CRL & OCSP report for 0-checkpoint.riag.com.liucat.lib.liu.edu - liucat.lib.liu.edu (Long Island University)

liucat.lib.liu.edu

Certificate details for liucat.lib.liu.edu (At position 0 in certificate chain)
Serial number:
hex: 71c15248a9a98bc3d39f81e15dca36c8
int: 151206545731915850979071105880289851080
Issued by: thawte EV SSL CA - G3
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Company registration number: Government Entity
Organization: Long Island University
Organization unit: IT
State / Province: New York
Locality: Greenvale
Country: US
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

Check certificate compliance for 0-checkpoint.riag.com.liucat.lib.liu.edu.

Certificate Revocation List (CRL)

This CRL was cached at
http://ti.symcb.com/ti.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://ti.symcb.com/ti.crl
Size: 17918 bytes (DER data)
Response time: 18.205673ms
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 499

Relevant server response headers

Date:
Last Modified:

Server and network information

Server Software: Apache
Content Delivery Network (CDN): Akamai
Cache Information: TCP_REFRESH_HIT from a72-247-10-167.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (S)

Raw CRL response headers

Accept-Ranges: [bytes]
Content-Type: [application/pkix-crl]
Date: [Sat, 24 Jun 2017 03:26:09 GMT]
Etag: ["18ad019d4f07cb718e0ec1d7d689d2ad:1498252302"]
Last-Modified: [Fri, 23 Jun 2017 21:11:42 GMT]
Server: [Apache]
Vary: [Accept-Encoding]
X-Cache: [TCP_REFRESH_HIT from a72-247-10-167.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (S)]
  • Content-Type in response is set to 'application/pkix-crl (RFC 5280, section 4.2.1.13)'
  • This CRL file is DER encoded
  • Issuer field is byte-for-byte equivalent with issuers subject
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than seven days old, CRLs must be updated and reissued at least every seven days (Mozilla Maintenance Policy section 3)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is not the same as ThisUpdate (RFC 5019, section 6.2)
  • Expires cache header not set (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://ti.symcd.com (POST)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ti.symcd.com (POST)
Size: 1419 bytes (DER data)
Response time: 127.493622ms
Signature algorithm: SHA1WithRSA
Signature type: CA Delegated
Signed by: thawte EV SSL CA - G3 OCSP Responder
Issued by: thawte EV SSL CA - G3
Signing certificate validity: 2017-04-26 - 2017-07-25
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 89h50m20s

Server and network information

Server Software: nginx/1.10.2
Content Delivery Network (CDN): Akamai
Cache Information: TCP_MISS from a72-247-10-143.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (-)

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFEwTzBNMEswSTAJBgUrDgMCGgUABBRf3h+5hEjM/dnIiVtt0Z/tptP7EQQU8HBR
2tMqkU9Sd9eGd3QPznEabCICEHHBUkipqYvD05+B4V3KNsg=
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIFhwoBAKCCBYAwggV8BgkrBgEFBQcwAQEEggVtMIIFaTCBnqIWBBQTU70MPQ6z
52Z3+Giik7kHpz/S7RgPMjAxNzA2MjAyMTE5NThaMHMwcTBJMAkGBSsOAwIaBQAE
FF/eH7mESMz92ciJW23Rn+2m0/sRBBTwcFHa0yqRT1J314Z3dA/OcRpsIgIQccFS
SKmpi8PTn4HhXco2yIAAGA8yMDE3MDYyMDIxMTk1OFqgERgPMjAxNzA2MjcyMTE5
NThaMA0GCSqGSIb3DQEBBQUAA4IBAQBuGRjupYLxirlFl+pxy6YeQHOyrbC7UCxV
iqBHeAm0Is9ZtFyYvD33+LL+j6K0V7tYz02c76P9aoPTeebC6uatTuE5v3r4s7Z5
p0fUxdGr9ZcrqSdr+oOxlvWuFenVqYdk0lrSsDZT4ybWyNbZJpVCatlmzosb5uIz
VlmXq7cbSjNjyuQCQSvRbTMX2+W3cqLl64+2PXBG7B+DxhzoF6xNK3Wto0qqgB/r
GfopjH0wIe8EBgDnGQtV2lsZ7Q6yWY9zahdfZdtnzLbyHsFk3zkZJi91IRRDB/hA
ZJh/arE/pnuPD1yCb2g0qUQ6vLHIUx+2iB2ktqhHozvgRJdFLLbpoIIDsDCCA6ww
ggOoMIICkKADAgECAhB0F/tceaVxDRs9KpuGjvBRMA0GCSqGSIb3DQEBCwUAMEQx
CzAJBgNVBAYTAlVTMRUwEwYDVQQKEwx0aGF3dGUsIEluYy4xHjAcBgNVBAMTFXRo
YXd0ZSBFViBTU0wgQ0EgLSBHMzAeFw0xNzA0MjYwMDAwMDBaFw0xNzA3MjUyMzU5
NTlaMC8xLTArBgNVBAMTJHRoYXd0ZSBFViBTU0wgQ0EgLSBHMyBPQ1NQIFJlc3Bv
bmRlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ1MKrcBnSoDp6uD
Z2YN+uvWC3MItWmKTAOmBDyJMciXrR+RSfgGwBExbp+HOeldr4D5pDEUOJUr6+0+
qyqDK/xT3wmGEzKLbLurIW4g0wZ5i92P9oeuCI2SLm1xmx7/COZad/1E6NGyXY4L
MISyL0oHwPEpvIlqcI1hmJlj0KVPKuKcRey8wBfjDLdH8XUQoHJeJoigFvj91CBg
oDykIYWs8dW2w6H5rtb6EY1CFdTg5i/CtYhsN4tQqkPAA9aeQcX37Cn2QTVjMF1P
Dbpr6O3Sl/nwrf+FPBkxVhwixzRi1hxeZhliKGrW9Lxj7xsxGZfI5lwN4IYghNbY
ITFNAd8CAwEAAaOBqjCBpzAPBgkrBgEFBQcwAQUEAgUAMCEGA1UdEQQaMBikFjAU
MRIwEAYDVQQDEwlUR1YtRS05NzEwHwYDVR0jBBgwFoAU8HBR2tMqkU9Sd9eGd3QP
znEabCIwHQYDVR0OBBYEFBNTvQw9DrPnZnf4aKKTuQenP9LtMAwGA1UdEwEB/wQC
MAAwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDgYDVR0PAQH/BAQDAgeAMA0GCSqGSIb3
DQEBCwUAA4IBAQC79wsgTpe7qUrcUs9WRlVYCZ/HjfHQbwZuBOmYAomSYRTxKjy/
TPKIBgmVaIndJ+AC343mT4CKYKNrlvYsUqzUhtJ87xV1CJYhZvmbKDtwgII99Woe
R/U02+8hibqKrjrjHJ/9qhTUMq7uwv+Ii9ArPqZAs7ptQEZ12WUSkVOmaXZiDdqG
zJf1YT2JLDtoPLS1g4ApSRvy2Nm6dn8Ea+Nl15DpRU9kXGwknpD5OV5NDjMUgpTs
0CqINmdks8zhHAVk6OGfEiOZETbF9vwA8KIpNTp9p/Y7dAYi63Kpsv1ZZ4uupko8
Q/7d5UqVBIJsjpo0507nvuA8PTrvt7YfZvsW
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIDqDCCApCgAwIBAgIQdBf7XHmlcQ0bPSqbho7wUTANBgkqhkiG9w0BAQsFADBE
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3RlLCBJbmMuMR4wHAYDVQQDExV0
aGF3dGUgRVYgU1NMIENBIC0gRzMwHhcNMTcwNDI2MDAwMDAwWhcNMTcwNzI1MjM1
OTU5WjAvMS0wKwYDVQQDEyR0aGF3dGUgRVYgU1NMIENBIC0gRzMgT0NTUCBSZXNw
b25kZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCdTCq3AZ0qA6er
g2dmDfrr1gtzCLVpikwDpgQ8iTHIl60fkUn4BsARMW6fhznpXa+A+aQxFDiVK+vt
Pqsqgyv8U98JhhMyi2y7qyFuINMGeYvdj/aHrgiNki5tcZse/wjmWnf9ROjRsl2O
CzCEsi9KB8DxKbyJanCNYZiZY9ClTyrinEXsvMAX4wy3R/F1EKByXiaIoBb4/dQg
YKA8pCGFrPHVtsOh+a7W+hGNQhXU4OYvwrWIbDeLUKpDwAPWnkHF9+wp9kE1YzBd
Tw26a+jt0pf58K3/hTwZMVYcIsc0YtYcXmYZYihq1vS8Y+8bMRmXyOZcDeCGIITW
2CExTQHfAgMBAAGjgaowgacwDwYJKwYBBQUHMAEFBAIFADAhBgNVHREEGjAYpBYw
FDESMBAGA1UEAxMJVEdWLUUtOTcxMB8GA1UdIwQYMBaAFPBwUdrTKpFPUnfXhnd0
D85xGmwiMB0GA1UdDgQWBBQTU70MPQ6z52Z3+Giik7kHpz/S7TAMBgNVHRMBAf8E
AjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA4GA1UdDwEB/wQEAwIHgDANBgkqhkiG
9w0BAQsFAAOCAQEAu/cLIE6Xu6lK3FLPVkZVWAmfx43x0G8GbgTpmAKJkmEU8So8
v0zyiAYJlWiJ3SfgAt+N5k+AimCja5b2LFKs1IbSfO8VdQiWIWb5myg7cICCPfVq
Hkf1NNvvIYm6iq464xyf/aoU1DKu7sL/iIvQKz6mQLO6bUBGddllEpFTpml2Yg3a
hsyX9WE9iSw7aDy0tYOAKUkb8tjZunZ/BGvjZdeQ6UVPZFxsJJ6Q+TleTQ4zFIKU
7NAqiDZnZLPM4RwFZOjhnxIjmRE2xfb8APCiKTU6faf2O3QGIutyqbL9WWeLrqZK
PEP+3eVKlQSCbI6aNOdO577gPD0677e2H2b7Fg==
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [max-age=323420, public, no-transform, must-revalidate]
Content-Length: [1419]
Content-Transfer-Encoding: [binary]
Content-Type: [application/ocsp-response]
Date: [Sat, 24 Jun 2017 03:29:38 GMT]
Expires: [Tue, 27 Jun 2017 21:19:58 GMT]
Last-Modified: [Tue, 20 Jun 2017 21:19:58 GMT]
Server: [nginx/1.10.2]
X-Cache: [TCP_MISS from a72-247-10-143.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (-)]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • OCSP response is valid for at least 8 hours (Microsoft)
  • OCSP response is available at least 8 hours before the current period expires or at ½ the validity if valid for more than 16 hours (Microsoft)
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)
This OCSP response was cached at
http://ti.symcd.com (GET)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ti.symcd.com (GET)
Size: 1419 bytes (DER data)
Response time: 130.824737ms
Signature algorithm: SHA1WithRSA
Signature type: CA Delegated
Signed by: thawte EV SSL CA - G3 OCSP Responder
Issued by: thawte EV SSL CA - G3
Signing certificate validity: 2017-04-26 - 2017-07-25
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 89h50m20s

Server and network information

Server Software: nginx/1.10.2
Content Delivery Network (CDN): Akamai
Cache Information: TCP_MISS from a72-247-10-135.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (-)

URL used for GET request

http://ti.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRf3h%2B5hEjM%2FdnIiVtt0Z%2FtptP7EQQU8HBR2tMqkU9Sd9eGd3QPznEabCICEHHBUkipqYvD05%2BB4V3KNsg%3D

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFEwTzBNMEswSTAJBgUrDgMCGgUABBRf3h+5hEjM/dnIiVtt0Z/tptP7EQQU8HBR
2tMqkU9Sd9eGd3QPznEabCICEHHBUkipqYvD05+B4V3KNsg=
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIFhwoBAKCCBYAwggV8BgkrBgEFBQcwAQEEggVtMIIFaTCBnqIWBBQTU70MPQ6z
52Z3+Giik7kHpz/S7RgPMjAxNzA2MjAyMTE5NThaMHMwcTBJMAkGBSsOAwIaBQAE
FF/eH7mESMz92ciJW23Rn+2m0/sRBBTwcFHa0yqRT1J314Z3dA/OcRpsIgIQccFS
SKmpi8PTn4HhXco2yIAAGA8yMDE3MDYyMDIxMTk1OFqgERgPMjAxNzA2MjcyMTE5
NThaMA0GCSqGSIb3DQEBBQUAA4IBAQBuGRjupYLxirlFl+pxy6YeQHOyrbC7UCxV
iqBHeAm0Is9ZtFyYvD33+LL+j6K0V7tYz02c76P9aoPTeebC6uatTuE5v3r4s7Z5
p0fUxdGr9ZcrqSdr+oOxlvWuFenVqYdk0lrSsDZT4ybWyNbZJpVCatlmzosb5uIz
VlmXq7cbSjNjyuQCQSvRbTMX2+W3cqLl64+2PXBG7B+DxhzoF6xNK3Wto0qqgB/r
GfopjH0wIe8EBgDnGQtV2lsZ7Q6yWY9zahdfZdtnzLbyHsFk3zkZJi91IRRDB/hA
ZJh/arE/pnuPD1yCb2g0qUQ6vLHIUx+2iB2ktqhHozvgRJdFLLbpoIIDsDCCA6ww
ggOoMIICkKADAgECAhB0F/tceaVxDRs9KpuGjvBRMA0GCSqGSIb3DQEBCwUAMEQx
CzAJBgNVBAYTAlVTMRUwEwYDVQQKEwx0aGF3dGUsIEluYy4xHjAcBgNVBAMTFXRo
YXd0ZSBFViBTU0wgQ0EgLSBHMzAeFw0xNzA0MjYwMDAwMDBaFw0xNzA3MjUyMzU5
NTlaMC8xLTArBgNVBAMTJHRoYXd0ZSBFViBTU0wgQ0EgLSBHMyBPQ1NQIFJlc3Bv
bmRlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ1MKrcBnSoDp6uD
Z2YN+uvWC3MItWmKTAOmBDyJMciXrR+RSfgGwBExbp+HOeldr4D5pDEUOJUr6+0+
qyqDK/xT3wmGEzKLbLurIW4g0wZ5i92P9oeuCI2SLm1xmx7/COZad/1E6NGyXY4L
MISyL0oHwPEpvIlqcI1hmJlj0KVPKuKcRey8wBfjDLdH8XUQoHJeJoigFvj91CBg
oDykIYWs8dW2w6H5rtb6EY1CFdTg5i/CtYhsN4tQqkPAA9aeQcX37Cn2QTVjMF1P
Dbpr6O3Sl/nwrf+FPBkxVhwixzRi1hxeZhliKGrW9Lxj7xsxGZfI5lwN4IYghNbY
ITFNAd8CAwEAAaOBqjCBpzAPBgkrBgEFBQcwAQUEAgUAMCEGA1UdEQQaMBikFjAU
MRIwEAYDVQQDEwlUR1YtRS05NzEwHwYDVR0jBBgwFoAU8HBR2tMqkU9Sd9eGd3QP
znEabCIwHQYDVR0OBBYEFBNTvQw9DrPnZnf4aKKTuQenP9LtMAwGA1UdEwEB/wQC
MAAwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDgYDVR0PAQH/BAQDAgeAMA0GCSqGSIb3
DQEBCwUAA4IBAQC79wsgTpe7qUrcUs9WRlVYCZ/HjfHQbwZuBOmYAomSYRTxKjy/
TPKIBgmVaIndJ+AC343mT4CKYKNrlvYsUqzUhtJ87xV1CJYhZvmbKDtwgII99Woe
R/U02+8hibqKrjrjHJ/9qhTUMq7uwv+Ii9ArPqZAs7ptQEZ12WUSkVOmaXZiDdqG
zJf1YT2JLDtoPLS1g4ApSRvy2Nm6dn8Ea+Nl15DpRU9kXGwknpD5OV5NDjMUgpTs
0CqINmdks8zhHAVk6OGfEiOZETbF9vwA8KIpNTp9p/Y7dAYi63Kpsv1ZZ4uupko8
Q/7d5UqVBIJsjpo0507nvuA8PTrvt7YfZvsW
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIDqDCCApCgAwIBAgIQdBf7XHmlcQ0bPSqbho7wUTANBgkqhkiG9w0BAQsFADBE
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3RlLCBJbmMuMR4wHAYDVQQDExV0
aGF3dGUgRVYgU1NMIENBIC0gRzMwHhcNMTcwNDI2MDAwMDAwWhcNMTcwNzI1MjM1
OTU5WjAvMS0wKwYDVQQDEyR0aGF3dGUgRVYgU1NMIENBIC0gRzMgT0NTUCBSZXNw
b25kZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCdTCq3AZ0qA6er
g2dmDfrr1gtzCLVpikwDpgQ8iTHIl60fkUn4BsARMW6fhznpXa+A+aQxFDiVK+vt
Pqsqgyv8U98JhhMyi2y7qyFuINMGeYvdj/aHrgiNki5tcZse/wjmWnf9ROjRsl2O
CzCEsi9KB8DxKbyJanCNYZiZY9ClTyrinEXsvMAX4wy3R/F1EKByXiaIoBb4/dQg
YKA8pCGFrPHVtsOh+a7W+hGNQhXU4OYvwrWIbDeLUKpDwAPWnkHF9+wp9kE1YzBd
Tw26a+jt0pf58K3/hTwZMVYcIsc0YtYcXmYZYihq1vS8Y+8bMRmXyOZcDeCGIITW
2CExTQHfAgMBAAGjgaowgacwDwYJKwYBBQUHMAEFBAIFADAhBgNVHREEGjAYpBYw
FDESMBAGA1UEAxMJVEdWLUUtOTcxMB8GA1UdIwQYMBaAFPBwUdrTKpFPUnfXhnd0
D85xGmwiMB0GA1UdDgQWBBQTU70MPQ6z52Z3+Giik7kHpz/S7TAMBgNVHRMBAf8E
AjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA4GA1UdDwEB/wQEAwIHgDANBgkqhkiG
9w0BAQsFAAOCAQEAu/cLIE6Xu6lK3FLPVkZVWAmfx43x0G8GbgTpmAKJkmEU8So8
v0zyiAYJlWiJ3SfgAt+N5k+AimCja5b2LFKs1IbSfO8VdQiWIWb5myg7cICCPfVq
Hkf1NNvvIYm6iq464xyf/aoU1DKu7sL/iIvQKz6mQLO6bUBGddllEpFTpml2Yg3a
hsyX9WE9iSw7aDy0tYOAKUkb8tjZunZ/BGvjZdeQ6UVPZFxsJJ6Q+TleTQ4zFIKU
7NAqiDZnZLPM4RwFZOjhnxIjmRE2xfb8APCiKTU6faf2O3QGIutyqbL9WWeLrqZK
PEP+3eVKlQSCbI6aNOdO577gPD0677e2H2b7Fg==
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [max-age=323420, public, no-transform, must-revalidate]
Content-Length: [1419]
Content-Transfer-Encoding: [binary]
Content-Type: [application/ocsp-response]
Date: [Sat, 24 Jun 2017 03:29:38 GMT]
Expires: [Tue, 27 Jun 2017 21:19:58 GMT]
Last-Modified: [Tue, 20 Jun 2017 21:19:58 GMT]
Server: [nginx/1.10.2]
X-Cache: [TCP_MISS from a72-247-10-135.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (-)]
  • OCSP requests is smaller than 255 bytes
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • OCSP response is valid for at least 8 hours (Microsoft)
  • OCSP response is available at least 8 hours before the current period expires or at ½ the validity if valid for more than 16 hours (Microsoft)
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

thawte EV SSL CA - G3 (CA Certificate)

Certificate details for thawte EV SSL CA - G3 (At position 1 in certificate chain)
Serial number:
hex: 5d72fb337620f64c7280dbe91281ff6a
int: 124215220411876031223968719307607768938
Issued by: thawte Primary Root CA
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: thawte, Inc.
Country: US
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

Certificate Revocation List (CRL)

This CRL was cached at
http://t1.symcb.com/ThawtePCA.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://t1.symcb.com/ThawtePCA.crl
Size: 537 bytes (DER data)
Response time: 54.341186ms
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 1

Relevant server response headers

Date:
Last Modified:

Server and network information

Server Software: Apache
Content Delivery Network (CDN): Akamai
Cache Information: TCP_MEM_HIT from a72-247-10-167.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (-)

Raw CRL response headers

Accept-Ranges: [bytes]
Content-Type: [application/pkix-crl]
Date: [Sat, 24 Jun 2017 03:26:09 GMT]
Etag: ["5a8afc61d4e871c162aeb1ae3cc55cbc:1498270523"]
Last-Modified: [Sat, 24 Jun 2017 02:15:23 GMT]
Server: [Apache]
Vary: [Accept-Encoding]
X-Cache: [TCP_MEM_HIT from a72-247-10-167.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (-)]
  • Content-Type in response is set to 'application/pkix-crl (RFC 5280, section 4.2.1.13)'
  • This CRL file is DER encoded
  • Issuer field is byte-for-byte equivalent with issuers subject
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is not the same as ThisUpdate (RFC 5019, section 6.2)
  • Expires cache header not set (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://t2.symcb.com (GET)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://t2.symcb.com (GET)
Size: 1504 bytes (DER data)
Response time: 450.547157ms
Signature algorithm: SHA1WithRSA
Signature type: CA Delegated
Signed by: thawte Primary Root OCSP Responder Certificate 5
Issued by: thawte Primary Root CA
Signing certificate validity: 2016-11-22 - 2017-12-14
Signing certificate algorithm: SHA1-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 89h43m28s

Server and network information

Server Software: nginx/1.10.2
Content Delivery Network (CDN): Akamai
Cache Information: TCP_MEM_HIT from a23-219-93-85.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (-)

URL used for GET request

http://t2.symcb.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEF1y%2BzN2IPZMcoDb6RKB%2F2o%3D

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD/yl6nWPkczAQUe1tF
z6/Oy3r9MZIaarbzRutXSFACEF1y+zN2IPZMcoDb6RKB/2o=
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIF3AoBAKCCBdUwggXRBgkrBgEFBQcwAQEEggXCMIIFvjCBnqIWBBSy2bdAZSGF
dJEJzQWJNOXg5SwcIxgPMjAxNzA2MjAyMDMwMThaMHMwcTBJMAkGBSsOAwIaBQAE
FDAXimvD1LuYJsIQcP/KXqdY+RzMBBR7W0XPr87Lev0xkhpqtvNG61dIUAIQXXL7
M3Yg9kxygNvpEoH/aoAAGA8yMDE3MDYyMDIwMzAxOFqgERgPMjAxNzA2MjcyMDMw
MThaMA0GCSqGSIb3DQEBBQUAA4IBAQAUmX+iGam3lnlgrm1dnWVUOpdlPy5D1hVO
8vbJwaoH81K0ZthiQZFh6zHzKXJeOf5qyynUY6OonvWCIl+gDmQyHtD3S8TnKBqq
bDOS62326UYd+ctUNAFWytiqsOt9fnWVksDgJQfpww+XrlXkHu+pAsneEjpdbhfl
gk1hadRj0QMupLpe23s2nL2ahSWBbNgH7udWHpMlRmWe3Cly35D+2whXL2s7N+Zx
XpniCui0E4u2lCfqpCIrshJALBq0PpKAZRbbbLQAPDDwTQ2rE9ABlYK6bXj4/KCL
PkDoKq99ozo/m+hBWX1KGlRQob+30/Qznsdcdz0OR7YSxDYYUhkSoIIEBTCCBAEw
ggP9MIIC5aADAgECAhBqIaLOBLu8Jqunme8AdApUMA0GCSqGSIb3DQEBBQUAMIGp
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3RlLCBJbmMuMSgwJgYDVQQLEx9D
ZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9uMTgwNgYDVQQLEy8oYykgMjAw
NiB0aGF3dGUsIEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTEfMB0GA1UE
AxMWdGhhd3RlIFByaW1hcnkgUm9vdCBDQTAeFw0xNjExMjIwMDAwMDBaFw0xNzEy
MTQyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwx0aGF3dGUsIEluYy4x
OTA3BgNVBAMTMHRoYXd0ZSBQcmltYXJ5IFJvb3QgT0NTUCBSZXNwb25kZXIgQ2Vy
dGlmaWNhdGUgNTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMwOc/CD
T/ilVz6H2rkWETL80qIX5ttu5I16yxgPVYUP2Qy1D6dpiw9JZb0Tw134T58HpV+B
e3HSYDvEwPLyCBgKDNGAQ4RTEvuVDAJXhDHFDe+tE3wUWX0QCsmqMqXTc/BI18Zx
1vekmip6OnwyEoRdlaIeRv1qFLOGj9NqcQrh3CN/4SJb/DnWmTQta4gODnKS/ADF
WRs/wB3rqPDBZhBLBqywq6YRmzcz6hb/dpddqcTp7tDtEHmw+BDWTl/92a2YwJAw
9mKjfzqNYZa37ydH0MYioCjreLj++js4ZCM+av59twiH//GjaqSaQnW2z7rKM/5A
5tBowI+SWtr93p8CAwEAAaNqMGgwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDwYJKwYB
BQUHMAEFBAIFADAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIHgDAiBgNVHREE
GzAZpBcwFTETMBEGA1UEAxMKVEdWLU9GRi01MTANBgkqhkiG9w0BAQUFAAOCAQEA
MZQVzAXoEbM5j6fQNNDzrTvMeEMlOlf8ShOg6pa5Y6/s9m+3nEqxRZhdJXtqn7YI
2736XikAfsn7cVikARa66mlLn6QxdnbUHX/TUpJf2/nZqCb2T80lmSjOfLwBzdgD
9N4MUzs16ivcuEEEJhuBhtcp/66+oEQqdXdLejHG61bRkhnqrW6U9sGBPhoQw2Hq
G3zclM6IlNJX+LYxOuDDD/5SbKAbcy+QBsue7Yf5XG7lZacI9CVFreoggA+YR8VQ
SVChJNc4k3ALASLz2OckP2X/357OiJFcsoqNdeo70ZLPLS4U/gOn60QiAnxonBCJ
PjZyT4sg074MlhPJSGR+HA==
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIID/TCCAuWgAwIBAgIQaiGizgS7vCarp5nvAHQKVDANBgkqhkiG9w0BAQUFADCB
qTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMf
Q2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIw
MDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxHzAdBgNV
BAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwHhcNMTYxMTIyMDAwMDAwWhcNMTcx
MjE0MjM1OTU5WjBfMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3RlLCBJbmMu
MTkwNwYDVQQDEzB0aGF3dGUgUHJpbWFyeSBSb290IE9DU1AgUmVzcG9uZGVyIENl
cnRpZmljYXRlIDUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMDnPw
g0/4pVc+h9q5FhEy/NKiF+bbbuSNessYD1WFD9kMtQ+naYsPSWW9E8Nd+E+fB6Vf
gXtx0mA7xMDy8ggYCgzRgEOEUxL7lQwCV4QxxQ3vrRN8FFl9EArJqjKl03PwSNfG
cdb3pJoqejp8MhKEXZWiHkb9ahSzho/TanEK4dwjf+EiW/w51pk0LWuIDg5ykvwA
xVkbP8Ad66jwwWYQSwassKumEZs3M+oW/3aXXanE6e7Q7RB5sPgQ1k5f/dmtmMCQ
MPZio386jWGWt+8nR9DGIqAo63i4/vo7OGQjPmr+fbcIh//xo2qkmkJ1ts+6yjP+
QObQaMCPklra/d6fAgMBAAGjajBoMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA8GCSsG
AQUFBzABBQQCBQAwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCB4AwIgYDVR0R
BBswGaQXMBUxEzARBgNVBAMTClRHVi1PRkYtNTEwDQYJKoZIhvcNAQEFBQADggEB
ADGUFcwF6BGzOY+n0DTQ8607zHhDJTpX/EoToOqWuWOv7PZvt5xKsUWYXSV7ap+2
CNu9+l4pAH7J+3FYpAEWuuppS5+kMXZ21B1/01KSX9v52agm9k/NJZkozny8Ac3Y
A/TeDFM7Neor3LhBBCYbgYbXKf+uvqBEKnV3S3oxxutW0ZIZ6q1ulPbBgT4aEMNh
6ht83JTOiJTSV/i2MTrgww/+UmygG3MvkAbLnu2H+Vxu5WWnCPQlRa3qIIAPmEfF
UElQoSTXOJNwCwEi89jnJD9l/9+ezoiRXLKKjXXqO9GSzy0uFP4Dp+tEIgJ8aJwQ
iT42ck+LINO+DJYTyUhkfhw=
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [max-age=323008, public, no-transform, must-revalidate]
Content-Length: [1504]
Content-Transfer-Encoding: [binary]
Content-Type: [application/ocsp-response]
Date: [Sat, 24 Jun 2017 02:50:23 GMT]
Expires: [Tue, 27 Jun 2017 20:30:18 GMT]
Last-Modified: [Tue, 20 Jun 2017 20:30:18 GMT]
Server: [nginx/1.10.2]
X-Cache: [TCP_MEM_HIT from a23-219-93-85.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (-)]
  • OCSP requests is smaller than 255 bytes
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header outlives NextUpdate with 3m33s
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)
This OCSP response was cached at
http://t2.symcb.com (POST)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://t2.symcb.com (POST)
Size: 1504 bytes (DER data)
Response time: 463.059884ms
Signature algorithm: SHA1WithRSA
Signature type: CA Delegated
Signed by: thawte Primary Root OCSP Responder Certificate 5
Issued by: thawte Primary Root CA
Signing certificate validity: 2016-11-22 - 2017-12-14
Signing certificate algorithm: SHA1-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 89h42m12s

Server and network information

Server Software: nginx/1.10.2
Content Delivery Network (CDN): Akamai
Cache Information: TCP_MEM_HIT from a23-219-93-86.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (-)

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD/yl6nWPkczAQUe1tF
z6/Oy3r9MZIaarbzRutXSFACEF1y+zN2IPZMcoDb6RKB/2o=
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIF3AoBAKCCBdUwggXRBgkrBgEFBQcwAQEEggXCMIIFvjCBnqIWBBSy2bdAZSGF
dJEJzQWJNOXg5SwcIxgPMjAxNzA2MjAyMDMwMThaMHMwcTBJMAkGBSsOAwIaBQAE
FDAXimvD1LuYJsIQcP/KXqdY+RzMBBR7W0XPr87Lev0xkhpqtvNG61dIUAIQXXL7
M3Yg9kxygNvpEoH/aoAAGA8yMDE3MDYyMDIwMzAxOFqgERgPMjAxNzA2MjcyMDMw
MThaMA0GCSqGSIb3DQEBBQUAA4IBAQAUmX+iGam3lnlgrm1dnWVUOpdlPy5D1hVO
8vbJwaoH81K0ZthiQZFh6zHzKXJeOf5qyynUY6OonvWCIl+gDmQyHtD3S8TnKBqq
bDOS62326UYd+ctUNAFWytiqsOt9fnWVksDgJQfpww+XrlXkHu+pAsneEjpdbhfl
gk1hadRj0QMupLpe23s2nL2ahSWBbNgH7udWHpMlRmWe3Cly35D+2whXL2s7N+Zx
XpniCui0E4u2lCfqpCIrshJALBq0PpKAZRbbbLQAPDDwTQ2rE9ABlYK6bXj4/KCL
PkDoKq99ozo/m+hBWX1KGlRQob+30/Qznsdcdz0OR7YSxDYYUhkSoIIEBTCCBAEw
ggP9MIIC5aADAgECAhBqIaLOBLu8Jqunme8AdApUMA0GCSqGSIb3DQEBBQUAMIGp
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3RlLCBJbmMuMSgwJgYDVQQLEx9D
ZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9uMTgwNgYDVQQLEy8oYykgMjAw
NiB0aGF3dGUsIEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTEfMB0GA1UE
AxMWdGhhd3RlIFByaW1hcnkgUm9vdCBDQTAeFw0xNjExMjIwMDAwMDBaFw0xNzEy
MTQyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwx0aGF3dGUsIEluYy4x
OTA3BgNVBAMTMHRoYXd0ZSBQcmltYXJ5IFJvb3QgT0NTUCBSZXNwb25kZXIgQ2Vy
dGlmaWNhdGUgNTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMwOc/CD
T/ilVz6H2rkWETL80qIX5ttu5I16yxgPVYUP2Qy1D6dpiw9JZb0Tw134T58HpV+B
e3HSYDvEwPLyCBgKDNGAQ4RTEvuVDAJXhDHFDe+tE3wUWX0QCsmqMqXTc/BI18Zx
1vekmip6OnwyEoRdlaIeRv1qFLOGj9NqcQrh3CN/4SJb/DnWmTQta4gODnKS/ADF
WRs/wB3rqPDBZhBLBqywq6YRmzcz6hb/dpddqcTp7tDtEHmw+BDWTl/92a2YwJAw
9mKjfzqNYZa37ydH0MYioCjreLj++js4ZCM+av59twiH//GjaqSaQnW2z7rKM/5A
5tBowI+SWtr93p8CAwEAAaNqMGgwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDwYJKwYB
BQUHMAEFBAIFADAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIHgDAiBgNVHREE
GzAZpBcwFTETMBEGA1UEAxMKVEdWLU9GRi01MTANBgkqhkiG9w0BAQUFAAOCAQEA
MZQVzAXoEbM5j6fQNNDzrTvMeEMlOlf8ShOg6pa5Y6/s9m+3nEqxRZhdJXtqn7YI
2736XikAfsn7cVikARa66mlLn6QxdnbUHX/TUpJf2/nZqCb2T80lmSjOfLwBzdgD
9N4MUzs16ivcuEEEJhuBhtcp/66+oEQqdXdLejHG61bRkhnqrW6U9sGBPhoQw2Hq
G3zclM6IlNJX+LYxOuDDD/5SbKAbcy+QBsue7Yf5XG7lZacI9CVFreoggA+YR8VQ
SVChJNc4k3ALASLz2OckP2X/357OiJFcsoqNdeo70ZLPLS4U/gOn60QiAnxonBCJ
PjZyT4sg074MlhPJSGR+HA==
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIID/TCCAuWgAwIBAgIQaiGizgS7vCarp5nvAHQKVDANBgkqhkiG9w0BAQUFADCB
qTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMf
Q2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIw
MDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxHzAdBgNV
BAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwHhcNMTYxMTIyMDAwMDAwWhcNMTcx
MjE0MjM1OTU5WjBfMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3RlLCBJbmMu
MTkwNwYDVQQDEzB0aGF3dGUgUHJpbWFyeSBSb290IE9DU1AgUmVzcG9uZGVyIENl
cnRpZmljYXRlIDUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMDnPw
g0/4pVc+h9q5FhEy/NKiF+bbbuSNessYD1WFD9kMtQ+naYsPSWW9E8Nd+E+fB6Vf
gXtx0mA7xMDy8ggYCgzRgEOEUxL7lQwCV4QxxQ3vrRN8FFl9EArJqjKl03PwSNfG
cdb3pJoqejp8MhKEXZWiHkb9ahSzho/TanEK4dwjf+EiW/w51pk0LWuIDg5ykvwA
xVkbP8Ad66jwwWYQSwassKumEZs3M+oW/3aXXanE6e7Q7RB5sPgQ1k5f/dmtmMCQ
MPZio386jWGWt+8nR9DGIqAo63i4/vo7OGQjPmr+fbcIh//xo2qkmkJ1ts+6yjP+
QObQaMCPklra/d6fAgMBAAGjajBoMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA8GCSsG
AQUFBzABBQQCBQAwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCB4AwIgYDVR0R
BBswGaQXMBUxEzARBgNVBAMTClRHVi1PRkYtNTEwDQYJKoZIhvcNAQEFBQADggEB
ADGUFcwF6BGzOY+n0DTQ8607zHhDJTpX/EoToOqWuWOv7PZvt5xKsUWYXSV7ap+2
CNu9+l4pAH7J+3FYpAEWuuppS5+kMXZ21B1/01KSX9v52agm9k/NJZkozny8Ac3Y
A/TeDFM7Neor3LhBBCYbgYbXKf+uvqBEKnV3S3oxxutW0ZIZ6q1ulPbBgT4aEMNh
6ht83JTOiJTSV/i2MTrgww/+UmygG3MvkAbLnu2H+Vxu5WWnCPQlRa3qIIAPmEfF
UElQoSTXOJNwCwEi89jnJD9l/9+ezoiRXLKKjXXqO9GSzy0uFP4Dp+tEIgJ8aJwQ
iT42ck+LINO+DJYTyUhkfhw=
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [max-age=322932, public, no-transform, must-revalidate]
Content-Length: [1504]
Content-Transfer-Encoding: [binary]
Content-Type: [application/ocsp-response]
Date: [Sat, 24 Jun 2017 02:50:23 GMT]
Expires: [Tue, 27 Jun 2017 20:30:18 GMT]
Last-Modified: [Tue, 20 Jun 2017 20:30:18 GMT]
Server: [nginx/1.10.2]
X-Cache: [TCP_MEM_HIT from a23-219-93-86.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (-)]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header outlives NextUpdate with 2m17s
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

thawte Primary Root CA (CA Certificate)

Certificate details for thawte Primary Root CA (At position 2 in certificate chain)
Serial number:
hex: 344ed55720d5edec49f42fce37db2b6d
int: 69529181992039203566298953787712940909
Issued by: thawte Primary Root CA
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: thawte, Inc.
Organization unit: Certification Services Division
Organization unit: (c) 2006 thawte, Inc. - For authorized use only
Country: US
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

This is a self signed certificate

Check the revocation status for another website

Created by Paul van Brouwershaven
© 2015 - 2017 Digitorus B.V.
Revoked certificates can't and should not be trusted, these certificate will cause errors like "NET::ERR_CERT_REVOKED" in browsers.