CRL & OCSP report for 0-historicaltexts.jisc.ac.uk.catalogue.wellcomelibrary.org - *.catalogue.wellcomelibrary.org (The Wellcome Trust Limited)

*.catalogue.wellcomelibrary.org

This certificate was cached at
Certificate details for *.catalogue.wellcomelibrary.org (At position 0 in certificate chain)
Serial number:
hex: 480138650d646501bf3fa22b
int: 22284395949565659000497742379
Issued by: GlobalSign Organization Validation CA - SHA256 - G2
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: The Wellcome Trust Limited
Organization unit: IT
State / Province: London
Locality: London
Country: GB
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

View complete certificate details for 0-historicaltexts.jisc.ac.uk.catalogue.wellcomelibrary.org.

Certificate Revocation List (CRL)

This CRL was cached at
http://crl.globalsign.com/gs/gsorganizationvalsha2g2.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://crl.globalsign.com/gs/gsorganizationvalsha2g2.crl
Size: 109236 bytes (DER data)
Response time: 16.667335ms
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 3256

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: cloudflare-nginx
Content Delivery Network (CDN): CloudFlare, CloudFront
Cache Information: HIT, Miss from cloudfront

Raw CRL response headers

Accept-Ranges: [bytes]
Cache-Control: [public, no-transform, must-revalidate]
Cf-Cache-Status: [HIT]
Cf-Ray: [3354cbdb81ed0ed9-EWR]
Content-Length: [109236]
Content-Type: [application/pkix-crl]
Date: [Wed, 22 Feb 2017 19:20:36 GMT]
Etag: [E43E]
Expires: [Tue, 28 Feb 2017 23:28:57 GMT]
Last-Modified: [Tue, 21 Feb 2017 23:28:57 GMT]
Server: [cloudflare-nginx]
Set-Cookie: [__cfduid=da13359ce97cb36d17f2e4b9ceda7c32d1487791236; expires=Thu, 22-Feb-18 19:20:36 GMT; path=/; domain=.globalsign.com; HttpOnly]
Vary: [Accept-Encoding]
Via: [1.1 80e249fb010044bf276e2c86b81c99a1.cloudfront.net (CloudFront)]
X-Amz-Cf-Id: [Dr_cAQ3V5kRqgAdWK_DW9H4R-GEMoYSJuBF6Sw4BDYYyrnkg2wWW1Q==]
X-Cache: [Miss from cloudfront]
  • Content-Type in response is set to 'application/pkix-crl (RFC 5280, section 4.2.1.13)'
  • This CRL file is DER encoded
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than seven days old, CRLs must be updated and reissued at least every seven days (Mozilla Maintenance Policy section 3)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://ocsp2.globalsign.com/gsorganizationvalsha2g2 (POST)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp2.globalsign.com/gsorganizationvalsha2g2 (POST)
Size: 1570 bytes (DER data)
Response time: 769.995725ms
Signature algorithm: SHA256WithRSA
Signature type: CA Deligated
Signed by: GlobalSign Organization Validation CA - SHA256 - G2 - OCSP Responder
Issued by: GlobalSign Organization Validation CA - SHA256 - G2
Signing certificate validity: 2017-02-13 - 2017-05-16
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: cloudflare-nginx
Content Delivery Network (CDN): CloudFlare
Cache Information: EXPIRED

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h
8b0cFilTHMDMfTuDAEDmGnwCDEgBOGUNZGUBvz+iKw==
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIGHgoBAKCCBhcwggYTBgkrBgEFBQcwAQEEggYEMIIGADCBmqIWBBScTQCZAA6L
sAGBdaG68NAl16AcRxgPMjAxNzAyMjExMjEwMTRaMG8wbTBFMAkGBSsOAwIaBQAE
FAyeTZw97e+E2JHpcsfPhAa8GXsHBBSW3mHxvRwWKVMcwMx9O4MAQOYafAIMSAE4
ZQ1kZQG/P6IrgAAYDzIwMTcwMjIxMTIxMDE0WqARGA8yMDE3MDIyNTEyMTAxNFow
DQYJKoZIhvcNAQELBQADggEBAFcvPRbeu8OtjhLSPpGRcraN9ZWaK0pkcjqYzLgi
CFfX05rqpR1A6T7nA05Ht/e0jhnr/yt/ZoOYKbk3SC9TPS7twZIANyb82FksjGTF
jnfyWLaTQ7hYyf/1lIm/3r4vbXkPqXALDWOf+B60hcepSYmeeZZ/rYiLil+9suc0
5fM8YHo+aUal37o/kpZlm9+1LmBtbvjJxfE0dl0kpRIWc1bzYhttW+ByMMRHiu/l
D6aTiB4Kwt3NhdluASfhlWqP7tw+lP9NTE/dCEK71hKit2NhBaV3U3ggUagJ+Bvl
iHSdSIspICaxPMztwbYnnHqWQl0GCjgNL++h9Y9rj4HuEzqgggRLMIIERzCCBEMw
ggMroAMCAQICDG/ROC7q20OpUD07RTANBgkqhkiG9w0BAQsFADBmMQswCQYDVQQG
EwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTE8MDoGA1UEAxMzR2xvYmFs
U2lnbiBPcmdhbml6YXRpb24gVmFsaWRhdGlvbiBDQSAtIFNIQTI1NiAtIEcyMB4X
DTE3MDIxMzA3MTEwM1oXDTE3MDUxNjA3MTEwM1owgY4xCzAJBgNVBAYTAkJFMRkw
FwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRUwEwYDVQQFEwwyMDE3MDIxMzE1MDUx
TTBLBgNVBAMTREdsb2JhbFNpZ24gT3JnYW5pemF0aW9uIFZhbGlkYXRpb24gQ0Eg
LSBTSEEyNTYgLSBHMiAtIE9DU1AgUmVzcG9uZGVyMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEA0kOXzzBq49lSztun694Fi9cwEyLIZagm3jYnimSW+vpf
qQoFF/U48JGqWfXOt8Evncl6f6MtaGmvaxjguf2aru1EtxS5pdX8/4PtdRcGPmgb
wbn8VDIukn4P8So7v9afdh1eoiFk7Kjq9wzK+jiDcNplpqJtZdUVlD6s7laW4aVs
Ewe7UBk2hlaBxUfl0ztYmwd/3Ln+BjEyVRYpRNFFKGxkUeoNhzY3zRBAqp0dHP3H
bPCUGUGePmzp87283fRtBdRlO9ixk4C3bvZ+kJBXYoE/ootnRdWMuJCYubNh4EtN
+UbOE4J9gXFvO1PlBBxgL9YSc5KY65Y2HPeNoUfrYQIDAQABo4HHMIHEMB0GA1Ud
DgQWBBScTQCZAA6LsAGBdaG68NAl16AcRzAfBgNVHSMEGDAWgBSW3mHxvRwWKVMc
wMx9O4MAQOYafDAPBgkrBgEFBQcwAQUEAgUAMEwGA1UdIARFMEMwQQYJKwYBBAGg
MgFfMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3Jl
cG9zaXRvcnkvMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDCTAN
BgkqhkiG9w0BAQsFAAOCAQEAfz3YGCB7BW/M3Y2KpS/7zfM7W7T+lCGf6V/p5jPm
vxbDuIoYaXvnHSLLAPhJMYqqBwEuxdwgd1yHiq0mHfMlugUMgDIJkNA0kw7MoNFm
Bf/LjVOXkCBaetmy0XH4EHtvtCDrZTFbCsn9WA0yxvlGNiTKAADkJ+6AyFsXc0Dm
rlnTl7gi+zJiEh/a8H618QjuCBrlvBXriEUO3lVf5cRZW9bDwR5i+kcnfaaXXi0O
+p0YhTq6bW+C3Bmb4qI9EPkc+RK1oIwpePTNawmliKdOU9N3r0deD8eIR/MVhsjw
zDgcMZW9en2LPNjFyAkGGPbtcXXBsfgg0vC89/8AQVE9lw==
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIEQzCCAyugAwIBAgIMb9E4LurbQ6lQPTtFMA0GCSqGSIb3DQEBCwUAMGYxCzAJ
BgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTwwOgYDVQQDEzNH
bG9iYWxTaWduIE9yZ2FuaXphdGlvbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0g
RzIwHhcNMTcwMjEzMDcxMTAzWhcNMTcwNTE2MDcxMTAzWjCBjjELMAkGA1UEBhMC
QkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExFTATBgNVBAUTDDIwMTcwMjEz
MTUwNTFNMEsGA1UEAxNER2xvYmFsU2lnbiBPcmdhbml6YXRpb24gVmFsaWRhdGlv
biBDQSAtIFNIQTI1NiAtIEcyIC0gT0NTUCBSZXNwb25kZXIwggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQDSQ5fPMGrj2VLO26fr3gWL1zATIshlqCbeNieK
ZJb6+l+pCgUX9TjwkapZ9c63wS+dyXp/oy1oaa9rGOC5/Zqu7US3FLml1fz/g+11
FwY+aBvBufxUMi6Sfg/xKju/1p92HV6iIWTsqOr3DMr6OINw2mWmom1l1RWUPqzu
VpbhpWwTB7tQGTaGVoHFR+XTO1ibB3/cuf4GMTJVFilE0UUobGRR6g2HNjfNEECq
nR0c/cds8JQZQZ4+bOnzvbzd9G0F1GU72LGTgLdu9n6QkFdigT+ii2dF1Yy4kJi5
s2HgS035Rs4Tgn2BcW87U+UEHGAv1hJzkpjrljYc942hR+thAgMBAAGjgccwgcQw
HQYDVR0OBBYEFJxNAJkADouwAYF1obrw0CXXoBxHMB8GA1UdIwQYMBaAFJbeYfG9
HBYpUxzAzH07gwBA5hp8MA8GCSsGAQUFBzABBQQCBQAwTAYDVR0gBEUwQzBBBgkr
BgEEAaAyAV8wNDAyBggrBgEFBQcCARYmaHR0cHM6Ly93d3cuZ2xvYmFsc2lnbi5j
b20vcmVwb3NpdG9yeS8wDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUF
BwMJMA0GCSqGSIb3DQEBCwUAA4IBAQB/PdgYIHsFb8zdjYqlL/vN8ztbtP6UIZ/p
X+nmM+a/FsO4ihhpe+cdIssA+EkxiqoHAS7F3CB3XIeKrSYd8yW6BQyAMgmQ0DST
Dsyg0WYF/8uNU5eQIFp62bLRcfgQe2+0IOtlMVsKyf1YDTLG+UY2JMoAAOQn7oDI
WxdzQOauWdOXuCL7MmISH9rwfrXxCO4IGuW8FeuIRQ7eVV/lxFlb1sPBHmL6Ryd9
ppdeLQ76nRiFOrptb4LcGZvioj0Q+Rz5ErWgjCl49M1rCaWIp05T03evR14Px4hH
8xWGyPDMOBwxlb16fYs82MXICQYY9u1xdcGx+CDS8Lz3/wBBUT2X
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [public, no-transform, must-revalidate]
Cf-Cache-Status: [EXPIRED]
Cf-Ray: [334a180bc44a21aa-EWR]
Content-Length: [1570]
Content-Type: [application/ocsp-response]
Date: [Tue, 21 Feb 2017 12:10:14 GMT]
Etag: ["c9ec965dd13cbba23fa4afe4732dc438198c9640"]
Expires: [Sat, 25 Feb 2017 12:10:14 GMT]
Last-Modified: [Tue, 21 Feb 2017 12:10:14 GMT]
Server: [cloudflare-nginx]
Set-Cookie: [__cfduid=d83d7f841fb3a76efd64324cdbce0d5821487679013; expires=Wed, 21-Feb-18 12:10:13 GMT; path=/; domain=.globalsign.com; HttpOnly]
Vary: [Accept-Encoding]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)
This OCSP response was cached at
http://ocsp2.globalsign.com/gsorganizationvalsha2g2 (GET)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp2.globalsign.com/gsorganizationvalsha2g2 (GET)
Size: 1570 bytes (DER data)
Response time: 8.141493ms
Signature algorithm: SHA256WithRSA
Signature type: CA Deligated
Signed by: GlobalSign Organization Validation CA - SHA256 - G2 - OCSP Responder
Issued by: GlobalSign Organization Validation CA - SHA256 - G2
Signing certificate validity: 2017-02-13 - 2017-05-16
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: cloudflare-nginx
Content Delivery Network (CDN): CloudFlare
Cache Information: UPDATING

URL used for GET request

http:/gsorganizationvalsha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCDEgBOGUNZGUBvz%2BiKw%3D%3D

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h
8b0cFilTHMDMfTuDAEDmGnwCDEgBOGUNZGUBvz+iKw==
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIGHgoBAKCCBhcwggYTBgkrBgEFBQcwAQEEggYEMIIGADCBmqIWBBScTQCZAA6L
sAGBdaG68NAl16AcRxgPMjAxNzAyMjAxNjI0NTBaMG8wbTBFMAkGBSsOAwIaBQAE
FAyeTZw97e+E2JHpcsfPhAa8GXsHBBSW3mHxvRwWKVMcwMx9O4MAQOYafAIMSAE4
ZQ1kZQG/P6IrgAAYDzIwMTcwMjIwMTYyNDUwWqARGA8yMDE3MDIyNDE2MjQ1MFow
DQYJKoZIhvcNAQELBQADggEBAIeQjDKaJJx4AiTjWjBebAnV8uszvVAAsz5cghTN
0/a9VjerlJ5MS59MM/w/Ya+6SUsrHQwZ+B2DM+t0KwCjYSIVS4NTUnLsJc46nZtb
z54UMoh8FA95SiybKZ8EhwlgZTCH05f/6528DYyfT3Ti9KmbZDc8VhsYzxd00uxh
de0wBIN9mQVtK1Ay0RLNDIhsxQfA9cQkMfdYxHjTZXGI0VQvK0R6o4BO42xEHgmx
JqEMp1k6YS5c13MK6dw1YK0vBAsgr+5G1xsqyke72SVTySv24CQr5jvhO8bufdfe
CkeRh3Adi8ZPZIaF8FaqNvaDcf5G4Y9yB0SyqPFKFKGEhIugggRLMIIERzCCBEMw
ggMroAMCAQICDG/ROC7q20OpUD07RTANBgkqhkiG9w0BAQsFADBmMQswCQYDVQQG
EwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTE8MDoGA1UEAxMzR2xvYmFs
U2lnbiBPcmdhbml6YXRpb24gVmFsaWRhdGlvbiBDQSAtIFNIQTI1NiAtIEcyMB4X
DTE3MDIxMzA3MTEwM1oXDTE3MDUxNjA3MTEwM1owgY4xCzAJBgNVBAYTAkJFMRkw
FwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRUwEwYDVQQFEwwyMDE3MDIxMzE1MDUx
TTBLBgNVBAMTREdsb2JhbFNpZ24gT3JnYW5pemF0aW9uIFZhbGlkYXRpb24gQ0Eg
LSBTSEEyNTYgLSBHMiAtIE9DU1AgUmVzcG9uZGVyMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEA0kOXzzBq49lSztun694Fi9cwEyLIZagm3jYnimSW+vpf
qQoFF/U48JGqWfXOt8Evncl6f6MtaGmvaxjguf2aru1EtxS5pdX8/4PtdRcGPmgb
wbn8VDIukn4P8So7v9afdh1eoiFk7Kjq9wzK+jiDcNplpqJtZdUVlD6s7laW4aVs
Ewe7UBk2hlaBxUfl0ztYmwd/3Ln+BjEyVRYpRNFFKGxkUeoNhzY3zRBAqp0dHP3H
bPCUGUGePmzp87283fRtBdRlO9ixk4C3bvZ+kJBXYoE/ootnRdWMuJCYubNh4EtN
+UbOE4J9gXFvO1PlBBxgL9YSc5KY65Y2HPeNoUfrYQIDAQABo4HHMIHEMB0GA1Ud
DgQWBBScTQCZAA6LsAGBdaG68NAl16AcRzAfBgNVHSMEGDAWgBSW3mHxvRwWKVMc
wMx9O4MAQOYafDAPBgkrBgEFBQcwAQUEAgUAMEwGA1UdIARFMEMwQQYJKwYBBAGg
MgFfMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3Jl
cG9zaXRvcnkvMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDCTAN
BgkqhkiG9w0BAQsFAAOCAQEAfz3YGCB7BW/M3Y2KpS/7zfM7W7T+lCGf6V/p5jPm
vxbDuIoYaXvnHSLLAPhJMYqqBwEuxdwgd1yHiq0mHfMlugUMgDIJkNA0kw7MoNFm
Bf/LjVOXkCBaetmy0XH4EHtvtCDrZTFbCsn9WA0yxvlGNiTKAADkJ+6AyFsXc0Dm
rlnTl7gi+zJiEh/a8H618QjuCBrlvBXriEUO3lVf5cRZW9bDwR5i+kcnfaaXXi0O
+p0YhTq6bW+C3Bmb4qI9EPkc+RK1oIwpePTNawmliKdOU9N3r0deD8eIR/MVhsjw
zDgcMZW9en2LPNjFyAkGGPbtcXXBsfgg0vC89/8AQVE9lw==
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIEQzCCAyugAwIBAgIMb9E4LurbQ6lQPTtFMA0GCSqGSIb3DQEBCwUAMGYxCzAJ
BgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTwwOgYDVQQDEzNH
bG9iYWxTaWduIE9yZ2FuaXphdGlvbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0g
RzIwHhcNMTcwMjEzMDcxMTAzWhcNMTcwNTE2MDcxMTAzWjCBjjELMAkGA1UEBhMC
QkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExFTATBgNVBAUTDDIwMTcwMjEz
MTUwNTFNMEsGA1UEAxNER2xvYmFsU2lnbiBPcmdhbml6YXRpb24gVmFsaWRhdGlv
biBDQSAtIFNIQTI1NiAtIEcyIC0gT0NTUCBSZXNwb25kZXIwggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQDSQ5fPMGrj2VLO26fr3gWL1zATIshlqCbeNieK
ZJb6+l+pCgUX9TjwkapZ9c63wS+dyXp/oy1oaa9rGOC5/Zqu7US3FLml1fz/g+11
FwY+aBvBufxUMi6Sfg/xKju/1p92HV6iIWTsqOr3DMr6OINw2mWmom1l1RWUPqzu
VpbhpWwTB7tQGTaGVoHFR+XTO1ibB3/cuf4GMTJVFilE0UUobGRR6g2HNjfNEECq
nR0c/cds8JQZQZ4+bOnzvbzd9G0F1GU72LGTgLdu9n6QkFdigT+ii2dF1Yy4kJi5
s2HgS035Rs4Tgn2BcW87U+UEHGAv1hJzkpjrljYc942hR+thAgMBAAGjgccwgcQw
HQYDVR0OBBYEFJxNAJkADouwAYF1obrw0CXXoBxHMB8GA1UdIwQYMBaAFJbeYfG9
HBYpUxzAzH07gwBA5hp8MA8GCSsGAQUFBzABBQQCBQAwTAYDVR0gBEUwQzBBBgkr
BgEEAaAyAV8wNDAyBggrBgEFBQcCARYmaHR0cHM6Ly93d3cuZ2xvYmFsc2lnbi5j
b20vcmVwb3NpdG9yeS8wDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUF
BwMJMA0GCSqGSIb3DQEBCwUAA4IBAQB/PdgYIHsFb8zdjYqlL/vN8ztbtP6UIZ/p
X+nmM+a/FsO4ihhpe+cdIssA+EkxiqoHAS7F3CB3XIeKrSYd8yW6BQyAMgmQ0DST
Dsyg0WYF/8uNU5eQIFp62bLRcfgQe2+0IOtlMVsKyf1YDTLG+UY2JMoAAOQn7oDI
WxdzQOauWdOXuCL7MmISH9rwfrXxCO4IGuW8FeuIRQ7eVV/lxFlb1sPBHmL6Ryd9
ppdeLQ76nRiFOrptb4LcGZvioj0Q+Rz5ErWgjCl49M1rCaWIp05T03evR14Px4hH
8xWGyPDMOBwxlb16fYs82MXICQYY9u1xdcGx+CDS8Lz3/wBBUT2X
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [public, no-transform, must-revalidate]
Cf-Cache-Status: [UPDATING]
Cf-Ray: [334a180bc13f4728-EWR]
Content-Length: [1570]
Content-Type: [application/ocsp-response]
Date: [Tue, 21 Feb 2017 12:10:13 GMT]
Etag: ["2c6a6ac3ac4576d3e3be20fe3b3be3ab04a9661e"]
Expires: [Fri, 24 Feb 2017 16:24:50 GMT]
Last-Modified: [Mon, 20 Feb 2017 16:24:50 GMT]
Server: [cloudflare-nginx]
Set-Cookie: [__cfduid=d67f6db3a46c4d3cbff74e2ad07a0e7f41487679013; expires=Wed, 21-Feb-18 12:10:13 GMT; path=/; domain=.globalsign.com; HttpOnly]
Vary: [Accept-Encoding]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

GlobalSign Organization Validation CA - SHA256 - G2 (CA Certificate)

This certificate was cached at
Certificate details for GlobalSign Organization Validation CA - SHA256 - G2 (At position 1 in certificate chain)
Serial number:
hex: 40000000001444ef04247
int: 4835703278459909592597063
Issued by: GlobalSign Root CA
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: GlobalSign nv-sa
Country: BE
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

Certificate Revocation List (CRL)

This CRL was cached at
http://crl.globalsign.net/root.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://crl.globalsign.net/root.crl
Size: 693 bytes (DER data)
Response time: 79.915515ms
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 5

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: cloudflare-nginx
Content Delivery Network (CDN): CloudFlare
Cache Information: HIT

Raw CRL response headers

Accept-Ranges: [bytes]
Cache-Control: [public, max-age=4423164]
Cf-Cache-Status: [HIT]
Cf-Ray: [3354cbdbf03106a9-EWR]
Content-Length: [693]
Content-Type: [application/pkix-crl]
Date: [Wed, 22 Feb 2017 19:20:36 GMT]
Etag: [37]
Expires: [Sat, 15 Apr 2017 00:00:00 GMT]
Last-Modified: [Sat, 07 Jan 2017 00:00:00 GMT]
Server: [cloudflare-nginx]
Set-Cookie: [__cfduid=d5e1a1d65b44e1a2532688729e19c20571487791236; expires=Thu, 22-Feb-18 19:20:36 GMT; path=/; domain=.globalsign.net; HttpOnly]
Vary: [Accept-Encoding]
  • Content-Type in response is set to 'application/pkix-crl (RFC 5280, section 4.2.1.13)'
  • This CRL file is DER encoded
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://ocsp.globalsign.com/rootr1 (GET)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp.globalsign.com/rootr1 (GET)
Size: 1518 bytes (DER data)
Response time: 12.457308ms
Signature algorithm: SHA256WithRSA
Signature type: CA Deligated
Signed by: GlobalSign OCSP for Root R1 - Signer 1.2
Issued by: GlobalSign Root CA
Signing certificate validity: 2016-12-08 - 2017-05-15
Signing certificate algorithm: SHA1-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: cloudflare-nginx
Content Delivery Network (CDN): CloudFlare
Cache Information: HIT

URL used for GET request

http:/rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCCwQAAAAAAURO8EJH

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6+MgGqMQQUYHtm
GkUNl8qJUC99BM00qP/8/UsCCwQAAAAAAURO8EJH
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIF6goBAKCCBeMwggXfBgkrBgEFBQcwAQEEggXQMIIFzDCBmaIWBBTo5D4n+cHT
OzaRhTkWd1PUt9RfihgPMjAxNzAyMjIxODQ2MzZaMG4wbDBEMAkGBSsOAwIaBQAE
FLdXtbacB/gWIxOOkMkqDr4yAaoxBBRge2YaRQ2XyolQL30EzTSo//z9SwILBAAA
AAABRE7wQkeAABgPMjAxNzAyMjIxODQ2MzZaoBEYDzIwMTcwMjI2MTg0NjM2WjAN
BgkqhkiG9w0BAQsFAAOCAQEAs3LffJuzUPnMl5V2z68mBBRgW22NTkbp+QWgFKEI
XzH84VA7nCtJbS14xriW+uH2og2CNuPUivEGs6SUeZJFmCB3XDYlROwe/PEJ+2t4
JTSrNEQvX9me6V8McagfXjScgqT7RXF1KMTPGInUkucORIfiaJYu86bKIZINxfiy
K75zYWiVQAyL9IOk/OLAYJmgj206nCrP4ZsDpriYlD5vvFWjHsJxxlFFtzS6rgWj
KgHoqBvCZjFwyu0D8BLoELw6AKO03tqaCJNiML7qWoTx8cSyUt/OOAIXtRHxk6ha
LPxcsu8G6sD6fdyPLeuJuin9c3JVdaF5sECS3XJqNDJ97aCCBBgwggQUMIIEEDCC
AvigAwIBAgIOSPWzECFVLDQzsNCb15cwDQYJKoZIhvcNAQEFBQAwVzELMAkGA1UE
BhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jvb3Qg
Q0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xNjEyMDgwMDAwMDBa
Fw0xNzA1MTUwMDAwMDBaMFsxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxT
aWduIG52LXNhMTEwLwYDVQQDEyhHbG9iYWxTaWduIE9DU1AgZm9yIFJvb3QgUjEg
LSBTaWduZXIgMS4yMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4eJO
rqLb90sYTgrLehHOwNb1Gr8BunC06AZDTH/msQRAp+ILqVzPC60EZsdKc1KGe19h
d27VEP/yOx0aFy1/Hmef8jjg8jbofGyDKJkWi5ho8/nT/TtH2EDmi1SQ5iXFDv0T
zzfcUhTaTzt1y2dAZxJDpYeJ7M22p+Uyx1nZ0MOKSbWUZ8JKe33+q7R1jECE84xp
aLG8JN486hq9e5BogGjIlAwg4JzR/n1NfYg61IGC1aSZzBTcclM9wSTr3suBbEUp
M/NvnkIReL4PHZikXupW0yNOB5A9U16iRoWvVZt9QzLji4YtU8D/uP7L0iCKMuu9
Ho9JlpvMlRLlLl3zYwIDAQABo4HVMIHSMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUE
DDAKBggrBgEFBQcDCTAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBTo5D4n+cHTOzaR
hTkWd1PUt9RfijAfBgNVHSMEGDAWgBRge2YaRQ2XyolQL30EzTSo//z9SzAPBgkr
BgEFBQcwAQUEAgUAMEwGA1UdIARFMEMwQQYJKwYBBAGgMgFfMDQwMgYIKwYBBQUH
AgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMA0GCSqG
SIb3DQEBBQUAA4IBAQA+U6mkht7qiRVGQBUpwmZveLWGVlzshYcUhqXmu+l4qVue
h4BJJt49W5nfDnX/tTQHXG365f3oVn8Dbsqt0K3j2DNZQwjLUmwt36ERjs9h1JlA
R52fmUAIoW/iG/7cy/2iQPcMfh//le05L30MaRs8/5sZwmVc1VxhrCfofbSp/gKy
BH2N4a2KCUNuvHmrdcX0FAx4Wjm/D3iignh8aCunfUktOskMUkSlUxb8UWwTgzJj
blibRmlsc3RmEOiAD+TR7GUSVq9H6B0Kzi4cXJ7dXWhoK+XNzNZX+sfaL+WjeDqd
Mkn4KpoU1NTyUz8PRHLvqUGigfTJ0z2lpy5fD7nU
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIEEDCCAvigAwIBAgIOSPWzECFVLDQzsNCb15cwDQYJKoZIhvcNAQEFBQAwVzEL
MAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsT
B1Jvb3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xNjEyMDgw
MDAwMDBaFw0xNzA1MTUwMDAwMDBaMFsxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBH
bG9iYWxTaWduIG52LXNhMTEwLwYDVQQDEyhHbG9iYWxTaWduIE9DU1AgZm9yIFJv
b3QgUjEgLSBTaWduZXIgMS4yMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA4eJOrqLb90sYTgrLehHOwNb1Gr8BunC06AZDTH/msQRAp+ILqVzPC60EZsdK
c1KGe19hd27VEP/yOx0aFy1/Hmef8jjg8jbofGyDKJkWi5ho8/nT/TtH2EDmi1SQ
5iXFDv0TzzfcUhTaTzt1y2dAZxJDpYeJ7M22p+Uyx1nZ0MOKSbWUZ8JKe33+q7R1
jECE84xpaLG8JN486hq9e5BogGjIlAwg4JzR/n1NfYg61IGC1aSZzBTcclM9wSTr
3suBbEUpM/NvnkIReL4PHZikXupW0yNOB5A9U16iRoWvVZt9QzLji4YtU8D/uP7L
0iCKMuu9Ho9JlpvMlRLlLl3zYwIDAQABo4HVMIHSMA4GA1UdDwEB/wQEAwIHgDAT
BgNVHSUEDDAKBggrBgEFBQcDCTAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBTo5D4n
+cHTOzaRhTkWd1PUt9RfijAfBgNVHSMEGDAWgBRge2YaRQ2XyolQL30EzTSo//z9
SzAPBgkrBgEFBQcwAQUEAgUAMEwGA1UdIARFMEMwQQYJKwYBBAGgMgFfMDQwMgYI
KwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkv
MA0GCSqGSIb3DQEBBQUAA4IBAQA+U6mkht7qiRVGQBUpwmZveLWGVlzshYcUhqXm
u+l4qVueh4BJJt49W5nfDnX/tTQHXG365f3oVn8Dbsqt0K3j2DNZQwjLUmwt36ER
js9h1JlAR52fmUAIoW/iG/7cy/2iQPcMfh//le05L30MaRs8/5sZwmVc1VxhrCfo
fbSp/gKyBH2N4a2KCUNuvHmrdcX0FAx4Wjm/D3iignh8aCunfUktOskMUkSlUxb8
UWwTgzJjblibRmlsc3RmEOiAD+TR7GUSVq9H6B0Kzi4cXJ7dXWhoK+XNzNZX+sfa
L+WjeDqdMkn4KpoU1NTyUz8PRHLvqUGigfTJ0z2lpy5fD7nU
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [public, no-transform, must-revalidate]
Cf-Cache-Status: [HIT]
Cf-Ray: [3354cbdb95661864-EWR]
Content-Length: [1518]
Content-Type: [application/ocsp-response]
Date: [Wed, 22 Feb 2017 19:20:36 GMT]
Etag: ["8fcc13e2f323a6ff2e67cee7c82c5f02cd48d501"]
Expires: [Sun, 26 Feb 2017 18:46:36 GMT]
Last-Modified: [Wed, 22 Feb 2017 18:46:36 GMT]
Server: [cloudflare-nginx]
Set-Cookie: [__cfduid=d12bc4a6028206d526ade0f9aa11fcc1a1487791236; expires=Thu, 22-Feb-18 19:20:36 GMT; path=/; domain=.globalsign.com; HttpOnly]
Vary: [Accept-Encoding]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)
This OCSP response was cached at
http://ocsp.globalsign.com/rootr1 (POST)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp.globalsign.com/rootr1 (POST)
Size: 1518 bytes (DER data)
Response time: 11.581011ms
Signature algorithm: SHA256WithRSA
Signature type: CA Deligated
Signed by: GlobalSign OCSP for Root R1 - Signer 1.2
Issued by: GlobalSign Root CA
Signing certificate validity: 2016-12-08 - 2017-05-15
Signing certificate algorithm: SHA1-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: cloudflare-nginx
Content Delivery Network (CDN): CloudFlare
Cache Information: HIT

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6+MgGqMQQUYHtm
GkUNl8qJUC99BM00qP/8/UsCCwQAAAAAAURO8EJH
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIF6goBAKCCBeMwggXfBgkrBgEFBQcwAQEEggXQMIIFzDCBmaIWBBTo5D4n+cHT
OzaRhTkWd1PUt9RfihgPMjAxNzAyMjIxODQ2MzZaMG4wbDBEMAkGBSsOAwIaBQAE
FLdXtbacB/gWIxOOkMkqDr4yAaoxBBRge2YaRQ2XyolQL30EzTSo//z9SwILBAAA
AAABRE7wQkeAABgPMjAxNzAyMjIxODQ2MzZaoBEYDzIwMTcwMjI2MTg0NjM2WjAN
BgkqhkiG9w0BAQsFAAOCAQEAs3LffJuzUPnMl5V2z68mBBRgW22NTkbp+QWgFKEI
XzH84VA7nCtJbS14xriW+uH2og2CNuPUivEGs6SUeZJFmCB3XDYlROwe/PEJ+2t4
JTSrNEQvX9me6V8McagfXjScgqT7RXF1KMTPGInUkucORIfiaJYu86bKIZINxfiy
K75zYWiVQAyL9IOk/OLAYJmgj206nCrP4ZsDpriYlD5vvFWjHsJxxlFFtzS6rgWj
KgHoqBvCZjFwyu0D8BLoELw6AKO03tqaCJNiML7qWoTx8cSyUt/OOAIXtRHxk6ha
LPxcsu8G6sD6fdyPLeuJuin9c3JVdaF5sECS3XJqNDJ97aCCBBgwggQUMIIEEDCC
AvigAwIBAgIOSPWzECFVLDQzsNCb15cwDQYJKoZIhvcNAQEFBQAwVzELMAkGA1UE
BhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jvb3Qg
Q0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xNjEyMDgwMDAwMDBa
Fw0xNzA1MTUwMDAwMDBaMFsxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxT
aWduIG52LXNhMTEwLwYDVQQDEyhHbG9iYWxTaWduIE9DU1AgZm9yIFJvb3QgUjEg
LSBTaWduZXIgMS4yMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4eJO
rqLb90sYTgrLehHOwNb1Gr8BunC06AZDTH/msQRAp+ILqVzPC60EZsdKc1KGe19h
d27VEP/yOx0aFy1/Hmef8jjg8jbofGyDKJkWi5ho8/nT/TtH2EDmi1SQ5iXFDv0T
zzfcUhTaTzt1y2dAZxJDpYeJ7M22p+Uyx1nZ0MOKSbWUZ8JKe33+q7R1jECE84xp
aLG8JN486hq9e5BogGjIlAwg4JzR/n1NfYg61IGC1aSZzBTcclM9wSTr3suBbEUp
M/NvnkIReL4PHZikXupW0yNOB5A9U16iRoWvVZt9QzLji4YtU8D/uP7L0iCKMuu9
Ho9JlpvMlRLlLl3zYwIDAQABo4HVMIHSMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUE
DDAKBggrBgEFBQcDCTAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBTo5D4n+cHTOzaR
hTkWd1PUt9RfijAfBgNVHSMEGDAWgBRge2YaRQ2XyolQL30EzTSo//z9SzAPBgkr
BgEFBQcwAQUEAgUAMEwGA1UdIARFMEMwQQYJKwYBBAGgMgFfMDQwMgYIKwYBBQUH
AgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMA0GCSqG
SIb3DQEBBQUAA4IBAQA+U6mkht7qiRVGQBUpwmZveLWGVlzshYcUhqXmu+l4qVue
h4BJJt49W5nfDnX/tTQHXG365f3oVn8Dbsqt0K3j2DNZQwjLUmwt36ERjs9h1JlA
R52fmUAIoW/iG/7cy/2iQPcMfh//le05L30MaRs8/5sZwmVc1VxhrCfofbSp/gKy
BH2N4a2KCUNuvHmrdcX0FAx4Wjm/D3iignh8aCunfUktOskMUkSlUxb8UWwTgzJj
blibRmlsc3RmEOiAD+TR7GUSVq9H6B0Kzi4cXJ7dXWhoK+XNzNZX+sfaL+WjeDqd
Mkn4KpoU1NTyUz8PRHLvqUGigfTJ0z2lpy5fD7nU
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIEEDCCAvigAwIBAgIOSPWzECFVLDQzsNCb15cwDQYJKoZIhvcNAQEFBQAwVzEL
MAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsT
B1Jvb3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xNjEyMDgw
MDAwMDBaFw0xNzA1MTUwMDAwMDBaMFsxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBH
bG9iYWxTaWduIG52LXNhMTEwLwYDVQQDEyhHbG9iYWxTaWduIE9DU1AgZm9yIFJv
b3QgUjEgLSBTaWduZXIgMS4yMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA4eJOrqLb90sYTgrLehHOwNb1Gr8BunC06AZDTH/msQRAp+ILqVzPC60EZsdK
c1KGe19hd27VEP/yOx0aFy1/Hmef8jjg8jbofGyDKJkWi5ho8/nT/TtH2EDmi1SQ
5iXFDv0TzzfcUhTaTzt1y2dAZxJDpYeJ7M22p+Uyx1nZ0MOKSbWUZ8JKe33+q7R1
jECE84xpaLG8JN486hq9e5BogGjIlAwg4JzR/n1NfYg61IGC1aSZzBTcclM9wSTr
3suBbEUpM/NvnkIReL4PHZikXupW0yNOB5A9U16iRoWvVZt9QzLji4YtU8D/uP7L
0iCKMuu9Ho9JlpvMlRLlLl3zYwIDAQABo4HVMIHSMA4GA1UdDwEB/wQEAwIHgDAT
BgNVHSUEDDAKBggrBgEFBQcDCTAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBTo5D4n
+cHTOzaRhTkWd1PUt9RfijAfBgNVHSMEGDAWgBRge2YaRQ2XyolQL30EzTSo//z9
SzAPBgkrBgEFBQcwAQUEAgUAMEwGA1UdIARFMEMwQQYJKwYBBAGgMgFfMDQwMgYI
KwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkv
MA0GCSqGSIb3DQEBBQUAA4IBAQA+U6mkht7qiRVGQBUpwmZveLWGVlzshYcUhqXm
u+l4qVueh4BJJt49W5nfDnX/tTQHXG365f3oVn8Dbsqt0K3j2DNZQwjLUmwt36ER
js9h1JlAR52fmUAIoW/iG/7cy/2iQPcMfh//le05L30MaRs8/5sZwmVc1VxhrCfo
fbSp/gKyBH2N4a2KCUNuvHmrdcX0FAx4Wjm/D3iignh8aCunfUktOskMUkSlUxb8
UWwTgzJjblibRmlsc3RmEOiAD+TR7GUSVq9H6B0Kzi4cXJ7dXWhoK+XNzNZX+sfa
L+WjeDqdMkn4KpoU1NTyUz8PRHLvqUGigfTJ0z2lpy5fD7nU
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [public, no-transform, must-revalidate]
Cf-Cache-Status: [HIT]
Cf-Ray: [3354cbdb978246fe-EWR]
Content-Length: [1518]
Content-Type: [application/ocsp-response]
Date: [Wed, 22 Feb 2017 19:20:36 GMT]
Etag: ["8fcc13e2f323a6ff2e67cee7c82c5f02cd48d501"]
Expires: [Sun, 26 Feb 2017 18:46:36 GMT]
Last-Modified: [Wed, 22 Feb 2017 18:46:36 GMT]
Server: [cloudflare-nginx]
Set-Cookie: [__cfduid=db6945ec046a271ec8b3925d8ad2fbeac1487791236; expires=Thu, 22-Feb-18 19:20:36 GMT; path=/; domain=.globalsign.com; HttpOnly]
Vary: [Accept-Encoding]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

GlobalSign Root CA (CA Certificate)

This certificate was cached at
Certificate details for GlobalSign Root CA (At position 2 in certificate chain)
Serial number:
hex: 40000000001154b5ac394
int: 4835703278459707669005204
Issued by: GlobalSign Root CA
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: GlobalSign nv-sa
Organization unit: Root CA
Country: BE
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

This is a self signed certificate

Check the revocation status for another website

Created by Paul van Brouwershaven
Revoked certificates can't and should not be trusted, these certificate will cause errors like "NET::ERR_CERT_REVOKED" in browsers.