extern.cic.gc.ca
- Citizenship and Immigration Canada -
Issued by Entrust Certification Authority - L1K
About this certificate
This digital certificate with serial number c5:f8:55:61:46:d1:08:eb:00:00:00:00:50:f0:3b:41 was issued on by Entrust, Inc..
With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)
Citizenship and Immigration Canada
Organization:
Citizenship and Immigration Canada
State / Province:
Ontario
Locality: Ottawa
Country: CA
Locality: Ottawa
Country: CA
Entrust, Inc.
Organization:
Entrust, Inc.
Organization unit: See www.entrust.net/legal-terms
Organization unit: (c) 2012 Entrust, Inc. - for authorized use only
Organization unit: See www.entrust.net/legal-terms
Organization unit: (c) 2012 Entrust, Inc. - for authorized use only
Country:
US
This certificate has expire since
Certificate Details
Serial Number (hex): c5:f8:55:61:46:d1:08:eb:00:00:00:00:50:f0:3b:41Serial Number (int): 263147336502409796787262668643509484353
Serial Number lenght: 128 bits, 16 octets
SubjectKeyId: 3c:6e:26:5c:d4:41:d8:5b:13:96:49:ab:dc:8f:c4:2e:83:cf:79:6c
AuthorityKeyId: 82:a2:70:74:dd:bc:53:3f:cf:7b:d4:f7:cd:7f:a7:60:c6:0a:4c:bf
Fingerprint (sha1): 5e:0f:26:83:a2:8e:63:9f:09:e5:fa:3a:79:10:a9:16:56:b7:b8:a2
Fingerprint (sha256): 7a:8b:0f:1b:c0:85:d2:95:7e:80:14:b1:6d:6b:98:79:81:73:58:0f:2d:0a:ea:b5:e7:20:59:2b:d0:97:45:e5
Issuing Certificate URL: http://aia.entrust.net/l1k-chain256.cer
Revocation information
OCSP Server: http://ocsp.entrust.netCRL Distribution Point: http://crl.entrust.net/level1k.crl
Check the revocation status for certificate extern.cic.gc.ca
2
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for extern.cic.gc.ca
Public Key Algorithm
RSA
Key Size
2048
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Extensions
10 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
extern.cic.gc.ca
extern.ci.gc.ca
extern.ci.gc.ca
Other certificates including the domain name cic.gc.ca
(limited to 100 certificates)
Secure.cic.gc.ca
remote.cic.gc.ca
refugee-refugie-development.apps.cic.gc.ca
newgcs-nouveaussc.cic.gc.ca
cic.gc.ca
icare-iedec.cic.gc.ca
portal-portail.apps.cic.gc.ca
prson-srpel-emergency-fix.apps.cic.gc.ca
gcmsjobbank-SYSTESTMEL.cic.gc.ca
eservices.cic.gc.ca
extern.cic.gc.ca
*.cic.gc.ca
mobile.cic.gc.ca
services3.cic.gc.ca
ct-tc-pef.apps.cic.gc.ca
gcmsjobbank-PRD.cic.gc.ca
frs-stg.cic.gc.ca
gccic-psoft-gchrms-ig.cic.gc.ca
cicgatewaysigning-aus.cic.gc.ca
refugee-refugie-sandbox.apps.cic.gc.ca
frs-prd.cic.gc.ca
gccic-psoft-ig-gc89cert.cic.gc.ca
prt-srp.apps.cic.gc.ca
gcs-ssc.cic.gc.ca
onlineservices-servicesenligne.cic.gc.ca
extern.cic.gc.ca
citapply-citdemande.apps.cic.gc.ca
mobile.cic.gc.ca
pgp-development.apps.cic.gc.ca
ccps-stcc-trn.cic.gc.ca
sra-ads.cic.gc.ca
pgp-sandbox.apps.cic.gc.ca
onlineservices-servicesenligne.cic.gc.ca
eservices.cic.gc.ca
extern.cic.gc.ca
refugee-refugie.apps.cic.gc.ca
portal-portail.apps.cic.gc.ca
gcmscasestatus-PRD.cic.gc.ca
*.ra.apps.cic.gc.ca
extern.cic.gc.ca
api.a2sc-csa2-dev.apps.cic.gc.ca
tempo-pef.cic.gc.ca
gcmsjobbank-STG.cic.gc.ca
esubmission-soumissionenligne.cic.gc.ca
gcs-ssc-stg.cic.gc.ca
extern.cic.gc.ca
gcs-ssc.cic.gc.ca
gcs-ssc-stg.cic.gc.ca
CICPRCard.cic.gc.ca
extern.cic.gc.ca
pgp.cic.gc.ca
citapply-citdemande.apps.cic.gc.ca
services3.cic.gc.ca
gcs-ssc-sys.cic.gc.ca
frs-ste.cic.gc.ca
api.pgp-vt-ov-sandbox.apps.cic.gc.ca
tempo-trn.cic.gc.ca
MAIL.cic.gc.ca
icare-iedec-train.canada.ca
gcmsjobbank-PRD.cic.gc.ca
tempo-pte.cic.gc.ca
b.sra-ads.cic.gc.ca
specialmeasures-mesuresspeciales-emergency-fix.apps.cic.gc.ca
extern.cic.gc.ca
gcmsjobbank-PRD.cic.gc.ca
icare-iedec.cic.gc.ca
tempo-ste.cic.gc.ca
ra.apps.cic.gc.ca
a.sra-ads.cic.gc.ca
onlineservices-servicesenligne.cic.gc.ca
thingate.cic.gc.ca
*.cic.gc.ca
gcs-ssc.cic.gc.ca
cicgateway-dev.cic.gc.ca
gcs-ssc-stg.cic.gc.ca
icare-iedec.cic.gc.ca
NJES1S1106.CI.GC.CA
gcmsPIL005-SYSTESTMEL.cic.gc.ca
frs-ste.cic.gc.ca
cic.gc.ca
gcs-ssc.cic.gc.ca
icare-iedec.cic.gc.ca
dmp-portal.cic.gc.ca
gcs-ssc.cic.gc.ca
frs-dev.cic.gc.ca
prson-srpel-dev.apps.cic.gc.ca
thingate.cic.gc.ca
gcmsPIL005-PRD.cic.gc.ca
mobile.cic.gc.ca
ct-tc-stg.apps.cic.gc.ca
prson-srpel-emergency-fix.apps.cic.gc.ca
thingate.cic.gc.ca
extern.cic.gc.ca
secure.cic.gc.ca
gcmscasestatus-PRD.cic.gc.ca
tracker-suivi.apps.cic.gc.ca
onlineservices-dev.ci.gc.ca
icare-iedec.cic.gc.ca
pgp-sandbox.apps.cic.gc.ca
cic.gc.ca
remote.cic.gc.ca
refugee-refugie-development.apps.cic.gc.ca
newgcs-nouveaussc.cic.gc.ca
cic.gc.ca
icare-iedec.cic.gc.ca
portal-portail.apps.cic.gc.ca
prson-srpel-emergency-fix.apps.cic.gc.ca
gcmsjobbank-SYSTESTMEL.cic.gc.ca
eservices.cic.gc.ca
extern.cic.gc.ca
*.cic.gc.ca
mobile.cic.gc.ca
services3.cic.gc.ca
ct-tc-pef.apps.cic.gc.ca
gcmsjobbank-PRD.cic.gc.ca
frs-stg.cic.gc.ca
gccic-psoft-gchrms-ig.cic.gc.ca
cicgatewaysigning-aus.cic.gc.ca
refugee-refugie-sandbox.apps.cic.gc.ca
frs-prd.cic.gc.ca
gccic-psoft-ig-gc89cert.cic.gc.ca
prt-srp.apps.cic.gc.ca
gcs-ssc.cic.gc.ca
onlineservices-servicesenligne.cic.gc.ca
extern.cic.gc.ca
citapply-citdemande.apps.cic.gc.ca
mobile.cic.gc.ca
pgp-development.apps.cic.gc.ca
ccps-stcc-trn.cic.gc.ca
sra-ads.cic.gc.ca
pgp-sandbox.apps.cic.gc.ca
onlineservices-servicesenligne.cic.gc.ca
eservices.cic.gc.ca
extern.cic.gc.ca
refugee-refugie.apps.cic.gc.ca
portal-portail.apps.cic.gc.ca
gcmscasestatus-PRD.cic.gc.ca
*.ra.apps.cic.gc.ca
extern.cic.gc.ca
api.a2sc-csa2-dev.apps.cic.gc.ca
tempo-pef.cic.gc.ca
gcmsjobbank-STG.cic.gc.ca
esubmission-soumissionenligne.cic.gc.ca
gcs-ssc-stg.cic.gc.ca
extern.cic.gc.ca
gcs-ssc.cic.gc.ca
gcs-ssc-stg.cic.gc.ca
CICPRCard.cic.gc.ca
extern.cic.gc.ca
pgp.cic.gc.ca
citapply-citdemande.apps.cic.gc.ca
services3.cic.gc.ca
gcs-ssc-sys.cic.gc.ca
frs-ste.cic.gc.ca
api.pgp-vt-ov-sandbox.apps.cic.gc.ca
tempo-trn.cic.gc.ca
MAIL.cic.gc.ca
icare-iedec-train.canada.ca
gcmsjobbank-PRD.cic.gc.ca
tempo-pte.cic.gc.ca
b.sra-ads.cic.gc.ca
specialmeasures-mesuresspeciales-emergency-fix.apps.cic.gc.ca
extern.cic.gc.ca
gcmsjobbank-PRD.cic.gc.ca
icare-iedec.cic.gc.ca
tempo-ste.cic.gc.ca
ra.apps.cic.gc.ca
a.sra-ads.cic.gc.ca
onlineservices-servicesenligne.cic.gc.ca
thingate.cic.gc.ca
*.cic.gc.ca
gcs-ssc.cic.gc.ca
cicgateway-dev.cic.gc.ca
gcs-ssc-stg.cic.gc.ca
icare-iedec.cic.gc.ca
NJES1S1106.CI.GC.CA
gcmsPIL005-SYSTESTMEL.cic.gc.ca
frs-ste.cic.gc.ca
cic.gc.ca
gcs-ssc.cic.gc.ca
icare-iedec.cic.gc.ca
dmp-portal.cic.gc.ca
gcs-ssc.cic.gc.ca
frs-dev.cic.gc.ca
prson-srpel-dev.apps.cic.gc.ca
thingate.cic.gc.ca
gcmsPIL005-PRD.cic.gc.ca
mobile.cic.gc.ca
ct-tc-stg.apps.cic.gc.ca
prson-srpel-emergency-fix.apps.cic.gc.ca
thingate.cic.gc.ca
extern.cic.gc.ca
secure.cic.gc.ca
gcmscasestatus-PRD.cic.gc.ca
tracker-suivi.apps.cic.gc.ca
onlineservices-dev.ci.gc.ca
icare-iedec.cic.gc.ca
pgp-sandbox.apps.cic.gc.ca
cic.gc.ca
Certificate
The complete raw certificate details for extern.cic.gc.ca in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIGzjCCBbagAwIBAgIRAMX4VWFG0QjrAAAAAFDwO0EwDQYJKoZIhvcNAQELBQAw gboxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQL Ex9TZWUgd3d3LmVudHJ1c3QubmV0L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykg MjAxMiBFbnRydXN0LCBJbmMuIC0gZm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxLjAs BgNVBAMTJUVudHJ1c3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBMMUswHhcN MTkwNDEyMTYyMDM3WhcNMjAwNDI1MTY1MDM2WjB4MQswCQYDVQQGEwJDQTEQMA4G A1UECBMHT250YXJpbzEPMA0GA1UEBxMGT3R0YXdhMSswKQYDVQQKEyJDaXRpemVu c2hpcCBhbmQgSW1taWdyYXRpb24gQ2FuYWRhMRkwFwYDVQQDExBleHRlcm4uY2lj LmdjLmNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyetSchvhDnOB JQFzu2k782UzxyJaFqBWv6ei7jxz6btUxZpuXqPv6SUqaJJ0EZZzPXVlhrjzYHUW X5D0ciIrg/tbBsYxedfKYy18Ov7XR4mSMIhY4xGmrGgjAkokyDwlHHevPqxRQvBi dNMmaQbd03G+/pWsO/XXe8YCisMsV+vXOE1bc+G0eV2tUAUBKUyi0LqOXxqtM2ZM s8pZis2aYp/Vq+ciZh3pgLsmajQzu/2h1DgJgVJV1ylYsAitfmDO9g3jcqvyjAYM QzS2337IPu3lYasy3Kci7JeiEgzRIw4Le77Syqosu2LpcUqYtWvtUOxQh+UCGfgw a32KOqZS1QIDAQABo4IDDjCCAwowLAYDVR0RBCUwI4IQZXh0ZXJuLmNpYy5nYy5j YYIPZXh0ZXJuLmNpLmdjLmNhMIIBfAYKKwYBBAHWeQIEAgSCAWwEggFoAWYAdQBV gdTCFpA2AUrqC5tXPFPwwOQ4eHAlCBcvo6odBxPTDAAAAWoSdU0LAAAEAwBGMEQC IFNXbqskfMUpWaZSL5DQM54/3tLjkSX/7J8upUzKFizWAiBB0Ddjy3agJMRTwaCu njdQGe16o6PZUlOJvcq+qtHgbAB2AFYUBpov18Ls0/XhvUSyPsdGdrm8mRFcwO+U mFXWidDdAAABahJ1TSYAAAQDAEcwRQIgJ2Z7gZbVpaCOkyRd6WWsbHcLA6dqQK8e CW8ScnCWsiECIQCIOf0Bp+pRRBQQci0QZ6vVKmw3mn33JvCHHnfZTYVMZQB1AKS5 CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABahJ1TR0AAAQDAEYwRAIg NCpr8mqryI3P9QM3kKjhz9hX787Ceb5EMxe3VuZEy9ECIEAud8TM1jG5i44Q9Mzp w/HNfu3XcBe35axCqfxzsRm8MA4GA1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggr BgEFBQcDATAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8vY3JsLmVudHJ1c3QubmV0 L2xldmVsMWsuY3JsMEsGA1UdIAREMEIwNgYKYIZIAYb6bAoBBTAoMCYGCCsGAQUF BwIBFhpodHRwOi8vd3d3LmVudHJ1c3QubmV0L3JwYTAIBgZngQwBAgIwaAYIKwYB BQUHAQEEXDBaMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5lbnRydXN0Lm5ldDAz BggrBgEFBQcwAoYnaHR0cDovL2FpYS5lbnRydXN0Lm5ldC9sMWstY2hhaW4yNTYu Y2VyMB8GA1UdIwQYMBaAFIKicHTdvFM/z3vU981/p2DGCky/MB0GA1UdDgQWBBQ8 biZc1EHYWxOWSavcj8Qug895bDAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBCwUAA4IB AQC/eZOH9DeXae7/rRmKLu1nwyDiTq4yzJmjmie8ry+kB+v+KT/r2fg8yZDFHJAd 0dG0pm//bRw9qWl/BeY/EqmcLWm1AELaKN13Lo3Qq6GV6SUaNHBSv8GfTjirNqNx ST0TzRQ7qVXWwzCRNlj+tsAqjElW+qDRDLYMIw2dqscDR8ZO2zZQbn0OKIcGlq+h sazCk7I08sOFWVtTdZsLYdWubEMcRCvSs4kN+yC5C5u05WPaTEzrnwoh6k2NLY63 sF5dXt6t1/2c2YcgMbF47XWddcKsHYZ9aPp3rnkdVBNUP4cu2vl8jj4YPc61K4FQ 0yWNpt0C4iWXS8XPGwOhQlNw -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyetSchvhDnOBJQFzu2k7 82UzxyJaFqBWv6ei7jxz6btUxZpuXqPv6SUqaJJ0EZZzPXVlhrjzYHUWX5D0ciIr g/tbBsYxedfKYy18Ov7XR4mSMIhY4xGmrGgjAkokyDwlHHevPqxRQvBidNMmaQbd 03G+/pWsO/XXe8YCisMsV+vXOE1bc+G0eV2tUAUBKUyi0LqOXxqtM2ZMs8pZis2a Yp/Vq+ciZh3pgLsmajQzu/2h1DgJgVJV1ylYsAitfmDO9g3jcqvyjAYMQzS2337I Pu3lYasy3Kci7JeiEgzRIw4Le77Syqosu2LpcUqYtWvtUOxQh+UCGfgwa32KOqZS 1QIDAQAB -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 263147336502409796787262668643509484353 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Entrust, Inc.' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'See www.entrust.net/legal-terms' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '(c) 2012 Entrust, Inc. - for authorized use only' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Entrust Certification Authority - L1K' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-04-12 16:20:37 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2020-04-25 16:50:36 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CA' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Ontario' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Ottawa' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Citizenship and Immigration Canada' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'extern.cic.gc.ca' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 25489940927770105998947627389129265602320618354851233386068516838859252393304444391735718470091963885663453817288655392878980142947415361001488580044189079958873690073855168899613035366052686285350859904689736612761314688990658556347858060260942967079190042657138024780737622611539038322840269913442977584773687592544081661264245954477844446089054480600666133581434729020834040673731829994082733237505489298971076609767810000564474296023044449427159529943146532862912163650699679680529414470351432433657601816440021317767852559359444964098020678021069947038303336560449348133252271238591297936190484619436826273665749 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (37 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'extern.cic.gc.ca' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'extern.ci.gc.ca' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (364 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (360 bytes) 01660075005581d4c2169036014aea0b9b573c53f0c0e43878702508172fa3aa1d0713d30c0000016a12754d0b0000040300463044022053576eab247cc52959a6522f90d0339e3fded2e39125ffec9f2ea54cca162cd6022041d03763cb76a024c453c1a0ae9e375019ed7aa3a3d9525389bdcabeaad1e06c0076005614069a2fd7c2ecd3f5e1bd44b23ec74676b9bc99115cc0ef949855d689d0dd0000016a12754d260000040300473045022027667b8196d5a5a08e93245de965ac6c770b03a76a40af1e096f12727096b2210221008839fd01a7ea51441410722d1067abd52a6c379a7df726f0871e77d94d854c65007500a4b90990b418581487bb13a2cc67700a3c359804f91bdfb8e377cd0ec80ddc100000016a12754d1d00000403004630440220342a6bf26aabc88dcff5033790a8e1cfd857efcec279be443317b756e644cbd10220402e77c4ccd631b98b8e10f4cce9c3f1cd7eedd77017b7e5ac42a9fc73b119bc . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (44 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.entrust.net/level1k.crl' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (68 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.114028.10.1.5 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.entrust.net/rpa' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (92 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.entrust.net' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://aia.entrust.net/l1k-chain256.cer' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 82a27074ddbc533fcf7bd4f7cd7fa760c60a4cbf . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) 3c6e265cd441d85b139649abdc8fc42e83cf796c . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 00bf799387f4379769eeffad198a2eed67c320e24eae32cc99a39a27bcaf2fa407ebfe293febd9f83cc990c51c901dd1d1b4a66fff6d1c3da9697f05e63f12a99c2d69b50042da28dd772e8dd0aba195e9251a347052bfc19f4e38ab36a371493d13cd143ba955d6c330913658feb6c02a8c4956faa0d10cb60c230d9daac70347c64edb36506e7d0e28870696afa1b1acc293b234f2c385595b53759b0b61d5ae6c431c442bd2b3890dfb20b90b9bb4e563da4c4ceb9f0a21ea4d8d2d8eb7b05e5d5edeadd7fd9cd9872031b178ed759d75c2ac1d867d68fa77ae791d5413543f872edaf97c8e3e183dceb52b8150d3258da6dd02e225974bc5cf1b03a1425370