CRL & OCSP report for 0-coloradocollege.illiad.oclc.org.tiger.coloradocollege.edu - tiger.coloradocollege.edu (Colorado College Tutt Library)

tiger.coloradocollege.edu

This certificate was cached at
Certificate details for tiger.coloradocollege.edu (At position 0 in certificate chain)
Serial number:
hex: 73482333eed11ce5fe8dbd15
int: 35677985029286351826001444117
Issued by: GlobalSign Organization Validation CA - SHA256 - G2
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: Colorado College Tutt Library
State / Province: Colorado
Locality: Colorado Springs
Country: US
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

View complete certificate details for 0-coloradocollege.illiad.oclc.org.tiger.coloradocollege.edu.

Certificate Revocation List (CRL)

This CRL was cached at
http://crl.globalsign.com/gs/gsorganizationvalsha2g2.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://crl.globalsign.com/gs/gsorganizationvalsha2g2.crl
Size: 114833 bytes (DER data)
Response time: 20.149048ms
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 3447

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: cloudflare-nginx
Content Delivery Network (CDN): CloudFlare, CloudFront
Cache Information: HIT, Hit from cloudfront

Raw CRL response headers

Accept-Ranges: [bytes]
Cache-Control: [public, no-transform, must-revalidate]
Cf-Cache-Status: [HIT]
Cf-Ray: [344d8a1a801a1834-EWR]
Content-Length: [114833]
Content-Type: [application/pkix-crl]
Date: [Fri, 24 Mar 2017 23:51:37 GMT]
Etag: [E45C]
Expires: [Fri, 31 Mar 2017 02:00:45 GMT]
Last-Modified: [Fri, 24 Mar 2017 02:00:45 GMT]
Server: [cloudflare-nginx]
Set-Cookie: [__cfduid=d626ef3b0a6257fef6be0b783f87b94c91490399497; expires=Sat, 24-Mar-18 23:51:37 GMT; path=/; domain=.globalsign.com; HttpOnly]
Vary: [Accept-Encoding]
Via: [1.1 09422790e7f4a4d68973f28a2bfc8818.cloudfront.net (CloudFront)]
X-Amz-Cf-Id: [EFUVgbXtnj5k8itEcCcYIYYBcihaETNWIqke3iR1Ew4i-WVGjaiTfQ==]
X-Cache: [Hit from cloudfront]
  • Content-Type in response is set to 'application/pkix-crl (RFC 5280, section 4.2.1.13)'
  • This CRL file is DER encoded
  • Issuer field is byte-for-byte equivalent with issuers subject
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than seven days old, CRLs must be updated and reissued at least every seven days (Mozilla Maintenance Policy section 3)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://ocsp2.globalsign.com/gsorganizationvalsha2g2 (POST)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp2.globalsign.com/gsorganizationvalsha2g2 (POST)
Size: 1570 bytes (DER data)
Response time: 281.799293ms
Signature algorithm: SHA256WithRSA
Signature type: CA Deligated
Signed by: GlobalSign Organization Validation CA - SHA256 - G2 - OCSP Responder
Issued by: GlobalSign Organization Validation CA - SHA256 - G2
Signing certificate validity: 2017-02-13 - 2017-05-16
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: cloudflare-nginx
Content Delivery Network (CDN): CloudFlare
Cache Information: MISS

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h
8b0cFilTHMDMfTuDAEDmGnwCDHNIIzPu0Rzl/o29FQ==
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIGHgoBAKCCBhcwggYTBgkrBgEFBQcwAQEEggYEMIIGADCBmqIWBBScTQCZAA6L
sAGBdaG68NAl16AcRxgPMjAxNzAzMjUwMTQ1MzJaMG8wbTBFMAkGBSsOAwIaBQAE
FAyeTZw97e+E2JHpcsfPhAa8GXsHBBSW3mHxvRwWKVMcwMx9O4MAQOYafAIMc0gj
M+7RHOX+jb0VgAAYDzIwMTcwMzI1MDE0NTMyWqARGA8yMDE3MDMyOTAxNDUzMlow
DQYJKoZIhvcNAQELBQADggEBAESqFRwedik7zZ3zNt5DwnCCZBgBB4sz4Ubuzpqq
IArfHeOb5oAjq7tSvjxzTG31zD6wChKb6xbyhK8gUfV1r/G06Tt7jgPyKhdcC6Qc
RQa/FlfpW54iiHPL//NvufgKePe/k+amp1RiakpdqjWlyxF3poi7Y9QzABMGN7s+
DAybcvKQRUr2cC7g8uzPMFFHX0Hqd3ZbedOsy4Y5WbmVBrP4WVH/779zfnnbqLln
dmnCECeP5L15DXgCEnn0eRyjzU0+w1Z+8XYITVqzqfNXOJYYasThSv7WABN6+1EM
g2EhUKQQr/tho87abo8YxlQteXQRfS/K0ewzWY+DuScyx9agggRLMIIERzCCBEMw
ggMroAMCAQICDG/ROC7q20OpUD07RTANBgkqhkiG9w0BAQsFADBmMQswCQYDVQQG
EwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTE8MDoGA1UEAxMzR2xvYmFs
U2lnbiBPcmdhbml6YXRpb24gVmFsaWRhdGlvbiBDQSAtIFNIQTI1NiAtIEcyMB4X
DTE3MDIxMzA3MTEwM1oXDTE3MDUxNjA3MTEwM1owgY4xCzAJBgNVBAYTAkJFMRkw
FwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRUwEwYDVQQFEwwyMDE3MDIxMzE1MDUx
TTBLBgNVBAMTREdsb2JhbFNpZ24gT3JnYW5pemF0aW9uIFZhbGlkYXRpb24gQ0Eg
LSBTSEEyNTYgLSBHMiAtIE9DU1AgUmVzcG9uZGVyMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEA0kOXzzBq49lSztun694Fi9cwEyLIZagm3jYnimSW+vpf
qQoFF/U48JGqWfXOt8Evncl6f6MtaGmvaxjguf2aru1EtxS5pdX8/4PtdRcGPmgb
wbn8VDIukn4P8So7v9afdh1eoiFk7Kjq9wzK+jiDcNplpqJtZdUVlD6s7laW4aVs
Ewe7UBk2hlaBxUfl0ztYmwd/3Ln+BjEyVRYpRNFFKGxkUeoNhzY3zRBAqp0dHP3H
bPCUGUGePmzp87283fRtBdRlO9ixk4C3bvZ+kJBXYoE/ootnRdWMuJCYubNh4EtN
+UbOE4J9gXFvO1PlBBxgL9YSc5KY65Y2HPeNoUfrYQIDAQABo4HHMIHEMB0GA1Ud
DgQWBBScTQCZAA6LsAGBdaG68NAl16AcRzAfBgNVHSMEGDAWgBSW3mHxvRwWKVMc
wMx9O4MAQOYafDAPBgkrBgEFBQcwAQUEAgUAMEwGA1UdIARFMEMwQQYJKwYBBAGg
MgFfMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3Jl
cG9zaXRvcnkvMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDCTAN
BgkqhkiG9w0BAQsFAAOCAQEAfz3YGCB7BW/M3Y2KpS/7zfM7W7T+lCGf6V/p5jPm
vxbDuIoYaXvnHSLLAPhJMYqqBwEuxdwgd1yHiq0mHfMlugUMgDIJkNA0kw7MoNFm
Bf/LjVOXkCBaetmy0XH4EHtvtCDrZTFbCsn9WA0yxvlGNiTKAADkJ+6AyFsXc0Dm
rlnTl7gi+zJiEh/a8H618QjuCBrlvBXriEUO3lVf5cRZW9bDwR5i+kcnfaaXXi0O
+p0YhTq6bW+C3Bmb4qI9EPkc+RK1oIwpePTNawmliKdOU9N3r0deD8eIR/MVhsjw
zDgcMZW9en2LPNjFyAkGGPbtcXXBsfgg0vC89/8AQVE9lw==
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIEQzCCAyugAwIBAgIMb9E4LurbQ6lQPTtFMA0GCSqGSIb3DQEBCwUAMGYxCzAJ
BgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTwwOgYDVQQDEzNH
bG9iYWxTaWduIE9yZ2FuaXphdGlvbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0g
RzIwHhcNMTcwMjEzMDcxMTAzWhcNMTcwNTE2MDcxMTAzWjCBjjELMAkGA1UEBhMC
QkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExFTATBgNVBAUTDDIwMTcwMjEz
MTUwNTFNMEsGA1UEAxNER2xvYmFsU2lnbiBPcmdhbml6YXRpb24gVmFsaWRhdGlv
biBDQSAtIFNIQTI1NiAtIEcyIC0gT0NTUCBSZXNwb25kZXIwggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQDSQ5fPMGrj2VLO26fr3gWL1zATIshlqCbeNieK
ZJb6+l+pCgUX9TjwkapZ9c63wS+dyXp/oy1oaa9rGOC5/Zqu7US3FLml1fz/g+11
FwY+aBvBufxUMi6Sfg/xKju/1p92HV6iIWTsqOr3DMr6OINw2mWmom1l1RWUPqzu
VpbhpWwTB7tQGTaGVoHFR+XTO1ibB3/cuf4GMTJVFilE0UUobGRR6g2HNjfNEECq
nR0c/cds8JQZQZ4+bOnzvbzd9G0F1GU72LGTgLdu9n6QkFdigT+ii2dF1Yy4kJi5
s2HgS035Rs4Tgn2BcW87U+UEHGAv1hJzkpjrljYc942hR+thAgMBAAGjgccwgcQw
HQYDVR0OBBYEFJxNAJkADouwAYF1obrw0CXXoBxHMB8GA1UdIwQYMBaAFJbeYfG9
HBYpUxzAzH07gwBA5hp8MA8GCSsGAQUFBzABBQQCBQAwTAYDVR0gBEUwQzBBBgkr
BgEEAaAyAV8wNDAyBggrBgEFBQcCARYmaHR0cHM6Ly93d3cuZ2xvYmFsc2lnbi5j
b20vcmVwb3NpdG9yeS8wDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUF
BwMJMA0GCSqGSIb3DQEBCwUAA4IBAQB/PdgYIHsFb8zdjYqlL/vN8ztbtP6UIZ/p
X+nmM+a/FsO4ihhpe+cdIssA+EkxiqoHAS7F3CB3XIeKrSYd8yW6BQyAMgmQ0DST
Dsyg0WYF/8uNU5eQIFp62bLRcfgQe2+0IOtlMVsKyf1YDTLG+UY2JMoAAOQn7oDI
WxdzQOauWdOXuCL7MmISH9rwfrXxCO4IGuW8FeuIRQ7eVV/lxFlb1sPBHmL6Ryd9
ppdeLQ76nRiFOrptb4LcGZvioj0Q+Rz5ErWgjCl49M1rCaWIp05T03evR14Px4hH
8xWGyPDMOBwxlb16fYs82MXICQYY9u1xdcGx+CDS8Lz3/wBBUT2X
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [public, no-transform, must-revalidate]
Cf-Cache-Status: [MISS]
Cf-Ray: [344e30f7c3472180-EWR]
Content-Length: [1570]
Content-Type: [application/ocsp-response]
Date: [Sat, 25 Mar 2017 01:45:32 GMT]
Etag: ["871dfd23923f1091867a85212b486b7d9d5115b2"]
Expires: [Wed, 29 Mar 2017 01:45:32 GMT]
Last-Modified: [Sat, 25 Mar 2017 01:45:32 GMT]
Server: [cloudflare-nginx]
Set-Cookie: [__cfduid=d0f72114f3a128f612e8705025bd1865b1490406332; expires=Sun, 25-Mar-18 01:45:32 GMT; path=/; domain=.globalsign.com; HttpOnly]
Vary: [Accept-Encoding]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)
This OCSP response was cached at
http://ocsp2.globalsign.com/gsorganizationvalsha2g2 (GET)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp2.globalsign.com/gsorganizationvalsha2g2 (GET)
Size: 1570 bytes (DER data)
Response time: 518.140467ms
Signature algorithm: SHA256WithRSA
Signature type: CA Deligated
Signed by: GlobalSign Organization Validation CA - SHA256 - G2 - OCSP Responder
Issued by: GlobalSign Organization Validation CA - SHA256 - G2
Signing certificate validity: 2017-02-13 - 2017-05-16
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: cloudflare-nginx
Content Delivery Network (CDN): CloudFlare
Cache Information: HIT

URL used for GET request

http:/gsorganizationvalsha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCDHNIIzPu0Rzl%2Fo29FQ%3D%3D

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h
8b0cFilTHMDMfTuDAEDmGnwCDHNIIzPu0Rzl/o29FQ==
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIGHgoBAKCCBhcwggYTBgkrBgEFBQcwAQEEggYEMIIGADCBmqIWBBScTQCZAA6L
sAGBdaG68NAl16AcRxgPMjAxNzAzMjUwMTQ1MzJaMG8wbTBFMAkGBSsOAwIaBQAE
FAyeTZw97e+E2JHpcsfPhAa8GXsHBBSW3mHxvRwWKVMcwMx9O4MAQOYafAIMc0gj
M+7RHOX+jb0VgAAYDzIwMTcwMzI1MDE0NTMyWqARGA8yMDE3MDMyOTAxNDUzMlow
DQYJKoZIhvcNAQELBQADggEBAESqFRwedik7zZ3zNt5DwnCCZBgBB4sz4Ubuzpqq
IArfHeOb5oAjq7tSvjxzTG31zD6wChKb6xbyhK8gUfV1r/G06Tt7jgPyKhdcC6Qc
RQa/FlfpW54iiHPL//NvufgKePe/k+amp1RiakpdqjWlyxF3poi7Y9QzABMGN7s+
DAybcvKQRUr2cC7g8uzPMFFHX0Hqd3ZbedOsy4Y5WbmVBrP4WVH/779zfnnbqLln
dmnCECeP5L15DXgCEnn0eRyjzU0+w1Z+8XYITVqzqfNXOJYYasThSv7WABN6+1EM
g2EhUKQQr/tho87abo8YxlQteXQRfS/K0ewzWY+DuScyx9agggRLMIIERzCCBEMw
ggMroAMCAQICDG/ROC7q20OpUD07RTANBgkqhkiG9w0BAQsFADBmMQswCQYDVQQG
EwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTE8MDoGA1UEAxMzR2xvYmFs
U2lnbiBPcmdhbml6YXRpb24gVmFsaWRhdGlvbiBDQSAtIFNIQTI1NiAtIEcyMB4X
DTE3MDIxMzA3MTEwM1oXDTE3MDUxNjA3MTEwM1owgY4xCzAJBgNVBAYTAkJFMRkw
FwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRUwEwYDVQQFEwwyMDE3MDIxMzE1MDUx
TTBLBgNVBAMTREdsb2JhbFNpZ24gT3JnYW5pemF0aW9uIFZhbGlkYXRpb24gQ0Eg
LSBTSEEyNTYgLSBHMiAtIE9DU1AgUmVzcG9uZGVyMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEA0kOXzzBq49lSztun694Fi9cwEyLIZagm3jYnimSW+vpf
qQoFF/U48JGqWfXOt8Evncl6f6MtaGmvaxjguf2aru1EtxS5pdX8/4PtdRcGPmgb
wbn8VDIukn4P8So7v9afdh1eoiFk7Kjq9wzK+jiDcNplpqJtZdUVlD6s7laW4aVs
Ewe7UBk2hlaBxUfl0ztYmwd/3Ln+BjEyVRYpRNFFKGxkUeoNhzY3zRBAqp0dHP3H
bPCUGUGePmzp87283fRtBdRlO9ixk4C3bvZ+kJBXYoE/ootnRdWMuJCYubNh4EtN
+UbOE4J9gXFvO1PlBBxgL9YSc5KY65Y2HPeNoUfrYQIDAQABo4HHMIHEMB0GA1Ud
DgQWBBScTQCZAA6LsAGBdaG68NAl16AcRzAfBgNVHSMEGDAWgBSW3mHxvRwWKVMc
wMx9O4MAQOYafDAPBgkrBgEFBQcwAQUEAgUAMEwGA1UdIARFMEMwQQYJKwYBBAGg
MgFfMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3Jl
cG9zaXRvcnkvMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDCTAN
BgkqhkiG9w0BAQsFAAOCAQEAfz3YGCB7BW/M3Y2KpS/7zfM7W7T+lCGf6V/p5jPm
vxbDuIoYaXvnHSLLAPhJMYqqBwEuxdwgd1yHiq0mHfMlugUMgDIJkNA0kw7MoNFm
Bf/LjVOXkCBaetmy0XH4EHtvtCDrZTFbCsn9WA0yxvlGNiTKAADkJ+6AyFsXc0Dm
rlnTl7gi+zJiEh/a8H618QjuCBrlvBXriEUO3lVf5cRZW9bDwR5i+kcnfaaXXi0O
+p0YhTq6bW+C3Bmb4qI9EPkc+RK1oIwpePTNawmliKdOU9N3r0deD8eIR/MVhsjw
zDgcMZW9en2LPNjFyAkGGPbtcXXBsfgg0vC89/8AQVE9lw==
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIEQzCCAyugAwIBAgIMb9E4LurbQ6lQPTtFMA0GCSqGSIb3DQEBCwUAMGYxCzAJ
BgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTwwOgYDVQQDEzNH
bG9iYWxTaWduIE9yZ2FuaXphdGlvbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0g
RzIwHhcNMTcwMjEzMDcxMTAzWhcNMTcwNTE2MDcxMTAzWjCBjjELMAkGA1UEBhMC
QkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExFTATBgNVBAUTDDIwMTcwMjEz
MTUwNTFNMEsGA1UEAxNER2xvYmFsU2lnbiBPcmdhbml6YXRpb24gVmFsaWRhdGlv
biBDQSAtIFNIQTI1NiAtIEcyIC0gT0NTUCBSZXNwb25kZXIwggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQDSQ5fPMGrj2VLO26fr3gWL1zATIshlqCbeNieK
ZJb6+l+pCgUX9TjwkapZ9c63wS+dyXp/oy1oaa9rGOC5/Zqu7US3FLml1fz/g+11
FwY+aBvBufxUMi6Sfg/xKju/1p92HV6iIWTsqOr3DMr6OINw2mWmom1l1RWUPqzu
VpbhpWwTB7tQGTaGVoHFR+XTO1ibB3/cuf4GMTJVFilE0UUobGRR6g2HNjfNEECq
nR0c/cds8JQZQZ4+bOnzvbzd9G0F1GU72LGTgLdu9n6QkFdigT+ii2dF1Yy4kJi5
s2HgS035Rs4Tgn2BcW87U+UEHGAv1hJzkpjrljYc942hR+thAgMBAAGjgccwgcQw
HQYDVR0OBBYEFJxNAJkADouwAYF1obrw0CXXoBxHMB8GA1UdIwQYMBaAFJbeYfG9
HBYpUxzAzH07gwBA5hp8MA8GCSsGAQUFBzABBQQCBQAwTAYDVR0gBEUwQzBBBgkr
BgEEAaAyAV8wNDAyBggrBgEFBQcCARYmaHR0cHM6Ly93d3cuZ2xvYmFsc2lnbi5j
b20vcmVwb3NpdG9yeS8wDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUF
BwMJMA0GCSqGSIb3DQEBCwUAA4IBAQB/PdgYIHsFb8zdjYqlL/vN8ztbtP6UIZ/p
X+nmM+a/FsO4ihhpe+cdIssA+EkxiqoHAS7F3CB3XIeKrSYd8yW6BQyAMgmQ0DST
Dsyg0WYF/8uNU5eQIFp62bLRcfgQe2+0IOtlMVsKyf1YDTLG+UY2JMoAAOQn7oDI
WxdzQOauWdOXuCL7MmISH9rwfrXxCO4IGuW8FeuIRQ7eVV/lxFlb1sPBHmL6Ryd9
ppdeLQ76nRiFOrptb4LcGZvioj0Q+Rz5ErWgjCl49M1rCaWIp05T03evR14Px4hH
8xWGyPDMOBwxlb16fYs82MXICQYY9u1xdcGx+CDS8Lz3/wBBUT2X
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [public, no-transform, must-revalidate]
Cf-Cache-Status: [HIT]
Cf-Ray: [344e30f7c5c32210-EWR]
Content-Length: [1570]
Content-Type: [application/ocsp-response]
Date: [Sat, 25 Mar 2017 01:45:32 GMT]
Etag: ["871dfd23923f1091867a85212b486b7d9d5115b2"]
Expires: [Wed, 29 Mar 2017 01:45:32 GMT]
Last-Modified: [Sat, 25 Mar 2017 01:45:32 GMT]
Server: [cloudflare-nginx]
Set-Cookie: [__cfduid=da2aafd43eda4693e3bcb03dc334cdc2f1490406332; expires=Sun, 25-Mar-18 01:45:32 GMT; path=/; domain=.globalsign.com; HttpOnly]
Vary: [Accept-Encoding]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

GlobalSign Organization Validation CA - SHA256 - G2 (CA Certificate)

This certificate was cached at
Certificate details for GlobalSign Organization Validation CA - SHA256 - G2 (At position 1 in certificate chain)
Serial number:
hex: 40000000001444ef04247
int: 4835703278459909592597063
Issued by: GlobalSign Root CA
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: GlobalSign nv-sa
Country: BE
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

Certificate Revocation List (CRL)

This CRL was cached at
http://crl.globalsign.net/root.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://crl.globalsign.net/root.crl
Size: 693 bytes (DER data)
Response time: 17.93231ms
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 5

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: cloudflare-nginx
Content Delivery Network (CDN): CloudFlare
Cache Information: HIT

Raw CRL response headers

Accept-Ranges: [bytes]
Cache-Control: [public, max-age=1814903]
Cf-Cache-Status: [HIT]
Cf-Ray: [344d8a1a93040efd-EWR]
Content-Length: [693]
Content-Type: [application/pkix-crl]
Date: [Fri, 24 Mar 2017 23:51:37 GMT]
Etag: [37]
Expires: [Sat, 15 Apr 2017 00:00:00 GMT]
Last-Modified: [Sat, 07 Jan 2017 00:00:00 GMT]
Server: [cloudflare-nginx]
Set-Cookie: [__cfduid=d9b673d789e1e1c5875e840afaaba2ff81490399497; expires=Sat, 24-Mar-18 23:51:37 GMT; path=/; domain=.globalsign.net; HttpOnly]
Vary: [Accept-Encoding]
  • Content-Type in response is set to 'application/pkix-crl (RFC 5280, section 4.2.1.13)'
  • This CRL file is DER encoded
  • Issuer field is byte-for-byte equivalent with issuers subject
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://ocsp.globalsign.com/rootr1 (GET)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp.globalsign.com/rootr1 (GET)
Size: 1518 bytes (DER data)
Response time: 16.136218ms
Signature algorithm: SHA256WithRSA
Signature type: CA Deligated
Signed by: GlobalSign OCSP for Root R1 - Signer 1.2
Issued by: GlobalSign Root CA
Signing certificate validity: 2016-12-08 - 2017-05-15
Signing certificate algorithm: SHA1-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: cloudflare-nginx
Content Delivery Network (CDN): CloudFlare
Cache Information: HIT

URL used for GET request

http:/rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCCwQAAAAAAURO8EJH

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6+MgGqMQQUYHtm
GkUNl8qJUC99BM00qP/8/UsCCwQAAAAAAURO8EJH
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIF6goBAKCCBeMwggXfBgkrBgEFBQcwAQEEggXQMIIFzDCBmaIWBBTo5D4n+cHT
OzaRhTkWd1PUt9RfihgPMjAxNzAzMjQyMzE5NTdaMG4wbDBEMAkGBSsOAwIaBQAE
FLdXtbacB/gWIxOOkMkqDr4yAaoxBBRge2YaRQ2XyolQL30EzTSo//z9SwILBAAA
AAABRE7wQkeAABgPMjAxNzAzMjQyMzE5NTdaoBEYDzIwMTcwMzI4MjMxOTU3WjAN
BgkqhkiG9w0BAQsFAAOCAQEAxjYzUcuAH4mD0sfozrZ+tttFFnuzDXBssrtBz7Bk
loywB/KC4bdlHTaXRHx7+FhbsytmPRGdZLForiq4mUFgiRFzC/T7lfhtNMH/CVfL
9i4R7t3bwJkUkI1gUbrf+EAmeD8zMLNowD546wZ6p2VkE7Upe5jr2mfKA11RhxND
ee6A5HZcHIKCqb2ooliCr6gJsNFDxMVsV4corzhT9SuoF3RpeKEuEzzuJIMR4bQj
aQQDE1oDflN0JXAxjM4DYrc2k1TuaR8AiyWWPUAvrFRXSLW6bhwbpQ678aBng6Lk
g5TiBk5/Q/uOZQBKpfDQBbnLkRBaQG5G2+mU8hbfmzC+cqCCBBgwggQUMIIEEDCC
AvigAwIBAgIOSPWzECFVLDQzsNCb15cwDQYJKoZIhvcNAQEFBQAwVzELMAkGA1UE
BhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jvb3Qg
Q0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xNjEyMDgwMDAwMDBa
Fw0xNzA1MTUwMDAwMDBaMFsxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxT
aWduIG52LXNhMTEwLwYDVQQDEyhHbG9iYWxTaWduIE9DU1AgZm9yIFJvb3QgUjEg
LSBTaWduZXIgMS4yMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4eJO
rqLb90sYTgrLehHOwNb1Gr8BunC06AZDTH/msQRAp+ILqVzPC60EZsdKc1KGe19h
d27VEP/yOx0aFy1/Hmef8jjg8jbofGyDKJkWi5ho8/nT/TtH2EDmi1SQ5iXFDv0T
zzfcUhTaTzt1y2dAZxJDpYeJ7M22p+Uyx1nZ0MOKSbWUZ8JKe33+q7R1jECE84xp
aLG8JN486hq9e5BogGjIlAwg4JzR/n1NfYg61IGC1aSZzBTcclM9wSTr3suBbEUp
M/NvnkIReL4PHZikXupW0yNOB5A9U16iRoWvVZt9QzLji4YtU8D/uP7L0iCKMuu9
Ho9JlpvMlRLlLl3zYwIDAQABo4HVMIHSMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUE
DDAKBggrBgEFBQcDCTAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBTo5D4n+cHTOzaR
hTkWd1PUt9RfijAfBgNVHSMEGDAWgBRge2YaRQ2XyolQL30EzTSo//z9SzAPBgkr
BgEFBQcwAQUEAgUAMEwGA1UdIARFMEMwQQYJKwYBBAGgMgFfMDQwMgYIKwYBBQUH
AgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMA0GCSqG
SIb3DQEBBQUAA4IBAQA+U6mkht7qiRVGQBUpwmZveLWGVlzshYcUhqXmu+l4qVue
h4BJJt49W5nfDnX/tTQHXG365f3oVn8Dbsqt0K3j2DNZQwjLUmwt36ERjs9h1JlA
R52fmUAIoW/iG/7cy/2iQPcMfh//le05L30MaRs8/5sZwmVc1VxhrCfofbSp/gKy
BH2N4a2KCUNuvHmrdcX0FAx4Wjm/D3iignh8aCunfUktOskMUkSlUxb8UWwTgzJj
blibRmlsc3RmEOiAD+TR7GUSVq9H6B0Kzi4cXJ7dXWhoK+XNzNZX+sfaL+WjeDqd
Mkn4KpoU1NTyUz8PRHLvqUGigfTJ0z2lpy5fD7nU
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIEEDCCAvigAwIBAgIOSPWzECFVLDQzsNCb15cwDQYJKoZIhvcNAQEFBQAwVzEL
MAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsT
B1Jvb3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xNjEyMDgw
MDAwMDBaFw0xNzA1MTUwMDAwMDBaMFsxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBH
bG9iYWxTaWduIG52LXNhMTEwLwYDVQQDEyhHbG9iYWxTaWduIE9DU1AgZm9yIFJv
b3QgUjEgLSBTaWduZXIgMS4yMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA4eJOrqLb90sYTgrLehHOwNb1Gr8BunC06AZDTH/msQRAp+ILqVzPC60EZsdK
c1KGe19hd27VEP/yOx0aFy1/Hmef8jjg8jbofGyDKJkWi5ho8/nT/TtH2EDmi1SQ
5iXFDv0TzzfcUhTaTzt1y2dAZxJDpYeJ7M22p+Uyx1nZ0MOKSbWUZ8JKe33+q7R1
jECE84xpaLG8JN486hq9e5BogGjIlAwg4JzR/n1NfYg61IGC1aSZzBTcclM9wSTr
3suBbEUpM/NvnkIReL4PHZikXupW0yNOB5A9U16iRoWvVZt9QzLji4YtU8D/uP7L
0iCKMuu9Ho9JlpvMlRLlLl3zYwIDAQABo4HVMIHSMA4GA1UdDwEB/wQEAwIHgDAT
BgNVHSUEDDAKBggrBgEFBQcDCTAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBTo5D4n
+cHTOzaRhTkWd1PUt9RfijAfBgNVHSMEGDAWgBRge2YaRQ2XyolQL30EzTSo//z9
SzAPBgkrBgEFBQcwAQUEAgUAMEwGA1UdIARFMEMwQQYJKwYBBAGgMgFfMDQwMgYI
KwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkv
MA0GCSqGSIb3DQEBBQUAA4IBAQA+U6mkht7qiRVGQBUpwmZveLWGVlzshYcUhqXm
u+l4qVueh4BJJt49W5nfDnX/tTQHXG365f3oVn8Dbsqt0K3j2DNZQwjLUmwt36ER
js9h1JlAR52fmUAIoW/iG/7cy/2iQPcMfh//le05L30MaRs8/5sZwmVc1VxhrCfo
fbSp/gKyBH2N4a2KCUNuvHmrdcX0FAx4Wjm/D3iignh8aCunfUktOskMUkSlUxb8
UWwTgzJjblibRmlsc3RmEOiAD+TR7GUSVq9H6B0Kzi4cXJ7dXWhoK+XNzNZX+sfa
L+WjeDqdMkn4KpoU1NTyUz8PRHLvqUGigfTJ0z2lpy5fD7nU
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [public, no-transform, must-revalidate]
Cf-Cache-Status: [HIT]
Cf-Ray: [344d8a1a860b1852-EWR]
Content-Length: [1518]
Content-Type: [application/ocsp-response]
Date: [Fri, 24 Mar 2017 23:51:37 GMT]
Etag: ["2f34ad9ee95ffad9ebff33f306eae42c668aeb0b"]
Expires: [Tue, 28 Mar 2017 23:19:57 GMT]
Last-Modified: [Fri, 24 Mar 2017 23:19:57 GMT]
Server: [cloudflare-nginx]
Set-Cookie: [__cfduid=deeeb9a9510725c8d400299139c20c5381490399497; expires=Sat, 24-Mar-18 23:51:37 GMT; path=/; domain=.globalsign.com; HttpOnly]
Vary: [Accept-Encoding]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)
This OCSP response was cached at
http://ocsp.globalsign.com/rootr1 (POST)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp.globalsign.com/rootr1 (POST)
Size: 1518 bytes (DER data)
Response time: 16.118728ms
Signature algorithm: SHA256WithRSA
Signature type: CA Deligated
Signed by: GlobalSign OCSP for Root R1 - Signer 1.2
Issued by: GlobalSign Root CA
Signing certificate validity: 2016-12-08 - 2017-05-15
Signing certificate algorithm: SHA1-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: cloudflare-nginx
Content Delivery Network (CDN): CloudFlare
Cache Information: HIT

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6+MgGqMQQUYHtm
GkUNl8qJUC99BM00qP/8/UsCCwQAAAAAAURO8EJH
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIF6goBAKCCBeMwggXfBgkrBgEFBQcwAQEEggXQMIIFzDCBmaIWBBTo5D4n+cHT
OzaRhTkWd1PUt9RfihgPMjAxNzAzMjQyMzE5NTdaMG4wbDBEMAkGBSsOAwIaBQAE
FLdXtbacB/gWIxOOkMkqDr4yAaoxBBRge2YaRQ2XyolQL30EzTSo//z9SwILBAAA
AAABRE7wQkeAABgPMjAxNzAzMjQyMzE5NTdaoBEYDzIwMTcwMzI4MjMxOTU3WjAN
BgkqhkiG9w0BAQsFAAOCAQEAxjYzUcuAH4mD0sfozrZ+tttFFnuzDXBssrtBz7Bk
loywB/KC4bdlHTaXRHx7+FhbsytmPRGdZLForiq4mUFgiRFzC/T7lfhtNMH/CVfL
9i4R7t3bwJkUkI1gUbrf+EAmeD8zMLNowD546wZ6p2VkE7Upe5jr2mfKA11RhxND
ee6A5HZcHIKCqb2ooliCr6gJsNFDxMVsV4corzhT9SuoF3RpeKEuEzzuJIMR4bQj
aQQDE1oDflN0JXAxjM4DYrc2k1TuaR8AiyWWPUAvrFRXSLW6bhwbpQ678aBng6Lk
g5TiBk5/Q/uOZQBKpfDQBbnLkRBaQG5G2+mU8hbfmzC+cqCCBBgwggQUMIIEEDCC
AvigAwIBAgIOSPWzECFVLDQzsNCb15cwDQYJKoZIhvcNAQEFBQAwVzELMAkGA1UE
BhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jvb3Qg
Q0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xNjEyMDgwMDAwMDBa
Fw0xNzA1MTUwMDAwMDBaMFsxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxT
aWduIG52LXNhMTEwLwYDVQQDEyhHbG9iYWxTaWduIE9DU1AgZm9yIFJvb3QgUjEg
LSBTaWduZXIgMS4yMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4eJO
rqLb90sYTgrLehHOwNb1Gr8BunC06AZDTH/msQRAp+ILqVzPC60EZsdKc1KGe19h
d27VEP/yOx0aFy1/Hmef8jjg8jbofGyDKJkWi5ho8/nT/TtH2EDmi1SQ5iXFDv0T
zzfcUhTaTzt1y2dAZxJDpYeJ7M22p+Uyx1nZ0MOKSbWUZ8JKe33+q7R1jECE84xp
aLG8JN486hq9e5BogGjIlAwg4JzR/n1NfYg61IGC1aSZzBTcclM9wSTr3suBbEUp
M/NvnkIReL4PHZikXupW0yNOB5A9U16iRoWvVZt9QzLji4YtU8D/uP7L0iCKMuu9
Ho9JlpvMlRLlLl3zYwIDAQABo4HVMIHSMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUE
DDAKBggrBgEFBQcDCTAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBTo5D4n+cHTOzaR
hTkWd1PUt9RfijAfBgNVHSMEGDAWgBRge2YaRQ2XyolQL30EzTSo//z9SzAPBgkr
BgEFBQcwAQUEAgUAMEwGA1UdIARFMEMwQQYJKwYBBAGgMgFfMDQwMgYIKwYBBQUH
AgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMA0GCSqG
SIb3DQEBBQUAA4IBAQA+U6mkht7qiRVGQBUpwmZveLWGVlzshYcUhqXmu+l4qVue
h4BJJt49W5nfDnX/tTQHXG365f3oVn8Dbsqt0K3j2DNZQwjLUmwt36ERjs9h1JlA
R52fmUAIoW/iG/7cy/2iQPcMfh//le05L30MaRs8/5sZwmVc1VxhrCfofbSp/gKy
BH2N4a2KCUNuvHmrdcX0FAx4Wjm/D3iignh8aCunfUktOskMUkSlUxb8UWwTgzJj
blibRmlsc3RmEOiAD+TR7GUSVq9H6B0Kzi4cXJ7dXWhoK+XNzNZX+sfaL+WjeDqd
Mkn4KpoU1NTyUz8PRHLvqUGigfTJ0z2lpy5fD7nU
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIEEDCCAvigAwIBAgIOSPWzECFVLDQzsNCb15cwDQYJKoZIhvcNAQEFBQAwVzEL
MAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsT
B1Jvb3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xNjEyMDgw
MDAwMDBaFw0xNzA1MTUwMDAwMDBaMFsxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBH
bG9iYWxTaWduIG52LXNhMTEwLwYDVQQDEyhHbG9iYWxTaWduIE9DU1AgZm9yIFJv
b3QgUjEgLSBTaWduZXIgMS4yMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA4eJOrqLb90sYTgrLehHOwNb1Gr8BunC06AZDTH/msQRAp+ILqVzPC60EZsdK
c1KGe19hd27VEP/yOx0aFy1/Hmef8jjg8jbofGyDKJkWi5ho8/nT/TtH2EDmi1SQ
5iXFDv0TzzfcUhTaTzt1y2dAZxJDpYeJ7M22p+Uyx1nZ0MOKSbWUZ8JKe33+q7R1
jECE84xpaLG8JN486hq9e5BogGjIlAwg4JzR/n1NfYg61IGC1aSZzBTcclM9wSTr
3suBbEUpM/NvnkIReL4PHZikXupW0yNOB5A9U16iRoWvVZt9QzLji4YtU8D/uP7L
0iCKMuu9Ho9JlpvMlRLlLl3zYwIDAQABo4HVMIHSMA4GA1UdDwEB/wQEAwIHgDAT
BgNVHSUEDDAKBggrBgEFBQcDCTAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBTo5D4n
+cHTOzaRhTkWd1PUt9RfijAfBgNVHSMEGDAWgBRge2YaRQ2XyolQL30EzTSo//z9
SzAPBgkrBgEFBQcwAQUEAgUAMEwGA1UdIARFMEMwQQYJKwYBBAGgMgFfMDQwMgYI
KwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkv
MA0GCSqGSIb3DQEBBQUAA4IBAQA+U6mkht7qiRVGQBUpwmZveLWGVlzshYcUhqXm
u+l4qVueh4BJJt49W5nfDnX/tTQHXG365f3oVn8Dbsqt0K3j2DNZQwjLUmwt36ER
js9h1JlAR52fmUAIoW/iG/7cy/2iQPcMfh//le05L30MaRs8/5sZwmVc1VxhrCfo
fbSp/gKyBH2N4a2KCUNuvHmrdcX0FAx4Wjm/D3iignh8aCunfUktOskMUkSlUxb8
UWwTgzJjblibRmlsc3RmEOiAD+TR7GUSVq9H6B0Kzi4cXJ7dXWhoK+XNzNZX+sfa
L+WjeDqdMkn4KpoU1NTyUz8PRHLvqUGigfTJ0z2lpy5fD7nU
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [public, no-transform, must-revalidate]
Cf-Cache-Status: [HIT]
Cf-Ray: [344d8a1a860c1852-EWR]
Content-Length: [1518]
Content-Type: [application/ocsp-response]
Date: [Fri, 24 Mar 2017 23:51:37 GMT]
Etag: ["2f34ad9ee95ffad9ebff33f306eae42c668aeb0b"]
Expires: [Tue, 28 Mar 2017 23:19:57 GMT]
Last-Modified: [Fri, 24 Mar 2017 23:19:57 GMT]
Server: [cloudflare-nginx]
Set-Cookie: [__cfduid=deeeb9a9510725c8d400299139c20c5381490399497; expires=Sat, 24-Mar-18 23:51:37 GMT; path=/; domain=.globalsign.com; HttpOnly]
Vary: [Accept-Encoding]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

GlobalSign Root CA (CA Certificate)

This certificate was cached at
Certificate details for GlobalSign Root CA (At position 2 in certificate chain)
Serial number:
hex: 40000000001154b5ac394
int: 4835703278459707669005204
Issued by: GlobalSign Root CA
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: GlobalSign nv-sa
Organization unit: Root CA
Country: BE
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

This is a self signed certificate

Check the revocation status for another website

Created by Paul van Brouwershaven
Revoked certificates can't and should not be trusted, these certificate will cause errors like "NET::ERR_CERT_REVOKED" in browsers.