CRL & OCSP report for 0-checkpoint.riag.com.liucat.lib.liu.edu - liucat.lib.liu.edu (Long Island University)

liucat.lib.liu.edu

This certificate was cached at
Certificate details for liucat.lib.liu.edu (At position 0 in certificate chain)
Serial number:
hex: 71c15248a9a98bc3d39f81e15dca36c8
int: 151206545731915850979071105880289851080
Issued by: thawte EV SSL CA - G3
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Company registration number: Government Entity
Organization: Long Island University
Organization unit: IT
State / Province: New York
Locality: Greenvale
Country: US
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

View complete certificate details for 0-checkpoint.riag.com.liucat.lib.liu.edu.

Certificate Revocation List (CRL)

This CRL was cached at
http://ti.symcb.com/ti.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://ti.symcb.com/ti.crl
Size: 18724 bytes (DER data)
Response time: 7.037895ms
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 522

Relevant server response headers

Date:
Last Modified:

Server and network information

Server Software: Apache
Content Delivery Network (CDN): Akamai
Cache Information: TCP_MEM_HIT from a23-219-93-63.deploy.akamaitechnologies.com (AkamaiGHost/8.2.2.1.1-19192351) (-)

Raw CRL response headers

Accept-Ranges: [bytes]
Content-Type: [application/pkix-crl]
Date: [Wed, 22 Feb 2017 09:02:42 GMT]
Etag: ["d80c266390cb3c5d87d9e1237767ac7c:1487711501"]
Last-Modified: [Tue, 21 Feb 2017 21:11:41 GMT]
Server: [Apache]
Vary: [Accept-Encoding]
X-Cache: [TCP_MEM_HIT from a23-219-93-63.deploy.akamaitechnologies.com (AkamaiGHost/8.2.2.1.1-19192351) (-)]
  • Content-Type in response is set to 'application/pkix-crl (RFC 5280, section 4.2.1.13)'
  • This CRL file is DER encoded
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than seven days old, CRLs must be updated and reissued at least every seven days (Mozilla Maintenance Policy section 3)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is not the same as ThisUpdate (RFC 5019, section 6.2)
  • Expires cache header not set (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://ti.symcd.com (POST)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ti.symcd.com (POST)
Size: 1420 bytes (DER data)
Response time: 92.518667ms
Signature algorithm: SHA1WithRSA
Signature type: CA Deligated
Signed by: thawte EV SSL CA - G3 OCSP Responder
Issued by: thawte EV SSL CA - G3
Signing certificate validity: 2017-02-04 - 2017-05-05
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 163h3m38s

Server and network information

Server Software: nginx/1.10.2
Content Delivery Network (CDN): Akamai
Cache Information: TCP_REFRESH_MISS from a23-219-93-85.deploy.akamaitechnologies.com (AkamaiGHost/8.2.2.1.1-19192351) (S)

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFEwTzBNMEswSTAJBgUrDgMCGgUABBRf3h+5hEjM/dnIiVtt0Z/tptP7EQQU8HBR
2tMqkU9Sd9eGd3QPznEabCICEHHBUkipqYvD05+B4V3KNsg=
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIFiAoBAKCCBYEwggV9BgkrBgEFBQcwAQEEggVuMIIFajCBnqIWBBQmvCDjDfoF
mrvj7Ibj+k6Gw9mAdRgPMjAxNzAyMjIxMDQ2MjlaMHMwcTBJMAkGBSsOAwIaBQAE
FF/eH7mESMz92ciJW23Rn+2m0/sRBBTwcFHa0yqRT1J314Z3dA/OcRpsIgIQccFS
SKmpi8PTn4HhXco2yIAAGA8yMDE3MDIyMjEwNDYyOVqgERgPMjAxNzAzMDExMDQ2
MjlaMA0GCSqGSIb3DQEBBQUAA4IBAQChaitj3BFvUbh9VvJukNI9XhTOdAPQ6tg2
VVP/wKKqr4i72j0xQL53otoTfa8TFt9x+bjuGMITZKWEHk/Kbc+rUmdnAuoZ8vRm
UOfFw5vLC8qWHyRNmv9DILgBLw9vy4nFPPFjMtpl7aXY2D2GdcN2RpfkmUUpVwzk
lATR4Ek7hE9gRpt/2l6MaW3lXjVCXLkF6rNgHWogPSqeJAU1CX34CldZTwJEB2Ij
iMcBlhTqcZUF8FM1xlMNcd0blNPsZWBAhwyPy7pgyJK7pqBp/J7rnMz12OjOlWcn
eEvZafSer8t1StFn9Cm98CGZ2MrH5nkGlGA8x/cjgpUPR4KNdnQFoIIDsTCCA60w
ggOpMIICkaADAgECAhBhrxTI1gCx9vRbBNrEYAdEMA0GCSqGSIb3DQEBCwUAMEQx
CzAJBgNVBAYTAlVTMRUwEwYDVQQKEwx0aGF3dGUsIEluYy4xHjAcBgNVBAMTFXRo
YXd0ZSBFViBTU0wgQ0EgLSBHMzAeFw0xNzAyMDQwMDAwMDBaFw0xNzA1MDUyMzU5
NTlaMC8xLTArBgNVBAMTJHRoYXd0ZSBFViBTU0wgQ0EgLSBHMyBPQ1NQIFJlc3Bv
bmRlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKpCXNjRdNubgUJx
P6/l1KYL0EnB8CtTURhQS/REPLwtjIMOj54MUUKKj3sIxVs3Qd8hGLPJrlqS3U/q
5u6ILU4yBlsJNEnVGZw4vQ/aTzuFqXG21Vzsg5CvP/tbxNa82oAvbkwCXz2Tp2EU
cG8SPpTJ1YeKrPR9KBzDLl59x07X1KcELath3Lc6N9BXtR4FZaEueEyeIHGsPXVm
eVH4QXub9gcfiy+pyrtbPEJG+mOlgaZYtHeE6e1oGiRFITXgCu57kmSqJNFzv4TZ
W8tH5Aft593BAdva325MaxGaGGAuLDm2Y8UtetWV2apEh7u/bHrUEi98KjQ/zdzh
CiHtSUsCAwEAAaOBqzCBqDAPBgkrBgEFBQcwAQUEAgUAMCIGA1UdEQQbMBmkFzAV
MRMwEQYDVQQDEwpUR1YtRC0zODY2MB8GA1UdIwQYMBaAFPBwUdrTKpFPUnfXhnd0
D85xGmwiMB0GA1UdDgQWBBQmvCDjDfoFmrvj7Ibj+k6Gw9mAdTAMBgNVHRMBAf8E
AjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA4GA1UdDwEB/wQEAwIHgDANBgkqhkiG
9w0BAQsFAAOCAQEAWd0E9b3gOG5yeCvpjOZ9tBOimc0lXn5IwGO/S9xonaS91Sm8
W4a9nHyaicuE2/8DM0AGQ3kqVEcI9ifzJpqojeRBBspfj5cV520F1p1fIQylORSU
xjoZ7ICyR1RuadGkuPc8YpZ2E3hJ/OMnBzI0APDt61kHyXk+vX5tKin4G+087M9s
Yn4xbj/zoXRmjFvshwNQERcwxvb7eRxpTbCG6SB3N2s29XVChBcC3/Dt1DjF+KzO
cRrYBtlKu03T4RhLGKm9Q/GMvKJWFBN/Q/czYSRvBRqpV7G3PLlgO00l8QrzbFSz
rd6Uym5MLJwu5Qe0gneunNmUPgMGNCwRCTkRlQ==
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIDqTCCApGgAwIBAgIQYa8UyNYAsfb0WwTaxGAHRDANBgkqhkiG9w0BAQsFADBE
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3RlLCBJbmMuMR4wHAYDVQQDExV0
aGF3dGUgRVYgU1NMIENBIC0gRzMwHhcNMTcwMjA0MDAwMDAwWhcNMTcwNTA1MjM1
OTU5WjAvMS0wKwYDVQQDEyR0aGF3dGUgRVYgU1NMIENBIC0gRzMgT0NTUCBSZXNw
b25kZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqQlzY0XTbm4FC
cT+v5dSmC9BJwfArU1EYUEv0RDy8LYyDDo+eDFFCio97CMVbN0HfIRizya5akt1P
6ubuiC1OMgZbCTRJ1RmcOL0P2k87halxttVc7IOQrz/7W8TWvNqAL25MAl89k6dh
FHBvEj6UydWHiqz0fSgcwy5efcdO19SnBC2rYdy3OjfQV7UeBWWhLnhMniBxrD11
ZnlR+EF7m/YHH4svqcq7WzxCRvpjpYGmWLR3hOntaBokRSE14Arue5JkqiTRc7+E
2VvLR+QH7efdwQHb2t9uTGsRmhhgLiw5tmPFLXrVldmqRIe7v2x61BIvfCo0P83c
4Qoh7UlLAgMBAAGjgaswgagwDwYJKwYBBQUHMAEFBAIFADAiBgNVHREEGzAZpBcw
FTETMBEGA1UEAxMKVEdWLUQtMzg2NjAfBgNVHSMEGDAWgBTwcFHa0yqRT1J314Z3
dA/OcRpsIjAdBgNVHQ4EFgQUJrwg4w36BZq74+yG4/pOhsPZgHUwDAYDVR0TAQH/
BAIwADATBgNVHSUEDDAKBggrBgEFBQcDCTAOBgNVHQ8BAf8EBAMCB4AwDQYJKoZI
hvcNAQELBQADggEBAFndBPW94Dhucngr6YzmfbQTopnNJV5+SMBjv0vcaJ2kvdUp
vFuGvZx8monLhNv/AzNABkN5KlRHCPYn8yaaqI3kQQbKX4+XFedtBdadXyEMpTkU
lMY6GeyAskdUbmnRpLj3PGKWdhN4SfzjJwcyNADw7etZB8l5Pr1+bSop+BvtPOzP
bGJ+MW4/86F0Zoxb7IcDUBEXMMb2+3kcaU2whukgdzdrNvV1QoQXAt/w7dQ4xfis
znEa2AbZSrtN0+EYSxipvUPxjLyiVhQTf0P3M2EkbwUaqVextzy5YDtNJfEK82xU
s63elMpuTCycLuUHtIJ3rpzZlD4DBjQsEQk5EZU=
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [max-age=587018, public, no-transform, must-revalidate]
Content-Length: [1420]
Content-Transfer-Encoding: [binary]
Content-Type: [application/ocsp-response]
Date: [Wed, 22 Feb 2017 15:42:51 GMT]
Expires: [Wed, 1 Mar 2017 10:46:29 GMT]
Last-Modified: [Wed, 22 Feb 2017 10:46:29 GMT]
Server: [nginx/1.10.2]
X-Cache: [TCP_REFRESH_MISS from a23-219-93-85.deploy.akamaitechnologies.com (AkamaiGHost/8.2.2.1.1-19192351) (S)]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)
This OCSP response was cached at
http://ti.symcd.com (GET)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ti.symcd.com (GET)
Size: 1420 bytes (DER data)
Response time: 139.876434ms
Signature algorithm: SHA1WithRSA
Signature type: CA Deligated
Signed by: thawte EV SSL CA - G3 OCSP Responder
Issued by: thawte EV SSL CA - G3
Signing certificate validity: 2017-02-04 - 2017-05-05
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 163h3m38s

Server and network information

Server Software: nginx/1.10.2
Content Delivery Network (CDN): Akamai
Cache Information: TCP_REFRESH_MISS from a23-219-93-85.deploy.akamaitechnologies.com (AkamaiGHost/8.2.2.1.1-19192351) (S)

URL used for GET request

http:/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRf3h%2B5hEjM%2FdnIiVtt0Z%2FtptP7EQQU8HBR2tMqkU9Sd9eGd3QPznEabCICEHHBUkipqYvD05%2BB4V3KNsg%3D

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFEwTzBNMEswSTAJBgUrDgMCGgUABBRf3h+5hEjM/dnIiVtt0Z/tptP7EQQU8HBR
2tMqkU9Sd9eGd3QPznEabCICEHHBUkipqYvD05+B4V3KNsg=
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIFiAoBAKCCBYEwggV9BgkrBgEFBQcwAQEEggVuMIIFajCBnqIWBBQmvCDjDfoF
mrvj7Ibj+k6Gw9mAdRgPMjAxNzAyMjIxMDQ2MjlaMHMwcTBJMAkGBSsOAwIaBQAE
FF/eH7mESMz92ciJW23Rn+2m0/sRBBTwcFHa0yqRT1J314Z3dA/OcRpsIgIQccFS
SKmpi8PTn4HhXco2yIAAGA8yMDE3MDIyMjEwNDYyOVqgERgPMjAxNzAzMDExMDQ2
MjlaMA0GCSqGSIb3DQEBBQUAA4IBAQChaitj3BFvUbh9VvJukNI9XhTOdAPQ6tg2
VVP/wKKqr4i72j0xQL53otoTfa8TFt9x+bjuGMITZKWEHk/Kbc+rUmdnAuoZ8vRm
UOfFw5vLC8qWHyRNmv9DILgBLw9vy4nFPPFjMtpl7aXY2D2GdcN2RpfkmUUpVwzk
lATR4Ek7hE9gRpt/2l6MaW3lXjVCXLkF6rNgHWogPSqeJAU1CX34CldZTwJEB2Ij
iMcBlhTqcZUF8FM1xlMNcd0blNPsZWBAhwyPy7pgyJK7pqBp/J7rnMz12OjOlWcn
eEvZafSer8t1StFn9Cm98CGZ2MrH5nkGlGA8x/cjgpUPR4KNdnQFoIIDsTCCA60w
ggOpMIICkaADAgECAhBhrxTI1gCx9vRbBNrEYAdEMA0GCSqGSIb3DQEBCwUAMEQx
CzAJBgNVBAYTAlVTMRUwEwYDVQQKEwx0aGF3dGUsIEluYy4xHjAcBgNVBAMTFXRo
YXd0ZSBFViBTU0wgQ0EgLSBHMzAeFw0xNzAyMDQwMDAwMDBaFw0xNzA1MDUyMzU5
NTlaMC8xLTArBgNVBAMTJHRoYXd0ZSBFViBTU0wgQ0EgLSBHMyBPQ1NQIFJlc3Bv
bmRlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKpCXNjRdNubgUJx
P6/l1KYL0EnB8CtTURhQS/REPLwtjIMOj54MUUKKj3sIxVs3Qd8hGLPJrlqS3U/q
5u6ILU4yBlsJNEnVGZw4vQ/aTzuFqXG21Vzsg5CvP/tbxNa82oAvbkwCXz2Tp2EU
cG8SPpTJ1YeKrPR9KBzDLl59x07X1KcELath3Lc6N9BXtR4FZaEueEyeIHGsPXVm
eVH4QXub9gcfiy+pyrtbPEJG+mOlgaZYtHeE6e1oGiRFITXgCu57kmSqJNFzv4TZ
W8tH5Aft593BAdva325MaxGaGGAuLDm2Y8UtetWV2apEh7u/bHrUEi98KjQ/zdzh
CiHtSUsCAwEAAaOBqzCBqDAPBgkrBgEFBQcwAQUEAgUAMCIGA1UdEQQbMBmkFzAV
MRMwEQYDVQQDEwpUR1YtRC0zODY2MB8GA1UdIwQYMBaAFPBwUdrTKpFPUnfXhnd0
D85xGmwiMB0GA1UdDgQWBBQmvCDjDfoFmrvj7Ibj+k6Gw9mAdTAMBgNVHRMBAf8E
AjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA4GA1UdDwEB/wQEAwIHgDANBgkqhkiG
9w0BAQsFAAOCAQEAWd0E9b3gOG5yeCvpjOZ9tBOimc0lXn5IwGO/S9xonaS91Sm8
W4a9nHyaicuE2/8DM0AGQ3kqVEcI9ifzJpqojeRBBspfj5cV520F1p1fIQylORSU
xjoZ7ICyR1RuadGkuPc8YpZ2E3hJ/OMnBzI0APDt61kHyXk+vX5tKin4G+087M9s
Yn4xbj/zoXRmjFvshwNQERcwxvb7eRxpTbCG6SB3N2s29XVChBcC3/Dt1DjF+KzO
cRrYBtlKu03T4RhLGKm9Q/GMvKJWFBN/Q/czYSRvBRqpV7G3PLlgO00l8QrzbFSz
rd6Uym5MLJwu5Qe0gneunNmUPgMGNCwRCTkRlQ==
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIDqTCCApGgAwIBAgIQYa8UyNYAsfb0WwTaxGAHRDANBgkqhkiG9w0BAQsFADBE
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3RlLCBJbmMuMR4wHAYDVQQDExV0
aGF3dGUgRVYgU1NMIENBIC0gRzMwHhcNMTcwMjA0MDAwMDAwWhcNMTcwNTA1MjM1
OTU5WjAvMS0wKwYDVQQDEyR0aGF3dGUgRVYgU1NMIENBIC0gRzMgT0NTUCBSZXNw
b25kZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqQlzY0XTbm4FC
cT+v5dSmC9BJwfArU1EYUEv0RDy8LYyDDo+eDFFCio97CMVbN0HfIRizya5akt1P
6ubuiC1OMgZbCTRJ1RmcOL0P2k87halxttVc7IOQrz/7W8TWvNqAL25MAl89k6dh
FHBvEj6UydWHiqz0fSgcwy5efcdO19SnBC2rYdy3OjfQV7UeBWWhLnhMniBxrD11
ZnlR+EF7m/YHH4svqcq7WzxCRvpjpYGmWLR3hOntaBokRSE14Arue5JkqiTRc7+E
2VvLR+QH7efdwQHb2t9uTGsRmhhgLiw5tmPFLXrVldmqRIe7v2x61BIvfCo0P83c
4Qoh7UlLAgMBAAGjgaswgagwDwYJKwYBBQUHMAEFBAIFADAiBgNVHREEGzAZpBcw
FTETMBEGA1UEAxMKVEdWLUQtMzg2NjAfBgNVHSMEGDAWgBTwcFHa0yqRT1J314Z3
dA/OcRpsIjAdBgNVHQ4EFgQUJrwg4w36BZq74+yG4/pOhsPZgHUwDAYDVR0TAQH/
BAIwADATBgNVHSUEDDAKBggrBgEFBQcDCTAOBgNVHQ8BAf8EBAMCB4AwDQYJKoZI
hvcNAQELBQADggEBAFndBPW94Dhucngr6YzmfbQTopnNJV5+SMBjv0vcaJ2kvdUp
vFuGvZx8monLhNv/AzNABkN5KlRHCPYn8yaaqI3kQQbKX4+XFedtBdadXyEMpTkU
lMY6GeyAskdUbmnRpLj3PGKWdhN4SfzjJwcyNADw7etZB8l5Pr1+bSop+BvtPOzP
bGJ+MW4/86F0Zoxb7IcDUBEXMMb2+3kcaU2whukgdzdrNvV1QoQXAt/w7dQ4xfis
znEa2AbZSrtN0+EYSxipvUPxjLyiVhQTf0P3M2EkbwUaqVextzy5YDtNJfEK82xU
s63elMpuTCycLuUHtIJ3rpzZlD4DBjQsEQk5EZU=
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [max-age=587018, public, no-transform, must-revalidate]
Content-Length: [1420]
Content-Transfer-Encoding: [binary]
Content-Type: [application/ocsp-response]
Date: [Wed, 22 Feb 2017 15:42:51 GMT]
Expires: [Wed, 1 Mar 2017 10:46:29 GMT]
Last-Modified: [Wed, 22 Feb 2017 10:46:29 GMT]
Server: [nginx/1.10.2]
X-Cache: [TCP_REFRESH_MISS from a23-219-93-85.deploy.akamaitechnologies.com (AkamaiGHost/8.2.2.1.1-19192351) (S)]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

thawte EV SSL CA - G3 (CA Certificate)

This certificate was cached at
Certificate details for thawte EV SSL CA - G3 (At position 1 in certificate chain)
Serial number:
hex: 5d72fb337620f64c7280dbe91281ff6a
int: 124215220411876031223968719307607768938
Issued by: thawte Primary Root CA
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: thawte, Inc.
Country: US
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

Certificate Revocation List (CRL)

This CRL was cached at
http://t1.symcb.com/ThawtePCA.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://t1.symcb.com/ThawtePCA.crl
Size: 537 bytes (DER data)
Response time: 6.853323ms
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 1

Relevant server response headers

Date:
Last Modified:

Server and network information

Server Software: Apache
Content Delivery Network (CDN): Akamai
Cache Information: TCP_MEM_HIT from a23-219-93-63.deploy.akamaitechnologies.com (AkamaiGHost/8.2.2.1.1-19192351) (-)

Raw CRL response headers

Accept-Ranges: [bytes]
Content-Type: [application/pkix-crl]
Date: [Wed, 22 Feb 2017 15:29:36 GMT]
Etag: ["97d74be76a349c9d5232f6dd460156a6:1482373812"]
Last-Modified: [Thu, 22 Dec 2016 02:30:12 GMT]
Server: [Apache]
Vary: [Accept-Encoding]
X-Cache: [TCP_MEM_HIT from a23-219-93-63.deploy.akamaitechnologies.com (AkamaiGHost/8.2.2.1.1-19192351) (-)]
  • Content-Type in response is set to 'application/pkix-crl (RFC 5280, section 4.2.1.13)'
  • This CRL file is DER encoded
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is not the same as ThisUpdate (RFC 5019, section 6.2)
  • Expires cache header not set (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://t2.symcb.com (GET)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://t2.symcb.com (GET)
Size: 1504 bytes (DER data)
Response time: 7.415712ms
Signature algorithm: SHA1WithRSA
Signature type: CA Deligated
Signed by: thawte Primary Root OCSP Responder Certificate 5
Issued by: thawte Primary Root CA
Signing certificate validity: 2016-11-22 - 2017-12-14
Signing certificate algorithm: SHA1-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 152h45m8s

Server and network information

Server Software: nginx/1.10.2
Content Delivery Network (CDN): Akamai
Cache Information: TCP_MEM_HIT from a23-219-93-86.deploy.akamaitechnologies.com (AkamaiGHost/8.2.2.1.1-19192351) (-)

URL used for GET request

http:/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEF1y%2BzN2IPZMcoDb6RKB%2F2o%3D

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD/yl6nWPkczAQUe1tF
z6/Oy3r9MZIaarbzRutXSFACEF1y+zN2IPZMcoDb6RKB/2o=
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIF3AoBAKCCBdUwggXRBgkrBgEFBQcwAQEEggXCMIIFvjCBnqIWBBSy2bdAZSGF
dJEJzQWJNOXg5SwcIxgPMjAxNzAyMjAwMjU5MjhaMHMwcTBJMAkGBSsOAwIaBQAE
FDAXimvD1LuYJsIQcP/KXqdY+RzMBBR7W0XPr87Lev0xkhpqtvNG61dIUAIQXXL7
M3Yg9kxygNvpEoH/aoAAGA8yMDE3MDIyMDAyNTkyOFqgERgPMjAxNzAyMjcwMjU5
MjhaMA0GCSqGSIb3DQEBBQUAA4IBAQAO7Qrp22iKcaUv0QEqARe4g1I5jvZzYU/f
UzaWy1LGo8Cf+B+u/TJIdIHyQLbutD3IddoZJ1I+gqNDQMlPpApsrKa4NyZssYcG
tPcF+PfM6IUrwN+9mDUj0HO1khjymAFGSYzizzXTPrh2tTgQChOHvHlUUlFYO7ZM
6Si01UnXVT+MQGTMabNyewxxKWfvgmSxclM6CrRwVRUxd3zfsZQtVyWRBkpGlPvQ
cT6yHiau5THdQ2+GP20cpOjRzPDvaOiE/WzSBb3ZtG0BahcZzjrMZ6huVim+/frQ
XzL1YKi6e3MmXkCl7TGk/Lb0UC6EhsDKsXfo7d9DRloxu9EDROHDoIIEBTCCBAEw
ggP9MIIC5aADAgECAhBqIaLOBLu8Jqunme8AdApUMA0GCSqGSIb3DQEBBQUAMIGp
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3RlLCBJbmMuMSgwJgYDVQQLEx9D
ZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9uMTgwNgYDVQQLEy8oYykgMjAw
NiB0aGF3dGUsIEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTEfMB0GA1UE
AxMWdGhhd3RlIFByaW1hcnkgUm9vdCBDQTAeFw0xNjExMjIwMDAwMDBaFw0xNzEy
MTQyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwx0aGF3dGUsIEluYy4x
OTA3BgNVBAMTMHRoYXd0ZSBQcmltYXJ5IFJvb3QgT0NTUCBSZXNwb25kZXIgQ2Vy
dGlmaWNhdGUgNTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMwOc/CD
T/ilVz6H2rkWETL80qIX5ttu5I16yxgPVYUP2Qy1D6dpiw9JZb0Tw134T58HpV+B
e3HSYDvEwPLyCBgKDNGAQ4RTEvuVDAJXhDHFDe+tE3wUWX0QCsmqMqXTc/BI18Zx
1vekmip6OnwyEoRdlaIeRv1qFLOGj9NqcQrh3CN/4SJb/DnWmTQta4gODnKS/ADF
WRs/wB3rqPDBZhBLBqywq6YRmzcz6hb/dpddqcTp7tDtEHmw+BDWTl/92a2YwJAw
9mKjfzqNYZa37ydH0MYioCjreLj++js4ZCM+av59twiH//GjaqSaQnW2z7rKM/5A
5tBowI+SWtr93p8CAwEAAaNqMGgwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDwYJKwYB
BQUHMAEFBAIFADAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIHgDAiBgNVHREE
GzAZpBcwFTETMBEGA1UEAxMKVEdWLU9GRi01MTANBgkqhkiG9w0BAQUFAAOCAQEA
MZQVzAXoEbM5j6fQNNDzrTvMeEMlOlf8ShOg6pa5Y6/s9m+3nEqxRZhdJXtqn7YI
2736XikAfsn7cVikARa66mlLn6QxdnbUHX/TUpJf2/nZqCb2T80lmSjOfLwBzdgD
9N4MUzs16ivcuEEEJhuBhtcp/66+oEQqdXdLejHG61bRkhnqrW6U9sGBPhoQw2Hq
G3zclM6IlNJX+LYxOuDDD/5SbKAbcy+QBsue7Yf5XG7lZacI9CVFreoggA+YR8VQ
SVChJNc4k3ALASLz2OckP2X/357OiJFcsoqNdeo70ZLPLS4U/gOn60QiAnxonBCJ
PjZyT4sg074MlhPJSGR+HA==
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIID/TCCAuWgAwIBAgIQaiGizgS7vCarp5nvAHQKVDANBgkqhkiG9w0BAQUFADCB
qTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMf
Q2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIw
MDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxHzAdBgNV
BAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwHhcNMTYxMTIyMDAwMDAwWhcNMTcx
MjE0MjM1OTU5WjBfMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3RlLCBJbmMu
MTkwNwYDVQQDEzB0aGF3dGUgUHJpbWFyeSBSb290IE9DU1AgUmVzcG9uZGVyIENl
cnRpZmljYXRlIDUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMDnPw
g0/4pVc+h9q5FhEy/NKiF+bbbuSNessYD1WFD9kMtQ+naYsPSWW9E8Nd+E+fB6Vf
gXtx0mA7xMDy8ggYCgzRgEOEUxL7lQwCV4QxxQ3vrRN8FFl9EArJqjKl03PwSNfG
cdb3pJoqejp8MhKEXZWiHkb9ahSzho/TanEK4dwjf+EiW/w51pk0LWuIDg5ykvwA
xVkbP8Ad66jwwWYQSwassKumEZs3M+oW/3aXXanE6e7Q7RB5sPgQ1k5f/dmtmMCQ
MPZio386jWGWt+8nR9DGIqAo63i4/vo7OGQjPmr+fbcIh//xo2qkmkJ1ts+6yjP+
QObQaMCPklra/d6fAgMBAAGjajBoMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA8GCSsG
AQUFBzABBQQCBQAwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCB4AwIgYDVR0R
BBswGaQXMBUxEzARBgNVBAMTClRHVi1PRkYtNTEwDQYJKoZIhvcNAQEFBQADggEB
ADGUFcwF6BGzOY+n0DTQ8607zHhDJTpX/EoToOqWuWOv7PZvt5xKsUWYXSV7ap+2
CNu9+l4pAH7J+3FYpAEWuuppS5+kMXZ21B1/01KSX9v52agm9k/NJZkozny8Ac3Y
A/TeDFM7Neor3LhBBCYbgYbXKf+uvqBEKnV3S3oxxutW0ZIZ6q1ulPbBgT4aEMNh
6ht83JTOiJTSV/i2MTrgww/+UmygG3MvkAbLnu2H+Vxu5WWnCPQlRa3qIIAPmEfF
UElQoSTXOJNwCwEi89jnJD9l/9+ezoiRXLKKjXXqO9GSzy0uFP4Dp+tEIgJ8aJwQ
iT42ck+LINO+DJYTyUhkfhw=
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [max-age=549908, public, no-transform, must-revalidate]
Content-Length: [1504]
Content-Transfer-Encoding: [binary]
Content-Type: [application/ocsp-response]
Date: [Mon, 20 Feb 2017 18:18:26 GMT]
Expires: [Mon, 27 Feb 2017 02:59:28 GMT]
Last-Modified: [Mon, 20 Feb 2017 02:59:28 GMT]
Server: [nginx/1.10.2]
X-Cache: [TCP_MEM_HIT from a23-219-93-86.deploy.akamaitechnologies.com (AkamaiGHost/8.2.2.1.1-19192351) (-)]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header outlives NextUpdate with 4m6s
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)
This OCSP response was cached at
http://t2.symcb.com (POST)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://t2.symcb.com (POST)
Size: 1504 bytes (DER data)
Response time: 5.578827ms
Signature algorithm: SHA1WithRSA
Signature type: CA Deligated
Signed by: thawte Primary Root OCSP Responder Certificate 5
Issued by: thawte Primary Root CA
Signing certificate validity: 2016-11-22 - 2017-12-14
Signing certificate algorithm: SHA1-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 152h45m36s

Server and network information

Server Software: nginx/1.10.2
Content Delivery Network (CDN): Akamai
Cache Information: TCP_MEM_HIT from a23-219-93-85.deploy.akamaitechnologies.com (AkamaiGHost/8.2.2.1.1-19192351) (-)

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD/yl6nWPkczAQUe1tF
z6/Oy3r9MZIaarbzRutXSFACEF1y+zN2IPZMcoDb6RKB/2o=
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIF3AoBAKCCBdUwggXRBgkrBgEFBQcwAQEEggXCMIIFvjCBnqIWBBSy2bdAZSGF
dJEJzQWJNOXg5SwcIxgPMjAxNzAyMjAwMjU5MjhaMHMwcTBJMAkGBSsOAwIaBQAE
FDAXimvD1LuYJsIQcP/KXqdY+RzMBBR7W0XPr87Lev0xkhpqtvNG61dIUAIQXXL7
M3Yg9kxygNvpEoH/aoAAGA8yMDE3MDIyMDAyNTkyOFqgERgPMjAxNzAyMjcwMjU5
MjhaMA0GCSqGSIb3DQEBBQUAA4IBAQAO7Qrp22iKcaUv0QEqARe4g1I5jvZzYU/f
UzaWy1LGo8Cf+B+u/TJIdIHyQLbutD3IddoZJ1I+gqNDQMlPpApsrKa4NyZssYcG
tPcF+PfM6IUrwN+9mDUj0HO1khjymAFGSYzizzXTPrh2tTgQChOHvHlUUlFYO7ZM
6Si01UnXVT+MQGTMabNyewxxKWfvgmSxclM6CrRwVRUxd3zfsZQtVyWRBkpGlPvQ
cT6yHiau5THdQ2+GP20cpOjRzPDvaOiE/WzSBb3ZtG0BahcZzjrMZ6huVim+/frQ
XzL1YKi6e3MmXkCl7TGk/Lb0UC6EhsDKsXfo7d9DRloxu9EDROHDoIIEBTCCBAEw
ggP9MIIC5aADAgECAhBqIaLOBLu8Jqunme8AdApUMA0GCSqGSIb3DQEBBQUAMIGp
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3RlLCBJbmMuMSgwJgYDVQQLEx9D
ZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9uMTgwNgYDVQQLEy8oYykgMjAw
NiB0aGF3dGUsIEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTEfMB0GA1UE
AxMWdGhhd3RlIFByaW1hcnkgUm9vdCBDQTAeFw0xNjExMjIwMDAwMDBaFw0xNzEy
MTQyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwx0aGF3dGUsIEluYy4x
OTA3BgNVBAMTMHRoYXd0ZSBQcmltYXJ5IFJvb3QgT0NTUCBSZXNwb25kZXIgQ2Vy
dGlmaWNhdGUgNTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMwOc/CD
T/ilVz6H2rkWETL80qIX5ttu5I16yxgPVYUP2Qy1D6dpiw9JZb0Tw134T58HpV+B
e3HSYDvEwPLyCBgKDNGAQ4RTEvuVDAJXhDHFDe+tE3wUWX0QCsmqMqXTc/BI18Zx
1vekmip6OnwyEoRdlaIeRv1qFLOGj9NqcQrh3CN/4SJb/DnWmTQta4gODnKS/ADF
WRs/wB3rqPDBZhBLBqywq6YRmzcz6hb/dpddqcTp7tDtEHmw+BDWTl/92a2YwJAw
9mKjfzqNYZa37ydH0MYioCjreLj++js4ZCM+av59twiH//GjaqSaQnW2z7rKM/5A
5tBowI+SWtr93p8CAwEAAaNqMGgwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDwYJKwYB
BQUHMAEFBAIFADAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIHgDAiBgNVHREE
GzAZpBcwFTETMBEGA1UEAxMKVEdWLU9GRi01MTANBgkqhkiG9w0BAQUFAAOCAQEA
MZQVzAXoEbM5j6fQNNDzrTvMeEMlOlf8ShOg6pa5Y6/s9m+3nEqxRZhdJXtqn7YI
2736XikAfsn7cVikARa66mlLn6QxdnbUHX/TUpJf2/nZqCb2T80lmSjOfLwBzdgD
9N4MUzs16ivcuEEEJhuBhtcp/66+oEQqdXdLejHG61bRkhnqrW6U9sGBPhoQw2Hq
G3zclM6IlNJX+LYxOuDDD/5SbKAbcy+QBsue7Yf5XG7lZacI9CVFreoggA+YR8VQ
SVChJNc4k3ALASLz2OckP2X/357OiJFcsoqNdeo70ZLPLS4U/gOn60QiAnxonBCJ
PjZyT4sg074MlhPJSGR+HA==
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIID/TCCAuWgAwIBAgIQaiGizgS7vCarp5nvAHQKVDANBgkqhkiG9w0BAQUFADCB
qTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMf
Q2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIw
MDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxHzAdBgNV
BAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwHhcNMTYxMTIyMDAwMDAwWhcNMTcx
MjE0MjM1OTU5WjBfMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3RlLCBJbmMu
MTkwNwYDVQQDEzB0aGF3dGUgUHJpbWFyeSBSb290IE9DU1AgUmVzcG9uZGVyIENl
cnRpZmljYXRlIDUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMDnPw
g0/4pVc+h9q5FhEy/NKiF+bbbuSNessYD1WFD9kMtQ+naYsPSWW9E8Nd+E+fB6Vf
gXtx0mA7xMDy8ggYCgzRgEOEUxL7lQwCV4QxxQ3vrRN8FFl9EArJqjKl03PwSNfG
cdb3pJoqejp8MhKEXZWiHkb9ahSzho/TanEK4dwjf+EiW/w51pk0LWuIDg5ykvwA
xVkbP8Ad66jwwWYQSwassKumEZs3M+oW/3aXXanE6e7Q7RB5sPgQ1k5f/dmtmMCQ
MPZio386jWGWt+8nR9DGIqAo63i4/vo7OGQjPmr+fbcIh//xo2qkmkJ1ts+6yjP+
QObQaMCPklra/d6fAgMBAAGjajBoMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA8GCSsG
AQUFBzABBQQCBQAwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCB4AwIgYDVR0R
BBswGaQXMBUxEzARBgNVBAMTClRHVi1PRkYtNTEwDQYJKoZIhvcNAQEFBQADggEB
ADGUFcwF6BGzOY+n0DTQ8607zHhDJTpX/EoToOqWuWOv7PZvt5xKsUWYXSV7ap+2
CNu9+l4pAH7J+3FYpAEWuuppS5+kMXZ21B1/01KSX9v52agm9k/NJZkozny8Ac3Y
A/TeDFM7Neor3LhBBCYbgYbXKf+uvqBEKnV3S3oxxutW0ZIZ6q1ulPbBgT4aEMNh
6ht83JTOiJTSV/i2MTrgww/+UmygG3MvkAbLnu2H+Vxu5WWnCPQlRa3qIIAPmEfF
UElQoSTXOJNwCwEi89jnJD9l/9+ezoiRXLKKjXXqO9GSzy0uFP4Dp+tEIgJ8aJwQ
iT42ck+LINO+DJYTyUhkfhw=
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [max-age=549936, public, no-transform, must-revalidate]
Content-Length: [1504]
Content-Transfer-Encoding: [binary]
Content-Type: [application/ocsp-response]
Date: [Mon, 20 Feb 2017 18:18:26 GMT]
Expires: [Mon, 27 Feb 2017 02:59:28 GMT]
Last-Modified: [Mon, 20 Feb 2017 02:59:28 GMT]
Server: [nginx/1.10.2]
X-Cache: [TCP_MEM_HIT from a23-219-93-85.deploy.akamaitechnologies.com (AkamaiGHost/8.2.2.1.1-19192351) (-)]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header outlives NextUpdate with 4m34s
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

thawte Primary Root CA (CA Certificate)

This certificate was cached at
Certificate details for thawte Primary Root CA (At position 2 in certificate chain)
Serial number:
hex: 344ed55720d5edec49f42fce37db2b6d
int: 69529181992039203566298953787712940909
Issued by: thawte Primary Root CA
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: thawte, Inc.
Organization unit: Certification Services Division
Organization unit: (c) 2006 thawte, Inc. - For authorized use only
Country: US
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

This is a self signed certificate

Check the revocation status for another website

Created by Paul van Brouwershaven
Revoked certificates can't and should not be trusted, these certificate will cause errors like "NET::ERR_CERT_REVOKED" in browsers.