connect.nml-lmn.phac-aspc.gc.ca

- Department of Employment and Social Development Canada (ESDC) -

Issued by Entrust Certification Authority - L1K

About this certificate

This digital certificate with serial number 47:c0:ce:e9:c4:f1:16:29:02:47:24:20:42:1a:ba:16 was issued on by Entrust, Inc..

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Department of Employment and Social Development Canada (ESDC)

Organization: Department of Employment and Social Development Canada (ESDC)
State / Province: Quebec
Locality: Gatineau
Country: CA

Entrust, Inc.

Organization: Entrust, Inc.
Organization unit: See www.entrust.net/legal-terms
Organization unit: (c) 2012 Entrust, Inc. - for authorized use only
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 47:c0:ce:e9:c4:f1:16:29:02:47:24:20:42:1a:ba:16
Serial Number (int): 95376305395058449644600177892456577558
Serial Number lenght: 127 bits, 16 octets

SubjectKeyId: 20:c0:04:51:e4:8f:bb:0d:24:66:e8:ad:67:ca:50:96:ba:e1:7d:3a
AuthorityKeyId: 82:a2:70:74:dd:bc:53:3f:cf:7b:d4:f7:cd:7f:a7:60:c6:0a:4c:bf

Fingerprint (sha1): 34:96:b4:62:86:62:4f:47:2c:7e:e2:d3:6d:ea:25:ff:1e:81:06:1e
Fingerprint (sha256): 55:03:ef:55:0f:21:54:22:29:ef:bd:ec:ee:6e:6a:cc:d2:85:b0:79:f0:ee:a9:9e:52:99:f6:0c:ae:af:96:0d

Issuing Certificate URL: http://aia.entrust.net/l1k-chain256.cer

Revocation information

OCSP Server: http://ocsp.entrust.net
CRL Distribution Point: http://crl.entrust.net/level1k.crl

Check the revocation status for certificate connect.nml-lmn.phac-aspc.gc.ca

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for connect.nml-lmn.phac-aspc.gc.ca

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

connect.nml-lmn.phac-aspc.gc.ca
storefront.nml-lmn.phac-aspc.gc.ca

Other certificates including the domain name phac-aspc.gc.ca

(limited to 100 certificates)
health-infobase.canada.ca
phac-aspc.gc.ca
www.cypc-ccjc.phac-aspc.gc.ca
ccdr-rmtc.phac-aspc.gc.ca
health-infobase.canada.ca
infobase.phac-aspc.gc.ca
ccdr-rmtc.phac-aspc.gc.ca
cbpp-pcpe.phac-aspc.gc.ca
php-psp.phac-aspc.gc.ca
health-infobase.canada.ca
php-psp.phac-aspc.gc.ca
infobase.phac-aspc.gc.ca
ccdr-rmtc.phac-aspc.gc.ca
dev.mg-dsol.mapgears.com
phac-aspc.gc.ca
www.contracts-contrats.phac-aspc.gc.ca
aero-oitc.phac-aspc.gc.ca
lap-dmz-p01.hc-sc.gc.ca
lap-dmz-p01.hc-sc.gc.ca
form-formulaire.phac-aspc.gc.ca
php-psp.phac-aspc.gc.ca
aids.gc.ca
infobase.phac-aspc.gc.ca
www.contracts-contrats.phac-aspc.gc.ca
dev.mg-dsol.mapgears.com
dev.mg-dsol.mapgears.com
lap-dmz-p01.hc-sc.gc.ca
ccdr-rmtc.phac-aspc.gc.ca
www.gcdisclosure-divulgationsc.phac-aspc.gc.ca
connect.nml-lmn.phac-aspc.gc.ca
cbpp-pcpe.phac-aspc.gc.ca
ccdr-rmtc.phac-aspc.gc.ca
tmate-devdbp1.phac-aspc.gc.ca
skills.phac-aspc.gc.ca
cbpp-pcpe.phac-aspc.gc.ca
was855-ihs-prod.hc-sc.gc.ca
www.thexpenses-fraisva.phac-aspc.gc.ca
lap-dmz-p01.hc-sc.gc.ca
ccdr-rmtc.phac-aspc.gc.ca
aids.gc.ca
www.reclassification.phac-aspc.gc.ca
chnintranetrcs.phac-aspc.gc.ca
infobase.phac-aspc.gc.ca
spupprxweb1.hc-sc.gc.ca
aids.gc.ca
infobase.phac-aspc.gc.ca
www.cypc-ccjc.phac-aspc.gc.ca
connect.nml-lmn.phac-aspc.gc.ca
cbpp-pcpe.phac-aspc.gc.ca
vids-siv.phac-aspc.gc.ca
infobase.phac-aspc.gc.ca
cpnp-pcnp.phac-aspc.gc.ca
cpnp-pcnp.phac-aspc.gc.ca
thosss-sssosv.phac-aspc.gc.ca
ttiss-ssit.phac-aspc.gc.ca
phac-aspc.gc.ca
infobase.phac-aspc.gc.ca
popsl15.phac-aspc.gc.ca
phac-aspc.gc.ca
lap-dmz-p01.hc-sc.gc.ca
popsl15.phac-aspc.gc.ca
popsl15.phac-aspc.gc.ca
cphs-sspc.phac-aspc.gc.ca
thcd-dcsv.phac-aspc.gc.ca
phac-aspc.gc.ca
aids.gc.ca
cbpp-pcpe.phac-aspc.gc.ca
phac-aspc.gc.ca
infobase.phac-aspc.gc.ca
cphs-sspc.phac-aspc.gc.ca
php-psp.phac-aspc.gc.ca
infobase.phac-aspc.gc.ca
www.thexpenses-fraisva.phac-aspc.gc.ca
training-formation.phac-aspc.gc.ca
dexa-exad.phac-aspc.gc.ca
www.contracts-contrats.phac-aspc.gc.ca
tmate-devdbp1.phac-aspc.gc.ca
health-infobase.canada.ca
chnintranetrcs.phac-aspc.gc.ca
dev.mg-dsol.mapgears.com
traveller-form.phac-aspc.gc.ca
aids.gc.ca
ccdr-rmtc.phac-aspc.gc.ca
aids.gc.ca
ccdr-rmtc.phac-aspc.gc.ca
aids.gc.ca
training-formation.phac-aspc.gc.ca
infobase.phac-aspc.gc.ca
capc-pace.phac-aspc.gc.ca
vids-siv.phac-aspc.gc.ca
cbpp-pcpe.phac-aspc.gc.ca
www.reclassification.phac-aspc.gc.ca
aids.gc.ca
fileshare.phac-aspc.gc.ca
form-formulaire.phac-aspc.gc.ca
dev.mg-dsol.mapgears.com
dev.mg-dsol.mapgears.com
dev.mg-dsol.mapgears.com
dev.mg-dsol.mapgears.com
training-formation.phac-aspc.gc.ca

Certificate

The complete raw certificate details for connect.nml-lmn.phac-aspc.gc.ca in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIFvjCCBKagAwIBAgIQR8DO6cTxFikCRyQgQhq6FjANBgkqhkiG9w0BAQsFADCB
ujELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsT
H1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAy
MDEyIEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEuMCwG
A1UEAxMlRW50cnVzdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEwxSzAeFw0y
MjEyMDcyMzE4MzJaFw0yNDAxMDcyMzE4MzJaMIGjMQswCQYDVQQGEwJDQTEPMA0G
A1UECBMGUXVlYmVjMREwDwYDVQQHEwhHYXRpbmVhdTFGMEQGA1UEChM9RGVwYXJ0
bWVudCBvZiBFbXBsb3ltZW50IGFuZCBTb2NpYWwgRGV2ZWxvcG1lbnQgQ2FuYWRh
IChFU0RDKTEoMCYGA1UEAxMfY29ubmVjdC5ubWwtbG1uLnBoYWMtYXNwYy5nYy5j
YTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALCOOqALEgXWYrfgqL2a
VosFsd+wyqNXMCXm6lAHK8si+OPRXXyrjxkrhbigT11i9TFMFmsnSbDkrU2MrBhr
oMThJ6rI3qVnoaLBjpJdDp3fiual3efP2q0n0cxzhHUPzpqUBHgVQQkBpqqQwsER
g/XjDGENI+IEqxFpnwxmREcf5g1bbr+WSvU26WvGQWeyUzVP3igMpy0iWGx3/XWa
4RIqVolLIjzAd9JyQ+UPAW2i/SbMtI9zZyhIMXoVT1aNW5m65KDErbwdqQlWF688
uXf2QyCzmWVUX7CBvqvVX9abl9L85/FsaeNU4bUa6vXtCxa3vNy4icQjT2XZjlB9
zIsCAwEAAaOCAdMwggHPMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFCDABFHkj7sN
JGborWfKUJa64X06MB8GA1UdIwQYMBaAFIKicHTdvFM/z3vU981/p2DGCky/MGgG
CCsGAQUFBwEBBFwwWjAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZW50cnVzdC5u
ZXQwMwYIKwYBBQUHMAKGJ2h0dHA6Ly9haWEuZW50cnVzdC5uZXQvbDFrLWNoYWlu
MjU2LmNlcjAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8vY3JsLmVudHJ1c3QubmV0
L2xldmVsMWsuY3JsME4GA1UdEQRHMEWCH2Nvbm5lY3Qubm1sLWxtbi5waGFjLWFz
cGMuZ2MuY2GCInN0b3JlZnJvbnQubm1sLWxtbi5waGFjLWFzcGMuZ2MuY2EwDgYD
VR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBMBgNV
HSAERTBDMDcGCmCGSAGG+mwKAQUwKTAnBggrBgEFBQcCARYbaHR0cHM6Ly93d3cu
ZW50cnVzdC5uZXQvcnBhMAgGBmeBDAECAjATBgorBgEEAdZ5AgQDAQH/BAIFADAN
BgkqhkiG9w0BAQsFAAOCAQEArgNrnT8BFV8nwvHCbE8Q0CMQwqaJcgmk1xtfKeNc
z4KGTogeQhmXVxaYgUFyIa7Jr3jcZpNVWXifdqRz+kfHKI4xsV6H593O00wf5YFT
GRNrEYAQwWp1eCqIkfVjNolO9FeUUzUOxMgotsVjCe+kKc/jWjAq3x0H8Vcy1czK
ht+Ec0/Osf7xCnB09dfFwo7PSrDh5q6U6PCUc+k+jEGZrUpSS2pJF1FGZIdYOmCq
LagrmCuOtQWmneEsI2WkRx43HfVK9c7jf54tOFmtoHSXj7BxFIscOLyRzE+8njr1
DVRF6oVRtBZ4rqgMU/SvGP8Ui5YeApW9K+6gQDtKV1OK5g==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsI46oAsSBdZit+CovZpW
iwWx37DKo1cwJebqUAcryyL449FdfKuPGSuFuKBPXWL1MUwWaydJsOStTYysGGug
xOEnqsjepWehosGOkl0Ond+K5qXd58/arSfRzHOEdQ/OmpQEeBVBCQGmqpDCwRGD
9eMMYQ0j4gSrEWmfDGZERx/mDVtuv5ZK9Tbpa8ZBZ7JTNU/eKAynLSJYbHf9dZrh
EipWiUsiPMB30nJD5Q8BbaL9Jsy0j3NnKEgxehVPVo1bmbrkoMStvB2pCVYXrzy5
d/ZDILOZZVRfsIG+q9Vf1puX0vzn8Wxp41ThtRrq9e0LFre83LiJxCNPZdmOUH3M
iwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 95376305395058449644600177892456577558
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Entrust, Inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'See www.entrust.net/legal-terms'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '(c) 2012 Entrust, Inc. - for authorized use only'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Entrust Certification Authority - L1K'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2022-12-07 23:18:32 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-01-07 23:18:32 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CA'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Quebec'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Gatineau'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Department of Employment and Social Development Canada (ESDC)'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'connect.nml-lmn.phac-aspc.gc.ca'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 22288077410172543855060031767008826908320601595148161603772989705152027346747243778304464499858190534041681549961665399111279918899618078863428732120445166452798233215456953704276737181913835311907947136932224890465474459858690912481984752548303325986187256408353047034437358283847094824767277560096620203753469428804125970200515787989395076847409155257458919859961784379992769891791184501705283895334719964604582327229103173807247531792851856279599718403727889745631054663072457735221441205859722827769218663128931947876438673801391393545501495671196751658206254461878110852403135417683160572693300082372297371798667
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							20c00451e48fbb0d2466e8ad67ca5096bae17d3a
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 82a27074ddbc533fcf7bd4f7cd7fa760c60a4cbf
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (92 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.entrust.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://aia.entrust.net/l1k-chain256.cer'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (44 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.entrust.net/level1k.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (71 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'connect.nml-lmn.phac-aspc.gc.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'storefront.nml-lmn.phac-aspc.gc.ca'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (69 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.114028.10.1.5
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.entrust.net/rpa'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00ae036b9d3f01155f27c2f1c26c4f10d02310c2a6897209a4d71b5f29e35ccf82864e881e42199757169881417221aec9af78dc66935559789f76a473fa47c7288e31b15e87e7ddced34c1fe5815319136b118010c16a75782a8891f56336894ef4579453350ec4c828b6c56309efa429cfe35a302adf1d07f15732d5ccca86df84734fceb1fef10a7074f5d7c5c28ecf4ab0e1e6ae94e8f09473e93e8c4199ad4a524b6a491751466487583a60aa2da82b982b8eb505a69de12c2365a4471e371df54af5cee37f9e2d3859ada074978fb071148b1c38bc91cc4fbc9e3af50d5445ea8551b41678aea80c53f4af18ff148b961e0295bd2beea0403b4a57538ae6