CRL & OCSP report for 0-historicaltexts.jisc.ac.uk.catalogue.wellcomelibrary.org - *.catalogue.wellcomelibrary.org (The Wellcome Trust Limited)

*.catalogue.wellcomelibrary.org

Certificate details for *.catalogue.wellcomelibrary.org (At position 0 in certificate chain)
Serial number:
hex: 480138650d646501bf3fa22b
int: 22284395949565659000497742379
Issued by: GlobalSign Organization Validation CA - SHA256 - G2
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: The Wellcome Trust Limited
Organization unit: IT
State / Province: London
Locality: London
Country: GB
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

Check certificate compliance for 0-historicaltexts.jisc.ac.uk.catalogue.wellcomelibrary.org.

Certificate Revocation List (CRL)

This CRL was cached at
http://crl.globalsign.com/gs/gsorganizationvalsha2g2.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://crl.globalsign.com/gs/gsorganizationvalsha2g2.crl
Size: 130158 bytes (DER data)
Response time: 55.265627ms
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 3994

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: cloudflare-nginx
Content Delivery Network (CDN): CloudFlare, CloudFront
Cache Information: HIT, Hit from cloudfront

Raw CRL response headers

Accept-Ranges: [bytes]
Cache-Control: [public, no-transform, must-revalidate]
Cf-Cache-Status: [HIT]
Cf-Ray: [37571a2d526246ec-EWR]
Content-Length: [130158]
Content-Type: [application/pkix-crl]
Date: [Tue, 27 Jun 2017 08:40:34 GMT]
Etag: [E4BB]
Expires: [Tue, 04 Jul 2017 08:00:55 GMT]
Last-Modified: [Tue, 27 Jun 2017 08:00:55 GMT]
Server: [cloudflare-nginx]
Set-Cookie: [__cfduid=db616809aa8dfca677c9de7da2c45ee131498552834; expires=Wed, 27-Jun-18 08:40:34 GMT; path=/; domain=.globalsign.com; HttpOnly]
Vary: [Accept-Encoding]
Via: [1.1 c7db0c4b178dd73a64add79be10805c2.cloudfront.net (CloudFront)]
X-Amz-Cf-Id: [k3MfvUgLgDSrVSUV3nSSACmqQZpa6LCOGS47OLpa8LkxDR-nw9vMeg==]
X-Cache: [Hit from cloudfront]
  • Content-Type in response is set to 'application/pkix-crl (RFC 5280, section 4.2.1.13)'
  • This CRL file is DER encoded
  • Issuer field is byte-for-byte equivalent with issuers subject
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than seven days old, CRLs must be updated and reissued at least every seven days (Mozilla Maintenance Policy section 3)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://ocsp2.globalsign.com/gsorganizationvalsha2g2 (POST)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp2.globalsign.com/gsorganizationvalsha2g2 (POST)
Size: 1570 bytes (DER data)
Response time: 1.490698428s
Signature algorithm: SHA256WithRSA
Signature type: CA Delegated
Signed by: GlobalSign Organization Validation CA - SHA256 - G2 - OCSP Responder
Issued by: GlobalSign Organization Validation CA - SHA256 - G2
Signing certificate validity: 2017-05-04 - 2017-08-04
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: cloudflare-nginx
Content Delivery Network (CDN): CloudFlare
Cache Information: REVALIDATED

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h
8b0cFilTHMDMfTuDAEDmGnwCDEgBOGUNZGUBvz+iKw==
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIGHgoBAKCCBhcwggYTBgkrBgEFBQcwAQEEggYEMIIGADCBmqIWBBScTQCZAA6L
sAGBdaG68NAl16AcRxgPMjAxNzA2MjUxNzMxMDRaMG8wbTBFMAkGBSsOAwIaBQAE
FAyeTZw97e+E2JHpcsfPhAa8GXsHBBSW3mHxvRwWKVMcwMx9O4MAQOYafAIMSAE4
ZQ1kZQG/P6IrgAAYDzIwMTcwNjI1MTczMTA0WqARGA8yMDE3MDYyOTE3MzEwNFow
DQYJKoZIhvcNAQELBQADggEBAMms1DhiI2ui44nbbWIobPV/LednwY5ihb4vHBV2
UBmVHw5KjfQrwo4yMNdf0V5F+tf0bZis4dhqATuQtEHRlDp7e6f+g/xT63AiW7tB
3zIrgJb+4dnsjg94VFC95kpKYeUZf1qxyF9HavoQ7aoHr6S9P9RkIdwF/rntZ4lw
D9X2+MeipWvMRmpXU8OtREnCX78KIG8eZcUjqRvVeKRjnmKGt1HXXd9bm7Oi8FQo
FgyNhctrP8aSaa8We7K+X1IgCYTOwR+kw7c3wSBJv9wwNmiKmzyd9kDTjasdVdfj
RpQZSs862iQpkAhqxf8L1B0lOJFom/FRNV7GX9CTPe5Od2WgggRLMIIERzCCBEMw
ggMroAMCAQICDE+T8XJBG83HrweX6TANBgkqhkiG9w0BAQsFADBmMQswCQYDVQQG
EwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTE8MDoGA1UEAxMzR2xvYmFs
U2lnbiBPcmdhbml6YXRpb24gVmFsaWRhdGlvbiBDQSAtIFNIQTI1NiAtIEcyMB4X
DTE3MDUwNDA4MTAyOVoXDTE3MDgwNDA4MTAyOVowgY4xCzAJBgNVBAYTAkJFMRkw
FwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRUwEwYDVQQFEwwyMDE3MDUwNDAwMTgx
TTBLBgNVBAMTREdsb2JhbFNpZ24gT3JnYW5pemF0aW9uIFZhbGlkYXRpb24gQ0Eg
LSBTSEEyNTYgLSBHMiAtIE9DU1AgUmVzcG9uZGVyMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEA0kOXzzBq49lSztun694Fi9cwEyLIZagm3jYnimSW+vpf
qQoFF/U48JGqWfXOt8Evncl6f6MtaGmvaxjguf2aru1EtxS5pdX8/4PtdRcGPmgb
wbn8VDIukn4P8So7v9afdh1eoiFk7Kjq9wzK+jiDcNplpqJtZdUVlD6s7laW4aVs
Ewe7UBk2hlaBxUfl0ztYmwd/3Ln+BjEyVRYpRNFFKGxkUeoNhzY3zRBAqp0dHP3H
bPCUGUGePmzp87283fRtBdRlO9ixk4C3bvZ+kJBXYoE/ootnRdWMuJCYubNh4EtN
+UbOE4J9gXFvO1PlBBxgL9YSc5KY65Y2HPeNoUfrYQIDAQABo4HHMIHEMB0GA1Ud
DgQWBBScTQCZAA6LsAGBdaG68NAl16AcRzAfBgNVHSMEGDAWgBSW3mHxvRwWKVMc
wMx9O4MAQOYafDAPBgkrBgEFBQcwAQUEAgUAMEwGA1UdIARFMEMwQQYJKwYBBAGg
MgFfMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3Jl
cG9zaXRvcnkvMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDCTAN
BgkqhkiG9w0BAQsFAAOCAQEAFlraQZUYBV6ShsMCOEoMl27bpDYNYIVd+qyObwRN
escIE845pmqEX+T5ryl5mG17GcprEakD/wmwyXYXfJ5O8CvIxRTJf67oBPOGKcW3
xcj7liYw6IQZ60xakcPbxUs2kyvoTzZ9u1xSgkDxYWzIgAXs+y8jwZvn3vf7ObBg
8RcXyf6R+TfmjY9QXEndjKBwpiTV69ej4lzMeMgIkxM5V2AeCMa/txM5hcwWw1xq
EhaAcAwHSESB/mMnHdtkJ1bauOqns+1Fl8iiSlhNzL7n8KfbCrv3t/1KW4dwzLue
yX5sj3e+cGEOSxg4aBEcZO6tzLNQnD+kRvPENz+/wPpPPw==
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIEQzCCAyugAwIBAgIMT5PxckEbzcevB5fpMA0GCSqGSIb3DQEBCwUAMGYxCzAJ
BgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTwwOgYDVQQDEzNH
bG9iYWxTaWduIE9yZ2FuaXphdGlvbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0g
RzIwHhcNMTcwNTA0MDgxMDI5WhcNMTcwODA0MDgxMDI5WjCBjjELMAkGA1UEBhMC
QkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExFTATBgNVBAUTDDIwMTcwNTA0
MDAxODFNMEsGA1UEAxNER2xvYmFsU2lnbiBPcmdhbml6YXRpb24gVmFsaWRhdGlv
biBDQSAtIFNIQTI1NiAtIEcyIC0gT0NTUCBSZXNwb25kZXIwggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQDSQ5fPMGrj2VLO26fr3gWL1zATIshlqCbeNieK
ZJb6+l+pCgUX9TjwkapZ9c63wS+dyXp/oy1oaa9rGOC5/Zqu7US3FLml1fz/g+11
FwY+aBvBufxUMi6Sfg/xKju/1p92HV6iIWTsqOr3DMr6OINw2mWmom1l1RWUPqzu
VpbhpWwTB7tQGTaGVoHFR+XTO1ibB3/cuf4GMTJVFilE0UUobGRR6g2HNjfNEECq
nR0c/cds8JQZQZ4+bOnzvbzd9G0F1GU72LGTgLdu9n6QkFdigT+ii2dF1Yy4kJi5
s2HgS035Rs4Tgn2BcW87U+UEHGAv1hJzkpjrljYc942hR+thAgMBAAGjgccwgcQw
HQYDVR0OBBYEFJxNAJkADouwAYF1obrw0CXXoBxHMB8GA1UdIwQYMBaAFJbeYfG9
HBYpUxzAzH07gwBA5hp8MA8GCSsGAQUFBzABBQQCBQAwTAYDVR0gBEUwQzBBBgkr
BgEEAaAyAV8wNDAyBggrBgEFBQcCARYmaHR0cHM6Ly93d3cuZ2xvYmFsc2lnbi5j
b20vcmVwb3NpdG9yeS8wDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUF
BwMJMA0GCSqGSIb3DQEBCwUAA4IBAQAWWtpBlRgFXpKGwwI4SgyXbtukNg1ghV36
rI5vBE16xwgTzjmmaoRf5PmvKXmYbXsZymsRqQP/CbDJdhd8nk7wK8jFFMl/rugE
84YpxbfFyPuWJjDohBnrTFqRw9vFSzaTK+hPNn27XFKCQPFhbMiABez7LyPBm+fe
9/s5sGDxFxfJ/pH5N+aNj1BcSd2MoHCmJNXr16PiXMx4yAiTEzlXYB4Ixr+3EzmF
zBbDXGoSFoBwDAdIRIH+Yycd22QnVtq46qez7UWXyKJKWE3Mvufwp9sKu/e3/Upb
h3DMu57JfmyPd75wYQ5LGDhoERxk7q3Ms1CcP6RG88Q3P7/A+k8/
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [public, no-transform, must-revalidate]
Cf-Cache-Status: [REVALIDATED]
Cf-Ray: [374a452276b506a9-EWR]
Content-Length: [1570]
Content-Type: [application/ocsp-response]
Date: [Sun, 25 Jun 2017 19:17:59 GMT]
Etag: ["7a91a3fb26cf8487c7c69b0294d08a31d27f237c"]
Expires: [Thu, 29 Jun 2017 17:31:04 GMT]
Last-Modified: [Sun, 25 Jun 2017 17:31:04 GMT]
Server: [cloudflare-nginx]
Set-Cookie: [__cfduid=d507e7801f22f13044e8544cbd077593e1498418278; expires=Mon, 25-Jun-18 19:17:58 GMT; path=/; domain=.globalsign.com; HttpOnly]
Vary: [Accept-Encoding]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • OCSP response is valid for at least 8 hours (Microsoft)
  • OCSP response is available at least 8 hours before the current period expires or at ½ the validity if valid for more than 16 hours (Microsoft)
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)
This OCSP response was cached at
http://ocsp2.globalsign.com/gsorganizationvalsha2g2 (GET)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp2.globalsign.com/gsorganizationvalsha2g2 (GET)
Size: 1570 bytes (DER data)
Response time: 1.007779052s
Signature algorithm: SHA256WithRSA
Signature type: CA Delegated
Signed by: GlobalSign Organization Validation CA - SHA256 - G2 - OCSP Responder
Issued by: GlobalSign Organization Validation CA - SHA256 - G2
Signing certificate validity: 2017-05-04 - 2017-08-04
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: cloudflare-nginx
Content Delivery Network (CDN): CloudFlare
Cache Information: UPDATING

URL used for GET request

http://ocsp2.globalsign.com/gsorganizationvalsha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCDEgBOGUNZGUBvz%2BiKw%3D%3D

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h
8b0cFilTHMDMfTuDAEDmGnwCDEgBOGUNZGUBvz+iKw==
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIGHgoBAKCCBhcwggYTBgkrBgEFBQcwAQEEggYEMIIGADCBmqIWBBScTQCZAA6L
sAGBdaG68NAl16AcRxgPMjAxNzA2MjUxNzMxMDRaMG8wbTBFMAkGBSsOAwIaBQAE
FAyeTZw97e+E2JHpcsfPhAa8GXsHBBSW3mHxvRwWKVMcwMx9O4MAQOYafAIMSAE4
ZQ1kZQG/P6IrgAAYDzIwMTcwNjI1MTczMTA0WqARGA8yMDE3MDYyOTE3MzEwNFow
DQYJKoZIhvcNAQELBQADggEBAMms1DhiI2ui44nbbWIobPV/LednwY5ihb4vHBV2
UBmVHw5KjfQrwo4yMNdf0V5F+tf0bZis4dhqATuQtEHRlDp7e6f+g/xT63AiW7tB
3zIrgJb+4dnsjg94VFC95kpKYeUZf1qxyF9HavoQ7aoHr6S9P9RkIdwF/rntZ4lw
D9X2+MeipWvMRmpXU8OtREnCX78KIG8eZcUjqRvVeKRjnmKGt1HXXd9bm7Oi8FQo
FgyNhctrP8aSaa8We7K+X1IgCYTOwR+kw7c3wSBJv9wwNmiKmzyd9kDTjasdVdfj
RpQZSs862iQpkAhqxf8L1B0lOJFom/FRNV7GX9CTPe5Od2WgggRLMIIERzCCBEMw
ggMroAMCAQICDE+T8XJBG83HrweX6TANBgkqhkiG9w0BAQsFADBmMQswCQYDVQQG
EwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTE8MDoGA1UEAxMzR2xvYmFs
U2lnbiBPcmdhbml6YXRpb24gVmFsaWRhdGlvbiBDQSAtIFNIQTI1NiAtIEcyMB4X
DTE3MDUwNDA4MTAyOVoXDTE3MDgwNDA4MTAyOVowgY4xCzAJBgNVBAYTAkJFMRkw
FwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRUwEwYDVQQFEwwyMDE3MDUwNDAwMTgx
TTBLBgNVBAMTREdsb2JhbFNpZ24gT3JnYW5pemF0aW9uIFZhbGlkYXRpb24gQ0Eg
LSBTSEEyNTYgLSBHMiAtIE9DU1AgUmVzcG9uZGVyMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEA0kOXzzBq49lSztun694Fi9cwEyLIZagm3jYnimSW+vpf
qQoFF/U48JGqWfXOt8Evncl6f6MtaGmvaxjguf2aru1EtxS5pdX8/4PtdRcGPmgb
wbn8VDIukn4P8So7v9afdh1eoiFk7Kjq9wzK+jiDcNplpqJtZdUVlD6s7laW4aVs
Ewe7UBk2hlaBxUfl0ztYmwd/3Ln+BjEyVRYpRNFFKGxkUeoNhzY3zRBAqp0dHP3H
bPCUGUGePmzp87283fRtBdRlO9ixk4C3bvZ+kJBXYoE/ootnRdWMuJCYubNh4EtN
+UbOE4J9gXFvO1PlBBxgL9YSc5KY65Y2HPeNoUfrYQIDAQABo4HHMIHEMB0GA1Ud
DgQWBBScTQCZAA6LsAGBdaG68NAl16AcRzAfBgNVHSMEGDAWgBSW3mHxvRwWKVMc
wMx9O4MAQOYafDAPBgkrBgEFBQcwAQUEAgUAMEwGA1UdIARFMEMwQQYJKwYBBAGg
MgFfMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3Jl
cG9zaXRvcnkvMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDCTAN
BgkqhkiG9w0BAQsFAAOCAQEAFlraQZUYBV6ShsMCOEoMl27bpDYNYIVd+qyObwRN
escIE845pmqEX+T5ryl5mG17GcprEakD/wmwyXYXfJ5O8CvIxRTJf67oBPOGKcW3
xcj7liYw6IQZ60xakcPbxUs2kyvoTzZ9u1xSgkDxYWzIgAXs+y8jwZvn3vf7ObBg
8RcXyf6R+TfmjY9QXEndjKBwpiTV69ej4lzMeMgIkxM5V2AeCMa/txM5hcwWw1xq
EhaAcAwHSESB/mMnHdtkJ1bauOqns+1Fl8iiSlhNzL7n8KfbCrv3t/1KW4dwzLue
yX5sj3e+cGEOSxg4aBEcZO6tzLNQnD+kRvPENz+/wPpPPw==
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIEQzCCAyugAwIBAgIMT5PxckEbzcevB5fpMA0GCSqGSIb3DQEBCwUAMGYxCzAJ
BgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTwwOgYDVQQDEzNH
bG9iYWxTaWduIE9yZ2FuaXphdGlvbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0g
RzIwHhcNMTcwNTA0MDgxMDI5WhcNMTcwODA0MDgxMDI5WjCBjjELMAkGA1UEBhMC
QkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExFTATBgNVBAUTDDIwMTcwNTA0
MDAxODFNMEsGA1UEAxNER2xvYmFsU2lnbiBPcmdhbml6YXRpb24gVmFsaWRhdGlv
biBDQSAtIFNIQTI1NiAtIEcyIC0gT0NTUCBSZXNwb25kZXIwggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQDSQ5fPMGrj2VLO26fr3gWL1zATIshlqCbeNieK
ZJb6+l+pCgUX9TjwkapZ9c63wS+dyXp/oy1oaa9rGOC5/Zqu7US3FLml1fz/g+11
FwY+aBvBufxUMi6Sfg/xKju/1p92HV6iIWTsqOr3DMr6OINw2mWmom1l1RWUPqzu
VpbhpWwTB7tQGTaGVoHFR+XTO1ibB3/cuf4GMTJVFilE0UUobGRR6g2HNjfNEECq
nR0c/cds8JQZQZ4+bOnzvbzd9G0F1GU72LGTgLdu9n6QkFdigT+ii2dF1Yy4kJi5
s2HgS035Rs4Tgn2BcW87U+UEHGAv1hJzkpjrljYc942hR+thAgMBAAGjgccwgcQw
HQYDVR0OBBYEFJxNAJkADouwAYF1obrw0CXXoBxHMB8GA1UdIwQYMBaAFJbeYfG9
HBYpUxzAzH07gwBA5hp8MA8GCSsGAQUFBzABBQQCBQAwTAYDVR0gBEUwQzBBBgkr
BgEEAaAyAV8wNDAyBggrBgEFBQcCARYmaHR0cHM6Ly93d3cuZ2xvYmFsc2lnbi5j
b20vcmVwb3NpdG9yeS8wDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUF
BwMJMA0GCSqGSIb3DQEBCwUAA4IBAQAWWtpBlRgFXpKGwwI4SgyXbtukNg1ghV36
rI5vBE16xwgTzjmmaoRf5PmvKXmYbXsZymsRqQP/CbDJdhd8nk7wK8jFFMl/rugE
84YpxbfFyPuWJjDohBnrTFqRw9vFSzaTK+hPNn27XFKCQPFhbMiABez7LyPBm+fe
9/s5sGDxFxfJ/pH5N+aNj1BcSd2MoHCmJNXr16PiXMx4yAiTEzlXYB4Ixr+3EzmF
zBbDXGoSFoBwDAdIRIH+Yycd22QnVtq46qez7UWXyKJKWE3Mvufwp9sKu/e3/Upb
h3DMu57JfmyPd75wYQ5LGDhoERxk7q3Ms1CcP6RG88Q3P7/A+k8/
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [public, no-transform, must-revalidate]
Cf-Cache-Status: [UPDATING]
Cf-Ray: [374a4522c1c21852-EWR]
Content-Length: [1570]
Content-Type: [application/ocsp-response]
Date: [Sun, 25 Jun 2017 19:17:58 GMT]
Etag: ["7a91a3fb26cf8487c7c69b0294d08a31d27f237c"]
Expires: [Thu, 29 Jun 2017 17:31:04 GMT]
Last-Modified: [Sun, 25 Jun 2017 17:31:04 GMT]
Server: [cloudflare-nginx]
Set-Cookie: [__cfduid=de398f47065be74beb387e1472605471c1498418278; expires=Mon, 25-Jun-18 19:17:58 GMT; path=/; domain=.globalsign.com; HttpOnly]
Vary: [Accept-Encoding]
  • OCSP requests is smaller than 255 bytes
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • OCSP response is valid for at least 8 hours (Microsoft)
  • OCSP response is available at least 8 hours before the current period expires or at ½ the validity if valid for more than 16 hours (Microsoft)
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

GlobalSign Organization Validation CA - SHA256 - G2 (CA Certificate)

Certificate details for GlobalSign Organization Validation CA - SHA256 - G2 (At position 1 in certificate chain)
Serial number:
hex: 40000000001444ef04247
int: 4835703278459909592597063
Issued by: GlobalSign Root CA
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: GlobalSign nv-sa
Country: BE
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

Certificate Revocation List (CRL)

This CRL was cached at
http://crl.globalsign.net/root.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://crl.globalsign.net/root.crl
Size: 782 bytes (DER data)
Response time: 140.493168ms
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 7

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: cloudflare-nginx
Content Delivery Network (CDN): CloudFlare
Cache Information: HIT

Raw CRL response headers

Accept-Ranges: [bytes]
Cache-Control: [public, max-age=1523896]
Cf-Cache-Status: [HIT]
Cf-Ray: [37571be6209506a9-EWR]
Content-Length: [782]
Content-Type: [application/pkix-crl]
Date: [Tue, 27 Jun 2017 08:41:44 GMT]
Etag: [39]
Expires: [Sat, 15 Jul 2017 00:00:00 GMT]
Last-Modified: [Wed, 19 Apr 2017 00:00:00 GMT]
Server: [cloudflare-nginx]
Set-Cookie: [__cfduid=ddb9fb6609927e8183f1cc3adfe8dca1a1498552904; expires=Wed, 27-Jun-18 08:41:44 GMT; path=/; domain=.globalsign.net; HttpOnly]
Vary: [Accept-Encoding]
  • Content-Type in response is set to 'application/pkix-crl (RFC 5280, section 4.2.1.13)'
  • This CRL file is DER encoded
  • Issuer field is byte-for-byte equivalent with issuers subject
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://ocsp.globalsign.com/rootr1 (GET)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp.globalsign.com/rootr1 (GET)
Size: 1518 bytes (DER data)
Response time: 44.155831ms
Signature algorithm: SHA256WithRSA
Signature type: CA Delegated
Signed by: GlobalSign OCSP for Root R1 - Signer 1.2
Issued by: GlobalSign Root CA
Signing certificate validity: 2017-05-07 - 2017-08-15
Signing certificate algorithm: SHA1-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: cloudflare-nginx
Content Delivery Network (CDN): CloudFlare
Cache Information: HIT

URL used for GET request

http://ocsp.globalsign.com/rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCCwQAAAAAAURO8EJH

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6+MgGqMQQUYHtm
GkUNl8qJUC99BM00qP/8/UsCCwQAAAAAAURO8EJH
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIF6goBAKCCBeMwggXfBgkrBgEFBQcwAQEEggXQMIIFzDCBmaIWBBSvbfAxCEv8
w30kGCve74S5P2+ighgPMjAxNzA2MjcwNjI3MzdaMG4wbDBEMAkGBSsOAwIaBQAE
FLdXtbacB/gWIxOOkMkqDr4yAaoxBBRge2YaRQ2XyolQL30EzTSo//z9SwILBAAA
AAABRE7wQkeAABgPMjAxNzA2MjcwNjI3MzdaoBEYDzIwMTcwNzAxMDYyNzM3WjAN
BgkqhkiG9w0BAQsFAAOCAQEAx0+uQcmp1YfLG+yOUVV3SLFsbDf3lrZWkEUlv4RL
c5VcE9ulcBjkE0Dr8mPcOg4aEMtUtSomim91hIJDXGBGm9A8gXhr9uHsVn77N6F5
YR3K2q8gfpuxNSncuWTefoCB0RPBwynet/txrqbd6xA9UAVyGD1F8c8s+03K6P1+
4errTzJvkL5orbIy410JigyaG2kfg3PcquZt7xN5wh7eFpNwXbFyzMQj1Z76MUyt
h29vR9iBbGsl5lMry0cciHk8Z1lsUgeRQWn/ixvj5vyRkeSiyDlGG/e6JAa23dr8
38MaLSWaYbGESkwidQah4MT65P7lxudwgOxShG0LiQNoQ6CCBBgwggQUMIIEEDCC
AvigAwIBAgIOSPWzFgaTeJq7B6uGVtEwDQYJKoZIhvcNAQEFBQAwVzELMAkGA1UE
BhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jvb3Qg
Q0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xNzA1MDcwMDAwMDBa
Fw0xNzA4MTUwMDAwMDBaMFsxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxT
aWduIG52LXNhMTEwLwYDVQQDEyhHbG9iYWxTaWduIE9DU1AgZm9yIFJvb3QgUjEg
LSBTaWduZXIgMS4yMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1F7u
rTk5j7FgaI3ddIftk/QXhnH8pQzcsq8wk+wJKGeocjWxDmQAKedLAkDUXOMun0QA
lHi1mu2WdI18ZyZ7eAJGwa1R7iiy9Txfz88htJr5x6ArxpbsRbeXHsw/TCWMf+d3
RP9vfXFIe0Li1wYxoD9pcwi0M9O7KrDihY9zVplEtPgb3ic1AGUQFjmE4pNvBJpp
Eg95H2hWHjaQI5pjhXF8HTDejho6dJsKJ4fe7CZC4JlCYCCYgUQxczvoxyGmDVDt
euP8fMVmnSoEzq9qA8kPJql2d8iho4mhREqTj8MYYyU9Kl4Nuz+3KQ9t97AwUys2
pt3qELes6+MK9POWFwIDAQABo4HVMIHSMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUE
DDAKBggrBgEFBQcDCTAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSvbfAxCEv8w30k
GCve74S5P2+igjAfBgNVHSMEGDAWgBRge2YaRQ2XyolQL30EzTSo//z9SzAPBgkr
BgEFBQcwAQUEAgUAMEwGA1UdIARFMEMwQQYJKwYBBAGgMgFfMDQwMgYIKwYBBQUH
AgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMA0GCSqG
SIb3DQEBBQUAA4IBAQASHek+/Wbc9Xd0BWIaSS82VRB37lM6T+ZOz/522ZqHLXcR
jBwesOKcmeVyDNiHUqj9C3+cnwKNourW1R9h4FrW+wD5eDkJ3j3nO+kiczxCe7FV
KCWeTcPySiFPKoIH0fOpx2MdMc7XGRRHSP9cW2Rwo5yeglK5n7Ps4QGaKAuSiKNv
VNBW50fkwXNsOOBG+BbEOYcuNrnHSdGBbzlNvDo7FA9gpIaDKj0pLOALqchqZBrO
3HG1Z7c5n63+ef0dxBCbZ5yGLvNCzIv68hKcVibxYheGa/io1k8yrr8dDT2I7i3+
qiHCfDB4pKcihxppwAn/mJXwLE7BKS+FkpjswPEb
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIEEDCCAvigAwIBAgIOSPWzFgaTeJq7B6uGVtEwDQYJKoZIhvcNAQEFBQAwVzEL
MAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsT
B1Jvb3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xNzA1MDcw
MDAwMDBaFw0xNzA4MTUwMDAwMDBaMFsxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBH
bG9iYWxTaWduIG52LXNhMTEwLwYDVQQDEyhHbG9iYWxTaWduIE9DU1AgZm9yIFJv
b3QgUjEgLSBTaWduZXIgMS4yMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA1F7urTk5j7FgaI3ddIftk/QXhnH8pQzcsq8wk+wJKGeocjWxDmQAKedLAkDU
XOMun0QAlHi1mu2WdI18ZyZ7eAJGwa1R7iiy9Txfz88htJr5x6ArxpbsRbeXHsw/
TCWMf+d3RP9vfXFIe0Li1wYxoD9pcwi0M9O7KrDihY9zVplEtPgb3ic1AGUQFjmE
4pNvBJppEg95H2hWHjaQI5pjhXF8HTDejho6dJsKJ4fe7CZC4JlCYCCYgUQxczvo
xyGmDVDteuP8fMVmnSoEzq9qA8kPJql2d8iho4mhREqTj8MYYyU9Kl4Nuz+3KQ9t
97AwUys2pt3qELes6+MK9POWFwIDAQABo4HVMIHSMA4GA1UdDwEB/wQEAwIHgDAT
BgNVHSUEDDAKBggrBgEFBQcDCTAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSvbfAx
CEv8w30kGCve74S5P2+igjAfBgNVHSMEGDAWgBRge2YaRQ2XyolQL30EzTSo//z9
SzAPBgkrBgEFBQcwAQUEAgUAMEwGA1UdIARFMEMwQQYJKwYBBAGgMgFfMDQwMgYI
KwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkv
MA0GCSqGSIb3DQEBBQUAA4IBAQASHek+/Wbc9Xd0BWIaSS82VRB37lM6T+ZOz/52
2ZqHLXcRjBwesOKcmeVyDNiHUqj9C3+cnwKNourW1R9h4FrW+wD5eDkJ3j3nO+ki
czxCe7FVKCWeTcPySiFPKoIH0fOpx2MdMc7XGRRHSP9cW2Rwo5yeglK5n7Ps4QGa
KAuSiKNvVNBW50fkwXNsOOBG+BbEOYcuNrnHSdGBbzlNvDo7FA9gpIaDKj0pLOAL
qchqZBrO3HG1Z7c5n63+ef0dxBCbZ5yGLvNCzIv68hKcVibxYheGa/io1k8yrr8d
DT2I7i3+qiHCfDB4pKcihxppwAn/mJXwLE7BKS+FkpjswPEb
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [public, no-transform, must-revalidate]
Cf-Cache-Status: [HIT]
Cf-Ray: [37571a2d51d71864-EWR]
Content-Length: [1518]
Content-Type: [application/ocsp-response]
Date: [Tue, 27 Jun 2017 08:40:34 GMT]
Etag: ["496272e2d1e3e72c3bbbd363e444615d45ad5b0c"]
Expires: [Sat, 01 Jul 2017 06:27:37 GMT]
Last-Modified: [Tue, 27 Jun 2017 06:27:37 GMT]
Server: [cloudflare-nginx]
Set-Cookie: [__cfduid=de079d1a409abb4683534b4074fac5d8b1498552834; expires=Wed, 27-Jun-18 08:40:34 GMT; path=/; domain=.globalsign.com; HttpOnly]
Vary: [Accept-Encoding]
  • OCSP requests is smaller than 255 bytes
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)
This OCSP response was cached at
http://ocsp.globalsign.com/rootr1 (POST)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp.globalsign.com/rootr1 (POST)
Size: 1518 bytes (DER data)
Response time: 40.946346ms
Signature algorithm: SHA256WithRSA
Signature type: CA Delegated
Signed by: GlobalSign OCSP for Root R1 - Signer 1.2
Issued by: GlobalSign Root CA
Signing certificate validity: 2017-05-07 - 2017-08-15
Signing certificate algorithm: SHA1-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: cloudflare-nginx
Content Delivery Network (CDN): CloudFlare
Cache Information: HIT

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6+MgGqMQQUYHtm
GkUNl8qJUC99BM00qP/8/UsCCwQAAAAAAURO8EJH
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIF6goBAKCCBeMwggXfBgkrBgEFBQcwAQEEggXQMIIFzDCBmaIWBBSvbfAxCEv8
w30kGCve74S5P2+ighgPMjAxNzA2MjcwNjI3MzdaMG4wbDBEMAkGBSsOAwIaBQAE
FLdXtbacB/gWIxOOkMkqDr4yAaoxBBRge2YaRQ2XyolQL30EzTSo//z9SwILBAAA
AAABRE7wQkeAABgPMjAxNzA2MjcwNjI3MzdaoBEYDzIwMTcwNzAxMDYyNzM3WjAN
BgkqhkiG9w0BAQsFAAOCAQEAx0+uQcmp1YfLG+yOUVV3SLFsbDf3lrZWkEUlv4RL
c5VcE9ulcBjkE0Dr8mPcOg4aEMtUtSomim91hIJDXGBGm9A8gXhr9uHsVn77N6F5
YR3K2q8gfpuxNSncuWTefoCB0RPBwynet/txrqbd6xA9UAVyGD1F8c8s+03K6P1+
4errTzJvkL5orbIy410JigyaG2kfg3PcquZt7xN5wh7eFpNwXbFyzMQj1Z76MUyt
h29vR9iBbGsl5lMry0cciHk8Z1lsUgeRQWn/ixvj5vyRkeSiyDlGG/e6JAa23dr8
38MaLSWaYbGESkwidQah4MT65P7lxudwgOxShG0LiQNoQ6CCBBgwggQUMIIEEDCC
AvigAwIBAgIOSPWzFgaTeJq7B6uGVtEwDQYJKoZIhvcNAQEFBQAwVzELMAkGA1UE
BhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jvb3Qg
Q0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xNzA1MDcwMDAwMDBa
Fw0xNzA4MTUwMDAwMDBaMFsxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxT
aWduIG52LXNhMTEwLwYDVQQDEyhHbG9iYWxTaWduIE9DU1AgZm9yIFJvb3QgUjEg
LSBTaWduZXIgMS4yMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1F7u
rTk5j7FgaI3ddIftk/QXhnH8pQzcsq8wk+wJKGeocjWxDmQAKedLAkDUXOMun0QA
lHi1mu2WdI18ZyZ7eAJGwa1R7iiy9Txfz88htJr5x6ArxpbsRbeXHsw/TCWMf+d3
RP9vfXFIe0Li1wYxoD9pcwi0M9O7KrDihY9zVplEtPgb3ic1AGUQFjmE4pNvBJpp
Eg95H2hWHjaQI5pjhXF8HTDejho6dJsKJ4fe7CZC4JlCYCCYgUQxczvoxyGmDVDt
euP8fMVmnSoEzq9qA8kPJql2d8iho4mhREqTj8MYYyU9Kl4Nuz+3KQ9t97AwUys2
pt3qELes6+MK9POWFwIDAQABo4HVMIHSMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUE
DDAKBggrBgEFBQcDCTAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSvbfAxCEv8w30k
GCve74S5P2+igjAfBgNVHSMEGDAWgBRge2YaRQ2XyolQL30EzTSo//z9SzAPBgkr
BgEFBQcwAQUEAgUAMEwGA1UdIARFMEMwQQYJKwYBBAGgMgFfMDQwMgYIKwYBBQUH
AgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMA0GCSqG
SIb3DQEBBQUAA4IBAQASHek+/Wbc9Xd0BWIaSS82VRB37lM6T+ZOz/522ZqHLXcR
jBwesOKcmeVyDNiHUqj9C3+cnwKNourW1R9h4FrW+wD5eDkJ3j3nO+kiczxCe7FV
KCWeTcPySiFPKoIH0fOpx2MdMc7XGRRHSP9cW2Rwo5yeglK5n7Ps4QGaKAuSiKNv
VNBW50fkwXNsOOBG+BbEOYcuNrnHSdGBbzlNvDo7FA9gpIaDKj0pLOALqchqZBrO
3HG1Z7c5n63+ef0dxBCbZ5yGLvNCzIv68hKcVibxYheGa/io1k8yrr8dDT2I7i3+
qiHCfDB4pKcihxppwAn/mJXwLE7BKS+FkpjswPEb
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIEEDCCAvigAwIBAgIOSPWzFgaTeJq7B6uGVtEwDQYJKoZIhvcNAQEFBQAwVzEL
MAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsT
B1Jvb3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xNzA1MDcw
MDAwMDBaFw0xNzA4MTUwMDAwMDBaMFsxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBH
bG9iYWxTaWduIG52LXNhMTEwLwYDVQQDEyhHbG9iYWxTaWduIE9DU1AgZm9yIFJv
b3QgUjEgLSBTaWduZXIgMS4yMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA1F7urTk5j7FgaI3ddIftk/QXhnH8pQzcsq8wk+wJKGeocjWxDmQAKedLAkDU
XOMun0QAlHi1mu2WdI18ZyZ7eAJGwa1R7iiy9Txfz88htJr5x6ArxpbsRbeXHsw/
TCWMf+d3RP9vfXFIe0Li1wYxoD9pcwi0M9O7KrDihY9zVplEtPgb3ic1AGUQFjmE
4pNvBJppEg95H2hWHjaQI5pjhXF8HTDejho6dJsKJ4fe7CZC4JlCYCCYgUQxczvo
xyGmDVDteuP8fMVmnSoEzq9qA8kPJql2d8iho4mhREqTj8MYYyU9Kl4Nuz+3KQ9t
97AwUys2pt3qELes6+MK9POWFwIDAQABo4HVMIHSMA4GA1UdDwEB/wQEAwIHgDAT
BgNVHSUEDDAKBggrBgEFBQcDCTAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSvbfAx
CEv8w30kGCve74S5P2+igjAfBgNVHSMEGDAWgBRge2YaRQ2XyolQL30EzTSo//z9
SzAPBgkrBgEFBQcwAQUEAgUAMEwGA1UdIARFMEMwQQYJKwYBBAGgMgFfMDQwMgYI
KwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkv
MA0GCSqGSIb3DQEBBQUAA4IBAQASHek+/Wbc9Xd0BWIaSS82VRB37lM6T+ZOz/52
2ZqHLXcRjBwesOKcmeVyDNiHUqj9C3+cnwKNourW1R9h4FrW+wD5eDkJ3j3nO+ki
czxCe7FVKCWeTcPySiFPKoIH0fOpx2MdMc7XGRRHSP9cW2Rwo5yeglK5n7Ps4QGa
KAuSiKNvVNBW50fkwXNsOOBG+BbEOYcuNrnHSdGBbzlNvDo7FA9gpIaDKj0pLOAL
qchqZBrO3HG1Z7c5n63+ef0dxBCbZ5yGLvNCzIv68hKcVibxYheGa/io1k8yrr8d
DT2I7i3+qiHCfDB4pKcihxppwAn/mJXwLE7BKS+FkpjswPEb
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [public, no-transform, must-revalidate]
Cf-Cache-Status: [HIT]
Cf-Ray: [37571a2d5343219e-EWR]
Content-Length: [1518]
Content-Type: [application/ocsp-response]
Date: [Tue, 27 Jun 2017 08:40:34 GMT]
Etag: ["496272e2d1e3e72c3bbbd363e444615d45ad5b0c"]
Expires: [Sat, 01 Jul 2017 06:27:37 GMT]
Last-Modified: [Tue, 27 Jun 2017 06:27:37 GMT]
Server: [cloudflare-nginx]
Set-Cookie: [__cfduid=dfb72f79dc45c7cd9b715abf8570eb7c71498552834; expires=Wed, 27-Jun-18 08:40:34 GMT; path=/; domain=.globalsign.com; HttpOnly]
Vary: [Accept-Encoding]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

GlobalSign Root CA (CA Certificate)

Certificate details for GlobalSign Root CA (At position 2 in certificate chain)
Serial number:
hex: 40000000001154b5ac394
int: 4835703278459707669005204
Issued by: GlobalSign Root CA
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: GlobalSign nv-sa
Organization unit: Root CA
Country: BE
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

This is a self signed certificate

Check the revocation status for another website

Created by Paul van Brouwershaven
© 2015 - 2017 Digitorus B.V.
Revoked certificates can't and should not be trusted, these certificate will cause errors like "NET::ERR_CERT_REVOKED" in browsers.