CRL & OCSP report for 0-checkpoint.riag.com.liucat.lib.liu.edu - liucat.lib.liu.edu (Long Island University)

liucat.lib.liu.edu

This certificate was cached at
Certificate details for liucat.lib.liu.edu (At position 0 in certificate chain)
Serial number:
hex: 71c15248a9a98bc3d39f81e15dca36c8
int: 151206545731915850979071105880289851080
Issued by: thawte EV SSL CA - G3
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Company registration number: Government Entity
Organization: Long Island University
Organization unit: IT
State / Province: New York
Locality: Greenvale
Country: US
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

View complete certificate details for 0-checkpoint.riag.com.liucat.lib.liu.edu.

Certificate Revocation List (CRL)

This CRL was cached at
http://ti.symcb.com/ti.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://ti.symcb.com/ti.crl
Size: 18479 bytes (DER data)
Response time: 14.897633ms
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 515

Relevant server response headers

Date:
Last Modified:

Server and network information

Server Software: Apache
Content Delivery Network (CDN): Akamai
Cache Information: TCP_MEM_HIT from a23-219-93-63.deploy.akamaitechnologies.com (AkamaiGHost/8.2.0.0.2-18911410) (-)

Raw CRL response headers

Accept-Ranges: [bytes]
Content-Type: [application/pkix-crl]
Date: [Wed, 18 Jan 2017 09:07:39 GMT]
Etag: ["2e0a87a26e74151a4904fd1e0812f77e:1484687492"]
Last-Modified: [Tue, 17 Jan 2017 21:11:32 GMT]
Server: [Apache]
Vary: [Accept-Encoding]
X-Cache: [TCP_MEM_HIT from a23-219-93-63.deploy.akamaitechnologies.com (AkamaiGHost/8.2.0.0.2-18911410) (-)]
  • Content-Type in response is set to 'application/pkix-crl (RFC 5280, section 4.2.1.13)'
  • This CRL file is DER encoded
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than seven days old, CRLs must be updated and reissued at least every seven days (Mozilla Maintenance Policy section 3)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is not the same as ThisUpdate (RFC 5019, section 6.2)
  • Expires cache header not set (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://ti.symcd.com (POST)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ti.symcd.com (POST)
Size: 1420 bytes (DER data)
Response time: 108.752096ms
Signature algorithm: SHA1WithRSA
Signature type: CA Deligated
Signed by: thawte EV SSL CA - G3 OCSP Responder
Issued by: thawte EV SSL CA - G3
Signing certificate validity: 2016-11-13 - 2017-02-11
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 95h49m47s

Server and network information

Server Software: nginx/1.10.2
Content Delivery Network (CDN): Akamai
Cache Information: TCP_MISS from a23-215-131-86.deploy.akamaitechnologies.com (AkamaiGHost/8.2.0.0.2-18911410) (-)

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFEwTzBNMEswSTAJBgUrDgMCGgUABBRf3h+5hEjM/dnIiVtt0Z/tptP7EQQU8HBR
2tMqkU9Sd9eGd3QPznEabCICEHHBUkipqYvD05+B4V3KNsg=
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIFiAoBAKCCBYEwggV9BgkrBgEFBQcwAQEEggVuMIIFajCBnqIWBBTHcogESGlr
6rcSlDgRwoHxI1EOVBgPMjAxNzAxMjAwNzIwNDRaMHMwcTBJMAkGBSsOAwIaBQAE
FF/eH7mESMz92ciJW23Rn+2m0/sRBBTwcFHa0yqRT1J314Z3dA/OcRpsIgIQccFS
SKmpi8PTn4HhXco2yIAAGA8yMDE3MDEyMDA3MjA0NFqgERgPMjAxNzAxMjcwNzIw
NDRaMA0GCSqGSIb3DQEBBQUAA4IBAQCN7m2iNCdCJFD1Tqjgz8jKaJc1p16s10MP
Aw+pDheVTWNrShdTVG2Ie+kDOqlYnBgJcG6cYMPqQes6rE8g5FwcTDR+9dTY/E9X
Vu+lzib4FH1KXGvwLiuH9vL3hHQ0nJGmJCkI/IOfeou3hnP4HGV11ZqV4rqwgdxa
LWBHpX8sNgK0TgBPVUvraCLPrsmgO5yKH1lf0O8mCniRVRIlgiH/S7k94eiLYzYQ
3m1jbSDkM3zBHAdjM9cldRe6qxa2Z502bF1lwQyi+/G7RWmu4MnNAYsxQcSZevRo
dTh/RkTI7D0PkamyLDn2KmLx9BQOXFSEBbNV8hBb7BL4aAULfZztoIIDsTCCA60w
ggOpMIICkaADAgECAhBws1M+IDuHm0PJz3ZgUwU+MA0GCSqGSIb3DQEBCwUAMEQx
CzAJBgNVBAYTAlVTMRUwEwYDVQQKEwx0aGF3dGUsIEluYy4xHjAcBgNVBAMTFXRo
YXd0ZSBFViBTU0wgQ0EgLSBHMzAeFw0xNjExMTMwMDAwMDBaFw0xNzAyMTEyMzU5
NTlaMC8xLTArBgNVBAMTJHRoYXd0ZSBFViBTU0wgQ0EgLSBHMyBPQ1NQIFJlc3Bv
bmRlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJLlE7BI66OsujXx
tfMDgz5g4kxvQ9zUXiHyQZU9ayVceH1PYuraUwy3mXtp7EYB706jss7kLi6bwtLK
kbbIoklZmdSNap8VIoTvH7nFt7TNinkEeeN8ltUPrIqdKJaZYg1Pgi0MOdAcJpnQ
XmZKfhwnqBeQHVqwJ1iUBkusiAQRivQ+Af3EHTHGn2UEfHdne9s9F3Uaoh+ELA0G
N7vrAWAyfI/ljeVgvqFCJOqjTrIVTOISs9DO80ci83m9tFyzsiwbBTlDTvatW8sE
00GiIxWsvqXnqoVg4e60XAYdfHtCU2lVZQYHgG5Go92o65y0MiLl9iePCTybfQcs
dFIP3SsCAwEAAaOBqzCBqDAPBgkrBgEFBQcwAQUEAgUAMCIGA1UdEQQbMBmkFzAV
MRMwEQYDVQQDEwpUR1YtRC0yNzc3MB8GA1UdIwQYMBaAFPBwUdrTKpFPUnfXhnd0
D85xGmwiMB0GA1UdDgQWBBTHcogESGlr6rcSlDgRwoHxI1EOVDAMBgNVHRMBAf8E
AjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA4GA1UdDwEB/wQEAwIHgDANBgkqhkiG
9w0BAQsFAAOCAQEAgkGBU7dYKSGtsVs4TqscM7o9AxO9m+Qk7DRUIEMGHqNYPNuz
oVAx6cqp6IHOXWQdU/LK5hb8qVREIVqgzXah6O1y+uL8NBPqXE9lwjSnJ+Y4Q24w
3kVFNoTGzQ2MqtbK5kaNoluns3f8rLFUgbs7Fb4hu5fvZ6A5zn+Ey98xbutBt3wp
qXMDE51+I4XocwYlhGPeQkn3ZLIdCvYJF6UYES+sVwrkCHUAfJTgQkThHBfUZXzK
4VA4KQomRVUo8dDTWJOwIGykXR6o339YuHqwP8rh9y68HnxRVIXDtMItZzLapE20
tyCBKEYNBju2mPosuLB6g4RPmgOBBQfA3mXPHA==
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIDqTCCApGgAwIBAgIQcLNTPiA7h5tDyc92YFMFPjANBgkqhkiG9w0BAQsFADBE
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3RlLCBJbmMuMR4wHAYDVQQDExV0
aGF3dGUgRVYgU1NMIENBIC0gRzMwHhcNMTYxMTEzMDAwMDAwWhcNMTcwMjExMjM1
OTU5WjAvMS0wKwYDVQQDEyR0aGF3dGUgRVYgU1NMIENBIC0gRzMgT0NTUCBSZXNw
b25kZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCS5ROwSOujrLo1
8bXzA4M+YOJMb0Pc1F4h8kGVPWslXHh9T2Lq2lMMt5l7aexGAe9Oo7LO5C4um8LS
ypG2yKJJWZnUjWqfFSKE7x+5xbe0zYp5BHnjfJbVD6yKnSiWmWINT4ItDDnQHCaZ
0F5mSn4cJ6gXkB1asCdYlAZLrIgEEYr0PgH9xB0xxp9lBHx3Z3vbPRd1GqIfhCwN
Bje76wFgMnyP5Y3lYL6hQiTqo06yFUziErPQzvNHIvN5vbRcs7IsGwU5Q072rVvL
BNNBoiMVrL6l56qFYOHutFwGHXx7QlNpVWUGB4BuRqPdqOuctDIi5fYnjwk8m30H
LHRSD90rAgMBAAGjgaswgagwDwYJKwYBBQUHMAEFBAIFADAiBgNVHREEGzAZpBcw
FTETMBEGA1UEAxMKVEdWLUQtMjc3NzAfBgNVHSMEGDAWgBTwcFHa0yqRT1J314Z3
dA/OcRpsIjAdBgNVHQ4EFgQUx3KIBEhpa+q3EpQ4EcKB8SNRDlQwDAYDVR0TAQH/
BAIwADATBgNVHSUEDDAKBggrBgEFBQcDCTAOBgNVHQ8BAf8EBAMCB4AwDQYJKoZI
hvcNAQELBQADggEBAIJBgVO3WCkhrbFbOE6rHDO6PQMTvZvkJOw0VCBDBh6jWDzb
s6FQMenKqeiBzl1kHVPyyuYW/KlURCFaoM12oejtcvri/DQT6lxPZcI0pyfmOENu
MN5FRTaExs0NjKrWyuZGjaJbp7N3/KyxVIG7OxW+IbuX72egOc5/hMvfMW7rQbd8
KalzAxOdfiOF6HMGJYRj3kJJ92SyHQr2CRelGBEvrFcK5Ah1AHyU4EJE4RwX1GV8
yuFQOCkKJkVVKPHQ01iTsCBspF0eqN9/WLh6sD/K4fcuvB58UVSFw7TCLWcy2qRN
tLcggShGDQY7tpj6LLiweoOET5oDgQUHwN5lzxw=
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [max-age=344987, public, no-transform, must-revalidate]
Content-Length: [1420]
Content-Transfer-Encoding: [binary]
Content-Type: [application/ocsp-response]
Date: [Mon, 23 Jan 2017 07:30:57 GMT]
Expires: [Fri, 27 Jan 2017 07:20:44 GMT]
Last-Modified: [Fri, 20 Jan 2017 07:20:44 GMT]
Server: [nginx/1.10.2]
X-Cache: [TCP_MISS from a23-215-131-86.deploy.akamaitechnologies.com (AkamaiGHost/8.2.0.0.2-18911410) (-)]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)
This OCSP response was cached at
http://ti.symcd.com (GET)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ti.symcd.com (GET)
Size: 1420 bytes (DER data)
Response time: 138.50079ms
Signature algorithm: SHA1WithRSA
Signature type: CA Deligated
Signed by: thawte EV SSL CA - G3 OCSP Responder
Issued by: thawte EV SSL CA - G3
Signing certificate validity: 2016-11-13 - 2017-02-11
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 95h49m47s

Server and network information

Server Software: nginx/1.10.2
Content Delivery Network (CDN): Akamai
Cache Information: TCP_MISS from a23-215-131-68.deploy.akamaitechnologies.com (AkamaiGHost/8.2.0.0.2-18911410) (-)

URL used for GET request

http:/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRf3h%2B5hEjM%2FdnIiVtt0Z%2FtptP7EQQU8HBR2tMqkU9Sd9eGd3QPznEabCICEHHBUkipqYvD05%2BB4V3KNsg%3D

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFEwTzBNMEswSTAJBgUrDgMCGgUABBRf3h+5hEjM/dnIiVtt0Z/tptP7EQQU8HBR
2tMqkU9Sd9eGd3QPznEabCICEHHBUkipqYvD05+B4V3KNsg=
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIFiAoBAKCCBYEwggV9BgkrBgEFBQcwAQEEggVuMIIFajCBnqIWBBTHcogESGlr
6rcSlDgRwoHxI1EOVBgPMjAxNzAxMjAwNzIwNDRaMHMwcTBJMAkGBSsOAwIaBQAE
FF/eH7mESMz92ciJW23Rn+2m0/sRBBTwcFHa0yqRT1J314Z3dA/OcRpsIgIQccFS
SKmpi8PTn4HhXco2yIAAGA8yMDE3MDEyMDA3MjA0NFqgERgPMjAxNzAxMjcwNzIw
NDRaMA0GCSqGSIb3DQEBBQUAA4IBAQCN7m2iNCdCJFD1Tqjgz8jKaJc1p16s10MP
Aw+pDheVTWNrShdTVG2Ie+kDOqlYnBgJcG6cYMPqQes6rE8g5FwcTDR+9dTY/E9X
Vu+lzib4FH1KXGvwLiuH9vL3hHQ0nJGmJCkI/IOfeou3hnP4HGV11ZqV4rqwgdxa
LWBHpX8sNgK0TgBPVUvraCLPrsmgO5yKH1lf0O8mCniRVRIlgiH/S7k94eiLYzYQ
3m1jbSDkM3zBHAdjM9cldRe6qxa2Z502bF1lwQyi+/G7RWmu4MnNAYsxQcSZevRo
dTh/RkTI7D0PkamyLDn2KmLx9BQOXFSEBbNV8hBb7BL4aAULfZztoIIDsTCCA60w
ggOpMIICkaADAgECAhBws1M+IDuHm0PJz3ZgUwU+MA0GCSqGSIb3DQEBCwUAMEQx
CzAJBgNVBAYTAlVTMRUwEwYDVQQKEwx0aGF3dGUsIEluYy4xHjAcBgNVBAMTFXRo
YXd0ZSBFViBTU0wgQ0EgLSBHMzAeFw0xNjExMTMwMDAwMDBaFw0xNzAyMTEyMzU5
NTlaMC8xLTArBgNVBAMTJHRoYXd0ZSBFViBTU0wgQ0EgLSBHMyBPQ1NQIFJlc3Bv
bmRlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJLlE7BI66OsujXx
tfMDgz5g4kxvQ9zUXiHyQZU9ayVceH1PYuraUwy3mXtp7EYB706jss7kLi6bwtLK
kbbIoklZmdSNap8VIoTvH7nFt7TNinkEeeN8ltUPrIqdKJaZYg1Pgi0MOdAcJpnQ
XmZKfhwnqBeQHVqwJ1iUBkusiAQRivQ+Af3EHTHGn2UEfHdne9s9F3Uaoh+ELA0G
N7vrAWAyfI/ljeVgvqFCJOqjTrIVTOISs9DO80ci83m9tFyzsiwbBTlDTvatW8sE
00GiIxWsvqXnqoVg4e60XAYdfHtCU2lVZQYHgG5Go92o65y0MiLl9iePCTybfQcs
dFIP3SsCAwEAAaOBqzCBqDAPBgkrBgEFBQcwAQUEAgUAMCIGA1UdEQQbMBmkFzAV
MRMwEQYDVQQDEwpUR1YtRC0yNzc3MB8GA1UdIwQYMBaAFPBwUdrTKpFPUnfXhnd0
D85xGmwiMB0GA1UdDgQWBBTHcogESGlr6rcSlDgRwoHxI1EOVDAMBgNVHRMBAf8E
AjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA4GA1UdDwEB/wQEAwIHgDANBgkqhkiG
9w0BAQsFAAOCAQEAgkGBU7dYKSGtsVs4TqscM7o9AxO9m+Qk7DRUIEMGHqNYPNuz
oVAx6cqp6IHOXWQdU/LK5hb8qVREIVqgzXah6O1y+uL8NBPqXE9lwjSnJ+Y4Q24w
3kVFNoTGzQ2MqtbK5kaNoluns3f8rLFUgbs7Fb4hu5fvZ6A5zn+Ey98xbutBt3wp
qXMDE51+I4XocwYlhGPeQkn3ZLIdCvYJF6UYES+sVwrkCHUAfJTgQkThHBfUZXzK
4VA4KQomRVUo8dDTWJOwIGykXR6o339YuHqwP8rh9y68HnxRVIXDtMItZzLapE20
tyCBKEYNBju2mPosuLB6g4RPmgOBBQfA3mXPHA==
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIDqTCCApGgAwIBAgIQcLNTPiA7h5tDyc92YFMFPjANBgkqhkiG9w0BAQsFADBE
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3RlLCBJbmMuMR4wHAYDVQQDExV0
aGF3dGUgRVYgU1NMIENBIC0gRzMwHhcNMTYxMTEzMDAwMDAwWhcNMTcwMjExMjM1
OTU5WjAvMS0wKwYDVQQDEyR0aGF3dGUgRVYgU1NMIENBIC0gRzMgT0NTUCBSZXNw
b25kZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCS5ROwSOujrLo1
8bXzA4M+YOJMb0Pc1F4h8kGVPWslXHh9T2Lq2lMMt5l7aexGAe9Oo7LO5C4um8LS
ypG2yKJJWZnUjWqfFSKE7x+5xbe0zYp5BHnjfJbVD6yKnSiWmWINT4ItDDnQHCaZ
0F5mSn4cJ6gXkB1asCdYlAZLrIgEEYr0PgH9xB0xxp9lBHx3Z3vbPRd1GqIfhCwN
Bje76wFgMnyP5Y3lYL6hQiTqo06yFUziErPQzvNHIvN5vbRcs7IsGwU5Q072rVvL
BNNBoiMVrL6l56qFYOHutFwGHXx7QlNpVWUGB4BuRqPdqOuctDIi5fYnjwk8m30H
LHRSD90rAgMBAAGjgaswgagwDwYJKwYBBQUHMAEFBAIFADAiBgNVHREEGzAZpBcw
FTETMBEGA1UEAxMKVEdWLUQtMjc3NzAfBgNVHSMEGDAWgBTwcFHa0yqRT1J314Z3
dA/OcRpsIjAdBgNVHQ4EFgQUx3KIBEhpa+q3EpQ4EcKB8SNRDlQwDAYDVR0TAQH/
BAIwADATBgNVHSUEDDAKBggrBgEFBQcDCTAOBgNVHQ8BAf8EBAMCB4AwDQYJKoZI
hvcNAQELBQADggEBAIJBgVO3WCkhrbFbOE6rHDO6PQMTvZvkJOw0VCBDBh6jWDzb
s6FQMenKqeiBzl1kHVPyyuYW/KlURCFaoM12oejtcvri/DQT6lxPZcI0pyfmOENu
MN5FRTaExs0NjKrWyuZGjaJbp7N3/KyxVIG7OxW+IbuX72egOc5/hMvfMW7rQbd8
KalzAxOdfiOF6HMGJYRj3kJJ92SyHQr2CRelGBEvrFcK5Ah1AHyU4EJE4RwX1GV8
yuFQOCkKJkVVKPHQ01iTsCBspF0eqN9/WLh6sD/K4fcuvB58UVSFw7TCLWcy2qRN
tLcggShGDQY7tpj6LLiweoOET5oDgQUHwN5lzxw=
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [max-age=344987, public, no-transform, must-revalidate]
Content-Length: [1420]
Content-Transfer-Encoding: [binary]
Content-Type: [application/ocsp-response]
Date: [Mon, 23 Jan 2017 07:30:57 GMT]
Expires: [Fri, 27 Jan 2017 07:20:44 GMT]
Last-Modified: [Fri, 20 Jan 2017 07:20:44 GMT]
Server: [nginx/1.10.2]
X-Cache: [TCP_MISS from a23-215-131-68.deploy.akamaitechnologies.com (AkamaiGHost/8.2.0.0.2-18911410) (-)]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

thawte EV SSL CA - G3 (CA Certificate)

This certificate was cached at
Certificate details for thawte EV SSL CA - G3 (At position 1 in certificate chain)
Serial number:
hex: 5d72fb337620f64c7280dbe91281ff6a
int: 124215220411876031223968719307607768938
Issued by: thawte Primary Root CA
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: thawte, Inc.
Country: US
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

Certificate Revocation List (CRL)

This CRL was cached at
http://t1.symcb.com/ThawtePCA.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://t1.symcb.com/ThawtePCA.crl
Size: 537 bytes (DER data)
Response time: 8.808546ms
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 1

Relevant server response headers

Date:
Last Modified:

Server and network information

Server Software: Apache
Content Delivery Network (CDN): Akamai
Cache Information: TCP_MEM_HIT from a165-254-123-174.deploy.akamaitechnologies.com (AkamaiGHost/8.2.0.0.2-18911410) (-)

Raw CRL response headers

Accept-Ranges: [bytes]
Content-Type: [application/pkix-crl]
Date: [Sun, 22 Jan 2017 17:32:43 GMT]
Etag: ["97d74be76a349c9d5232f6dd460156a6:1482373812"]
Last-Modified: [Thu, 22 Dec 2016 02:30:12 GMT]
Server: [Apache]
Vary: [Accept-Encoding]
X-Cache: [TCP_MEM_HIT from a165-254-123-174.deploy.akamaitechnologies.com (AkamaiGHost/8.2.0.0.2-18911410) (-)]
  • Content-Type in response is set to 'application/pkix-crl (RFC 5280, section 4.2.1.13)'
  • This CRL file is DER encoded
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is not the same as ThisUpdate (RFC 5019, section 6.2)
  • Expires cache header not set (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://t2.symcb.com (GET)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://t2.symcb.com (GET)
Size: 1504 bytes (DER data)
Response time: 7.057502ms
Signature algorithm: SHA1WithRSA
Signature type: CA Deligated
Signed by: thawte Primary Root OCSP Responder Certificate 5
Issued by: thawte Primary Root CA
Signing certificate validity: 2016-11-22 - 2017-12-14
Signing certificate algorithm: SHA1-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 143h32m40s

Server and network information

Server Software: nginx/1.10.2
Content Delivery Network (CDN): Akamai
Cache Information: TCP_REFRESH_MISS from a165-254-35-191.deploy.akamaitechnologies.com (AkamaiGHost/8.2.0.0.2-18911410) (S)

URL used for GET request

http:/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEF1y%2BzN2IPZMcoDb6RKB%2F2o%3D

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD/yl6nWPkczAQUe1tF
z6/Oy3r9MZIaarbzRutXSFACEF1y+zN2IPZMcoDb6RKB/2o=
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIF3AoBAKCCBdUwggXRBgkrBgEFBQcwAQEEggXCMIIFvjCBnqIWBBSy2bdAZSGF
dJEJzQWJNOXg5SwcIxgPMjAxNzAxMjAxMzAxMjVaMHMwcTBJMAkGBSsOAwIaBQAE
FDAXimvD1LuYJsIQcP/KXqdY+RzMBBR7W0XPr87Lev0xkhpqtvNG61dIUAIQXXL7
M3Yg9kxygNvpEoH/aoAAGA8yMDE3MDEyMDEzMDEyNVqgERgPMjAxNzAxMjcxMzAx
MjVaMA0GCSqGSIb3DQEBBQUAA4IBAQCLTRC8oep1cNyEjbWJcGO1PVP/Stg/hLf6
Wvw/74WYkEa67vD4bZdYTQ+X168rcHO+wlBHLu5yjB0WBGHbNZtNbj+IWYFk7ZUH
d+lA8D1ZBgo9f1EqerbqsBcCdffzec7gEv0ZzeWS5cMGDQcMl1QOkFDER8pXjiu4
X088RufQ8Vw3iygRDCyMzynrUCQ2WEQ7tmQ0RRY6JVAij7vzDPdCvQ9dQWPubOHB
LNm3KVzvUbdeGKxPigAaWpMq+897iB+NaurWAVJ8Ibcxp4tCunKRK1X6IJmt3Yxi
kfZvtNIYF2t5cne8vYolnFqOL3aRLi8nVskUJzwmT9+lGD88DkAvoIIEBTCCBAEw
ggP9MIIC5aADAgECAhBqIaLOBLu8Jqunme8AdApUMA0GCSqGSIb3DQEBBQUAMIGp
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3RlLCBJbmMuMSgwJgYDVQQLEx9D
ZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9uMTgwNgYDVQQLEy8oYykgMjAw
NiB0aGF3dGUsIEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTEfMB0GA1UE
AxMWdGhhd3RlIFByaW1hcnkgUm9vdCBDQTAeFw0xNjExMjIwMDAwMDBaFw0xNzEy
MTQyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwx0aGF3dGUsIEluYy4x
OTA3BgNVBAMTMHRoYXd0ZSBQcmltYXJ5IFJvb3QgT0NTUCBSZXNwb25kZXIgQ2Vy
dGlmaWNhdGUgNTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMwOc/CD
T/ilVz6H2rkWETL80qIX5ttu5I16yxgPVYUP2Qy1D6dpiw9JZb0Tw134T58HpV+B
e3HSYDvEwPLyCBgKDNGAQ4RTEvuVDAJXhDHFDe+tE3wUWX0QCsmqMqXTc/BI18Zx
1vekmip6OnwyEoRdlaIeRv1qFLOGj9NqcQrh3CN/4SJb/DnWmTQta4gODnKS/ADF
WRs/wB3rqPDBZhBLBqywq6YRmzcz6hb/dpddqcTp7tDtEHmw+BDWTl/92a2YwJAw
9mKjfzqNYZa37ydH0MYioCjreLj++js4ZCM+av59twiH//GjaqSaQnW2z7rKM/5A
5tBowI+SWtr93p8CAwEAAaNqMGgwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDwYJKwYB
BQUHMAEFBAIFADAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIHgDAiBgNVHREE
GzAZpBcwFTETMBEGA1UEAxMKVEdWLU9GRi01MTANBgkqhkiG9w0BAQUFAAOCAQEA
MZQVzAXoEbM5j6fQNNDzrTvMeEMlOlf8ShOg6pa5Y6/s9m+3nEqxRZhdJXtqn7YI
2736XikAfsn7cVikARa66mlLn6QxdnbUHX/TUpJf2/nZqCb2T80lmSjOfLwBzdgD
9N4MUzs16ivcuEEEJhuBhtcp/66+oEQqdXdLejHG61bRkhnqrW6U9sGBPhoQw2Hq
G3zclM6IlNJX+LYxOuDDD/5SbKAbcy+QBsue7Yf5XG7lZacI9CVFreoggA+YR8VQ
SVChJNc4k3ALASLz2OckP2X/357OiJFcsoqNdeo70ZLPLS4U/gOn60QiAnxonBCJ
PjZyT4sg074MlhPJSGR+HA==
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIID/TCCAuWgAwIBAgIQaiGizgS7vCarp5nvAHQKVDANBgkqhkiG9w0BAQUFADCB
qTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMf
Q2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIw
MDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxHzAdBgNV
BAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwHhcNMTYxMTIyMDAwMDAwWhcNMTcx
MjE0MjM1OTU5WjBfMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3RlLCBJbmMu
MTkwNwYDVQQDEzB0aGF3dGUgUHJpbWFyeSBSb290IE9DU1AgUmVzcG9uZGVyIENl
cnRpZmljYXRlIDUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMDnPw
g0/4pVc+h9q5FhEy/NKiF+bbbuSNessYD1WFD9kMtQ+naYsPSWW9E8Nd+E+fB6Vf
gXtx0mA7xMDy8ggYCgzRgEOEUxL7lQwCV4QxxQ3vrRN8FFl9EArJqjKl03PwSNfG
cdb3pJoqejp8MhKEXZWiHkb9ahSzho/TanEK4dwjf+EiW/w51pk0LWuIDg5ykvwA
xVkbP8Ad66jwwWYQSwassKumEZs3M+oW/3aXXanE6e7Q7RB5sPgQ1k5f/dmtmMCQ
MPZio386jWGWt+8nR9DGIqAo63i4/vo7OGQjPmr+fbcIh//xo2qkmkJ1ts+6yjP+
QObQaMCPklra/d6fAgMBAAGjajBoMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA8GCSsG
AQUFBzABBQQCBQAwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCB4AwIgYDVR0R
BBswGaQXMBUxEzARBgNVBAMTClRHVi1PRkYtNTEwDQYJKoZIhvcNAQEFBQADggEB
ADGUFcwF6BGzOY+n0DTQ8607zHhDJTpX/EoToOqWuWOv7PZvt5xKsUWYXSV7ap+2
CNu9+l4pAH7J+3FYpAEWuuppS5+kMXZ21B1/01KSX9v52agm9k/NJZkozny8Ac3Y
A/TeDFM7Neor3LhBBCYbgYbXKf+uvqBEKnV3S3oxxutW0ZIZ6q1ulPbBgT4aEMNh
6ht83JTOiJTSV/i2MTrgww/+UmygG3MvkAbLnu2H+Vxu5WWnCPQlRa3qIIAPmEfF
UElQoSTXOJNwCwEi89jnJD9l/9+ezoiRXLKKjXXqO9GSzy0uFP4Dp+tEIgJ8aJwQ
iT42ck+LINO+DJYTyUhkfhw=
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [max-age=516760, public, no-transform, must-revalidate]
Content-Length: [1504]
Content-Transfer-Encoding: [binary]
Content-Type: [application/ocsp-response]
Date: [Sat, 21 Jan 2017 13:29:05 GMT]
Expires: [Fri, 27 Jan 2017 13:01:25 GMT]
Last-Modified: [Fri, 20 Jan 2017 13:01:25 GMT]
Server: [nginx/1.10.2]
X-Cache: [TCP_REFRESH_MISS from a165-254-35-191.deploy.akamaitechnologies.com (AkamaiGHost/8.2.0.0.2-18911410) (S)]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header outlives NextUpdate with 20s
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)
This OCSP response was cached at
http://t2.symcb.com (POST)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://t2.symcb.com (POST)
Size: 1504 bytes (DER data)
Response time: 6.143232ms
Signature algorithm: SHA1WithRSA
Signature type: CA Deligated
Signed by: thawte Primary Root OCSP Responder Certificate 5
Issued by: thawte Primary Root CA
Signing certificate validity: 2016-11-22 - 2017-12-14
Signing certificate algorithm: SHA1-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 143h32m52s

Server and network information

Server Software: nginx/1.10.2
Content Delivery Network (CDN): Akamai
Cache Information: TCP_REFRESH_MISS from a165-254-35-191.deploy.akamaitechnologies.com (AkamaiGHost/8.2.0.0.2-18911410) (S)

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD/yl6nWPkczAQUe1tF
z6/Oy3r9MZIaarbzRutXSFACEF1y+zN2IPZMcoDb6RKB/2o=
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIF3AoBAKCCBdUwggXRBgkrBgEFBQcwAQEEggXCMIIFvjCBnqIWBBSy2bdAZSGF
dJEJzQWJNOXg5SwcIxgPMjAxNzAxMjAxMzAxMjVaMHMwcTBJMAkGBSsOAwIaBQAE
FDAXimvD1LuYJsIQcP/KXqdY+RzMBBR7W0XPr87Lev0xkhpqtvNG61dIUAIQXXL7
M3Yg9kxygNvpEoH/aoAAGA8yMDE3MDEyMDEzMDEyNVqgERgPMjAxNzAxMjcxMzAx
MjVaMA0GCSqGSIb3DQEBBQUAA4IBAQCLTRC8oep1cNyEjbWJcGO1PVP/Stg/hLf6
Wvw/74WYkEa67vD4bZdYTQ+X168rcHO+wlBHLu5yjB0WBGHbNZtNbj+IWYFk7ZUH
d+lA8D1ZBgo9f1EqerbqsBcCdffzec7gEv0ZzeWS5cMGDQcMl1QOkFDER8pXjiu4
X088RufQ8Vw3iygRDCyMzynrUCQ2WEQ7tmQ0RRY6JVAij7vzDPdCvQ9dQWPubOHB
LNm3KVzvUbdeGKxPigAaWpMq+897iB+NaurWAVJ8Ibcxp4tCunKRK1X6IJmt3Yxi
kfZvtNIYF2t5cne8vYolnFqOL3aRLi8nVskUJzwmT9+lGD88DkAvoIIEBTCCBAEw
ggP9MIIC5aADAgECAhBqIaLOBLu8Jqunme8AdApUMA0GCSqGSIb3DQEBBQUAMIGp
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3RlLCBJbmMuMSgwJgYDVQQLEx9D
ZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9uMTgwNgYDVQQLEy8oYykgMjAw
NiB0aGF3dGUsIEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTEfMB0GA1UE
AxMWdGhhd3RlIFByaW1hcnkgUm9vdCBDQTAeFw0xNjExMjIwMDAwMDBaFw0xNzEy
MTQyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwx0aGF3dGUsIEluYy4x
OTA3BgNVBAMTMHRoYXd0ZSBQcmltYXJ5IFJvb3QgT0NTUCBSZXNwb25kZXIgQ2Vy
dGlmaWNhdGUgNTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMwOc/CD
T/ilVz6H2rkWETL80qIX5ttu5I16yxgPVYUP2Qy1D6dpiw9JZb0Tw134T58HpV+B
e3HSYDvEwPLyCBgKDNGAQ4RTEvuVDAJXhDHFDe+tE3wUWX0QCsmqMqXTc/BI18Zx
1vekmip6OnwyEoRdlaIeRv1qFLOGj9NqcQrh3CN/4SJb/DnWmTQta4gODnKS/ADF
WRs/wB3rqPDBZhBLBqywq6YRmzcz6hb/dpddqcTp7tDtEHmw+BDWTl/92a2YwJAw
9mKjfzqNYZa37ydH0MYioCjreLj++js4ZCM+av59twiH//GjaqSaQnW2z7rKM/5A
5tBowI+SWtr93p8CAwEAAaNqMGgwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDwYJKwYB
BQUHMAEFBAIFADAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIHgDAiBgNVHREE
GzAZpBcwFTETMBEGA1UEAxMKVEdWLU9GRi01MTANBgkqhkiG9w0BAQUFAAOCAQEA
MZQVzAXoEbM5j6fQNNDzrTvMeEMlOlf8ShOg6pa5Y6/s9m+3nEqxRZhdJXtqn7YI
2736XikAfsn7cVikARa66mlLn6QxdnbUHX/TUpJf2/nZqCb2T80lmSjOfLwBzdgD
9N4MUzs16ivcuEEEJhuBhtcp/66+oEQqdXdLejHG61bRkhnqrW6U9sGBPhoQw2Hq
G3zclM6IlNJX+LYxOuDDD/5SbKAbcy+QBsue7Yf5XG7lZacI9CVFreoggA+YR8VQ
SVChJNc4k3ALASLz2OckP2X/357OiJFcsoqNdeo70ZLPLS4U/gOn60QiAnxonBCJ
PjZyT4sg074MlhPJSGR+HA==
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIID/TCCAuWgAwIBAgIQaiGizgS7vCarp5nvAHQKVDANBgkqhkiG9w0BAQUFADCB
qTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMf
Q2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIw
MDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxHzAdBgNV
BAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwHhcNMTYxMTIyMDAwMDAwWhcNMTcx
MjE0MjM1OTU5WjBfMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3RlLCBJbmMu
MTkwNwYDVQQDEzB0aGF3dGUgUHJpbWFyeSBSb290IE9DU1AgUmVzcG9uZGVyIENl
cnRpZmljYXRlIDUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMDnPw
g0/4pVc+h9q5FhEy/NKiF+bbbuSNessYD1WFD9kMtQ+naYsPSWW9E8Nd+E+fB6Vf
gXtx0mA7xMDy8ggYCgzRgEOEUxL7lQwCV4QxxQ3vrRN8FFl9EArJqjKl03PwSNfG
cdb3pJoqejp8MhKEXZWiHkb9ahSzho/TanEK4dwjf+EiW/w51pk0LWuIDg5ykvwA
xVkbP8Ad66jwwWYQSwassKumEZs3M+oW/3aXXanE6e7Q7RB5sPgQ1k5f/dmtmMCQ
MPZio386jWGWt+8nR9DGIqAo63i4/vo7OGQjPmr+fbcIh//xo2qkmkJ1ts+6yjP+
QObQaMCPklra/d6fAgMBAAGjajBoMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA8GCSsG
AQUFBzABBQQCBQAwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCB4AwIgYDVR0R
BBswGaQXMBUxEzARBgNVBAMTClRHVi1PRkYtNTEwDQYJKoZIhvcNAQEFBQADggEB
ADGUFcwF6BGzOY+n0DTQ8607zHhDJTpX/EoToOqWuWOv7PZvt5xKsUWYXSV7ap+2
CNu9+l4pAH7J+3FYpAEWuuppS5+kMXZ21B1/01KSX9v52agm9k/NJZkozny8Ac3Y
A/TeDFM7Neor3LhBBCYbgYbXKf+uvqBEKnV3S3oxxutW0ZIZ6q1ulPbBgT4aEMNh
6ht83JTOiJTSV/i2MTrgww/+UmygG3MvkAbLnu2H+Vxu5WWnCPQlRa3qIIAPmEfF
UElQoSTXOJNwCwEi89jnJD9l/9+ezoiRXLKKjXXqO9GSzy0uFP4Dp+tEIgJ8aJwQ
iT42ck+LINO+DJYTyUhkfhw=
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [max-age=516772, public, no-transform, must-revalidate]
Content-Length: [1504]
Content-Transfer-Encoding: [binary]
Content-Type: [application/ocsp-response]
Date: [Sat, 21 Jan 2017 13:29:05 GMT]
Expires: [Fri, 27 Jan 2017 13:01:25 GMT]
Last-Modified: [Fri, 20 Jan 2017 13:01:25 GMT]
Server: [nginx/1.10.2]
X-Cache: [TCP_REFRESH_MISS from a165-254-35-191.deploy.akamaitechnologies.com (AkamaiGHost/8.2.0.0.2-18911410) (S)]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header outlives NextUpdate with 32s
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

thawte Primary Root CA (CA Certificate)

This certificate was cached at
Certificate details for thawte Primary Root CA (At position 2 in certificate chain)
Serial number:
hex: 344ed55720d5edec49f42fce37db2b6d
int: 69529181992039203566298953787712940909
Issued by: thawte Primary Root CA
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: thawte, Inc.
Organization unit: Certification Services Division
Organization unit: (c) 2006 thawte, Inc. - For authorized use only
Country: US
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

This is a self signed certificate

Check the revocation status for another website

Created by Paul van Brouwershaven
Revoked certificates can't and should not be trusted, these certificate will cause errors like "NET::ERR_CERT_REVOKED" in browsers.