CRL & OCSP report for 0-1.next.westlaw.com.oak.indwes.edu - *.oak.indwes.edu (Indiana Wesleyan University)

*.oak.indwes.edu

This certificate was cached at
Certificate details for *.oak.indwes.edu (At position 0 in certificate chain)
Serial number:
hex: 17c66762c676ddd0457346a732c107b1
int: 31602415595013796143456104061987784625
Issued by: Symantec Class 3 Secure Server CA - G4
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: Indiana Wesleyan University
Organization unit: Jackson Library
State / Province: Indiana
Locality: Marion
Country: US
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

View complete certificate details for 0-1.next.westlaw.com.oak.indwes.edu.

Certificate Revocation List (CRL)

This CRL was cached at
http://ss.symcb.com/ss.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://ss.symcb.com/ss.crl
Size: 1260727 bytes (DER data)
Response time: 53.253736ms
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 36010

Relevant server response headers

Date:
Last Modified:

Server and network information

Server Software: Apache
Content Delivery Network (CDN): Akamai
Cache Information: TCP_HIT from a23-219-93-63.deploy.akamaitechnologies.com (AkamaiGHost/8.2.4-19356466) (A)

Raw CRL response headers

Accept-Ranges: [bytes]
Content-Type: [application/pkix-crl]
Date: [Mon, 27 Mar 2017 08:23:12 GMT]
Etag: ["ea70961658fa969bf70924ef89091ad2:1490564003"]
Last-Modified: [Sun, 26 Mar 2017 21:01:26 GMT]
Server: [Apache]
Vary: [Accept-Encoding]
X-Cache: [TCP_HIT from a23-219-93-63.deploy.akamaitechnologies.com (AkamaiGHost/8.2.4-19356466) (A)]
  • Content-Type in response is set to 'application/pkix-crl (RFC 5280, section 4.2.1.13)'
  • This CRL file is DER encoded
  • Issuer field is byte-for-byte equivalent with issuers subject
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than seven days old, CRLs must be updated and reissued at least every seven days (Mozilla Maintenance Policy section 3)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is not the same as ThisUpdate (RFC 5019, section 6.2)
  • Expires cache header not set (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://ss.symcd.com (POST)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ss.symcd.com (POST)
Size: 1609 bytes (DER data)
Response time: 88.864252ms
Signature algorithm: SHA1WithRSA
Signature type: CA Deligated
Signed by: Symantec Class 3 Secure Server CA - G4 OCSP Responder
Issued by: Symantec Class 3 Secure Server CA - G4
Signing certificate validity: 2017-02-04 - 2017-05-05
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 142h4m34s

Server and network information

Server Software: nginx/1.10.2
Content Delivery Network (CDN): Akamai
Cache Information: TCP_MISS from a23-219-93-86.deploy.akamaitechnologies.com (AkamaiGHost/8.2.4-19356466) (-)

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFEwTzBNMEswSTAJBgUrDgMCGgUABBTRsWSLjJ8N0Wujis0rUBfV+c/AZAQUX2DP
YZBV34RDFIpgKrL1evRDGO8CEBfGZ2LGdt3QRXNGpzLBB7E=
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIGRQoBAKCCBj4wggY6BgkrBgEFBQcwAQEEggYrMIIGJzCBnqIWBBRFIAKoi4pl
n3X69ekKGnjS8DcLnhgPMjAxNzAzMjYwNjQxNDlaMHMwcTBJMAkGBSsOAwIaBQAE
FNGxZIuMnw3Ra6OKzStQF9X5z8BkBBRfYM9hkFXfhEMUimAqsvV69EMY7wIQF8Zn
YsZ23dBFc0anMsEHsYAAGA8yMDE3MDMyNjA2NDE0OVqgERgPMjAxNzA0MDIwNjQx
NDlaMA0GCSqGSIb3DQEBBQUAA4IBAQBgass7IcP9FD4rftwH8oANGniBNuAVpNTd
F+M+kNpnMhwmj9D3J8foLD/TdWO27wJ5Bwq85wx62baHjoj98PgOyv5sEsCoul+U
79/6vsirv5bkDHjOybkJAWeWpOt2ucZrz4ocZ412E2ouGk10AkSsKmMVasENbBQS
CHEIeYhIhmTtvC670Q3A5a9j1o29sCU3CbBsVcuBPmxGUEhzLC0b1sRAT8PIgjg/
P0YPjPne8/o2Pl9kYfSbkQQmmcwWCbImSiB6C3CRCCOUjvT5tRiN4cOFVm6ZvtJy
SCtvvM88E4m/0Djj3Q7r52OAQXs1YlTMyXp6cMy2TyMeJy8b92pSoIIEbjCCBGow
ggRmMIIDTqADAgECAhBEaJBjaUgF1sr2/bnRxAUhMA0GCSqGSIb3DQEBCwUAMH4x
CzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0G
A1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazEvMC0GA1UEAxMmU3ltYW50ZWMg
Q2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzQwHhcNMTcwMjA0MDAwMDAwWhcN
MTcwNTA1MjM1OTU5WjBAMT4wPAYDVQQDEzVTeW1hbnRlYyBDbGFzcyAzIFNlY3Vy
ZSBTZXJ2ZXIgQ0EgLSBHNCBPQ1NQIFJlc3BvbmRlcjCCASIwDQYJKoZIhvcNAQEB
BQADggEPADCCAQoCggEBAKorQp99vkC6qr9FMqUYxael0Lsma2caI4BjC9k3ZiMw
rp+dvSECA4wbWstHvoB86W8Zmld7Mq1ttWywY03MGfAl96ON0PiOVo1XeDZJuXTb
9bQLUSxVXuzgnwObGDuWVTxpZR3qrFjJe8I2AyvTNPjgAGVwl7uVg3Gd5k91Vvn7
w0bjxB5zGmYSAubCIfzzpr1LFn/mgU8Ju+6LT2qsP1lkNl5NbHeONr1r1usqgi/w
vPaimgi5Yv/cUTSSwwVIrnOXifiKGb/Rt4Io5QAadG9Xwt/ZOc2UhoGbgcKuh/LD
/AYHFyYV6RFExgwbe1R77b2XjRqilbA04jsvcGE8xOsCAwEAAaOCARwwggEYMA8G
CSsGAQUFBzABBQQCBQAwIgYDVR0RBBswGaQXMBUxEzARBgNVBAMTClRHVi1ELTM4
NTcwHwYDVR0jBBgwFoAUX2DPYZBV34RDFIpgKrL1evRDGO8wHQYDVR0OBBYEFEUg
AqiLimWfdfr16QoaeNLwNwueMAwGA1UdEwEB/wQCMAAwbgYDVR0gBGcwZTBjBgtg
hkgBhvhFAQcXAzBUMCYGCCsGAQUFBwIBFhpodHRwOi8vd3d3LnN5bWF1dGguY29t
L2NwczAqBggrBgEFBQcCAjAeGhwgIGh0dHA6Ly93d3cuc3ltYXV0aC5jb20vcnBh
MBMGA1UdJQQMMAoGCCsGAQUFBwMJMA4GA1UdDwEB/wQEAwIHgDANBgkqhkiG9w0B
AQsFAAOCAQEAeBzBYjVYR/3Xm/4EwfOmrVReMsKq9MWqVMnqwKTcEKvxEcfj9r7l
enG5+58Pp8ADypkNgtf+ZqzyjvgjfIuOqviXUJn291KE7qGEFV2M0OVsYR4o+zIx
e7MKrEOgCQGoFkv+ksOL51ITCUibYvsunKIzTBkUNTJ9NdM4wOX9pqrUGyXF08Hu
uv4VbD0CDCRYJF+euTAxGzMQjtgJozyRXywZtHQsOc3HxX4yUvsT7gfGhKOu6IB9
fT+ZJcsrgOB2Xna0B1ygMB51lLP4fpj9u6yqtOTWdNHAiSwQVGvpTmKkcfx3kpaS
nUTrUGtcI9PbBQMnkhdhJIzLryF6u4dEDg==
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIEZjCCA06gAwIBAgIQRGiQY2lIBdbK9v250cQFITANBgkqhkiG9w0BAQsFADB+
MQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAd
BgNVBAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxLzAtBgNVBAMTJlN5bWFudGVj
IENsYXNzIDMgU2VjdXJlIFNlcnZlciBDQSAtIEc0MB4XDTE3MDIwNDAwMDAwMFoX
DTE3MDUwNTIzNTk1OVowQDE+MDwGA1UEAxM1U3ltYW50ZWMgQ2xhc3MgMyBTZWN1
cmUgU2VydmVyIENBIC0gRzQgT0NTUCBSZXNwb25kZXIwggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQCqK0Kffb5Auqq/RTKlGMWnpdC7JmtnGiOAYwvZN2Yj
MK6fnb0hAgOMG1rLR76AfOlvGZpXezKtbbVssGNNzBnwJfejjdD4jlaNV3g2Sbl0
2/W0C1EsVV7s4J8Dmxg7llU8aWUd6qxYyXvCNgMr0zT44ABlcJe7lYNxneZPdVb5
+8NG48QecxpmEgLmwiH886a9SxZ/5oFPCbvui09qrD9ZZDZeTWx3jja9a9brKoIv
8Lz2opoIuWL/3FE0ksMFSK5zl4n4ihm/0beCKOUAGnRvV8Lf2TnNlIaBm4HCrofy
w/wGBxcmFekRRMYMG3tUe+29l40aopWwNOI7L3BhPMTrAgMBAAGjggEcMIIBGDAP
BgkrBgEFBQcwAQUEAgUAMCIGA1UdEQQbMBmkFzAVMRMwEQYDVQQDEwpUR1YtRC0z
ODU3MB8GA1UdIwQYMBaAFF9gz2GQVd+EQxSKYCqy9Xr0QxjvMB0GA1UdDgQWBBRF
IAKoi4pln3X69ekKGnjS8DcLnjAMBgNVHRMBAf8EAjAAMG4GA1UdIARnMGUwYwYL
YIZIAYb4RQEHFwMwVDAmBggrBgEFBQcCARYaaHR0cDovL3d3dy5zeW1hdXRoLmNv
bS9jcHMwKgYIKwYBBQUHAgIwHhocICBodHRwOi8vd3d3LnN5bWF1dGguY29tL3Jw
YTATBgNVHSUEDDAKBggrBgEFBQcDCTAOBgNVHQ8BAf8EBAMCB4AwDQYJKoZIhvcN
AQELBQADggEBAHgcwWI1WEf915v+BMHzpq1UXjLCqvTFqlTJ6sCk3BCr8RHH4/a+
5XpxufufD6fAA8qZDYLX/mas8o74I3yLjqr4l1CZ9vdShO6hhBVdjNDlbGEeKPsy
MXuzCqxDoAkBqBZL/pLDi+dSEwlIm2L7LpyiM0wZFDUyfTXTOMDl/aaq1BslxdPB
7rr+FWw9AgwkWCRfnrkwMRszEI7YCaM8kV8sGbR0LDnNx8V+MlL7E+4HxoSjruiA
fX0/mSXLK4Dgdl52tAdcoDAedZSz+H6Y/busqrTk1nTRwIksEFRr6U5ipHH8d5KW
kp1E61BrXCPT2wUDJ5IXYSSMy68heruHRA4=
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [max-age=511474, public, no-transform, must-revalidate]
Content-Length: [1609]
Content-Transfer-Encoding: [binary]
Content-Type: [application/ocsp-response]
Date: [Mon, 27 Mar 2017 08:37:15 GMT]
Expires: [Sun, 2 Apr 2017 06:41:49 GMT]
Last-Modified: [Sun, 26 Mar 2017 06:41:49 GMT]
Server: [nginx/1.10.2]
X-Cache: [TCP_MISS from a23-219-93-86.deploy.akamaitechnologies.com (AkamaiGHost/8.2.4-19356466) (-)]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)
This OCSP response was cached at
http://ss.symcd.com (GET)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ss.symcd.com (GET)
Size: 1609 bytes (DER data)
Response time: 119.710919ms
Signature algorithm: SHA1WithRSA
Signature type: CA Deligated
Signed by: Symantec Class 3 Secure Server CA - G4 OCSP Responder
Issued by: Symantec Class 3 Secure Server CA - G4
Signing certificate validity: 2017-02-04 - 2017-05-05
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 142h4m34s

Server and network information

Server Software: nginx/1.10.2
Content Delivery Network (CDN): Akamai
Cache Information: TCP_REFRESH_MISS from a23-219-93-86.deploy.akamaitechnologies.com (AkamaiGHost/8.2.4-19356466) (S)

URL used for GET request

http:/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTRsWSLjJ8N0Wujis0rUBfV%2Bc%2FAZAQUX2DPYZBV34RDFIpgKrL1evRDGO8CEBfGZ2LGdt3QRXNGpzLBB7E%3D

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFEwTzBNMEswSTAJBgUrDgMCGgUABBTRsWSLjJ8N0Wujis0rUBfV+c/AZAQUX2DP
YZBV34RDFIpgKrL1evRDGO8CEBfGZ2LGdt3QRXNGpzLBB7E=
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIGRQoBAKCCBj4wggY6BgkrBgEFBQcwAQEEggYrMIIGJzCBnqIWBBRFIAKoi4pl
n3X69ekKGnjS8DcLnhgPMjAxNzAzMjYwNjQxNDlaMHMwcTBJMAkGBSsOAwIaBQAE
FNGxZIuMnw3Ra6OKzStQF9X5z8BkBBRfYM9hkFXfhEMUimAqsvV69EMY7wIQF8Zn
YsZ23dBFc0anMsEHsYAAGA8yMDE3MDMyNjA2NDE0OVqgERgPMjAxNzA0MDIwNjQx
NDlaMA0GCSqGSIb3DQEBBQUAA4IBAQBgass7IcP9FD4rftwH8oANGniBNuAVpNTd
F+M+kNpnMhwmj9D3J8foLD/TdWO27wJ5Bwq85wx62baHjoj98PgOyv5sEsCoul+U
79/6vsirv5bkDHjOybkJAWeWpOt2ucZrz4ocZ412E2ouGk10AkSsKmMVasENbBQS
CHEIeYhIhmTtvC670Q3A5a9j1o29sCU3CbBsVcuBPmxGUEhzLC0b1sRAT8PIgjg/
P0YPjPne8/o2Pl9kYfSbkQQmmcwWCbImSiB6C3CRCCOUjvT5tRiN4cOFVm6ZvtJy
SCtvvM88E4m/0Djj3Q7r52OAQXs1YlTMyXp6cMy2TyMeJy8b92pSoIIEbjCCBGow
ggRmMIIDTqADAgECAhBEaJBjaUgF1sr2/bnRxAUhMA0GCSqGSIb3DQEBCwUAMH4x
CzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0G
A1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazEvMC0GA1UEAxMmU3ltYW50ZWMg
Q2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzQwHhcNMTcwMjA0MDAwMDAwWhcN
MTcwNTA1MjM1OTU5WjBAMT4wPAYDVQQDEzVTeW1hbnRlYyBDbGFzcyAzIFNlY3Vy
ZSBTZXJ2ZXIgQ0EgLSBHNCBPQ1NQIFJlc3BvbmRlcjCCASIwDQYJKoZIhvcNAQEB
BQADggEPADCCAQoCggEBAKorQp99vkC6qr9FMqUYxael0Lsma2caI4BjC9k3ZiMw
rp+dvSECA4wbWstHvoB86W8Zmld7Mq1ttWywY03MGfAl96ON0PiOVo1XeDZJuXTb
9bQLUSxVXuzgnwObGDuWVTxpZR3qrFjJe8I2AyvTNPjgAGVwl7uVg3Gd5k91Vvn7
w0bjxB5zGmYSAubCIfzzpr1LFn/mgU8Ju+6LT2qsP1lkNl5NbHeONr1r1usqgi/w
vPaimgi5Yv/cUTSSwwVIrnOXifiKGb/Rt4Io5QAadG9Xwt/ZOc2UhoGbgcKuh/LD
/AYHFyYV6RFExgwbe1R77b2XjRqilbA04jsvcGE8xOsCAwEAAaOCARwwggEYMA8G
CSsGAQUFBzABBQQCBQAwIgYDVR0RBBswGaQXMBUxEzARBgNVBAMTClRHVi1ELTM4
NTcwHwYDVR0jBBgwFoAUX2DPYZBV34RDFIpgKrL1evRDGO8wHQYDVR0OBBYEFEUg
AqiLimWfdfr16QoaeNLwNwueMAwGA1UdEwEB/wQCMAAwbgYDVR0gBGcwZTBjBgtg
hkgBhvhFAQcXAzBUMCYGCCsGAQUFBwIBFhpodHRwOi8vd3d3LnN5bWF1dGguY29t
L2NwczAqBggrBgEFBQcCAjAeGhwgIGh0dHA6Ly93d3cuc3ltYXV0aC5jb20vcnBh
MBMGA1UdJQQMMAoGCCsGAQUFBwMJMA4GA1UdDwEB/wQEAwIHgDANBgkqhkiG9w0B
AQsFAAOCAQEAeBzBYjVYR/3Xm/4EwfOmrVReMsKq9MWqVMnqwKTcEKvxEcfj9r7l
enG5+58Pp8ADypkNgtf+ZqzyjvgjfIuOqviXUJn291KE7qGEFV2M0OVsYR4o+zIx
e7MKrEOgCQGoFkv+ksOL51ITCUibYvsunKIzTBkUNTJ9NdM4wOX9pqrUGyXF08Hu
uv4VbD0CDCRYJF+euTAxGzMQjtgJozyRXywZtHQsOc3HxX4yUvsT7gfGhKOu6IB9
fT+ZJcsrgOB2Xna0B1ygMB51lLP4fpj9u6yqtOTWdNHAiSwQVGvpTmKkcfx3kpaS
nUTrUGtcI9PbBQMnkhdhJIzLryF6u4dEDg==
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIEZjCCA06gAwIBAgIQRGiQY2lIBdbK9v250cQFITANBgkqhkiG9w0BAQsFADB+
MQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAd
BgNVBAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxLzAtBgNVBAMTJlN5bWFudGVj
IENsYXNzIDMgU2VjdXJlIFNlcnZlciBDQSAtIEc0MB4XDTE3MDIwNDAwMDAwMFoX
DTE3MDUwNTIzNTk1OVowQDE+MDwGA1UEAxM1U3ltYW50ZWMgQ2xhc3MgMyBTZWN1
cmUgU2VydmVyIENBIC0gRzQgT0NTUCBSZXNwb25kZXIwggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQCqK0Kffb5Auqq/RTKlGMWnpdC7JmtnGiOAYwvZN2Yj
MK6fnb0hAgOMG1rLR76AfOlvGZpXezKtbbVssGNNzBnwJfejjdD4jlaNV3g2Sbl0
2/W0C1EsVV7s4J8Dmxg7llU8aWUd6qxYyXvCNgMr0zT44ABlcJe7lYNxneZPdVb5
+8NG48QecxpmEgLmwiH886a9SxZ/5oFPCbvui09qrD9ZZDZeTWx3jja9a9brKoIv
8Lz2opoIuWL/3FE0ksMFSK5zl4n4ihm/0beCKOUAGnRvV8Lf2TnNlIaBm4HCrofy
w/wGBxcmFekRRMYMG3tUe+29l40aopWwNOI7L3BhPMTrAgMBAAGjggEcMIIBGDAP
BgkrBgEFBQcwAQUEAgUAMCIGA1UdEQQbMBmkFzAVMRMwEQYDVQQDEwpUR1YtRC0z
ODU3MB8GA1UdIwQYMBaAFF9gz2GQVd+EQxSKYCqy9Xr0QxjvMB0GA1UdDgQWBBRF
IAKoi4pln3X69ekKGnjS8DcLnjAMBgNVHRMBAf8EAjAAMG4GA1UdIARnMGUwYwYL
YIZIAYb4RQEHFwMwVDAmBggrBgEFBQcCARYaaHR0cDovL3d3dy5zeW1hdXRoLmNv
bS9jcHMwKgYIKwYBBQUHAgIwHhocICBodHRwOi8vd3d3LnN5bWF1dGguY29tL3Jw
YTATBgNVHSUEDDAKBggrBgEFBQcDCTAOBgNVHQ8BAf8EBAMCB4AwDQYJKoZIhvcN
AQELBQADggEBAHgcwWI1WEf915v+BMHzpq1UXjLCqvTFqlTJ6sCk3BCr8RHH4/a+
5XpxufufD6fAA8qZDYLX/mas8o74I3yLjqr4l1CZ9vdShO6hhBVdjNDlbGEeKPsy
MXuzCqxDoAkBqBZL/pLDi+dSEwlIm2L7LpyiM0wZFDUyfTXTOMDl/aaq1BslxdPB
7rr+FWw9AgwkWCRfnrkwMRszEI7YCaM8kV8sGbR0LDnNx8V+MlL7E+4HxoSjruiA
fX0/mSXLK4Dgdl52tAdcoDAedZSz+H6Y/busqrTk1nTRwIksEFRr6U5ipHH8d5KW
kp1E61BrXCPT2wUDJ5IXYSSMy68heruHRA4=
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [max-age=511474, public, no-transform, must-revalidate]
Content-Length: [1609]
Content-Transfer-Encoding: [binary]
Content-Type: [application/ocsp-response]
Date: [Mon, 27 Mar 2017 08:37:15 GMT]
Expires: [Sun, 2 Apr 2017 06:41:49 GMT]
Last-Modified: [Sun, 26 Mar 2017 06:41:49 GMT]
Server: [nginx/1.10.2]
X-Cache: [TCP_REFRESH_MISS from a23-219-93-86.deploy.akamaitechnologies.com (AkamaiGHost/8.2.4-19356466) (S)]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

Symantec Class 3 Secure Server CA - G4 (CA Certificate)

This certificate was cached at
Certificate details for Symantec Class 3 Secure Server CA - G4 (At position 1 in certificate chain)
Serial number:
hex: 513fb9743870b73440418d30930699ff
int: 107998343814376832458216740669838760447
Issued by: VeriSign Class 3 Public Primary Certification Authority - G5
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: Symantec Corporation
Organization unit: Symantec Trust Network
Country: US
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

Certificate Revocation List (CRL)

This CRL was cached at
http://s1.symcb.com/pca3-g5.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://s1.symcb.com/pca3-g5.crl
Size: 571 bytes (DER data)
Response time: 7.219831ms
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 1

Relevant server response headers

Date:
Last Modified:

Server and network information

Server Software: Apache
Content Delivery Network (CDN): Akamai
Cache Information: TCP_MEM_HIT from a23-219-93-63.deploy.akamaitechnologies.com (AkamaiGHost/8.2.4-19356466) (-)

Raw CRL response headers

Accept-Ranges: [bytes]
Content-Type: [application/pkix-crl]
Date: [Mon, 27 Mar 2017 08:23:12 GMT]
Etag: ["28ee9435bc244efc0822c40aaea2a2d4:1490227391"]
Last-Modified: [Wed, 22 Mar 2017 23:37:59 GMT]
Server: [Apache]
Vary: [Accept-Encoding]
X-Cache: [TCP_MEM_HIT from a23-219-93-63.deploy.akamaitechnologies.com (AkamaiGHost/8.2.4-19356466) (-)]
  • Content-Type in response is set to 'application/pkix-crl (RFC 5280, section 4.2.1.13)'
  • This CRL file is DER encoded
  • Issuer field is byte-for-byte equivalent with issuers subject
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is not the same as ThisUpdate (RFC 5019, section 6.2)
  • Expires cache header not set (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://s2.symcb.com (GET)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://s2.symcb.com (GET)
Size: 1763 bytes (DER data)
Response time: 12.34766ms
Signature algorithm: SHA1WithRSA
Signature type: CA Deligated
Signed by: Symantec Class 3 PCA - G5 OCSP Responder Certificate 5
Issued by: VeriSign Class 3 Public Primary Certification Authority - G5
Signing certificate validity: 2016-11-22 - 2017-12-14
Signing certificate algorithm: SHA1-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 158h14m20s

Server and network information

Server Software: nginx/1.10.2
Content Delivery Network (CDN): Akamai
Cache Information: TCP_MEM_HIT from a23-219-93-85.deploy.akamaitechnologies.com (AkamaiGHost/8.2.4-19356466) (-)

URL used for GET request

http:/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD%2BOyl%2B0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEFE%2FuXQ4cLc0QEGNMJMGmf8%3D

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD+Oyl+0LhPg9JxyQm4gQUf9Nl
p8Ld7LvwMAnzQzn6Aq8zMTMCEFE/uXQ4cLc0QEGNMJMGmf8=
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIG3woBAKCCBtgwggbUBgkrBgEFBQcwAQEEggbFMIIGwTCBnqIWBBSQV0mkqBQX
kkwRYz2FfxNyvss3WhgPMjAxNzAzMjYyMjMzMTFaMHMwcTBJMAkGBSsOAwIaBQAE
FLnpsocChQP47KX7QuE+D0nHJCbiBBR/02Wnwt3su/AwCfNDOfoCrzMxMwIQUT+5
dDhwtzRAQY0wkwaZ/4AAGA8yMDE3MDMyNjIyMzMxMVqgERgPMjAxNzA0MDIyMjMz
MTFaMA0GCSqGSIb3DQEBBQUAA4IBAQBYE6sZ9tGd+AAAb2Yq0xGMrvQK5pBLOIkI
NCAwYWMh5Mfd7HGQn/4dDJhOqTJSojM2zpTqgJm8679858l/5Vc+UD29aNd00/BM
c4JiF8i8MG7MU/1c3gTMVpZTQIiSMTlFaR6jLPL1dRp/xIg6XgaTmtlOTPs5QLVd
YM/uFXug009p2gzljZTJk7gKtIk4H2jPuBoIaMFgXqgdNtvvFG2VpTymW68abXA7
YzCat75b/CWE6h2s3zgow24WWsVy04rhFib/uoJ0szwUuNTTwo5xIsSl63sGNiiC
E0Uy/Ah5MGXXtH8Q9IJLKrkfI1+bLJ2FGTxDCx7q+nTuL2spZJ1xoIIFCDCCBQQw
ggUAMIID6KADAgECAhBegKApA8bSjw2IPI2R/lTmMA0GCSqGSIb3DQEBBQUAMIHK
MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsT
FlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAyMDA2IFZlcmlT
aWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZl
cmlTaWduIENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRo
b3JpdHkgLSBHNTAeFw0xNjExMjIwMDAwMDBaFw0xNzEyMTQyMzU5NTlaMIGOMQsw
CQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAdBgNV
BAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxPzA9BgNVBAMTNlN5bWFudGVjIENs
YXNzIDMgUENBIC0gRzUgT0NTUCBSZXNwb25kZXIgQ2VydGlmaWNhdGUgNTCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKus48ejAx2d5OuOkBmO8gS4pszt
8W2iz3wKtJEX477WzDFyVVpOrWIQ1x0LhJWsdMUgZJP4Fu4InU+VFa5OWfdsUp0S
ayC8Ual6x2cENCgsuwaoUnCLNw2xBDBDAmqMKVoW5hb1/pq3lSt+4gYzv8iweNti
Gi0H2pqGwitTXjA8Nu2mGSH4KAPIMn0S0htUvmZYfZ0FhDbNjswoxumZMf696yPn
H0jCh3xguXl5FzxCrXqbcSQAhP0dgu11ES3U0Ev6IQ0LwsjfgnmJwTiz2y0tuvzW
zD/XLNNbvluii9g12GXvNL7JquIKRAqIdKQ7EZsX+SkKSvIR9gBcZlaa8kcCAwEA
AaOCARowggEWMAwGA1UdEwEB/wQCMAAwbAYDVR0gBGUwYzBhBgtghkgBhvhFAQcX
AzBSMCYGCCsGAQUFBwIBFhpodHRwOi8vd3d3LnN5bWF1dGguY29tL2NwczAoBggr
BgEFBQcCAjAcGhpodHRwOi8vd3d3LnN5bWF1dGguY29tL3JwYTATBgNVHSUEDDAK
BggrBgEFBQcDCTAOBgNVHQ8BAf8EBAMCB4AwDwYJKwYBBQUHMAEFBAIFADAiBgNV
HREEGzAZpBcwFTETMBEGA1UEAxMKVEdWLU9GRi01MDAdBgNVHQ4EFgQUkFdJpKgU
F5JMEWM9hX8Tcr7LN1owHwYDVR0jBBgwFoAUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMw
DQYJKoZIhvcNAQEFBQADggEBADx3TgsGZ9TU1FPRb8Ew9gv8YbDGqCoQxyspWLhU
tmnlJB20v08UjaCOOqm5R46EUt5q20++48jOhmO7M/SZKKPUoft5zE5LJjzgqlV4
QY8pAztecC5EEo0nfinPziS79FZacG/5is4Ogn25LwXaluQ11ZIe8NwTgySeLWKu
UV/cW2STVkrjczfg/i315quNHatQ49FUabhuCdEsmpDAX6MXWQgGr9TpX013D4Iv
TvC4Ybky6xFHj9eINHEkLzyrxrvmNhAgtn+m7fQ14H42X+NWDOBZ7a0UN2Bl46wP
KgTweDBW4KopH+VIYRwt8XjKjMiKkTMHxIU//xr1OCcvg+c=
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIQXoCgKQPG0o8NiDyNkf5U5jANBgkqhkiG9w0BAQUFADCB
yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp
U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW
ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0
aG9yaXR5IC0gRzUwHhcNMTYxMTIyMDAwMDAwWhcNMTcxMjE0MjM1OTU5WjCBjjEL
MAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYD
VQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMT8wPQYDVQQDEzZTeW1hbnRlYyBD
bGFzcyAzIFBDQSAtIEc1IE9DU1AgUmVzcG9uZGVyIENlcnRpZmljYXRlIDUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrrOPHowMdneTrjpAZjvIEuKbM
7fFtos98CrSRF+O+1swxclVaTq1iENcdC4SVrHTFIGST+BbuCJ1PlRWuTln3bFKd
EmsgvFGpesdnBDQoLLsGqFJwizcNsQQwQwJqjClaFuYW9f6at5UrfuIGM7/IsHjb
YhotB9qahsIrU14wPDbtphkh+CgDyDJ9EtIbVL5mWH2dBYQ2zY7MKMbpmTH+vesj
5x9Iwod8YLl5eRc8Qq16m3EkAIT9HYLtdREt1NBL+iENC8LI34J5icE4s9stLbr8
1sw/1yzTW75boovYNdhl7zS+yariCkQKiHSkOxGbF/kpCkryEfYAXGZWmvJHAgMB
AAGjggEaMIIBFjAMBgNVHRMBAf8EAjAAMGwGA1UdIARlMGMwYQYLYIZIAYb4RQEH
FwMwUjAmBggrBgEFBQcCARYaaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9jcHMwKAYI
KwYBBQUHAgIwHBoaaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9ycGEwEwYDVR0lBAww
CgYIKwYBBQUHAwkwDgYDVR0PAQH/BAQDAgeAMA8GCSsGAQUFBzABBQQCBQAwIgYD
VR0RBBswGaQXMBUxEzARBgNVBAMTClRHVi1PRkYtNTAwHQYDVR0OBBYEFJBXSaSo
FBeSTBFjPYV/E3K+yzdaMB8GA1UdIwQYMBaAFH/TZafC3ey78DAJ80M5+gKvMzEz
MA0GCSqGSIb3DQEBBQUAA4IBAQA8d04LBmfU1NRT0W/BMPYL/GGwxqgqEMcrKVi4
VLZp5SQdtL9PFI2gjjqpuUeOhFLeattPvuPIzoZjuzP0mSij1KH7ecxOSyY84KpV
eEGPKQM7XnAuRBKNJ34pz84ku/RWWnBv+YrODoJ9uS8F2pbkNdWSHvDcE4Mkni1i
rlFf3Ftkk1ZK43M34P4t9earjR2rUOPRVGm4bgnRLJqQwF+jF1kIBq/U6V9Ndw+C
L07wuGG5MusRR4/XiDRxJC88q8a75jYQILZ/pu30NeB+Nl/jVgzgWe2tFDdgZeOs
DyoE8HgwVuCqKR/lSGEcLfF4yozIipEzB8SFP/8a9TgnL4Pn
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [max-age=569660, public, no-transform, must-revalidate]
Content-Length: [1763]
Content-Transfer-Encoding: [binary]
Content-Type: [application/ocsp-response]
Date: [Mon, 27 Mar 2017 08:23:12 GMT]
Expires: [Sun, 2 Apr 2017 22:33:11 GMT]
Last-Modified: [Sun, 26 Mar 2017 22:33:11 GMT]
Server: [nginx/1.10.2]
X-Cache: [TCP_MEM_HIT from a23-219-93-85.deploy.akamaitechnologies.com (AkamaiGHost/8.2.4-19356466) (-)]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header outlives NextUpdate with 4m21s
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)
This OCSP response was cached at
http://s2.symcb.com (POST)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://s2.symcb.com (POST)
Size: 1763 bytes (DER data)
Response time: 11.880039ms
Signature algorithm: SHA1WithRSA
Signature type: CA Deligated
Signed by: Symantec Class 3 PCA - G5 OCSP Responder Certificate 5
Issued by: VeriSign Class 3 Public Primary Certification Authority - G5
Signing certificate validity: 2016-11-22 - 2017-12-14
Signing certificate algorithm: SHA1-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 158h10m31s

Server and network information

Server Software: nginx/1.10.2
Content Delivery Network (CDN): Akamai
Cache Information: TCP_MEM_HIT from a23-219-93-86.deploy.akamaitechnologies.com (AkamaiGHost/8.2.4-19356466) (-)

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD+Oyl+0LhPg9JxyQm4gQUf9Nl
p8Ld7LvwMAnzQzn6Aq8zMTMCEFE/uXQ4cLc0QEGNMJMGmf8=
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIG3woBAKCCBtgwggbUBgkrBgEFBQcwAQEEggbFMIIGwTCBnqIWBBSQV0mkqBQX
kkwRYz2FfxNyvss3WhgPMjAxNzAzMjYyMjMzMTFaMHMwcTBJMAkGBSsOAwIaBQAE
FLnpsocChQP47KX7QuE+D0nHJCbiBBR/02Wnwt3su/AwCfNDOfoCrzMxMwIQUT+5
dDhwtzRAQY0wkwaZ/4AAGA8yMDE3MDMyNjIyMzMxMVqgERgPMjAxNzA0MDIyMjMz
MTFaMA0GCSqGSIb3DQEBBQUAA4IBAQBYE6sZ9tGd+AAAb2Yq0xGMrvQK5pBLOIkI
NCAwYWMh5Mfd7HGQn/4dDJhOqTJSojM2zpTqgJm8679858l/5Vc+UD29aNd00/BM
c4JiF8i8MG7MU/1c3gTMVpZTQIiSMTlFaR6jLPL1dRp/xIg6XgaTmtlOTPs5QLVd
YM/uFXug009p2gzljZTJk7gKtIk4H2jPuBoIaMFgXqgdNtvvFG2VpTymW68abXA7
YzCat75b/CWE6h2s3zgow24WWsVy04rhFib/uoJ0szwUuNTTwo5xIsSl63sGNiiC
E0Uy/Ah5MGXXtH8Q9IJLKrkfI1+bLJ2FGTxDCx7q+nTuL2spZJ1xoIIFCDCCBQQw
ggUAMIID6KADAgECAhBegKApA8bSjw2IPI2R/lTmMA0GCSqGSIb3DQEBBQUAMIHK
MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsT
FlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAyMDA2IFZlcmlT
aWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZl
cmlTaWduIENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRo
b3JpdHkgLSBHNTAeFw0xNjExMjIwMDAwMDBaFw0xNzEyMTQyMzU5NTlaMIGOMQsw
CQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAdBgNV
BAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxPzA9BgNVBAMTNlN5bWFudGVjIENs
YXNzIDMgUENBIC0gRzUgT0NTUCBSZXNwb25kZXIgQ2VydGlmaWNhdGUgNTCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKus48ejAx2d5OuOkBmO8gS4pszt
8W2iz3wKtJEX477WzDFyVVpOrWIQ1x0LhJWsdMUgZJP4Fu4InU+VFa5OWfdsUp0S
ayC8Ual6x2cENCgsuwaoUnCLNw2xBDBDAmqMKVoW5hb1/pq3lSt+4gYzv8iweNti
Gi0H2pqGwitTXjA8Nu2mGSH4KAPIMn0S0htUvmZYfZ0FhDbNjswoxumZMf696yPn
H0jCh3xguXl5FzxCrXqbcSQAhP0dgu11ES3U0Ev6IQ0LwsjfgnmJwTiz2y0tuvzW
zD/XLNNbvluii9g12GXvNL7JquIKRAqIdKQ7EZsX+SkKSvIR9gBcZlaa8kcCAwEA
AaOCARowggEWMAwGA1UdEwEB/wQCMAAwbAYDVR0gBGUwYzBhBgtghkgBhvhFAQcX
AzBSMCYGCCsGAQUFBwIBFhpodHRwOi8vd3d3LnN5bWF1dGguY29tL2NwczAoBggr
BgEFBQcCAjAcGhpodHRwOi8vd3d3LnN5bWF1dGguY29tL3JwYTATBgNVHSUEDDAK
BggrBgEFBQcDCTAOBgNVHQ8BAf8EBAMCB4AwDwYJKwYBBQUHMAEFBAIFADAiBgNV
HREEGzAZpBcwFTETMBEGA1UEAxMKVEdWLU9GRi01MDAdBgNVHQ4EFgQUkFdJpKgU
F5JMEWM9hX8Tcr7LN1owHwYDVR0jBBgwFoAUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMw
DQYJKoZIhvcNAQEFBQADggEBADx3TgsGZ9TU1FPRb8Ew9gv8YbDGqCoQxyspWLhU
tmnlJB20v08UjaCOOqm5R46EUt5q20++48jOhmO7M/SZKKPUoft5zE5LJjzgqlV4
QY8pAztecC5EEo0nfinPziS79FZacG/5is4Ogn25LwXaluQ11ZIe8NwTgySeLWKu
UV/cW2STVkrjczfg/i315quNHatQ49FUabhuCdEsmpDAX6MXWQgGr9TpX013D4Iv
TvC4Ybky6xFHj9eINHEkLzyrxrvmNhAgtn+m7fQ14H42X+NWDOBZ7a0UN2Bl46wP
KgTweDBW4KopH+VIYRwt8XjKjMiKkTMHxIU//xr1OCcvg+c=
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIQXoCgKQPG0o8NiDyNkf5U5jANBgkqhkiG9w0BAQUFADCB
yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp
U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW
ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0
aG9yaXR5IC0gRzUwHhcNMTYxMTIyMDAwMDAwWhcNMTcxMjE0MjM1OTU5WjCBjjEL
MAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYD
VQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMT8wPQYDVQQDEzZTeW1hbnRlYyBD
bGFzcyAzIFBDQSAtIEc1IE9DU1AgUmVzcG9uZGVyIENlcnRpZmljYXRlIDUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrrOPHowMdneTrjpAZjvIEuKbM
7fFtos98CrSRF+O+1swxclVaTq1iENcdC4SVrHTFIGST+BbuCJ1PlRWuTln3bFKd
EmsgvFGpesdnBDQoLLsGqFJwizcNsQQwQwJqjClaFuYW9f6at5UrfuIGM7/IsHjb
YhotB9qahsIrU14wPDbtphkh+CgDyDJ9EtIbVL5mWH2dBYQ2zY7MKMbpmTH+vesj
5x9Iwod8YLl5eRc8Qq16m3EkAIT9HYLtdREt1NBL+iENC8LI34J5icE4s9stLbr8
1sw/1yzTW75boovYNdhl7zS+yariCkQKiHSkOxGbF/kpCkryEfYAXGZWmvJHAgMB
AAGjggEaMIIBFjAMBgNVHRMBAf8EAjAAMGwGA1UdIARlMGMwYQYLYIZIAYb4RQEH
FwMwUjAmBggrBgEFBQcCARYaaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9jcHMwKAYI
KwYBBQUHAgIwHBoaaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9ycGEwEwYDVR0lBAww
CgYIKwYBBQUHAwkwDgYDVR0PAQH/BAQDAgeAMA8GCSsGAQUFBzABBQQCBQAwIgYD
VR0RBBswGaQXMBUxEzARBgNVBAMTClRHVi1PRkYtNTAwHQYDVR0OBBYEFJBXSaSo
FBeSTBFjPYV/E3K+yzdaMB8GA1UdIwQYMBaAFH/TZafC3ey78DAJ80M5+gKvMzEz
MA0GCSqGSIb3DQEBBQUAA4IBAQA8d04LBmfU1NRT0W/BMPYL/GGwxqgqEMcrKVi4
VLZp5SQdtL9PFI2gjjqpuUeOhFLeattPvuPIzoZjuzP0mSij1KH7ecxOSyY84KpV
eEGPKQM7XnAuRBKNJ34pz84ku/RWWnBv+YrODoJ9uS8F2pbkNdWSHvDcE4Mkni1i
rlFf3Ftkk1ZK43M34P4t9earjR2rUOPRVGm4bgnRLJqQwF+jF1kIBq/U6V9Ndw+C
L07wuGG5MusRR4/XiDRxJC88q8a75jYQILZ/pu30NeB+Nl/jVgzgWe2tFDdgZeOs
DyoE8HgwVuCqKR/lSGEcLfF4yozIipEzB8SFP/8a9TgnL4Pn
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [max-age=569431, public, no-transform, must-revalidate]
Content-Length: [1763]
Content-Transfer-Encoding: [binary]
Content-Type: [application/ocsp-response]
Date: [Mon, 27 Mar 2017 08:23:12 GMT]
Expires: [Sun, 2 Apr 2017 22:33:11 GMT]
Last-Modified: [Sun, 26 Mar 2017 22:33:11 GMT]
Server: [nginx/1.10.2]
X-Cache: [TCP_MEM_HIT from a23-219-93-86.deploy.akamaitechnologies.com (AkamaiGHost/8.2.4-19356466) (-)]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header outlives NextUpdate with 32s
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

VeriSign Class 3 Public Primary Certification Authority - G5 (CA Certificate)

This certificate was cached at
Certificate details for VeriSign Class 3 Public Primary Certification Authority - G5 (At position 2 in certificate chain)
Serial number:
hex: 18dad19e267de8bb4a2158cdcc6b3b4a
int: 33037644167568058970164719475676101450
Issued by: VeriSign Class 3 Public Primary Certification Authority - G5
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: VeriSign, Inc.
Organization unit: VeriSign Trust Network
Organization unit: (c) 2006 VeriSign, Inc. - For authorized use only
Country: US
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

This is a self signed certificate

Check the revocation status for another website

Created by Paul van Brouwershaven
Revoked certificates can't and should not be trusted, these certificate will cause errors like "NET::ERR_CERT_REVOKED" in browsers.