CRL & OCSP report for 0-campus.westlaw.com.wildpac.wne.edu - wildpac.wne.edu

wildpac.wne.edu

Certificate details for wildpac.wne.edu (At position 0 in certificate chain)
Serial number:
hex: 7eed9118f150cda8
int: 9146125954573192616
Issued by: Starfield Secure Certificate Authority - G2
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization unit: Domain Control Validated
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

Check certificate compliance for 0-campus.westlaw.com.wildpac.wne.edu.

Certificate Revocation List (CRL)

This CRL was cached at
http://crl.starfieldtech.com/sfig2s1-56.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://crl.starfieldtech.com/sfig2s1-56.crl
Size: 34132 bytes (DER data)
Response time: 1.330608566s
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 803

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: Apache

Raw CRL response headers

Accept-Ranges: [bytes]
Cache-Control: [max-age=259200]
Content-Length: [34132]
Content-Type: [application/pkix-crl]
Date: [Sun, 25 Jun 2017 23:37:58 GMT]
Etag: ["8554-552bd8b9a6000"]
Expires: [Wed, 28 Jun 2017 23:37:58 GMT]
Last-Modified: [Sun, 25 Jun 2017 00:02:08 GMT]
P3p: [CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"]
Server: [Apache]
  • Content-Type in response is set to 'application/pkix-crl (RFC 5280, section 4.2.1.13)'
  • This CRL file is DER encoded
  • Issuer field is byte-for-byte equivalent with issuers subject
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than seven days old, CRLs must be updated and reissued at least every seven days (Mozilla Maintenance Policy section 3)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is not the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is not the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://ocsp.starfieldtech.com/ (GET)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp.starfieldtech.com/ (GET)
Size: 1846 bytes (DER data)
Response time: 608.502056ms
Signature algorithm: SHA1WithRSA
Signature type: CA Delegated
Signed by: Starfield Validation Authority - G2
Issued by: Starfield Secure Certificate Authority - G2
Signing certificate validity: 2016-12-13 - 2017-12-13
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 33h5m0s

Server and network information

Server Software: Apache

URL used for GET request

http://ocsp.starfieldtech.com/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBT1ZqtwV0O1KcYi0gdzcFkHM%2BuArAQUJUWBaFAmOD07LSy%2BzWrZtj2zZmMCCH7tkRjxUM2o

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MEkwRzBFMEMwQTAJBgUrDgMCGgUABBT1ZqtwV0O1KcYi0gdzcFkHM+uArAQUJUWB
aFAmOD07LSy+zWrZtj2zZmMCCH7tkRjxUM2o
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIHMgoBAKCCByswggcnBgkrBgEFBQcwAQEEggcYMIIHFDCCAQyhgYswgYgxCzAJ
BgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxl
MSQwIgYDVQQKExtTdGFyZmllbGQgVGVjaG5vbG9naWVzLCBMTEMxLDAqBgNVBAMT
I1N0YXJmaWVsZCBWYWxpZGF0aW9uIEF1dGhvcml0eSAtIEcyGA8yMDE3MDYyNjIy
NTgzM1owazBpMEEwCQYFKw4DAhoFAAQU9WarcFdDtSnGItIHc3BZBzPrgKwEFCVF
gWhQJjg9Oy0svs1q2bY9s2ZjAgh+7ZEY8VDNqIAAGA8yMDE3MDYyNjIyNTgzM1qg
ERgPMjAxNzA2MjgxMDU4MzNaMA0GCSqGSIb3DQEBBQUAA4IBAQAELezmNCZmtFnB
IBm0uFGAxeqlQmLS4mXSuD5BcxZclz5AjDjRCTVpNkNXTmWg5In1Hze6hpQ6aRMd
P7gP7T4kNwh7wNqs59IW6ahOgA/7ngJV8+8IbvaDSXLqA0IDwv5A8vecCdYdRriN
zETJgI2etR6rMf1y06aTn0hlmQjsNo+Dg7Y+qH+rvcBLOAJ1fui37/gC1STLxYGm
bZGtwCmLwMcWwwtJXUwgo74z6kBxR5cenF95CloLlnkadpnZEiFennan+21NmSSN
aG5RseOUzdZCozAKyrv8fddtIeHv6sDjOpa055OCajKB3K4a9Iz4DlEX8l6+MnDK
kAuLTlSOoIIE7DCCBOgwggTkMIIDzKADAgECAgkA3J+sk/r/1X8wDQYJKoZIhvcN
AQELBQAwgcYxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQH
EwpTY290dHNkYWxlMSUwIwYDVQQKExxTdGFyZmllbGQgVGVjaG5vbG9naWVzLCBJ
bmMuMTMwMQYDVQQLEypodHRwOi8vY2VydHMuc3RhcmZpZWxkdGVjaC5jb20vcmVw
b3NpdG9yeS8xNDAyBgNVBAMTK1N0YXJmaWVsZCBTZWN1cmUgQ2VydGlmaWNhdGUg
QXV0aG9yaXR5IC0gRzIwHhcNMTYxMjEzMDcwMDAwWhcNMTcxMjEzMDcwMDAwWjCB
iDELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0
c2RhbGUxJDAiBgNVBAoTG1N0YXJmaWVsZCBUZWNobm9sb2dpZXMsIExMQzEsMCoG
A1UEAxMjU3RhcmZpZWxkIFZhbGlkYXRpb24gQXV0aG9yaXR5IC0gRzIwggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDErfsw30Hf/hAxEiB+MSDi8yZAoDh
aslimDLFY72B+7wnZVNBABrtgJc2IiIym2hmC20BbTn/qIWoi5ensF9OBSJnVunP
e+VKInvl5zBmDlckp1hyF7/6unxV+0YMIedLzjAg7ihwgqcdzK2FOYNJD9yfj7L/
YxNjXNI5Dnh0Gna6VU6PBxglqM+1wixSHwnY41pKAy7uAdP/cnoTWgvmcKzsvXJ1
BDYZxP/tFjCKFHTi5A/xKtuAE1QVVwXu0N6OP+4c2Fj6AAYoKx6QeqtbtSC6QfmX
tit63Vs+Lfd5Psqgsm52VRSriWcud1UuDw7M34kR3yBGaNk2RgYCFX1/AgMBAAGj
ggEPMIIBCzAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIGwDATBgNVHSUEDDAK
BggrBgEFBQcDCTAdBgNVHQ4EFgQUxYZKIX7Z8rV9oQGsrF5d/hWC978wDwYJKwYB
BQUHMAEFBAIFADBUBgNVHR8ETTBLMEmgR6BFhkNodHRwOi8vY3JsLnN0YXJmaWVs
ZHRlY2guY29tL3JlcG9zaXRvcnkvbWFzdGVyc3RhcmZpZWxkMmlzc3VpbmcuY3Js
MFAGA1UdIARJMEcwRQYLYIZIAYb9bgEHFwEwNjA0BggrBgEFBQcCARYoaHR0cDov
L2NybC5zdGFyZmllbGR0ZWNoLmNvbS9yZXBvc2l0b3J5LzANBgkqhkiG9w0BAQsF
AAOCAQEApA6TF8Hlj3+oANe0J+TAtUxpyQZ9ykX1+UaeSPdUAU6WsphZOoSDWVkD
gtStV+D9CkHj/0Gf1TBEOzgO9ED0v2jtSKvpubUpwoG+SG67L+xKTicJsCivPvQD
qBBlfIR96eEFvI02ZhCO/EGMYUb4uoZOi3XVPpA9IXZK/H+9BNSzUJSat2YHQuJS
5v4AnDZ7yimuEBXKangWIuDtkhRoSc19rIIiWWwBkcdw3DDHCOS7udtHsdM0ebyt
9xToHcBhEJc/06iGYNBDUJxLXfCFIsHbPQ6P34JOPL26foaMemTsmuaByjB0bitT
8qJlPPZmYfPg4mq/R3vOScTj2EpTeg==
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIE5DCCA8ygAwIBAgIJANyfrJP6/9V/MA0GCSqGSIb3DQEBCwUAMIHGMQswCQYD
VQQGEwJVUzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEl
MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEzMDEGA1UECxMq
aHR0cDovL2NlcnRzLnN0YXJmaWVsZHRlY2guY29tL3JlcG9zaXRvcnkvMTQwMgYD
VQQDEytTdGFyZmllbGQgU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcy
MB4XDTE2MTIxMzA3MDAwMFoXDTE3MTIxMzA3MDAwMFowgYgxCzAJBgNVBAYTAlVT
MRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSQwIgYDVQQK
ExtTdGFyZmllbGQgVGVjaG5vbG9naWVzLCBMTEMxLDAqBgNVBAMTI1N0YXJmaWVs
ZCBWYWxpZGF0aW9uIEF1dGhvcml0eSAtIEcyMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAwxK37MN9B3/4QMRIgfjEg4vMmQKA4WrJYpgyxWO9gfu8J2VT
QQAa7YCXNiIiMptoZgttAW05/6iFqIuXp7BfTgUiZ1bpz3vlSiJ75ecwZg5XJKdY
che/+rp8VftGDCHnS84wIO4ocIKnHcythTmDSQ/cn4+y/2MTY1zSOQ54dBp2ulVO
jwcYJajPtcIsUh8J2ONaSgMu7gHT/3J6E1oL5nCs7L1ydQQ2GcT/7RYwihR04uQP
8SrbgBNUFVcF7tDejj/uHNhY+gAGKCsekHqrW7UgukH5l7Yret1bPi33eT7KoLJu
dlUUq4lnLndVLg8OzN+JEd8gRmjZNkYGAhV9fwIDAQABo4IBDzCCAQswDAYDVR0T
AQH/BAIwADAOBgNVHQ8BAf8EBAMCBsAwEwYDVR0lBAwwCgYIKwYBBQUHAwkwHQYD
VR0OBBYEFMWGSiF+2fK1faEBrKxeXf4Vgve/MA8GCSsGAQUFBzABBQQCBQAwVAYD
VR0fBE0wSzBJoEegRYZDaHR0cDovL2NybC5zdGFyZmllbGR0ZWNoLmNvbS9yZXBv
c2l0b3J5L21hc3RlcnN0YXJmaWVsZDJpc3N1aW5nLmNybDBQBgNVHSAESTBHMEUG
C2CGSAGG/W4BBxcBMDYwNAYIKwYBBQUHAgEWKGh0dHA6Ly9jcmwuc3RhcmZpZWxk
dGVjaC5jb20vcmVwb3NpdG9yeS8wDQYJKoZIhvcNAQELBQADggEBAKQOkxfB5Y9/
qADXtCfkwLVMackGfcpF9flGnkj3VAFOlrKYWTqEg1lZA4LUrVfg/QpB4/9Bn9Uw
RDs4DvRA9L9o7Uir6bm1KcKBvkhuuy/sSk4nCbAorz70A6gQZXyEfenhBbyNNmYQ
jvxBjGFG+LqGTot11T6QPSF2Svx/vQTUs1CUmrdmB0LiUub+AJw2e8oprhAVymp4
FiLg7ZIUaEnNfayCIllsAZHHcNwwxwjku7nbR7HTNHm8rfcU6B3AYRCXP9OohmDQ
Q1CcS13whSLB2z0Oj9+CTjy9un6GjHpk7JrmgcowdG4rU/KiZTz2ZmHz4OJqv0d7
zknE49hKU3o=
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [max-age=119100, public, no-transform, must-revalidate]
Content-Length: [1846]
Content-Transfer-Encoding: [Binary]
Content-Type: [application/ocsp-response]
Date: [Tue, 27 Jun 2017 00:09:04 GMT]
Etag: ["2cc9cfee1aa237fa4b1a51c566afe7108b0fc163"]
Expires: [Wed, 28 Jun 2017 10:58:33 GMT]
Last-Modified: [Mon, 26 Jun 2017 22:58:33 GMT]
P3p: [CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"]
Server: [Apache]
  • OCSP requests is smaller than 255 bytes
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • OCSP response is valid for at least 8 hours (Microsoft)
  • OCSP response is available at least 8 hours before the current period expires or at ½ the validity if valid for more than 16 hours (Microsoft)
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)
This OCSP response was cached at
http://ocsp.starfieldtech.com/ (POST)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp.starfieldtech.com/ (POST)
Size: 1846 bytes (DER data)
Response time: 603.207195ms
Signature algorithm: SHA1WithRSA
Signature type: CA Delegated
Signed by: Starfield Validation Authority - G2
Issued by: Starfield Secure Certificate Authority - G2
Signing certificate validity: 2016-12-13 - 2017-12-13
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 33h6m26s

Server and network information

Server Software: Apache

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MEkwRzBFMEMwQTAJBgUrDgMCGgUABBT1ZqtwV0O1KcYi0gdzcFkHM+uArAQUJUWB
aFAmOD07LSy+zWrZtj2zZmMCCH7tkRjxUM2o
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIHMgoBAKCCByswggcnBgkrBgEFBQcwAQEEggcYMIIHFDCCAQyhgYswgYgxCzAJ
BgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxl
MSQwIgYDVQQKExtTdGFyZmllbGQgVGVjaG5vbG9naWVzLCBMTEMxLDAqBgNVBAMT
I1N0YXJmaWVsZCBWYWxpZGF0aW9uIEF1dGhvcml0eSAtIEcyGA8yMDE3MDYyNjIy
NTgzM1owazBpMEEwCQYFKw4DAhoFAAQU9WarcFdDtSnGItIHc3BZBzPrgKwEFCVF
gWhQJjg9Oy0svs1q2bY9s2ZjAgh+7ZEY8VDNqIAAGA8yMDE3MDYyNjIyNTgzM1qg
ERgPMjAxNzA2MjgxMDU4MzNaMA0GCSqGSIb3DQEBBQUAA4IBAQAELezmNCZmtFnB
IBm0uFGAxeqlQmLS4mXSuD5BcxZclz5AjDjRCTVpNkNXTmWg5In1Hze6hpQ6aRMd
P7gP7T4kNwh7wNqs59IW6ahOgA/7ngJV8+8IbvaDSXLqA0IDwv5A8vecCdYdRriN
zETJgI2etR6rMf1y06aTn0hlmQjsNo+Dg7Y+qH+rvcBLOAJ1fui37/gC1STLxYGm
bZGtwCmLwMcWwwtJXUwgo74z6kBxR5cenF95CloLlnkadpnZEiFennan+21NmSSN
aG5RseOUzdZCozAKyrv8fddtIeHv6sDjOpa055OCajKB3K4a9Iz4DlEX8l6+MnDK
kAuLTlSOoIIE7DCCBOgwggTkMIIDzKADAgECAgkA3J+sk/r/1X8wDQYJKoZIhvcN
AQELBQAwgcYxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQH
EwpTY290dHNkYWxlMSUwIwYDVQQKExxTdGFyZmllbGQgVGVjaG5vbG9naWVzLCBJ
bmMuMTMwMQYDVQQLEypodHRwOi8vY2VydHMuc3RhcmZpZWxkdGVjaC5jb20vcmVw
b3NpdG9yeS8xNDAyBgNVBAMTK1N0YXJmaWVsZCBTZWN1cmUgQ2VydGlmaWNhdGUg
QXV0aG9yaXR5IC0gRzIwHhcNMTYxMjEzMDcwMDAwWhcNMTcxMjEzMDcwMDAwWjCB
iDELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0
c2RhbGUxJDAiBgNVBAoTG1N0YXJmaWVsZCBUZWNobm9sb2dpZXMsIExMQzEsMCoG
A1UEAxMjU3RhcmZpZWxkIFZhbGlkYXRpb24gQXV0aG9yaXR5IC0gRzIwggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDErfsw30Hf/hAxEiB+MSDi8yZAoDh
aslimDLFY72B+7wnZVNBABrtgJc2IiIym2hmC20BbTn/qIWoi5ensF9OBSJnVunP
e+VKInvl5zBmDlckp1hyF7/6unxV+0YMIedLzjAg7ihwgqcdzK2FOYNJD9yfj7L/
YxNjXNI5Dnh0Gna6VU6PBxglqM+1wixSHwnY41pKAy7uAdP/cnoTWgvmcKzsvXJ1
BDYZxP/tFjCKFHTi5A/xKtuAE1QVVwXu0N6OP+4c2Fj6AAYoKx6QeqtbtSC6QfmX
tit63Vs+Lfd5Psqgsm52VRSriWcud1UuDw7M34kR3yBGaNk2RgYCFX1/AgMBAAGj
ggEPMIIBCzAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIGwDATBgNVHSUEDDAK
BggrBgEFBQcDCTAdBgNVHQ4EFgQUxYZKIX7Z8rV9oQGsrF5d/hWC978wDwYJKwYB
BQUHMAEFBAIFADBUBgNVHR8ETTBLMEmgR6BFhkNodHRwOi8vY3JsLnN0YXJmaWVs
ZHRlY2guY29tL3JlcG9zaXRvcnkvbWFzdGVyc3RhcmZpZWxkMmlzc3VpbmcuY3Js
MFAGA1UdIARJMEcwRQYLYIZIAYb9bgEHFwEwNjA0BggrBgEFBQcCARYoaHR0cDov
L2NybC5zdGFyZmllbGR0ZWNoLmNvbS9yZXBvc2l0b3J5LzANBgkqhkiG9w0BAQsF
AAOCAQEApA6TF8Hlj3+oANe0J+TAtUxpyQZ9ykX1+UaeSPdUAU6WsphZOoSDWVkD
gtStV+D9CkHj/0Gf1TBEOzgO9ED0v2jtSKvpubUpwoG+SG67L+xKTicJsCivPvQD
qBBlfIR96eEFvI02ZhCO/EGMYUb4uoZOi3XVPpA9IXZK/H+9BNSzUJSat2YHQuJS
5v4AnDZ7yimuEBXKangWIuDtkhRoSc19rIIiWWwBkcdw3DDHCOS7udtHsdM0ebyt
9xToHcBhEJc/06iGYNBDUJxLXfCFIsHbPQ6P34JOPL26foaMemTsmuaByjB0bitT
8qJlPPZmYfPg4mq/R3vOScTj2EpTeg==
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIE5DCCA8ygAwIBAgIJANyfrJP6/9V/MA0GCSqGSIb3DQEBCwUAMIHGMQswCQYD
VQQGEwJVUzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEl
MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEzMDEGA1UECxMq
aHR0cDovL2NlcnRzLnN0YXJmaWVsZHRlY2guY29tL3JlcG9zaXRvcnkvMTQwMgYD
VQQDEytTdGFyZmllbGQgU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcy
MB4XDTE2MTIxMzA3MDAwMFoXDTE3MTIxMzA3MDAwMFowgYgxCzAJBgNVBAYTAlVT
MRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSQwIgYDVQQK
ExtTdGFyZmllbGQgVGVjaG5vbG9naWVzLCBMTEMxLDAqBgNVBAMTI1N0YXJmaWVs
ZCBWYWxpZGF0aW9uIEF1dGhvcml0eSAtIEcyMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAwxK37MN9B3/4QMRIgfjEg4vMmQKA4WrJYpgyxWO9gfu8J2VT
QQAa7YCXNiIiMptoZgttAW05/6iFqIuXp7BfTgUiZ1bpz3vlSiJ75ecwZg5XJKdY
che/+rp8VftGDCHnS84wIO4ocIKnHcythTmDSQ/cn4+y/2MTY1zSOQ54dBp2ulVO
jwcYJajPtcIsUh8J2ONaSgMu7gHT/3J6E1oL5nCs7L1ydQQ2GcT/7RYwihR04uQP
8SrbgBNUFVcF7tDejj/uHNhY+gAGKCsekHqrW7UgukH5l7Yret1bPi33eT7KoLJu
dlUUq4lnLndVLg8OzN+JEd8gRmjZNkYGAhV9fwIDAQABo4IBDzCCAQswDAYDVR0T
AQH/BAIwADAOBgNVHQ8BAf8EBAMCBsAwEwYDVR0lBAwwCgYIKwYBBQUHAwkwHQYD
VR0OBBYEFMWGSiF+2fK1faEBrKxeXf4Vgve/MA8GCSsGAQUFBzABBQQCBQAwVAYD
VR0fBE0wSzBJoEegRYZDaHR0cDovL2NybC5zdGFyZmllbGR0ZWNoLmNvbS9yZXBv
c2l0b3J5L21hc3RlcnN0YXJmaWVsZDJpc3N1aW5nLmNybDBQBgNVHSAESTBHMEUG
C2CGSAGG/W4BBxcBMDYwNAYIKwYBBQUHAgEWKGh0dHA6Ly9jcmwuc3RhcmZpZWxk
dGVjaC5jb20vcmVwb3NpdG9yeS8wDQYJKoZIhvcNAQELBQADggEBAKQOkxfB5Y9/
qADXtCfkwLVMackGfcpF9flGnkj3VAFOlrKYWTqEg1lZA4LUrVfg/QpB4/9Bn9Uw
RDs4DvRA9L9o7Uir6bm1KcKBvkhuuy/sSk4nCbAorz70A6gQZXyEfenhBbyNNmYQ
jvxBjGFG+LqGTot11T6QPSF2Svx/vQTUs1CUmrdmB0LiUub+AJw2e8oprhAVymp4
FiLg7ZIUaEnNfayCIllsAZHHcNwwxwjku7nbR7HTNHm8rfcU6B3AYRCXP9OohmDQ
Q1CcS13whSLB2z0Oj9+CTjy9un6GjHpk7JrmgcowdG4rU/KiZTz2ZmHz4OJqv0d7
zknE49hKU3o=
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [max-age=119186, public, no-transform, must-revalidate]
Content-Length: [1846]
Content-Transfer-Encoding: [Binary]
Content-Type: [application/ocsp-response]
Date: [Tue, 27 Jun 2017 00:07:34 GMT]
Etag: ["2cc9cfee1aa237fa4b1a51c566afe7108b0fc163"]
Expires: [Wed, 28 Jun 2017 10:58:33 GMT]
Last-Modified: [Mon, 26 Jun 2017 22:58:33 GMT]
P3p: [CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"]
Server: [Apache]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • OCSP response is valid for at least 8 hours (Microsoft)
  • OCSP response is available at least 8 hours before the current period expires or at ½ the validity if valid for more than 16 hours (Microsoft)
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

Starfield Secure Certificate Authority - G2 (CA Certificate)

Certificate details for Starfield Secure Certificate Authority - G2 (At position 1 in certificate chain)
Serial number:
hex: 7
int: 7
Issued by: Starfield Root Certificate Authority - G2
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: Starfield Technologies, Inc.
Organization unit: http://certs.starfieldtech.com/repository/
State / Province: Arizona
Locality: Scottsdale
Country: US
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

Certificate Revocation List (CRL)

This CRL was cached at
http://crl.starfieldtech.com/sfroot-g2.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://crl.starfieldtech.com/sfroot-g2.crl
Size: 474 bytes (DER data)
Response time: 354.663572ms
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 0

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: Apache

Raw CRL response headers

Accept-Ranges: [bytes]
Cache-Control: [max-age=259200]
Content-Length: [474]
Content-Type: [application/pkix-crl]
Date: [Tue, 27 Jun 2017 00:06:29 GMT]
Etag: ["1da-54ebba2754ac0"]
Expires: [Fri, 30 Jun 2017 00:06:29 GMT]
Last-Modified: [Fri, 05 May 2017 00:04:35 GMT]
P3p: [CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"]
Server: [Apache]
  • Content-Type in response is set to 'application/pkix-crl (RFC 5280, section 4.2.1.13)'
  • This CRL file is DER encoded
  • Issuer field is byte-for-byte equivalent with issuers subject
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is not the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is not the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://ocsp.starfieldtech.com/ (GET)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp.starfieldtech.com/ (GET)
Size: 1781 bytes (DER data)
Response time: 489.446613ms
Signature algorithm: SHA1WithRSA
Signature type: CA Delegated
Signed by: Starfield Root Validation Authority - G2
Issued by: Starfield Root Certificate Authority - G2
Signing certificate validity: 2016-12-13 - 2017-12-13
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 33h49m11s

Server and network information

Server Software: Apache

URL used for GET request

http://ocsp.starfieldtech.com/MEIwQDA%2BMDwwOjAJBgUrDgMCGgUABBQUwPiEZQ6%2FsVZNPaFToNfxx8ZwqAQUfAwyH6fZMH%2FEfWijYqihzqsHWycCAQc%3D

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MEIwQDA+MDwwOjAJBgUrDgMCGgUABBQUwPiEZQ6/sVZNPaFToNfxx8ZwqAQUfAwy
H6fZMH/EfWijYqihzqsHWycCAQc=
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIG8QoBAKCCBuowggbmBgkrBgEFBQcwAQEEggbXMIIG0zCCAQuhgZEwgY4xCzAJ
BgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxl
MSUwIwYDVQQKExxTdGFyZmllbGQgVGVjaG5vbG9naWVzLCBJbmMuMTEwLwYDVQQD
EyhTdGFyZmllbGQgUm9vdCBWYWxpZGF0aW9uIEF1dGhvcml0eSAtIEcyGA8yMDE3
MDYyNjA5MTIwOVowZDBiMDowCQYFKw4DAhoFAAQUFMD4hGUOv7FWTT2hU6DX8cfG
cKgEFHwMMh+n2TB/xH1oo2Kooc6rB1snAgEHgAAYDzIwMTcwNjI2MDkxMjA5WqAR
GA8yMDE3MDYyNzIxMTIwOVowDQYJKoZIhvcNAQEFBQADggEBAFzrrmsl5xIBjF4o
OrNu4UQdu2zCkGUnnf0F9Q5Z/3PWKq0uee3RgZIgMF3JdxgFU5PfC4tIH7WhvoV3
iQWGJSbG38Har/Dlj2ypSa7l/Ii5Q59PDXIcys3ZxPD1+TLCRmydCk/bPGv/XejZ
lGaVbcG0YYEZxSJ5ZLLjVUA0YQdZWDtWo511Bb1XesLhKfteWdlRJmInCxuTSauM
krzERJi7GgGIyku2Mrfc32GnUBrIVxA7fPdEXh1Pl73ktdBbExwdOMOFktGhXqyJ
bZbH1PCPveL7X8TD26yn1tIIFNgQxz5lhYBD6AboEB1M98D3kKyEMSH/867y2TuI
isGzM02gggSsMIIEqDCCBKQwggOMoAMCAQICCQDNKqFyTzXZZjANBgkqhkiG9w0B
AQsFADCBjzELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcT
ClNjb3R0c2RhbGUxJTAjBgNVBAoTHFN0YXJmaWVsZCBUZWNobm9sb2dpZXMsIElu
Yy4xMjAwBgNVBAMTKVN0YXJmaWVsZCBSb290IENlcnRpZmljYXRlIEF1dGhvcml0
eSAtIEcyMB4XDTE2MTIxMzA3MDAwMFoXDTE3MTIxMzA3MDAwMFowgY4xCzAJBgNV
BAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUw
IwYDVQQKExxTdGFyZmllbGQgVGVjaG5vbG9naWVzLCBJbmMuMTEwLwYDVQQDEyhT
dGFyZmllbGQgUm9vdCBWYWxpZGF0aW9uIEF1dGhvcml0eSAtIEcyMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwxK37MN9B3/4QMRIgfjEg4vMmQKA4WrJ
YpgyxWO9gfu8J2VTQQAa7YCXNiIiMptoZgttAW05/6iFqIuXp7BfTgUiZ1bpz3vl
SiJ75ecwZg5XJKdYche/+rp8VftGDCHnS84wIO4ocIKnHcythTmDSQ/cn4+y/2MT
Y1zSOQ54dBp2ulVOjwcYJajPtcIsUh8J2ONaSgMu7gHT/3J6E1oL5nCs7L1ydQQ2
GcT/7RYwihR04uQP8SrbgBNUFVcF7tDejj/uHNhY+gAGKCsekHqrW7UgukH5l7Yr
et1bPi33eT7KoLJudlUUq4lnLndVLg8OzN+JEd8gRmjZNkYGAhV9fwIDAQABo4IB
ADCB/TAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIGwDATBgNVHSUEDDAKBggr
BgEFBQcDCTAdBgNVHQ4EFgQUxYZKIX7Z8rV9oQGsrF5d/hWC978wDwYJKwYBBQUH
MAEFBAIFADBGBgNVHR8EPzA9MDugOaA3hjVodHRwOi8vY3JsLnN0YXJmaWVsZHRl
Y2guY29tL3JlcG9zaXRvcnkvc2Zyb290LWcyLmNybDBQBgNVHSAESTBHMEUGC2CG
SAGG/W4BBxcBMDYwNAYIKwYBBQUHAgEWKGh0dHA6Ly9jcmwuc3RhcmZpZWxkdGVj
aC5jb20vcmVwb3NpdG9yeS8wDQYJKoZIhvcNAQELBQADggEBALblQ8FGXaDBWFyl
4JaQaA3Zuwg2EGSEmPwOaTURv5j22huSEy6Zrl+PlGP8veb3L+VNzdGWu45VMaHu
6l5SmVq5Bfg3l3aOT4hs7v7NynsXcA240RrSxABRMK5JW10sEqrN/vEZ5oAlolv8
QBXIs6WOc03M0GqyYmX4BzB3Tr43jrWjBMWZaTPDLlR6UvTdknymljXvyzxr80GE
LavCUKETbtxH8cgn6ZNuXqVFxdllg2e4P0HhcHOGFIM7+wRIkk7eJZNspWiJK7Ff
vc9kvUvDrl2quYmnZC7gSvQOpdxsVJxXNP4JNjjKQ7S+KXs/8vVdez13HpUcdz4x
sE7zHaE=
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIEpDCCA4ygAwIBAgIJAM0qoXJPNdlmMA0GCSqGSIb3DQEBCwUAMIGPMQswCQYD
VQQGEwJVUzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEl
MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UEAxMp
U3RhcmZpZWxkIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwHhcNMTYx
MjEzMDcwMDAwWhcNMTcxMjEzMDcwMDAwWjCBjjELMAkGA1UEBhMCVVMxEDAOBgNV
BAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoTHFN0YXJm
aWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMTAvBgNVBAMTKFN0YXJmaWVsZCBSb290
IFZhbGlkYXRpb24gQXV0aG9yaXR5IC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDDErfsw30Hf/hAxEiB+MSDi8yZAoDhaslimDLFY72B+7wnZVNB
ABrtgJc2IiIym2hmC20BbTn/qIWoi5ensF9OBSJnVunPe+VKInvl5zBmDlckp1hy
F7/6unxV+0YMIedLzjAg7ihwgqcdzK2FOYNJD9yfj7L/YxNjXNI5Dnh0Gna6VU6P
BxglqM+1wixSHwnY41pKAy7uAdP/cnoTWgvmcKzsvXJ1BDYZxP/tFjCKFHTi5A/x
KtuAE1QVVwXu0N6OP+4c2Fj6AAYoKx6QeqtbtSC6QfmXtit63Vs+Lfd5Psqgsm52
VRSriWcud1UuDw7M34kR3yBGaNk2RgYCFX1/AgMBAAGjggEAMIH9MAwGA1UdEwEB
/wQCMAAwDgYDVR0PAQH/BAQDAgbAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMB0GA1Ud
DgQWBBTFhkohftnytX2hAaysXl3+FYL3vzAPBgkrBgEFBQcwAQUEAgUAMEYGA1Ud
HwQ/MD0wO6A5oDeGNWh0dHA6Ly9jcmwuc3RhcmZpZWxkdGVjaC5jb20vcmVwb3Np
dG9yeS9zZnJvb3QtZzIuY3JsMFAGA1UdIARJMEcwRQYLYIZIAYb9bgEHFwEwNjA0
BggrBgEFBQcCARYoaHR0cDovL2NybC5zdGFyZmllbGR0ZWNoLmNvbS9yZXBvc2l0
b3J5LzANBgkqhkiG9w0BAQsFAAOCAQEAtuVDwUZdoMFYXKXglpBoDdm7CDYQZISY
/A5pNRG/mPbaG5ITLpmuX4+UY/y95vcv5U3N0Za7jlUxoe7qXlKZWrkF+DeXdo5P
iGzu/s3KexdwDbjRGtLEAFEwrklbXSwSqs3+8RnmgCWiW/xAFcizpY5zTczQarJi
ZfgHMHdOvjeOtaMExZlpM8MuVHpS9N2SfKaWNe/LPGvzQYQtq8JQoRNu3EfxyCfp
k25epUXF2WWDZ7g/QeFwc4YUgzv7BEiSTt4lk2ylaIkrsV+9z2S9S8OuXaq5iadk
LuBK9A6l3GxUnFc0/gk2OMpDtL4pez/y9V17PXcelRx3PjGwTvMdoQ==
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [max-age=121751, public, no-transform, must-revalidate]
Content-Length: [1781]
Content-Transfer-Encoding: [Binary]
Content-Type: [application/ocsp-response]
Date: [Mon, 26 Jun 2017 09:36:10 GMT]
Etag: ["bc012ef05d7f985e7d403a3ced0d48a212897016"]
Expires: [Tue, 27 Jun 2017 21:12:09 GMT]
Last-Modified: [Mon, 26 Jun 2017 09:12:09 GMT]
P3p: [CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"]
Server: [Apache]
  • OCSP requests is smaller than 255 bytes
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)
This OCSP response was cached at
http://ocsp.starfieldtech.com/ (POST)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp.starfieldtech.com/ (POST)
Size: 1781 bytes (DER data)
Response time: 462.157543ms
Signature algorithm: SHA1WithRSA
Signature type: CA Delegated
Signed by: Starfield Root Validation Authority - G2
Issued by: Starfield Root Certificate Authority - G2
Signing certificate validity: 2016-12-13 - 2017-12-13
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 33h49m11s

Server and network information

Server Software: Apache

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MEIwQDA+MDwwOjAJBgUrDgMCGgUABBQUwPiEZQ6/sVZNPaFToNfxx8ZwqAQUfAwy
H6fZMH/EfWijYqihzqsHWycCAQc=
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIG8QoBAKCCBuowggbmBgkrBgEFBQcwAQEEggbXMIIG0zCCAQuhgZEwgY4xCzAJ
BgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxl
MSUwIwYDVQQKExxTdGFyZmllbGQgVGVjaG5vbG9naWVzLCBJbmMuMTEwLwYDVQQD
EyhTdGFyZmllbGQgUm9vdCBWYWxpZGF0aW9uIEF1dGhvcml0eSAtIEcyGA8yMDE3
MDYyNjA5MTIwOVowZDBiMDowCQYFKw4DAhoFAAQUFMD4hGUOv7FWTT2hU6DX8cfG
cKgEFHwMMh+n2TB/xH1oo2Kooc6rB1snAgEHgAAYDzIwMTcwNjI2MDkxMjA5WqAR
GA8yMDE3MDYyNzIxMTIwOVowDQYJKoZIhvcNAQEFBQADggEBAFzrrmsl5xIBjF4o
OrNu4UQdu2zCkGUnnf0F9Q5Z/3PWKq0uee3RgZIgMF3JdxgFU5PfC4tIH7WhvoV3
iQWGJSbG38Har/Dlj2ypSa7l/Ii5Q59PDXIcys3ZxPD1+TLCRmydCk/bPGv/XejZ
lGaVbcG0YYEZxSJ5ZLLjVUA0YQdZWDtWo511Bb1XesLhKfteWdlRJmInCxuTSauM
krzERJi7GgGIyku2Mrfc32GnUBrIVxA7fPdEXh1Pl73ktdBbExwdOMOFktGhXqyJ
bZbH1PCPveL7X8TD26yn1tIIFNgQxz5lhYBD6AboEB1M98D3kKyEMSH/867y2TuI
isGzM02gggSsMIIEqDCCBKQwggOMoAMCAQICCQDNKqFyTzXZZjANBgkqhkiG9w0B
AQsFADCBjzELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcT
ClNjb3R0c2RhbGUxJTAjBgNVBAoTHFN0YXJmaWVsZCBUZWNobm9sb2dpZXMsIElu
Yy4xMjAwBgNVBAMTKVN0YXJmaWVsZCBSb290IENlcnRpZmljYXRlIEF1dGhvcml0
eSAtIEcyMB4XDTE2MTIxMzA3MDAwMFoXDTE3MTIxMzA3MDAwMFowgY4xCzAJBgNV
BAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUw
IwYDVQQKExxTdGFyZmllbGQgVGVjaG5vbG9naWVzLCBJbmMuMTEwLwYDVQQDEyhT
dGFyZmllbGQgUm9vdCBWYWxpZGF0aW9uIEF1dGhvcml0eSAtIEcyMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwxK37MN9B3/4QMRIgfjEg4vMmQKA4WrJ
YpgyxWO9gfu8J2VTQQAa7YCXNiIiMptoZgttAW05/6iFqIuXp7BfTgUiZ1bpz3vl
SiJ75ecwZg5XJKdYche/+rp8VftGDCHnS84wIO4ocIKnHcythTmDSQ/cn4+y/2MT
Y1zSOQ54dBp2ulVOjwcYJajPtcIsUh8J2ONaSgMu7gHT/3J6E1oL5nCs7L1ydQQ2
GcT/7RYwihR04uQP8SrbgBNUFVcF7tDejj/uHNhY+gAGKCsekHqrW7UgukH5l7Yr
et1bPi33eT7KoLJudlUUq4lnLndVLg8OzN+JEd8gRmjZNkYGAhV9fwIDAQABo4IB
ADCB/TAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIGwDATBgNVHSUEDDAKBggr
BgEFBQcDCTAdBgNVHQ4EFgQUxYZKIX7Z8rV9oQGsrF5d/hWC978wDwYJKwYBBQUH
MAEFBAIFADBGBgNVHR8EPzA9MDugOaA3hjVodHRwOi8vY3JsLnN0YXJmaWVsZHRl
Y2guY29tL3JlcG9zaXRvcnkvc2Zyb290LWcyLmNybDBQBgNVHSAESTBHMEUGC2CG
SAGG/W4BBxcBMDYwNAYIKwYBBQUHAgEWKGh0dHA6Ly9jcmwuc3RhcmZpZWxkdGVj
aC5jb20vcmVwb3NpdG9yeS8wDQYJKoZIhvcNAQELBQADggEBALblQ8FGXaDBWFyl
4JaQaA3Zuwg2EGSEmPwOaTURv5j22huSEy6Zrl+PlGP8veb3L+VNzdGWu45VMaHu
6l5SmVq5Bfg3l3aOT4hs7v7NynsXcA240RrSxABRMK5JW10sEqrN/vEZ5oAlolv8
QBXIs6WOc03M0GqyYmX4BzB3Tr43jrWjBMWZaTPDLlR6UvTdknymljXvyzxr80GE
LavCUKETbtxH8cgn6ZNuXqVFxdllg2e4P0HhcHOGFIM7+wRIkk7eJZNspWiJK7Ff
vc9kvUvDrl2quYmnZC7gSvQOpdxsVJxXNP4JNjjKQ7S+KXs/8vVdez13HpUcdz4x
sE7zHaE=
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIEpDCCA4ygAwIBAgIJAM0qoXJPNdlmMA0GCSqGSIb3DQEBCwUAMIGPMQswCQYD
VQQGEwJVUzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEl
MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UEAxMp
U3RhcmZpZWxkIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwHhcNMTYx
MjEzMDcwMDAwWhcNMTcxMjEzMDcwMDAwWjCBjjELMAkGA1UEBhMCVVMxEDAOBgNV
BAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoTHFN0YXJm
aWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMTAvBgNVBAMTKFN0YXJmaWVsZCBSb290
IFZhbGlkYXRpb24gQXV0aG9yaXR5IC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDDErfsw30Hf/hAxEiB+MSDi8yZAoDhaslimDLFY72B+7wnZVNB
ABrtgJc2IiIym2hmC20BbTn/qIWoi5ensF9OBSJnVunPe+VKInvl5zBmDlckp1hy
F7/6unxV+0YMIedLzjAg7ihwgqcdzK2FOYNJD9yfj7L/YxNjXNI5Dnh0Gna6VU6P
BxglqM+1wixSHwnY41pKAy7uAdP/cnoTWgvmcKzsvXJ1BDYZxP/tFjCKFHTi5A/x
KtuAE1QVVwXu0N6OP+4c2Fj6AAYoKx6QeqtbtSC6QfmXtit63Vs+Lfd5Psqgsm52
VRSriWcud1UuDw7M34kR3yBGaNk2RgYCFX1/AgMBAAGjggEAMIH9MAwGA1UdEwEB
/wQCMAAwDgYDVR0PAQH/BAQDAgbAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMB0GA1Ud
DgQWBBTFhkohftnytX2hAaysXl3+FYL3vzAPBgkrBgEFBQcwAQUEAgUAMEYGA1Ud
HwQ/MD0wO6A5oDeGNWh0dHA6Ly9jcmwuc3RhcmZpZWxkdGVjaC5jb20vcmVwb3Np
dG9yeS9zZnJvb3QtZzIuY3JsMFAGA1UdIARJMEcwRQYLYIZIAYb9bgEHFwEwNjA0
BggrBgEFBQcCARYoaHR0cDovL2NybC5zdGFyZmllbGR0ZWNoLmNvbS9yZXBvc2l0
b3J5LzANBgkqhkiG9w0BAQsFAAOCAQEAtuVDwUZdoMFYXKXglpBoDdm7CDYQZISY
/A5pNRG/mPbaG5ITLpmuX4+UY/y95vcv5U3N0Za7jlUxoe7qXlKZWrkF+DeXdo5P
iGzu/s3KexdwDbjRGtLEAFEwrklbXSwSqs3+8RnmgCWiW/xAFcizpY5zTczQarJi
ZfgHMHdOvjeOtaMExZlpM8MuVHpS9N2SfKaWNe/LPGvzQYQtq8JQoRNu3EfxyCfp
k25epUXF2WWDZ7g/QeFwc4YUgzv7BEiSTt4lk2ylaIkrsV+9z2S9S8OuXaq5iadk
LuBK9A6l3GxUnFc0/gk2OMpDtL4pez/y9V17PXcelRx3PjGwTvMdoQ==
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [max-age=121751, public, no-transform, must-revalidate]
Content-Length: [1781]
Content-Transfer-Encoding: [Binary]
Content-Type: [application/ocsp-response]
Date: [Mon, 26 Jun 2017 09:36:10 GMT]
Etag: ["bc012ef05d7f985e7d403a3ced0d48a212897016"]
Expires: [Tue, 27 Jun 2017 21:12:09 GMT]
Last-Modified: [Mon, 26 Jun 2017 09:12:09 GMT]
P3p: [CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"]
Server: [Apache]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

Starfield Root Certificate Authority - G2 (CA Certificate)

Certificate details for Starfield Root Certificate Authority - G2 (At position 2 in certificate chain)
Serial number:
hex: 391484
int: 3740804
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: Starfield Technologies, Inc.
State / Province: Arizona
Locality: Scottsdale
Country: US
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

Certificate Revocation List (CRL)

This CRL was cached at
http://crl.starfieldtech.com/sfroot.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://crl.starfieldtech.com/sfroot.crl
Size: 434 bytes (DER data)
Response time: 312.152999ms
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 0

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: Apache

Raw CRL response headers

Accept-Ranges: [bytes]
Cache-Control: [max-age=259200]
Content-Length: [434]
Content-Type: [application/pkix-crl]
Date: [Fri, 09 Jun 2017 19:55:57 GMT]
Etag: ["1b2-54ebba2754ac0"]
Expires: [Mon, 12 Jun 2017 19:55:57 GMT]
Last-Modified: [Fri, 05 May 2017 00:04:35 GMT]
P3p: [CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"]
Server: [Apache]
  • Content-Type in response is set to 'application/pkix-crl (RFC 5280, section 4.2.1.13)'
  • This CRL file is DER encoded
  • Issuer field is byte-for-byte equivalent with issuers subject
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is not the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is not the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://ocsp.starfieldtech.com/ (GET)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp.starfieldtech.com/ (GET)
Size: 1738 bytes (DER data)
Response time: 383.322236ms
Signature algorithm: SHA1WithRSA
Signature type: CA Delegated
Signed by: Starfield Root Validation Authority - G1
Signing certificate validity: 2016-12-14 - 2021-12-14
Signing certificate algorithm: SHA1-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 33h21m53s

Server and network information

Server Software: Apache

URL used for GET request

http://ocsp.starfieldtech.com/MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCAzkUhA%3D%3D

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1+3
0c7dH4b0W1Ws3NcQwg6piOcCAzkUhA==
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIGxgoBAKCCBr8wgga7BgkrBgEFBQcwAQEEggasMIIGqDCCAQ2hgZEwgY4xCzAJ
BgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxl
MSUwIwYDVQQKExxTdGFyZmllbGQgVGVjaG5vbG9naWVzLCBJbmMuMTEwLwYDVQQD
EyhTdGFyZmllbGQgUm9vdCBWYWxpZGF0aW9uIEF1dGhvcml0eSAtIEcxGA8yMDE3
MDYyNjExNTE1M1owZjBkMDwwCQYFKw4DAhoFAAQUi8GehFuYHWHPVGkhGmi44xEz
bZAEFL9ft9HO3R+G9FtVrNzXEMIOqYjnAgM5FISAABgPMjAxNzA2MjYxMTUxNTNa
oBEYDzIwMTcwNjI3MjM1MTUzWjANBgkqhkiG9w0BAQUFAAOCAQEAGKudW75UO+oM
8U8rPaEdXj4SBL3Gu8bu27Z/FRafH883S/9vJHCnfR9gw/3YDOBkBTXUUu0BGhYk
O4XbZG86FmiOrOsDKCKLBjeD+rxZp7aiFvSSDkpChqeK3VRm3RdtfelfgYtnTl71
T8V1ZNeeAAbJU1czJnTJrghdedRA9N62nJ4bOf/VpRO4oK0xNjAKBMZUA7D25FpE
FQgFXKtk84K1l7FmLCOjdeDiqu0qs9u9RQ5oVrGnKNNqYVWPy7jWYSGk79Mlm3AI
aS9fL1TEyEnfqF71yN/dlDZog3hasRUa04JSbJvWKovgm61lwQXD1xbfaFrI+LN8
8wZHmaHYuaCCBH8wggR7MIIEdzCCA1+gAwIBAgIIKJEc/k3c4EIwDQYJKoZIhvcN
AQEFBQAwaDELMAkGA1UEBhMCVVMxJTAjBgNVBAoTHFN0YXJmaWVsZCBUZWNobm9s
b2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBDbGFzcyAyIENlcnRpZmlj
YXRpb24gQXV0aG9yaXR5MB4XDTE2MTIxNDA3MDAwMFoXDTIxMTIxNDA3MDAwMFow
gY4xCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290
dHNkYWxlMSUwIwYDVQQKExxTdGFyZmllbGQgVGVjaG5vbG9naWVzLCBJbmMuMTEw
LwYDVQQDEyhTdGFyZmllbGQgUm9vdCBWYWxpZGF0aW9uIEF1dGhvcml0eSAtIEcx
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwxK37MN9B3/4QMRIgfjE
g4vMmQKA4WrJYpgyxWO9gfu8J2VTQQAa7YCXNiIiMptoZgttAW05/6iFqIuXp7Bf
TgUiZ1bpz3vlSiJ75ecwZg5XJKdYche/+rp8VftGDCHnS84wIO4ocIKnHcythTmD
SQ/cn4+y/2MTY1zSOQ54dBp2ulVOjwcYJajPtcIsUh8J2ONaSgMu7gHT/3J6E1oL
5nCs7L1ydQQ2GcT/7RYwihR04uQP8SrbgBNUFVcF7tDejj/uHNhY+gAGKCsekHqr
W7UgukH5l7Yret1bPi33eT7KoLJudlUUq4lnLndVLg8OzN+JEd8gRmjZNkYGAhV9
fwIDAQABo4H9MIH6MAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgbAMBMGA1Ud
JQQMMAoGCCsGAQUFBwMJMB0GA1UdDgQWBBTFhkohftnytX2hAaysXl3+FYL3vzAP
BgkrBgEFBQcwAQUEAgUAMEMGA1UdHwQ8MDowOKA2oDSGMmh0dHA6Ly9jcmwuc3Rh
cmZpZWxkdGVjaC5jb20vcmVwb3NpdG9yeS9zZnJvb3QuY3JsMFAGA1UdIARJMEcw
RQYLYIZIAYb9bgEHFwEwNjA0BggrBgEFBQcCARYoaHR0cDovL2NybC5zdGFyZmll
bGR0ZWNoLmNvbS9yZXBvc2l0b3J5LzANBgkqhkiG9w0BAQUFAAOCAQEALsScs6RI
Dh+p1ivrw35D/iaH85xO2RJ5obB+HGp95ie+hU1li9/6kz/1CDpbH9fp5hgeq7t5
8Ku+Vq/e2aIq8xkkMgC0tM6KGU/+3yqKymzhX+p7MP18c/uK+6VOlBhfx5ysxLy0
6K3Sj9rkOIVJ6JTxQwtL4vj12i7KPreFr/g7c6moT7p+8TsgN03tFnEPj6O8+5Z1
4CtzQJ9w3xQPbjAVJsa5NNMGoKFl6RdD0wQI6603I6iepv8bNSFOrads7n8Cs/Ej
EaBc/fVlyKX8nyY1JmAIdVNyQGpxJLf/BC2vrfZUexy66/vSBXQXhuLdxC5i/tyH
cm2I3Sq8G5QWoQ==
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIEdzCCA1+gAwIBAgIIKJEc/k3c4EIwDQYJKoZIhvcNAQEFBQAwaDELMAkGA1UE
BhMCVVMxJTAjBgNVBAoTHFN0YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAw
BgNVBAsTKVN0YXJmaWVsZCBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5
MB4XDTE2MTIxNDA3MDAwMFoXDTIxMTIxNDA3MDAwMFowgY4xCzAJBgNVBAYTAlVT
MRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQK
ExxTdGFyZmllbGQgVGVjaG5vbG9naWVzLCBJbmMuMTEwLwYDVQQDEyhTdGFyZmll
bGQgUm9vdCBWYWxpZGF0aW9uIEF1dGhvcml0eSAtIEcxMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEAwxK37MN9B3/4QMRIgfjEg4vMmQKA4WrJYpgyxWO9
gfu8J2VTQQAa7YCXNiIiMptoZgttAW05/6iFqIuXp7BfTgUiZ1bpz3vlSiJ75ecw
Zg5XJKdYche/+rp8VftGDCHnS84wIO4ocIKnHcythTmDSQ/cn4+y/2MTY1zSOQ54
dBp2ulVOjwcYJajPtcIsUh8J2ONaSgMu7gHT/3J6E1oL5nCs7L1ydQQ2GcT/7RYw
ihR04uQP8SrbgBNUFVcF7tDejj/uHNhY+gAGKCsekHqrW7UgukH5l7Yret1bPi33
eT7KoLJudlUUq4lnLndVLg8OzN+JEd8gRmjZNkYGAhV9fwIDAQABo4H9MIH6MAwG
A1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgbAMBMGA1UdJQQMMAoGCCsGAQUFBwMJ
MB0GA1UdDgQWBBTFhkohftnytX2hAaysXl3+FYL3vzAPBgkrBgEFBQcwAQUEAgUA
MEMGA1UdHwQ8MDowOKA2oDSGMmh0dHA6Ly9jcmwuc3RhcmZpZWxkdGVjaC5jb20v
cmVwb3NpdG9yeS9zZnJvb3QuY3JsMFAGA1UdIARJMEcwRQYLYIZIAYb9bgEHFwEw
NjA0BggrBgEFBQcCARYoaHR0cDovL2NybC5zdGFyZmllbGR0ZWNoLmNvbS9yZXBv
c2l0b3J5LzANBgkqhkiG9w0BAQUFAAOCAQEALsScs6RIDh+p1ivrw35D/iaH85xO
2RJ5obB+HGp95ie+hU1li9/6kz/1CDpbH9fp5hgeq7t58Ku+Vq/e2aIq8xkkMgC0
tM6KGU/+3yqKymzhX+p7MP18c/uK+6VOlBhfx5ysxLy06K3Sj9rkOIVJ6JTxQwtL
4vj12i7KPreFr/g7c6moT7p+8TsgN03tFnEPj6O8+5Z14CtzQJ9w3xQPbjAVJsa5
NNMGoKFl6RdD0wQI6603I6iepv8bNSFOrads7n8Cs/EjEaBc/fVlyKX8nyY1JmAI
dVNyQGpxJLf/BC2vrfZUexy66/vSBXQXhuLdxC5i/tyHcm2I3Sq8G5QWoQ==
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [max-age=120113, public, no-transform, must-revalidate]
Content-Length: [1738]
Content-Transfer-Encoding: [Binary]
Content-Type: [application/ocsp-response]
Date: [Mon, 26 Jun 2017 12:44:38 GMT]
Etag: ["18b95e8a48e45591555906edb3a7cd92e626cbb2"]
Expires: [Tue, 27 Jun 2017 23:51:53 GMT]
Last-Modified: [Mon, 26 Jun 2017 11:51:53 GMT]
P3p: [CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"]
Server: [Apache]
  • OCSP requests is smaller than 255 bytes
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)
This OCSP response was cached at
http://ocsp.starfieldtech.com/ (POST)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp.starfieldtech.com/ (POST)
Size: 1738 bytes (DER data)
Response time: 388.607453ms
Signature algorithm: SHA1WithRSA
Signature type: CA Delegated
Signed by: Starfield Root Validation Authority - G1
Signing certificate validity: 2016-12-14 - 2021-12-14
Signing certificate algorithm: SHA1-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 33h23m52s

Server and network information

Server Software: Apache

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1+3
0c7dH4b0W1Ws3NcQwg6piOcCAzkUhA==
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIGxgoBAKCCBr8wgga7BgkrBgEFBQcwAQEEggasMIIGqDCCAQ2hgZEwgY4xCzAJ
BgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxl
MSUwIwYDVQQKExxTdGFyZmllbGQgVGVjaG5vbG9naWVzLCBJbmMuMTEwLwYDVQQD
EyhTdGFyZmllbGQgUm9vdCBWYWxpZGF0aW9uIEF1dGhvcml0eSAtIEcxGA8yMDE3
MDYyNjExNTE1M1owZjBkMDwwCQYFKw4DAhoFAAQUi8GehFuYHWHPVGkhGmi44xEz
bZAEFL9ft9HO3R+G9FtVrNzXEMIOqYjnAgM5FISAABgPMjAxNzA2MjYxMTUxNTNa
oBEYDzIwMTcwNjI3MjM1MTUzWjANBgkqhkiG9w0BAQUFAAOCAQEAGKudW75UO+oM
8U8rPaEdXj4SBL3Gu8bu27Z/FRafH883S/9vJHCnfR9gw/3YDOBkBTXUUu0BGhYk
O4XbZG86FmiOrOsDKCKLBjeD+rxZp7aiFvSSDkpChqeK3VRm3RdtfelfgYtnTl71
T8V1ZNeeAAbJU1czJnTJrghdedRA9N62nJ4bOf/VpRO4oK0xNjAKBMZUA7D25FpE
FQgFXKtk84K1l7FmLCOjdeDiqu0qs9u9RQ5oVrGnKNNqYVWPy7jWYSGk79Mlm3AI
aS9fL1TEyEnfqF71yN/dlDZog3hasRUa04JSbJvWKovgm61lwQXD1xbfaFrI+LN8
8wZHmaHYuaCCBH8wggR7MIIEdzCCA1+gAwIBAgIIKJEc/k3c4EIwDQYJKoZIhvcN
AQEFBQAwaDELMAkGA1UEBhMCVVMxJTAjBgNVBAoTHFN0YXJmaWVsZCBUZWNobm9s
b2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBDbGFzcyAyIENlcnRpZmlj
YXRpb24gQXV0aG9yaXR5MB4XDTE2MTIxNDA3MDAwMFoXDTIxMTIxNDA3MDAwMFow
gY4xCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290
dHNkYWxlMSUwIwYDVQQKExxTdGFyZmllbGQgVGVjaG5vbG9naWVzLCBJbmMuMTEw
LwYDVQQDEyhTdGFyZmllbGQgUm9vdCBWYWxpZGF0aW9uIEF1dGhvcml0eSAtIEcx
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwxK37MN9B3/4QMRIgfjE
g4vMmQKA4WrJYpgyxWO9gfu8J2VTQQAa7YCXNiIiMptoZgttAW05/6iFqIuXp7Bf
TgUiZ1bpz3vlSiJ75ecwZg5XJKdYche/+rp8VftGDCHnS84wIO4ocIKnHcythTmD
SQ/cn4+y/2MTY1zSOQ54dBp2ulVOjwcYJajPtcIsUh8J2ONaSgMu7gHT/3J6E1oL
5nCs7L1ydQQ2GcT/7RYwihR04uQP8SrbgBNUFVcF7tDejj/uHNhY+gAGKCsekHqr
W7UgukH5l7Yret1bPi33eT7KoLJudlUUq4lnLndVLg8OzN+JEd8gRmjZNkYGAhV9
fwIDAQABo4H9MIH6MAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgbAMBMGA1Ud
JQQMMAoGCCsGAQUFBwMJMB0GA1UdDgQWBBTFhkohftnytX2hAaysXl3+FYL3vzAP
BgkrBgEFBQcwAQUEAgUAMEMGA1UdHwQ8MDowOKA2oDSGMmh0dHA6Ly9jcmwuc3Rh
cmZpZWxkdGVjaC5jb20vcmVwb3NpdG9yeS9zZnJvb3QuY3JsMFAGA1UdIARJMEcw
RQYLYIZIAYb9bgEHFwEwNjA0BggrBgEFBQcCARYoaHR0cDovL2NybC5zdGFyZmll
bGR0ZWNoLmNvbS9yZXBvc2l0b3J5LzANBgkqhkiG9w0BAQUFAAOCAQEALsScs6RI
Dh+p1ivrw35D/iaH85xO2RJ5obB+HGp95ie+hU1li9/6kz/1CDpbH9fp5hgeq7t5
8Ku+Vq/e2aIq8xkkMgC0tM6KGU/+3yqKymzhX+p7MP18c/uK+6VOlBhfx5ysxLy0
6K3Sj9rkOIVJ6JTxQwtL4vj12i7KPreFr/g7c6moT7p+8TsgN03tFnEPj6O8+5Z1
4CtzQJ9w3xQPbjAVJsa5NNMGoKFl6RdD0wQI6603I6iepv8bNSFOrads7n8Cs/Ej
EaBc/fVlyKX8nyY1JmAIdVNyQGpxJLf/BC2vrfZUexy66/vSBXQXhuLdxC5i/tyH
cm2I3Sq8G5QWoQ==
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIEdzCCA1+gAwIBAgIIKJEc/k3c4EIwDQYJKoZIhvcNAQEFBQAwaDELMAkGA1UE
BhMCVVMxJTAjBgNVBAoTHFN0YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAw
BgNVBAsTKVN0YXJmaWVsZCBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5
MB4XDTE2MTIxNDA3MDAwMFoXDTIxMTIxNDA3MDAwMFowgY4xCzAJBgNVBAYTAlVT
MRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQK
ExxTdGFyZmllbGQgVGVjaG5vbG9naWVzLCBJbmMuMTEwLwYDVQQDEyhTdGFyZmll
bGQgUm9vdCBWYWxpZGF0aW9uIEF1dGhvcml0eSAtIEcxMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEAwxK37MN9B3/4QMRIgfjEg4vMmQKA4WrJYpgyxWO9
gfu8J2VTQQAa7YCXNiIiMptoZgttAW05/6iFqIuXp7BfTgUiZ1bpz3vlSiJ75ecw
Zg5XJKdYche/+rp8VftGDCHnS84wIO4ocIKnHcythTmDSQ/cn4+y/2MTY1zSOQ54
dBp2ulVOjwcYJajPtcIsUh8J2ONaSgMu7gHT/3J6E1oL5nCs7L1ydQQ2GcT/7RYw
ihR04uQP8SrbgBNUFVcF7tDejj/uHNhY+gAGKCsekHqrW7UgukH5l7Yret1bPi33
eT7KoLJudlUUq4lnLndVLg8OzN+JEd8gRmjZNkYGAhV9fwIDAQABo4H9MIH6MAwG
A1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgbAMBMGA1UdJQQMMAoGCCsGAQUFBwMJ
MB0GA1UdDgQWBBTFhkohftnytX2hAaysXl3+FYL3vzAPBgkrBgEFBQcwAQUEAgUA
MEMGA1UdHwQ8MDowOKA2oDSGMmh0dHA6Ly9jcmwuc3RhcmZpZWxkdGVjaC5jb20v
cmVwb3NpdG9yeS9zZnJvb3QuY3JsMFAGA1UdIARJMEcwRQYLYIZIAYb9bgEHFwEw
NjA0BggrBgEFBQcCARYoaHR0cDovL2NybC5zdGFyZmllbGR0ZWNoLmNvbS9yZXBv
c2l0b3J5LzANBgkqhkiG9w0BAQUFAAOCAQEALsScs6RIDh+p1ivrw35D/iaH85xO
2RJ5obB+HGp95ie+hU1li9/6kz/1CDpbH9fp5hgeq7t58Ku+Vq/e2aIq8xkkMgC0
tM6KGU/+3yqKymzhX+p7MP18c/uK+6VOlBhfx5ysxLy06K3Sj9rkOIVJ6JTxQwtL
4vj12i7KPreFr/g7c6moT7p+8TsgN03tFnEPj6O8+5Z14CtzQJ9w3xQPbjAVJsa5
NNMGoKFl6RdD0wQI6603I6iepv8bNSFOrads7n8Cs/EjEaBc/fVlyKX8nyY1JmAI
dVNyQGpxJLf/BC2vrfZUexy66/vSBXQXhuLdxC5i/tyHcm2I3Sq8G5QWoQ==
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [max-age=120232, public, no-transform, must-revalidate]
Content-Length: [1738]
Content-Transfer-Encoding: [Binary]
Content-Type: [application/ocsp-response]
Date: [Mon, 26 Jun 2017 12:42:32 GMT]
Etag: ["18b95e8a48e45591555906edb3a7cd92e626cbb2"]
Expires: [Tue, 27 Jun 2017 23:51:53 GMT]
Last-Modified: [Mon, 26 Jun 2017 11:51:53 GMT]
P3p: [CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"]
Server: [Apache]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

[Starfield Technologies, Inc.] (CA Certificate)

Certificate details for certificate with serial number 0 (At position 3 in certificate chain)
Serial number:
hex: 0
int: 0
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: Starfield Technologies, Inc.
Organization unit: Starfield Class 2 Certification Authority
Country: US
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

This is a self signed certificate

Check the revocation status for another website

Created by Paul van Brouwershaven
© 2015 - 2017 Digitorus B.V.
Revoked certificates can't and should not be trusted, these certificate will cause errors like "NET::ERR_CERT_REVOKED" in browsers.