CRL & OCSP report for 0-access.vault.com.tiger.coloradocollege.edu - tiger.coloradocollege.edu (Colorado College Tutt Library)

tiger.coloradocollege.edu

Certificate details for tiger.coloradocollege.edu (At position 0 in certificate chain)
Serial number:
hex: 73482333eed11ce5fe8dbd15
int: 35677985029286351826001444117
Issued by: GlobalSign Organization Validation CA - SHA256 - G2
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: Colorado College Tutt Library
State / Province: Colorado
Locality: Colorado Springs
Country: US
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

Check certificate compliance for 0-access.vault.com.tiger.coloradocollege.edu.

Certificate Revocation List (CRL)

This CRL was cached at
http://crl.globalsign.com/gs/gsorganizationvalsha2g2.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://crl.globalsign.com/gs/gsorganizationvalsha2g2.crl
Size: 115408 bytes (DER data)
Response time: 17.430759ms
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 3500

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: cloudflare-nginx
Content Delivery Network (CDN): CloudFlare, CloudFront
Cache Information: HIT, Miss from cloudfront

Raw CRL response headers

Accept-Ranges: [bytes]
Cache-Control: [public, no-transform, must-revalidate]
Cf-Cache-Status: [HIT]
Cf-Ray: [35774529f1710efd-EWR]
Content-Length: [115408]
Content-Type: [application/pkix-crl]
Date: [Sun, 30 Apr 2017 03:03:50 GMT]
Etag: [E480]
Expires: [Sat, 06 May 2017 04:17:29 GMT]
Last-Modified: [Sat, 29 Apr 2017 04:17:29 GMT]
Server: [cloudflare-nginx]
Set-Cookie: [__cfduid=d82dd7d9dd743cad4f0a74b891692db6d1493521430; expires=Mon, 30-Apr-18 03:03:50 GMT; path=/; domain=.globalsign.com; HttpOnly]
Vary: [Accept-Encoding]
Via: [1.1 f8120b4e1c7749b93d62b7e5e7abcf45.cloudfront.net (CloudFront)]
X-Amz-Cf-Id: [NWsUEYKweLX9clQzKVT_5XpBlV6LnWXgBXnfB4MN_CDM2QpMy0Ickg==]
X-Cache: [Miss from cloudfront]
  • Content-Type in response is set to 'application/pkix-crl (RFC 5280, section 4.2.1.13)'
  • This CRL file is DER encoded
  • Issuer field is byte-for-byte equivalent with issuers subject
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than seven days old, CRLs must be updated and reissued at least every seven days (Mozilla Maintenance Policy section 3)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://ocsp2.globalsign.com/gsorganizationvalsha2g2 (GET)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp2.globalsign.com/gsorganizationvalsha2g2 (GET)
Size: 1570 bytes (DER data)
Response time: 3.565706499s
Signature algorithm: SHA256WithRSA
Signature type: CA Deligated
Signed by: GlobalSign Organization Validation CA - SHA256 - G2 - OCSP Responder
Issued by: GlobalSign Organization Validation CA - SHA256 - G2
Signing certificate validity: 2017-02-13 - 2017-05-16
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: cloudflare-nginx
Content Delivery Network (CDN): CloudFlare
Cache Information: EXPIRED

URL used for GET request

http:/gsorganizationvalsha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCDHNIIzPu0Rzl%2Fo29FQ%3D%3D

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h
8b0cFilTHMDMfTuDAEDmGnwCDHNIIzPu0Rzl/o29FQ==
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIGHgoBAKCCBhcwggYTBgkrBgEFBQcwAQEEggYEMIIGADCBmqIWBBScTQCZAA6L
sAGBdaG68NAl16AcRxgPMjAxNzA0MjcwMzExNTdaMG8wbTBFMAkGBSsOAwIaBQAE
FAyeTZw97e+E2JHpcsfPhAa8GXsHBBSW3mHxvRwWKVMcwMx9O4MAQOYafAIMc0gj
M+7RHOX+jb0VgAAYDzIwMTcwNDI3MDMxMTU3WqARGA8yMDE3MDUwMTAzMTE1N1ow
DQYJKoZIhvcNAQELBQADggEBAA/YzHQ+S6jvFclDAJqdQtmC0r3Czni+atlj5oFR
QKoN/RWp87g1ry6FGCaIZVdx+cxpcDzTk5K07jkScQOvuXcVP+rxwK97kNcxz+8y
eoC3/MtxXocnkU/BNoCBd9RpOEWGI62cDe5n0HVnI408gF5YQ7Cahwh9XmmEQvKi
lKbh42YQ38uuK1ice433lqOy3loazmSHpvSL8CPpefcSla34m1t9+5gaXy/LEhfo
TelK2ppC8RHJGLmYkVPVuFhVBy7e8myPOVaXEUbnE7WmQTE+puOINaeSLJ8qlofM
3DDPnBJ5lItZkxihJU9eOQRunzH2f/cs5VnyWq5P4mDbBJSgggRLMIIERzCCBEMw
ggMroAMCAQICDG/ROC7q20OpUD07RTANBgkqhkiG9w0BAQsFADBmMQswCQYDVQQG
EwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTE8MDoGA1UEAxMzR2xvYmFs
U2lnbiBPcmdhbml6YXRpb24gVmFsaWRhdGlvbiBDQSAtIFNIQTI1NiAtIEcyMB4X
DTE3MDIxMzA3MTEwM1oXDTE3MDUxNjA3MTEwM1owgY4xCzAJBgNVBAYTAkJFMRkw
FwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRUwEwYDVQQFEwwyMDE3MDIxMzE1MDUx
TTBLBgNVBAMTREdsb2JhbFNpZ24gT3JnYW5pemF0aW9uIFZhbGlkYXRpb24gQ0Eg
LSBTSEEyNTYgLSBHMiAtIE9DU1AgUmVzcG9uZGVyMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEA0kOXzzBq49lSztun694Fi9cwEyLIZagm3jYnimSW+vpf
qQoFF/U48JGqWfXOt8Evncl6f6MtaGmvaxjguf2aru1EtxS5pdX8/4PtdRcGPmgb
wbn8VDIukn4P8So7v9afdh1eoiFk7Kjq9wzK+jiDcNplpqJtZdUVlD6s7laW4aVs
Ewe7UBk2hlaBxUfl0ztYmwd/3Ln+BjEyVRYpRNFFKGxkUeoNhzY3zRBAqp0dHP3H
bPCUGUGePmzp87283fRtBdRlO9ixk4C3bvZ+kJBXYoE/ootnRdWMuJCYubNh4EtN
+UbOE4J9gXFvO1PlBBxgL9YSc5KY65Y2HPeNoUfrYQIDAQABo4HHMIHEMB0GA1Ud
DgQWBBScTQCZAA6LsAGBdaG68NAl16AcRzAfBgNVHSMEGDAWgBSW3mHxvRwWKVMc
wMx9O4MAQOYafDAPBgkrBgEFBQcwAQUEAgUAMEwGA1UdIARFMEMwQQYJKwYBBAGg
MgFfMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3Jl
cG9zaXRvcnkvMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDCTAN
BgkqhkiG9w0BAQsFAAOCAQEAfz3YGCB7BW/M3Y2KpS/7zfM7W7T+lCGf6V/p5jPm
vxbDuIoYaXvnHSLLAPhJMYqqBwEuxdwgd1yHiq0mHfMlugUMgDIJkNA0kw7MoNFm
Bf/LjVOXkCBaetmy0XH4EHtvtCDrZTFbCsn9WA0yxvlGNiTKAADkJ+6AyFsXc0Dm
rlnTl7gi+zJiEh/a8H618QjuCBrlvBXriEUO3lVf5cRZW9bDwR5i+kcnfaaXXi0O
+p0YhTq6bW+C3Bmb4qI9EPkc+RK1oIwpePTNawmliKdOU9N3r0deD8eIR/MVhsjw
zDgcMZW9en2LPNjFyAkGGPbtcXXBsfgg0vC89/8AQVE9lw==
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIEQzCCAyugAwIBAgIMb9E4LurbQ6lQPTtFMA0GCSqGSIb3DQEBCwUAMGYxCzAJ
BgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTwwOgYDVQQDEzNH
bG9iYWxTaWduIE9yZ2FuaXphdGlvbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0g
RzIwHhcNMTcwMjEzMDcxMTAzWhcNMTcwNTE2MDcxMTAzWjCBjjELMAkGA1UEBhMC
QkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExFTATBgNVBAUTDDIwMTcwMjEz
MTUwNTFNMEsGA1UEAxNER2xvYmFsU2lnbiBPcmdhbml6YXRpb24gVmFsaWRhdGlv
biBDQSAtIFNIQTI1NiAtIEcyIC0gT0NTUCBSZXNwb25kZXIwggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQDSQ5fPMGrj2VLO26fr3gWL1zATIshlqCbeNieK
ZJb6+l+pCgUX9TjwkapZ9c63wS+dyXp/oy1oaa9rGOC5/Zqu7US3FLml1fz/g+11
FwY+aBvBufxUMi6Sfg/xKju/1p92HV6iIWTsqOr3DMr6OINw2mWmom1l1RWUPqzu
VpbhpWwTB7tQGTaGVoHFR+XTO1ibB3/cuf4GMTJVFilE0UUobGRR6g2HNjfNEECq
nR0c/cds8JQZQZ4+bOnzvbzd9G0F1GU72LGTgLdu9n6QkFdigT+ii2dF1Yy4kJi5
s2HgS035Rs4Tgn2BcW87U+UEHGAv1hJzkpjrljYc942hR+thAgMBAAGjgccwgcQw
HQYDVR0OBBYEFJxNAJkADouwAYF1obrw0CXXoBxHMB8GA1UdIwQYMBaAFJbeYfG9
HBYpUxzAzH07gwBA5hp8MA8GCSsGAQUFBzABBQQCBQAwTAYDVR0gBEUwQzBBBgkr
BgEEAaAyAV8wNDAyBggrBgEFBQcCARYmaHR0cHM6Ly93d3cuZ2xvYmFsc2lnbi5j
b20vcmVwb3NpdG9yeS8wDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUF
BwMJMA0GCSqGSIb3DQEBCwUAA4IBAQB/PdgYIHsFb8zdjYqlL/vN8ztbtP6UIZ/p
X+nmM+a/FsO4ihhpe+cdIssA+EkxiqoHAS7F3CB3XIeKrSYd8yW6BQyAMgmQ0DST
Dsyg0WYF/8uNU5eQIFp62bLRcfgQe2+0IOtlMVsKyf1YDTLG+UY2JMoAAOQn7oDI
WxdzQOauWdOXuCL7MmISH9rwfrXxCO4IGuW8FeuIRQ7eVV/lxFlb1sPBHmL6Ryd9
ppdeLQ76nRiFOrptb4LcGZvioj0Q+Rz5ErWgjCl49M1rCaWIp05T03evR14Px4hH
8xWGyPDMOBwxlb16fYs82MXICQYY9u1xdcGx+CDS8Lz3/wBBUT2X
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [public, no-transform, must-revalidate]
Cf-Cache-Status: [EXPIRED]
Cf-Ray: [355e98d803da1870-EWR]
Content-Length: [1570]
Content-Type: [application/ocsp-response]
Date: [Thu, 27 Apr 2017 03:11:57 GMT]
Etag: ["876757799240c45098a0bd34082ced85069e058e"]
Expires: [Mon, 01 May 2017 03:11:57 GMT]
Last-Modified: [Thu, 27 Apr 2017 03:11:57 GMT]
Server: [cloudflare-nginx]
Set-Cookie: [__cfduid=dc4d9d26aaa84899d49bd80416bb5b6481493262713; expires=Fri, 27-Apr-18 03:11:53 GMT; path=/; domain=.globalsign.com; HttpOnly]
Vary: [Accept-Encoding]
  • OCSP requests is smaller than 255 bytes
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • OCSP response is valid for at least 8 hours (Microsoft)
  • OCSP response is available at least 8 hours before the current period expires or at ½ the validity if valid for more than 16 hours (Microsoft)
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)
This OCSP response was cached at
http://ocsp2.globalsign.com/gsorganizationvalsha2g2 (POST)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp2.globalsign.com/gsorganizationvalsha2g2 (POST)
Size: 1570 bytes (DER data)
Response time: 560.260429ms
Signature algorithm: SHA256WithRSA
Signature type: CA Deligated
Signed by: GlobalSign Organization Validation CA - SHA256 - G2 - OCSP Responder
Issued by: GlobalSign Organization Validation CA - SHA256 - G2
Signing certificate validity: 2017-02-13 - 2017-05-16
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: cloudflare-nginx
Content Delivery Network (CDN): CloudFlare
Cache Information: EXPIRED

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h
8b0cFilTHMDMfTuDAEDmGnwCDHNIIzPu0Rzl/o29FQ==
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIGHgoBAKCCBhcwggYTBgkrBgEFBQcwAQEEggYEMIIGADCBmqIWBBScTQCZAA6L
sAGBdaG68NAl16AcRxgPMjAxNzA0MjcyMzUzNTBaMG8wbTBFMAkGBSsOAwIaBQAE
FAyeTZw97e+E2JHpcsfPhAa8GXsHBBSW3mHxvRwWKVMcwMx9O4MAQOYafAIMc0gj
M+7RHOX+jb0VgAAYDzIwMTcwNDI3MjM1MzUwWqARGA8yMDE3MDUwMTIzNTM1MFow
DQYJKoZIhvcNAQELBQADggEBAD8TLRY9RBdpOuIG9OUmnEkanaTwwN0EBmSlKjbL
53V1pFsUKRFyYeVfw0Z033zv+LVcIIdIljL+PXR9nu1nHK6QsgdYmveG2dF1UwOq
mJt+yf+bKvmRWXZX4hFfiG/kYdyP/62Aonl+5BQqE4aS1QxhLoD4agEsnGzA51iX
6gelbPLodHlOvX/ZfZe58PHcPjWWbek/JceEniVioJ9Ks8RvDrhbbwbXMtNzcwiy
r7zUEMpnkOrnXHeUJnS3OXAZH3ucNC0NCOyBz6gRRUizHgGnpox4LPIPyOAczacD
rydZuic99KXw1/Xej/6X6BuGY3NLgyzh2sjvEeGsO7G3oWygggRLMIIERzCCBEMw
ggMroAMCAQICDG/ROC7q20OpUD07RTANBgkqhkiG9w0BAQsFADBmMQswCQYDVQQG
EwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTE8MDoGA1UEAxMzR2xvYmFs
U2lnbiBPcmdhbml6YXRpb24gVmFsaWRhdGlvbiBDQSAtIFNIQTI1NiAtIEcyMB4X
DTE3MDIxMzA3MTEwM1oXDTE3MDUxNjA3MTEwM1owgY4xCzAJBgNVBAYTAkJFMRkw
FwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRUwEwYDVQQFEwwyMDE3MDIxMzE1MDUx
TTBLBgNVBAMTREdsb2JhbFNpZ24gT3JnYW5pemF0aW9uIFZhbGlkYXRpb24gQ0Eg
LSBTSEEyNTYgLSBHMiAtIE9DU1AgUmVzcG9uZGVyMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEA0kOXzzBq49lSztun694Fi9cwEyLIZagm3jYnimSW+vpf
qQoFF/U48JGqWfXOt8Evncl6f6MtaGmvaxjguf2aru1EtxS5pdX8/4PtdRcGPmgb
wbn8VDIukn4P8So7v9afdh1eoiFk7Kjq9wzK+jiDcNplpqJtZdUVlD6s7laW4aVs
Ewe7UBk2hlaBxUfl0ztYmwd/3Ln+BjEyVRYpRNFFKGxkUeoNhzY3zRBAqp0dHP3H
bPCUGUGePmzp87283fRtBdRlO9ixk4C3bvZ+kJBXYoE/ootnRdWMuJCYubNh4EtN
+UbOE4J9gXFvO1PlBBxgL9YSc5KY65Y2HPeNoUfrYQIDAQABo4HHMIHEMB0GA1Ud
DgQWBBScTQCZAA6LsAGBdaG68NAl16AcRzAfBgNVHSMEGDAWgBSW3mHxvRwWKVMc
wMx9O4MAQOYafDAPBgkrBgEFBQcwAQUEAgUAMEwGA1UdIARFMEMwQQYJKwYBBAGg
MgFfMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3Jl
cG9zaXRvcnkvMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDCTAN
BgkqhkiG9w0BAQsFAAOCAQEAfz3YGCB7BW/M3Y2KpS/7zfM7W7T+lCGf6V/p5jPm
vxbDuIoYaXvnHSLLAPhJMYqqBwEuxdwgd1yHiq0mHfMlugUMgDIJkNA0kw7MoNFm
Bf/LjVOXkCBaetmy0XH4EHtvtCDrZTFbCsn9WA0yxvlGNiTKAADkJ+6AyFsXc0Dm
rlnTl7gi+zJiEh/a8H618QjuCBrlvBXriEUO3lVf5cRZW9bDwR5i+kcnfaaXXi0O
+p0YhTq6bW+C3Bmb4qI9EPkc+RK1oIwpePTNawmliKdOU9N3r0deD8eIR/MVhsjw
zDgcMZW9en2LPNjFyAkGGPbtcXXBsfgg0vC89/8AQVE9lw==
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIEQzCCAyugAwIBAgIMb9E4LurbQ6lQPTtFMA0GCSqGSIb3DQEBCwUAMGYxCzAJ
BgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTwwOgYDVQQDEzNH
bG9iYWxTaWduIE9yZ2FuaXphdGlvbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0g
RzIwHhcNMTcwMjEzMDcxMTAzWhcNMTcwNTE2MDcxMTAzWjCBjjELMAkGA1UEBhMC
QkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExFTATBgNVBAUTDDIwMTcwMjEz
MTUwNTFNMEsGA1UEAxNER2xvYmFsU2lnbiBPcmdhbml6YXRpb24gVmFsaWRhdGlv
biBDQSAtIFNIQTI1NiAtIEcyIC0gT0NTUCBSZXNwb25kZXIwggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQDSQ5fPMGrj2VLO26fr3gWL1zATIshlqCbeNieK
ZJb6+l+pCgUX9TjwkapZ9c63wS+dyXp/oy1oaa9rGOC5/Zqu7US3FLml1fz/g+11
FwY+aBvBufxUMi6Sfg/xKju/1p92HV6iIWTsqOr3DMr6OINw2mWmom1l1RWUPqzu
VpbhpWwTB7tQGTaGVoHFR+XTO1ibB3/cuf4GMTJVFilE0UUobGRR6g2HNjfNEECq
nR0c/cds8JQZQZ4+bOnzvbzd9G0F1GU72LGTgLdu9n6QkFdigT+ii2dF1Yy4kJi5
s2HgS035Rs4Tgn2BcW87U+UEHGAv1hJzkpjrljYc942hR+thAgMBAAGjgccwgcQw
HQYDVR0OBBYEFJxNAJkADouwAYF1obrw0CXXoBxHMB8GA1UdIwQYMBaAFJbeYfG9
HBYpUxzAzH07gwBA5hp8MA8GCSsGAQUFBzABBQQCBQAwTAYDVR0gBEUwQzBBBgkr
BgEEAaAyAV8wNDAyBggrBgEFBQcCARYmaHR0cHM6Ly93d3cuZ2xvYmFsc2lnbi5j
b20vcmVwb3NpdG9yeS8wDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUF
BwMJMA0GCSqGSIb3DQEBCwUAA4IBAQB/PdgYIHsFb8zdjYqlL/vN8ztbtP6UIZ/p
X+nmM+a/FsO4ihhpe+cdIssA+EkxiqoHAS7F3CB3XIeKrSYd8yW6BQyAMgmQ0DST
Dsyg0WYF/8uNU5eQIFp62bLRcfgQe2+0IOtlMVsKyf1YDTLG+UY2JMoAAOQn7oDI
WxdzQOauWdOXuCL7MmISH9rwfrXxCO4IGuW8FeuIRQ7eVV/lxFlb1sPBHmL6Ryd9
ppdeLQ76nRiFOrptb4LcGZvioj0Q+Rz5ErWgjCl49M1rCaWIp05T03evR14Px4hH
8xWGyPDMOBwxlb16fYs82MXICQYY9u1xdcGx+CDS8Lz3/wBBUT2X
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [public, no-transform, must-revalidate]
Cf-Cache-Status: [EXPIRED]
Cf-Ray: [3565e5d044e70ec1-EWR]
Content-Length: [1570]
Content-Type: [application/ocsp-response]
Date: [Fri, 28 Apr 2017 00:27:47 GMT]
Etag: ["98972845f60c2dc535430f6a3ed9a4e0b13ed653"]
Expires: [Mon, 01 May 2017 23:53:50 GMT]
Last-Modified: [Thu, 27 Apr 2017 23:53:50 GMT]
Server: [cloudflare-nginx]
Set-Cookie: [__cfduid=da8718018e07f78aa92fc891d9c91c2381493339266; expires=Sat, 28-Apr-18 00:27:46 GMT; path=/; domain=.globalsign.com; HttpOnly]
Vary: [Accept-Encoding]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • OCSP response is valid for at least 8 hours (Microsoft)
  • OCSP response is available at least 8 hours before the current period expires or at ½ the validity if valid for more than 16 hours (Microsoft)
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

GlobalSign Organization Validation CA - SHA256 - G2 (CA Certificate)

Certificate details for GlobalSign Organization Validation CA - SHA256 - G2 (At position 1 in certificate chain)
Serial number:
hex: 40000000001444ef04247
int: 4835703278459909592597063
Issued by: GlobalSign Root CA
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: GlobalSign nv-sa
Country: BE
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

Certificate Revocation List (CRL)

This CRL was cached at
http://crl.globalsign.net/root.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://crl.globalsign.net/root.crl
Size: 782 bytes (DER data)
Response time: 6.244349ms
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 7

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: cloudflare-nginx
Content Delivery Network (CDN): CloudFlare
Cache Information: HIT

Raw CRL response headers

Accept-Ranges: [bytes]
Cache-Control: [public, max-age=6555316]
Cf-Cache-Status: [HIT]
Cf-Ray: [3577467bb4770ed9-EWR]
Content-Length: [782]
Content-Type: [application/pkix-crl]
Date: [Sun, 30 Apr 2017 03:04:44 GMT]
Etag: [39]
Expires: [Sat, 15 Jul 2017 00:00:00 GMT]
Last-Modified: [Wed, 19 Apr 2017 00:00:00 GMT]
Server: [cloudflare-nginx]
Set-Cookie: [__cfduid=db254c68ce9f5364b2e10927939f545741493521484; expires=Mon, 30-Apr-18 03:04:44 GMT; path=/; domain=.globalsign.net; HttpOnly]
Vary: [Accept-Encoding]
  • Content-Type in response is set to 'application/pkix-crl (RFC 5280, section 4.2.1.13)'
  • This CRL file is DER encoded
  • Issuer field is byte-for-byte equivalent with issuers subject
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://ocsp.globalsign.com/rootr1 (GET)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp.globalsign.com/rootr1 (GET)
Size: 1518 bytes (DER data)
Response time: 6.545413ms
Signature algorithm: SHA256WithRSA
Signature type: CA Deligated
Signed by: GlobalSign OCSP for Root R1 - Signer 1.1
Issued by: GlobalSign Root CA
Signing certificate validity: 2017-04-07 - 2017-07-15
Signing certificate algorithm: SHA1-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: cloudflare-nginx
Content Delivery Network (CDN): CloudFlare
Cache Information: HIT

URL used for GET request

http:/rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCCwQAAAAAAURO8EJH

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6+MgGqMQQUYHtm
GkUNl8qJUC99BM00qP/8/UsCCwQAAAAAAURO8EJH
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIF6goBAKCCBeMwggXfBgkrBgEFBQcwAQEEggXQMIIFzDCBmaIWBBRr0IWpLGvT
FeIMvlCoqIzANZCQQRgPMjAxNzA0MzAwMDM0NDFaMG4wbDBEMAkGBSsOAwIaBQAE
FLdXtbacB/gWIxOOkMkqDr4yAaoxBBRge2YaRQ2XyolQL30EzTSo//z9SwILBAAA
AAABRE7wQkeAABgPMjAxNzA0MzAwMDM0NDFaoBEYDzIwMTcwNTA0MDAzNDQxWjAN
BgkqhkiG9w0BAQsFAAOCAQEAXJpm07DWF5ymep6JXLoNF8EK3KBUmJ8zYIz/XiXS
B4a+6Fz0dBNQXq92/HL3CtXoWSTnHeTb+Md5vEpD98QkD0T1vWQJov4IkB/C27Ir
ejnILKOBl862K6JcGFGUuJ5rFU/knfJWDAtOqZeGnTSFSFA8M0/RkcS2TcnnaQCy
cBgBPZbdealFjphB5h8SdU5ZAwLj/kLXVlg6xCvHRE4Rn+/blwKhAavvlORBEYkT
lkawlCCoEPEMUmn0WrF/edjccgYbiVA+jlok1UKpWWbsKpjE1wfqSoDW5A1dBtYm
rd3+44UEhAHDe/vZADXlHRLgmNplFT8aKbbOUANtdqEx7aCCBBgwggQUMIIEEDCC
AvigAwIBAgIOSPWzESmX3xEGSFD3EkEwDQYJKoZIhvcNAQEFBQAwVzELMAkGA1UE
BhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jvb3Qg
Q0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xNzA0MDcwMDAwMDBa
Fw0xNzA3MTUwMDAwMDBaMFsxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxT
aWduIG52LXNhMTEwLwYDVQQDEyhHbG9iYWxTaWduIE9DU1AgZm9yIFJvb3QgUjEg
LSBTaWduZXIgMS4xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuhvF
lmaool/STZVnvGSHel5cQ0D+Ru/AHHAD7pxWRN/ufb2Gq+KLdhWROdAI0eLvaQAV
Om3kxM9IPc0tZMEwI618halKDO1TG5zz/GQMp1r4wuaPqGEaqi6CD+UBFyaGlhLq
nsgB74qjtB5rl6bMy5/3An87DVuKN7IdC6kBuBTuGVk7tDcrS8bPF/LA+AzAz3g7
WTpMSlZAIXrEl5bgXzQHvHfYCpMsmcZBI4NmYgmtCNgphOwkxNQENcQPGhM/4eCj
0k3DtXtPXpp0iTPxVbBi/dQ2SKi73UqPttQNb5AQf2fHjCGClSKHk3sq0NisHrCW
gbcdT4ayMqDjSjh4SwIDAQABo4HVMIHSMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUE
DDAKBggrBgEFBQcDCTAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRr0IWpLGvTFeIM
vlCoqIzANZCQQTAfBgNVHSMEGDAWgBRge2YaRQ2XyolQL30EzTSo//z9SzAPBgkr
BgEFBQcwAQUEAgUAMEwGA1UdIARFMEMwQQYJKwYBBAGgMgFfMDQwMgYIKwYBBQUH
AgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMA0GCSqG
SIb3DQEBBQUAA4IBAQAxKJcSLXgYKslSd0pla6b8U8XXV3cP6kOd4LL40UG/B8gl
qJD+YBGv7oPJDAezG1pzmoqrcBQhKbWG8whhj5fKs56iMiz82Kaovb5s4CaRfcTJ
uzLHrHoLuGbAnLR/S+p2pFVcxNLE9TmQ9X5gwwvnrf/RxWjocetUcqnt7Nvoy/Fo
At16plXiUk1PAiz60EgUvyx4Jm9uirb+G7NQpmaP1FtyAYkBOr/XtbyYd3ZToUqj
9m1iy5o5NlDsBFNR6pYowu0/KJwNs+d5kjr2HtllfMrYP4yTv8fDNed1SyRxw7XH
xwCHbgWc12rPOOt3/hetmIelMQj8esDBp0ZsH3PF
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIEEDCCAvigAwIBAgIOSPWzESmX3xEGSFD3EkEwDQYJKoZIhvcNAQEFBQAwVzEL
MAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsT
B1Jvb3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xNzA0MDcw
MDAwMDBaFw0xNzA3MTUwMDAwMDBaMFsxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBH
bG9iYWxTaWduIG52LXNhMTEwLwYDVQQDEyhHbG9iYWxTaWduIE9DU1AgZm9yIFJv
b3QgUjEgLSBTaWduZXIgMS4xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAuhvFlmaool/STZVnvGSHel5cQ0D+Ru/AHHAD7pxWRN/ufb2Gq+KLdhWROdAI
0eLvaQAVOm3kxM9IPc0tZMEwI618halKDO1TG5zz/GQMp1r4wuaPqGEaqi6CD+UB
FyaGlhLqnsgB74qjtB5rl6bMy5/3An87DVuKN7IdC6kBuBTuGVk7tDcrS8bPF/LA
+AzAz3g7WTpMSlZAIXrEl5bgXzQHvHfYCpMsmcZBI4NmYgmtCNgphOwkxNQENcQP
GhM/4eCj0k3DtXtPXpp0iTPxVbBi/dQ2SKi73UqPttQNb5AQf2fHjCGClSKHk3sq
0NisHrCWgbcdT4ayMqDjSjh4SwIDAQABo4HVMIHSMA4GA1UdDwEB/wQEAwIHgDAT
BgNVHSUEDDAKBggrBgEFBQcDCTAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRr0IWp
LGvTFeIMvlCoqIzANZCQQTAfBgNVHSMEGDAWgBRge2YaRQ2XyolQL30EzTSo//z9
SzAPBgkrBgEFBQcwAQUEAgUAMEwGA1UdIARFMEMwQQYJKwYBBAGgMgFfMDQwMgYI
KwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkv
MA0GCSqGSIb3DQEBBQUAA4IBAQAxKJcSLXgYKslSd0pla6b8U8XXV3cP6kOd4LL4
0UG/B8glqJD+YBGv7oPJDAezG1pzmoqrcBQhKbWG8whhj5fKs56iMiz82Kaovb5s
4CaRfcTJuzLHrHoLuGbAnLR/S+p2pFVcxNLE9TmQ9X5gwwvnrf/RxWjocetUcqnt
7Nvoy/FoAt16plXiUk1PAiz60EgUvyx4Jm9uirb+G7NQpmaP1FtyAYkBOr/XtbyY
d3ZToUqj9m1iy5o5NlDsBFNR6pYowu0/KJwNs+d5kjr2HtllfMrYP4yTv8fDNed1
SyRxw7XHxwCHbgWc12rPOOt3/hetmIelMQj8esDBp0ZsH3PF
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [public, no-transform, must-revalidate]
Cf-Cache-Status: [HIT]
Cf-Ray: [3577452a03732186-EWR]
Content-Length: [1518]
Content-Type: [application/ocsp-response]
Date: [Sun, 30 Apr 2017 03:03:50 GMT]
Etag: ["6186d8dae73e0871acddae4392b2e66183a1f8a1"]
Expires: [Thu, 04 May 2017 00:34:41 GMT]
Last-Modified: [Sun, 30 Apr 2017 00:34:41 GMT]
Server: [cloudflare-nginx]
Set-Cookie: [__cfduid=dddff0686a1d48a4457de1d611b604bd71493521430; expires=Mon, 30-Apr-18 03:03:50 GMT; path=/; domain=.globalsign.com; HttpOnly]
Vary: [Accept-Encoding]
  • OCSP requests is smaller than 255 bytes
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)
This OCSP response was cached at
http://ocsp.globalsign.com/rootr1 (POST)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp.globalsign.com/rootr1 (POST)
Size: 1518 bytes (DER data)
Response time: 5.265463ms
Signature algorithm: SHA256WithRSA
Signature type: CA Deligated
Signed by: GlobalSign OCSP for Root R1 - Signer 1.1
Issued by: GlobalSign Root CA
Signing certificate validity: 2017-04-07 - 2017-07-15
Signing certificate algorithm: SHA1-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: cloudflare-nginx
Content Delivery Network (CDN): CloudFlare
Cache Information: HIT

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6+MgGqMQQUYHtm
GkUNl8qJUC99BM00qP/8/UsCCwQAAAAAAURO8EJH
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIF6goBAKCCBeMwggXfBgkrBgEFBQcwAQEEggXQMIIFzDCBmaIWBBRr0IWpLGvT
FeIMvlCoqIzANZCQQRgPMjAxNzA0MzAwMDM0NDFaMG4wbDBEMAkGBSsOAwIaBQAE
FLdXtbacB/gWIxOOkMkqDr4yAaoxBBRge2YaRQ2XyolQL30EzTSo//z9SwILBAAA
AAABRE7wQkeAABgPMjAxNzA0MzAwMDM0NDFaoBEYDzIwMTcwNTA0MDAzNDQxWjAN
BgkqhkiG9w0BAQsFAAOCAQEAXJpm07DWF5ymep6JXLoNF8EK3KBUmJ8zYIz/XiXS
B4a+6Fz0dBNQXq92/HL3CtXoWSTnHeTb+Md5vEpD98QkD0T1vWQJov4IkB/C27Ir
ejnILKOBl862K6JcGFGUuJ5rFU/knfJWDAtOqZeGnTSFSFA8M0/RkcS2TcnnaQCy
cBgBPZbdealFjphB5h8SdU5ZAwLj/kLXVlg6xCvHRE4Rn+/blwKhAavvlORBEYkT
lkawlCCoEPEMUmn0WrF/edjccgYbiVA+jlok1UKpWWbsKpjE1wfqSoDW5A1dBtYm
rd3+44UEhAHDe/vZADXlHRLgmNplFT8aKbbOUANtdqEx7aCCBBgwggQUMIIEEDCC
AvigAwIBAgIOSPWzESmX3xEGSFD3EkEwDQYJKoZIhvcNAQEFBQAwVzELMAkGA1UE
BhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jvb3Qg
Q0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xNzA0MDcwMDAwMDBa
Fw0xNzA3MTUwMDAwMDBaMFsxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxT
aWduIG52LXNhMTEwLwYDVQQDEyhHbG9iYWxTaWduIE9DU1AgZm9yIFJvb3QgUjEg
LSBTaWduZXIgMS4xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuhvF
lmaool/STZVnvGSHel5cQ0D+Ru/AHHAD7pxWRN/ufb2Gq+KLdhWROdAI0eLvaQAV
Om3kxM9IPc0tZMEwI618halKDO1TG5zz/GQMp1r4wuaPqGEaqi6CD+UBFyaGlhLq
nsgB74qjtB5rl6bMy5/3An87DVuKN7IdC6kBuBTuGVk7tDcrS8bPF/LA+AzAz3g7
WTpMSlZAIXrEl5bgXzQHvHfYCpMsmcZBI4NmYgmtCNgphOwkxNQENcQPGhM/4eCj
0k3DtXtPXpp0iTPxVbBi/dQ2SKi73UqPttQNb5AQf2fHjCGClSKHk3sq0NisHrCW
gbcdT4ayMqDjSjh4SwIDAQABo4HVMIHSMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUE
DDAKBggrBgEFBQcDCTAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRr0IWpLGvTFeIM
vlCoqIzANZCQQTAfBgNVHSMEGDAWgBRge2YaRQ2XyolQL30EzTSo//z9SzAPBgkr
BgEFBQcwAQUEAgUAMEwGA1UdIARFMEMwQQYJKwYBBAGgMgFfMDQwMgYIKwYBBQUH
AgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMA0GCSqG
SIb3DQEBBQUAA4IBAQAxKJcSLXgYKslSd0pla6b8U8XXV3cP6kOd4LL40UG/B8gl
qJD+YBGv7oPJDAezG1pzmoqrcBQhKbWG8whhj5fKs56iMiz82Kaovb5s4CaRfcTJ
uzLHrHoLuGbAnLR/S+p2pFVcxNLE9TmQ9X5gwwvnrf/RxWjocetUcqnt7Nvoy/Fo
At16plXiUk1PAiz60EgUvyx4Jm9uirb+G7NQpmaP1FtyAYkBOr/XtbyYd3ZToUqj
9m1iy5o5NlDsBFNR6pYowu0/KJwNs+d5kjr2HtllfMrYP4yTv8fDNed1SyRxw7XH
xwCHbgWc12rPOOt3/hetmIelMQj8esDBp0ZsH3PF
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIEEDCCAvigAwIBAgIOSPWzESmX3xEGSFD3EkEwDQYJKoZIhvcNAQEFBQAwVzEL
MAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsT
B1Jvb3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xNzA0MDcw
MDAwMDBaFw0xNzA3MTUwMDAwMDBaMFsxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBH
bG9iYWxTaWduIG52LXNhMTEwLwYDVQQDEyhHbG9iYWxTaWduIE9DU1AgZm9yIFJv
b3QgUjEgLSBTaWduZXIgMS4xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAuhvFlmaool/STZVnvGSHel5cQ0D+Ru/AHHAD7pxWRN/ufb2Gq+KLdhWROdAI
0eLvaQAVOm3kxM9IPc0tZMEwI618halKDO1TG5zz/GQMp1r4wuaPqGEaqi6CD+UB
FyaGlhLqnsgB74qjtB5rl6bMy5/3An87DVuKN7IdC6kBuBTuGVk7tDcrS8bPF/LA
+AzAz3g7WTpMSlZAIXrEl5bgXzQHvHfYCpMsmcZBI4NmYgmtCNgphOwkxNQENcQP
GhM/4eCj0k3DtXtPXpp0iTPxVbBi/dQ2SKi73UqPttQNb5AQf2fHjCGClSKHk3sq
0NisHrCWgbcdT4ayMqDjSjh4SwIDAQABo4HVMIHSMA4GA1UdDwEB/wQEAwIHgDAT
BgNVHSUEDDAKBggrBgEFBQcDCTAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRr0IWp
LGvTFeIMvlCoqIzANZCQQTAfBgNVHSMEGDAWgBRge2YaRQ2XyolQL30EzTSo//z9
SzAPBgkrBgEFBQcwAQUEAgUAMEwGA1UdIARFMEMwQQYJKwYBBAGgMgFfMDQwMgYI
KwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkv
MA0GCSqGSIb3DQEBBQUAA4IBAQAxKJcSLXgYKslSd0pla6b8U8XXV3cP6kOd4LL4
0UG/B8glqJD+YBGv7oPJDAezG1pzmoqrcBQhKbWG8whhj5fKs56iMiz82Kaovb5s
4CaRfcTJuzLHrHoLuGbAnLR/S+p2pFVcxNLE9TmQ9X5gwwvnrf/RxWjocetUcqnt
7Nvoy/FoAt16plXiUk1PAiz60EgUvyx4Jm9uirb+G7NQpmaP1FtyAYkBOr/XtbyY
d3ZToUqj9m1iy5o5NlDsBFNR6pYowu0/KJwNs+d5kjr2HtllfMrYP4yTv8fDNed1
SyRxw7XHxwCHbgWc12rPOOt3/hetmIelMQj8esDBp0ZsH3PF
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [public, no-transform, must-revalidate]
Cf-Cache-Status: [HIT]
Cf-Ray: [35774529f7710ee5-EWR]
Content-Length: [1518]
Content-Type: [application/ocsp-response]
Date: [Sun, 30 Apr 2017 03:03:50 GMT]
Etag: ["6186d8dae73e0871acddae4392b2e66183a1f8a1"]
Expires: [Thu, 04 May 2017 00:34:41 GMT]
Last-Modified: [Sun, 30 Apr 2017 00:34:41 GMT]
Server: [cloudflare-nginx]
Set-Cookie: [__cfduid=d88f5190b2467cf70fc95ad25725350a21493521430; expires=Mon, 30-Apr-18 03:03:50 GMT; path=/; domain=.globalsign.com; HttpOnly]
Vary: [Accept-Encoding]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

GlobalSign Root CA (CA Certificate)

Certificate details for GlobalSign Root CA (At position 2 in certificate chain)
Serial number:
hex: 40000000001154b5ac394
int: 4835703278459707669005204
Issued by: GlobalSign Root CA
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: GlobalSign nv-sa
Organization unit: Root CA
Country: BE
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

This is a self signed certificate

Check the revocation status for another website

Created by Paul van Brouwershaven
Revoked certificates can't and should not be trusted, these certificate will cause errors like "NET::ERR_CERT_REVOKED" in browsers.