CRL & OCSP report for 0-essential.bna.com.library.ggu.edu - library.ggu.edu (Golden Gate University)

library.ggu.edu

Certificate details for library.ggu.edu (At position 0 in certificate chain)
Serial number:
hex: 3fab5ea030581540bdbdebf20dae1ea8
int: 84631165735229667364243180793346530984
Issued by: GeoTrust SSL CA - G3
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: Golden Gate University
State / Province: California
Locality: San Francisco
Country: US
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

Check certificate compliance for 0-essential.bna.com.library.ggu.edu.

Certificate Revocation List (CRL)

This CRL was cached at
http://gn.symcb.com/gn.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://gn.symcb.com/gn.crl
Size: 143068 bytes (DER data)
Response time: 9.668344ms
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 4075

Relevant server response headers

Date:
Last Modified:

Server and network information

Server Software: Apache
Content Delivery Network (CDN): Akamai
Cache Information: TCP_HIT from a23-215-131-111.deploy.akamaitechnologies.com (AkamaiGHost/8.3.4.1.1-20063003) (-)

Raw CRL response headers

Accept-Ranges: [bytes]
Content-Type: [application/pkix-crl]
Date: [Tue, 30 May 2017 05:25:01 GMT]
Etag: ["38a9dc9bde60d63c741a78c1d8d4eafc:1496092283"]
Last-Modified: [Mon, 29 May 2017 21:11:23 GMT]
Server: [Apache]
Vary: [Accept-Encoding]
X-Cache: [TCP_HIT from a23-215-131-111.deploy.akamaitechnologies.com (AkamaiGHost/8.3.4.1.1-20063003) (-)]
  • Content-Type in response is set to 'application/pkix-crl (RFC 5280, section 4.2.1.13)'
  • This CRL file is DER encoded
  • Issuer field is byte-for-byte equivalent with issuers subject
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than seven days old, CRLs must be updated and reissued at least every seven days (Mozilla Maintenance Policy section 3)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is not the same as ThisUpdate (RFC 5019, section 6.2)
  • Expires cache header not set (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://gn.symcd.com (POST)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://gn.symcd.com (POST)
Size: 1419 bytes (DER data)
Response time: 37.756746ms
Signature algorithm: SHA1WithRSA
Signature type: CA Delegated
Signed by: GeoTrust SSL CA - G3 OCSP Responder
Issued by: GeoTrust SSL CA - G3
Signing certificate validity: 2017-05-02 - 2017-07-31
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 151h37m9s

Server and network information

Server Software: nginx/1.10.2
Content Delivery Network (CDN): Akamai
Cache Information: TCP_MISS from a23-215-131-86.deploy.akamaitechnologies.com (AkamaiGHost/8.3.4.1.1-20063003) (-)

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFEwTzBNMEswSTAJBgUrDgMCGgUABBSxiwsBl1MHLHQ30p2z4Y2jbM5X4AQU0m/3
lvSFP3I8MH0j2oV4m6N8WnwCED+rXqAwWBVAvb3r8g2uHqg=
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIFhwoBAKCCBYAwggV8BgkrBgEFBQcwAQEEggVtMIIFaTCBnqIWBBQU8I5Qu9pg
++ZHgjOXQ5ccxq3WiBgPMjAxNzA1MjgxMTQ1NDNaMHMwcTBJMAkGBSsOAwIaBQAE
FLGLCwGXUwcsdDfSnbPhjaNszlfgBBTSb/eW9IU/cjwwfSPahXibo3xafAIQP6te
oDBYFUC9vevyDa4eqIAAGA8yMDE3MDUyODExNDU0M1qgERgPMjAxNzA2MDQxMTQ1
NDNaMA0GCSqGSIb3DQEBBQUAA4IBAQC075U0zEqH0kBj80ZLVApOU/yW76rcgDY4
/eh7d/SlK2u3ikCdSrpJ7RwsOSguVXLkEiE7vucJ+WwgprFG2idt1pU5GJ10iYUu
QcJZuRdxsizHmmlxxxUO70MxuSJjOQFxO/NrdLxo0FDNMaTxc7OjbgcWxrqfCAMf
Jp5t1u9Q7bIYZP82l+pxoGb/W9KXoJFcb6IbzmAVnk9t+9E6b87+0tq+lKADxExF
sW36v26jfbCdoqJo1l20oGOeU3MG0sJ3C/JVdWS+m3kxxO2wBuExORmtIWVCqGBT
a2E/kGppkVJ/eihye+GR1uaDXDcGmigD5P1WJZXJ3rCVv4HwFaypoIIDsDCCA6ww
ggOoMIICkKADAgECAhB48LocgSzY/9eiDY7BI1K7MA0GCSqGSIb3DQEBCwUAMEQx
CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMR0wGwYDVQQDExRH
ZW9UcnVzdCBTU0wgQ0EgLSBHMzAeFw0xNzA1MDIwMDAwMDBaFw0xNzA3MzEyMzU5
NTlaMC4xLDAqBgNVBAMTI0dlb1RydXN0IFNTTCBDQSAtIEczIE9DU1AgUmVzcG9u
ZGVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxPSC5kgEOxoXqDUt
zmtNmxG2NF4D0HSgclvHtesT9GTRrvCvAycsoXtpQhIUFDC3Gvq6/+0tfkHt/XuA
jajx8oZWv4MLrOBx8e3ovilGe7EcKu9rgR2yS+OJ4ZFlUKzqSEEMt2oMmUeg5DCY
5WcCvMv5Z7KWjM+1n3pMc44NQsZx73grycl6UBTf6t/3xNIxwYL2vizSu1c9ZAg8
Np3Aa8MgPDc+PWridtNCrRGVYmfol2bTM1VIr2CIwFvrlcEUbYFT2YzoprJoaH2M
T454oz8m/aIjfx/3rNcksAN0sP9em6FecgGVwPL2mJFE0hbeSnsGLffv675f+gT0
8O47CwIDAQABo4GrMIGoMA8GCSsGAQUFBzABBQQCBQAwIgYDVR0RBBswGaQXMBUx
EzARBgNVBAMTClRHVi1FLTEwMzgwHwYDVR0jBBgwFoAU0m/3lvSFP3I8MH0j2oV4
m6N8WnwwHQYDVR0OBBYEFBTwjlC72mD75keCM5dDlxzGrdaIMAwGA1UdEwEB/wQC
MAAwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDgYDVR0PAQH/BAQDAgeAMA0GCSqGSIb3
DQEBCwUAA4IBAQAsBP4yieudvxKbbD7iHXW8P3tBC6ns0L2usnW+8AvHm+dL+doE
AWpNlfalIHxdrx0J1jFxqQJIPgwlyuJ7TuFX0HZ0zwhXcwwJpjPhfwYi1eMaopFS
K1xnicPGJk87QdgvFol/IfM8bC/t83b7lovJw+JPmzWePoweSd8+m4jz+s250fzf
ds3zX/VFaNk+YBXyN0QCX3S/zCqeJa6CI6ZJ6pAe8wlEKPR4YXwJUxUbk1tG2Vnf
n4v0EtHG1pXfPzuRfn9Y0kSz7KHzovs/CXFM0jNSaaYfky5FDkATlSCi0k1HAVNk
8uf2Ct7dIkY9GI/TQY4GEBfe5jr5yAwSq0WD
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIDqDCCApCgAwIBAgIQePC6HIEs2P/Xog2OwSNSuzANBgkqhkiG9w0BAQsFADBE
MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEdMBsGA1UEAxMU
R2VvVHJ1c3QgU1NMIENBIC0gRzMwHhcNMTcwNTAyMDAwMDAwWhcNMTcwNzMxMjM1
OTU5WjAuMSwwKgYDVQQDEyNHZW9UcnVzdCBTU0wgQ0EgLSBHMyBPQ1NQIFJlc3Bv
bmRlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMT0guZIBDsaF6g1
Lc5rTZsRtjReA9B0oHJbx7XrE/Rk0a7wrwMnLKF7aUISFBQwtxr6uv/tLX5B7f17
gI2o8fKGVr+DC6zgcfHt6L4pRnuxHCrva4EdskvjieGRZVCs6khBDLdqDJlHoOQw
mOVnArzL+WeylozPtZ96THOODULGce94K8nJelAU3+rf98TSMcGC9r4s0rtXPWQI
PDadwGvDIDw3Pj1q4nbTQq0RlWJn6Jdm0zNVSK9giMBb65XBFG2BU9mM6KayaGh9
jE+OeKM/Jv2iI38f96zXJLADdLD/XpuhXnIBlcDy9piRRNIW3kp7Bi337+u+X/oE
9PDuOwsCAwEAAaOBqzCBqDAPBgkrBgEFBQcwAQUEAgUAMCIGA1UdEQQbMBmkFzAV
MRMwEQYDVQQDEwpUR1YtRS0xMDM4MB8GA1UdIwQYMBaAFNJv95b0hT9yPDB9I9qF
eJujfFp8MB0GA1UdDgQWBBQU8I5Qu9pg++ZHgjOXQ5ccxq3WiDAMBgNVHRMBAf8E
AjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA4GA1UdDwEB/wQEAwIHgDANBgkqhkiG
9w0BAQsFAAOCAQEALAT+Monrnb8Sm2w+4h11vD97QQup7NC9rrJ1vvALx5vnS/na
BAFqTZX2pSB8Xa8dCdYxcakCSD4MJcrie07hV9B2dM8IV3MMCaYz4X8GItXjGqKR
UitcZ4nDxiZPO0HYLxaJfyHzPGwv7fN2+5aLycPiT5s1nj6MHknfPpuI8/rNudH8
33bN81/1RWjZPmAV8jdEAl90v8wqniWugiOmSeqQHvMJRCj0eGF8CVMVG5NbRtlZ
35+L9BLRxtaV3z87kX5/WNJEs+yh86L7PwlxTNIzUmmmH5MuRQ5AE5UgotJNRwFT
ZPLn9gre3SJGPRiP00GOBhAX3uY6+cgMEqtFgw==
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [max-age=545829, public, no-transform, must-revalidate]
Content-Length: [1419]
Content-Transfer-Encoding: [binary]
Content-Type: [application/ocsp-response]
Date: [Mon, 29 May 2017 04:08:34 GMT]
Expires: [Sun, 4 Jun 2017 11:45:43 GMT]
Last-Modified: [Sun, 28 May 2017 11:45:43 GMT]
Server: [nginx/1.10.2]
X-Cache: [TCP_MISS from a23-215-131-86.deploy.akamaitechnologies.com (AkamaiGHost/8.3.4.1.1-20063003) (-)]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • OCSP response is valid for at least 8 hours (Microsoft)
  • OCSP response is available at least 8 hours before the current period expires or at ½ the validity if valid for more than 16 hours (Microsoft)
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)
This OCSP response was cached at
http://gn.symcd.com (GET)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://gn.symcd.com (GET)
Size: 1419 bytes (DER data)
Response time: 78.699407ms
Signature algorithm: SHA1WithRSA
Signature type: CA Delegated
Signed by: GeoTrust SSL CA - G3 OCSP Responder
Issued by: GeoTrust SSL CA - G3
Signing certificate validity: 2017-05-02 - 2017-07-31
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 151h37m9s

Server and network information

Server Software: nginx/1.10.2
Content Delivery Network (CDN): Akamai
Cache Information: TCP_MISS from a23-215-131-68.deploy.akamaitechnologies.com (AkamaiGHost/8.3.4.1.1-20063003) (-)

URL used for GET request

http://gn.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSxiwsBl1MHLHQ30p2z4Y2jbM5X4AQU0m%2F3lvSFP3I8MH0j2oV4m6N8WnwCED%2BrXqAwWBVAvb3r8g2uHqg%3D

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFEwTzBNMEswSTAJBgUrDgMCGgUABBSxiwsBl1MHLHQ30p2z4Y2jbM5X4AQU0m/3
lvSFP3I8MH0j2oV4m6N8WnwCED+rXqAwWBVAvb3r8g2uHqg=
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIFhwoBAKCCBYAwggV8BgkrBgEFBQcwAQEEggVtMIIFaTCBnqIWBBQU8I5Qu9pg
++ZHgjOXQ5ccxq3WiBgPMjAxNzA1MjgxMTQ1NDNaMHMwcTBJMAkGBSsOAwIaBQAE
FLGLCwGXUwcsdDfSnbPhjaNszlfgBBTSb/eW9IU/cjwwfSPahXibo3xafAIQP6te
oDBYFUC9vevyDa4eqIAAGA8yMDE3MDUyODExNDU0M1qgERgPMjAxNzA2MDQxMTQ1
NDNaMA0GCSqGSIb3DQEBBQUAA4IBAQC075U0zEqH0kBj80ZLVApOU/yW76rcgDY4
/eh7d/SlK2u3ikCdSrpJ7RwsOSguVXLkEiE7vucJ+WwgprFG2idt1pU5GJ10iYUu
QcJZuRdxsizHmmlxxxUO70MxuSJjOQFxO/NrdLxo0FDNMaTxc7OjbgcWxrqfCAMf
Jp5t1u9Q7bIYZP82l+pxoGb/W9KXoJFcb6IbzmAVnk9t+9E6b87+0tq+lKADxExF
sW36v26jfbCdoqJo1l20oGOeU3MG0sJ3C/JVdWS+m3kxxO2wBuExORmtIWVCqGBT
a2E/kGppkVJ/eihye+GR1uaDXDcGmigD5P1WJZXJ3rCVv4HwFaypoIIDsDCCA6ww
ggOoMIICkKADAgECAhB48LocgSzY/9eiDY7BI1K7MA0GCSqGSIb3DQEBCwUAMEQx
CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMR0wGwYDVQQDExRH
ZW9UcnVzdCBTU0wgQ0EgLSBHMzAeFw0xNzA1MDIwMDAwMDBaFw0xNzA3MzEyMzU5
NTlaMC4xLDAqBgNVBAMTI0dlb1RydXN0IFNTTCBDQSAtIEczIE9DU1AgUmVzcG9u
ZGVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxPSC5kgEOxoXqDUt
zmtNmxG2NF4D0HSgclvHtesT9GTRrvCvAycsoXtpQhIUFDC3Gvq6/+0tfkHt/XuA
jajx8oZWv4MLrOBx8e3ovilGe7EcKu9rgR2yS+OJ4ZFlUKzqSEEMt2oMmUeg5DCY
5WcCvMv5Z7KWjM+1n3pMc44NQsZx73grycl6UBTf6t/3xNIxwYL2vizSu1c9ZAg8
Np3Aa8MgPDc+PWridtNCrRGVYmfol2bTM1VIr2CIwFvrlcEUbYFT2YzoprJoaH2M
T454oz8m/aIjfx/3rNcksAN0sP9em6FecgGVwPL2mJFE0hbeSnsGLffv675f+gT0
8O47CwIDAQABo4GrMIGoMA8GCSsGAQUFBzABBQQCBQAwIgYDVR0RBBswGaQXMBUx
EzARBgNVBAMTClRHVi1FLTEwMzgwHwYDVR0jBBgwFoAU0m/3lvSFP3I8MH0j2oV4
m6N8WnwwHQYDVR0OBBYEFBTwjlC72mD75keCM5dDlxzGrdaIMAwGA1UdEwEB/wQC
MAAwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDgYDVR0PAQH/BAQDAgeAMA0GCSqGSIb3
DQEBCwUAA4IBAQAsBP4yieudvxKbbD7iHXW8P3tBC6ns0L2usnW+8AvHm+dL+doE
AWpNlfalIHxdrx0J1jFxqQJIPgwlyuJ7TuFX0HZ0zwhXcwwJpjPhfwYi1eMaopFS
K1xnicPGJk87QdgvFol/IfM8bC/t83b7lovJw+JPmzWePoweSd8+m4jz+s250fzf
ds3zX/VFaNk+YBXyN0QCX3S/zCqeJa6CI6ZJ6pAe8wlEKPR4YXwJUxUbk1tG2Vnf
n4v0EtHG1pXfPzuRfn9Y0kSz7KHzovs/CXFM0jNSaaYfky5FDkATlSCi0k1HAVNk
8uf2Ct7dIkY9GI/TQY4GEBfe5jr5yAwSq0WD
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIDqDCCApCgAwIBAgIQePC6HIEs2P/Xog2OwSNSuzANBgkqhkiG9w0BAQsFADBE
MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEdMBsGA1UEAxMU
R2VvVHJ1c3QgU1NMIENBIC0gRzMwHhcNMTcwNTAyMDAwMDAwWhcNMTcwNzMxMjM1
OTU5WjAuMSwwKgYDVQQDEyNHZW9UcnVzdCBTU0wgQ0EgLSBHMyBPQ1NQIFJlc3Bv
bmRlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMT0guZIBDsaF6g1
Lc5rTZsRtjReA9B0oHJbx7XrE/Rk0a7wrwMnLKF7aUISFBQwtxr6uv/tLX5B7f17
gI2o8fKGVr+DC6zgcfHt6L4pRnuxHCrva4EdskvjieGRZVCs6khBDLdqDJlHoOQw
mOVnArzL+WeylozPtZ96THOODULGce94K8nJelAU3+rf98TSMcGC9r4s0rtXPWQI
PDadwGvDIDw3Pj1q4nbTQq0RlWJn6Jdm0zNVSK9giMBb65XBFG2BU9mM6KayaGh9
jE+OeKM/Jv2iI38f96zXJLADdLD/XpuhXnIBlcDy9piRRNIW3kp7Bi337+u+X/oE
9PDuOwsCAwEAAaOBqzCBqDAPBgkrBgEFBQcwAQUEAgUAMCIGA1UdEQQbMBmkFzAV
MRMwEQYDVQQDEwpUR1YtRS0xMDM4MB8GA1UdIwQYMBaAFNJv95b0hT9yPDB9I9qF
eJujfFp8MB0GA1UdDgQWBBQU8I5Qu9pg++ZHgjOXQ5ccxq3WiDAMBgNVHRMBAf8E
AjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA4GA1UdDwEB/wQEAwIHgDANBgkqhkiG
9w0BAQsFAAOCAQEALAT+Monrnb8Sm2w+4h11vD97QQup7NC9rrJ1vvALx5vnS/na
BAFqTZX2pSB8Xa8dCdYxcakCSD4MJcrie07hV9B2dM8IV3MMCaYz4X8GItXjGqKR
UitcZ4nDxiZPO0HYLxaJfyHzPGwv7fN2+5aLycPiT5s1nj6MHknfPpuI8/rNudH8
33bN81/1RWjZPmAV8jdEAl90v8wqniWugiOmSeqQHvMJRCj0eGF8CVMVG5NbRtlZ
35+L9BLRxtaV3z87kX5/WNJEs+yh86L7PwlxTNIzUmmmH5MuRQ5AE5UgotJNRwFT
ZPLn9gre3SJGPRiP00GOBhAX3uY6+cgMEqtFgw==
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [max-age=545829, public, no-transform, must-revalidate]
Content-Length: [1419]
Content-Transfer-Encoding: [binary]
Content-Type: [application/ocsp-response]
Date: [Mon, 29 May 2017 04:08:34 GMT]
Expires: [Sun, 4 Jun 2017 11:45:43 GMT]
Last-Modified: [Sun, 28 May 2017 11:45:43 GMT]
Server: [nginx/1.10.2]
X-Cache: [TCP_MISS from a23-215-131-68.deploy.akamaitechnologies.com (AkamaiGHost/8.3.4.1.1-20063003) (-)]
  • OCSP requests is smaller than 255 bytes
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • OCSP response is valid for at least 8 hours (Microsoft)
  • OCSP response is available at least 8 hours before the current period expires or at ½ the validity if valid for more than 16 hours (Microsoft)
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

GeoTrust SSL CA - G3 (CA Certificate)

Certificate details for GeoTrust SSL CA - G3 (At position 1 in certificate chain)
Serial number:
hex: 23a6f
int: 146031
Issued by: GeoTrust Global CA
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: GeoTrust Inc.
Country: US
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

Certificate Revocation List (CRL)

This CRL was cached at
http://g1.symcb.com/crls/gtglobal.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://g1.symcb.com/crls/gtglobal.crl
Size: 665 bytes (DER data)
Response time: 6.067797ms
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 12

Relevant server response headers

Date:
Last Modified:

Server and network information

Server Software: Apache
Content Delivery Network (CDN): Akamai
Cache Information: TCP_MEM_HIT from a23-215-131-111.deploy.akamaitechnologies.com (AkamaiGHost/8.3.4.1.1-20063003) (-)

Raw CRL response headers

Accept-Ranges: [bytes]
Content-Type: [application/pkix-crl]
Date: [Tue, 30 May 2017 05:28:18 GMT]
Etag: ["ca736a3a4c64c88b82602fe64aa4182d:1490382195"]
Last-Modified: [Fri, 24 Mar 2017 18:49:54 GMT]
Server: [Apache]
Vary: [Accept-Encoding]
X-Cache: [TCP_MEM_HIT from a23-215-131-111.deploy.akamaitechnologies.com (AkamaiGHost/8.3.4.1.1-20063003) (-)]
  • Content-Type in response is set to 'application/pkix-crl (RFC 5280, section 4.2.1.13)'
  • This CRL file is DER encoded
  • Issuer field is byte-for-byte equivalent with issuers subject
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is not the same as ThisUpdate (RFC 5019, section 6.2)
  • Expires cache header not set (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://g2.symcb.com (GET)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://g2.symcb.com (GET)
Size: 1377 bytes (DER data)
Response time: 20.084195ms
Signature algorithm: SHA1WithRSA
Signature type: CA Delegated
Signed by: GeoTrust Global CA TGV OCSP Responder 5
Issued by: GeoTrust Global CA
Signing certificate validity: 2016-12-08 - 2017-12-14
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 126h20m21s

Server and network information

Server Software: nginx/1.10.2
Content Delivery Network (CDN): Akamai
Cache Information: TCP_MEM_HIT from a23-215-131-86.deploy.akamaitechnologies.com (AkamaiGHost/8.3.4.1.1-20063003) (-)

URL used for GET request

http://g2.symcb.com/MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkqw0GRtsnCuD5V8sCXEROgByACAwI6bw%3D%3D

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkq
w0GRtsnCuD5V8sCXEROgByACAwI6bw==
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIFXQoBAKCCBVYwggVSBgkrBgEFBQcwAQEEggVDMIIFPzCBkaIWBBRW5FQnU+as
qXGB3YYiHprkenLEKhgPMjAxNzA1MjgxMTQxMjNaMGYwZDA8MAkGBSsOAwIaBQAE
FLG0OReQFreXeVAR8WC51KI82+3uBBQA+SrDQZG2ycK4PlXywJcRE6AHIAIDAjpv
gAAYDzIwMTcwNTI4MTE0MTIzWqARGA8yMDE3MDYwNDExNDEyM1owDQYJKoZIhvcN
AQEFBQADggEBAGIOPGacQpAMutAm5CxuxcsosZ2GiaHKFHaifmijoIf70PxOhfCl
MafNAu4YYTnMKexuaPB7thbUrViU1Se9z5zTqCJ0rL7m7NRFaOtd+I2Z16h8xlc/
3gphqFLTJHqOyJvVOTktyji6hyftG8diDwRnqqJ1Af4oFIKHodUw96FoCZLOK4Sm
dXvVZCH/IPBEJZapaOO9i1VnGGlm4NiXoF/60DQfmfOQtQX+8moSXUDJl9o2ek6j
S1Hc1zkvrsF5bpSSOk/zZbKV80bkH0o9PrCDOa1iDtM9EFDmkSI5bsQznhJyXPZe
klori8H3G1wAEYZkw2VU1M8ViVcrtMikYD6gggOTMIIDjzCCA4swggJzoAMCAQIC
EAEAAI8cK5YV9Xm5GF4OwmcwDQYJKoZIhvcNAQELBQAwQjELMAkGA1UEBhMCVVMx
FjAUBgNVBAoTDUdlb1RydXN0IEluYy4xGzAZBgNVBAMTEkdlb1RydXN0IEdsb2Jh
bCBDQTAeFw0xNjEyMDgxMTI1MzVaFw0xNzEyMTQxMTI1MzVaMDIxMDAuBgNVBAMT
J0dlb1RydXN0IEdsb2JhbCBDQSBUR1YgT0NTUCBSZXNwb25kZXIgNTCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBAKbsx72ex4lTCJDy3iHAy47zLOB03z8E
ucSDZIQMjk1A5aZfqz0MU5HHLOsi76EQo6uYR2R2rl9jgQ1EMbe0TidFyTrhse63
rmEyzQusz7sEjnsvckT7K/9j6DLmlFB/6oEhAgwfCONYbrDOfQHBCtd7e+x6STm0
WeKCF4/QqS+C5ZTUEzsNjhcAqeAMZnWEoyyJ6OpCiF9vDblCGa9nlh3SwW+nxKTq
qqiMlz9ZXN8//IHrectIKszEXXlpvtr4wJAz0KrUDfENqEbKNouP0fv1Ueno5Z7t
ue3CnHtCF+QxOQXDS3rKrQJcesKMrFC9+M5frbQuLSGz9ee/xCfnWW0CAwEAAaOB
jDCBiTAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1luMrMTjAPBgkrBgEFBQcw
AQUEAgUAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA4GA1UdDwEB/wQEAwIHgDAMBgNV
HRMBAf8EAjAAMCIGA1UdEQQbMBmkFzAVMRMwEQYDVQQDEwpUR1YtT0ZGLTU3MA0G
CSqGSIb3DQEBCwUAA4IBAQAEbWTM2eKR1XlWe9ui17q87Hk6NYXKQGwj/ss1ue8Q
1cnoA2/Mo1gG1Q/8LHJ97vK5yw65afq8M5mPbxdl/57jZTUF1kDmgEgvUde3O+h2
ZLIHPx1q2W2WDLT2ltYvaHaNr0Hnkb8MCQ27Z728Fsn5+Ilh/bDoA+NHEqlcfycq
oGKksT60iqnogUz/WZNUbzzBQD6NlpomMZUTOcF3/5L3Fe1OKkF1nGXW2QTW/mLZ
5Eviy4ZQTzQ34koPA5qC1nsWQ1zOE57jR8IJMC+mYQdFb71gehA8O0lB7fL6Kysj
zycnBkNHgJ9LQDd67gQ30FxfmbAnHV1xxWakX8lXTvIf
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIDizCCAnOgAwIBAgIQAQAAjxwrlhX1ebkYXg7CZzANBgkqhkiG9w0BAQsFADBC
MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMS
R2VvVHJ1c3QgR2xvYmFsIENBMB4XDTE2MTIwODExMjUzNVoXDTE3MTIxNDExMjUz
NVowMjEwMC4GA1UEAxMnR2VvVHJ1c3QgR2xvYmFsIENBIFRHViBPQ1NQIFJlc3Bv
bmRlciA1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApuzHvZ7HiVMI
kPLeIcDLjvMs4HTfPwS5xINkhAyOTUDlpl+rPQxTkccs6yLvoRCjq5hHZHauX2OB
DUQxt7ROJ0XJOuGx7reuYTLNC6zPuwSOey9yRPsr/2PoMuaUUH/qgSECDB8I41hu
sM59AcEK13t77HpJObRZ4oIXj9CpL4LllNQTOw2OFwCp4AxmdYSjLIno6kKIX28N
uUIZr2eWHdLBb6fEpOqqqIyXP1lc3z/8get5y0gqzMRdeWm+2vjAkDPQqtQN8Q2o
Rso2i4/R+/VR6ejlnu257cKce0IX5DE5BcNLesqtAlx6woysUL34zl+ttC4tIbP1
57/EJ+dZbQIDAQABo4GMMIGJMB8GA1UdIwQYMBaAFMB6mGiNifurBWQMEX2qfWW4
ysxOMA8GCSsGAQUFBzABBQQCBQAwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDgYDVR0P
AQH/BAQDAgeAMAwGA1UdEwEB/wQCMAAwIgYDVR0RBBswGaQXMBUxEzARBgNVBAMT
ClRHVi1PRkYtNTcwDQYJKoZIhvcNAQELBQADggEBAARtZMzZ4pHVeVZ726LXurzs
eTo1hcpAbCP+yzW57xDVyegDb8yjWAbVD/wscn3u8rnLDrlp+rwzmY9vF2X/nuNl
NQXWQOaASC9R17c76HZksgc/HWrZbZYMtPaW1i9odo2vQeeRvwwJDbtnvbwWyfn4
iWH9sOgD40cSqVx/JyqgYqSxPrSKqeiBTP9Zk1RvPMFAPo2WmiYxlRM5wXf/kvcV
7U4qQXWcZdbZBNb+YtnkS+LLhlBPNDfiSg8DmoLWexZDXM4TnuNHwgkwL6ZhB0Vv
vWB6EDw7SUHt8vorKyPPJycGQ0eAn0tAN3ruBDfQXF+ZsCcdXXHFZqRfyVdO8h8=
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [max-age=454821, public, no-transform, must-revalidate]
Content-Length: [1377]
Content-Transfer-Encoding: [binary]
Content-Type: [application/ocsp-response]
Date: [Tue, 30 May 2017 05:25:01 GMT]
Expires: [Sun, 4 Jun 2017 11:41:23 GMT]
Last-Modified: [Sun, 28 May 2017 11:41:23 GMT]
Server: [nginx/1.10.2]
X-Cache: [TCP_MEM_HIT from a23-215-131-86.deploy.akamaitechnologies.com (AkamaiGHost/8.3.4.1.1-20063003) (-)]
  • OCSP requests is smaller than 255 bytes
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header outlives NextUpdate with 3m59s
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)
This OCSP response was cached at
http://g2.symcb.com (POST)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://g2.symcb.com (POST)
Size: 1377 bytes (DER data)
Response time: 95.880952ms
Signature algorithm: SHA1WithRSA
Signature type: CA Delegated
Signed by: GeoTrust Global CA TGV OCSP Responder 5
Issued by: GeoTrust Global CA
Signing certificate validity: 2016-12-08 - 2017-12-14
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 126h16m22s

Server and network information

Server Software: nginx/1.10.2
Content Delivery Network (CDN): Akamai
Cache Information: TCP_REFRESH_MISS from a23-215-131-68.deploy.akamaitechnologies.com (AkamaiGHost/8.3.4.1.1-20063003) (S)

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkq
w0GRtsnCuD5V8sCXEROgByACAwI6bw==
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIFXQoBAKCCBVYwggVSBgkrBgEFBQcwAQEEggVDMIIFPzCBkaIWBBRW5FQnU+as
qXGB3YYiHprkenLEKhgPMjAxNzA1MjgxMTQxMjNaMGYwZDA8MAkGBSsOAwIaBQAE
FLG0OReQFreXeVAR8WC51KI82+3uBBQA+SrDQZG2ycK4PlXywJcRE6AHIAIDAjpv
gAAYDzIwMTcwNTI4MTE0MTIzWqARGA8yMDE3MDYwNDExNDEyM1owDQYJKoZIhvcN
AQEFBQADggEBAGIOPGacQpAMutAm5CxuxcsosZ2GiaHKFHaifmijoIf70PxOhfCl
MafNAu4YYTnMKexuaPB7thbUrViU1Se9z5zTqCJ0rL7m7NRFaOtd+I2Z16h8xlc/
3gphqFLTJHqOyJvVOTktyji6hyftG8diDwRnqqJ1Af4oFIKHodUw96FoCZLOK4Sm
dXvVZCH/IPBEJZapaOO9i1VnGGlm4NiXoF/60DQfmfOQtQX+8moSXUDJl9o2ek6j
S1Hc1zkvrsF5bpSSOk/zZbKV80bkH0o9PrCDOa1iDtM9EFDmkSI5bsQznhJyXPZe
klori8H3G1wAEYZkw2VU1M8ViVcrtMikYD6gggOTMIIDjzCCA4swggJzoAMCAQIC
EAEAAI8cK5YV9Xm5GF4OwmcwDQYJKoZIhvcNAQELBQAwQjELMAkGA1UEBhMCVVMx
FjAUBgNVBAoTDUdlb1RydXN0IEluYy4xGzAZBgNVBAMTEkdlb1RydXN0IEdsb2Jh
bCBDQTAeFw0xNjEyMDgxMTI1MzVaFw0xNzEyMTQxMTI1MzVaMDIxMDAuBgNVBAMT
J0dlb1RydXN0IEdsb2JhbCBDQSBUR1YgT0NTUCBSZXNwb25kZXIgNTCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBAKbsx72ex4lTCJDy3iHAy47zLOB03z8E
ucSDZIQMjk1A5aZfqz0MU5HHLOsi76EQo6uYR2R2rl9jgQ1EMbe0TidFyTrhse63
rmEyzQusz7sEjnsvckT7K/9j6DLmlFB/6oEhAgwfCONYbrDOfQHBCtd7e+x6STm0
WeKCF4/QqS+C5ZTUEzsNjhcAqeAMZnWEoyyJ6OpCiF9vDblCGa9nlh3SwW+nxKTq
qqiMlz9ZXN8//IHrectIKszEXXlpvtr4wJAz0KrUDfENqEbKNouP0fv1Ueno5Z7t
ue3CnHtCF+QxOQXDS3rKrQJcesKMrFC9+M5frbQuLSGz9ee/xCfnWW0CAwEAAaOB
jDCBiTAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1luMrMTjAPBgkrBgEFBQcw
AQUEAgUAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA4GA1UdDwEB/wQEAwIHgDAMBgNV
HRMBAf8EAjAAMCIGA1UdEQQbMBmkFzAVMRMwEQYDVQQDEwpUR1YtT0ZGLTU3MA0G
CSqGSIb3DQEBCwUAA4IBAQAEbWTM2eKR1XlWe9ui17q87Hk6NYXKQGwj/ss1ue8Q
1cnoA2/Mo1gG1Q/8LHJ97vK5yw65afq8M5mPbxdl/57jZTUF1kDmgEgvUde3O+h2
ZLIHPx1q2W2WDLT2ltYvaHaNr0Hnkb8MCQ27Z728Fsn5+Ilh/bDoA+NHEqlcfycq
oGKksT60iqnogUz/WZNUbzzBQD6NlpomMZUTOcF3/5L3Fe1OKkF1nGXW2QTW/mLZ
5Eviy4ZQTzQ34koPA5qC1nsWQ1zOE57jR8IJMC+mYQdFb71gehA8O0lB7fL6Kysj
zycnBkNHgJ9LQDd67gQ30FxfmbAnHV1xxWakX8lXTvIf
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIDizCCAnOgAwIBAgIQAQAAjxwrlhX1ebkYXg7CZzANBgkqhkiG9w0BAQsFADBC
MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMS
R2VvVHJ1c3QgR2xvYmFsIENBMB4XDTE2MTIwODExMjUzNVoXDTE3MTIxNDExMjUz
NVowMjEwMC4GA1UEAxMnR2VvVHJ1c3QgR2xvYmFsIENBIFRHViBPQ1NQIFJlc3Bv
bmRlciA1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApuzHvZ7HiVMI
kPLeIcDLjvMs4HTfPwS5xINkhAyOTUDlpl+rPQxTkccs6yLvoRCjq5hHZHauX2OB
DUQxt7ROJ0XJOuGx7reuYTLNC6zPuwSOey9yRPsr/2PoMuaUUH/qgSECDB8I41hu
sM59AcEK13t77HpJObRZ4oIXj9CpL4LllNQTOw2OFwCp4AxmdYSjLIno6kKIX28N
uUIZr2eWHdLBb6fEpOqqqIyXP1lc3z/8get5y0gqzMRdeWm+2vjAkDPQqtQN8Q2o
Rso2i4/R+/VR6ejlnu257cKce0IX5DE5BcNLesqtAlx6woysUL34zl+ttC4tIbP1
57/EJ+dZbQIDAQABo4GMMIGJMB8GA1UdIwQYMBaAFMB6mGiNifurBWQMEX2qfWW4
ysxOMA8GCSsGAQUFBzABBQQCBQAwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDgYDVR0P
AQH/BAQDAgeAMAwGA1UdEwEB/wQCMAAwIgYDVR0RBBswGaQXMBUxEzARBgNVBAMT
ClRHVi1PRkYtNTcwDQYJKoZIhvcNAQELBQADggEBAARtZMzZ4pHVeVZ726LXurzs
eTo1hcpAbCP+yzW57xDVyegDb8yjWAbVD/wscn3u8rnLDrlp+rwzmY9vF2X/nuNl
NQXWQOaASC9R17c76HZksgc/HWrZbZYMtPaW1i9odo2vQeeRvwwJDbtnvbwWyfn4
iWH9sOgD40cSqVx/JyqgYqSxPrSKqeiBTP9Zk1RvPMFAPo2WmiYxlRM5wXf/kvcV
7U4qQXWcZdbZBNb+YtnkS+LLhlBPNDfiSg8DmoLWexZDXM4TnuNHwgkwL6ZhB0Vv
vWB6EDw7SUHt8vorKyPPJycGQ0eAn0tAN3ruBDfQXF+ZsCcdXXHFZqRfyVdO8h8=
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [max-age=454582, public, no-transform, must-revalidate]
Content-Length: [1377]
Content-Transfer-Encoding: [binary]
Content-Type: [application/ocsp-response]
Date: [Tue, 30 May 2017 05:25:01 GMT]
Expires: [Sun, 4 Jun 2017 11:41:23 GMT]
Last-Modified: [Sun, 28 May 2017 11:41:23 GMT]
Server: [nginx/1.10.2]
X-Cache: [TCP_REFRESH_MISS from a23-215-131-68.deploy.akamaitechnologies.com (AkamaiGHost/8.3.4.1.1-20063003) (S)]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

GeoTrust Global CA (CA Certificate)

Certificate details for GeoTrust Global CA (At position 2 in certificate chain)
Serial number:
hex: 23456
int: 144470
Issued by: GeoTrust Global CA
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: GeoTrust Inc.
Country: US
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

This is a self signed certificate

Check the revocation status for another website

Created by Paul van Brouwershaven
© 2015 - 2017 Digitorus B.V.
Revoked certificates can't and should not be trusted, these certificate will cause errors like "NET::ERR_CERT_REVOKED" in browsers.