CRL & OCSP report for 0-dl.acm.org.oasis.unisa.ac.za - oasis.unisa.ac.za (University of South Africa)

oasis.unisa.ac.za

This certificate was cached at
Certificate details for oasis.unisa.ac.za (At position 0 in certificate chain)
Serial number:
hex: 52473d92caa0a068ea971a6d0e1598d5
int: 109366597588326781803279689763542898901
Issued by: Symantec Class 3 Secure Server CA - G4
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: University of South Africa
Organization unit: University Library
State / Province: Gauteng
Locality: Pretoria
Country: ZA
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

View complete certificate details for 0-dl.acm.org.oasis.unisa.ac.za.

Certificate Revocation List (CRL)

This CRL was cached at
http://ss.symcb.com/ss.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://ss.symcb.com/ss.crl
Size: 1225596 bytes (DER data)
Response time: 39.30667ms
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 35006

Relevant server response headers

Date:
Last Modified:

Server and network information

Server Software: Apache
Content Delivery Network (CDN): Akamai
Cache Information: TCP_HIT from a23-219-93-108.deploy.akamaitechnologies.com (AkamaiGHost/8.2.2.1.1-19192351) (-)

Raw CRL response headers

Accept-Ranges: [bytes]
Content-Type: [application/pkix-crl]
Date: [Mon, 20 Feb 2017 08:52:46 GMT]
Etag: ["dcc9ebc41f0d6a1d451f4522d507feb9:1487538689"]
Last-Modified: [Sun, 19 Feb 2017 21:11:29 GMT]
Server: [Apache]
Vary: [Accept-Encoding]
X-Cache: [TCP_HIT from a23-219-93-108.deploy.akamaitechnologies.com (AkamaiGHost/8.2.2.1.1-19192351) (-)]
  • Content-Type in response is set to 'application/pkix-crl (RFC 5280, section 4.2.1.13)'
  • This CRL file is DER encoded
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than seven days old, CRLs must be updated and reissued at least every seven days (Mozilla Maintenance Policy section 3)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is not the same as ThisUpdate (RFC 5019, section 6.2)
  • Expires cache header not set (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://ss.symcd.com (POST)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ss.symcd.com (POST)
Size: 1609 bytes (DER data)
Response time: 127.166927ms
Signature algorithm: SHA1WithRSA
Signature type: CA Deligated
Signed by: Symantec Class 3 Secure Server CA - G4 OCSP Responder
Issued by: Symantec Class 3 Secure Server CA - G4
Signing certificate validity: 2017-02-04 - 2017-05-05
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 126h22m5s

Server and network information

Server Software: nginx/1.10.2
Content Delivery Network (CDN): Akamai
Cache Information: TCP_MISS from a23-219-93-86.deploy.akamaitechnologies.com (AkamaiGHost/8.2.2.1.1-19192351) (-)

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFEwTzBNMEswSTAJBgUrDgMCGgUABBTRsWSLjJ8N0Wujis0rUBfV+c/AZAQUX2DP
YZBV34RDFIpgKrL1evRDGO8CEFJHPZLKoKBo6pcabQ4VmNU=
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIGRQoBAKCCBj4wggY6BgkrBgEFBQcwAQEEggYrMIIGJzCBnqIWBBRFIAKoi4pl
n3X69ekKGnjS8DcLnhgPMjAxNzAyMTYwMzQ4MDZaMHMwcTBJMAkGBSsOAwIaBQAE
FNGxZIuMnw3Ra6OKzStQF9X5z8BkBBRfYM9hkFXfhEMUimAqsvV69EMY7wIQUkc9
ksqgoGjqlxptDhWY1YAAGA8yMDE3MDIxNjAzNDgwNlqgERgPMjAxNzAyMjMwMzQ4
MDZaMA0GCSqGSIb3DQEBBQUAA4IBAQBhm/RyZjhAFc7N0qyW2FhcmwL/DkfUUD60
e2kRANNZ8AXSc/bvr2e7fohRXeQVRL1UCCpllkA11dC/7oAOKvIGJCx46r+zbcX2
jOj7AAmKaG3CFA+03G+nCdHzQID+jx8K6fRWCtnef7t+sPFa15KnXgQeyXubRvsF
qS9r3DefDInNXH0Os1uUuInqJtjHJG2ZUT15oSnKxzlyEuQSxOTbbiSyYD3as/YD
0Syd42iTUXGY2HxGc6XHOpRUIWQdeKRZi+qxljKavYc4PRHNBMWvkAZSmEmiQuVk
R32qVo1hTljHz0zxR/J1sPWe5idVy7L9BNubAXTvPAu9ib9k/VojoIIEbjCCBGow
ggRmMIIDTqADAgECAhBEaJBjaUgF1sr2/bnRxAUhMA0GCSqGSIb3DQEBCwUAMH4x
CzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0G
A1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazEvMC0GA1UEAxMmU3ltYW50ZWMg
Q2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzQwHhcNMTcwMjA0MDAwMDAwWhcN
MTcwNTA1MjM1OTU5WjBAMT4wPAYDVQQDEzVTeW1hbnRlYyBDbGFzcyAzIFNlY3Vy
ZSBTZXJ2ZXIgQ0EgLSBHNCBPQ1NQIFJlc3BvbmRlcjCCASIwDQYJKoZIhvcNAQEB
BQADggEPADCCAQoCggEBAKorQp99vkC6qr9FMqUYxael0Lsma2caI4BjC9k3ZiMw
rp+dvSECA4wbWstHvoB86W8Zmld7Mq1ttWywY03MGfAl96ON0PiOVo1XeDZJuXTb
9bQLUSxVXuzgnwObGDuWVTxpZR3qrFjJe8I2AyvTNPjgAGVwl7uVg3Gd5k91Vvn7
w0bjxB5zGmYSAubCIfzzpr1LFn/mgU8Ju+6LT2qsP1lkNl5NbHeONr1r1usqgi/w
vPaimgi5Yv/cUTSSwwVIrnOXifiKGb/Rt4Io5QAadG9Xwt/ZOc2UhoGbgcKuh/LD
/AYHFyYV6RFExgwbe1R77b2XjRqilbA04jsvcGE8xOsCAwEAAaOCARwwggEYMA8G
CSsGAQUFBzABBQQCBQAwIgYDVR0RBBswGaQXMBUxEzARBgNVBAMTClRHVi1ELTM4
NTcwHwYDVR0jBBgwFoAUX2DPYZBV34RDFIpgKrL1evRDGO8wHQYDVR0OBBYEFEUg
AqiLimWfdfr16QoaeNLwNwueMAwGA1UdEwEB/wQCMAAwbgYDVR0gBGcwZTBjBgtg
hkgBhvhFAQcXAzBUMCYGCCsGAQUFBwIBFhpodHRwOi8vd3d3LnN5bWF1dGguY29t
L2NwczAqBggrBgEFBQcCAjAeGhwgIGh0dHA6Ly93d3cuc3ltYXV0aC5jb20vcnBh
MBMGA1UdJQQMMAoGCCsGAQUFBwMJMA4GA1UdDwEB/wQEAwIHgDANBgkqhkiG9w0B
AQsFAAOCAQEAeBzBYjVYR/3Xm/4EwfOmrVReMsKq9MWqVMnqwKTcEKvxEcfj9r7l
enG5+58Pp8ADypkNgtf+ZqzyjvgjfIuOqviXUJn291KE7qGEFV2M0OVsYR4o+zIx
e7MKrEOgCQGoFkv+ksOL51ITCUibYvsunKIzTBkUNTJ9NdM4wOX9pqrUGyXF08Hu
uv4VbD0CDCRYJF+euTAxGzMQjtgJozyRXywZtHQsOc3HxX4yUvsT7gfGhKOu6IB9
fT+ZJcsrgOB2Xna0B1ygMB51lLP4fpj9u6yqtOTWdNHAiSwQVGvpTmKkcfx3kpaS
nUTrUGtcI9PbBQMnkhdhJIzLryF6u4dEDg==
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIEZjCCA06gAwIBAgIQRGiQY2lIBdbK9v250cQFITANBgkqhkiG9w0BAQsFADB+
MQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAd
BgNVBAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxLzAtBgNVBAMTJlN5bWFudGVj
IENsYXNzIDMgU2VjdXJlIFNlcnZlciBDQSAtIEc0MB4XDTE3MDIwNDAwMDAwMFoX
DTE3MDUwNTIzNTk1OVowQDE+MDwGA1UEAxM1U3ltYW50ZWMgQ2xhc3MgMyBTZWN1
cmUgU2VydmVyIENBIC0gRzQgT0NTUCBSZXNwb25kZXIwggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQCqK0Kffb5Auqq/RTKlGMWnpdC7JmtnGiOAYwvZN2Yj
MK6fnb0hAgOMG1rLR76AfOlvGZpXezKtbbVssGNNzBnwJfejjdD4jlaNV3g2Sbl0
2/W0C1EsVV7s4J8Dmxg7llU8aWUd6qxYyXvCNgMr0zT44ABlcJe7lYNxneZPdVb5
+8NG48QecxpmEgLmwiH886a9SxZ/5oFPCbvui09qrD9ZZDZeTWx3jja9a9brKoIv
8Lz2opoIuWL/3FE0ksMFSK5zl4n4ihm/0beCKOUAGnRvV8Lf2TnNlIaBm4HCrofy
w/wGBxcmFekRRMYMG3tUe+29l40aopWwNOI7L3BhPMTrAgMBAAGjggEcMIIBGDAP
BgkrBgEFBQcwAQUEAgUAMCIGA1UdEQQbMBmkFzAVMRMwEQYDVQQDEwpUR1YtRC0z
ODU3MB8GA1UdIwQYMBaAFF9gz2GQVd+EQxSKYCqy9Xr0QxjvMB0GA1UdDgQWBBRF
IAKoi4pln3X69ekKGnjS8DcLnjAMBgNVHRMBAf8EAjAAMG4GA1UdIARnMGUwYwYL
YIZIAYb4RQEHFwMwVDAmBggrBgEFBQcCARYaaHR0cDovL3d3dy5zeW1hdXRoLmNv
bS9jcHMwKgYIKwYBBQUHAgIwHhocICBodHRwOi8vd3d3LnN5bWF1dGguY29tL3Jw
YTATBgNVHSUEDDAKBggrBgEFBQcDCTAOBgNVHQ8BAf8EBAMCB4AwDQYJKoZIhvcN
AQELBQADggEBAHgcwWI1WEf915v+BMHzpq1UXjLCqvTFqlTJ6sCk3BCr8RHH4/a+
5XpxufufD6fAA8qZDYLX/mas8o74I3yLjqr4l1CZ9vdShO6hhBVdjNDlbGEeKPsy
MXuzCqxDoAkBqBZL/pLDi+dSEwlIm2L7LpyiM0wZFDUyfTXTOMDl/aaq1BslxdPB
7rr+FWw9AgwkWCRfnrkwMRszEI7YCaM8kV8sGbR0LDnNx8V+MlL7E+4HxoSjruiA
fX0/mSXLK4Dgdl52tAdcoDAedZSz+H6Y/busqrTk1nTRwIksEFRr6U5ipHH8d5KW
kp1E61BrXCPT2wUDJ5IXYSSMy68heruHRA4=
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [max-age=454925, public, no-transform, must-revalidate]
Content-Length: [1609]
Content-Transfer-Encoding: [binary]
Content-Type: [application/ocsp-response]
Date: [Fri, 17 Feb 2017 21:26:01 GMT]
Expires: [Thu, 23 Feb 2017 03:48:06 GMT]
Last-Modified: [Thu, 16 Feb 2017 03:48:06 GMT]
Server: [nginx/1.10.2]
X-Cache: [TCP_MISS from a23-219-93-86.deploy.akamaitechnologies.com (AkamaiGHost/8.2.2.1.1-19192351) (-)]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)
This OCSP response was cached at
http://ss.symcd.com (GET)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ss.symcd.com (GET)
Size: 1609 bytes (DER data)
Response time: 162.735845ms
Signature algorithm: SHA1WithRSA
Signature type: CA Deligated
Signed by: Symantec Class 3 Secure Server CA - G4 OCSP Responder
Issued by: Symantec Class 3 Secure Server CA - G4
Signing certificate validity: 2017-02-04 - 2017-05-05
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 126h22m5s

Server and network information

Server Software: nginx/1.10.2
Content Delivery Network (CDN): Akamai
Cache Information: TCP_MISS from a23-219-93-85.deploy.akamaitechnologies.com (AkamaiGHost/8.2.2.1.1-19192351) (-)

URL used for GET request

http:/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTRsWSLjJ8N0Wujis0rUBfV%2Bc%2FAZAQUX2DPYZBV34RDFIpgKrL1evRDGO8CEFJHPZLKoKBo6pcabQ4VmNU%3D

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFEwTzBNMEswSTAJBgUrDgMCGgUABBTRsWSLjJ8N0Wujis0rUBfV+c/AZAQUX2DP
YZBV34RDFIpgKrL1evRDGO8CEFJHPZLKoKBo6pcabQ4VmNU=
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIGRQoBAKCCBj4wggY6BgkrBgEFBQcwAQEEggYrMIIGJzCBnqIWBBRFIAKoi4pl
n3X69ekKGnjS8DcLnhgPMjAxNzAyMTYwMzQ4MDZaMHMwcTBJMAkGBSsOAwIaBQAE
FNGxZIuMnw3Ra6OKzStQF9X5z8BkBBRfYM9hkFXfhEMUimAqsvV69EMY7wIQUkc9
ksqgoGjqlxptDhWY1YAAGA8yMDE3MDIxNjAzNDgwNlqgERgPMjAxNzAyMjMwMzQ4
MDZaMA0GCSqGSIb3DQEBBQUAA4IBAQBhm/RyZjhAFc7N0qyW2FhcmwL/DkfUUD60
e2kRANNZ8AXSc/bvr2e7fohRXeQVRL1UCCpllkA11dC/7oAOKvIGJCx46r+zbcX2
jOj7AAmKaG3CFA+03G+nCdHzQID+jx8K6fRWCtnef7t+sPFa15KnXgQeyXubRvsF
qS9r3DefDInNXH0Os1uUuInqJtjHJG2ZUT15oSnKxzlyEuQSxOTbbiSyYD3as/YD
0Syd42iTUXGY2HxGc6XHOpRUIWQdeKRZi+qxljKavYc4PRHNBMWvkAZSmEmiQuVk
R32qVo1hTljHz0zxR/J1sPWe5idVy7L9BNubAXTvPAu9ib9k/VojoIIEbjCCBGow
ggRmMIIDTqADAgECAhBEaJBjaUgF1sr2/bnRxAUhMA0GCSqGSIb3DQEBCwUAMH4x
CzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0G
A1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazEvMC0GA1UEAxMmU3ltYW50ZWMg
Q2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzQwHhcNMTcwMjA0MDAwMDAwWhcN
MTcwNTA1MjM1OTU5WjBAMT4wPAYDVQQDEzVTeW1hbnRlYyBDbGFzcyAzIFNlY3Vy
ZSBTZXJ2ZXIgQ0EgLSBHNCBPQ1NQIFJlc3BvbmRlcjCCASIwDQYJKoZIhvcNAQEB
BQADggEPADCCAQoCggEBAKorQp99vkC6qr9FMqUYxael0Lsma2caI4BjC9k3ZiMw
rp+dvSECA4wbWstHvoB86W8Zmld7Mq1ttWywY03MGfAl96ON0PiOVo1XeDZJuXTb
9bQLUSxVXuzgnwObGDuWVTxpZR3qrFjJe8I2AyvTNPjgAGVwl7uVg3Gd5k91Vvn7
w0bjxB5zGmYSAubCIfzzpr1LFn/mgU8Ju+6LT2qsP1lkNl5NbHeONr1r1usqgi/w
vPaimgi5Yv/cUTSSwwVIrnOXifiKGb/Rt4Io5QAadG9Xwt/ZOc2UhoGbgcKuh/LD
/AYHFyYV6RFExgwbe1R77b2XjRqilbA04jsvcGE8xOsCAwEAAaOCARwwggEYMA8G
CSsGAQUFBzABBQQCBQAwIgYDVR0RBBswGaQXMBUxEzARBgNVBAMTClRHVi1ELTM4
NTcwHwYDVR0jBBgwFoAUX2DPYZBV34RDFIpgKrL1evRDGO8wHQYDVR0OBBYEFEUg
AqiLimWfdfr16QoaeNLwNwueMAwGA1UdEwEB/wQCMAAwbgYDVR0gBGcwZTBjBgtg
hkgBhvhFAQcXAzBUMCYGCCsGAQUFBwIBFhpodHRwOi8vd3d3LnN5bWF1dGguY29t
L2NwczAqBggrBgEFBQcCAjAeGhwgIGh0dHA6Ly93d3cuc3ltYXV0aC5jb20vcnBh
MBMGA1UdJQQMMAoGCCsGAQUFBwMJMA4GA1UdDwEB/wQEAwIHgDANBgkqhkiG9w0B
AQsFAAOCAQEAeBzBYjVYR/3Xm/4EwfOmrVReMsKq9MWqVMnqwKTcEKvxEcfj9r7l
enG5+58Pp8ADypkNgtf+ZqzyjvgjfIuOqviXUJn291KE7qGEFV2M0OVsYR4o+zIx
e7MKrEOgCQGoFkv+ksOL51ITCUibYvsunKIzTBkUNTJ9NdM4wOX9pqrUGyXF08Hu
uv4VbD0CDCRYJF+euTAxGzMQjtgJozyRXywZtHQsOc3HxX4yUvsT7gfGhKOu6IB9
fT+ZJcsrgOB2Xna0B1ygMB51lLP4fpj9u6yqtOTWdNHAiSwQVGvpTmKkcfx3kpaS
nUTrUGtcI9PbBQMnkhdhJIzLryF6u4dEDg==
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIEZjCCA06gAwIBAgIQRGiQY2lIBdbK9v250cQFITANBgkqhkiG9w0BAQsFADB+
MQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAd
BgNVBAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxLzAtBgNVBAMTJlN5bWFudGVj
IENsYXNzIDMgU2VjdXJlIFNlcnZlciBDQSAtIEc0MB4XDTE3MDIwNDAwMDAwMFoX
DTE3MDUwNTIzNTk1OVowQDE+MDwGA1UEAxM1U3ltYW50ZWMgQ2xhc3MgMyBTZWN1
cmUgU2VydmVyIENBIC0gRzQgT0NTUCBSZXNwb25kZXIwggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQCqK0Kffb5Auqq/RTKlGMWnpdC7JmtnGiOAYwvZN2Yj
MK6fnb0hAgOMG1rLR76AfOlvGZpXezKtbbVssGNNzBnwJfejjdD4jlaNV3g2Sbl0
2/W0C1EsVV7s4J8Dmxg7llU8aWUd6qxYyXvCNgMr0zT44ABlcJe7lYNxneZPdVb5
+8NG48QecxpmEgLmwiH886a9SxZ/5oFPCbvui09qrD9ZZDZeTWx3jja9a9brKoIv
8Lz2opoIuWL/3FE0ksMFSK5zl4n4ihm/0beCKOUAGnRvV8Lf2TnNlIaBm4HCrofy
w/wGBxcmFekRRMYMG3tUe+29l40aopWwNOI7L3BhPMTrAgMBAAGjggEcMIIBGDAP
BgkrBgEFBQcwAQUEAgUAMCIGA1UdEQQbMBmkFzAVMRMwEQYDVQQDEwpUR1YtRC0z
ODU3MB8GA1UdIwQYMBaAFF9gz2GQVd+EQxSKYCqy9Xr0QxjvMB0GA1UdDgQWBBRF
IAKoi4pln3X69ekKGnjS8DcLnjAMBgNVHRMBAf8EAjAAMG4GA1UdIARnMGUwYwYL
YIZIAYb4RQEHFwMwVDAmBggrBgEFBQcCARYaaHR0cDovL3d3dy5zeW1hdXRoLmNv
bS9jcHMwKgYIKwYBBQUHAgIwHhocICBodHRwOi8vd3d3LnN5bWF1dGguY29tL3Jw
YTATBgNVHSUEDDAKBggrBgEFBQcDCTAOBgNVHQ8BAf8EBAMCB4AwDQYJKoZIhvcN
AQELBQADggEBAHgcwWI1WEf915v+BMHzpq1UXjLCqvTFqlTJ6sCk3BCr8RHH4/a+
5XpxufufD6fAA8qZDYLX/mas8o74I3yLjqr4l1CZ9vdShO6hhBVdjNDlbGEeKPsy
MXuzCqxDoAkBqBZL/pLDi+dSEwlIm2L7LpyiM0wZFDUyfTXTOMDl/aaq1BslxdPB
7rr+FWw9AgwkWCRfnrkwMRszEI7YCaM8kV8sGbR0LDnNx8V+MlL7E+4HxoSjruiA
fX0/mSXLK4Dgdl52tAdcoDAedZSz+H6Y/busqrTk1nTRwIksEFRr6U5ipHH8d5KW
kp1E61BrXCPT2wUDJ5IXYSSMy68heruHRA4=
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [max-age=454925, public, no-transform, must-revalidate]
Content-Length: [1609]
Content-Transfer-Encoding: [binary]
Content-Type: [application/ocsp-response]
Date: [Fri, 17 Feb 2017 21:26:01 GMT]
Expires: [Thu, 23 Feb 2017 03:48:06 GMT]
Last-Modified: [Thu, 16 Feb 2017 03:48:06 GMT]
Server: [nginx/1.10.2]
X-Cache: [TCP_MISS from a23-219-93-85.deploy.akamaitechnologies.com (AkamaiGHost/8.2.2.1.1-19192351) (-)]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

Symantec Class 3 Secure Server CA - G4 (CA Certificate)

This certificate was cached at
Certificate details for Symantec Class 3 Secure Server CA - G4 (At position 1 in certificate chain)
Serial number:
hex: 513fb9743870b73440418d30930699ff
int: 107998343814376832458216740669838760447
Issued by: VeriSign Class 3 Public Primary Certification Authority - G5
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: Symantec Corporation
Organization unit: Symantec Trust Network
Country: US
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

Certificate Revocation List (CRL)

This CRL was cached at
http://s1.symcb.com/pca3-g5.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://s1.symcb.com/pca3-g5.crl
Size: 571 bytes (DER data)
Response time: 8.320049ms
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 1

Relevant server response headers

Date:
Last Modified:

Server and network information

Server Software: Apache
Content Delivery Network (CDN): Akamai
Cache Information: TCP_MEM_HIT from a23-219-93-108.deploy.akamaitechnologies.com (AkamaiGHost/8.2.2.1.1-19192351) (-)

Raw CRL response headers

Accept-Ranges: [bytes]
Content-Type: [application/pkix-crl]
Date: [Mon, 20 Feb 2017 08:52:46 GMT]
Etag: ["9ce830b466c3c02d8c43fb9f0232ce31:1482269716"]
Last-Modified: [Tue, 20 Dec 2016 21:35:16 GMT]
Server: [Apache]
Vary: [Accept-Encoding]
X-Cache: [TCP_MEM_HIT from a23-219-93-108.deploy.akamaitechnologies.com (AkamaiGHost/8.2.2.1.1-19192351) (-)]
  • Content-Type in response is set to 'application/pkix-crl (RFC 5280, section 4.2.1.13)'
  • This CRL file is DER encoded
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is not the same as ThisUpdate (RFC 5019, section 6.2)
  • Expires cache header not set (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://s2.symcb.com (POST)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://s2.symcb.com (POST)
Size: 1763 bytes (DER data)
Response time: 8.626835ms
Signature algorithm: SHA1WithRSA
Signature type: CA Deligated
Signed by: Symantec Class 3 PCA - G5 OCSP Responder Certificate 5
Issued by: VeriSign Class 3 Public Primary Certification Authority - G5
Signing certificate validity: 2016-11-22 - 2017-12-14
Signing certificate algorithm: SHA1-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 109h49m17s

Server and network information

Server Software: nginx/1.10.2
Content Delivery Network (CDN): Akamai
Cache Information: TCP_MEM_HIT from a23-219-93-86.deploy.akamaitechnologies.com (AkamaiGHost/8.2.2.1.1-19192351) (-)

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD+Oyl+0LhPg9JxyQm4gQUf9Nl
p8Ld7LvwMAnzQzn6Aq8zMTMCEFE/uXQ4cLc0QEGNMJMGmf8=
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIG3woBAKCCBtgwggbUBgkrBgEFBQcwAQEEggbFMIIGwTCBnqIWBBSQV0mkqBQX
kkwRYz2FfxNyvss3WhgPMjAxNzAyMTcyMjM4MzJaMHMwcTBJMAkGBSsOAwIaBQAE
FLnpsocChQP47KX7QuE+D0nHJCbiBBR/02Wnwt3su/AwCfNDOfoCrzMxMwIQUT+5
dDhwtzRAQY0wkwaZ/4AAGA8yMDE3MDIxNzIyMzgzMlqgERgPMjAxNzAyMjQyMjM4
MzJaMA0GCSqGSIb3DQEBBQUAA4IBAQAKPJ7OInleTKjRfgliE47koIvTdBH0CTFM
KGma/quBRvdcn9FkjvPVuEVnblRQHtDnLamK/TjPUvcV9T2x5NC1p4jBEbLPpzf8
+N53K3SWymlLSqOWGZyZNvJe66i0N/pIs6gHrIWau3L3AZL59yFOV8zj1oeq2yN9
McAehG6vRYAkRp8S8fiJKIROxPpwB0gY1Z94UA/BLqWiWrIJQ3G20RQ6JWFhXs+t
MfsDHBJ2snYYB1jaYCT6mafiyBCo3dHV06JogdnPIfgYC56cnjNmq9lddEQrYVtq
QQst6k+e6QIIfnikES8Fq/OeVBjRSqMwQGzpYTDR2oEUfDSYBJpaoIIFCDCCBQQw
ggUAMIID6KADAgECAhBegKApA8bSjw2IPI2R/lTmMA0GCSqGSIb3DQEBBQUAMIHK
MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsT
FlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAyMDA2IFZlcmlT
aWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZl
cmlTaWduIENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRo
b3JpdHkgLSBHNTAeFw0xNjExMjIwMDAwMDBaFw0xNzEyMTQyMzU5NTlaMIGOMQsw
CQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAdBgNV
BAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxPzA9BgNVBAMTNlN5bWFudGVjIENs
YXNzIDMgUENBIC0gRzUgT0NTUCBSZXNwb25kZXIgQ2VydGlmaWNhdGUgNTCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKus48ejAx2d5OuOkBmO8gS4pszt
8W2iz3wKtJEX477WzDFyVVpOrWIQ1x0LhJWsdMUgZJP4Fu4InU+VFa5OWfdsUp0S
ayC8Ual6x2cENCgsuwaoUnCLNw2xBDBDAmqMKVoW5hb1/pq3lSt+4gYzv8iweNti
Gi0H2pqGwitTXjA8Nu2mGSH4KAPIMn0S0htUvmZYfZ0FhDbNjswoxumZMf696yPn
H0jCh3xguXl5FzxCrXqbcSQAhP0dgu11ES3U0Ev6IQ0LwsjfgnmJwTiz2y0tuvzW
zD/XLNNbvluii9g12GXvNL7JquIKRAqIdKQ7EZsX+SkKSvIR9gBcZlaa8kcCAwEA
AaOCARowggEWMAwGA1UdEwEB/wQCMAAwbAYDVR0gBGUwYzBhBgtghkgBhvhFAQcX
AzBSMCYGCCsGAQUFBwIBFhpodHRwOi8vd3d3LnN5bWF1dGguY29tL2NwczAoBggr
BgEFBQcCAjAcGhpodHRwOi8vd3d3LnN5bWF1dGguY29tL3JwYTATBgNVHSUEDDAK
BggrBgEFBQcDCTAOBgNVHQ8BAf8EBAMCB4AwDwYJKwYBBQUHMAEFBAIFADAiBgNV
HREEGzAZpBcwFTETMBEGA1UEAxMKVEdWLU9GRi01MDAdBgNVHQ4EFgQUkFdJpKgU
F5JMEWM9hX8Tcr7LN1owHwYDVR0jBBgwFoAUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMw
DQYJKoZIhvcNAQEFBQADggEBADx3TgsGZ9TU1FPRb8Ew9gv8YbDGqCoQxyspWLhU
tmnlJB20v08UjaCOOqm5R46EUt5q20++48jOhmO7M/SZKKPUoft5zE5LJjzgqlV4
QY8pAztecC5EEo0nfinPziS79FZacG/5is4Ogn25LwXaluQ11ZIe8NwTgySeLWKu
UV/cW2STVkrjczfg/i315quNHatQ49FUabhuCdEsmpDAX6MXWQgGr9TpX013D4Iv
TvC4Ybky6xFHj9eINHEkLzyrxrvmNhAgtn+m7fQ14H42X+NWDOBZ7a0UN2Bl46wP
KgTweDBW4KopH+VIYRwt8XjKjMiKkTMHxIU//xr1OCcvg+c=
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIQXoCgKQPG0o8NiDyNkf5U5jANBgkqhkiG9w0BAQUFADCB
yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp
U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW
ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0
aG9yaXR5IC0gRzUwHhcNMTYxMTIyMDAwMDAwWhcNMTcxMjE0MjM1OTU5WjCBjjEL
MAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYD
VQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMT8wPQYDVQQDEzZTeW1hbnRlYyBD
bGFzcyAzIFBDQSAtIEc1IE9DU1AgUmVzcG9uZGVyIENlcnRpZmljYXRlIDUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrrOPHowMdneTrjpAZjvIEuKbM
7fFtos98CrSRF+O+1swxclVaTq1iENcdC4SVrHTFIGST+BbuCJ1PlRWuTln3bFKd
EmsgvFGpesdnBDQoLLsGqFJwizcNsQQwQwJqjClaFuYW9f6at5UrfuIGM7/IsHjb
YhotB9qahsIrU14wPDbtphkh+CgDyDJ9EtIbVL5mWH2dBYQ2zY7MKMbpmTH+vesj
5x9Iwod8YLl5eRc8Qq16m3EkAIT9HYLtdREt1NBL+iENC8LI34J5icE4s9stLbr8
1sw/1yzTW75boovYNdhl7zS+yariCkQKiHSkOxGbF/kpCkryEfYAXGZWmvJHAgMB
AAGjggEaMIIBFjAMBgNVHRMBAf8EAjAAMGwGA1UdIARlMGMwYQYLYIZIAYb4RQEH
FwMwUjAmBggrBgEFBQcCARYaaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9jcHMwKAYI
KwYBBQUHAgIwHBoaaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9ycGEwEwYDVR0lBAww
CgYIKwYBBQUHAwkwDgYDVR0PAQH/BAQDAgeAMA8GCSsGAQUFBzABBQQCBQAwIgYD
VR0RBBswGaQXMBUxEzARBgNVBAMTClRHVi1PRkYtNTAwHQYDVR0OBBYEFJBXSaSo
FBeSTBFjPYV/E3K+yzdaMB8GA1UdIwQYMBaAFH/TZafC3ey78DAJ80M5+gKvMzEz
MA0GCSqGSIb3DQEBBQUAA4IBAQA8d04LBmfU1NRT0W/BMPYL/GGwxqgqEMcrKVi4
VLZp5SQdtL9PFI2gjjqpuUeOhFLeattPvuPIzoZjuzP0mSij1KH7ecxOSyY84KpV
eEGPKQM7XnAuRBKNJ34pz84ku/RWWnBv+YrODoJ9uS8F2pbkNdWSHvDcE4Mkni1i
rlFf3Ftkk1ZK43M34P4t9earjR2rUOPRVGm4bgnRLJqQwF+jF1kIBq/U6V9Ndw+C
L07wuGG5MusRR4/XiDRxJC88q8a75jYQILZ/pu30NeB+Nl/jVgzgWe2tFDdgZeOs
DyoE8HgwVuCqKR/lSGEcLfF4yozIipEzB8SFP/8a9TgnL4Pn
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [max-age=395357, public, no-transform, must-revalidate]
Content-Length: [1763]
Content-Transfer-Encoding: [binary]
Content-Type: [application/ocsp-response]
Date: [Mon, 20 Feb 2017 08:52:46 GMT]
Expires: [Fri, 24 Feb 2017 22:38:32 GMT]
Last-Modified: [Fri, 17 Feb 2017 22:38:32 GMT]
Server: [nginx/1.10.2]
X-Cache: [TCP_MEM_HIT from a23-219-93-86.deploy.akamaitechnologies.com (AkamaiGHost/8.2.2.1.1-19192351) (-)]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header outlives NextUpdate with 3m31s
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)
This OCSP response was cached at
http://s2.symcb.com (GET)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://s2.symcb.com (GET)
Size: 1763 bytes (DER data)
Response time: 5.351858ms
Signature algorithm: SHA1WithRSA
Signature type: CA Deligated
Signed by: Symantec Class 3 PCA - G5 OCSP Responder Certificate 5
Issued by: VeriSign Class 3 Public Primary Certification Authority - G5
Signing certificate validity: 2016-11-22 - 2017-12-14
Signing certificate algorithm: SHA1-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 109h47m8s

Server and network information

Server Software: nginx/1.10.2
Content Delivery Network (CDN): Akamai
Cache Information: TCP_MEM_HIT from a23-219-93-86.deploy.akamaitechnologies.com (AkamaiGHost/8.2.2.1.1-19192351) (-)

URL used for GET request

http:/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD%2BOyl%2B0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEFE%2FuXQ4cLc0QEGNMJMGmf8%3D

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD+Oyl+0LhPg9JxyQm4gQUf9Nl
p8Ld7LvwMAnzQzn6Aq8zMTMCEFE/uXQ4cLc0QEGNMJMGmf8=
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIG3woBAKCCBtgwggbUBgkrBgEFBQcwAQEEggbFMIIGwTCBnqIWBBSQV0mkqBQX
kkwRYz2FfxNyvss3WhgPMjAxNzAyMTcyMjM4MzJaMHMwcTBJMAkGBSsOAwIaBQAE
FLnpsocChQP47KX7QuE+D0nHJCbiBBR/02Wnwt3su/AwCfNDOfoCrzMxMwIQUT+5
dDhwtzRAQY0wkwaZ/4AAGA8yMDE3MDIxNzIyMzgzMlqgERgPMjAxNzAyMjQyMjM4
MzJaMA0GCSqGSIb3DQEBBQUAA4IBAQAKPJ7OInleTKjRfgliE47koIvTdBH0CTFM
KGma/quBRvdcn9FkjvPVuEVnblRQHtDnLamK/TjPUvcV9T2x5NC1p4jBEbLPpzf8
+N53K3SWymlLSqOWGZyZNvJe66i0N/pIs6gHrIWau3L3AZL59yFOV8zj1oeq2yN9
McAehG6vRYAkRp8S8fiJKIROxPpwB0gY1Z94UA/BLqWiWrIJQ3G20RQ6JWFhXs+t
MfsDHBJ2snYYB1jaYCT6mafiyBCo3dHV06JogdnPIfgYC56cnjNmq9lddEQrYVtq
QQst6k+e6QIIfnikES8Fq/OeVBjRSqMwQGzpYTDR2oEUfDSYBJpaoIIFCDCCBQQw
ggUAMIID6KADAgECAhBegKApA8bSjw2IPI2R/lTmMA0GCSqGSIb3DQEBBQUAMIHK
MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsT
FlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAyMDA2IFZlcmlT
aWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZl
cmlTaWduIENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRo
b3JpdHkgLSBHNTAeFw0xNjExMjIwMDAwMDBaFw0xNzEyMTQyMzU5NTlaMIGOMQsw
CQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAdBgNV
BAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxPzA9BgNVBAMTNlN5bWFudGVjIENs
YXNzIDMgUENBIC0gRzUgT0NTUCBSZXNwb25kZXIgQ2VydGlmaWNhdGUgNTCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKus48ejAx2d5OuOkBmO8gS4pszt
8W2iz3wKtJEX477WzDFyVVpOrWIQ1x0LhJWsdMUgZJP4Fu4InU+VFa5OWfdsUp0S
ayC8Ual6x2cENCgsuwaoUnCLNw2xBDBDAmqMKVoW5hb1/pq3lSt+4gYzv8iweNti
Gi0H2pqGwitTXjA8Nu2mGSH4KAPIMn0S0htUvmZYfZ0FhDbNjswoxumZMf696yPn
H0jCh3xguXl5FzxCrXqbcSQAhP0dgu11ES3U0Ev6IQ0LwsjfgnmJwTiz2y0tuvzW
zD/XLNNbvluii9g12GXvNL7JquIKRAqIdKQ7EZsX+SkKSvIR9gBcZlaa8kcCAwEA
AaOCARowggEWMAwGA1UdEwEB/wQCMAAwbAYDVR0gBGUwYzBhBgtghkgBhvhFAQcX
AzBSMCYGCCsGAQUFBwIBFhpodHRwOi8vd3d3LnN5bWF1dGguY29tL2NwczAoBggr
BgEFBQcCAjAcGhpodHRwOi8vd3d3LnN5bWF1dGguY29tL3JwYTATBgNVHSUEDDAK
BggrBgEFBQcDCTAOBgNVHQ8BAf8EBAMCB4AwDwYJKwYBBQUHMAEFBAIFADAiBgNV
HREEGzAZpBcwFTETMBEGA1UEAxMKVEdWLU9GRi01MDAdBgNVHQ4EFgQUkFdJpKgU
F5JMEWM9hX8Tcr7LN1owHwYDVR0jBBgwFoAUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMw
DQYJKoZIhvcNAQEFBQADggEBADx3TgsGZ9TU1FPRb8Ew9gv8YbDGqCoQxyspWLhU
tmnlJB20v08UjaCOOqm5R46EUt5q20++48jOhmO7M/SZKKPUoft5zE5LJjzgqlV4
QY8pAztecC5EEo0nfinPziS79FZacG/5is4Ogn25LwXaluQ11ZIe8NwTgySeLWKu
UV/cW2STVkrjczfg/i315quNHatQ49FUabhuCdEsmpDAX6MXWQgGr9TpX013D4Iv
TvC4Ybky6xFHj9eINHEkLzyrxrvmNhAgtn+m7fQ14H42X+NWDOBZ7a0UN2Bl46wP
KgTweDBW4KopH+VIYRwt8XjKjMiKkTMHxIU//xr1OCcvg+c=
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIQXoCgKQPG0o8NiDyNkf5U5jANBgkqhkiG9w0BAQUFADCB
yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp
U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW
ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0
aG9yaXR5IC0gRzUwHhcNMTYxMTIyMDAwMDAwWhcNMTcxMjE0MjM1OTU5WjCBjjEL
MAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYD
VQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMT8wPQYDVQQDEzZTeW1hbnRlYyBD
bGFzcyAzIFBDQSAtIEc1IE9DU1AgUmVzcG9uZGVyIENlcnRpZmljYXRlIDUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrrOPHowMdneTrjpAZjvIEuKbM
7fFtos98CrSRF+O+1swxclVaTq1iENcdC4SVrHTFIGST+BbuCJ1PlRWuTln3bFKd
EmsgvFGpesdnBDQoLLsGqFJwizcNsQQwQwJqjClaFuYW9f6at5UrfuIGM7/IsHjb
YhotB9qahsIrU14wPDbtphkh+CgDyDJ9EtIbVL5mWH2dBYQ2zY7MKMbpmTH+vesj
5x9Iwod8YLl5eRc8Qq16m3EkAIT9HYLtdREt1NBL+iENC8LI34J5icE4s9stLbr8
1sw/1yzTW75boovYNdhl7zS+yariCkQKiHSkOxGbF/kpCkryEfYAXGZWmvJHAgMB
AAGjggEaMIIBFjAMBgNVHRMBAf8EAjAAMGwGA1UdIARlMGMwYQYLYIZIAYb4RQEH
FwMwUjAmBggrBgEFBQcCARYaaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9jcHMwKAYI
KwYBBQUHAgIwHBoaaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9ycGEwEwYDVR0lBAww
CgYIKwYBBQUHAwkwDgYDVR0PAQH/BAQDAgeAMA8GCSsGAQUFBzABBQQCBQAwIgYD
VR0RBBswGaQXMBUxEzARBgNVBAMTClRHVi1PRkYtNTAwHQYDVR0OBBYEFJBXSaSo
FBeSTBFjPYV/E3K+yzdaMB8GA1UdIwQYMBaAFH/TZafC3ey78DAJ80M5+gKvMzEz
MA0GCSqGSIb3DQEBBQUAA4IBAQA8d04LBmfU1NRT0W/BMPYL/GGwxqgqEMcrKVi4
VLZp5SQdtL9PFI2gjjqpuUeOhFLeattPvuPIzoZjuzP0mSij1KH7ecxOSyY84KpV
eEGPKQM7XnAuRBKNJ34pz84ku/RWWnBv+YrODoJ9uS8F2pbkNdWSHvDcE4Mkni1i
rlFf3Ftkk1ZK43M34P4t9earjR2rUOPRVGm4bgnRLJqQwF+jF1kIBq/U6V9Ndw+C
L07wuGG5MusRR4/XiDRxJC88q8a75jYQILZ/pu30NeB+Nl/jVgzgWe2tFDdgZeOs
DyoE8HgwVuCqKR/lSGEcLfF4yozIipEzB8SFP/8a9TgnL4Pn
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [max-age=395228, public, no-transform, must-revalidate]
Content-Length: [1763]
Content-Transfer-Encoding: [binary]
Content-Type: [application/ocsp-response]
Date: [Mon, 20 Feb 2017 08:52:46 GMT]
Expires: [Fri, 24 Feb 2017 22:38:32 GMT]
Last-Modified: [Fri, 17 Feb 2017 22:38:32 GMT]
Server: [nginx/1.10.2]
X-Cache: [TCP_MEM_HIT from a23-219-93-86.deploy.akamaitechnologies.com (AkamaiGHost/8.2.2.1.1-19192351) (-)]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header outlives NextUpdate with 1m22s
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

VeriSign Class 3 Public Primary Certification Authority - G5 (CA Certificate)

This certificate was cached at
Certificate details for VeriSign Class 3 Public Primary Certification Authority - G5 (At position 2 in certificate chain)
Serial number:
hex: 18dad19e267de8bb4a2158cdcc6b3b4a
int: 33037644167568058970164719475676101450
Issued by: VeriSign Class 3 Public Primary Certification Authority - G5
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: VeriSign, Inc.
Organization unit: VeriSign Trust Network
Organization unit: (c) 2006 VeriSign, Inc. - For authorized use only
Country: US
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

This is a self signed certificate

Check the revocation status for another website

Created by Paul van Brouwershaven
Revoked certificates can't and should not be trusted, these certificate will cause errors like "NET::ERR_CERT_REVOKED" in browsers.