mail.highmark.com

- Highmark -

Issued by Entrust Certification Authority - L1K

About this certificate

This digital certificate with serial number 26:8e:2d:8c:bc:11:b3:44:00:00:00:00:50:fc:07:62 was issued on by Entrust, Inc..

With 14 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Highmark

Organization: Highmark
State / Province: Pennsylvania
Locality: Pittsburgh
Country: US

Entrust, Inc.

Organization: Entrust, Inc.
Organization unit: See www.entrust.net/legal-terms
Organization unit: (c) 2012 Entrust, Inc. - for authorized use only
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 26:8e:2d:8c:bc:11:b3:44:00:00:00:00:50:fc:07:62
Serial Number (int): 51248893852318245159097691788193564514
Serial Number lenght: 126 bits, 16 octets

SubjectKeyId: a2:ce:4b:3d:a1:61:57:0e:f1:db:fd:8c:1e:a6:ce:39:ae:d2:94:94
AuthorityKeyId: 82:a2:70:74:dd:bc:53:3f:cf:7b:d4:f7:cd:7f:a7:60:c6:0a:4c:bf

Fingerprint (sha1): 20:f0:b3:0b:9d:bc:de:00:34:4f:8c:48:99:e1:52:93:ac:f2:c0:03
Fingerprint (sha256): 4e:f5:0c:e5:28:34:70:76:52:b8:dd:ea:3b:d2:2f:ce:15:79:d0:36:7e:c7:7b:40:65:c8:dc:84:54:09:41:99

Issuing Certificate URL: http://aia.entrust.net/l1k-chain256.cer

Revocation information

OCSP Server: http://ocsp.entrust.net
CRL Distribution Point: http://crl.entrust.net/level1k.crl

Check the revocation status for certificate mail.highmark.com

14

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for mail.highmark.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

mail.highmark.com
www.mail.highmark.com
owa2.highmark.com
owa.highmark.com
casproxy.highmark.com
autodiscover.highmark.com
autodiscover.hmhs.com
autodiscover.highmarkhealth.org
autodiscover.hminsurancegroup.com
autodiscover.hmig.com
autodiscover.thryvedigital.com
autodiscover.hmhcs.com
autodiscover.ucci.com
autodiscover.rbsre.com

Other certificates including the domain name highmark.com

(limited to 100 certificates)
membership.highmark.com
www.kilvingtonsofleeds.com
ahnvdi.highmark.com
ebill.highmark.com
fsmsgtest.highmark.com
hmbrsstp02.highmark.com
fs.highmark.com
remac.app
gatewayvdi.highmark.com
mailgate.highmark.com
hmsso.highmark.com
plnadvtenv3.highmark.com
nicecr-test.highmark.com
services.highmark.com
api-test.highmark.com
cdsso.highmark.com
hmbrvctp57.highmark.com
*.highmark.com
www.highmark.com
mnvdibretz.highmark.com
dev.chat.highmark.com
apbrdsfp01.highmark.com
hmexternal.highmark.com
minengineer.com
www.highmark.com
vcom5.highmark.com
icollaborate.highmark.com
HMHSTestFederationEncryptionCert2018.highmark.com
sipcomlab.highmark.com
gatewayvdi.highmark.com
epmtest.highmark.com
activegate.highmark.com
viewdev.highmark.com
bullet-train.highmark.com
espanol.highmark.com
www.isacampillo.com.mx
cdssotest.highmark.com
prc.highmark.com
secure.highmark.com
cornerstone.lifebrand.life
HMHSFederationSigningCert2025.highmark.com
vdiglobaldev10.highmark.com
plnadvtenv2.highmark.com
remac.app
servicestest.highmark.com
polydmaedgesft.highmark.com
ftp.highmark.com
epmtest.highmark.com
isec.highmark.com
viewops.highmark.com
auth.highmark.com
servicestest.highmark.com
nicecr.highmark.com
reservations.highmarkbcbs.com
cdsso.highmark.com
adminrpad2.highmark.com
teleperformancevdi.highmark.com
campaign2.highmark.com
www.sessiontracing.com
services.highmark.com
vdiglobalic.highmark.com
reservations.highmark.com
apbrptrp02.highmark.com
servicestest.highmark.com
hmssotest.highmark.com
www.highmark.com
www.easteden.app
medicare.highmark.com
vdiglobal10.highmark.com
viewdev.highmark.com
webservicestest3.highmark.com
shop.highmark.com
www.highmarkinsights.com
secure.highmark.com
viewadmin.highmark.com
hmbrdsfp09.highmark.com
*.stage.nlpenablement.highmark.com
thryvevdi1.highmark.com
bcbsmntest.highmark.com
vdiglobaldev10.highmark.com
services.highmark.com
gcomgate5.highmark.com
www.sessiontracing.com
member.highmark.com
thryvevdi1.highmark.com
cdn.highmark.com
campaigntenv3-m.highmark.com
beta.metamoneybr.com.br
projectdesire.eu
hmssotest.highmark.com
securecms.highmark.com
ftp.highmark.com
producer.highmark.com
staging.signin.highmark.com
adminrpad1.highmark.com
mailmanager.highmark.com
HMHSFederationEncryptionCert2018.highmark.com
mwps-cbtest.highmark.com
servicestest.highmark.com
bcbsmn.highmark.com

Certificate

The complete raw certificate details for mail.highmark.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIGmTCCBYGgAwIBAgIQJo4tjLwRs0QAAAAAUPwHYjANBgkqhkiG9w0BAQsFADCB
ujELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsT
H1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAy
MDEyIEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEuMCwG
A1UEAxMlRW50cnVzdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEwxSzAeFw0x
OTEyMTgxMzIwMDhaFw0yMTEyMTgxMzUwMDdaMGgxCzAJBgNVBAYTAlVTMRUwEwYD
VQQIEwxQZW5uc3lsdmFuaWExEzARBgNVBAcTClBpdHRzYnVyZ2gxETAPBgNVBAoT
CEhpZ2htYXJrMRowGAYDVQQDExFtYWlsLmhpZ2htYXJrLmNvbTCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBAMnyC+gSWQHdaZkz94tPGzA8y69257bT1Ok4
p8UD1obztl+YemES1iAIuVFJvgWK5BwNv8Nsrj+Q2wewEFUrYlrSvWY1otVvHNL3
5eJVpEsURi3DuCOdl3VT4BO+WPIKL5l7pDnyvPOV+Gv1JnJoELZPSdwpO0CV45f7
VBPukW5Me+VSHa4W6nbUt5E/Cxr0dBPBDKdjmDxqBWcRF/r3tQblL/jIYA6XdLq9
bNjQzmROsdvE2JMKYgpmDcq0R9isb5zf8LA0v88uqZoO94z4Hy6s2B4NKCjtezt4
mLmkvaEPhg8y+7CKBwupxhnlDz1Ta+de5YK4KeSiSgHkDrLtev8CAwEAAaOCAuow
ggLmMBMGCisGAQQB1nkCBAMBAf8EAgUAMIIBZwYDVR0RBIIBXjCCAVqCEW1haWwu
aGlnaG1hcmsuY29tghV3d3cubWFpbC5oaWdobWFyay5jb22CEW93YTIuaGlnaG1h
cmsuY29tghBvd2EuaGlnaG1hcmsuY29tghVjYXNwcm94eS5oaWdobWFyay5jb22C
GWF1dG9kaXNjb3Zlci5oaWdobWFyay5jb22CFWF1dG9kaXNjb3Zlci5obWhzLmNv
bYIfYXV0b2Rpc2NvdmVyLmhpZ2htYXJraGVhbHRoLm9yZ4IhYXV0b2Rpc2NvdmVy
LmhtaW5zdXJhbmNlZ3JvdXAuY29tghVhdXRvZGlzY292ZXIuaG1pZy5jb22CHmF1
dG9kaXNjb3Zlci50aHJ5dmVkaWdpdGFsLmNvbYIWYXV0b2Rpc2NvdmVyLmhtaGNz
LmNvbYIVYXV0b2Rpc2NvdmVyLnVjY2kuY29tghZhdXRvZGlzY292ZXIucmJzcmUu
Y29tMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH
AwIwMwYDVR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5lbnRydXN0Lm5ldC9sZXZl
bDFrLmNybDBLBgNVHSAERDBCMDYGCmCGSAGG+mwKAQUwKDAmBggrBgEFBQcCARYa
aHR0cDovL3d3dy5lbnRydXN0Lm5ldC9ycGEwCAYGZ4EMAQICMGgGCCsGAQUFBwEB
BFwwWjAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZW50cnVzdC5uZXQwMwYIKwYB
BQUHMAKGJ2h0dHA6Ly9haWEuZW50cnVzdC5uZXQvbDFrLWNoYWluMjU2LmNlcjAf
BgNVHSMEGDAWgBSConB03bxTP8971PfNf6dgxgpMvzAdBgNVHQ4EFgQUos5LPaFh
Vw7x2/2MHqbOOa7SlJQwCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEANnIn
Wz/M2nt7ohP7x2cloV7byPKCVFVF7O64fg/UgyX9F0+2WeWOzAzOS634cwhFqhkx
BRJ6bG90ZQp4VdiWWHaFFl39ewcGwRpbLG/IjIupk5IipO+S1SUzbWdjZeqPZKjV
yB77kkg5IPoCKen9ReP95qgk1gJYKBmdhqcuNAiGY8U3CdBYwd1ZusCNE5ULMd6q
5IySK45rRfLZq0JTNqtFoJCOZQ+yxL21NwOSLmG38g1/3boODwY75Iw88rcr6m2Q
y70yX6Rx3bUeuvhNe68WPwzWoBGzk8A19n9f0lpa1y/A2izT90HkmpGOqMGeWzFp
fIQT/UhVXP1Pbr6VGg==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyfIL6BJZAd1pmTP3i08b
MDzLr3bnttPU6TinxQPWhvO2X5h6YRLWIAi5UUm+BYrkHA2/w2yuP5DbB7AQVSti
WtK9ZjWi1W8c0vfl4lWkSxRGLcO4I52XdVPgE75Y8govmXukOfK885X4a/UmcmgQ
tk9J3Ck7QJXjl/tUE+6Rbkx75VIdrhbqdtS3kT8LGvR0E8EMp2OYPGoFZxEX+ve1
BuUv+MhgDpd0ur1s2NDOZE6x28TYkwpiCmYNyrRH2KxvnN/wsDS/zy6pmg73jPgf
LqzYHg0oKO17O3iYuaS9oQ+GDzL7sIoHC6nGGeUPPVNr517lgrgp5KJKAeQOsu16
/wIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 51248893852318245159097691788193564514
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Entrust, Inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'See www.entrust.net/legal-terms'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '(c) 2012 Entrust, Inc. - for authorized use only'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Entrust Certification Authority - L1K'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-12-18 13:20:08 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2021-12-18 13:50:07 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Pennsylvania'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Pittsburgh'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Highmark'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'mail.highmark.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 25493256880718949417700672248772963999800819801549514643954197199246833959835480699048261677284604141940586659660069395885299088686332911189928071997464162768433661516329228742479065983753668070352293347183598054077425494771540893539857965362559944053392351029827101939115375723539921134693372657556071024560847685842778675407327242851867780319594480266654255722978605707466084583555686060446146395491653915646623320685337486328005914388529662939865418207148990502644436177227448852519928754199724402791742826234004479437463178055287290829776882889893285650680346031336471899108156355631706458574597924017840581343999
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (350 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mail.highmark.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.mail.highmark.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'owa2.highmark.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'owa.highmark.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'casproxy.highmark.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'autodiscover.highmark.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'autodiscover.hmhs.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'autodiscover.highmarkhealth.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'autodiscover.hminsurancegroup.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'autodiscover.hmig.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'autodiscover.thryvedigital.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'autodiscover.hmhcs.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'autodiscover.ucci.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'autodiscover.rbsre.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (44 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.entrust.net/level1k.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (68 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.114028.10.1.5
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.entrust.net/rpa'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (92 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.entrust.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://aia.entrust.net/l1k-chain256.cer'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 82a27074ddbc533fcf7bd4f7cd7fa760c60a4cbf
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							a2ce4b3da161570ef1dbfd8c1ea6ce39aed29494
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		003672275b3fccda7b7ba213fbc76725a15edbc8f282545545eceeb87e0fd48325fd174fb659e58ecc0cce4badf8730845aa193105127a6c6f74650a7855d896587685165dfd7b0706c11a5b2c6fc88c8ba9939222a4ef92d525336d676365ea8f64a8d5c81efb92483920fa0229e9fd45e3fde6a824d6025828199d86a72e34088663c53709d058c1dd59bac08d13950b31deaae48c922b8e6b45f2d9ab425336ab45a0908e650fb2c4bdb53703922e61b7f20d7fddba0e0f063be48c3cf2b72bea6d90cbbd325fa471ddb51ebaf84d7baf163f0cd6a011b393c035f67f5fd25a5ad72fc0da2cd3f741e49a918ea8c19e5b31697c8413fd48555cfd4f6ebe951a