CRL & OCSP report for 0-checkpoint.riag.com.liucat.lib.liu.edu - liucat.lib.liu.edu (Long Island University)

liucat.lib.liu.edu

Certificate details for liucat.lib.liu.edu (At position 0 in certificate chain)
Serial number:
hex: 71c15248a9a98bc3d39f81e15dca36c8
int: 151206545731915850979071105880289851080
Issued by: thawte EV SSL CA - G3
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Company registration number: Government Entity
Organization: Long Island University
Organization unit: IT
State / Province: New York
Locality: Greenvale
Country: US
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

Check certificate compliance for 0-checkpoint.riag.com.liucat.lib.liu.edu.

Certificate Revocation List (CRL)

This CRL was cached at
http://ti.symcb.com/ti.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://ti.symcb.com/ti.crl
Size: 18582 bytes (DER data)
Response time: 8.639382ms
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 518

Relevant server response headers

Date:
Last Modified:

Server and network information

Server Software: Apache
Content Delivery Network (CDN): Akamai
Cache Information: TCP_MEM_HIT from a23-217-200-39.deploy.akamaitechnologies.com (AkamaiGHost/8.3.4.1-19946687) (-)

Raw CRL response headers

Accept-Ranges: [bytes]
Content-Type: [application/pkix-crl]
Date: [Wed, 24 May 2017 15:28:17 GMT]
Etag: ["9bb07053351abb3d63a3d1075b79a2bf:1495616849"]
Last-Modified: [Wed, 24 May 2017 09:07:29 GMT]
Server: [Apache]
Vary: [Accept-Encoding]
X-Cache: [TCP_MEM_HIT from a23-217-200-39.deploy.akamaitechnologies.com (AkamaiGHost/8.3.4.1-19946687) (-)]
  • Content-Type in response is set to 'application/pkix-crl (RFC 5280, section 4.2.1.13)'
  • This CRL file is DER encoded
  • Issuer field is byte-for-byte equivalent with issuers subject
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than seven days old, CRLs must be updated and reissued at least every seven days (Mozilla Maintenance Policy section 3)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is not the same as ThisUpdate (RFC 5019, section 6.2)
  • Expires cache header not set (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://ti.symcd.com (GET)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ti.symcd.com (GET)
Size: 1419 bytes (DER data)
Response time: 35.94488ms
Signature algorithm: SHA1WithRSA
Signature type: CA Deligated
Signed by: thawte EV SSL CA - G3 OCSP Responder
Issued by: thawte EV SSL CA - G3
Signing certificate validity: 2017-04-26 - 2017-07-25
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 117h7m1s

Server and network information

Server Software: nginx/1.10.2
Content Delivery Network (CDN): Akamai
Cache Information: TCP_REFRESH_MISS from a23-215-131-86.deploy.akamaitechnologies.com (AkamaiGHost/8.3.4.1-19946687) (S)

URL used for GET request

http://ti.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRf3h%2B5hEjM%2FdnIiVtt0Z%2FtptP7EQQU8HBR2tMqkU9Sd9eGd3QPznEabCICEHHBUkipqYvD05%2BB4V3KNsg%3D

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFEwTzBNMEswSTAJBgUrDgMCGgUABBRf3h+5hEjM/dnIiVtt0Z/tptP7EQQU8HBR
2tMqkU9Sd9eGd3QPznEabCICEHHBUkipqYvD05+B4V3KNsg=
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIFhwoBAKCCBYAwggV8BgkrBgEFBQcwAQEEggVtMIIFaTCBnqIWBBQTU70MPQ6z
52Z3+Giik7kHpz/S7RgPMjAxNzA1MjAwNzQ0MDNaMHMwcTBJMAkGBSsOAwIaBQAE
FF/eH7mESMz92ciJW23Rn+2m0/sRBBTwcFHa0yqRT1J314Z3dA/OcRpsIgIQccFS
SKmpi8PTn4HhXco2yIAAGA8yMDE3MDUyMDA3NDQwM1qgERgPMjAxNzA1MjcwNzQ0
MDNaMA0GCSqGSIb3DQEBBQUAA4IBAQBM+bOM/BCObTswoEKPKCd9s5/pDDWIRvPK
qhSMqkfaZdYY0J5wohpu5zO+RU8DBmti03O4dLtojvVG2IHzC86bccZQ8w3PxIYB
2YjgF1WufjPBAwg2XC91aN2IBWuLDwIXCKn7QmxQ4gOzuxstzk1U/PZCSgByWcu6
cVLo7jXaRjXH/pUTl5U79eBtI+VFfUdk4T8u6X9gCl1vIF+j5iVmYQX2tk4bWJ36
6W65FAOL2bLkifMe0vzg8fLHLEgHA8ut8pgI3OvvEApvqsRYl+UHeITUXHp9xkr4
C82wN6qIX8DUGwGchw3cvhxbm9TG4JD8VMGX5+nUiGoyEwS2pHlVoIIDsDCCA6ww
ggOoMIICkKADAgECAhB0F/tceaVxDRs9KpuGjvBRMA0GCSqGSIb3DQEBCwUAMEQx
CzAJBgNVBAYTAlVTMRUwEwYDVQQKEwx0aGF3dGUsIEluYy4xHjAcBgNVBAMTFXRo
YXd0ZSBFViBTU0wgQ0EgLSBHMzAeFw0xNzA0MjYwMDAwMDBaFw0xNzA3MjUyMzU5
NTlaMC8xLTArBgNVBAMTJHRoYXd0ZSBFViBTU0wgQ0EgLSBHMyBPQ1NQIFJlc3Bv
bmRlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ1MKrcBnSoDp6uD
Z2YN+uvWC3MItWmKTAOmBDyJMciXrR+RSfgGwBExbp+HOeldr4D5pDEUOJUr6+0+
qyqDK/xT3wmGEzKLbLurIW4g0wZ5i92P9oeuCI2SLm1xmx7/COZad/1E6NGyXY4L
MISyL0oHwPEpvIlqcI1hmJlj0KVPKuKcRey8wBfjDLdH8XUQoHJeJoigFvj91CBg
oDykIYWs8dW2w6H5rtb6EY1CFdTg5i/CtYhsN4tQqkPAA9aeQcX37Cn2QTVjMF1P
Dbpr6O3Sl/nwrf+FPBkxVhwixzRi1hxeZhliKGrW9Lxj7xsxGZfI5lwN4IYghNbY
ITFNAd8CAwEAAaOBqjCBpzAPBgkrBgEFBQcwAQUEAgUAMCEGA1UdEQQaMBikFjAU
MRIwEAYDVQQDEwlUR1YtRS05NzEwHwYDVR0jBBgwFoAU8HBR2tMqkU9Sd9eGd3QP
znEabCIwHQYDVR0OBBYEFBNTvQw9DrPnZnf4aKKTuQenP9LtMAwGA1UdEwEB/wQC
MAAwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDgYDVR0PAQH/BAQDAgeAMA0GCSqGSIb3
DQEBCwUAA4IBAQC79wsgTpe7qUrcUs9WRlVYCZ/HjfHQbwZuBOmYAomSYRTxKjy/
TPKIBgmVaIndJ+AC343mT4CKYKNrlvYsUqzUhtJ87xV1CJYhZvmbKDtwgII99Woe
R/U02+8hibqKrjrjHJ/9qhTUMq7uwv+Ii9ArPqZAs7ptQEZ12WUSkVOmaXZiDdqG
zJf1YT2JLDtoPLS1g4ApSRvy2Nm6dn8Ea+Nl15DpRU9kXGwknpD5OV5NDjMUgpTs
0CqINmdks8zhHAVk6OGfEiOZETbF9vwA8KIpNTp9p/Y7dAYi63Kpsv1ZZ4uupko8
Q/7d5UqVBIJsjpo0507nvuA8PTrvt7YfZvsW
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIDqDCCApCgAwIBAgIQdBf7XHmlcQ0bPSqbho7wUTANBgkqhkiG9w0BAQsFADBE
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3RlLCBJbmMuMR4wHAYDVQQDExV0
aGF3dGUgRVYgU1NMIENBIC0gRzMwHhcNMTcwNDI2MDAwMDAwWhcNMTcwNzI1MjM1
OTU5WjAvMS0wKwYDVQQDEyR0aGF3dGUgRVYgU1NMIENBIC0gRzMgT0NTUCBSZXNw
b25kZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCdTCq3AZ0qA6er
g2dmDfrr1gtzCLVpikwDpgQ8iTHIl60fkUn4BsARMW6fhznpXa+A+aQxFDiVK+vt
Pqsqgyv8U98JhhMyi2y7qyFuINMGeYvdj/aHrgiNki5tcZse/wjmWnf9ROjRsl2O
CzCEsi9KB8DxKbyJanCNYZiZY9ClTyrinEXsvMAX4wy3R/F1EKByXiaIoBb4/dQg
YKA8pCGFrPHVtsOh+a7W+hGNQhXU4OYvwrWIbDeLUKpDwAPWnkHF9+wp9kE1YzBd
Tw26a+jt0pf58K3/hTwZMVYcIsc0YtYcXmYZYihq1vS8Y+8bMRmXyOZcDeCGIITW
2CExTQHfAgMBAAGjgaowgacwDwYJKwYBBQUHMAEFBAIFADAhBgNVHREEGjAYpBYw
FDESMBAGA1UEAxMJVEdWLUUtOTcxMB8GA1UdIwQYMBaAFPBwUdrTKpFPUnfXhnd0
D85xGmwiMB0GA1UdDgQWBBQTU70MPQ6z52Z3+Giik7kHpz/S7TAMBgNVHRMBAf8E
AjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA4GA1UdDwEB/wQEAwIHgDANBgkqhkiG
9w0BAQsFAAOCAQEAu/cLIE6Xu6lK3FLPVkZVWAmfx43x0G8GbgTpmAKJkmEU8So8
v0zyiAYJlWiJ3SfgAt+N5k+AimCja5b2LFKs1IbSfO8VdQiWIWb5myg7cICCPfVq
Hkf1NNvvIYm6iq464xyf/aoU1DKu7sL/iIvQKz6mQLO6bUBGddllEpFTpml2Yg3a
hsyX9WE9iSw7aDy0tYOAKUkb8tjZunZ/BGvjZdeQ6UVPZFxsJJ6Q+TleTQ4zFIKU
7NAqiDZnZLPM4RwFZOjhnxIjmRE2xfb8APCiKTU6faf2O3QGIutyqbL9WWeLrqZK
PEP+3eVKlQSCbI6aNOdO577gPD0677e2H2b7Fg==
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [max-age=421621, public, no-transform, must-revalidate]
Content-Length: [1419]
Content-Transfer-Encoding: [binary]
Content-Type: [application/ocsp-response]
Date: [Mon, 22 May 2017 10:37:02 GMT]
Expires: [Sat, 27 May 2017 07:44:03 GMT]
Last-Modified: [Sat, 20 May 2017 07:44:03 GMT]
Server: [nginx/1.10.2]
X-Cache: [TCP_REFRESH_MISS from a23-215-131-86.deploy.akamaitechnologies.com (AkamaiGHost/8.3.4.1-19946687) (S)]
  • OCSP requests is smaller than 255 bytes
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • OCSP response is valid for at least 8 hours (Microsoft)
  • OCSP response is available at least 8 hours before the current period expires or at ½ the validity if valid for more than 16 hours (Microsoft)
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)
This OCSP response was cached at
http://ti.symcd.com (POST)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ti.symcd.com (POST)
Size: 1419 bytes (DER data)
Response time: 24.707134ms
Signature algorithm: SHA1WithRSA
Signature type: CA Deligated
Signed by: thawte EV SSL CA - G3 OCSP Responder
Issued by: thawte EV SSL CA - G3
Signing certificate validity: 2017-04-26 - 2017-07-25
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 117h7m1s

Server and network information

Server Software: nginx/1.10.2
Content Delivery Network (CDN): Akamai
Cache Information: TCP_REFRESH_MISS from a23-215-131-68.deploy.akamaitechnologies.com (AkamaiGHost/8.3.4.1-19946687) (S)

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFEwTzBNMEswSTAJBgUrDgMCGgUABBRf3h+5hEjM/dnIiVtt0Z/tptP7EQQU8HBR
2tMqkU9Sd9eGd3QPznEabCICEHHBUkipqYvD05+B4V3KNsg=
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIFhwoBAKCCBYAwggV8BgkrBgEFBQcwAQEEggVtMIIFaTCBnqIWBBQTU70MPQ6z
52Z3+Giik7kHpz/S7RgPMjAxNzA1MjAwNzQ0MDNaMHMwcTBJMAkGBSsOAwIaBQAE
FF/eH7mESMz92ciJW23Rn+2m0/sRBBTwcFHa0yqRT1J314Z3dA/OcRpsIgIQccFS
SKmpi8PTn4HhXco2yIAAGA8yMDE3MDUyMDA3NDQwM1qgERgPMjAxNzA1MjcwNzQ0
MDNaMA0GCSqGSIb3DQEBBQUAA4IBAQBM+bOM/BCObTswoEKPKCd9s5/pDDWIRvPK
qhSMqkfaZdYY0J5wohpu5zO+RU8DBmti03O4dLtojvVG2IHzC86bccZQ8w3PxIYB
2YjgF1WufjPBAwg2XC91aN2IBWuLDwIXCKn7QmxQ4gOzuxstzk1U/PZCSgByWcu6
cVLo7jXaRjXH/pUTl5U79eBtI+VFfUdk4T8u6X9gCl1vIF+j5iVmYQX2tk4bWJ36
6W65FAOL2bLkifMe0vzg8fLHLEgHA8ut8pgI3OvvEApvqsRYl+UHeITUXHp9xkr4
C82wN6qIX8DUGwGchw3cvhxbm9TG4JD8VMGX5+nUiGoyEwS2pHlVoIIDsDCCA6ww
ggOoMIICkKADAgECAhB0F/tceaVxDRs9KpuGjvBRMA0GCSqGSIb3DQEBCwUAMEQx
CzAJBgNVBAYTAlVTMRUwEwYDVQQKEwx0aGF3dGUsIEluYy4xHjAcBgNVBAMTFXRo
YXd0ZSBFViBTU0wgQ0EgLSBHMzAeFw0xNzA0MjYwMDAwMDBaFw0xNzA3MjUyMzU5
NTlaMC8xLTArBgNVBAMTJHRoYXd0ZSBFViBTU0wgQ0EgLSBHMyBPQ1NQIFJlc3Bv
bmRlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ1MKrcBnSoDp6uD
Z2YN+uvWC3MItWmKTAOmBDyJMciXrR+RSfgGwBExbp+HOeldr4D5pDEUOJUr6+0+
qyqDK/xT3wmGEzKLbLurIW4g0wZ5i92P9oeuCI2SLm1xmx7/COZad/1E6NGyXY4L
MISyL0oHwPEpvIlqcI1hmJlj0KVPKuKcRey8wBfjDLdH8XUQoHJeJoigFvj91CBg
oDykIYWs8dW2w6H5rtb6EY1CFdTg5i/CtYhsN4tQqkPAA9aeQcX37Cn2QTVjMF1P
Dbpr6O3Sl/nwrf+FPBkxVhwixzRi1hxeZhliKGrW9Lxj7xsxGZfI5lwN4IYghNbY
ITFNAd8CAwEAAaOBqjCBpzAPBgkrBgEFBQcwAQUEAgUAMCEGA1UdEQQaMBikFjAU
MRIwEAYDVQQDEwlUR1YtRS05NzEwHwYDVR0jBBgwFoAU8HBR2tMqkU9Sd9eGd3QP
znEabCIwHQYDVR0OBBYEFBNTvQw9DrPnZnf4aKKTuQenP9LtMAwGA1UdEwEB/wQC
MAAwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDgYDVR0PAQH/BAQDAgeAMA0GCSqGSIb3
DQEBCwUAA4IBAQC79wsgTpe7qUrcUs9WRlVYCZ/HjfHQbwZuBOmYAomSYRTxKjy/
TPKIBgmVaIndJ+AC343mT4CKYKNrlvYsUqzUhtJ87xV1CJYhZvmbKDtwgII99Woe
R/U02+8hibqKrjrjHJ/9qhTUMq7uwv+Ii9ArPqZAs7ptQEZ12WUSkVOmaXZiDdqG
zJf1YT2JLDtoPLS1g4ApSRvy2Nm6dn8Ea+Nl15DpRU9kXGwknpD5OV5NDjMUgpTs
0CqINmdks8zhHAVk6OGfEiOZETbF9vwA8KIpNTp9p/Y7dAYi63Kpsv1ZZ4uupko8
Q/7d5UqVBIJsjpo0507nvuA8PTrvt7YfZvsW
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIDqDCCApCgAwIBAgIQdBf7XHmlcQ0bPSqbho7wUTANBgkqhkiG9w0BAQsFADBE
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3RlLCBJbmMuMR4wHAYDVQQDExV0
aGF3dGUgRVYgU1NMIENBIC0gRzMwHhcNMTcwNDI2MDAwMDAwWhcNMTcwNzI1MjM1
OTU5WjAvMS0wKwYDVQQDEyR0aGF3dGUgRVYgU1NMIENBIC0gRzMgT0NTUCBSZXNw
b25kZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCdTCq3AZ0qA6er
g2dmDfrr1gtzCLVpikwDpgQ8iTHIl60fkUn4BsARMW6fhznpXa+A+aQxFDiVK+vt
Pqsqgyv8U98JhhMyi2y7qyFuINMGeYvdj/aHrgiNki5tcZse/wjmWnf9ROjRsl2O
CzCEsi9KB8DxKbyJanCNYZiZY9ClTyrinEXsvMAX4wy3R/F1EKByXiaIoBb4/dQg
YKA8pCGFrPHVtsOh+a7W+hGNQhXU4OYvwrWIbDeLUKpDwAPWnkHF9+wp9kE1YzBd
Tw26a+jt0pf58K3/hTwZMVYcIsc0YtYcXmYZYihq1vS8Y+8bMRmXyOZcDeCGIITW
2CExTQHfAgMBAAGjgaowgacwDwYJKwYBBQUHMAEFBAIFADAhBgNVHREEGjAYpBYw
FDESMBAGA1UEAxMJVEdWLUUtOTcxMB8GA1UdIwQYMBaAFPBwUdrTKpFPUnfXhnd0
D85xGmwiMB0GA1UdDgQWBBQTU70MPQ6z52Z3+Giik7kHpz/S7TAMBgNVHRMBAf8E
AjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA4GA1UdDwEB/wQEAwIHgDANBgkqhkiG
9w0BAQsFAAOCAQEAu/cLIE6Xu6lK3FLPVkZVWAmfx43x0G8GbgTpmAKJkmEU8So8
v0zyiAYJlWiJ3SfgAt+N5k+AimCja5b2LFKs1IbSfO8VdQiWIWb5myg7cICCPfVq
Hkf1NNvvIYm6iq464xyf/aoU1DKu7sL/iIvQKz6mQLO6bUBGddllEpFTpml2Yg3a
hsyX9WE9iSw7aDy0tYOAKUkb8tjZunZ/BGvjZdeQ6UVPZFxsJJ6Q+TleTQ4zFIKU
7NAqiDZnZLPM4RwFZOjhnxIjmRE2xfb8APCiKTU6faf2O3QGIutyqbL9WWeLrqZK
PEP+3eVKlQSCbI6aNOdO577gPD0677e2H2b7Fg==
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [max-age=421621, public, no-transform, must-revalidate]
Content-Length: [1419]
Content-Transfer-Encoding: [binary]
Content-Type: [application/ocsp-response]
Date: [Mon, 22 May 2017 10:37:02 GMT]
Expires: [Sat, 27 May 2017 07:44:03 GMT]
Last-Modified: [Sat, 20 May 2017 07:44:03 GMT]
Server: [nginx/1.10.2]
X-Cache: [TCP_REFRESH_MISS from a23-215-131-68.deploy.akamaitechnologies.com (AkamaiGHost/8.3.4.1-19946687) (S)]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • OCSP response is valid for at least 8 hours (Microsoft)
  • OCSP response is available at least 8 hours before the current period expires or at ½ the validity if valid for more than 16 hours (Microsoft)
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

thawte EV SSL CA - G3 (CA Certificate)

Certificate details for thawte EV SSL CA - G3 (At position 1 in certificate chain)
Serial number:
hex: 5d72fb337620f64c7280dbe91281ff6a
int: 124215220411876031223968719307607768938
Issued by: thawte Primary Root CA
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: thawte, Inc.
Country: US
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

Certificate Revocation List (CRL)

This CRL was cached at
http://t1.symcb.com/ThawtePCA.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://t1.symcb.com/ThawtePCA.crl
Size: 537 bytes (DER data)
Response time: 150.75492ms
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 1

Relevant server response headers

Date:
Last Modified:

Server and network information

Server Software: Apache
Content Delivery Network (CDN): Akamai
Cache Information: TCP_MEM_HIT from a23-217-200-71.deploy.akamaitechnologies.com (AkamaiGHost/8.3.4.1.1-20063003) (-)

Raw CRL response headers

Accept-Ranges: [bytes]
Content-Type: [application/pkix-crl]
Date: [Wed, 24 May 2017 15:29:05 GMT]
Etag: ["9a0c909d0279c1bbdf66260ef952850c:1490320987"]
Last-Modified: [Fri, 24 Mar 2017 02:01:25 GMT]
Server: [Apache]
Vary: [Accept-Encoding]
X-Cache: [TCP_MEM_HIT from a23-217-200-71.deploy.akamaitechnologies.com (AkamaiGHost/8.3.4.1.1-20063003) (-)]
  • Content-Type in response is set to 'application/pkix-crl (RFC 5280, section 4.2.1.13)'
  • This CRL file is DER encoded
  • Issuer field is byte-for-byte equivalent with issuers subject
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is not the same as ThisUpdate (RFC 5019, section 6.2)
  • Expires cache header not set (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://t2.symcb.com (GET)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://t2.symcb.com (GET)
Size: 1504 bytes (DER data)
Response time: 15.609312ms
Signature algorithm: SHA1WithRSA
Signature type: CA Deligated
Signed by: thawte Primary Root OCSP Responder Certificate 5
Issued by: thawte Primary Root CA
Signing certificate validity: 2016-11-22 - 2017-12-14
Signing certificate algorithm: SHA1-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 148h42m16s

Server and network information

Server Software: nginx/1.10.2
Content Delivery Network (CDN): Akamai
Cache Information: TCP_MEM_HIT from a23-217-200-53.deploy.akamaitechnologies.com (AkamaiGHost/8.3.4.1-19946687) (-)

URL used for GET request

http://t2.symcb.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEF1y%2BzN2IPZMcoDb6RKB%2F2o%3D

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD/yl6nWPkczAQUe1tF
z6/Oy3r9MZIaarbzRutXSFACEF1y+zN2IPZMcoDb6RKB/2o=
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIF3AoBAKCCBdUwggXRBgkrBgEFBQcwAQEEggXCMIIFvjCBnqIWBBSy2bdAZSGF
dJEJzQWJNOXg5SwcIxgPMjAxNzA1MjMyMDAxMzlaMHMwcTBJMAkGBSsOAwIaBQAE
FDAXimvD1LuYJsIQcP/KXqdY+RzMBBR7W0XPr87Lev0xkhpqtvNG61dIUAIQXXL7
M3Yg9kxygNvpEoH/aoAAGA8yMDE3MDUyMzIwMDEzOVqgERgPMjAxNzA1MzAyMDAx
MzlaMA0GCSqGSIb3DQEBBQUAA4IBAQAah0Q5EytvO4Ey9jFCI7TKQ7MOqpLtPX1Q
jX7p4qR5zKNMRjSDAX3XoiTqjzOojnvhV8DIAseCHXBHgkAxXp7OKFzQOhqRgJIQ
goXOoS2RjSq7/5PJjEgObUl3vF83tPx2GUcc1MI7dxqM5sNhHE3c2TJY1K1gtkBz
25TYebhbf1tPTsqmW3AKlDp2u07GGELJpHk+iqrkG4MZ0Zu+HQBY6hdXnD2Eti5K
K5uTalLzUFnqnuI/kRRv7wQchm1E+6PJvwxngrBiUTVvNAlMpSbg3v/vy+tJtkBC
PigjWP0t5rWjxY+enkrFc6wlMCtHzkfsITmwPDYPDFRT7MCAzMxvoIIEBTCCBAEw
ggP9MIIC5aADAgECAhBqIaLOBLu8Jqunme8AdApUMA0GCSqGSIb3DQEBBQUAMIGp
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3RlLCBJbmMuMSgwJgYDVQQLEx9D
ZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9uMTgwNgYDVQQLEy8oYykgMjAw
NiB0aGF3dGUsIEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTEfMB0GA1UE
AxMWdGhhd3RlIFByaW1hcnkgUm9vdCBDQTAeFw0xNjExMjIwMDAwMDBaFw0xNzEy
MTQyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwx0aGF3dGUsIEluYy4x
OTA3BgNVBAMTMHRoYXd0ZSBQcmltYXJ5IFJvb3QgT0NTUCBSZXNwb25kZXIgQ2Vy
dGlmaWNhdGUgNTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMwOc/CD
T/ilVz6H2rkWETL80qIX5ttu5I16yxgPVYUP2Qy1D6dpiw9JZb0Tw134T58HpV+B
e3HSYDvEwPLyCBgKDNGAQ4RTEvuVDAJXhDHFDe+tE3wUWX0QCsmqMqXTc/BI18Zx
1vekmip6OnwyEoRdlaIeRv1qFLOGj9NqcQrh3CN/4SJb/DnWmTQta4gODnKS/ADF
WRs/wB3rqPDBZhBLBqywq6YRmzcz6hb/dpddqcTp7tDtEHmw+BDWTl/92a2YwJAw
9mKjfzqNYZa37ydH0MYioCjreLj++js4ZCM+av59twiH//GjaqSaQnW2z7rKM/5A
5tBowI+SWtr93p8CAwEAAaNqMGgwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDwYJKwYB
BQUHMAEFBAIFADAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIHgDAiBgNVHREE
GzAZpBcwFTETMBEGA1UEAxMKVEdWLU9GRi01MTANBgkqhkiG9w0BAQUFAAOCAQEA
MZQVzAXoEbM5j6fQNNDzrTvMeEMlOlf8ShOg6pa5Y6/s9m+3nEqxRZhdJXtqn7YI
2736XikAfsn7cVikARa66mlLn6QxdnbUHX/TUpJf2/nZqCb2T80lmSjOfLwBzdgD
9N4MUzs16ivcuEEEJhuBhtcp/66+oEQqdXdLejHG61bRkhnqrW6U9sGBPhoQw2Hq
G3zclM6IlNJX+LYxOuDDD/5SbKAbcy+QBsue7Yf5XG7lZacI9CVFreoggA+YR8VQ
SVChJNc4k3ALASLz2OckP2X/357OiJFcsoqNdeo70ZLPLS4U/gOn60QiAnxonBCJ
PjZyT4sg074MlhPJSGR+HA==
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIID/TCCAuWgAwIBAgIQaiGizgS7vCarp5nvAHQKVDANBgkqhkiG9w0BAQUFADCB
qTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMf
Q2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIw
MDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxHzAdBgNV
BAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwHhcNMTYxMTIyMDAwMDAwWhcNMTcx
MjE0MjM1OTU5WjBfMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3RlLCBJbmMu
MTkwNwYDVQQDEzB0aGF3dGUgUHJpbWFyeSBSb290IE9DU1AgUmVzcG9uZGVyIENl
cnRpZmljYXRlIDUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMDnPw
g0/4pVc+h9q5FhEy/NKiF+bbbuSNessYD1WFD9kMtQ+naYsPSWW9E8Nd+E+fB6Vf
gXtx0mA7xMDy8ggYCgzRgEOEUxL7lQwCV4QxxQ3vrRN8FFl9EArJqjKl03PwSNfG
cdb3pJoqejp8MhKEXZWiHkb9ahSzho/TanEK4dwjf+EiW/w51pk0LWuIDg5ykvwA
xVkbP8Ad66jwwWYQSwassKumEZs3M+oW/3aXXanE6e7Q7RB5sPgQ1k5f/dmtmMCQ
MPZio386jWGWt+8nR9DGIqAo63i4/vo7OGQjPmr+fbcIh//xo2qkmkJ1ts+6yjP+
QObQaMCPklra/d6fAgMBAAGjajBoMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA8GCSsG
AQUFBzABBQQCBQAwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCB4AwIgYDVR0R
BBswGaQXMBUxEzARBgNVBAMTClRHVi1PRkYtNTEwDQYJKoZIhvcNAQEFBQADggEB
ADGUFcwF6BGzOY+n0DTQ8607zHhDJTpX/EoToOqWuWOv7PZvt5xKsUWYXSV7ap+2
CNu9+l4pAH7J+3FYpAEWuuppS5+kMXZ21B1/01KSX9v52agm9k/NJZkozny8Ac3Y
A/TeDFM7Neor3LhBBCYbgYbXKf+uvqBEKnV3S3oxxutW0ZIZ6q1ulPbBgT4aEMNh
6ht83JTOiJTSV/i2MTrgww/+UmygG3MvkAbLnu2H+Vxu5WWnCPQlRa3qIIAPmEfF
UElQoSTXOJNwCwEi89jnJD9l/9+ezoiRXLKKjXXqO9GSzy0uFP4Dp+tEIgJ8aJwQ
iT42ck+LINO+DJYTyUhkfhw=
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [max-age=535336, public, no-transform, must-revalidate]
Content-Length: [1504]
Content-Transfer-Encoding: [binary]
Content-Type: [application/ocsp-response]
Date: [Wed, 24 May 2017 15:19:29 GMT]
Expires: [Tue, 30 May 2017 20:01:39 GMT]
Last-Modified: [Tue, 23 May 2017 20:01:39 GMT]
Server: [nginx/1.10.2]
X-Cache: [TCP_MEM_HIT from a23-217-200-53.deploy.akamaitechnologies.com (AkamaiGHost/8.3.4.1-19946687) (-)]
  • OCSP requests is smaller than 255 bytes
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header outlives NextUpdate with 6s
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)
This OCSP response was cached at
http://t2.symcb.com (POST)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://t2.symcb.com (POST)
Size: 1504 bytes (DER data)
Response time: 99.108346ms
Signature algorithm: SHA1WithRSA
Signature type: CA Deligated
Signed by: thawte Primary Root OCSP Responder Certificate 5
Issued by: thawte Primary Root CA
Signing certificate validity: 2016-11-22 - 2017-12-14
Signing certificate algorithm: SHA1-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 148h42m10s

Server and network information

Server Software: nginx/1.10.2
Content Delivery Network (CDN): Akamai
Cache Information: TCP_REFRESH_MISS from a23-217-200-53.deploy.akamaitechnologies.com (AkamaiGHost/8.3.4.1-19946687) (S)

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD/yl6nWPkczAQUe1tF
z6/Oy3r9MZIaarbzRutXSFACEF1y+zN2IPZMcoDb6RKB/2o=
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIF3AoBAKCCBdUwggXRBgkrBgEFBQcwAQEEggXCMIIFvjCBnqIWBBSy2bdAZSGF
dJEJzQWJNOXg5SwcIxgPMjAxNzA1MjMyMDAxMzlaMHMwcTBJMAkGBSsOAwIaBQAE
FDAXimvD1LuYJsIQcP/KXqdY+RzMBBR7W0XPr87Lev0xkhpqtvNG61dIUAIQXXL7
M3Yg9kxygNvpEoH/aoAAGA8yMDE3MDUyMzIwMDEzOVqgERgPMjAxNzA1MzAyMDAx
MzlaMA0GCSqGSIb3DQEBBQUAA4IBAQAah0Q5EytvO4Ey9jFCI7TKQ7MOqpLtPX1Q
jX7p4qR5zKNMRjSDAX3XoiTqjzOojnvhV8DIAseCHXBHgkAxXp7OKFzQOhqRgJIQ
goXOoS2RjSq7/5PJjEgObUl3vF83tPx2GUcc1MI7dxqM5sNhHE3c2TJY1K1gtkBz
25TYebhbf1tPTsqmW3AKlDp2u07GGELJpHk+iqrkG4MZ0Zu+HQBY6hdXnD2Eti5K
K5uTalLzUFnqnuI/kRRv7wQchm1E+6PJvwxngrBiUTVvNAlMpSbg3v/vy+tJtkBC
PigjWP0t5rWjxY+enkrFc6wlMCtHzkfsITmwPDYPDFRT7MCAzMxvoIIEBTCCBAEw
ggP9MIIC5aADAgECAhBqIaLOBLu8Jqunme8AdApUMA0GCSqGSIb3DQEBBQUAMIGp
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3RlLCBJbmMuMSgwJgYDVQQLEx9D
ZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9uMTgwNgYDVQQLEy8oYykgMjAw
NiB0aGF3dGUsIEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTEfMB0GA1UE
AxMWdGhhd3RlIFByaW1hcnkgUm9vdCBDQTAeFw0xNjExMjIwMDAwMDBaFw0xNzEy
MTQyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwx0aGF3dGUsIEluYy4x
OTA3BgNVBAMTMHRoYXd0ZSBQcmltYXJ5IFJvb3QgT0NTUCBSZXNwb25kZXIgQ2Vy
dGlmaWNhdGUgNTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMwOc/CD
T/ilVz6H2rkWETL80qIX5ttu5I16yxgPVYUP2Qy1D6dpiw9JZb0Tw134T58HpV+B
e3HSYDvEwPLyCBgKDNGAQ4RTEvuVDAJXhDHFDe+tE3wUWX0QCsmqMqXTc/BI18Zx
1vekmip6OnwyEoRdlaIeRv1qFLOGj9NqcQrh3CN/4SJb/DnWmTQta4gODnKS/ADF
WRs/wB3rqPDBZhBLBqywq6YRmzcz6hb/dpddqcTp7tDtEHmw+BDWTl/92a2YwJAw
9mKjfzqNYZa37ydH0MYioCjreLj++js4ZCM+av59twiH//GjaqSaQnW2z7rKM/5A
5tBowI+SWtr93p8CAwEAAaNqMGgwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDwYJKwYB
BQUHMAEFBAIFADAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIHgDAiBgNVHREE
GzAZpBcwFTETMBEGA1UEAxMKVEdWLU9GRi01MTANBgkqhkiG9w0BAQUFAAOCAQEA
MZQVzAXoEbM5j6fQNNDzrTvMeEMlOlf8ShOg6pa5Y6/s9m+3nEqxRZhdJXtqn7YI
2736XikAfsn7cVikARa66mlLn6QxdnbUHX/TUpJf2/nZqCb2T80lmSjOfLwBzdgD
9N4MUzs16ivcuEEEJhuBhtcp/66+oEQqdXdLejHG61bRkhnqrW6U9sGBPhoQw2Hq
G3zclM6IlNJX+LYxOuDDD/5SbKAbcy+QBsue7Yf5XG7lZacI9CVFreoggA+YR8VQ
SVChJNc4k3ALASLz2OckP2X/357OiJFcsoqNdeo70ZLPLS4U/gOn60QiAnxonBCJ
PjZyT4sg074MlhPJSGR+HA==
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIID/TCCAuWgAwIBAgIQaiGizgS7vCarp5nvAHQKVDANBgkqhkiG9w0BAQUFADCB
qTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMf
Q2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIw
MDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxHzAdBgNV
BAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwHhcNMTYxMTIyMDAwMDAwWhcNMTcx
MjE0MjM1OTU5WjBfMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3RlLCBJbmMu
MTkwNwYDVQQDEzB0aGF3dGUgUHJpbWFyeSBSb290IE9DU1AgUmVzcG9uZGVyIENl
cnRpZmljYXRlIDUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMDnPw
g0/4pVc+h9q5FhEy/NKiF+bbbuSNessYD1WFD9kMtQ+naYsPSWW9E8Nd+E+fB6Vf
gXtx0mA7xMDy8ggYCgzRgEOEUxL7lQwCV4QxxQ3vrRN8FFl9EArJqjKl03PwSNfG
cdb3pJoqejp8MhKEXZWiHkb9ahSzho/TanEK4dwjf+EiW/w51pk0LWuIDg5ykvwA
xVkbP8Ad66jwwWYQSwassKumEZs3M+oW/3aXXanE6e7Q7RB5sPgQ1k5f/dmtmMCQ
MPZio386jWGWt+8nR9DGIqAo63i4/vo7OGQjPmr+fbcIh//xo2qkmkJ1ts+6yjP+
QObQaMCPklra/d6fAgMBAAGjajBoMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA8GCSsG
AQUFBzABBQQCBQAwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCB4AwIgYDVR0R
BBswGaQXMBUxEzARBgNVBAMTClRHVi1PRkYtNTEwDQYJKoZIhvcNAQEFBQADggEB
ADGUFcwF6BGzOY+n0DTQ8607zHhDJTpX/EoToOqWuWOv7PZvt5xKsUWYXSV7ap+2
CNu9+l4pAH7J+3FYpAEWuuppS5+kMXZ21B1/01KSX9v52agm9k/NJZkozny8Ac3Y
A/TeDFM7Neor3LhBBCYbgYbXKf+uvqBEKnV3S3oxxutW0ZIZ6q1ulPbBgT4aEMNh
6ht83JTOiJTSV/i2MTrgww/+UmygG3MvkAbLnu2H+Vxu5WWnCPQlRa3qIIAPmEfF
UElQoSTXOJNwCwEi89jnJD9l/9+ezoiRXLKKjXXqO9GSzy0uFP4Dp+tEIgJ8aJwQ
iT42ck+LINO+DJYTyUhkfhw=
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [max-age=535330, public, no-transform, must-revalidate]
Content-Length: [1504]
Content-Transfer-Encoding: [binary]
Content-Type: [application/ocsp-response]
Date: [Wed, 24 May 2017 15:19:29 GMT]
Expires: [Tue, 30 May 2017 20:01:39 GMT]
Last-Modified: [Tue, 23 May 2017 20:01:39 GMT]
Server: [nginx/1.10.2]
X-Cache: [TCP_REFRESH_MISS from a23-217-200-53.deploy.akamaitechnologies.com (AkamaiGHost/8.3.4.1-19946687) (S)]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

thawte Primary Root CA (CA Certificate)

Certificate details for thawte Primary Root CA (At position 2 in certificate chain)
Serial number:
hex: 344ed55720d5edec49f42fce37db2b6d
int: 69529181992039203566298953787712940909
Issued by: thawte Primary Root CA
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: thawte, Inc.
Organization unit: Certification Services Division
Organization unit: (c) 2006 thawte, Inc. - For authorized use only
Country: US
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

This is a self signed certificate

Check the revocation status for another website

Created by Paul van Brouwershaven
Revoked certificates can't and should not be trusted, these certificate will cause errors like "NET::ERR_CERT_REVOKED" in browsers.