CRL & OCSP report for 0-global.factiva.com.mercury.concordia.ca - mercury.concordia.ca (Concordia University)

mercury.concordia.ca

Certificate details for mercury.concordia.ca (At position 0 in certificate chain)
Serial number:
hex: 1afb6a65fa0560328d07b25c
int: 8350553088062490991349183068
Issued by: GlobalSign Organization Validation CA - SHA256 - G2
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: Concordia University
Organization unit: IITS
State / Province: Quebec
Locality: Montreal
Country: CA
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

Check certificate compliance for 0-global.factiva.com.mercury.concordia.ca.

Certificate Revocation List (CRL)

This CRL was cached at
http://crl.globalsign.com/gs/gsorganizationvalsha2g2.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://crl.globalsign.com/gs/gsorganizationvalsha2g2.crl
Size: 115119 bytes (DER data)
Response time: 16.728971ms
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 3487

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: cloudflare-nginx
Content Delivery Network (CDN): CloudFlare, CloudFront
Cache Information: HIT, Miss from cloudfront

Raw CRL response headers

Accept-Ranges: [bytes]
Cache-Control: [public, no-transform, must-revalidate]
Cf-Cache-Status: [HIT]
Cf-Ray: [355e914e6509473a-EWR]
Content-Length: [115119]
Content-Type: [application/pkix-crl]
Date: [Thu, 27 Apr 2017 03:06:44 GMT]
Etag: [E47D]
Expires: [Wed, 03 May 2017 04:12:14 GMT]
Last-Modified: [Wed, 26 Apr 2017 04:12:14 GMT]
Server: [cloudflare-nginx]
Set-Cookie: [__cfduid=d71abf9c06bd7b7fd328d8275e49a3ebf1493262404; expires=Fri, 27-Apr-18 03:06:44 GMT; path=/; domain=.globalsign.com; HttpOnly]
Vary: [Accept-Encoding]
Via: [1.1 591e4cd98bc438a13e141b991f9397b3.cloudfront.net (CloudFront)]
X-Amz-Cf-Id: [rNe1VEHhfBDUUDHneakWRj0WTrl8gnX1mSxRBEDW9OlYAX50cgUeag==]
X-Cache: [Miss from cloudfront]
  • Content-Type in response is set to 'application/pkix-crl (RFC 5280, section 4.2.1.13)'
  • This CRL file is DER encoded
  • Issuer field is byte-for-byte equivalent with issuers subject
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than seven days old, CRLs must be updated and reissued at least every seven days (Mozilla Maintenance Policy section 3)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://ocsp2.globalsign.com/gsorganizationvalsha2g2 (GET)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp2.globalsign.com/gsorganizationvalsha2g2 (GET)
Size: 1570 bytes (DER data)
Response time: 5.337613ms
Signature algorithm: SHA256WithRSA
Signature type: CA Deligated
Signed by: GlobalSign Organization Validation CA - SHA256 - G2 - OCSP Responder
Issued by: GlobalSign Organization Validation CA - SHA256 - G2
Signing certificate validity: 2017-02-13 - 2017-05-16
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: cloudflare-nginx
Content Delivery Network (CDN): CloudFlare
Cache Information: UPDATING

URL used for GET request

http:/gsorganizationvalsha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCDBr7amX6BWAyjQeyXA%3D%3D

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h
8b0cFilTHMDMfTuDAEDmGnwCDBr7amX6BWAyjQeyXA==
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIGHgoBAKCCBhcwggYTBgkrBgEFBQcwAQEEggYEMIIGADCBmqIWBBScTQCZAA6L
sAGBdaG68NAl16AcRxgPMjAxNzA0MjMwOTE1MDVaMG8wbTBFMAkGBSsOAwIaBQAE
FAyeTZw97e+E2JHpcsfPhAa8GXsHBBSW3mHxvRwWKVMcwMx9O4MAQOYafAIMGvtq
ZfoFYDKNB7JcgAAYDzIwMTcwNDIzMDkxNTA1WqARGA8yMDE3MDQyNzA5MTUwNVow
DQYJKoZIhvcNAQELBQADggEBACBwUmBOdeDto05/q9h4eSvWy7WerB1dYIhxr4NT
MLMkxjWO7uLOuNfi0VXC0dgjJhY7tKlSGq1SpmXpIneXAp1pIWS+9cQFYFkgilsI
t64Xh24xIIqnysbAIElXcHqk0xXlppNBs1mW4AfZgjWfk5kXew9wITZ/LfTB7hPg
81s/k5oBl6VgSCk6oW5wIiBqWBNMSSZ4Ijf6/bDl0mujS71joyiNv6vpeUeR2kja
UIVx65opgWRn1EkvZjlmrB+vNDNC/1QZOhJAUMTLbfKFMSRzukYpPn2Tof+Sh2Wm
kha21oYIk0pOh5xKaR51eZhNq8nF+8VA14qrKk48Zekl2H2gggRLMIIERzCCBEMw
ggMroAMCAQICDG/ROC7q20OpUD07RTANBgkqhkiG9w0BAQsFADBmMQswCQYDVQQG
EwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTE8MDoGA1UEAxMzR2xvYmFs
U2lnbiBPcmdhbml6YXRpb24gVmFsaWRhdGlvbiBDQSAtIFNIQTI1NiAtIEcyMB4X
DTE3MDIxMzA3MTEwM1oXDTE3MDUxNjA3MTEwM1owgY4xCzAJBgNVBAYTAkJFMRkw
FwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRUwEwYDVQQFEwwyMDE3MDIxMzE1MDUx
TTBLBgNVBAMTREdsb2JhbFNpZ24gT3JnYW5pemF0aW9uIFZhbGlkYXRpb24gQ0Eg
LSBTSEEyNTYgLSBHMiAtIE9DU1AgUmVzcG9uZGVyMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEA0kOXzzBq49lSztun694Fi9cwEyLIZagm3jYnimSW+vpf
qQoFF/U48JGqWfXOt8Evncl6f6MtaGmvaxjguf2aru1EtxS5pdX8/4PtdRcGPmgb
wbn8VDIukn4P8So7v9afdh1eoiFk7Kjq9wzK+jiDcNplpqJtZdUVlD6s7laW4aVs
Ewe7UBk2hlaBxUfl0ztYmwd/3Ln+BjEyVRYpRNFFKGxkUeoNhzY3zRBAqp0dHP3H
bPCUGUGePmzp87283fRtBdRlO9ixk4C3bvZ+kJBXYoE/ootnRdWMuJCYubNh4EtN
+UbOE4J9gXFvO1PlBBxgL9YSc5KY65Y2HPeNoUfrYQIDAQABo4HHMIHEMB0GA1Ud
DgQWBBScTQCZAA6LsAGBdaG68NAl16AcRzAfBgNVHSMEGDAWgBSW3mHxvRwWKVMc
wMx9O4MAQOYafDAPBgkrBgEFBQcwAQUEAgUAMEwGA1UdIARFMEMwQQYJKwYBBAGg
MgFfMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3Jl
cG9zaXRvcnkvMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDCTAN
BgkqhkiG9w0BAQsFAAOCAQEAfz3YGCB7BW/M3Y2KpS/7zfM7W7T+lCGf6V/p5jPm
vxbDuIoYaXvnHSLLAPhJMYqqBwEuxdwgd1yHiq0mHfMlugUMgDIJkNA0kw7MoNFm
Bf/LjVOXkCBaetmy0XH4EHtvtCDrZTFbCsn9WA0yxvlGNiTKAADkJ+6AyFsXc0Dm
rlnTl7gi+zJiEh/a8H618QjuCBrlvBXriEUO3lVf5cRZW9bDwR5i+kcnfaaXXi0O
+p0YhTq6bW+C3Bmb4qI9EPkc+RK1oIwpePTNawmliKdOU9N3r0deD8eIR/MVhsjw
zDgcMZW9en2LPNjFyAkGGPbtcXXBsfgg0vC89/8AQVE9lw==
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIEQzCCAyugAwIBAgIMb9E4LurbQ6lQPTtFMA0GCSqGSIb3DQEBCwUAMGYxCzAJ
BgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTwwOgYDVQQDEzNH
bG9iYWxTaWduIE9yZ2FuaXphdGlvbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0g
RzIwHhcNMTcwMjEzMDcxMTAzWhcNMTcwNTE2MDcxMTAzWjCBjjELMAkGA1UEBhMC
QkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExFTATBgNVBAUTDDIwMTcwMjEz
MTUwNTFNMEsGA1UEAxNER2xvYmFsU2lnbiBPcmdhbml6YXRpb24gVmFsaWRhdGlv
biBDQSAtIFNIQTI1NiAtIEcyIC0gT0NTUCBSZXNwb25kZXIwggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQDSQ5fPMGrj2VLO26fr3gWL1zATIshlqCbeNieK
ZJb6+l+pCgUX9TjwkapZ9c63wS+dyXp/oy1oaa9rGOC5/Zqu7US3FLml1fz/g+11
FwY+aBvBufxUMi6Sfg/xKju/1p92HV6iIWTsqOr3DMr6OINw2mWmom1l1RWUPqzu
VpbhpWwTB7tQGTaGVoHFR+XTO1ibB3/cuf4GMTJVFilE0UUobGRR6g2HNjfNEECq
nR0c/cds8JQZQZ4+bOnzvbzd9G0F1GU72LGTgLdu9n6QkFdigT+ii2dF1Yy4kJi5
s2HgS035Rs4Tgn2BcW87U+UEHGAv1hJzkpjrljYc942hR+thAgMBAAGjgccwgcQw
HQYDVR0OBBYEFJxNAJkADouwAYF1obrw0CXXoBxHMB8GA1UdIwQYMBaAFJbeYfG9
HBYpUxzAzH07gwBA5hp8MA8GCSsGAQUFBzABBQQCBQAwTAYDVR0gBEUwQzBBBgkr
BgEEAaAyAV8wNDAyBggrBgEFBQcCARYmaHR0cHM6Ly93d3cuZ2xvYmFsc2lnbi5j
b20vcmVwb3NpdG9yeS8wDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUF
BwMJMA0GCSqGSIb3DQEBCwUAA4IBAQB/PdgYIHsFb8zdjYqlL/vN8ztbtP6UIZ/p
X+nmM+a/FsO4ihhpe+cdIssA+EkxiqoHAS7F3CB3XIeKrSYd8yW6BQyAMgmQ0DST
Dsyg0WYF/8uNU5eQIFp62bLRcfgQe2+0IOtlMVsKyf1YDTLG+UY2JMoAAOQn7oDI
WxdzQOauWdOXuCL7MmISH9rwfrXxCO4IGuW8FeuIRQ7eVV/lxFlb1sPBHmL6Ryd9
ppdeLQ76nRiFOrptb4LcGZvioj0Q+Rz5ErWgjCl49M1rCaWIp05T03evR14Px4hH
8xWGyPDMOBwxlb16fYs82MXICQYY9u1xdcGx+CDS8Lz3/wBBUT2X
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [public, no-transform, must-revalidate]
Cf-Cache-Status: [UPDATING]
Cf-Ray: [3540bbfbb0684740-EWR]
Content-Length: [1570]
Content-Type: [application/ocsp-response]
Date: [Sun, 23 Apr 2017 12:13:00 GMT]
Etag: ["999e130941d458aa1f42aca3d01db0e92674d522"]
Expires: [Thu, 27 Apr 2017 09:15:05 GMT]
Last-Modified: [Sun, 23 Apr 2017 09:15:05 GMT]
Server: [cloudflare-nginx]
Set-Cookie: [__cfduid=d5392e8d2ef89902d5f1834dfbb9bff421492949580; expires=Mon, 23-Apr-18 12:13:00 GMT; path=/; domain=.globalsign.com; HttpOnly]
Vary: [Accept-Encoding]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)
This OCSP response was cached at
http://ocsp2.globalsign.com/gsorganizationvalsha2g2 (POST)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp2.globalsign.com/gsorganizationvalsha2g2 (POST)
Size: 1570 bytes (DER data)
Response time: 490.591143ms
Signature algorithm: SHA256WithRSA
Signature type: CA Deligated
Signed by: GlobalSign Organization Validation CA - SHA256 - G2 - OCSP Responder
Issued by: GlobalSign Organization Validation CA - SHA256 - G2
Signing certificate validity: 2017-02-13 - 2017-05-16
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: cloudflare-nginx
Content Delivery Network (CDN): CloudFlare
Cache Information: EXPIRED

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h
8b0cFilTHMDMfTuDAEDmGnwCDBr7amX6BWAyjQeyXA==
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIGHgoBAKCCBhcwggYTBgkrBgEFBQcwAQEEggYEMIIGADCBmqIWBBScTQCZAA6L
sAGBdaG68NAl16AcRxgPMjAxNzA0MjMxMTU5MjJaMG8wbTBFMAkGBSsOAwIaBQAE
FAyeTZw97e+E2JHpcsfPhAa8GXsHBBSW3mHxvRwWKVMcwMx9O4MAQOYafAIMGvtq
ZfoFYDKNB7JcgAAYDzIwMTcwNDIzMTE1OTIyWqARGA8yMDE3MDQyNzExNTkyMlow
DQYJKoZIhvcNAQELBQADggEBAIgOmhriRdQcvL5WD3XxCOX4oPD38CYfr3jFv2ZE
Nh92DRevOBBc6qyvwOaVIcITp0p3UUKOnYQJhkEd5py87LEecKVMZ4UAufFdsbto
VmD5A27WJOGXcIuqlCynJnsBd3EcWW7WOr3pverCB4+Bh8ZDZGKI36xXGdttBuph
0F0rO3iK1qr1EEN9hDjkiunz9clSoVwXfiACrq4jzcPBWDyQPH5mysqgHAY4lWYJ
CqTA/uDgwASMH2rkPHFT7zoPbbbj9Z3hqos+TxlL1JmsjqD+9G7cuVSPF7DV1pT9
Vs+Kz5HmLxzAIZgOCF7re1UlNf9eImjupWWC1G1Os6Xvcy6gggRLMIIERzCCBEMw
ggMroAMCAQICDG/ROC7q20OpUD07RTANBgkqhkiG9w0BAQsFADBmMQswCQYDVQQG
EwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTE8MDoGA1UEAxMzR2xvYmFs
U2lnbiBPcmdhbml6YXRpb24gVmFsaWRhdGlvbiBDQSAtIFNIQTI1NiAtIEcyMB4X
DTE3MDIxMzA3MTEwM1oXDTE3MDUxNjA3MTEwM1owgY4xCzAJBgNVBAYTAkJFMRkw
FwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRUwEwYDVQQFEwwyMDE3MDIxMzE1MDUx
TTBLBgNVBAMTREdsb2JhbFNpZ24gT3JnYW5pemF0aW9uIFZhbGlkYXRpb24gQ0Eg
LSBTSEEyNTYgLSBHMiAtIE9DU1AgUmVzcG9uZGVyMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEA0kOXzzBq49lSztun694Fi9cwEyLIZagm3jYnimSW+vpf
qQoFF/U48JGqWfXOt8Evncl6f6MtaGmvaxjguf2aru1EtxS5pdX8/4PtdRcGPmgb
wbn8VDIukn4P8So7v9afdh1eoiFk7Kjq9wzK+jiDcNplpqJtZdUVlD6s7laW4aVs
Ewe7UBk2hlaBxUfl0ztYmwd/3Ln+BjEyVRYpRNFFKGxkUeoNhzY3zRBAqp0dHP3H
bPCUGUGePmzp87283fRtBdRlO9ixk4C3bvZ+kJBXYoE/ootnRdWMuJCYubNh4EtN
+UbOE4J9gXFvO1PlBBxgL9YSc5KY65Y2HPeNoUfrYQIDAQABo4HHMIHEMB0GA1Ud
DgQWBBScTQCZAA6LsAGBdaG68NAl16AcRzAfBgNVHSMEGDAWgBSW3mHxvRwWKVMc
wMx9O4MAQOYafDAPBgkrBgEFBQcwAQUEAgUAMEwGA1UdIARFMEMwQQYJKwYBBAGg
MgFfMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3Jl
cG9zaXRvcnkvMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDCTAN
BgkqhkiG9w0BAQsFAAOCAQEAfz3YGCB7BW/M3Y2KpS/7zfM7W7T+lCGf6V/p5jPm
vxbDuIoYaXvnHSLLAPhJMYqqBwEuxdwgd1yHiq0mHfMlugUMgDIJkNA0kw7MoNFm
Bf/LjVOXkCBaetmy0XH4EHtvtCDrZTFbCsn9WA0yxvlGNiTKAADkJ+6AyFsXc0Dm
rlnTl7gi+zJiEh/a8H618QjuCBrlvBXriEUO3lVf5cRZW9bDwR5i+kcnfaaXXi0O
+p0YhTq6bW+C3Bmb4qI9EPkc+RK1oIwpePTNawmliKdOU9N3r0deD8eIR/MVhsjw
zDgcMZW9en2LPNjFyAkGGPbtcXXBsfgg0vC89/8AQVE9lw==
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIEQzCCAyugAwIBAgIMb9E4LurbQ6lQPTtFMA0GCSqGSIb3DQEBCwUAMGYxCzAJ
BgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTwwOgYDVQQDEzNH
bG9iYWxTaWduIE9yZ2FuaXphdGlvbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0g
RzIwHhcNMTcwMjEzMDcxMTAzWhcNMTcwNTE2MDcxMTAzWjCBjjELMAkGA1UEBhMC
QkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExFTATBgNVBAUTDDIwMTcwMjEz
MTUwNTFNMEsGA1UEAxNER2xvYmFsU2lnbiBPcmdhbml6YXRpb24gVmFsaWRhdGlv
biBDQSAtIFNIQTI1NiAtIEcyIC0gT0NTUCBSZXNwb25kZXIwggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQDSQ5fPMGrj2VLO26fr3gWL1zATIshlqCbeNieK
ZJb6+l+pCgUX9TjwkapZ9c63wS+dyXp/oy1oaa9rGOC5/Zqu7US3FLml1fz/g+11
FwY+aBvBufxUMi6Sfg/xKju/1p92HV6iIWTsqOr3DMr6OINw2mWmom1l1RWUPqzu
VpbhpWwTB7tQGTaGVoHFR+XTO1ibB3/cuf4GMTJVFilE0UUobGRR6g2HNjfNEECq
nR0c/cds8JQZQZ4+bOnzvbzd9G0F1GU72LGTgLdu9n6QkFdigT+ii2dF1Yy4kJi5
s2HgS035Rs4Tgn2BcW87U+UEHGAv1hJzkpjrljYc942hR+thAgMBAAGjgccwgcQw
HQYDVR0OBBYEFJxNAJkADouwAYF1obrw0CXXoBxHMB8GA1UdIwQYMBaAFJbeYfG9
HBYpUxzAzH07gwBA5hp8MA8GCSsGAQUFBzABBQQCBQAwTAYDVR0gBEUwQzBBBgkr
BgEEAaAyAV8wNDAyBggrBgEFBQcCARYmaHR0cHM6Ly93d3cuZ2xvYmFsc2lnbi5j
b20vcmVwb3NpdG9yeS8wDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUF
BwMJMA0GCSqGSIb3DQEBCwUAA4IBAQB/PdgYIHsFb8zdjYqlL/vN8ztbtP6UIZ/p
X+nmM+a/FsO4ihhpe+cdIssA+EkxiqoHAS7F3CB3XIeKrSYd8yW6BQyAMgmQ0DST
Dsyg0WYF/8uNU5eQIFp62bLRcfgQe2+0IOtlMVsKyf1YDTLG+UY2JMoAAOQn7oDI
WxdzQOauWdOXuCL7MmISH9rwfrXxCO4IGuW8FeuIRQ7eVV/lxFlb1sPBHmL6Ryd9
ppdeLQ76nRiFOrptb4LcGZvioj0Q+Rz5ErWgjCl49M1rCaWIp05T03evR14Px4hH
8xWGyPDMOBwxlb16fYs82MXICQYY9u1xdcGx+CDS8Lz3/wBBUT2X
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [public, no-transform, must-revalidate]
Cf-Cache-Status: [EXPIRED]
Cf-Ray: [3540bbfbb7b5471c-EWR]
Content-Length: [1570]
Content-Type: [application/ocsp-response]
Date: [Sun, 23 Apr 2017 12:13:00 GMT]
Etag: ["b30e8c930dd0dbed82ee7c129e55f5f0a023157a"]
Expires: [Thu, 27 Apr 2017 11:59:22 GMT]
Last-Modified: [Sun, 23 Apr 2017 11:59:22 GMT]
Server: [cloudflare-nginx]
Set-Cookie: [__cfduid=dafd944cf678a1262c70b94b51d06896e1492949580; expires=Mon, 23-Apr-18 12:13:00 GMT; path=/; domain=.globalsign.com; HttpOnly]
Vary: [Accept-Encoding]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

GlobalSign Organization Validation CA - SHA256 - G2 (CA Certificate)

Certificate details for GlobalSign Organization Validation CA - SHA256 - G2 (At position 1 in certificate chain)
Serial number:
hex: 40000000001444ef04247
int: 4835703278459909592597063
Issued by: GlobalSign Root CA
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: GlobalSign nv-sa
Country: BE
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

Certificate Revocation List (CRL)

This CRL was cached at
http://crl.globalsign.net/root.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://crl.globalsign.net/root.crl
Size: 782 bytes (DER data)
Response time: 6.657796ms
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 7

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: cloudflare-nginx
Content Delivery Network (CDN): CloudFlare
Cache Information: HIT

Raw CRL response headers

Accept-Ranges: [bytes]
Cache-Control: [public, max-age=6814291]
Cf-Cache-Status: [HIT]
Cf-Ray: [355e93dcf2020edf-EWR]
Content-Length: [782]
Content-Type: [application/pkix-crl]
Date: [Thu, 27 Apr 2017 03:08:29 GMT]
Etag: [39]
Expires: [Sat, 15 Jul 2017 00:00:00 GMT]
Last-Modified: [Wed, 19 Apr 2017 00:00:00 GMT]
Server: [cloudflare-nginx]
Set-Cookie: [__cfduid=d03750a40da217c1b6a37d326b773e4601493262509; expires=Fri, 27-Apr-18 03:08:29 GMT; path=/; domain=.globalsign.net; HttpOnly]
Vary: [Accept-Encoding]
  • Content-Type in response is set to 'application/pkix-crl (RFC 5280, section 4.2.1.13)'
  • This CRL file is DER encoded
  • Issuer field is byte-for-byte equivalent with issuers subject
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://ocsp.globalsign.com/rootr1 (GET)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp.globalsign.com/rootr1 (GET)
Size: 1518 bytes (DER data)
Response time: 7.604398ms
Signature algorithm: SHA256WithRSA
Signature type: CA Deligated
Signed by: GlobalSign OCSP for Root R1 - Signer 1.1
Issued by: GlobalSign Root CA
Signing certificate validity: 2017-04-07 - 2017-07-15
Signing certificate algorithm: SHA1-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: cloudflare-nginx
Content Delivery Network (CDN): CloudFlare
Cache Information: HIT

URL used for GET request

http:/rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCCwQAAAAAAURO8EJH

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6+MgGqMQQUYHtm
GkUNl8qJUC99BM00qP/8/UsCCwQAAAAAAURO8EJH
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIF6goBAKCCBeMwggXfBgkrBgEFBQcwAQEEggXQMIIFzDCBmaIWBBRr0IWpLGvT
FeIMvlCoqIzANZCQQRgPMjAxNzA0MjcwMDEzNTRaMG4wbDBEMAkGBSsOAwIaBQAE
FLdXtbacB/gWIxOOkMkqDr4yAaoxBBRge2YaRQ2XyolQL30EzTSo//z9SwILBAAA
AAABRE7wQkeAABgPMjAxNzA0MjcwMDEzNTRaoBEYDzIwMTcwNTAxMDAxMzU0WjAN
BgkqhkiG9w0BAQsFAAOCAQEAZRob4pa2VJ9D72N+9dTjjeSBN0syJlMih+paV7M7
q8IB7DKsXYmvNJDGah/y4G50ZRW+brY9rYe5rEJuKcbVpc1YXye09T/F7PFx9kWq
pS5xmOq8kivYD5PTvMLvCsZu11C9SVNUPNgNBK6pPhjTZJhe7YD6r+F+d+uwGBGp
oztuoJJTljEk3kLk3sxGhuAKEB4dhmJyY0uFFTIqjNAzwku0fcOnPs52TNFlmZLU
hv3q4crTG8QAvD0R6uEBkeN5R+CEcY9+Vy04XJj5vxYsNDfMYabEq43UWglwBFsq
c7tDO6twA5x5KpYi4hZxqVGjovCa77xupd/1wzOHOHi3z6CCBBgwggQUMIIEEDCC
AvigAwIBAgIOSPWzESmX3xEGSFD3EkEwDQYJKoZIhvcNAQEFBQAwVzELMAkGA1UE
BhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jvb3Qg
Q0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xNzA0MDcwMDAwMDBa
Fw0xNzA3MTUwMDAwMDBaMFsxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxT
aWduIG52LXNhMTEwLwYDVQQDEyhHbG9iYWxTaWduIE9DU1AgZm9yIFJvb3QgUjEg
LSBTaWduZXIgMS4xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuhvF
lmaool/STZVnvGSHel5cQ0D+Ru/AHHAD7pxWRN/ufb2Gq+KLdhWROdAI0eLvaQAV
Om3kxM9IPc0tZMEwI618halKDO1TG5zz/GQMp1r4wuaPqGEaqi6CD+UBFyaGlhLq
nsgB74qjtB5rl6bMy5/3An87DVuKN7IdC6kBuBTuGVk7tDcrS8bPF/LA+AzAz3g7
WTpMSlZAIXrEl5bgXzQHvHfYCpMsmcZBI4NmYgmtCNgphOwkxNQENcQPGhM/4eCj
0k3DtXtPXpp0iTPxVbBi/dQ2SKi73UqPttQNb5AQf2fHjCGClSKHk3sq0NisHrCW
gbcdT4ayMqDjSjh4SwIDAQABo4HVMIHSMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUE
DDAKBggrBgEFBQcDCTAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRr0IWpLGvTFeIM
vlCoqIzANZCQQTAfBgNVHSMEGDAWgBRge2YaRQ2XyolQL30EzTSo//z9SzAPBgkr
BgEFBQcwAQUEAgUAMEwGA1UdIARFMEMwQQYJKwYBBAGgMgFfMDQwMgYIKwYBBQUH
AgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMA0GCSqG
SIb3DQEBBQUAA4IBAQAxKJcSLXgYKslSd0pla6b8U8XXV3cP6kOd4LL40UG/B8gl
qJD+YBGv7oPJDAezG1pzmoqrcBQhKbWG8whhj5fKs56iMiz82Kaovb5s4CaRfcTJ
uzLHrHoLuGbAnLR/S+p2pFVcxNLE9TmQ9X5gwwvnrf/RxWjocetUcqnt7Nvoy/Fo
At16plXiUk1PAiz60EgUvyx4Jm9uirb+G7NQpmaP1FtyAYkBOr/XtbyYd3ZToUqj
9m1iy5o5NlDsBFNR6pYowu0/KJwNs+d5kjr2HtllfMrYP4yTv8fDNed1SyRxw7XH
xwCHbgWc12rPOOt3/hetmIelMQj8esDBp0ZsH3PF
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIEEDCCAvigAwIBAgIOSPWzESmX3xEGSFD3EkEwDQYJKoZIhvcNAQEFBQAwVzEL
MAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsT
B1Jvb3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xNzA0MDcw
MDAwMDBaFw0xNzA3MTUwMDAwMDBaMFsxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBH
bG9iYWxTaWduIG52LXNhMTEwLwYDVQQDEyhHbG9iYWxTaWduIE9DU1AgZm9yIFJv
b3QgUjEgLSBTaWduZXIgMS4xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAuhvFlmaool/STZVnvGSHel5cQ0D+Ru/AHHAD7pxWRN/ufb2Gq+KLdhWROdAI
0eLvaQAVOm3kxM9IPc0tZMEwI618halKDO1TG5zz/GQMp1r4wuaPqGEaqi6CD+UB
FyaGlhLqnsgB74qjtB5rl6bMy5/3An87DVuKN7IdC6kBuBTuGVk7tDcrS8bPF/LA
+AzAz3g7WTpMSlZAIXrEl5bgXzQHvHfYCpMsmcZBI4NmYgmtCNgphOwkxNQENcQP
GhM/4eCj0k3DtXtPXpp0iTPxVbBi/dQ2SKi73UqPttQNb5AQf2fHjCGClSKHk3sq
0NisHrCWgbcdT4ayMqDjSjh4SwIDAQABo4HVMIHSMA4GA1UdDwEB/wQEAwIHgDAT
BgNVHSUEDDAKBggrBgEFBQcDCTAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRr0IWp
LGvTFeIMvlCoqIzANZCQQTAfBgNVHSMEGDAWgBRge2YaRQ2XyolQL30EzTSo//z9
SzAPBgkrBgEFBQcwAQUEAgUAMEwGA1UdIARFMEMwQQYJKwYBBAGgMgFfMDQwMgYI
KwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkv
MA0GCSqGSIb3DQEBBQUAA4IBAQAxKJcSLXgYKslSd0pla6b8U8XXV3cP6kOd4LL4
0UG/B8glqJD+YBGv7oPJDAezG1pzmoqrcBQhKbWG8whhj5fKs56iMiz82Kaovb5s
4CaRfcTJuzLHrHoLuGbAnLR/S+p2pFVcxNLE9TmQ9X5gwwvnrf/RxWjocetUcqnt
7Nvoy/FoAt16plXiUk1PAiz60EgUvyx4Jm9uirb+G7NQpmaP1FtyAYkBOr/XtbyY
d3ZToUqj9m1iy5o5NlDsBFNR6pYowu0/KJwNs+d5kjr2HtllfMrYP4yTv8fDNed1
SyRxw7XHxwCHbgWc12rPOOt3/hetmIelMQj8esDBp0ZsH3PF
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [public, no-transform, must-revalidate]
Cf-Cache-Status: [HIT]
Cf-Ray: [355e884bb44406a9-EWR]
Content-Length: [1518]
Content-Type: [application/ocsp-response]
Date: [Thu, 27 Apr 2017 03:00:35 GMT]
Etag: ["b4097dd74847349876e220e52453a5f917be9c01"]
Expires: [Mon, 01 May 2017 00:13:54 GMT]
Last-Modified: [Thu, 27 Apr 2017 00:13:54 GMT]
Server: [cloudflare-nginx]
Set-Cookie: [__cfduid=d5bbbfa990abb7732dd8965c38af77c421493262035; expires=Fri, 27-Apr-18 03:00:35 GMT; path=/; domain=.globalsign.com; HttpOnly]
Vary: [Accept-Encoding]
  • OCSP requests is smaller than 255 bytes
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)
This OCSP response was cached at
http://ocsp.globalsign.com/rootr1 (POST)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp.globalsign.com/rootr1 (POST)
Size: 1518 bytes (DER data)
Response time: 5.489447ms
Signature algorithm: SHA256WithRSA
Signature type: CA Deligated
Signed by: GlobalSign OCSP for Root R1 - Signer 1.1
Issued by: GlobalSign Root CA
Signing certificate validity: 2017-04-07 - 2017-07-15
Signing certificate algorithm: SHA1-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: cloudflare-nginx
Content Delivery Network (CDN): CloudFlare
Cache Information: HIT

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6+MgGqMQQUYHtm
GkUNl8qJUC99BM00qP/8/UsCCwQAAAAAAURO8EJH
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIF6goBAKCCBeMwggXfBgkrBgEFBQcwAQEEggXQMIIFzDCBmaIWBBRr0IWpLGvT
FeIMvlCoqIzANZCQQRgPMjAxNzA0MjcwMDEzNTRaMG4wbDBEMAkGBSsOAwIaBQAE
FLdXtbacB/gWIxOOkMkqDr4yAaoxBBRge2YaRQ2XyolQL30EzTSo//z9SwILBAAA
AAABRE7wQkeAABgPMjAxNzA0MjcwMDEzNTRaoBEYDzIwMTcwNTAxMDAxMzU0WjAN
BgkqhkiG9w0BAQsFAAOCAQEAZRob4pa2VJ9D72N+9dTjjeSBN0syJlMih+paV7M7
q8IB7DKsXYmvNJDGah/y4G50ZRW+brY9rYe5rEJuKcbVpc1YXye09T/F7PFx9kWq
pS5xmOq8kivYD5PTvMLvCsZu11C9SVNUPNgNBK6pPhjTZJhe7YD6r+F+d+uwGBGp
oztuoJJTljEk3kLk3sxGhuAKEB4dhmJyY0uFFTIqjNAzwku0fcOnPs52TNFlmZLU
hv3q4crTG8QAvD0R6uEBkeN5R+CEcY9+Vy04XJj5vxYsNDfMYabEq43UWglwBFsq
c7tDO6twA5x5KpYi4hZxqVGjovCa77xupd/1wzOHOHi3z6CCBBgwggQUMIIEEDCC
AvigAwIBAgIOSPWzESmX3xEGSFD3EkEwDQYJKoZIhvcNAQEFBQAwVzELMAkGA1UE
BhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jvb3Qg
Q0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xNzA0MDcwMDAwMDBa
Fw0xNzA3MTUwMDAwMDBaMFsxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxT
aWduIG52LXNhMTEwLwYDVQQDEyhHbG9iYWxTaWduIE9DU1AgZm9yIFJvb3QgUjEg
LSBTaWduZXIgMS4xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuhvF
lmaool/STZVnvGSHel5cQ0D+Ru/AHHAD7pxWRN/ufb2Gq+KLdhWROdAI0eLvaQAV
Om3kxM9IPc0tZMEwI618halKDO1TG5zz/GQMp1r4wuaPqGEaqi6CD+UBFyaGlhLq
nsgB74qjtB5rl6bMy5/3An87DVuKN7IdC6kBuBTuGVk7tDcrS8bPF/LA+AzAz3g7
WTpMSlZAIXrEl5bgXzQHvHfYCpMsmcZBI4NmYgmtCNgphOwkxNQENcQPGhM/4eCj
0k3DtXtPXpp0iTPxVbBi/dQ2SKi73UqPttQNb5AQf2fHjCGClSKHk3sq0NisHrCW
gbcdT4ayMqDjSjh4SwIDAQABo4HVMIHSMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUE
DDAKBggrBgEFBQcDCTAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRr0IWpLGvTFeIM
vlCoqIzANZCQQTAfBgNVHSMEGDAWgBRge2YaRQ2XyolQL30EzTSo//z9SzAPBgkr
BgEFBQcwAQUEAgUAMEwGA1UdIARFMEMwQQYJKwYBBAGgMgFfMDQwMgYIKwYBBQUH
AgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMA0GCSqG
SIb3DQEBBQUAA4IBAQAxKJcSLXgYKslSd0pla6b8U8XXV3cP6kOd4LL40UG/B8gl
qJD+YBGv7oPJDAezG1pzmoqrcBQhKbWG8whhj5fKs56iMiz82Kaovb5s4CaRfcTJ
uzLHrHoLuGbAnLR/S+p2pFVcxNLE9TmQ9X5gwwvnrf/RxWjocetUcqnt7Nvoy/Fo
At16plXiUk1PAiz60EgUvyx4Jm9uirb+G7NQpmaP1FtyAYkBOr/XtbyYd3ZToUqj
9m1iy5o5NlDsBFNR6pYowu0/KJwNs+d5kjr2HtllfMrYP4yTv8fDNed1SyRxw7XH
xwCHbgWc12rPOOt3/hetmIelMQj8esDBp0ZsH3PF
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIEEDCCAvigAwIBAgIOSPWzESmX3xEGSFD3EkEwDQYJKoZIhvcNAQEFBQAwVzEL
MAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsT
B1Jvb3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xNzA0MDcw
MDAwMDBaFw0xNzA3MTUwMDAwMDBaMFsxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBH
bG9iYWxTaWduIG52LXNhMTEwLwYDVQQDEyhHbG9iYWxTaWduIE9DU1AgZm9yIFJv
b3QgUjEgLSBTaWduZXIgMS4xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAuhvFlmaool/STZVnvGSHel5cQ0D+Ru/AHHAD7pxWRN/ufb2Gq+KLdhWROdAI
0eLvaQAVOm3kxM9IPc0tZMEwI618halKDO1TG5zz/GQMp1r4wuaPqGEaqi6CD+UB
FyaGlhLqnsgB74qjtB5rl6bMy5/3An87DVuKN7IdC6kBuBTuGVk7tDcrS8bPF/LA
+AzAz3g7WTpMSlZAIXrEl5bgXzQHvHfYCpMsmcZBI4NmYgmtCNgphOwkxNQENcQP
GhM/4eCj0k3DtXtPXpp0iTPxVbBi/dQ2SKi73UqPttQNb5AQf2fHjCGClSKHk3sq
0NisHrCWgbcdT4ayMqDjSjh4SwIDAQABo4HVMIHSMA4GA1UdDwEB/wQEAwIHgDAT
BgNVHSUEDDAKBggrBgEFBQcDCTAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRr0IWp
LGvTFeIMvlCoqIzANZCQQTAfBgNVHSMEGDAWgBRge2YaRQ2XyolQL30EzTSo//z9
SzAPBgkrBgEFBQcwAQUEAgUAMEwGA1UdIARFMEMwQQYJKwYBBAGgMgFfMDQwMgYI
KwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkv
MA0GCSqGSIb3DQEBBQUAA4IBAQAxKJcSLXgYKslSd0pla6b8U8XXV3cP6kOd4LL4
0UG/B8glqJD+YBGv7oPJDAezG1pzmoqrcBQhKbWG8whhj5fKs56iMiz82Kaovb5s
4CaRfcTJuzLHrHoLuGbAnLR/S+p2pFVcxNLE9TmQ9X5gwwvnrf/RxWjocetUcqnt
7Nvoy/FoAt16plXiUk1PAiz60EgUvyx4Jm9uirb+G7NQpmaP1FtyAYkBOr/XtbyY
d3ZToUqj9m1iy5o5NlDsBFNR6pYowu0/KJwNs+d5kjr2HtllfMrYP4yTv8fDNed1
SyRxw7XHxwCHbgWc12rPOOt3/hetmIelMQj8esDBp0ZsH3PF
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [public, no-transform, must-revalidate]
Cf-Cache-Status: [HIT]
Cf-Ray: [355e884bb1a00efd-EWR]
Content-Length: [1518]
Content-Type: [application/ocsp-response]
Date: [Thu, 27 Apr 2017 03:00:35 GMT]
Etag: ["b4097dd74847349876e220e52453a5f917be9c01"]
Expires: [Mon, 01 May 2017 00:13:54 GMT]
Last-Modified: [Thu, 27 Apr 2017 00:13:54 GMT]
Server: [cloudflare-nginx]
Set-Cookie: [__cfduid=db98e9d1dd23e03e2eb6a974328fad6cb1493262035; expires=Fri, 27-Apr-18 03:00:35 GMT; path=/; domain=.globalsign.com; HttpOnly]
Vary: [Accept-Encoding]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

GlobalSign Root CA (CA Certificate)

Certificate details for GlobalSign Root CA (At position 2 in certificate chain)
Serial number:
hex: 40000000001154b5ac394
int: 4835703278459707669005204
Issued by: GlobalSign Root CA
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: GlobalSign nv-sa
Organization unit: Root CA
Country: BE
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

This is a self signed certificate

Check the revocation status for another website

Created by Paul van Brouwershaven
Revoked certificates can't and should not be trusted, these certificate will cause errors like "NET::ERR_CERT_REVOKED" in browsers.