CRL & OCSP report for 0-ajax.googleapis.com.mercury.concordia.ca - mercury.concordia.ca (Concordia University)

mercury.concordia.ca

This certificate was cached at
Certificate details for mercury.concordia.ca (At position 0 in certificate chain)
Serial number:
hex: 31603e4b611e8ff465db1c07
int: 15281116537154845365329665031
Issued by: GlobalSign Organization Validation CA - SHA256 - G2
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: Concordia University
Organization unit: IITS
State / Province: Quebec
Locality: Montreal
Country: CA
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

View complete certificate details for 0-ajax.googleapis.com.mercury.concordia.ca.

Certificate Revocation List (CRL)

This CRL was cached at
http://crl.globalsign.com/gs/gsorganizationvalsha2g2.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://crl.globalsign.com/gs/gsorganizationvalsha2g2.crl
Size: 109277 bytes (DER data)
Response time: 19.322857ms
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 3255

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: cloudflare-nginx
Content Delivery Network (CDN): CloudFlare, CloudFront
Cache Information: HIT, Miss from cloudfront

Raw CRL response headers

Accept-Ranges: [bytes]
Cache-Control: [public, no-transform, must-revalidate]
Cf-Cache-Status: [HIT]
Cf-Ray: [3342789846221876-EWR]
Content-Length: [109277]
Content-Type: [application/pkix-crl]
Date: [Mon, 20 Feb 2017 13:58:02 GMT]
Etag: [E43C]
Expires: [Sun, 26 Feb 2017 23:18:58 GMT]
Last-Modified: [Sun, 19 Feb 2017 23:18:58 GMT]
Server: [cloudflare-nginx]
Set-Cookie: [__cfduid=d27c1ceefdbeeb7f9dc9f3a0d70aa28eb1487599082; expires=Tue, 20-Feb-18 13:58:02 GMT; path=/; domain=.globalsign.com; HttpOnly]
Vary: [Accept-Encoding]
Via: [1.1 0cf1d7257c633ae75623c5e75bf3805e.cloudfront.net (CloudFront)]
X-Amz-Cf-Id: [sTMX2RRuMxtMJsBHPEZMoPvhODMosYHmpIrYHXR1XelGsY2mt7fLIA==]
X-Cache: [Miss from cloudfront]
  • Content-Type in response is set to 'application/pkix-crl (RFC 5280, section 4.2.1.13)'
  • This CRL file is DER encoded
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than seven days old, CRLs must be updated and reissued at least every seven days (Mozilla Maintenance Policy section 3)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://ocsp2.globalsign.com/gsorganizationvalsha2g2 (GET)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp2.globalsign.com/gsorganizationvalsha2g2 (GET)
Size: 1570 bytes (DER data)
Response time: 482.912492ms
Signature algorithm: SHA256WithRSA
Signature type: CA Deligated
Signed by: GlobalSign Organization Validation CA - SHA256 - G2 - OCSP Responder
Issued by: GlobalSign Organization Validation CA - SHA256 - G2
Signing certificate validity: 2017-02-13 - 2017-05-16
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: cloudflare-nginx
Content Delivery Network (CDN): CloudFlare
Cache Information: EXPIRED

URL used for GET request

http:/gsorganizationvalsha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCDDFgPkthHo%2F0ZdscBw%3D%3D

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h
8b0cFilTHMDMfTuDAEDmGnwCDDFgPkthHo/0ZdscBw==
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIGHgoBAKCCBhcwggYTBgkrBgEFBQcwAQEEggYEMIIGADCBmqIWBBScTQCZAA6L
sAGBdaG68NAl16AcRxgPMjAxNzAyMTgwOTE2MjJaMG8wbTBFMAkGBSsOAwIaBQAE
FAyeTZw97e+E2JHpcsfPhAa8GXsHBBSW3mHxvRwWKVMcwMx9O4MAQOYafAIMMWA+
S2Eej/Rl2xwHgAAYDzIwMTcwMjE4MDkxNjIyWqARGA8yMDE3MDIyMjA5MTYyMlow
DQYJKoZIhvcNAQELBQADggEBABSbr8TRRnuFXIJoAtb5LrwbuEYb0oipYFdvuIm3
X9Ga4SO/mKEgv440SpeFiOEJ77kVoPkwSHRY7OSxsDLKpAjwBx8ZQHJRCsjUuivQ
IV6QOf3DhVlrHDwTvyZ4BxRCytD1Brdx9YR8JukWZ8OjRDr28pSrljuQv1D2fADG
njG49Uo7/2yf7YqWg1lso8Bg01F2nDAKb9GEPpcBiHCzy3tDQ+Ad/eJGeg5iMf/S
4iDBi0ocFYZCjiLzVuKKn6ueP1eKuOu5XHLlOJP/tzz9fG/Pp+ApWpvw1vdzNiy0
J30njvuXTIJpcuq+sW38EttGSSNXFR9LuIo8o7VdGvYdV6+gggRLMIIERzCCBEMw
ggMroAMCAQICDG/ROC7q20OpUD07RTANBgkqhkiG9w0BAQsFADBmMQswCQYDVQQG
EwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTE8MDoGA1UEAxMzR2xvYmFs
U2lnbiBPcmdhbml6YXRpb24gVmFsaWRhdGlvbiBDQSAtIFNIQTI1NiAtIEcyMB4X
DTE3MDIxMzA3MTEwM1oXDTE3MDUxNjA3MTEwM1owgY4xCzAJBgNVBAYTAkJFMRkw
FwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRUwEwYDVQQFEwwyMDE3MDIxMzE1MDUx
TTBLBgNVBAMTREdsb2JhbFNpZ24gT3JnYW5pemF0aW9uIFZhbGlkYXRpb24gQ0Eg
LSBTSEEyNTYgLSBHMiAtIE9DU1AgUmVzcG9uZGVyMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEA0kOXzzBq49lSztun694Fi9cwEyLIZagm3jYnimSW+vpf
qQoFF/U48JGqWfXOt8Evncl6f6MtaGmvaxjguf2aru1EtxS5pdX8/4PtdRcGPmgb
wbn8VDIukn4P8So7v9afdh1eoiFk7Kjq9wzK+jiDcNplpqJtZdUVlD6s7laW4aVs
Ewe7UBk2hlaBxUfl0ztYmwd/3Ln+BjEyVRYpRNFFKGxkUeoNhzY3zRBAqp0dHP3H
bPCUGUGePmzp87283fRtBdRlO9ixk4C3bvZ+kJBXYoE/ootnRdWMuJCYubNh4EtN
+UbOE4J9gXFvO1PlBBxgL9YSc5KY65Y2HPeNoUfrYQIDAQABo4HHMIHEMB0GA1Ud
DgQWBBScTQCZAA6LsAGBdaG68NAl16AcRzAfBgNVHSMEGDAWgBSW3mHxvRwWKVMc
wMx9O4MAQOYafDAPBgkrBgEFBQcwAQUEAgUAMEwGA1UdIARFMEMwQQYJKwYBBAGg
MgFfMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3Jl
cG9zaXRvcnkvMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDCTAN
BgkqhkiG9w0BAQsFAAOCAQEAfz3YGCB7BW/M3Y2KpS/7zfM7W7T+lCGf6V/p5jPm
vxbDuIoYaXvnHSLLAPhJMYqqBwEuxdwgd1yHiq0mHfMlugUMgDIJkNA0kw7MoNFm
Bf/LjVOXkCBaetmy0XH4EHtvtCDrZTFbCsn9WA0yxvlGNiTKAADkJ+6AyFsXc0Dm
rlnTl7gi+zJiEh/a8H618QjuCBrlvBXriEUO3lVf5cRZW9bDwR5i+kcnfaaXXi0O
+p0YhTq6bW+C3Bmb4qI9EPkc+RK1oIwpePTNawmliKdOU9N3r0deD8eIR/MVhsjw
zDgcMZW9en2LPNjFyAkGGPbtcXXBsfgg0vC89/8AQVE9lw==
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIEQzCCAyugAwIBAgIMb9E4LurbQ6lQPTtFMA0GCSqGSIb3DQEBCwUAMGYxCzAJ
BgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTwwOgYDVQQDEzNH
bG9iYWxTaWduIE9yZ2FuaXphdGlvbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0g
RzIwHhcNMTcwMjEzMDcxMTAzWhcNMTcwNTE2MDcxMTAzWjCBjjELMAkGA1UEBhMC
QkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExFTATBgNVBAUTDDIwMTcwMjEz
MTUwNTFNMEsGA1UEAxNER2xvYmFsU2lnbiBPcmdhbml6YXRpb24gVmFsaWRhdGlv
biBDQSAtIFNIQTI1NiAtIEcyIC0gT0NTUCBSZXNwb25kZXIwggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQDSQ5fPMGrj2VLO26fr3gWL1zATIshlqCbeNieK
ZJb6+l+pCgUX9TjwkapZ9c63wS+dyXp/oy1oaa9rGOC5/Zqu7US3FLml1fz/g+11
FwY+aBvBufxUMi6Sfg/xKju/1p92HV6iIWTsqOr3DMr6OINw2mWmom1l1RWUPqzu
VpbhpWwTB7tQGTaGVoHFR+XTO1ibB3/cuf4GMTJVFilE0UUobGRR6g2HNjfNEECq
nR0c/cds8JQZQZ4+bOnzvbzd9G0F1GU72LGTgLdu9n6QkFdigT+ii2dF1Yy4kJi5
s2HgS035Rs4Tgn2BcW87U+UEHGAv1hJzkpjrljYc942hR+thAgMBAAGjgccwgcQw
HQYDVR0OBBYEFJxNAJkADouwAYF1obrw0CXXoBxHMB8GA1UdIwQYMBaAFJbeYfG9
HBYpUxzAzH07gwBA5hp8MA8GCSsGAQUFBzABBQQCBQAwTAYDVR0gBEUwQzBBBgkr
BgEEAaAyAV8wNDAyBggrBgEFBQcCARYmaHR0cHM6Ly93d3cuZ2xvYmFsc2lnbi5j
b20vcmVwb3NpdG9yeS8wDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUF
BwMJMA0GCSqGSIb3DQEBCwUAA4IBAQB/PdgYIHsFb8zdjYqlL/vN8ztbtP6UIZ/p
X+nmM+a/FsO4ihhpe+cdIssA+EkxiqoHAS7F3CB3XIeKrSYd8yW6BQyAMgmQ0DST
Dsyg0WYF/8uNU5eQIFp62bLRcfgQe2+0IOtlMVsKyf1YDTLG+UY2JMoAAOQn7oDI
WxdzQOauWdOXuCL7MmISH9rwfrXxCO4IGuW8FeuIRQ7eVV/lxFlb1sPBHmL6Ryd9
ppdeLQ76nRiFOrptb4LcGZvioj0Q+Rz5ErWgjCl49M1rCaWIp05T03evR14Px4hH
8xWGyPDMOBwxlb16fYs82MXICQYY9u1xdcGx+CDS8Lz3/wBBUT2X
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [public, no-transform, must-revalidate]
Cf-Cache-Status: [EXPIRED]
Cf-Ray: [33310f02d3b02204-EWR]
Content-Length: [1570]
Content-Type: [application/ocsp-response]
Date: [Sat, 18 Feb 2017 11:15:00 GMT]
Etag: ["4e7392664eda5d78a9cca0cecad5d8fc43c2d20c"]
Expires: [Wed, 22 Feb 2017 09:16:22 GMT]
Last-Modified: [Sat, 18 Feb 2017 09:16:22 GMT]
Server: [cloudflare-nginx]
Set-Cookie: [__cfduid=d574de546522dc13840721ea229e4b9941487416499; expires=Sun, 18-Feb-18 11:14:59 GMT; path=/; domain=.globalsign.com; HttpOnly]
Vary: [Accept-Encoding]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)
This OCSP response was cached at
http://ocsp2.globalsign.com/gsorganizationvalsha2g2 (POST)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp2.globalsign.com/gsorganizationvalsha2g2 (POST)
Size: 1570 bytes (DER data)
Response time: 5.974873ms
Signature algorithm: SHA256WithRSA
Signature type: CA Deligated
Signed by: GlobalSign Organization Validation CA - SHA256 - G2 - OCSP Responder
Issued by: GlobalSign Organization Validation CA - SHA256 - G2
Signing certificate validity: 2017-02-13 - 2017-05-16
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: cloudflare-nginx
Content Delivery Network (CDN): CloudFlare
Cache Information: UPDATING

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h
8b0cFilTHMDMfTuDAEDmGnwCDDFgPkthHo/0ZdscBw==
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIGHgoBAKCCBhcwggYTBgkrBgEFBQcwAQEEggYEMIIGADCBmqIWBBScTQCZAA6L
sAGBdaG68NAl16AcRxgPMjAxNzAyMTgwODI2MTZaMG8wbTBFMAkGBSsOAwIaBQAE
FAyeTZw97e+E2JHpcsfPhAa8GXsHBBSW3mHxvRwWKVMcwMx9O4MAQOYafAIMMWA+
S2Eej/Rl2xwHgAAYDzIwMTcwMjE4MDgyNjE2WqARGA8yMDE3MDIyMjA4MjYxNlow
DQYJKoZIhvcNAQELBQADggEBAB5rSe0AjwzqkTvWDiIkUtp9x+41DDJUg3J6prGQ
R2S9pDqde9WU3emEusbkjnupJsEGRBxbiQdyYsgFpQ6UYqwXFocD6MhpIJWH6qah
xXN5AzvrJqN5JTpDnv7umJ6OX+Cwp7GvZ9uiO7QLAGjeACIFmj294dG8cieeGT/m
Kc6k2YA4/ZoxSD7aRmGTxO2LOc8AEXbbxjUMGldf03vdVHOj3sO1l9hy7ZDJEadq
WnGJMpgStPc3eCzFjWZGpE+XFn18Q81ZsOsEcYWxsoDYG0GjsYpr4+rQko/3s2Xo
tGZUNv44LEPoL+Gi62ptsfaON9XZkd9I5fbzgelWQI6eCuygggRLMIIERzCCBEMw
ggMroAMCAQICDG/ROC7q20OpUD07RTANBgkqhkiG9w0BAQsFADBmMQswCQYDVQQG
EwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTE8MDoGA1UEAxMzR2xvYmFs
U2lnbiBPcmdhbml6YXRpb24gVmFsaWRhdGlvbiBDQSAtIFNIQTI1NiAtIEcyMB4X
DTE3MDIxMzA3MTEwM1oXDTE3MDUxNjA3MTEwM1owgY4xCzAJBgNVBAYTAkJFMRkw
FwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRUwEwYDVQQFEwwyMDE3MDIxMzE1MDUx
TTBLBgNVBAMTREdsb2JhbFNpZ24gT3JnYW5pemF0aW9uIFZhbGlkYXRpb24gQ0Eg
LSBTSEEyNTYgLSBHMiAtIE9DU1AgUmVzcG9uZGVyMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEA0kOXzzBq49lSztun694Fi9cwEyLIZagm3jYnimSW+vpf
qQoFF/U48JGqWfXOt8Evncl6f6MtaGmvaxjguf2aru1EtxS5pdX8/4PtdRcGPmgb
wbn8VDIukn4P8So7v9afdh1eoiFk7Kjq9wzK+jiDcNplpqJtZdUVlD6s7laW4aVs
Ewe7UBk2hlaBxUfl0ztYmwd/3Ln+BjEyVRYpRNFFKGxkUeoNhzY3zRBAqp0dHP3H
bPCUGUGePmzp87283fRtBdRlO9ixk4C3bvZ+kJBXYoE/ootnRdWMuJCYubNh4EtN
+UbOE4J9gXFvO1PlBBxgL9YSc5KY65Y2HPeNoUfrYQIDAQABo4HHMIHEMB0GA1Ud
DgQWBBScTQCZAA6LsAGBdaG68NAl16AcRzAfBgNVHSMEGDAWgBSW3mHxvRwWKVMc
wMx9O4MAQOYafDAPBgkrBgEFBQcwAQUEAgUAMEwGA1UdIARFMEMwQQYJKwYBBAGg
MgFfMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3Jl
cG9zaXRvcnkvMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDCTAN
BgkqhkiG9w0BAQsFAAOCAQEAfz3YGCB7BW/M3Y2KpS/7zfM7W7T+lCGf6V/p5jPm
vxbDuIoYaXvnHSLLAPhJMYqqBwEuxdwgd1yHiq0mHfMlugUMgDIJkNA0kw7MoNFm
Bf/LjVOXkCBaetmy0XH4EHtvtCDrZTFbCsn9WA0yxvlGNiTKAADkJ+6AyFsXc0Dm
rlnTl7gi+zJiEh/a8H618QjuCBrlvBXriEUO3lVf5cRZW9bDwR5i+kcnfaaXXi0O
+p0YhTq6bW+C3Bmb4qI9EPkc+RK1oIwpePTNawmliKdOU9N3r0deD8eIR/MVhsjw
zDgcMZW9en2LPNjFyAkGGPbtcXXBsfgg0vC89/8AQVE9lw==
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIEQzCCAyugAwIBAgIMb9E4LurbQ6lQPTtFMA0GCSqGSIb3DQEBCwUAMGYxCzAJ
BgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTwwOgYDVQQDEzNH
bG9iYWxTaWduIE9yZ2FuaXphdGlvbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0g
RzIwHhcNMTcwMjEzMDcxMTAzWhcNMTcwNTE2MDcxMTAzWjCBjjELMAkGA1UEBhMC
QkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExFTATBgNVBAUTDDIwMTcwMjEz
MTUwNTFNMEsGA1UEAxNER2xvYmFsU2lnbiBPcmdhbml6YXRpb24gVmFsaWRhdGlv
biBDQSAtIFNIQTI1NiAtIEcyIC0gT0NTUCBSZXNwb25kZXIwggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQDSQ5fPMGrj2VLO26fr3gWL1zATIshlqCbeNieK
ZJb6+l+pCgUX9TjwkapZ9c63wS+dyXp/oy1oaa9rGOC5/Zqu7US3FLml1fz/g+11
FwY+aBvBufxUMi6Sfg/xKju/1p92HV6iIWTsqOr3DMr6OINw2mWmom1l1RWUPqzu
VpbhpWwTB7tQGTaGVoHFR+XTO1ibB3/cuf4GMTJVFilE0UUobGRR6g2HNjfNEECq
nR0c/cds8JQZQZ4+bOnzvbzd9G0F1GU72LGTgLdu9n6QkFdigT+ii2dF1Yy4kJi5
s2HgS035Rs4Tgn2BcW87U+UEHGAv1hJzkpjrljYc942hR+thAgMBAAGjgccwgcQw
HQYDVR0OBBYEFJxNAJkADouwAYF1obrw0CXXoBxHMB8GA1UdIwQYMBaAFJbeYfG9
HBYpUxzAzH07gwBA5hp8MA8GCSsGAQUFBzABBQQCBQAwTAYDVR0gBEUwQzBBBgkr
BgEEAaAyAV8wNDAyBggrBgEFBQcCARYmaHR0cHM6Ly93d3cuZ2xvYmFsc2lnbi5j
b20vcmVwb3NpdG9yeS8wDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUF
BwMJMA0GCSqGSIb3DQEBCwUAA4IBAQB/PdgYIHsFb8zdjYqlL/vN8ztbtP6UIZ/p
X+nmM+a/FsO4ihhpe+cdIssA+EkxiqoHAS7F3CB3XIeKrSYd8yW6BQyAMgmQ0DST
Dsyg0WYF/8uNU5eQIFp62bLRcfgQe2+0IOtlMVsKyf1YDTLG+UY2JMoAAOQn7oDI
WxdzQOauWdOXuCL7MmISH9rwfrXxCO4IGuW8FeuIRQ7eVV/lxFlb1sPBHmL6Ryd9
ppdeLQ76nRiFOrptb4LcGZvioj0Q+Rz5ErWgjCl49M1rCaWIp05T03evR14Px4hH
8xWGyPDMOBwxlb16fYs82MXICQYY9u1xdcGx+CDS8Lz3/wBBUT2X
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [public, no-transform, must-revalidate]
Cf-Cache-Status: [UPDATING]
Cf-Ray: [33310f02d53d21bc-EWR]
Content-Length: [1570]
Content-Type: [application/ocsp-response]
Date: [Sat, 18 Feb 2017 11:14:59 GMT]
Etag: ["9844a376fa732480aece0b6353ecea7e0fbc2ff2"]
Expires: [Wed, 22 Feb 2017 08:26:16 GMT]
Last-Modified: [Sat, 18 Feb 2017 08:26:16 GMT]
Server: [cloudflare-nginx]
Set-Cookie: [__cfduid=d2b83a15608203086ba9d5b101c0e86931487416499; expires=Sun, 18-Feb-18 11:14:59 GMT; path=/; domain=.globalsign.com; HttpOnly]
Vary: [Accept-Encoding]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

GlobalSign Organization Validation CA - SHA256 - G2 (CA Certificate)

This certificate was cached at
Certificate details for GlobalSign Organization Validation CA - SHA256 - G2 (At position 1 in certificate chain)
Serial number:
hex: 40000000001444ef04247
int: 4835703278459909592597063
Issued by: GlobalSign Root CA
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: GlobalSign nv-sa
Country: BE
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

Certificate Revocation List (CRL)

This CRL was cached at
http://crl.globalsign.net/root.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://crl.globalsign.net/root.crl
Size: 693 bytes (DER data)
Response time: 44.017355ms
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 5

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: cloudflare-nginx
Content Delivery Network (CDN): CloudFlare
Cache Information: HIT

Raw CRL response headers

Accept-Ranges: [bytes]
Cache-Control: [public, max-age=4620076]
Cf-Cache-Status: [HIT]
Cf-Ray: [3342046e17c821f8-EWR]
Content-Length: [693]
Content-Type: [application/pkix-crl]
Date: [Mon, 20 Feb 2017 12:38:44 GMT]
Etag: [37]
Expires: [Sat, 15 Apr 2017 00:00:00 GMT]
Last-Modified: [Sat, 07 Jan 2017 00:00:00 GMT]
Server: [cloudflare-nginx]
Set-Cookie: [__cfduid=db544420baca167953ac3f27120a7911b1487594324; expires=Tue, 20-Feb-18 12:38:44 GMT; path=/; domain=.globalsign.net; HttpOnly]
Vary: [Accept-Encoding]
  • Content-Type in response is set to 'application/pkix-crl (RFC 5280, section 4.2.1.13)'
  • This CRL file is DER encoded
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://ocsp.globalsign.com/rootr1 (POST)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp.globalsign.com/rootr1 (POST)
Size: 1518 bytes (DER data)
Response time: 6.934904ms
Signature algorithm: SHA256WithRSA
Signature type: CA Deligated
Signed by: GlobalSign OCSP for Root R1 - Signer 1.2
Issued by: GlobalSign Root CA
Signing certificate validity: 2016-12-08 - 2017-05-15
Signing certificate algorithm: SHA1-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 3h0m0s

Server and network information

Server Software: cloudflare-nginx
Content Delivery Network (CDN): CloudFlare
Cache Information: HIT

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6+MgGqMQQUYHtm
GkUNl8qJUC99BM00qP/8/UsCCwQAAAAAAURO8EJH
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIF6goBAKCCBeMwggXfBgkrBgEFBQcwAQEEggXQMIIFzDCBmaIWBBTo5D4n+cHT
OzaRhTkWd1PUt9RfihgPMjAxNzAyMjAwOTExNDdaMG4wbDBEMAkGBSsOAwIaBQAE
FLdXtbacB/gWIxOOkMkqDr4yAaoxBBRge2YaRQ2XyolQL30EzTSo//z9SwILBAAA
AAABRE7wQkeAABgPMjAxNzAyMjAwOTExNDdaoBEYDzIwMTcwMjI0MDkxMTQ3WjAN
BgkqhkiG9w0BAQsFAAOCAQEAlejqy+Dj2KH3Rps+RZC36LgCRW7XZTN0Ex8Cn+x+
Ookahzo3RgVuSF9WBRdqJRiB4D0GbBe3wchibrDubZYPmXI7pz22CL3FPiq9r0Pm
op2Ey8Uk6QPRk5rZEcSsvTIY/hT7qe394ulQhRRVm/Uq36iDm01zmu999w6A4VBO
+eo0fF/UPfpVc4CbWyi5cnjMcdQyRBaUr49eajBYtTx59mYb0AizC2+jzqV0pFFQ
MN/6FSns5sL0mtLupRYqwqKlCHZjzaF4ZB94IJNgQhx820LnYvZDbjKhr4ecoltB
BzBI6V5ry3nH/ZXpIXlqqcHwxkg9BnmMZu7i/DIYNUeRYKCCBBgwggQUMIIEEDCC
AvigAwIBAgIOSPWzECFVLDQzsNCb15cwDQYJKoZIhvcNAQEFBQAwVzELMAkGA1UE
BhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jvb3Qg
Q0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xNjEyMDgwMDAwMDBa
Fw0xNzA1MTUwMDAwMDBaMFsxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxT
aWduIG52LXNhMTEwLwYDVQQDEyhHbG9iYWxTaWduIE9DU1AgZm9yIFJvb3QgUjEg
LSBTaWduZXIgMS4yMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4eJO
rqLb90sYTgrLehHOwNb1Gr8BunC06AZDTH/msQRAp+ILqVzPC60EZsdKc1KGe19h
d27VEP/yOx0aFy1/Hmef8jjg8jbofGyDKJkWi5ho8/nT/TtH2EDmi1SQ5iXFDv0T
zzfcUhTaTzt1y2dAZxJDpYeJ7M22p+Uyx1nZ0MOKSbWUZ8JKe33+q7R1jECE84xp
aLG8JN486hq9e5BogGjIlAwg4JzR/n1NfYg61IGC1aSZzBTcclM9wSTr3suBbEUp
M/NvnkIReL4PHZikXupW0yNOB5A9U16iRoWvVZt9QzLji4YtU8D/uP7L0iCKMuu9
Ho9JlpvMlRLlLl3zYwIDAQABo4HVMIHSMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUE
DDAKBggrBgEFBQcDCTAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBTo5D4n+cHTOzaR
hTkWd1PUt9RfijAfBgNVHSMEGDAWgBRge2YaRQ2XyolQL30EzTSo//z9SzAPBgkr
BgEFBQcwAQUEAgUAMEwGA1UdIARFMEMwQQYJKwYBBAGgMgFfMDQwMgYIKwYBBQUH
AgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMA0GCSqG
SIb3DQEBBQUAA4IBAQA+U6mkht7qiRVGQBUpwmZveLWGVlzshYcUhqXmu+l4qVue
h4BJJt49W5nfDnX/tTQHXG365f3oVn8Dbsqt0K3j2DNZQwjLUmwt36ERjs9h1JlA
R52fmUAIoW/iG/7cy/2iQPcMfh//le05L30MaRs8/5sZwmVc1VxhrCfofbSp/gKy
BH2N4a2KCUNuvHmrdcX0FAx4Wjm/D3iignh8aCunfUktOskMUkSlUxb8UWwTgzJj
blibRmlsc3RmEOiAD+TR7GUSVq9H6B0Kzi4cXJ7dXWhoK+XNzNZX+sfaL+WjeDqd
Mkn4KpoU1NTyUz8PRHLvqUGigfTJ0z2lpy5fD7nU
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIEEDCCAvigAwIBAgIOSPWzECFVLDQzsNCb15cwDQYJKoZIhvcNAQEFBQAwVzEL
MAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsT
B1Jvb3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xNjEyMDgw
MDAwMDBaFw0xNzA1MTUwMDAwMDBaMFsxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBH
bG9iYWxTaWduIG52LXNhMTEwLwYDVQQDEyhHbG9iYWxTaWduIE9DU1AgZm9yIFJv
b3QgUjEgLSBTaWduZXIgMS4yMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA4eJOrqLb90sYTgrLehHOwNb1Gr8BunC06AZDTH/msQRAp+ILqVzPC60EZsdK
c1KGe19hd27VEP/yOx0aFy1/Hmef8jjg8jbofGyDKJkWi5ho8/nT/TtH2EDmi1SQ
5iXFDv0TzzfcUhTaTzt1y2dAZxJDpYeJ7M22p+Uyx1nZ0MOKSbWUZ8JKe33+q7R1
jECE84xpaLG8JN486hq9e5BogGjIlAwg4JzR/n1NfYg61IGC1aSZzBTcclM9wSTr
3suBbEUpM/NvnkIReL4PHZikXupW0yNOB5A9U16iRoWvVZt9QzLji4YtU8D/uP7L
0iCKMuu9Ho9JlpvMlRLlLl3zYwIDAQABo4HVMIHSMA4GA1UdDwEB/wQEAwIHgDAT
BgNVHSUEDDAKBggrBgEFBQcDCTAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBTo5D4n
+cHTOzaRhTkWd1PUt9RfijAfBgNVHSMEGDAWgBRge2YaRQ2XyolQL30EzTSo//z9
SzAPBgkrBgEFBQcwAQUEAgUAMEwGA1UdIARFMEMwQQYJKwYBBAGgMgFfMDQwMgYI
KwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkv
MA0GCSqGSIb3DQEBBQUAA4IBAQA+U6mkht7qiRVGQBUpwmZveLWGVlzshYcUhqXm
u+l4qVueh4BJJt49W5nfDnX/tTQHXG365f3oVn8Dbsqt0K3j2DNZQwjLUmwt36ER
js9h1JlAR52fmUAIoW/iG/7cy/2iQPcMfh//le05L30MaRs8/5sZwmVc1VxhrCfo
fbSp/gKyBH2N4a2KCUNuvHmrdcX0FAx4Wjm/D3iignh8aCunfUktOskMUkSlUxb8
UWwTgzJjblibRmlsc3RmEOiAD+TR7GUSVq9H6B0Kzi4cXJ7dXWhoK+XNzNZX+sfa
L+WjeDqdMkn4KpoU1NTyUz8PRHLvqUGigfTJ0z2lpy5fD7nU
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [max-age=10800,public,no-transform,must-revalidate]
Cf-Cache-Status: [HIT]
Cf-Ray: [3342046dd1e1077f-EWR]
Content-Length: [1518]
Content-Type: [application/ocsp-response]
Date: [Mon, 20 Feb 2017 12:38:44 GMT]
Etag: ["55bf0dee2be20708ea368b7fa6c20cb9761e0288"]
Expires: [Fri, 24 Feb 2017 09:11:47 GMT]
Last-Modified: [Mon, 20 Feb 2017 09:11:47 GMT]
Server: [cloudflare-nginx]
Set-Cookie: [__cfduid=df8973e95b0c6ff503b17b1c46e191f2a1487594324; expires=Tue, 20-Feb-18 12:38:44 GMT; path=/; domain=.globalsign.com; HttpOnly]
Vary: [Accept-Encoding]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)
This OCSP response was cached at
http://ocsp.globalsign.com/rootr1 (GET)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp.globalsign.com/rootr1 (GET)
Size: 1518 bytes (DER data)
Response time: 6.963828ms
Signature algorithm: SHA256WithRSA
Signature type: CA Deligated
Signed by: GlobalSign OCSP for Root R1 - Signer 1.2
Issued by: GlobalSign Root CA
Signing certificate validity: 2016-12-08 - 2017-05-15
Signing certificate algorithm: SHA1-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 3h0m0s

Server and network information

Server Software: cloudflare-nginx
Content Delivery Network (CDN): CloudFlare
Cache Information: HIT

URL used for GET request

http:/rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCCwQAAAAAAURO8EJH

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6+MgGqMQQUYHtm
GkUNl8qJUC99BM00qP/8/UsCCwQAAAAAAURO8EJH
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIF6goBAKCCBeMwggXfBgkrBgEFBQcwAQEEggXQMIIFzDCBmaIWBBTo5D4n+cHT
OzaRhTkWd1PUt9RfihgPMjAxNzAyMjAwOTExNDdaMG4wbDBEMAkGBSsOAwIaBQAE
FLdXtbacB/gWIxOOkMkqDr4yAaoxBBRge2YaRQ2XyolQL30EzTSo//z9SwILBAAA
AAABRE7wQkeAABgPMjAxNzAyMjAwOTExNDdaoBEYDzIwMTcwMjI0MDkxMTQ3WjAN
BgkqhkiG9w0BAQsFAAOCAQEAlejqy+Dj2KH3Rps+RZC36LgCRW7XZTN0Ex8Cn+x+
Ookahzo3RgVuSF9WBRdqJRiB4D0GbBe3wchibrDubZYPmXI7pz22CL3FPiq9r0Pm
op2Ey8Uk6QPRk5rZEcSsvTIY/hT7qe394ulQhRRVm/Uq36iDm01zmu999w6A4VBO
+eo0fF/UPfpVc4CbWyi5cnjMcdQyRBaUr49eajBYtTx59mYb0AizC2+jzqV0pFFQ
MN/6FSns5sL0mtLupRYqwqKlCHZjzaF4ZB94IJNgQhx820LnYvZDbjKhr4ecoltB
BzBI6V5ry3nH/ZXpIXlqqcHwxkg9BnmMZu7i/DIYNUeRYKCCBBgwggQUMIIEEDCC
AvigAwIBAgIOSPWzECFVLDQzsNCb15cwDQYJKoZIhvcNAQEFBQAwVzELMAkGA1UE
BhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jvb3Qg
Q0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xNjEyMDgwMDAwMDBa
Fw0xNzA1MTUwMDAwMDBaMFsxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxT
aWduIG52LXNhMTEwLwYDVQQDEyhHbG9iYWxTaWduIE9DU1AgZm9yIFJvb3QgUjEg
LSBTaWduZXIgMS4yMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4eJO
rqLb90sYTgrLehHOwNb1Gr8BunC06AZDTH/msQRAp+ILqVzPC60EZsdKc1KGe19h
d27VEP/yOx0aFy1/Hmef8jjg8jbofGyDKJkWi5ho8/nT/TtH2EDmi1SQ5iXFDv0T
zzfcUhTaTzt1y2dAZxJDpYeJ7M22p+Uyx1nZ0MOKSbWUZ8JKe33+q7R1jECE84xp
aLG8JN486hq9e5BogGjIlAwg4JzR/n1NfYg61IGC1aSZzBTcclM9wSTr3suBbEUp
M/NvnkIReL4PHZikXupW0yNOB5A9U16iRoWvVZt9QzLji4YtU8D/uP7L0iCKMuu9
Ho9JlpvMlRLlLl3zYwIDAQABo4HVMIHSMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUE
DDAKBggrBgEFBQcDCTAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBTo5D4n+cHTOzaR
hTkWd1PUt9RfijAfBgNVHSMEGDAWgBRge2YaRQ2XyolQL30EzTSo//z9SzAPBgkr
BgEFBQcwAQUEAgUAMEwGA1UdIARFMEMwQQYJKwYBBAGgMgFfMDQwMgYIKwYBBQUH
AgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMA0GCSqG
SIb3DQEBBQUAA4IBAQA+U6mkht7qiRVGQBUpwmZveLWGVlzshYcUhqXmu+l4qVue
h4BJJt49W5nfDnX/tTQHXG365f3oVn8Dbsqt0K3j2DNZQwjLUmwt36ERjs9h1JlA
R52fmUAIoW/iG/7cy/2iQPcMfh//le05L30MaRs8/5sZwmVc1VxhrCfofbSp/gKy
BH2N4a2KCUNuvHmrdcX0FAx4Wjm/D3iignh8aCunfUktOskMUkSlUxb8UWwTgzJj
blibRmlsc3RmEOiAD+TR7GUSVq9H6B0Kzi4cXJ7dXWhoK+XNzNZX+sfaL+WjeDqd
Mkn4KpoU1NTyUz8PRHLvqUGigfTJ0z2lpy5fD7nU
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIEEDCCAvigAwIBAgIOSPWzECFVLDQzsNCb15cwDQYJKoZIhvcNAQEFBQAwVzEL
MAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsT
B1Jvb3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xNjEyMDgw
MDAwMDBaFw0xNzA1MTUwMDAwMDBaMFsxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBH
bG9iYWxTaWduIG52LXNhMTEwLwYDVQQDEyhHbG9iYWxTaWduIE9DU1AgZm9yIFJv
b3QgUjEgLSBTaWduZXIgMS4yMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA4eJOrqLb90sYTgrLehHOwNb1Gr8BunC06AZDTH/msQRAp+ILqVzPC60EZsdK
c1KGe19hd27VEP/yOx0aFy1/Hmef8jjg8jbofGyDKJkWi5ho8/nT/TtH2EDmi1SQ
5iXFDv0TzzfcUhTaTzt1y2dAZxJDpYeJ7M22p+Uyx1nZ0MOKSbWUZ8JKe33+q7R1
jECE84xpaLG8JN486hq9e5BogGjIlAwg4JzR/n1NfYg61IGC1aSZzBTcclM9wSTr
3suBbEUpM/NvnkIReL4PHZikXupW0yNOB5A9U16iRoWvVZt9QzLji4YtU8D/uP7L
0iCKMuu9Ho9JlpvMlRLlLl3zYwIDAQABo4HVMIHSMA4GA1UdDwEB/wQEAwIHgDAT
BgNVHSUEDDAKBggrBgEFBQcDCTAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBTo5D4n
+cHTOzaRhTkWd1PUt9RfijAfBgNVHSMEGDAWgBRge2YaRQ2XyolQL30EzTSo//z9
SzAPBgkrBgEFBQcwAQUEAgUAMEwGA1UdIARFMEMwQQYJKwYBBAGgMgFfMDQwMgYI
KwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkv
MA0GCSqGSIb3DQEBBQUAA4IBAQA+U6mkht7qiRVGQBUpwmZveLWGVlzshYcUhqXm
u+l4qVueh4BJJt49W5nfDnX/tTQHXG365f3oVn8Dbsqt0K3j2DNZQwjLUmwt36ER
js9h1JlAR52fmUAIoW/iG/7cy/2iQPcMfh//le05L30MaRs8/5sZwmVc1VxhrCfo
fbSp/gKyBH2N4a2KCUNuvHmrdcX0FAx4Wjm/D3iignh8aCunfUktOskMUkSlUxb8
UWwTgzJjblibRmlsc3RmEOiAD+TR7GUSVq9H6B0Kzi4cXJ7dXWhoK+XNzNZX+sfa
L+WjeDqdMkn4KpoU1NTyUz8PRHLvqUGigfTJ0z2lpy5fD7nU
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [max-age=10800,public,no-transform,must-revalidate]
Cf-Cache-Status: [HIT]
Cf-Ray: [3342046dd06421aa-EWR]
Content-Length: [1518]
Content-Type: [application/ocsp-response]
Date: [Mon, 20 Feb 2017 12:38:44 GMT]
Etag: ["55bf0dee2be20708ea368b7fa6c20cb9761e0288"]
Expires: [Fri, 24 Feb 2017 09:11:47 GMT]
Last-Modified: [Mon, 20 Feb 2017 09:11:47 GMT]
Server: [cloudflare-nginx]
Set-Cookie: [__cfduid=d6ff53de3027e059fbb625a2280329abb1487594324; expires=Tue, 20-Feb-18 12:38:44 GMT; path=/; domain=.globalsign.com; HttpOnly]
Vary: [Accept-Encoding]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

GlobalSign Root CA (CA Certificate)

This certificate was cached at
Certificate details for GlobalSign Root CA (At position 2 in certificate chain)
Serial number:
hex: 40000000001154b5ac394
int: 4835703278459707669005204
Issued by: GlobalSign Root CA
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: GlobalSign nv-sa
Organization unit: Root CA
Country: BE
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

This is a self signed certificate

Check the revocation status for another website

Created by Paul van Brouwershaven
Revoked certificates can't and should not be trusted, these certificate will cause errors like "NET::ERR_CERT_REVOKED" in browsers.