CRL & OCSP report for 0-data.historicaltexts.jisc.ac.uk.catalogue.wellcomelibrary.org - *.catalogue.wellcomelibrary.org (The Wellcome Trust Limited)

*.catalogue.wellcomelibrary.org

Certificate details for *.catalogue.wellcomelibrary.org (At position 0 in certificate chain)
Serial number:
hex: 480138650d646501bf3fa22b
int: 22284395949565659000497742379
Issued by: GlobalSign Organization Validation CA - SHA256 - G2
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: The Wellcome Trust Limited
Organization unit: IT
State / Province: London
Locality: London
Country: GB
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

Check certificate compliance for 0-data.historicaltexts.jisc.ac.uk.catalogue.wellcomelibrary.org.

Certificate Revocation List (CRL)

This CRL was cached at
http://crl.globalsign.com/gs/gsorganizationvalsha2g2.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://crl.globalsign.com/gs/gsorganizationvalsha2g2.crl
Size: 115457 bytes (DER data)
Response time: 15.833102ms
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 3501

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: cloudflare-nginx
Content Delivery Network (CDN): CloudFlare, CloudFront
Cache Information: HIT, Miss from cloudfront

Raw CRL response headers

Accept-Ranges: [bytes]
Cache-Control: [public, no-transform, must-revalidate]
Cf-Cache-Status: [HIT]
Cf-Ray: [3569e22ff70a187c-EWR]
Content-Length: [115457]
Content-Type: [application/pkix-crl]
Date: [Fri, 28 Apr 2017 12:04:21 GMT]
Etag: [E47F]
Expires: [Fri, 05 May 2017 04:12:26 GMT]
Last-Modified: [Fri, 28 Apr 2017 04:12:26 GMT]
Server: [cloudflare-nginx]
Set-Cookie: [__cfduid=d74a37894f7df6a172cbbb4f556704d8e1493381061; expires=Sat, 28-Apr-18 12:04:21 GMT; path=/; domain=.globalsign.com; HttpOnly]
Vary: [Accept-Encoding]
Via: [1.1 9c3935366a39acd2af942625478df61e.cloudfront.net (CloudFront)]
X-Amz-Cf-Id: [2HZgWFVxlyX6cW3zCJovwHI0QRgXyYwwL1evfeEYpBtUvJkG099ydw==]
X-Cache: [Miss from cloudfront]
  • Content-Type in response is set to 'application/pkix-crl (RFC 5280, section 4.2.1.13)'
  • This CRL file is DER encoded
  • Issuer field is byte-for-byte equivalent with issuers subject
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than seven days old, CRLs must be updated and reissued at least every seven days (Mozilla Maintenance Policy section 3)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://ocsp2.globalsign.com/gsorganizationvalsha2g2 (POST)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp2.globalsign.com/gsorganizationvalsha2g2 (POST)
Size: 1570 bytes (DER data)
Response time: 271.588693ms
Signature algorithm: SHA256WithRSA
Signature type: CA Deligated
Signed by: GlobalSign Organization Validation CA - SHA256 - G2 - OCSP Responder
Issued by: GlobalSign Organization Validation CA - SHA256 - G2
Signing certificate validity: 2017-02-13 - 2017-05-16
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: cloudflare-nginx
Content Delivery Network (CDN): CloudFlare
Cache Information: EXPIRED

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h
8b0cFilTHMDMfTuDAEDmGnwCDEgBOGUNZGUBvz+iKw==
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIGHgoBAKCCBhcwggYTBgkrBgEFBQcwAQEEggYEMIIGADCBmqIWBBScTQCZAA6L
sAGBdaG68NAl16AcRxgPMjAxNzA0MjQyMTU0NDBaMG8wbTBFMAkGBSsOAwIaBQAE
FAyeTZw97e+E2JHpcsfPhAa8GXsHBBSW3mHxvRwWKVMcwMx9O4MAQOYafAIMSAE4
ZQ1kZQG/P6IrgAAYDzIwMTcwNDI0MjE1NDQwWqARGA8yMDE3MDQyODIxNTQ0MFow
DQYJKoZIhvcNAQELBQADggEBAIx0c1luv8g4H39Fklsv1dYsVN6BOMoCcuynrI1T
Ip+b3CDDZkPGyQS2BQuIeWRHj68wRthsSNPO35a//aMnpsebwSJStijpUFFej03w
movTXdQb6Ur/OowTjk7+3KR9it6TtHL3dD6firOEUm37Y3igpsZ820t+G+brsqvV
FgOUzy53OOyUw4E/5Dx1+JV0sj1sihkB0jc9FqXObkKOwj3JnHk0ziBwkiplrX7Q
OKnhBHHFdUNiqTirU6SK/MBGU50uzzmxjniGs303B4DiV6NcrBc3w43pPbumes6R
afjzdnZzlo4aC/Ptmo2E7O4fb9+pvGOfpfStichS41oc5HugggRLMIIERzCCBEMw
ggMroAMCAQICDG/ROC7q20OpUD07RTANBgkqhkiG9w0BAQsFADBmMQswCQYDVQQG
EwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTE8MDoGA1UEAxMzR2xvYmFs
U2lnbiBPcmdhbml6YXRpb24gVmFsaWRhdGlvbiBDQSAtIFNIQTI1NiAtIEcyMB4X
DTE3MDIxMzA3MTEwM1oXDTE3MDUxNjA3MTEwM1owgY4xCzAJBgNVBAYTAkJFMRkw
FwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRUwEwYDVQQFEwwyMDE3MDIxMzE1MDUx
TTBLBgNVBAMTREdsb2JhbFNpZ24gT3JnYW5pemF0aW9uIFZhbGlkYXRpb24gQ0Eg
LSBTSEEyNTYgLSBHMiAtIE9DU1AgUmVzcG9uZGVyMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEA0kOXzzBq49lSztun694Fi9cwEyLIZagm3jYnimSW+vpf
qQoFF/U48JGqWfXOt8Evncl6f6MtaGmvaxjguf2aru1EtxS5pdX8/4PtdRcGPmgb
wbn8VDIukn4P8So7v9afdh1eoiFk7Kjq9wzK+jiDcNplpqJtZdUVlD6s7laW4aVs
Ewe7UBk2hlaBxUfl0ztYmwd/3Ln+BjEyVRYpRNFFKGxkUeoNhzY3zRBAqp0dHP3H
bPCUGUGePmzp87283fRtBdRlO9ixk4C3bvZ+kJBXYoE/ootnRdWMuJCYubNh4EtN
+UbOE4J9gXFvO1PlBBxgL9YSc5KY65Y2HPeNoUfrYQIDAQABo4HHMIHEMB0GA1Ud
DgQWBBScTQCZAA6LsAGBdaG68NAl16AcRzAfBgNVHSMEGDAWgBSW3mHxvRwWKVMc
wMx9O4MAQOYafDAPBgkrBgEFBQcwAQUEAgUAMEwGA1UdIARFMEMwQQYJKwYBBAGg
MgFfMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3Jl
cG9zaXRvcnkvMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDCTAN
BgkqhkiG9w0BAQsFAAOCAQEAfz3YGCB7BW/M3Y2KpS/7zfM7W7T+lCGf6V/p5jPm
vxbDuIoYaXvnHSLLAPhJMYqqBwEuxdwgd1yHiq0mHfMlugUMgDIJkNA0kw7MoNFm
Bf/LjVOXkCBaetmy0XH4EHtvtCDrZTFbCsn9WA0yxvlGNiTKAADkJ+6AyFsXc0Dm
rlnTl7gi+zJiEh/a8H618QjuCBrlvBXriEUO3lVf5cRZW9bDwR5i+kcnfaaXXi0O
+p0YhTq6bW+C3Bmb4qI9EPkc+RK1oIwpePTNawmliKdOU9N3r0deD8eIR/MVhsjw
zDgcMZW9en2LPNjFyAkGGPbtcXXBsfgg0vC89/8AQVE9lw==
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIEQzCCAyugAwIBAgIMb9E4LurbQ6lQPTtFMA0GCSqGSIb3DQEBCwUAMGYxCzAJ
BgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTwwOgYDVQQDEzNH
bG9iYWxTaWduIE9yZ2FuaXphdGlvbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0g
RzIwHhcNMTcwMjEzMDcxMTAzWhcNMTcwNTE2MDcxMTAzWjCBjjELMAkGA1UEBhMC
QkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExFTATBgNVBAUTDDIwMTcwMjEz
MTUwNTFNMEsGA1UEAxNER2xvYmFsU2lnbiBPcmdhbml6YXRpb24gVmFsaWRhdGlv
biBDQSAtIFNIQTI1NiAtIEcyIC0gT0NTUCBSZXNwb25kZXIwggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQDSQ5fPMGrj2VLO26fr3gWL1zATIshlqCbeNieK
ZJb6+l+pCgUX9TjwkapZ9c63wS+dyXp/oy1oaa9rGOC5/Zqu7US3FLml1fz/g+11
FwY+aBvBufxUMi6Sfg/xKju/1p92HV6iIWTsqOr3DMr6OINw2mWmom1l1RWUPqzu
VpbhpWwTB7tQGTaGVoHFR+XTO1ibB3/cuf4GMTJVFilE0UUobGRR6g2HNjfNEECq
nR0c/cds8JQZQZ4+bOnzvbzd9G0F1GU72LGTgLdu9n6QkFdigT+ii2dF1Yy4kJi5
s2HgS035Rs4Tgn2BcW87U+UEHGAv1hJzkpjrljYc942hR+thAgMBAAGjgccwgcQw
HQYDVR0OBBYEFJxNAJkADouwAYF1obrw0CXXoBxHMB8GA1UdIwQYMBaAFJbeYfG9
HBYpUxzAzH07gwBA5hp8MA8GCSsGAQUFBzABBQQCBQAwTAYDVR0gBEUwQzBBBgkr
BgEEAaAyAV8wNDAyBggrBgEFBQcCARYmaHR0cHM6Ly93d3cuZ2xvYmFsc2lnbi5j
b20vcmVwb3NpdG9yeS8wDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUF
BwMJMA0GCSqGSIb3DQEBCwUAA4IBAQB/PdgYIHsFb8zdjYqlL/vN8ztbtP6UIZ/p
X+nmM+a/FsO4ihhpe+cdIssA+EkxiqoHAS7F3CB3XIeKrSYd8yW6BQyAMgmQ0DST
Dsyg0WYF/8uNU5eQIFp62bLRcfgQe2+0IOtlMVsKyf1YDTLG+UY2JMoAAOQn7oDI
WxdzQOauWdOXuCL7MmISH9rwfrXxCO4IGuW8FeuIRQ7eVV/lxFlb1sPBHmL6Ryd9
ppdeLQ76nRiFOrptb4LcGZvioj0Q+Rz5ErWgjCl49M1rCaWIp05T03evR14Px4hH
8xWGyPDMOBwxlb16fYs82MXICQYY9u1xdcGx+CDS8Lz3/wBBUT2X
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [public, no-transform, must-revalidate]
Cf-Cache-Status: [EXPIRED]
Cf-Ray: [354c4d69b56c1852-EWR]
Content-Length: [1570]
Content-Type: [application/ocsp-response]
Date: [Mon, 24 Apr 2017 21:54:40 GMT]
Etag: ["e71aa56e9d95900d3ab649c20893f0d901b8a493"]
Expires: [Fri, 28 Apr 2017 21:54:40 GMT]
Last-Modified: [Mon, 24 Apr 2017 21:54:40 GMT]
Server: [cloudflare-nginx]
Set-Cookie: [__cfduid=d82bde526cdcecf74ca6128717906364d1493070880; expires=Tue, 24-Apr-18 21:54:40 GMT; path=/; domain=.globalsign.com; HttpOnly]
Vary: [Accept-Encoding]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)
This OCSP response was cached at
http://ocsp2.globalsign.com/gsorganizationvalsha2g2 (GET)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp2.globalsign.com/gsorganizationvalsha2g2 (GET)
Size: 1570 bytes (DER data)
Response time: 6.064475ms
Signature algorithm: SHA256WithRSA
Signature type: CA Deligated
Signed by: GlobalSign Organization Validation CA - SHA256 - G2 - OCSP Responder
Issued by: GlobalSign Organization Validation CA - SHA256 - G2
Signing certificate validity: 2017-02-13 - 2017-05-16
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: cloudflare-nginx
Content Delivery Network (CDN): CloudFlare
Cache Information: UPDATING

URL used for GET request

http:/gsorganizationvalsha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCDEgBOGUNZGUBvz%2BiKw%3D%3D

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h
8b0cFilTHMDMfTuDAEDmGnwCDEgBOGUNZGUBvz+iKw==
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIGHgoBAKCCBhcwggYTBgkrBgEFBQcwAQEEggYEMIIGADCBmqIWBBScTQCZAA6L
sAGBdaG68NAl16AcRxgPMjAxNzA0MjQxNjE3MjBaMG8wbTBFMAkGBSsOAwIaBQAE
FAyeTZw97e+E2JHpcsfPhAa8GXsHBBSW3mHxvRwWKVMcwMx9O4MAQOYafAIMSAE4
ZQ1kZQG/P6IrgAAYDzIwMTcwNDI0MTYxNzIwWqARGA8yMDE3MDQyODE2MTcyMFow
DQYJKoZIhvcNAQELBQADggEBAG+BF27op+wxUq1TuLC82iLibn8QxJZcuWnUPzID
1uu/57TaKl1+RaY+AQgMyQ62NF7ntlpOIzAUTbGoQf409001TCocCuEAKfLJL+v+
8tmJ5vt4tvv/H09/I0i1xJyOTFVbU3pughE5TO3UQ+WeXciQV5c+nHqqL3McCW1S
FtDvXMMKPmVFlxWXXOdziLIQMeRCKsc2qe+oxd71By2NPzxgPVSjVPEkkm2FK39z
dbKpNNAq/yRZdfH2p9zw9VQxeoxcOVMXOuR7/U1eL7h6//X+dn0zvR3WtmaevUQk
xMQESk4Jh+YIKBzfKAy61W8EUPxMTxyERb86Uq0JYIkC/PKgggRLMIIERzCCBEMw
ggMroAMCAQICDG/ROC7q20OpUD07RTANBgkqhkiG9w0BAQsFADBmMQswCQYDVQQG
EwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTE8MDoGA1UEAxMzR2xvYmFs
U2lnbiBPcmdhbml6YXRpb24gVmFsaWRhdGlvbiBDQSAtIFNIQTI1NiAtIEcyMB4X
DTE3MDIxMzA3MTEwM1oXDTE3MDUxNjA3MTEwM1owgY4xCzAJBgNVBAYTAkJFMRkw
FwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRUwEwYDVQQFEwwyMDE3MDIxMzE1MDUx
TTBLBgNVBAMTREdsb2JhbFNpZ24gT3JnYW5pemF0aW9uIFZhbGlkYXRpb24gQ0Eg
LSBTSEEyNTYgLSBHMiAtIE9DU1AgUmVzcG9uZGVyMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEA0kOXzzBq49lSztun694Fi9cwEyLIZagm3jYnimSW+vpf
qQoFF/U48JGqWfXOt8Evncl6f6MtaGmvaxjguf2aru1EtxS5pdX8/4PtdRcGPmgb
wbn8VDIukn4P8So7v9afdh1eoiFk7Kjq9wzK+jiDcNplpqJtZdUVlD6s7laW4aVs
Ewe7UBk2hlaBxUfl0ztYmwd/3Ln+BjEyVRYpRNFFKGxkUeoNhzY3zRBAqp0dHP3H
bPCUGUGePmzp87283fRtBdRlO9ixk4C3bvZ+kJBXYoE/ootnRdWMuJCYubNh4EtN
+UbOE4J9gXFvO1PlBBxgL9YSc5KY65Y2HPeNoUfrYQIDAQABo4HHMIHEMB0GA1Ud
DgQWBBScTQCZAA6LsAGBdaG68NAl16AcRzAfBgNVHSMEGDAWgBSW3mHxvRwWKVMc
wMx9O4MAQOYafDAPBgkrBgEFBQcwAQUEAgUAMEwGA1UdIARFMEMwQQYJKwYBBAGg
MgFfMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3Jl
cG9zaXRvcnkvMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDCTAN
BgkqhkiG9w0BAQsFAAOCAQEAfz3YGCB7BW/M3Y2KpS/7zfM7W7T+lCGf6V/p5jPm
vxbDuIoYaXvnHSLLAPhJMYqqBwEuxdwgd1yHiq0mHfMlugUMgDIJkNA0kw7MoNFm
Bf/LjVOXkCBaetmy0XH4EHtvtCDrZTFbCsn9WA0yxvlGNiTKAADkJ+6AyFsXc0Dm
rlnTl7gi+zJiEh/a8H618QjuCBrlvBXriEUO3lVf5cRZW9bDwR5i+kcnfaaXXi0O
+p0YhTq6bW+C3Bmb4qI9EPkc+RK1oIwpePTNawmliKdOU9N3r0deD8eIR/MVhsjw
zDgcMZW9en2LPNjFyAkGGPbtcXXBsfgg0vC89/8AQVE9lw==
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIEQzCCAyugAwIBAgIMb9E4LurbQ6lQPTtFMA0GCSqGSIb3DQEBCwUAMGYxCzAJ
BgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTwwOgYDVQQDEzNH
bG9iYWxTaWduIE9yZ2FuaXphdGlvbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0g
RzIwHhcNMTcwMjEzMDcxMTAzWhcNMTcwNTE2MDcxMTAzWjCBjjELMAkGA1UEBhMC
QkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExFTATBgNVBAUTDDIwMTcwMjEz
MTUwNTFNMEsGA1UEAxNER2xvYmFsU2lnbiBPcmdhbml6YXRpb24gVmFsaWRhdGlv
biBDQSAtIFNIQTI1NiAtIEcyIC0gT0NTUCBSZXNwb25kZXIwggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQDSQ5fPMGrj2VLO26fr3gWL1zATIshlqCbeNieK
ZJb6+l+pCgUX9TjwkapZ9c63wS+dyXp/oy1oaa9rGOC5/Zqu7US3FLml1fz/g+11
FwY+aBvBufxUMi6Sfg/xKju/1p92HV6iIWTsqOr3DMr6OINw2mWmom1l1RWUPqzu
VpbhpWwTB7tQGTaGVoHFR+XTO1ibB3/cuf4GMTJVFilE0UUobGRR6g2HNjfNEECq
nR0c/cds8JQZQZ4+bOnzvbzd9G0F1GU72LGTgLdu9n6QkFdigT+ii2dF1Yy4kJi5
s2HgS035Rs4Tgn2BcW87U+UEHGAv1hJzkpjrljYc942hR+thAgMBAAGjgccwgcQw
HQYDVR0OBBYEFJxNAJkADouwAYF1obrw0CXXoBxHMB8GA1UdIwQYMBaAFJbeYfG9
HBYpUxzAzH07gwBA5hp8MA8GCSsGAQUFBzABBQQCBQAwTAYDVR0gBEUwQzBBBgkr
BgEEAaAyAV8wNDAyBggrBgEFBQcCARYmaHR0cHM6Ly93d3cuZ2xvYmFsc2lnbi5j
b20vcmVwb3NpdG9yeS8wDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUF
BwMJMA0GCSqGSIb3DQEBCwUAA4IBAQB/PdgYIHsFb8zdjYqlL/vN8ztbtP6UIZ/p
X+nmM+a/FsO4ihhpe+cdIssA+EkxiqoHAS7F3CB3XIeKrSYd8yW6BQyAMgmQ0DST
Dsyg0WYF/8uNU5eQIFp62bLRcfgQe2+0IOtlMVsKyf1YDTLG+UY2JMoAAOQn7oDI
WxdzQOauWdOXuCL7MmISH9rwfrXxCO4IGuW8FeuIRQ7eVV/lxFlb1sPBHmL6Ryd9
ppdeLQ76nRiFOrptb4LcGZvioj0Q+Rz5ErWgjCl49M1rCaWIp05T03evR14Px4hH
8xWGyPDMOBwxlb16fYs82MXICQYY9u1xdcGx+CDS8Lz3/wBBUT2X
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [public, no-transform, must-revalidate]
Cf-Cache-Status: [UPDATING]
Cf-Ray: [354c4d69b072472e-EWR]
Content-Length: [1570]
Content-Type: [application/ocsp-response]
Date: [Mon, 24 Apr 2017 21:54:40 GMT]
Etag: ["5f4de2f97346f4c2e79408fc222c6ad48d4d9c5f"]
Expires: [Fri, 28 Apr 2017 16:17:20 GMT]
Last-Modified: [Mon, 24 Apr 2017 16:17:20 GMT]
Server: [cloudflare-nginx]
Set-Cookie: [__cfduid=d703b8cfb52dd7d784ccd8b550943fd9a1493070880; expires=Tue, 24-Apr-18 21:54:40 GMT; path=/; domain=.globalsign.com; HttpOnly]
Vary: [Accept-Encoding]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

GlobalSign Organization Validation CA - SHA256 - G2 (CA Certificate)

Certificate details for GlobalSign Organization Validation CA - SHA256 - G2 (At position 1 in certificate chain)
Serial number:
hex: 40000000001444ef04247
int: 4835703278459909592597063
Issued by: GlobalSign Root CA
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: GlobalSign nv-sa
Country: BE
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

Certificate Revocation List (CRL)

This CRL was cached at
http://crl.globalsign.net/root.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://crl.globalsign.net/root.crl
Size: 782 bytes (DER data)
Response time: 8.522095ms
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 7

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: cloudflare-nginx
Content Delivery Network (CDN): CloudFlare
Cache Information: HIT

Raw CRL response headers

Accept-Ranges: [bytes]
Cache-Control: [public, max-age=6695681]
Cf-Cache-Status: [HIT]
Cf-Ray: [3569e39fe0442192-EWR]
Content-Length: [782]
Content-Type: [application/pkix-crl]
Date: [Fri, 28 Apr 2017 12:05:19 GMT]
Etag: [39]
Expires: [Sat, 15 Jul 2017 00:00:00 GMT]
Last-Modified: [Wed, 19 Apr 2017 00:00:00 GMT]
Server: [cloudflare-nginx]
Set-Cookie: [__cfduid=dfc5505e06bf1ffe6f87d63856c6b25a51493381119; expires=Sat, 28-Apr-18 12:05:19 GMT; path=/; domain=.globalsign.net; HttpOnly]
Vary: [Accept-Encoding]
  • Content-Type in response is set to 'application/pkix-crl (RFC 5280, section 4.2.1.13)'
  • This CRL file is DER encoded
  • Issuer field is byte-for-byte equivalent with issuers subject
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://ocsp.globalsign.com/rootr1 (POST)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp.globalsign.com/rootr1 (POST)
Size: 1518 bytes (DER data)
Response time: 5.911758ms
Signature algorithm: SHA256WithRSA
Signature type: CA Deligated
Signed by: GlobalSign OCSP for Root R1 - Signer 1.1
Issued by: GlobalSign Root CA
Signing certificate validity: 2017-04-07 - 2017-07-15
Signing certificate algorithm: SHA1-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: cloudflare-nginx
Content Delivery Network (CDN): CloudFlare
Cache Information: HIT

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6+MgGqMQQUYHtm
GkUNl8qJUC99BM00qP/8/UsCCwQAAAAAAURO8EJH
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIF6goBAKCCBeMwggXfBgkrBgEFBQcwAQEEggXQMIIFzDCBmaIWBBRr0IWpLGvT
FeIMvlCoqIzANZCQQRgPMjAxNzA0MjgwOTIxMDBaMG4wbDBEMAkGBSsOAwIaBQAE
FLdXtbacB/gWIxOOkMkqDr4yAaoxBBRge2YaRQ2XyolQL30EzTSo//z9SwILBAAA
AAABRE7wQkeAABgPMjAxNzA0MjgwOTIxMDBaoBEYDzIwMTcwNTAyMDkyMTAwWjAN
BgkqhkiG9w0BAQsFAAOCAQEAfZgwfSp1FbGiK1Cu2CLvE0Yso5I9BZVP6LJPumR2
kCFHFbe/B+g5FWvvqC3GJ4U7gVDIqbs9iibYjFqcoWB+gvPRTbcZUz/gtaV0MGVc
L+RSlYdss1q2zktAdC/UdcCbvbsz6JrJ7VPfXSKlSTd9VBMotSPjwQLeBbB8V0H/
ME1xjGybz60YOJGOyJhNz+C4h463fn+2rvzE75fEmNBkHINQPUaIc58bQ5yRqdK9
EipoGtpBpfTUhlDw5dThQHHAQdgUv2mCjJdV/Kn3X0C2IC3qFahi0+cRdVQnfnVB
Fyz3b+0PVg4db29lBcMPCmgXZKgT6LTSGSLlT7poGFiZv6CCBBgwggQUMIIEEDCC
AvigAwIBAgIOSPWzESmX3xEGSFD3EkEwDQYJKoZIhvcNAQEFBQAwVzELMAkGA1UE
BhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jvb3Qg
Q0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xNzA0MDcwMDAwMDBa
Fw0xNzA3MTUwMDAwMDBaMFsxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxT
aWduIG52LXNhMTEwLwYDVQQDEyhHbG9iYWxTaWduIE9DU1AgZm9yIFJvb3QgUjEg
LSBTaWduZXIgMS4xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuhvF
lmaool/STZVnvGSHel5cQ0D+Ru/AHHAD7pxWRN/ufb2Gq+KLdhWROdAI0eLvaQAV
Om3kxM9IPc0tZMEwI618halKDO1TG5zz/GQMp1r4wuaPqGEaqi6CD+UBFyaGlhLq
nsgB74qjtB5rl6bMy5/3An87DVuKN7IdC6kBuBTuGVk7tDcrS8bPF/LA+AzAz3g7
WTpMSlZAIXrEl5bgXzQHvHfYCpMsmcZBI4NmYgmtCNgphOwkxNQENcQPGhM/4eCj
0k3DtXtPXpp0iTPxVbBi/dQ2SKi73UqPttQNb5AQf2fHjCGClSKHk3sq0NisHrCW
gbcdT4ayMqDjSjh4SwIDAQABo4HVMIHSMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUE
DDAKBggrBgEFBQcDCTAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRr0IWpLGvTFeIM
vlCoqIzANZCQQTAfBgNVHSMEGDAWgBRge2YaRQ2XyolQL30EzTSo//z9SzAPBgkr
BgEFBQcwAQUEAgUAMEwGA1UdIARFMEMwQQYJKwYBBAGgMgFfMDQwMgYIKwYBBQUH
AgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMA0GCSqG
SIb3DQEBBQUAA4IBAQAxKJcSLXgYKslSd0pla6b8U8XXV3cP6kOd4LL40UG/B8gl
qJD+YBGv7oPJDAezG1pzmoqrcBQhKbWG8whhj5fKs56iMiz82Kaovb5s4CaRfcTJ
uzLHrHoLuGbAnLR/S+p2pFVcxNLE9TmQ9X5gwwvnrf/RxWjocetUcqnt7Nvoy/Fo
At16plXiUk1PAiz60EgUvyx4Jm9uirb+G7NQpmaP1FtyAYkBOr/XtbyYd3ZToUqj
9m1iy5o5NlDsBFNR6pYowu0/KJwNs+d5kjr2HtllfMrYP4yTv8fDNed1SyRxw7XH
xwCHbgWc12rPOOt3/hetmIelMQj8esDBp0ZsH3PF
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIEEDCCAvigAwIBAgIOSPWzESmX3xEGSFD3EkEwDQYJKoZIhvcNAQEFBQAwVzEL
MAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsT
B1Jvb3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xNzA0MDcw
MDAwMDBaFw0xNzA3MTUwMDAwMDBaMFsxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBH
bG9iYWxTaWduIG52LXNhMTEwLwYDVQQDEyhHbG9iYWxTaWduIE9DU1AgZm9yIFJv
b3QgUjEgLSBTaWduZXIgMS4xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAuhvFlmaool/STZVnvGSHel5cQ0D+Ru/AHHAD7pxWRN/ufb2Gq+KLdhWROdAI
0eLvaQAVOm3kxM9IPc0tZMEwI618halKDO1TG5zz/GQMp1r4wuaPqGEaqi6CD+UB
FyaGlhLqnsgB74qjtB5rl6bMy5/3An87DVuKN7IdC6kBuBTuGVk7tDcrS8bPF/LA
+AzAz3g7WTpMSlZAIXrEl5bgXzQHvHfYCpMsmcZBI4NmYgmtCNgphOwkxNQENcQP
GhM/4eCj0k3DtXtPXpp0iTPxVbBi/dQ2SKi73UqPttQNb5AQf2fHjCGClSKHk3sq
0NisHrCWgbcdT4ayMqDjSjh4SwIDAQABo4HVMIHSMA4GA1UdDwEB/wQEAwIHgDAT
BgNVHSUEDDAKBggrBgEFBQcDCTAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRr0IWp
LGvTFeIMvlCoqIzANZCQQTAfBgNVHSMEGDAWgBRge2YaRQ2XyolQL30EzTSo//z9
SzAPBgkrBgEFBQcwAQUEAgUAMEwGA1UdIARFMEMwQQYJKwYBBAGgMgFfMDQwMgYI
KwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkv
MA0GCSqGSIb3DQEBBQUAA4IBAQAxKJcSLXgYKslSd0pla6b8U8XXV3cP6kOd4LL4
0UG/B8glqJD+YBGv7oPJDAezG1pzmoqrcBQhKbWG8whhj5fKs56iMiz82Kaovb5s
4CaRfcTJuzLHrHoLuGbAnLR/S+p2pFVcxNLE9TmQ9X5gwwvnrf/RxWjocetUcqnt
7Nvoy/FoAt16plXiUk1PAiz60EgUvyx4Jm9uirb+G7NQpmaP1FtyAYkBOr/XtbyY
d3ZToUqj9m1iy5o5NlDsBFNR6pYowu0/KJwNs+d5kjr2HtllfMrYP4yTv8fDNed1
SyRxw7XHxwCHbgWc12rPOOt3/hetmIelMQj8esDBp0ZsH3PF
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [public, no-transform, must-revalidate]
Cf-Cache-Status: [HIT]
Cf-Ray: [3569e22ff59d220a-EWR]
Content-Length: [1518]
Content-Type: [application/ocsp-response]
Date: [Fri, 28 Apr 2017 12:04:21 GMT]
Etag: ["559b3a0923ceef6a2cf5c6f0d313a53490d9e12f"]
Expires: [Tue, 02 May 2017 09:21:00 GMT]
Last-Modified: [Fri, 28 Apr 2017 09:21:00 GMT]
Server: [cloudflare-nginx]
Set-Cookie: [__cfduid=d8b84acd19a8c98699a8f1bca07cfef881493381061; expires=Sat, 28-Apr-18 12:04:21 GMT; path=/; domain=.globalsign.com; HttpOnly]
Vary: [Accept-Encoding]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)
This OCSP response was cached at
http://ocsp.globalsign.com/rootr1 (GET)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp.globalsign.com/rootr1 (GET)
Size: 1518 bytes (DER data)
Response time: 6.228097ms
Signature algorithm: SHA256WithRSA
Signature type: CA Deligated
Signed by: GlobalSign OCSP for Root R1 - Signer 1.1
Issued by: GlobalSign Root CA
Signing certificate validity: 2017-04-07 - 2017-07-15
Signing certificate algorithm: SHA1-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: cloudflare-nginx
Content Delivery Network (CDN): CloudFlare
Cache Information: HIT

URL used for GET request

http:/rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCCwQAAAAAAURO8EJH

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6+MgGqMQQUYHtm
GkUNl8qJUC99BM00qP/8/UsCCwQAAAAAAURO8EJH
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIF6goBAKCCBeMwggXfBgkrBgEFBQcwAQEEggXQMIIFzDCBmaIWBBRr0IWpLGvT
FeIMvlCoqIzANZCQQRgPMjAxNzA0MjgwOTIxMDBaMG4wbDBEMAkGBSsOAwIaBQAE
FLdXtbacB/gWIxOOkMkqDr4yAaoxBBRge2YaRQ2XyolQL30EzTSo//z9SwILBAAA
AAABRE7wQkeAABgPMjAxNzA0MjgwOTIxMDBaoBEYDzIwMTcwNTAyMDkyMTAwWjAN
BgkqhkiG9w0BAQsFAAOCAQEAfZgwfSp1FbGiK1Cu2CLvE0Yso5I9BZVP6LJPumR2
kCFHFbe/B+g5FWvvqC3GJ4U7gVDIqbs9iibYjFqcoWB+gvPRTbcZUz/gtaV0MGVc
L+RSlYdss1q2zktAdC/UdcCbvbsz6JrJ7VPfXSKlSTd9VBMotSPjwQLeBbB8V0H/
ME1xjGybz60YOJGOyJhNz+C4h463fn+2rvzE75fEmNBkHINQPUaIc58bQ5yRqdK9
EipoGtpBpfTUhlDw5dThQHHAQdgUv2mCjJdV/Kn3X0C2IC3qFahi0+cRdVQnfnVB
Fyz3b+0PVg4db29lBcMPCmgXZKgT6LTSGSLlT7poGFiZv6CCBBgwggQUMIIEEDCC
AvigAwIBAgIOSPWzESmX3xEGSFD3EkEwDQYJKoZIhvcNAQEFBQAwVzELMAkGA1UE
BhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jvb3Qg
Q0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xNzA0MDcwMDAwMDBa
Fw0xNzA3MTUwMDAwMDBaMFsxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxT
aWduIG52LXNhMTEwLwYDVQQDEyhHbG9iYWxTaWduIE9DU1AgZm9yIFJvb3QgUjEg
LSBTaWduZXIgMS4xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuhvF
lmaool/STZVnvGSHel5cQ0D+Ru/AHHAD7pxWRN/ufb2Gq+KLdhWROdAI0eLvaQAV
Om3kxM9IPc0tZMEwI618halKDO1TG5zz/GQMp1r4wuaPqGEaqi6CD+UBFyaGlhLq
nsgB74qjtB5rl6bMy5/3An87DVuKN7IdC6kBuBTuGVk7tDcrS8bPF/LA+AzAz3g7
WTpMSlZAIXrEl5bgXzQHvHfYCpMsmcZBI4NmYgmtCNgphOwkxNQENcQPGhM/4eCj
0k3DtXtPXpp0iTPxVbBi/dQ2SKi73UqPttQNb5AQf2fHjCGClSKHk3sq0NisHrCW
gbcdT4ayMqDjSjh4SwIDAQABo4HVMIHSMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUE
DDAKBggrBgEFBQcDCTAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRr0IWpLGvTFeIM
vlCoqIzANZCQQTAfBgNVHSMEGDAWgBRge2YaRQ2XyolQL30EzTSo//z9SzAPBgkr
BgEFBQcwAQUEAgUAMEwGA1UdIARFMEMwQQYJKwYBBAGgMgFfMDQwMgYIKwYBBQUH
AgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMA0GCSqG
SIb3DQEBBQUAA4IBAQAxKJcSLXgYKslSd0pla6b8U8XXV3cP6kOd4LL40UG/B8gl
qJD+YBGv7oPJDAezG1pzmoqrcBQhKbWG8whhj5fKs56iMiz82Kaovb5s4CaRfcTJ
uzLHrHoLuGbAnLR/S+p2pFVcxNLE9TmQ9X5gwwvnrf/RxWjocetUcqnt7Nvoy/Fo
At16plXiUk1PAiz60EgUvyx4Jm9uirb+G7NQpmaP1FtyAYkBOr/XtbyYd3ZToUqj
9m1iy5o5NlDsBFNR6pYowu0/KJwNs+d5kjr2HtllfMrYP4yTv8fDNed1SyRxw7XH
xwCHbgWc12rPOOt3/hetmIelMQj8esDBp0ZsH3PF
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIEEDCCAvigAwIBAgIOSPWzESmX3xEGSFD3EkEwDQYJKoZIhvcNAQEFBQAwVzEL
MAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsT
B1Jvb3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xNzA0MDcw
MDAwMDBaFw0xNzA3MTUwMDAwMDBaMFsxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBH
bG9iYWxTaWduIG52LXNhMTEwLwYDVQQDEyhHbG9iYWxTaWduIE9DU1AgZm9yIFJv
b3QgUjEgLSBTaWduZXIgMS4xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAuhvFlmaool/STZVnvGSHel5cQ0D+Ru/AHHAD7pxWRN/ufb2Gq+KLdhWROdAI
0eLvaQAVOm3kxM9IPc0tZMEwI618halKDO1TG5zz/GQMp1r4wuaPqGEaqi6CD+UB
FyaGlhLqnsgB74qjtB5rl6bMy5/3An87DVuKN7IdC6kBuBTuGVk7tDcrS8bPF/LA
+AzAz3g7WTpMSlZAIXrEl5bgXzQHvHfYCpMsmcZBI4NmYgmtCNgphOwkxNQENcQP
GhM/4eCj0k3DtXtPXpp0iTPxVbBi/dQ2SKi73UqPttQNb5AQf2fHjCGClSKHk3sq
0NisHrCWgbcdT4ayMqDjSjh4SwIDAQABo4HVMIHSMA4GA1UdDwEB/wQEAwIHgDAT
BgNVHSUEDDAKBggrBgEFBQcDCTAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRr0IWp
LGvTFeIMvlCoqIzANZCQQTAfBgNVHSMEGDAWgBRge2YaRQ2XyolQL30EzTSo//z9
SzAPBgkrBgEFBQcwAQUEAgUAMEwGA1UdIARFMEMwQQYJKwYBBAGgMgFfMDQwMgYI
KwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkv
MA0GCSqGSIb3DQEBBQUAA4IBAQAxKJcSLXgYKslSd0pla6b8U8XXV3cP6kOd4LL4
0UG/B8glqJD+YBGv7oPJDAezG1pzmoqrcBQhKbWG8whhj5fKs56iMiz82Kaovb5s
4CaRfcTJuzLHrHoLuGbAnLR/S+p2pFVcxNLE9TmQ9X5gwwvnrf/RxWjocetUcqnt
7Nvoy/FoAt16plXiUk1PAiz60EgUvyx4Jm9uirb+G7NQpmaP1FtyAYkBOr/XtbyY
d3ZToUqj9m1iy5o5NlDsBFNR6pYowu0/KJwNs+d5kjr2HtllfMrYP4yTv8fDNed1
SyRxw7XHxwCHbgWc12rPOOt3/hetmIelMQj8esDBp0ZsH3PF
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [public, no-transform, must-revalidate]
Cf-Cache-Status: [HIT]
Cf-Ray: [3569e22ff14c0773-EWR]
Content-Length: [1518]
Content-Type: [application/ocsp-response]
Date: [Fri, 28 Apr 2017 12:04:21 GMT]
Etag: ["559b3a0923ceef6a2cf5c6f0d313a53490d9e12f"]
Expires: [Tue, 02 May 2017 09:21:00 GMT]
Last-Modified: [Fri, 28 Apr 2017 09:21:00 GMT]
Server: [cloudflare-nginx]
Set-Cookie: [__cfduid=d6d81ded484cf2ef6517e5e17f3f5e3cd1493381061; expires=Sat, 28-Apr-18 12:04:21 GMT; path=/; domain=.globalsign.com; HttpOnly]
Vary: [Accept-Encoding]
  • OCSP requests is smaller than 255 bytes
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

GlobalSign Root CA (CA Certificate)

Certificate details for GlobalSign Root CA (At position 2 in certificate chain)
Serial number:
hex: 40000000001154b5ac394
int: 4835703278459707669005204
Issued by: GlobalSign Root CA
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: GlobalSign nv-sa
Organization unit: Root CA
Country: BE
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

This is a self signed certificate

Check the revocation status for another website

Created by Paul van Brouwershaven
Revoked certificates can't and should not be trusted, these certificate will cause errors like "NET::ERR_CERT_REVOKED" in browsers.