CRL & OCSP report for 0-cas.pdcnet.org.library.anselm.edu - library.anselm.edu (Saint Anselm College)

library.anselm.edu

Certificate details for library.anselm.edu (At position 0 in certificate chain)
Serial number:
hex: 561278913437696dfdcf12be6052ba52
int: 114409514374352604044074191598092728914
Issued by: GeoTrust SSL CA - G3
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: Saint Anselm College
State / Province: New Hampshire
Locality: Manchester
Country: US
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

Check certificate compliance for 0-cas.pdcnet.org.library.anselm.edu.

Certificate Revocation List (CRL)

This CRL was cached at
http://gn.symcb.com/gn.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://gn.symcb.com/gn.crl
Size: 139638 bytes (DER data)
Response time: 11.385115ms
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 3977

Relevant server response headers

Date:
Last Modified:

Server and network information

Server Software: Apache
Content Delivery Network (CDN): Akamai
Cache Information: TCP_HIT from a23-217-200-39.deploy.akamaitechnologies.com (AkamaiGHost/8.3.4.1-19946687) (-)

Raw CRL response headers

Accept-Ranges: [bytes]
Content-Type: [application/pkix-crl]
Date: [Wed, 24 May 2017 15:31:01 GMT]
Etag: ["f89d0aa640b62eb115f084a6942f8403:1495616788"]
Last-Modified: [Wed, 24 May 2017 09:06:28 GMT]
Server: [Apache]
Vary: [Accept-Encoding]
X-Cache: [TCP_HIT from a23-217-200-39.deploy.akamaitechnologies.com (AkamaiGHost/8.3.4.1-19946687) (-)]
  • Content-Type in response is set to 'application/pkix-crl (RFC 5280, section 4.2.1.13)'
  • This CRL file is DER encoded
  • Issuer field is byte-for-byte equivalent with issuers subject
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than seven days old, CRLs must be updated and reissued at least every seven days (Mozilla Maintenance Policy section 3)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is not the same as ThisUpdate (RFC 5019, section 6.2)
  • Expires cache header not set (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://gn.symcd.com (GET)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://gn.symcd.com (GET)
Size: 1419 bytes (DER data)
Response time: 65.077924ms
Signature algorithm: SHA1WithRSA
Signature type: CA Deligated
Signed by: GeoTrust SSL CA - G3 OCSP Responder
Issued by: GeoTrust SSL CA - G3
Signing certificate validity: 2017-05-02 - 2017-07-31
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 121h42m2s

Server and network information

Server Software: nginx/1.10.2
Content Delivery Network (CDN): Akamai
Cache Information: TCP_MISS from a72-247-10-135.deploy.akamaitechnologies.com (AkamaiGHost/8.3.4.1-19946687) (-)

URL used for GET request

http://gn.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSxiwsBl1MHLHQ30p2z4Y2jbM5X4AQU0m%2F3lvSFP3I8MH0j2oV4m6N8WnwCEFYSeJE0N2lt%2Fc8SvmBSulI%3D

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFEwTzBNMEswSTAJBgUrDgMCGgUABBSxiwsBl1MHLHQ30p2z4Y2jbM5X4AQU0m/3
lvSFP3I8MH0j2oV4m6N8WnwCEFYSeJE0N2lt/c8SvmBSulI=
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIFhwoBAKCCBYAwggV8BgkrBgEFBQcwAQEEggVtMIIFaTCBnqIWBBQU8I5Qu9pg
++ZHgjOXQ5ccxq3WiBgPMjAxNzA1MTgyMzMxMzlaMHMwcTBJMAkGBSsOAwIaBQAE
FLGLCwGXUwcsdDfSnbPhjaNszlfgBBTSb/eW9IU/cjwwfSPahXibo3xafAIQVhJ4
kTQ3aW39zxK+YFK6UoAAGA8yMDE3MDUxODIzMzEzOVqgERgPMjAxNzA1MjUyMzMx
MzlaMA0GCSqGSIb3DQEBBQUAA4IBAQBH6CTNW/E2xwFDuyLvMP6z8O34HgkXACmL
JGtcQxvAIhqNBy0X2OFo6H9UBYRRny4oM11HydrkFpb0rEKRJTYHqeX8cc0JcmZB
ISkuHVpusAXwMhP9YuMExdE0rwwCRKcThL9zcOHdU0H4rZQpfjt2hPMy+UwORBpC
HHyK3Bfj6Iyv6g21/y4HUJbW26/F5uIoSHFDlAfcLw4w5K8aBnYdwjy5D7g0oEa7
lY8f3212ThJIzrzpN7Zvg9woWZq4zbNlVwOrFY6+5ToN69PFub1C5/FA+MRUzRJe
NF9ZLuQxaBRBzdkwFzPeutDyohfRRiiigoBO3ag6LqzX8UodqpIboIIDsDCCA6ww
ggOoMIICkKADAgECAhB48LocgSzY/9eiDY7BI1K7MA0GCSqGSIb3DQEBCwUAMEQx
CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMR0wGwYDVQQDExRH
ZW9UcnVzdCBTU0wgQ0EgLSBHMzAeFw0xNzA1MDIwMDAwMDBaFw0xNzA3MzEyMzU5
NTlaMC4xLDAqBgNVBAMTI0dlb1RydXN0IFNTTCBDQSAtIEczIE9DU1AgUmVzcG9u
ZGVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxPSC5kgEOxoXqDUt
zmtNmxG2NF4D0HSgclvHtesT9GTRrvCvAycsoXtpQhIUFDC3Gvq6/+0tfkHt/XuA
jajx8oZWv4MLrOBx8e3ovilGe7EcKu9rgR2yS+OJ4ZFlUKzqSEEMt2oMmUeg5DCY
5WcCvMv5Z7KWjM+1n3pMc44NQsZx73grycl6UBTf6t/3xNIxwYL2vizSu1c9ZAg8
Np3Aa8MgPDc+PWridtNCrRGVYmfol2bTM1VIr2CIwFvrlcEUbYFT2YzoprJoaH2M
T454oz8m/aIjfx/3rNcksAN0sP9em6FecgGVwPL2mJFE0hbeSnsGLffv675f+gT0
8O47CwIDAQABo4GrMIGoMA8GCSsGAQUFBzABBQQCBQAwIgYDVR0RBBswGaQXMBUx
EzARBgNVBAMTClRHVi1FLTEwMzgwHwYDVR0jBBgwFoAU0m/3lvSFP3I8MH0j2oV4
m6N8WnwwHQYDVR0OBBYEFBTwjlC72mD75keCM5dDlxzGrdaIMAwGA1UdEwEB/wQC
MAAwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDgYDVR0PAQH/BAQDAgeAMA0GCSqGSIb3
DQEBCwUAA4IBAQAsBP4yieudvxKbbD7iHXW8P3tBC6ns0L2usnW+8AvHm+dL+doE
AWpNlfalIHxdrx0J1jFxqQJIPgwlyuJ7TuFX0HZ0zwhXcwwJpjPhfwYi1eMaopFS
K1xnicPGJk87QdgvFol/IfM8bC/t83b7lovJw+JPmzWePoweSd8+m4jz+s250fzf
ds3zX/VFaNk+YBXyN0QCX3S/zCqeJa6CI6ZJ6pAe8wlEKPR4YXwJUxUbk1tG2Vnf
n4v0EtHG1pXfPzuRfn9Y0kSz7KHzovs/CXFM0jNSaaYfky5FDkATlSCi0k1HAVNk
8uf2Ct7dIkY9GI/TQY4GEBfe5jr5yAwSq0WD
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIDqDCCApCgAwIBAgIQePC6HIEs2P/Xog2OwSNSuzANBgkqhkiG9w0BAQsFADBE
MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEdMBsGA1UEAxMU
R2VvVHJ1c3QgU1NMIENBIC0gRzMwHhcNMTcwNTAyMDAwMDAwWhcNMTcwNzMxMjM1
OTU5WjAuMSwwKgYDVQQDEyNHZW9UcnVzdCBTU0wgQ0EgLSBHMyBPQ1NQIFJlc3Bv
bmRlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMT0guZIBDsaF6g1
Lc5rTZsRtjReA9B0oHJbx7XrE/Rk0a7wrwMnLKF7aUISFBQwtxr6uv/tLX5B7f17
gI2o8fKGVr+DC6zgcfHt6L4pRnuxHCrva4EdskvjieGRZVCs6khBDLdqDJlHoOQw
mOVnArzL+WeylozPtZ96THOODULGce94K8nJelAU3+rf98TSMcGC9r4s0rtXPWQI
PDadwGvDIDw3Pj1q4nbTQq0RlWJn6Jdm0zNVSK9giMBb65XBFG2BU9mM6KayaGh9
jE+OeKM/Jv2iI38f96zXJLADdLD/XpuhXnIBlcDy9piRRNIW3kp7Bi337+u+X/oE
9PDuOwsCAwEAAaOBqzCBqDAPBgkrBgEFBQcwAQUEAgUAMCIGA1UdEQQbMBmkFzAV
MRMwEQYDVQQDEwpUR1YtRS0xMDM4MB8GA1UdIwQYMBaAFNJv95b0hT9yPDB9I9qF
eJujfFp8MB0GA1UdDgQWBBQU8I5Qu9pg++ZHgjOXQ5ccxq3WiDAMBgNVHRMBAf8E
AjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA4GA1UdDwEB/wQEAwIHgDANBgkqhkiG
9w0BAQsFAAOCAQEALAT+Monrnb8Sm2w+4h11vD97QQup7NC9rrJ1vvALx5vnS/na
BAFqTZX2pSB8Xa8dCdYxcakCSD4MJcrie07hV9B2dM8IV3MMCaYz4X8GItXjGqKR
UitcZ4nDxiZPO0HYLxaJfyHzPGwv7fN2+5aLycPiT5s1nj6MHknfPpuI8/rNudH8
33bN81/1RWjZPmAV8jdEAl90v8wqniWugiOmSeqQHvMJRCj0eGF8CVMVG5NbRtlZ
35+L9BLRxtaV3z87kX5/WNJEs+yh86L7PwlxTNIzUmmmH5MuRQ5AE5UgotJNRwFT
ZPLn9gre3SJGPRiP00GOBhAX3uY6+cgMEqtFgw==
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [max-age=438122, public, no-transform, must-revalidate]
Content-Length: [1419]
Content-Transfer-Encoding: [binary]
Content-Type: [application/ocsp-response]
Date: [Sat, 20 May 2017 21:49:37 GMT]
Expires: [Thu, 25 May 2017 23:31:39 GMT]
Last-Modified: [Thu, 18 May 2017 23:31:39 GMT]
Server: [nginx/1.10.2]
X-Cache: [TCP_MISS from a72-247-10-135.deploy.akamaitechnologies.com (AkamaiGHost/8.3.4.1-19946687) (-)]
  • OCSP requests is smaller than 255 bytes
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • OCSP response is valid for at least 8 hours (Microsoft)
  • OCSP response is available at least 8 hours before the current period expires or at ½ the validity if valid for more than 16 hours (Microsoft)
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)
This OCSP response was cached at
http://gn.symcd.com (POST)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://gn.symcd.com (POST)
Size: 1419 bytes (DER data)
Response time: 61.016787ms
Signature algorithm: SHA1WithRSA
Signature type: CA Deligated
Signed by: GeoTrust SSL CA - G3 OCSP Responder
Issued by: GeoTrust SSL CA - G3
Signing certificate validity: 2017-05-02 - 2017-07-31
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 121h42m2s

Server and network information

Server Software: nginx/1.10.2
Content Delivery Network (CDN): Akamai
Cache Information: TCP_MISS from a72-247-10-135.deploy.akamaitechnologies.com (AkamaiGHost/8.3.4.1-19946687) (-)

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFEwTzBNMEswSTAJBgUrDgMCGgUABBSxiwsBl1MHLHQ30p2z4Y2jbM5X4AQU0m/3
lvSFP3I8MH0j2oV4m6N8WnwCEFYSeJE0N2lt/c8SvmBSulI=
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIFhwoBAKCCBYAwggV8BgkrBgEFBQcwAQEEggVtMIIFaTCBnqIWBBQU8I5Qu9pg
++ZHgjOXQ5ccxq3WiBgPMjAxNzA1MTgyMzMxMzlaMHMwcTBJMAkGBSsOAwIaBQAE
FLGLCwGXUwcsdDfSnbPhjaNszlfgBBTSb/eW9IU/cjwwfSPahXibo3xafAIQVhJ4
kTQ3aW39zxK+YFK6UoAAGA8yMDE3MDUxODIzMzEzOVqgERgPMjAxNzA1MjUyMzMx
MzlaMA0GCSqGSIb3DQEBBQUAA4IBAQBH6CTNW/E2xwFDuyLvMP6z8O34HgkXACmL
JGtcQxvAIhqNBy0X2OFo6H9UBYRRny4oM11HydrkFpb0rEKRJTYHqeX8cc0JcmZB
ISkuHVpusAXwMhP9YuMExdE0rwwCRKcThL9zcOHdU0H4rZQpfjt2hPMy+UwORBpC
HHyK3Bfj6Iyv6g21/y4HUJbW26/F5uIoSHFDlAfcLw4w5K8aBnYdwjy5D7g0oEa7
lY8f3212ThJIzrzpN7Zvg9woWZq4zbNlVwOrFY6+5ToN69PFub1C5/FA+MRUzRJe
NF9ZLuQxaBRBzdkwFzPeutDyohfRRiiigoBO3ag6LqzX8UodqpIboIIDsDCCA6ww
ggOoMIICkKADAgECAhB48LocgSzY/9eiDY7BI1K7MA0GCSqGSIb3DQEBCwUAMEQx
CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMR0wGwYDVQQDExRH
ZW9UcnVzdCBTU0wgQ0EgLSBHMzAeFw0xNzA1MDIwMDAwMDBaFw0xNzA3MzEyMzU5
NTlaMC4xLDAqBgNVBAMTI0dlb1RydXN0IFNTTCBDQSAtIEczIE9DU1AgUmVzcG9u
ZGVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxPSC5kgEOxoXqDUt
zmtNmxG2NF4D0HSgclvHtesT9GTRrvCvAycsoXtpQhIUFDC3Gvq6/+0tfkHt/XuA
jajx8oZWv4MLrOBx8e3ovilGe7EcKu9rgR2yS+OJ4ZFlUKzqSEEMt2oMmUeg5DCY
5WcCvMv5Z7KWjM+1n3pMc44NQsZx73grycl6UBTf6t/3xNIxwYL2vizSu1c9ZAg8
Np3Aa8MgPDc+PWridtNCrRGVYmfol2bTM1VIr2CIwFvrlcEUbYFT2YzoprJoaH2M
T454oz8m/aIjfx/3rNcksAN0sP9em6FecgGVwPL2mJFE0hbeSnsGLffv675f+gT0
8O47CwIDAQABo4GrMIGoMA8GCSsGAQUFBzABBQQCBQAwIgYDVR0RBBswGaQXMBUx
EzARBgNVBAMTClRHVi1FLTEwMzgwHwYDVR0jBBgwFoAU0m/3lvSFP3I8MH0j2oV4
m6N8WnwwHQYDVR0OBBYEFBTwjlC72mD75keCM5dDlxzGrdaIMAwGA1UdEwEB/wQC
MAAwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDgYDVR0PAQH/BAQDAgeAMA0GCSqGSIb3
DQEBCwUAA4IBAQAsBP4yieudvxKbbD7iHXW8P3tBC6ns0L2usnW+8AvHm+dL+doE
AWpNlfalIHxdrx0J1jFxqQJIPgwlyuJ7TuFX0HZ0zwhXcwwJpjPhfwYi1eMaopFS
K1xnicPGJk87QdgvFol/IfM8bC/t83b7lovJw+JPmzWePoweSd8+m4jz+s250fzf
ds3zX/VFaNk+YBXyN0QCX3S/zCqeJa6CI6ZJ6pAe8wlEKPR4YXwJUxUbk1tG2Vnf
n4v0EtHG1pXfPzuRfn9Y0kSz7KHzovs/CXFM0jNSaaYfky5FDkATlSCi0k1HAVNk
8uf2Ct7dIkY9GI/TQY4GEBfe5jr5yAwSq0WD
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIDqDCCApCgAwIBAgIQePC6HIEs2P/Xog2OwSNSuzANBgkqhkiG9w0BAQsFADBE
MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEdMBsGA1UEAxMU
R2VvVHJ1c3QgU1NMIENBIC0gRzMwHhcNMTcwNTAyMDAwMDAwWhcNMTcwNzMxMjM1
OTU5WjAuMSwwKgYDVQQDEyNHZW9UcnVzdCBTU0wgQ0EgLSBHMyBPQ1NQIFJlc3Bv
bmRlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMT0guZIBDsaF6g1
Lc5rTZsRtjReA9B0oHJbx7XrE/Rk0a7wrwMnLKF7aUISFBQwtxr6uv/tLX5B7f17
gI2o8fKGVr+DC6zgcfHt6L4pRnuxHCrva4EdskvjieGRZVCs6khBDLdqDJlHoOQw
mOVnArzL+WeylozPtZ96THOODULGce94K8nJelAU3+rf98TSMcGC9r4s0rtXPWQI
PDadwGvDIDw3Pj1q4nbTQq0RlWJn6Jdm0zNVSK9giMBb65XBFG2BU9mM6KayaGh9
jE+OeKM/Jv2iI38f96zXJLADdLD/XpuhXnIBlcDy9piRRNIW3kp7Bi337+u+X/oE
9PDuOwsCAwEAAaOBqzCBqDAPBgkrBgEFBQcwAQUEAgUAMCIGA1UdEQQbMBmkFzAV
MRMwEQYDVQQDEwpUR1YtRS0xMDM4MB8GA1UdIwQYMBaAFNJv95b0hT9yPDB9I9qF
eJujfFp8MB0GA1UdDgQWBBQU8I5Qu9pg++ZHgjOXQ5ccxq3WiDAMBgNVHRMBAf8E
AjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA4GA1UdDwEB/wQEAwIHgDANBgkqhkiG
9w0BAQsFAAOCAQEALAT+Monrnb8Sm2w+4h11vD97QQup7NC9rrJ1vvALx5vnS/na
BAFqTZX2pSB8Xa8dCdYxcakCSD4MJcrie07hV9B2dM8IV3MMCaYz4X8GItXjGqKR
UitcZ4nDxiZPO0HYLxaJfyHzPGwv7fN2+5aLycPiT5s1nj6MHknfPpuI8/rNudH8
33bN81/1RWjZPmAV8jdEAl90v8wqniWugiOmSeqQHvMJRCj0eGF8CVMVG5NbRtlZ
35+L9BLRxtaV3z87kX5/WNJEs+yh86L7PwlxTNIzUmmmH5MuRQ5AE5UgotJNRwFT
ZPLn9gre3SJGPRiP00GOBhAX3uY6+cgMEqtFgw==
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [max-age=438122, public, no-transform, must-revalidate]
Content-Length: [1419]
Content-Transfer-Encoding: [binary]
Content-Type: [application/ocsp-response]
Date: [Sat, 20 May 2017 21:49:37 GMT]
Expires: [Thu, 25 May 2017 23:31:39 GMT]
Last-Modified: [Thu, 18 May 2017 23:31:39 GMT]
Server: [nginx/1.10.2]
X-Cache: [TCP_MISS from a72-247-10-135.deploy.akamaitechnologies.com (AkamaiGHost/8.3.4.1-19946687) (-)]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • OCSP response is valid for at least 8 hours (Microsoft)
  • OCSP response is available at least 8 hours before the current period expires or at ½ the validity if valid for more than 16 hours (Microsoft)
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

GeoTrust SSL CA - G3 (CA Certificate)

Certificate details for GeoTrust SSL CA - G3 (At position 1 in certificate chain)
Serial number:
hex: 23a6f
int: 146031
Issued by: GeoTrust Global CA
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: GeoTrust Inc.
Country: US
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

This certificate contains no information about authoritative CRL(s) or OCSP servers

Check the revocation status for another website

Created by Paul van Brouwershaven
Revoked certificates can't and should not be trusted, these certificate will cause errors like "NET::ERR_CERT_REVOKED" in browsers.