '(c) 2014 Entrust, Inc. - for authorized use only' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Entrust Certification Authority - L1M' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2015-02-26 16:14:54 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2017-05-27 05:07:15 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CA' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Quebec' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Gatineau' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.60.2.1.3 (jurisdictionOfIncorporationC) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CA' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Department of Employment and Social Development Canada (ESDC)' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.15 (businessCategory) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Government Entity' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'HRSDC-RHDCC' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.5 (serialNumber) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '20-07-2005' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'ssl-templates.services.gc.ca' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 22198592786693334256009349975103786934921309888691623645787263392124821833940933902194544941721239766536705674010913612681741699294051504973045217644195215316872189541329929971879374757298203113688866397580530732387157441186605534544700756662987415575950483779753643396740232627285683791220401726453992609201187438663489544621380009396897024862365166004871056783458977695114477787785968724963801539137872839487074035362434919573359970485403738572312922662129120101539098515692460755367133503772251209461015717796538616772428420571686714927627656855158373372747439758511486938852575137769575342578168300070217464873251 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (32 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ssl-templates.services.gc.ca' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (486 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (482 bytes) 01e000760068f698f81f6482be3a8ceeb9281d4cfc71515d6793d444d10a67acbb4f4ffbc40000014bc6c675e70000040300473045022100dbb3b4fcc693a52fe96fdffc98b0477651023c2152a6a277baea0e5725138aa702206da4b307b76d6f5adb34c580a69fb09158d11bc6b84a55e00bdd3d4060db64a70075005614069a2fd7c2ecd3f5e1bd44b23ec74676b9bc99115cc0ef949855d689d0dd0000014bc6c67adc0000040300463044022049bae5884a77a48bdf8f767067c3c28cc62a8d26f2d8b26b70456d8adbe29ef4022068039b20b301d730872ff6ea76a6a3ffd50a644339aa0f2186e5f83b0c605663007700a4b90990b418581487bb13a2cc67700a3c359804f91bdfb8e377cd0ec80ddc100000014bc6c67e2d00000403004830460221008b1fef9f066bbb4ecd2622075f869bd04754de873098e694df0029625c68c568022100d8c4b2b9e96697e1b5b09e6a67e7c5802b4baf6716556f480a497223282dc3a1007600ee4bbdb775ce60bae142691fabe19e66a30f7e5fb072d88300c47b897aa8fdcb0000014bc6c682ec00000403004730450221009cb488155433d4c976e10d6ac015ba10aca8b07f24de9636e8bad934c66e42bd02204ceaa9142a4d3e798dab36402d5cc47b7a797fc99d2a9fb666212dc467fb6c6e . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (92 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.entrust.net' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://aia.entrust.net/l1m-chain256.cer' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (44 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.entrust.net/level1m.crl' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (58 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.114028.10.1.2 (Entrust EV policy) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.entrust.net/rpa' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName c3f7d0b52a30adaf0d9121703954ddbc8970c73a . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) b0e040996dd077d987c0a6f10939236e925603a6 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 002baa03e9bd160d45abbd698ca27809bafecdd54ba0d1a3ee93db5790dd8e1c17317371d8d79135df4e2e5313e6ed458831d30aaf8a8b6f095f0222f5ac63fb4e99181a43e77b2b76b55b9b73f3f0cfefb171076460bd800adec49844d0de4e9917cc60f0f725164067ba8b02d2399079f24e08fadfa4c6ab81adc364269da2938af5fdad8141a25593a298a935e8dfc5c265b4a804fb5cc232e3935bc02b7312067b4f522f150cd8a092b2efbe50d9cf909ce7b37af232cc55266242cee789d7470b9412166f7f9cadb4137b1477a8d3ec024b72e132f6443cb7aea75f95e47726fda58ec341d3446c665624332232734289915da7767427be2bf1ca7f49bd26