CRL & OCSP report for 0-ec.consumerreports.org.millennium.newport.lib.ca.us - millennium.newport.lib.ca.us (Newport Beach Public Library)

millennium.newport.lib.ca.us

Certificate details for millennium.newport.lib.ca.us (At position 0 in certificate chain)
Serial number:
hex: 2169caf71f09feb91508f13e5769c207
int: 44413831656750577899626615897793872391
Issued by: thawte SSL CA - G2
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: Newport Beach Public Library
Organization unit: Library
State / Province: California
Locality: Newport Beach
Country: US
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

Check certificate compliance for 0-ec.consumerreports.org.millennium.newport.lib.ca.us.

Certificate Revocation List (CRL)

This CRL was cached at
http://tj.symcb.com/tj.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://tj.symcb.com/tj.crl
Size: 127706 bytes (DER data)
Response time: 7.911907ms
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 3636

Relevant server response headers

Date:
Last Modified:

Server and network information

Server Software: Apache
Content Delivery Network (CDN): Akamai
Cache Information: TCP_HIT from a23-215-131-86.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (A)

Raw CRL response headers

Accept-Ranges: [bytes]
Content-Type: [application/pkix-crl]
Date: [Sat, 24 Jun 2017 03:38:32 GMT]
Etag: ["4e191e548481371d20368b0bde879f5e:1498252303"]
Last-Modified: [Fri, 23 Jun 2017 21:11:43 GMT]
Server: [Apache]
Vary: [Accept-Encoding]
X-Cache: [TCP_HIT from a23-215-131-86.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (A)]
  • Content-Type in response is set to 'application/pkix-crl (RFC 5280, section 4.2.1.13)'
  • This CRL file is DER encoded
  • Issuer field is byte-for-byte equivalent with issuers subject
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than seven days old, CRLs must be updated and reissued at least every seven days (Mozilla Maintenance Policy section 3)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is not the same as ThisUpdate (RFC 5019, section 6.2)
  • Expires cache header not set (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://tj.symcd.com (GET)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://tj.symcd.com (GET)
Size: 1413 bytes (DER data)
Response time: 226.358051ms
Signature algorithm: SHA1WithRSA
Signature type: CA Delegated
Signed by: thawte SSL CA - G2 OCSP Responder
Issued by: thawte SSL CA - G2
Signing certificate validity: 2017-04-26 - 2017-07-25
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 116h3m14s

Server and network information

Server Software: nginx/1.10.2
Content Delivery Network (CDN): Akamai
Cache Information: TCP_MISS from a72-247-10-135.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (-)

URL used for GET request

http://tj.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRvdluGAc%2FlYx1bXFBnllP1ugYHmAQUwk9IV%2FzRT5rAXTh9DgXb2S61UmACECFpyvcfCf65FQjxPldpwgc%3D

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFEwTzBNMEswSTAJBgUrDgMCGgUABBRvdluGAc/lYx1bXFBnllP1ugYHmAQUwk9I
V/zRT5rAXTh9DgXb2S61UmACECFpyvcfCf65FQjxPldpwgc=
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIFgQoBAKCCBXowggV2BgkrBgEFBQcwAQEEggVnMIIFYzCBnqIWBBSo8ePKLt6A
nakScCw6GxfyWQBRKxgPMjAxNzA2MjEyMzI3NTVaMHMwcTBJMAkGBSsOAwIaBQAE
FG92W4YBz+VjHVtcUGeWU/W6BgeYBBTCT0hX/NFPmsBdOH0OBdvZLrVSYAIQIWnK
9x8J/rkVCPE+V2nCB4AAGA8yMDE3MDYyMTIzMjc1NVqgERgPMjAxNzA2MjgyMzI3
NTVaMA0GCSqGSIb3DQEBBQUAA4IBAQBZlNsJTz5hTBjdFF3pKCB2Tt8O92Jkrqvr
xFqtLgWcmeiWb0VeZQ5EFv93Z1seeDVKAgaLRU9iMPf3TJPQ9+Hf0Hd+s+Y0R4Og
yuIXt26RGCYH2PHNpDA+VI2q88PRZAVvQZIStcccgdGT6/63owiUGg3o7FFXMcMc
OxTbeWqdn24oDro/VNcn2NYX+5aT6/x6DNlC/plgf3BKKlkUbyniN8vrSUqQVB6o
+pSdsEdc1sVvHS6b8lZ0rEOlvCg/LkYG+/XHMz8K+CZvnw8BOQMJynRF3GBZC62g
x3r4mbhkIobYQnZfXhp1CSQ7sHaMsvcqtHSHRU4ex1J3NG5x48LaoIIDqjCCA6Yw
ggOiMIICiqADAgECAhAFtyBljrDdN6jRzbTIH+Y2MA0GCSqGSIb3DQEBCwUAMEEx
CzAJBgNVBAYTAlVTMRUwEwYDVQQKEwx0aGF3dGUsIEluYy4xGzAZBgNVBAMTEnRo
YXd0ZSBTU0wgQ0EgLSBHMjAeFw0xNzA0MjYwMDAwMDBaFw0xNzA3MjUyMzU5NTla
MCwxKjAoBgNVBAMTIXRoYXd0ZSBTU0wgQ0EgLSBHMiBPQ1NQIFJlc3BvbmRlcjCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJx30ZDrBZAfmw8zmL9jlODG
Hc1Fc4GgXD7z22LSv52vet8Eqkrf4FSQD3mdjCZFJciFO1uBKRkY1MyPN3tvjSFY
8WAG2tNw6V9/tQfdOoZIe3t1FcGm8OeBKznA6p9hc3T4yOJUk8VYsAARR77BlbXU
fMvwso7T4xwCP0VwWvUMwu6jhoJVQ1Wmfcc6SzfK6OZv1YdSECqF/C/rHjBGxYBl
oVGgKUJWZmoiBpYe+bmjLyny2w6qRcHw1gmjquB67crInNocC0VsnO7kzojw59JP
UWnaWaPRmdL2vu3Zm5ZmfxkggbtcCclfyDFXI5PYuyYWs3UFo4CNf6qP7FADSJUC
AwEAAaOBqjCBpzAPBgkrBgEFBQcwAQUEAgUAMCEGA1UdEQQaMBikFjAUMRIwEAYD
VQQDEwlUR1YtRS05ODIwHwYDVR0jBBgwFoAUwk9IV/zRT5rAXTh9DgXb2S61UmAw
HQYDVR0OBBYEFKjx48ou3oCdqRJwLDobF/JZAFErMAwGA1UdEwEB/wQCMAAwEwYD
VR0lBAwwCgYIKwYBBQUHAwkwDgYDVR0PAQH/BAQDAgeAMA0GCSqGSIb3DQEBCwUA
A4IBAQBPun6IH8i7V1dkHanQ9h7eoXPGUX5nip23k4hzo79xeR3e8p7Cxe12ghO6
S7kuxUXN1acalwyB68cXQvI1/9FSpRRs3HXmdK6RJ1aH/KzVxhQ2w+hrmKc8J9Qm
4nadcATgD0RDeHJRWWEWW1WLGLbEsYv+1BxPotro2JwYXvj9xDtdbVndOxR9rpbV
zjotmMKAuFHmt3EHxYIlPOBXMj06lEVdf8uVUKWN0M0CWqbS3LB3JZ8SJE2/ZhsY
nnYNGI+HHJj1JRA0ywSj/jqAim8DZdvMWYT34OZn/7YRvJLHjA7DmZkxcYT8Y3P2
GNdYFy2QCzW78JKqTTZ5Dx7BoCa5
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIDojCCAoqgAwIBAgIQBbcgZY6w3Teo0c20yB/mNjANBgkqhkiG9w0BAQsFADBB
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3RlLCBJbmMuMRswGQYDVQQDExJ0
aGF3dGUgU1NMIENBIC0gRzIwHhcNMTcwNDI2MDAwMDAwWhcNMTcwNzI1MjM1OTU5
WjAsMSowKAYDVQQDEyF0aGF3dGUgU1NMIENBIC0gRzIgT0NTUCBSZXNwb25kZXIw
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCcd9GQ6wWQH5sPM5i/Y5Tg
xh3NRXOBoFw+89ti0r+dr3rfBKpK3+BUkA95nYwmRSXIhTtbgSkZGNTMjzd7b40h
WPFgBtrTcOlff7UH3TqGSHt7dRXBpvDngSs5wOqfYXN0+MjiVJPFWLAAEUe+wZW1
1HzL8LKO0+McAj9FcFr1DMLuo4aCVUNVpn3HOks3yujmb9WHUhAqhfwv6x4wRsWA
ZaFRoClCVmZqIgaWHvm5oy8p8tsOqkXB8NYJo6rgeu3KyJzaHAtFbJzu5M6I8OfS
T1Fp2lmj0ZnS9r7t2ZuWZn8ZIIG7XAnJX8gxVyOT2LsmFrN1BaOAjX+qj+xQA0iV
AgMBAAGjgaowgacwDwYJKwYBBQUHMAEFBAIFADAhBgNVHREEGjAYpBYwFDESMBAG
A1UEAxMJVEdWLUUtOTgyMB8GA1UdIwQYMBaAFMJPSFf80U+awF04fQ4F29kutVJg
MB0GA1UdDgQWBBSo8ePKLt6AnakScCw6GxfyWQBRKzAMBgNVHRMBAf8EAjAAMBMG
A1UdJQQMMAoGCCsGAQUFBwMJMA4GA1UdDwEB/wQEAwIHgDANBgkqhkiG9w0BAQsF
AAOCAQEAT7p+iB/Iu1dXZB2p0PYe3qFzxlF+Z4qdt5OIc6O/cXkd3vKewsXtdoIT
uku5LsVFzdWnGpcMgevHF0LyNf/RUqUUbNx15nSukSdWh/ys1cYUNsPoa5inPCfU
JuJ2nXAE4A9EQ3hyUVlhFltVixi2xLGL/tQcT6La6NicGF74/cQ7XW1Z3TsUfa6W
1c46LZjCgLhR5rdxB8WCJTzgVzI9OpRFXX/LlVCljdDNAlqm0tywdyWfEiRNv2Yb
GJ52DRiPhxyY9SUQNMsEo/46gIpvA2XbzFmE9+DmZ/+2EbySx4wOw5mZMXGE/GNz
9hjXWBctkAs1u/CSqk02eQ8ewaAmuQ==
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [max-age=417794, public, no-transform, must-revalidate]
Content-Length: [1413]
Content-Transfer-Encoding: [binary]
Content-Type: [application/ocsp-response]
Date: [Sat, 24 Jun 2017 03:24:41 GMT]
Expires: [Wed, 28 Jun 2017 23:27:55 GMT]
Last-Modified: [Wed, 21 Jun 2017 23:27:55 GMT]
Server: [nginx/1.10.2]
X-Cache: [TCP_MISS from a72-247-10-135.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (-)]
  • OCSP requests is smaller than 255 bytes
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • OCSP response is valid for at least 8 hours (Microsoft)
  • OCSP response is available at least 8 hours before the current period expires or at ½ the validity if valid for more than 16 hours (Microsoft)
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)
This OCSP response was cached at
http://tj.symcd.com (POST)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://tj.symcd.com (POST)
Size: 1413 bytes (DER data)
Response time: 138.75169ms
Signature algorithm: SHA1WithRSA
Signature type: CA Delegated
Signed by: thawte SSL CA - G2 OCSP Responder
Issued by: thawte SSL CA - G2
Signing certificate validity: 2017-04-26 - 2017-07-25
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 116h3m14s

Server and network information

Server Software: nginx/1.10.2
Content Delivery Network (CDN): Akamai
Cache Information: TCP_MISS from a72-247-10-135.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (-)

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFEwTzBNMEswSTAJBgUrDgMCGgUABBRvdluGAc/lYx1bXFBnllP1ugYHmAQUwk9I
V/zRT5rAXTh9DgXb2S61UmACECFpyvcfCf65FQjxPldpwgc=
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIFgQoBAKCCBXowggV2BgkrBgEFBQcwAQEEggVnMIIFYzCBnqIWBBSo8ePKLt6A
nakScCw6GxfyWQBRKxgPMjAxNzA2MjEyMzI3NTVaMHMwcTBJMAkGBSsOAwIaBQAE
FG92W4YBz+VjHVtcUGeWU/W6BgeYBBTCT0hX/NFPmsBdOH0OBdvZLrVSYAIQIWnK
9x8J/rkVCPE+V2nCB4AAGA8yMDE3MDYyMTIzMjc1NVqgERgPMjAxNzA2MjgyMzI3
NTVaMA0GCSqGSIb3DQEBBQUAA4IBAQBZlNsJTz5hTBjdFF3pKCB2Tt8O92Jkrqvr
xFqtLgWcmeiWb0VeZQ5EFv93Z1seeDVKAgaLRU9iMPf3TJPQ9+Hf0Hd+s+Y0R4Og
yuIXt26RGCYH2PHNpDA+VI2q88PRZAVvQZIStcccgdGT6/63owiUGg3o7FFXMcMc
OxTbeWqdn24oDro/VNcn2NYX+5aT6/x6DNlC/plgf3BKKlkUbyniN8vrSUqQVB6o
+pSdsEdc1sVvHS6b8lZ0rEOlvCg/LkYG+/XHMz8K+CZvnw8BOQMJynRF3GBZC62g
x3r4mbhkIobYQnZfXhp1CSQ7sHaMsvcqtHSHRU4ex1J3NG5x48LaoIIDqjCCA6Yw
ggOiMIICiqADAgECAhAFtyBljrDdN6jRzbTIH+Y2MA0GCSqGSIb3DQEBCwUAMEEx
CzAJBgNVBAYTAlVTMRUwEwYDVQQKEwx0aGF3dGUsIEluYy4xGzAZBgNVBAMTEnRo
YXd0ZSBTU0wgQ0EgLSBHMjAeFw0xNzA0MjYwMDAwMDBaFw0xNzA3MjUyMzU5NTla
MCwxKjAoBgNVBAMTIXRoYXd0ZSBTU0wgQ0EgLSBHMiBPQ1NQIFJlc3BvbmRlcjCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJx30ZDrBZAfmw8zmL9jlODG
Hc1Fc4GgXD7z22LSv52vet8Eqkrf4FSQD3mdjCZFJciFO1uBKRkY1MyPN3tvjSFY
8WAG2tNw6V9/tQfdOoZIe3t1FcGm8OeBKznA6p9hc3T4yOJUk8VYsAARR77BlbXU
fMvwso7T4xwCP0VwWvUMwu6jhoJVQ1Wmfcc6SzfK6OZv1YdSECqF/C/rHjBGxYBl
oVGgKUJWZmoiBpYe+bmjLyny2w6qRcHw1gmjquB67crInNocC0VsnO7kzojw59JP
UWnaWaPRmdL2vu3Zm5ZmfxkggbtcCclfyDFXI5PYuyYWs3UFo4CNf6qP7FADSJUC
AwEAAaOBqjCBpzAPBgkrBgEFBQcwAQUEAgUAMCEGA1UdEQQaMBikFjAUMRIwEAYD
VQQDEwlUR1YtRS05ODIwHwYDVR0jBBgwFoAUwk9IV/zRT5rAXTh9DgXb2S61UmAw
HQYDVR0OBBYEFKjx48ou3oCdqRJwLDobF/JZAFErMAwGA1UdEwEB/wQCMAAwEwYD
VR0lBAwwCgYIKwYBBQUHAwkwDgYDVR0PAQH/BAQDAgeAMA0GCSqGSIb3DQEBCwUA
A4IBAQBPun6IH8i7V1dkHanQ9h7eoXPGUX5nip23k4hzo79xeR3e8p7Cxe12ghO6
S7kuxUXN1acalwyB68cXQvI1/9FSpRRs3HXmdK6RJ1aH/KzVxhQ2w+hrmKc8J9Qm
4nadcATgD0RDeHJRWWEWW1WLGLbEsYv+1BxPotro2JwYXvj9xDtdbVndOxR9rpbV
zjotmMKAuFHmt3EHxYIlPOBXMj06lEVdf8uVUKWN0M0CWqbS3LB3JZ8SJE2/ZhsY
nnYNGI+HHJj1JRA0ywSj/jqAim8DZdvMWYT34OZn/7YRvJLHjA7DmZkxcYT8Y3P2
GNdYFy2QCzW78JKqTTZ5Dx7BoCa5
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIDojCCAoqgAwIBAgIQBbcgZY6w3Teo0c20yB/mNjANBgkqhkiG9w0BAQsFADBB
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3RlLCBJbmMuMRswGQYDVQQDExJ0
aGF3dGUgU1NMIENBIC0gRzIwHhcNMTcwNDI2MDAwMDAwWhcNMTcwNzI1MjM1OTU5
WjAsMSowKAYDVQQDEyF0aGF3dGUgU1NMIENBIC0gRzIgT0NTUCBSZXNwb25kZXIw
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCcd9GQ6wWQH5sPM5i/Y5Tg
xh3NRXOBoFw+89ti0r+dr3rfBKpK3+BUkA95nYwmRSXIhTtbgSkZGNTMjzd7b40h
WPFgBtrTcOlff7UH3TqGSHt7dRXBpvDngSs5wOqfYXN0+MjiVJPFWLAAEUe+wZW1
1HzL8LKO0+McAj9FcFr1DMLuo4aCVUNVpn3HOks3yujmb9WHUhAqhfwv6x4wRsWA
ZaFRoClCVmZqIgaWHvm5oy8p8tsOqkXB8NYJo6rgeu3KyJzaHAtFbJzu5M6I8OfS
T1Fp2lmj0ZnS9r7t2ZuWZn8ZIIG7XAnJX8gxVyOT2LsmFrN1BaOAjX+qj+xQA0iV
AgMBAAGjgaowgacwDwYJKwYBBQUHMAEFBAIFADAhBgNVHREEGjAYpBYwFDESMBAG
A1UEAxMJVEdWLUUtOTgyMB8GA1UdIwQYMBaAFMJPSFf80U+awF04fQ4F29kutVJg
MB0GA1UdDgQWBBSo8ePKLt6AnakScCw6GxfyWQBRKzAMBgNVHRMBAf8EAjAAMBMG
A1UdJQQMMAoGCCsGAQUFBwMJMA4GA1UdDwEB/wQEAwIHgDANBgkqhkiG9w0BAQsF
AAOCAQEAT7p+iB/Iu1dXZB2p0PYe3qFzxlF+Z4qdt5OIc6O/cXkd3vKewsXtdoIT
uku5LsVFzdWnGpcMgevHF0LyNf/RUqUUbNx15nSukSdWh/ys1cYUNsPoa5inPCfU
JuJ2nXAE4A9EQ3hyUVlhFltVixi2xLGL/tQcT6La6NicGF74/cQ7XW1Z3TsUfa6W
1c46LZjCgLhR5rdxB8WCJTzgVzI9OpRFXX/LlVCljdDNAlqm0tywdyWfEiRNv2Yb
GJ52DRiPhxyY9SUQNMsEo/46gIpvA2XbzFmE9+DmZ/+2EbySx4wOw5mZMXGE/GNz
9hjXWBctkAs1u/CSqk02eQ8ewaAmuQ==
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [max-age=417794, public, no-transform, must-revalidate]
Content-Length: [1413]
Content-Transfer-Encoding: [binary]
Content-Type: [application/ocsp-response]
Date: [Sat, 24 Jun 2017 03:24:41 GMT]
Expires: [Wed, 28 Jun 2017 23:27:55 GMT]
Last-Modified: [Wed, 21 Jun 2017 23:27:55 GMT]
Server: [nginx/1.10.2]
X-Cache: [TCP_MISS from a72-247-10-135.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (-)]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • OCSP response is valid for at least 8 hours (Microsoft)
  • OCSP response is available at least 8 hours before the current period expires or at ½ the validity if valid for more than 16 hours (Microsoft)
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

thawte SSL CA - G2 (CA Certificate)

Certificate details for thawte SSL CA - G2 (At position 1 in certificate chain)
Serial number:
hex: 1687d6886de2300685233dbf11bf6597
int: 29948327227862944430780750156152137111
Issued by: thawte Primary Root CA
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: thawte, Inc.
Country: US
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

This certificate contains no information about authoritative CRL(s) or OCSP servers

Check the revocation status for another website

Created by Paul van Brouwershaven
© 2015 - 2017 Digitorus B.V.
Revoked certificates can't and should not be trusted, these certificate will cause errors like "NET::ERR_CERT_REVOKED" in browsers.