CRL & OCSP report for 0--0.uk - mail.htservices.co.uk

mail.htservices.co.uk

This certificate was cached at
Certificate details for mail.htservices.co.uk (At position 0 in certificate chain)
Serial number:
hex: 3dfa9cb59ee460c37af7ef5126677abfb58
int: 337445521010212386768891965666933198289752
Issued by: Let's Encrypt Authority X3
Public Key Algorithm: RSA
Not valid before:
Not valid after:
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

View complete certificate details for 0--0.uk.

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://ocsp.int-x3.letsencrypt.org/ (POST)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp.int-x3.letsencrypt.org/ (POST)
Size: 527 bytes (DER data)
Response time: 106.933507ms
Signature algorithm: SHA256WithRSA
Signature type: CA Signed
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 11h59m11s

Server and network information

Server Software: nginx
Content Delivery Network (CDN): Akamai
Cache Information: TCP_MISS from a23-219-92-22.deploy.akamaitechnologies.com (AkamaiGHost/8.2.4.2-19368535) (-)

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFMwUTBPME0wSzAJBgUrDgMCGgUABBR+5mrncpqz/PiiIGRsFqEtYHEIXQQUqEpq
YwR93brm0Tm3pkVl7/Oo7KECEgPfqctZ7kYMN69+9RJmd6v7WA==
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIICCwoBAKCCAgQwggIABgkrBgEFBQcwAQEEggHxMIIB7TCB1qFMMEoxCzAJBgNV
BAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQDExpMZXQncyBF
bmNyeXB0IEF1dGhvcml0eSBYMxgPMjAxNzAyMjUwMDA3MDBaMHUwczBLMAkGBSsO
AwIaBQAEFH7maudymrP8+KIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86js
oQISA9+py1nuRgw3r371EmZ3q/tYgAAYDzIwMTcwMjI1MDAwMDAwWqARGA8yMDE3
MDMwNDAwMDAwMFowDQYJKoZIhvcNAQELBQADggEBABNR5CngoTLSv/T1DrfWhQ/p
FBMs77XimIBHgEhlsVnUlHIyfWUoKC7LaZghb3LftH32nW21LQBOiB2pAMgBo3W5
X05vC/Q0rRALGN94vIltE9z6lZNGBZ1lgOpeHfCINYPuj8Rr7kDHkeFOjlzWHrs0
pIiH1S5/fIxKygeVcDMxJDV6OTbBSpftJoqG+GXc1OyQXAliwTCS4HiY/ahoHiDf
53gcPNA6p6gevijB43xfQ7AwQ3K+Qy66ALNamHQLCdVbDTUIqhJy+tNiEjFRjodO
xLzm375yPy86WWdWf0IM3i+RwwbRZrUdqaGTAFw2FoQSbGZTn2fQyPQkDn98AhU=
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)


Raw OCSP response headers

Cache-Control: [public, no-transform, must-revalidate, max-age=43151]
Content-Length: [527]
Content-Type: [application/ocsp-response]
Date: [Sun, 26 Feb 2017 19:34:21 GMT]
Etag: ["D87908CE54BCF407E005C72BE5D250E01F4C95B6B4CADFF23100497B9F0B1281"]
Expires: [Mon, 27 Feb 2017 07:33:32 GMT]
Last-Modified: [Sat, 25 Feb 2017 00:00:00 UTC]
Server: [nginx]
X-Cache: [TCP_MISS from a23-219-92-22.deploy.akamaitechnologies.com (AkamaiGHost/8.2.4.2-19368535) (-)]
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is not the same as the NextUpdate field (RFC 5019 section 6.2)
This OCSP response was cached at
http://ocsp.int-x3.letsencrypt.org/ (GET)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp.int-x3.letsencrypt.org/ (GET)
Size: 527 bytes (DER data)
Response time: 143.817305ms
Signature algorithm: SHA256WithRSA
Signature type: CA Signed
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 12h0m0s

Server and network information

Server Software: nginx
Content Delivery Network (CDN): Akamai
Cache Information: TCP_MISS from a23-219-92-22.deploy.akamaitechnologies.com (AkamaiGHost/8.2.4.2-19368535) (-)

URL used for GET request

http:/MFMwUTBPME0wSzAJBgUrDgMCGgUABBR%2B5mrncpqz%2FPiiIGRsFqEtYHEIXQQUqEpqYwR93brm0Tm3pkVl7%2FOo7KECEgPfqctZ7kYMN69%2B9RJmd6v7WA%3D%3D

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFMwUTBPME0wSzAJBgUrDgMCGgUABBR+5mrncpqz/PiiIGRsFqEtYHEIXQQUqEpq
YwR93brm0Tm3pkVl7/Oo7KECEgPfqctZ7kYMN69+9RJmd6v7WA==
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIICCwoBAKCCAgQwggIABgkrBgEFBQcwAQEEggHxMIIB7TCB1qFMMEoxCzAJBgNV
BAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQDExpMZXQncyBF
bmNyeXB0IEF1dGhvcml0eSBYMxgPMjAxNzAyMjUwMDA3MDBaMHUwczBLMAkGBSsO
AwIaBQAEFH7maudymrP8+KIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86js
oQISA9+py1nuRgw3r371EmZ3q/tYgAAYDzIwMTcwMjI1MDAwMDAwWqARGA8yMDE3
MDMwNDAwMDAwMFowDQYJKoZIhvcNAQELBQADggEBABNR5CngoTLSv/T1DrfWhQ/p
FBMs77XimIBHgEhlsVnUlHIyfWUoKC7LaZghb3LftH32nW21LQBOiB2pAMgBo3W5
X05vC/Q0rRALGN94vIltE9z6lZNGBZ1lgOpeHfCINYPuj8Rr7kDHkeFOjlzWHrs0
pIiH1S5/fIxKygeVcDMxJDV6OTbBSpftJoqG+GXc1OyQXAliwTCS4HiY/ahoHiDf
53gcPNA6p6gevijB43xfQ7AwQ3K+Qy66ALNamHQLCdVbDTUIqhJy+tNiEjFRjodO
xLzm375yPy86WWdWf0IM3i+RwwbRZrUdqaGTAFw2FoQSbGZTn2fQyPQkDn98AhU=
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)


Raw OCSP response headers

Cache-Control: [public, no-transform, must-revalidate, max-age=43200]
Content-Length: [527]
Content-Type: [application/ocsp-response]
Date: [Sun, 26 Feb 2017 19:34:21 GMT]
Etag: ["D87908CE54BCF407E005C72BE5D250E01F4C95B6B4CADFF23100497B9F0B1281"]
Expires: [Mon, 27 Feb 2017 07:34:21 GMT]
Last-Modified: [Sat, 25 Feb 2017 00:00:00 UTC]
Server: [nginx]
X-Cache: [TCP_MISS from a23-219-92-22.deploy.akamaitechnologies.com (AkamaiGHost/8.2.4.2-19368535) (-)]
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is not the same as the NextUpdate field (RFC 5019 section 6.2)

Let's Encrypt Authority X3 (CA Certificate)

This certificate was cached at
Certificate details for Let's Encrypt Authority X3 (At position 1 in certificate chain)
Serial number:
hex: a0141420000015385736a0b85eca708
int: 13298795840390663119752826058995181320
Issued by: DST Root CA X3
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: Let's Encrypt
Country: US
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

Certificate Revocation List (CRL)

This CRL was cached at
http://crl.identrust.com/DSTROOTCAX3CRL.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://crl.identrust.com/DSTROOTCAX3CRL.crl
Size: 748 bytes (DER data)
Response time: 278.908133ms
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 6

Relevant server response headers

Date:
Last Modified:

Server and network information

Server Software: Apache

Raw CRL response headers

Accept-Ranges: [bytes]
Cache-Control: [max-age=86400]
Content-Length: [748]
Content-Type: [application/pkix-crl]
Date: [Sat, 25 Feb 2017 22:36:54 GMT]
Last-Modified: [Wed, 15 Feb 2017 17:37:39 GMT]
Server: [Apache]
X-Frame-Options: [SAMEORIGIN]
X-Xss-Protection: [1; mode=block]
  • Content-Type in response is set to 'application/pkix-crl (RFC 5280, section 4.2.1.13)'
  • This CRL file is DER encoded
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is not the same as ThisUpdate (RFC 5019, section 6.2)
  • Expires cache header not set (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://isrg.trustid.ocsp.identrust.com (GET)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://isrg.trustid.ocsp.identrust.com (GET)
Size: 1399 bytes (DER data)
Response time: 177.235144ms
Signature algorithm: SHA1WithRSA
Signature type: CA Deligated
Signed by: DST CA X3 OCSP Signer
Issued by: DST Root CA X3
Signing certificate validity: 2016-05-11 - 2017-05-11
Signing certificate algorithm: SHA1-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 12h0m0s

URL used for GET request

http:/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRv9GhNQxLSSGKBnMArPUcsHYovpgQUxKexpHsscfrb4UuQdf%2FEFWCFiRACEAoBQUIAAAFThXNqC4Xspwg%3D

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFEwTzBNMEswSTAJBgUrDgMCGgUABBRv9GhNQxLSSGKBnMArPUcsHYovpgQUxKex
pHsscfrb4UuQdf/EFWCFiRACEAoBQUIAAAFThXNqC4Xspwg=
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIFcwoBAKCCBWwwggVoBgkrBgEFBQcwAQEEggVZMIIFVTCBnqIWBBTvyiDW1HpK
9SHzSZQYG3UokavmyRgPMjAxNzAyMjYxMDUzMjVaMHMwcTBJMAkGBSsOAwIaBQAE
FG/0aE1DEtJIYoGcwCs9Rywdii+mBBTEp7Gkeyxx+tvhS5B1/8QVYIWJEAIQCgFB
QgAAAVOFc2oLheynCIAAGA8yMDE3MDIyNjEwNTMyNVqgERgPMjAxNzAyMjcxMDUz
MjVaMA0GCSqGSIb3DQEBBQUAA4IBAQClhk5jhOvxUKSag/UXT5fjeoM3qBR6fxGk
D3ykHBeV0VW2D5NvFrjgqvuSAOcS9WSk6UAch2TNlqQ14pde3nas3iD4/VdOc2FN
ap3iCTKe526huT5vhM5NINd9+E4H6YPpXhap8yxVWt822mhmLRnrB/++6eBBx/4z
AmoiACx6Qp/UQQw+fphuZXZ/mZnWxWsTKDqoWnAJWtZLUVhkPJmjRhJtvRNtCK6l
hOae8vBCtl/MY7pa1oD+2v2qQwYp7FPU3WSDAvLhvACjB0R/YcrwjRrBCn+gzLqW
hfidEjyU8rIdmYwmnQ72Ff2UQxGXiNjYajOom/scllWH9xw54a9koIIDnDCCA5gw
ggOUMIICfKADAgECAhEAzBzcFHDUR1Q1ElC5fmQ6QDANBgkqhkiG9w0BAQUFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
DkRTVCBSb290IENBIFgzMB4XDTE2MDUxMTE2MzgwN1oXDTE3MDUxMTE2MzgwN1ow
gYMxCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdEaWdpdGFsIFNpZ25hdHVyZSBUcnVz
dDEMMAoGA1UECxMDRFNUMR4wHAYDVQQDExVEU1QgQ0EgWDMgT0NTUCBTaWduZXIx
JDAiBgkqhkiG9w0BCQEWFXBraS1vcHNASWRlblRydXN0LmNvbTCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBALJDI62QqhvhhX38PorQ+O3tcsOGHd5Qr4Il
YpViz7n3mW1ovtCpT68UoYNjmz/T5jFf8vIZT//a2NE56kvANknxI0+90jZcAOJg
y8NgfvM1z5sm2SF5kNrCoTve51n+RmNvYrx9mI3Kn256tLlWvc7qiMbbAEbkluR7
4zKFNKChzZRBSXSE5vsW7RIVjXOOAWxnUROkdunvklA3r9ztCilka5kdYJHCyImN
L3vfCV5O7BMMJS2Yyi8tEHq5fHcWOcWyVEZ3ryi2Lr5n4av8Fks9NvuheHLFQjnP
DGR7mIhMZti1ksnznFSOs7gGdLT17eKAo663uDFuZaw3tnTIENECAwEAAaNGMEQw
DAYDVR0TAQH/BAIwADATBgNVHSUEDDAKBggrBgEFBQcDCTAOBgNVHQ8BAf8EBAMC
B4AwDwYJKwYBBQUHMAEFBAIFADANBgkqhkiG9w0BAQUFAAOCAQEAOQiR1GXC8sYR
GNtJteWLH+2aof28iz18vpNvcBcjgch12jLY3fSR4n48op0GD1FHZYyhIDF3k60+
nmQ4fgY/wlHqsFpW7gCsZ/hAyM4MNj5M4Td7dJBbx+veyv02UBa65TMC02Npo2TQ
il+lxoVhuO70szOa8KcjgE3nReLWTjDivDo0VS1IfbNwX2S/CzyDGmbMgAYIna+V
tzpKx5G733QPAJX+pBmPe4yfsd2MHg4AAmp02Ek+IsL0hxtTFfEu240rvQcdQzYP
G9FFq0B5rHDT/efAoIKK+mHLujBFwOOYzuDnVPv6M2NSW4YU/Tjjj3uOZki/KTgE
bTvy0/imuA==
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIDlDCCAnygAwIBAgIRAMwc3BRw1EdUNRJQuX5kOkAwDQYJKoZIhvcNAQEFBQAw
PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD
Ew5EU1QgUm9vdCBDQSBYMzAeFw0xNjA1MTExNjM4MDdaFw0xNzA1MTExNjM4MDda
MIGDMQswCQYDVQQGEwJVUzEgMB4GA1UEChMXRGlnaXRhbCBTaWduYXR1cmUgVHJ1
c3QxDDAKBgNVBAsTA0RTVDEeMBwGA1UEAxMVRFNUIENBIFgzIE9DU1AgU2lnbmVy
MSQwIgYJKoZIhvcNAQkBFhVwa2ktb3BzQElkZW5UcnVzdC5jb20wggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyQyOtkKob4YV9/D6K0Pjt7XLDhh3eUK+C
JWKVYs+595ltaL7QqU+vFKGDY5s/0+YxX/LyGU//2tjROepLwDZJ8SNPvdI2XADi
YMvDYH7zNc+bJtkheZDawqE73udZ/kZjb2K8fZiNyp9uerS5Vr3O6ojG2wBG5Jbk
e+MyhTSgoc2UQUl0hOb7Fu0SFY1zjgFsZ1ETpHbp75JQN6/c7QopZGuZHWCRwsiJ
jS973wleTuwTDCUtmMovLRB6uXx3FjnFslRGd68oti6+Z+Gr/BZLPTb7oXhyxUI5
zwxke5iITGbYtZLJ85xUjrO4BnS09e3igKOut7gxbmWsN7Z0yBDRAgMBAAGjRjBE
MAwGA1UdEwEB/wQCMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDgYDVR0PAQH/BAQD
AgeAMA8GCSsGAQUFBzABBQQCBQAwDQYJKoZIhvcNAQEFBQADggEBADkIkdRlwvLG
ERjbSbXlix/tmqH9vIs9fL6Tb3AXI4HIddoy2N30keJ+PKKdBg9RR2WMoSAxd5Ot
Pp5kOH4GP8JR6rBaVu4ArGf4QMjODDY+TOE3e3SQW8fr3sr9NlAWuuUzAtNjaaNk
0IpfpcaFYbju9LMzmvCnI4BN50Xi1k4w4rw6NFUtSH2zcF9kvws8gxpmzIAGCJ2v
lbc6SseRu990DwCV/qQZj3uMn7HdjB4OAAJqdNhJPiLC9IcbUxXxLtuNK70HHUM2
DxvRRatAeaxw0/3nwKCCivphy7owRcDjmM7g51T7+jNjUluGFP044497jmZIvyk4
BG078tP4prg=
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [max-age=43200,public,no-transform,must-revalidate]
Content-Length: [1399]
Content-Transfer-Encoding: [Binary]
Content-Type: [application/ocsp-response]
Date: [Sun, 26 Feb 2017 20:37:47 GMT]
Etag: ["b60767c7a810af5c0ad03f000dbbfe6214d23cc5"]
Expires: [Mon, 27 Feb 2017 10:53:25 GMT]
Last-Modified: [Sun, 26 Feb 2017 10:53:25 GMT]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)
This OCSP response was cached at
http://isrg.trustid.ocsp.identrust.com (POST)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://isrg.trustid.ocsp.identrust.com (POST)
Size: 1399 bytes (DER data)
Response time: 180.993922ms
Signature algorithm: SHA1WithRSA
Signature type: CA Deligated
Signed by: DST CA X3 OCSP Signer
Issued by: DST Root CA X3
Signing certificate validity: 2016-05-11 - 2017-05-11
Signing certificate algorithm: SHA1-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 12h0m0s

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFEwTzBNMEswSTAJBgUrDgMCGgUABBRv9GhNQxLSSGKBnMArPUcsHYovpgQUxKex
pHsscfrb4UuQdf/EFWCFiRACEAoBQUIAAAFThXNqC4Xspwg=
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIFcwoBAKCCBWwwggVoBgkrBgEFBQcwAQEEggVZMIIFVTCBnqIWBBTvyiDW1HpK
9SHzSZQYG3UokavmyRgPMjAxNzAyMjYxMDU1NThaMHMwcTBJMAkGBSsOAwIaBQAE
FG/0aE1DEtJIYoGcwCs9Rywdii+mBBTEp7Gkeyxx+tvhS5B1/8QVYIWJEAIQCgFB
QgAAAVOFc2oLheynCIAAGA8yMDE3MDIyNjEwNTU1OFqgERgPMjAxNzAyMjcxMDU1
NThaMA0GCSqGSIb3DQEBBQUAA4IBAQBc/tWULLsYwHeLk3GQdsJirGGxd19yTSF1
zMCqZI70h7m7ks2dvavGwbpzRwbIrY0mDpbS96JklWeACaBFGvO5ynaXMc1FvwFF
tMPFccN02ZoEm0R9MoOoTEdr+MC9VLcewZi5jZBLCN+n4ktFd399GotIK2CD1AoF
vDpm070qgmDs8drkI3PlX97CUfWpq0F7+OFKAZ3OT5AGJ2alVJUk88FDF6w3ZK+V
DTviDUabSip3nK1z7CZBX5LEqH8U72vas9uILVFt7TZCVkhQmQ3tfA1jZelJwX+7
pHGDLSbJx4htby01etpKHC8QwxpJ3RIEkohByj82S8q9IO894eGwoIIDnDCCA5gw
ggOUMIICfKADAgECAhEAzBzcFHDUR1Q1ElC5fmQ6QDANBgkqhkiG9w0BAQUFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
DkRTVCBSb290IENBIFgzMB4XDTE2MDUxMTE2MzgwN1oXDTE3MDUxMTE2MzgwN1ow
gYMxCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdEaWdpdGFsIFNpZ25hdHVyZSBUcnVz
dDEMMAoGA1UECxMDRFNUMR4wHAYDVQQDExVEU1QgQ0EgWDMgT0NTUCBTaWduZXIx
JDAiBgkqhkiG9w0BCQEWFXBraS1vcHNASWRlblRydXN0LmNvbTCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBALJDI62QqhvhhX38PorQ+O3tcsOGHd5Qr4Il
YpViz7n3mW1ovtCpT68UoYNjmz/T5jFf8vIZT//a2NE56kvANknxI0+90jZcAOJg
y8NgfvM1z5sm2SF5kNrCoTve51n+RmNvYrx9mI3Kn256tLlWvc7qiMbbAEbkluR7
4zKFNKChzZRBSXSE5vsW7RIVjXOOAWxnUROkdunvklA3r9ztCilka5kdYJHCyImN
L3vfCV5O7BMMJS2Yyi8tEHq5fHcWOcWyVEZ3ryi2Lr5n4av8Fks9NvuheHLFQjnP
DGR7mIhMZti1ksnznFSOs7gGdLT17eKAo663uDFuZaw3tnTIENECAwEAAaNGMEQw
DAYDVR0TAQH/BAIwADATBgNVHSUEDDAKBggrBgEFBQcDCTAOBgNVHQ8BAf8EBAMC
B4AwDwYJKwYBBQUHMAEFBAIFADANBgkqhkiG9w0BAQUFAAOCAQEAOQiR1GXC8sYR
GNtJteWLH+2aof28iz18vpNvcBcjgch12jLY3fSR4n48op0GD1FHZYyhIDF3k60+
nmQ4fgY/wlHqsFpW7gCsZ/hAyM4MNj5M4Td7dJBbx+veyv02UBa65TMC02Npo2TQ
il+lxoVhuO70szOa8KcjgE3nReLWTjDivDo0VS1IfbNwX2S/CzyDGmbMgAYIna+V
tzpKx5G733QPAJX+pBmPe4yfsd2MHg4AAmp02Ek+IsL0hxtTFfEu240rvQcdQzYP
G9FFq0B5rHDT/efAoIKK+mHLujBFwOOYzuDnVPv6M2NSW4YU/Tjjj3uOZki/KTgE
bTvy0/imuA==
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIDlDCCAnygAwIBAgIRAMwc3BRw1EdUNRJQuX5kOkAwDQYJKoZIhvcNAQEFBQAw
PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD
Ew5EU1QgUm9vdCBDQSBYMzAeFw0xNjA1MTExNjM4MDdaFw0xNzA1MTExNjM4MDda
MIGDMQswCQYDVQQGEwJVUzEgMB4GA1UEChMXRGlnaXRhbCBTaWduYXR1cmUgVHJ1
c3QxDDAKBgNVBAsTA0RTVDEeMBwGA1UEAxMVRFNUIENBIFgzIE9DU1AgU2lnbmVy
MSQwIgYJKoZIhvcNAQkBFhVwa2ktb3BzQElkZW5UcnVzdC5jb20wggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyQyOtkKob4YV9/D6K0Pjt7XLDhh3eUK+C
JWKVYs+595ltaL7QqU+vFKGDY5s/0+YxX/LyGU//2tjROepLwDZJ8SNPvdI2XADi
YMvDYH7zNc+bJtkheZDawqE73udZ/kZjb2K8fZiNyp9uerS5Vr3O6ojG2wBG5Jbk
e+MyhTSgoc2UQUl0hOb7Fu0SFY1zjgFsZ1ETpHbp75JQN6/c7QopZGuZHWCRwsiJ
jS973wleTuwTDCUtmMovLRB6uXx3FjnFslRGd68oti6+Z+Gr/BZLPTb7oXhyxUI5
zwxke5iITGbYtZLJ85xUjrO4BnS09e3igKOut7gxbmWsN7Z0yBDRAgMBAAGjRjBE
MAwGA1UdEwEB/wQCMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDgYDVR0PAQH/BAQD
AgeAMA8GCSsGAQUFBzABBQQCBQAwDQYJKoZIhvcNAQEFBQADggEBADkIkdRlwvLG
ERjbSbXlix/tmqH9vIs9fL6Tb3AXI4HIddoy2N30keJ+PKKdBg9RR2WMoSAxd5Ot
Pp5kOH4GP8JR6rBaVu4ArGf4QMjODDY+TOE3e3SQW8fr3sr9NlAWuuUzAtNjaaNk
0IpfpcaFYbju9LMzmvCnI4BN50Xi1k4w4rw6NFUtSH2zcF9kvws8gxpmzIAGCJ2v
lbc6SseRu990DwCV/qQZj3uMn7HdjB4OAAJqdNhJPiLC9IcbUxXxLtuNK70HHUM2
DxvRRatAeaxw0/3nwKCCivphy7owRcDjmM7g51T7+jNjUluGFP044497jmZIvyk4
BG078tP4prg=
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [max-age=43200,public,no-transform,must-revalidate]
Content-Length: [1399]
Content-Transfer-Encoding: [Binary]
Content-Type: [application/ocsp-response]
Date: [Sun, 26 Feb 2017 20:40:24 GMT]
Etag: ["aada047f91c2a7a606e1dc68c7e210592b8da981"]
Expires: [Mon, 27 Feb 2017 10:55:58 GMT]
Last-Modified: [Sun, 26 Feb 2017 10:55:58 GMT]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

DST Root CA X3 (CA Certificate)

This certificate was cached at
Certificate details for DST Root CA X3 (At position 2 in certificate chain)
Serial number:
hex: 44afb080d6a327ba893039862ef8406b
int: 91299735575339953335919266965803778155
Issued by: DST Root CA X3
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: Digital Signature Trust Co.
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

This is a self signed certificate

Check the revocation status for another website

Created by Paul van Brouwershaven
Revoked certificates can't and should not be trusted, these certificate will cause errors like "NET::ERR_CERT_REVOKED" in browsers.