CRL & OCSP report for 0-jump.valueline.com.catalog.addisonlibrary.org - catalog.addisonlibrary.org (Addison Public Library)

catalog.addisonlibrary.org

This certificate was cached at
Certificate details for catalog.addisonlibrary.org (At position 0 in certificate chain)
Serial number:
hex: 8891ea6c3edeb2e20000000050da95f6
int: 181532645131182211643558299319695742454
Issued by: Entrust Certification Authority - L1K
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: Addison Public Library
Organization unit: Public Library
State / Province: Illinois
Locality: Addison
Country: US
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

View complete certificate details for 0-jump.valueline.com.catalog.addisonlibrary.org.

Certificate Revocation List (CRL)

This CRL was cached at
http://crl.entrust.net/level1k.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://crl.entrust.net/level1k.crl
Size: 1714090 bytes (DER data)
Response time: 66.212583ms
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 37909

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Content Delivery Network (CDN): Akamai
Cache Information: TCP_HIT from a23-219-88-197.deploy.akamaitechnologies.com (AkamaiGHost/8.2.0.0.1-18764048) (-)

Raw CRL response headers

Accept-Ranges: [bytes]
Cache-Control: [no-cache]
Content-Length: [1714090]
Content-Type: [application/x-pkcs7-crl]
Date: [Fri, 20 Jan 2017 19:43:50 GMT]
Expires: [Fri, 20 Jan 2017 19:43:50 GMT]
Last-Modified: [Fri, 20 Jan 2017 19:00:02 GMT]
Pragma: [no-cache]
X-Cache: [TCP_HIT from a23-219-88-197.deploy.akamaitechnologies.com (AkamaiGHost/8.2.0.0.1-18764048) (-)]
X-Frame-Options: [DENY]
  • Content-Type in response is set 'application/x-pkcs7-crl' and should be replaced with 'application/pkix-crl' (RFC 5280, section 4.2.1.13)
  • This CRL file is DER encoded
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than seven days old, CRLs must be updated and reissued at least every seven days (Mozilla Maintenance Policy section 3)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is not the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is not the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://ocsp.entrust.net (GET)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp.entrust.net (GET)
Size: 2121 bytes (DER data)
Response time: 108.414725ms
Signature algorithm: SHA1WithRSA
Signature type: CA Deligated
Signed by: OCSP1
Issued by: Entrust Certification Authority - L1K
Signing certificate validity: 2014-08-26 - 2017-08-26
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 59m2s

Server and network information

Content Delivery Network (CDN): Akamai
Cache Information: TCP_MISS from a23-219-93-86.deploy.akamaitechnologies.com (AkamaiGHost/8.2.0.0.2-18911410) (-)

URL used for GET request

http:/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTMbSIc9rRVLC%2BHkV9a%2FvDh7s6DzAQUgqJwdN28Uz%2FPe9T3zX%2BnYMYKTL8CEQCIkepsPt6y4gAAAABQ2pX2

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTMbSIc9rRVLC+HkV9a/vDh7s6DzAQUgqJw
dN28Uz/Pe9T3zX+nYMYKTL8CEQCIkepsPt6y4gAAAABQ2pX2
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIIRQoBAKCCCD4wggg6BgkrBgEFBQcwAQEEgggrMIIIJzCCAVehgc0wgcoxCzAJ
BgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUg
d3d3LmVudHJ1c3QubmV0L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykgMjAxMiBF
bnRydXN0LCBJbmMuIC0gZm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxLjAsBgNVBAMT
JUVudHJ1c3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBMMUsxDjAMBgNVBAMT
BU9DU1AxGA8yMDE3MDEyMDIxMjAxNVowdDByMEowCQYFKw4DAhoFAAQUzG0iHPa0
VSwvh5FfWv7w4e7Og8wEFIKicHTdvFM/z3vU981/p2DGCky/AhEAiJHqbD7esuIA
AAAAUNqV9oAAGA8yMDE3MDEyMDIxMjAxNVqgERgPMjAxNzAxMjcyMTIwMTVaMA0G
CSqGSIb3DQEBBQUAA4IBAQAEGaDYmQIYeR45fhwih5A/KiMHUTB6ewGZWcmhmj6u
6PQFLigRs6gW3LaW98JeW4JMnEClT+I1eIbxRmBkP5GTHBJUoSERY0OWMbWwKsq9
tXehwsg64u7VTLcIiO2Rm3hMlmc/TbayOyQEXxTjLH8aCMiNT6IfY8BOqCINMBI3
lRBkxVU/hioubzOD5Wjz7mizxapsl+J4Bjj6x+t4TmfFopL/Yi9diBBXrdnL7FtP
yhAi4xehMCBLKOJjsuQWJHaBhkchohhwgWHWLMb1btP/dJCdXWUnrzqw4G4+NEvC
oLJUNIABkHShIcPiYuH2HkTZNNs0FZryf/cY4CLYzkxXoIIFtDCCBbAwggWsMIIE
lKADAgECAg0A9Z25pgAAAABQ0f7BMA0GCSqGSIb3DQEBCwUAMIG6MQswCQYDVQQG
EwJVUzEWMBQGA1UEChMNRW50cnVzdCwgSW5jLjEoMCYGA1UECxMfU2VlIHd3dy5l
bnRydXN0Lm5ldC9sZWdhbC10ZXJtczE5MDcGA1UECxMwKGMpIDIwMTIgRW50cnVz
dCwgSW5jLiAtIGZvciBhdXRob3JpemVkIHVzZSBvbmx5MS4wLAYDVQQDEyVFbnRy
dXN0IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gTDFLMB4XDTE0MDgyNjE0NTMw
OVoXDTE3MDgyNjE1MjMwOVowgcoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRy
dXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUgd3d3LmVudHJ1c3QubmV0L2xlZ2FsLXRl
cm1zMTkwNwYDVQQLEzAoYykgMjAxMiBFbnRydXN0LCBJbmMuIC0gZm9yIGF1dGhv
cml6ZWQgdXNlIG9ubHkxLjAsBgNVBAMTJUVudHJ1c3QgQ2VydGlmaWNhdGlvbiBB
dXRob3JpdHkgLSBMMUsxDjAMBgNVBAMTBU9DU1AxMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAydqJVenrg9VMqV5B4iJAbalp0DfqQaTUJXu3G5+h6rXj
kj+ZPpXv7QimlUzYDgsvmXYNUapOwBAJGKUXWttnKdznQUDdddOiem9p2TjDLrkP
2Uw+bYQ2jmisO1teqWscWFzIGuSL3or591V52XHv64ll4ALvZkJfNqhUpzbCAgUV
k7Mi8VmJySIemHy0gYzcRIkqnYl+jrh89c+a2hNXYZRkyqq5wBQPb+z9KU5holP/
Y9e6UYaiDoDgH5cmRcGerBiYeb/bSOXV1IYcDmbj2OOsx8G5WEhgHQN48VsyMc4x
LMcjF1GcZ4OZyGcEv8Hu8t51/9uC/w5EzOSYXgOkMwIDAQABo4IBnTCCAZkwCwYD
VR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA8GCSsGAQUFBzABBQQCBQAw
MwYIKwYBBQUHAQEEJzAlMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5lbnRydXN0
Lm5ldDCB4wYDVR0fBIHbMIHYMIHVoIHSoIHPpIHMMIHJMQswCQYDVQQGEwJVUzEW
MBQGA1UEChMNRW50cnVzdCwgSW5jLjEoMCYGA1UECxMfU2VlIHd3dy5lbnRydXN0
Lm5ldC9sZWdhbC10ZXJtczE5MDcGA1UECxMwKGMpIDIwMTIgRW50cnVzdCwgSW5j
LiAtIGZvciBhdXRob3JpemVkIHVzZSBvbmx5MS4wLAYDVQQDEyVFbnRydXN0IENl
cnRpZmljYXRpb24gQXV0aG9yaXR5IC0gTDFLMQ0wCwYDVQQDEwRDUkwxMB8GA1Ud
IwQYMBaAFIKicHTdvFM/z3vU981/p2DGCky/MB0GA1UdDgQWBBTVAgS216CoLbO9
EiWrUtTR5ZaNxDAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQCpJ76zRu9P
fG2gJWJ5GyAImiY0eFvdYNe7DbtOPhtBKvBpFYeVdQ8KRCxhpQoKv8lIpgijLVPA
6k86L5vuPXdfVyn8lKJC7DdEZ5+jYuUZadPUXkdByPtF9Oc5uB4YSPUtYRJnBMGq
DEQFYRX76Ri7nPw5i1HzsjfO67DgdHxiHaV/aa5pSvKat22msB36HbLB/n8U5QMD
eL0nnbsdwA5/GqOF62RVIBhvbHq4So+LlMskqSQBOWRmugFaHESRCaxm6r2P0m/X
AdD8h40TwFNvAKtnO2Us1FutOgJT7HlSYVEfgOuaywh+BIrkvXJEkyTajwshrO3D
ZGSIoCiGPjVU
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIFrDCCBJSgAwIBAgINAPWduaYAAAAAUNH+wTANBgkqhkiG9w0BAQsFADCBujEL
MAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1Nl
ZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDEy
IEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEuMCwGA1UE
AxMlRW50cnVzdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEwxSzAeFw0xNDA4
MjYxNDUzMDlaFw0xNzA4MjYxNTIzMDlaMIHKMQswCQYDVQQGEwJVUzEWMBQGA1UE
ChMNRW50cnVzdCwgSW5jLjEoMCYGA1UECxMfU2VlIHd3dy5lbnRydXN0Lm5ldC9s
ZWdhbC10ZXJtczE5MDcGA1UECxMwKGMpIDIwMTIgRW50cnVzdCwgSW5jLiAtIGZv
ciBhdXRob3JpemVkIHVzZSBvbmx5MS4wLAYDVQQDEyVFbnRydXN0IENlcnRpZmlj
YXRpb24gQXV0aG9yaXR5IC0gTDFLMQ4wDAYDVQQDEwVPQ1NQMTCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBAMnaiVXp64PVTKleQeIiQG2padA36kGk1CV7
txufoeq145I/mT6V7+0IppVM2A4LL5l2DVGqTsAQCRilF1rbZync50FA3XXTonpv
adk4wy65D9lMPm2ENo5orDtbXqlrHFhcyBrki96K+fdVedlx7+uJZeAC72ZCXzao
VKc2wgIFFZOzIvFZickiHph8tIGM3ESJKp2Jfo64fPXPmtoTV2GUZMqqucAUD2/s
/SlOYaJT/2PXulGGog6A4B+XJkXBnqwYmHm/20jl1dSGHA5m49jjrMfBuVhIYB0D
ePFbMjHOMSzHIxdRnGeDmchnBL/B7vLedf/bgv8ORMzkmF4DpDMCAwEAAaOCAZ0w
ggGZMAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDCTAPBgkrBgEFBQcw
AQUEAgUAMDMGCCsGAQUFBwEBBCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3Au
ZW50cnVzdC5uZXQwgeMGA1UdHwSB2zCB2DCB1aCB0qCBz6SBzDCByTELMAkGA1UE
BhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cu
ZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDEyIEVudHJ1
c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEuMCwGA1UEAxMlRW50
cnVzdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEwxSzENMAsGA1UEAxMEQ1JM
MTAfBgNVHSMEGDAWgBSConB03bxTP8971PfNf6dgxgpMvzAdBgNVHQ4EFgQU1QIE
ttegqC2zvRIlq1LU0eWWjcQwCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEA
qSe+s0bvT3xtoCVieRsgCJomNHhb3WDXuw27Tj4bQSrwaRWHlXUPCkQsYaUKCr/J
SKYIoy1TwOpPOi+b7j13X1cp/JSiQuw3RGefo2LlGWnT1F5HQcj7RfTnObgeGEj1
LWESZwTBqgxEBWEV++kYu5z8OYtR87I3zuuw4HR8Yh2lf2muaUrymrdtprAd+h2y
wf5/FOUDA3i9J527HcAOfxqjhetkVSAYb2x6uEqPi5TLJKkkATlkZroBWhxEkQms
Zuq9j9Jv1wHQ/IeNE8BTbwCrZztlLNRbrToCU+x5UmFRH4DrmssIfgSK5L1yRJMk
2o8LIaztw2RkiKAohj41VA==
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [public, no-transform, must-revalidate, max-age=3542]
Content-Length: [2121]
Content-Transfer-Encoding: [Binary]
Content-Type: [application/ocsp-response]
Date: [Fri, 20 Jan 2017 22:04:41 GMT]
Etag: ["A1E4A4A81B16E24A10D8D01CC6EE2BAE6D4E3F91"]
Expires: [Fri, 20 Jan 2017 23:03:43 GMT]
Last-Modified: [Fri, 20 Jan 2017 21:20:15 GMT]
X-Cache: [TCP_MISS from a23-219-93-86.deploy.akamaitechnologies.com (AkamaiGHost/8.2.0.0.2-18911410) (-)]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is not the same as the NextUpdate field (RFC 5019 section 6.2)
This OCSP response was cached at
http://ocsp.entrust.net (POST)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp.entrust.net (POST)
Size: 2121 bytes (DER data)
Response time: 571.428457ms
Signature algorithm: SHA1WithRSA
Signature type: CA Deligated
Signed by: OCSP1
Issued by: Entrust Certification Authority - L1K
Signing certificate validity: 2014-08-26 - 2017-08-26
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 59m42s

Server and network information

Content Delivery Network (CDN): Akamai
Cache Information: TCP_MISS from a23-219-93-86.deploy.akamaitechnologies.com (AkamaiGHost/8.2.0.0.2-18911410) (-)

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTMbSIc9rRVLC+HkV9a/vDh7s6DzAQUgqJw
dN28Uz/Pe9T3zX+nYMYKTL8CEQCIkepsPt6y4gAAAABQ2pX2
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIIRQoBAKCCCD4wggg6BgkrBgEFBQcwAQEEgggrMIIIJzCCAVehgc0wgcoxCzAJ
BgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUg
d3d3LmVudHJ1c3QubmV0L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykgMjAxMiBF
bnRydXN0LCBJbmMuIC0gZm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxLjAsBgNVBAMT
JUVudHJ1c3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBMMUsxDjAMBgNVBAMT
BU9DU1AxGA8yMDE3MDEyMDE3MDU0NVowdDByMEowCQYFKw4DAhoFAAQUzG0iHPa0
VSwvh5FfWv7w4e7Og8wEFIKicHTdvFM/z3vU981/p2DGCky/AhEAiJHqbD7esuIA
AAAAUNqV9oAAGA8yMDE3MDEyMDE3MDU0NVqgERgPMjAxNzAxMjcxNzA1NDVaMA0G
CSqGSIb3DQEBBQUAA4IBAQDF7MpbSXDB4fYj4ExHtHVrgKtEHjKia5c96O1AG0RO
gLudWNJrKsz8i5vC1q0Zpaot3TGT7W8bSyfmwueesJ6Sbk6ScyQtIiInnpmQDk+T
N0DHl2imcWaG0T82VjK7KhTE5aTCiRHAjXBQ42KhU2MknRV2qcKDOqk2wFiSBtB+
5LnjF6n2QSjuNgpmqrbauGRrxS6PSE8cNdnfvDCy6ZO8wUC54r1Co9Kylw+w6Rq7
m0cHRlnmYDjP2ZB586fPK9QdVpv/ePeEDfbUjahCkjg9H1MLDBbbHArLloURiHaY
fr5gauaHDlxWE9QE3VPijGFrRykXUNGeEbQrCNOaEaHioIIFtDCCBbAwggWsMIIE
lKADAgECAg0A9Z25pgAAAABQ0f7BMA0GCSqGSIb3DQEBCwUAMIG6MQswCQYDVQQG
EwJVUzEWMBQGA1UEChMNRW50cnVzdCwgSW5jLjEoMCYGA1UECxMfU2VlIHd3dy5l
bnRydXN0Lm5ldC9sZWdhbC10ZXJtczE5MDcGA1UECxMwKGMpIDIwMTIgRW50cnVz
dCwgSW5jLiAtIGZvciBhdXRob3JpemVkIHVzZSBvbmx5MS4wLAYDVQQDEyVFbnRy
dXN0IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gTDFLMB4XDTE0MDgyNjE0NTMw
OVoXDTE3MDgyNjE1MjMwOVowgcoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRy
dXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUgd3d3LmVudHJ1c3QubmV0L2xlZ2FsLXRl
cm1zMTkwNwYDVQQLEzAoYykgMjAxMiBFbnRydXN0LCBJbmMuIC0gZm9yIGF1dGhv
cml6ZWQgdXNlIG9ubHkxLjAsBgNVBAMTJUVudHJ1c3QgQ2VydGlmaWNhdGlvbiBB
dXRob3JpdHkgLSBMMUsxDjAMBgNVBAMTBU9DU1AxMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAydqJVenrg9VMqV5B4iJAbalp0DfqQaTUJXu3G5+h6rXj
kj+ZPpXv7QimlUzYDgsvmXYNUapOwBAJGKUXWttnKdznQUDdddOiem9p2TjDLrkP
2Uw+bYQ2jmisO1teqWscWFzIGuSL3or591V52XHv64ll4ALvZkJfNqhUpzbCAgUV
k7Mi8VmJySIemHy0gYzcRIkqnYl+jrh89c+a2hNXYZRkyqq5wBQPb+z9KU5holP/
Y9e6UYaiDoDgH5cmRcGerBiYeb/bSOXV1IYcDmbj2OOsx8G5WEhgHQN48VsyMc4x
LMcjF1GcZ4OZyGcEv8Hu8t51/9uC/w5EzOSYXgOkMwIDAQABo4IBnTCCAZkwCwYD
VR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA8GCSsGAQUFBzABBQQCBQAw
MwYIKwYBBQUHAQEEJzAlMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5lbnRydXN0
Lm5ldDCB4wYDVR0fBIHbMIHYMIHVoIHSoIHPpIHMMIHJMQswCQYDVQQGEwJVUzEW
MBQGA1UEChMNRW50cnVzdCwgSW5jLjEoMCYGA1UECxMfU2VlIHd3dy5lbnRydXN0
Lm5ldC9sZWdhbC10ZXJtczE5MDcGA1UECxMwKGMpIDIwMTIgRW50cnVzdCwgSW5j
LiAtIGZvciBhdXRob3JpemVkIHVzZSBvbmx5MS4wLAYDVQQDEyVFbnRydXN0IENl
cnRpZmljYXRpb24gQXV0aG9yaXR5IC0gTDFLMQ0wCwYDVQQDEwRDUkwxMB8GA1Ud
IwQYMBaAFIKicHTdvFM/z3vU981/p2DGCky/MB0GA1UdDgQWBBTVAgS216CoLbO9
EiWrUtTR5ZaNxDAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQCpJ76zRu9P
fG2gJWJ5GyAImiY0eFvdYNe7DbtOPhtBKvBpFYeVdQ8KRCxhpQoKv8lIpgijLVPA
6k86L5vuPXdfVyn8lKJC7DdEZ5+jYuUZadPUXkdByPtF9Oc5uB4YSPUtYRJnBMGq
DEQFYRX76Ri7nPw5i1HzsjfO67DgdHxiHaV/aa5pSvKat22msB36HbLB/n8U5QMD
eL0nnbsdwA5/GqOF62RVIBhvbHq4So+LlMskqSQBOWRmugFaHESRCaxm6r2P0m/X
AdD8h40TwFNvAKtnO2Us1FutOgJT7HlSYVEfgOuaywh+BIrkvXJEkyTajwshrO3D
ZGSIoCiGPjVU
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIFrDCCBJSgAwIBAgINAPWduaYAAAAAUNH+wTANBgkqhkiG9w0BAQsFADCBujEL
MAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1Nl
ZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDEy
IEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEuMCwGA1UE
AxMlRW50cnVzdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEwxSzAeFw0xNDA4
MjYxNDUzMDlaFw0xNzA4MjYxNTIzMDlaMIHKMQswCQYDVQQGEwJVUzEWMBQGA1UE
ChMNRW50cnVzdCwgSW5jLjEoMCYGA1UECxMfU2VlIHd3dy5lbnRydXN0Lm5ldC9s
ZWdhbC10ZXJtczE5MDcGA1UECxMwKGMpIDIwMTIgRW50cnVzdCwgSW5jLiAtIGZv
ciBhdXRob3JpemVkIHVzZSBvbmx5MS4wLAYDVQQDEyVFbnRydXN0IENlcnRpZmlj
YXRpb24gQXV0aG9yaXR5IC0gTDFLMQ4wDAYDVQQDEwVPQ1NQMTCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBAMnaiVXp64PVTKleQeIiQG2padA36kGk1CV7
txufoeq145I/mT6V7+0IppVM2A4LL5l2DVGqTsAQCRilF1rbZync50FA3XXTonpv
adk4wy65D9lMPm2ENo5orDtbXqlrHFhcyBrki96K+fdVedlx7+uJZeAC72ZCXzao
VKc2wgIFFZOzIvFZickiHph8tIGM3ESJKp2Jfo64fPXPmtoTV2GUZMqqucAUD2/s
/SlOYaJT/2PXulGGog6A4B+XJkXBnqwYmHm/20jl1dSGHA5m49jjrMfBuVhIYB0D
ePFbMjHOMSzHIxdRnGeDmchnBL/B7vLedf/bgv8ORMzkmF4DpDMCAwEAAaOCAZ0w
ggGZMAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDCTAPBgkrBgEFBQcw
AQUEAgUAMDMGCCsGAQUFBwEBBCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3Au
ZW50cnVzdC5uZXQwgeMGA1UdHwSB2zCB2DCB1aCB0qCBz6SBzDCByTELMAkGA1UE
BhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cu
ZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDEyIEVudHJ1
c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEuMCwGA1UEAxMlRW50
cnVzdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEwxSzENMAsGA1UEAxMEQ1JM
MTAfBgNVHSMEGDAWgBSConB03bxTP8971PfNf6dgxgpMvzAdBgNVHQ4EFgQU1QIE
ttegqC2zvRIlq1LU0eWWjcQwCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEA
qSe+s0bvT3xtoCVieRsgCJomNHhb3WDXuw27Tj4bQSrwaRWHlXUPCkQsYaUKCr/J
SKYIoy1TwOpPOi+b7j13X1cp/JSiQuw3RGefo2LlGWnT1F5HQcj7RfTnObgeGEj1
LWESZwTBqgxEBWEV++kYu5z8OYtR87I3zuuw4HR8Yh2lf2muaUrymrdtprAd+h2y
wf5/FOUDA3i9J527HcAOfxqjhetkVSAYb2x6uEqPi5TLJKkkATlkZroBWhxEkQms
Zuq9j9Jv1wHQ/IeNE8BTbwCrZztlLNRbrToCU+x5UmFRH4DrmssIfgSK5L1yRJMk
2o8LIaztw2RkiKAohj41VA==
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [public, no-transform, must-revalidate, max-age=3582]
Content-Length: [2121]
Content-Transfer-Encoding: [Binary]
Content-Type: [application/ocsp-response]
Date: [Fri, 20 Jan 2017 22:04:42 GMT]
Etag: ["877FBDF6006805BF146BB46F49382856BE704FEF"]
Expires: [Fri, 20 Jan 2017 23:04:24 GMT]
Last-Modified: [Fri, 20 Jan 2017 17:05:45 GMT]
X-Cache: [TCP_MISS from a23-219-93-86.deploy.akamaitechnologies.com (AkamaiGHost/8.2.0.0.2-18911410) (-)]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is not the same as the NextUpdate field (RFC 5019 section 6.2)

Entrust Certification Authority - L1K (CA Certificate)

This certificate was cached at
Certificate details for Entrust Certification Authority - L1K (At position 1 in certificate chain)
Serial number:
hex: 51d360ee
int: 1372807406
Issued by: Entrust Root Certification Authority - G2
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: Entrust, Inc.
Organization unit: See www.entrust.net/legal-terms
Organization unit: (c) 2012 Entrust, Inc. - for authorized use only
Country: US
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

Certificate Revocation List (CRL)

This CRL was cached at
http://crl.entrust.net/g2ca.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://crl.entrust.net/g2ca.crl
Size: 1224 bytes (DER data)
Response time: 17.655989ms
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 14

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Content Delivery Network (CDN): Akamai
Cache Information: TCP_MEM_HIT from a23-219-88-197.deploy.akamaitechnologies.com (AkamaiGHost/8.2.0.0.1-18764048) (-)

Raw CRL response headers

Accept-Ranges: [bytes]
Cache-Control: [no-cache]
Content-Length: [1224]
Content-Type: [application/x-pkcs7-crl]
Date: [Fri, 20 Jan 2017 19:43:50 GMT]
Expires: [Fri, 20 Jan 2017 19:43:50 GMT]
Last-Modified: [Thu, 05 Jan 2017 20:27:50 GMT]
Pragma: [no-cache]
X-Cache: [TCP_MEM_HIT from a23-219-88-197.deploy.akamaitechnologies.com (AkamaiGHost/8.2.0.0.1-18764048) (-)]
X-Frame-Options: [DENY]
  • Content-Type in response is set 'application/x-pkcs7-crl' and should be replaced with 'application/pkix-crl' (RFC 5280, section 4.2.1.13)
  • This CRL file is DER encoded
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is not the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is not the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://ocsp.entrust.net (POST)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp.entrust.net (POST)
Size: 1983 bytes (DER data)
Response time: 5.062122ms
Signature algorithm: SHA1WithRSA
Signature type: CA Deligated
Signed by: Entrust Validation Authority
Issued by: Entrust Root Certification Authority - G2
Signing certificate validity: 2015-06-04 - 2017-06-04
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 35m14s

Server and network information

Content Delivery Network (CDN): Akamai
Cache Information: TCP_MEM_HIT from a165-254-35-185.deploy.akamaitechnologies.com (AkamaiGHost/8.2.0.0.2-18911410) (-)

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MEUwQzBBMD8wPTAJBgUrDgMCGgUABBTLXNCzDvBhHecWjg70iJhBW0InywQUanIm
etAe733nO2lR1GyNn5ASZqsCBFHTYO4=
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIHuwoBAKCCB7QwggewBgkrBgEFBQcwAQEEggehMIIHnTCCAWWhgegwgeUxCzAJ
BgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUg
d3d3LmVudHJ1c3QubmV0L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykgMjAwOSBF
bnRydXN0LCBJbmMuIC0gZm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxMjAwBgNVBAMT
KUVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcyMSUwIwYD
VQQDExxFbnRydXN0IFZhbGlkYXRpb24gQXV0aG9yaXR5GA8yMDE3MDEyMDE4NTIy
MlowZzBlMD0wCQYFKw4DAhoFAAQUy1zQsw7wYR3nFo4O9IiYQVtCJ8sEFGpyJnrQ
Hu995ztpUdRsjZ+QEmarAgRR02DugAAYDzIwMTcwMTIwMTg1MjIyWqARGA8yMDE3
MDEyNzE4NTIyMlowDQYJKoZIhvcNAQEFBQADggEBAE7ZTXPpcAEO4hvKa/286t9Z
K/GrzCCR0/YcOP8JT/4v47hYiH3Nf29TRLXB0ZrkWKC1fBTtVD5he1Vca4nJx1pk
dLnHLQneCp4r0RdIMuAnobF4K7HTe+RawDzoV7uCSmD6fwjirZT8OgfXZ8OtLJSW
JMENqO42Su3+jITzNSJxDCxgG8+yg5kC9iwDS8+aXLRgUltaX1tYJNb2fGxxWSjS
JNWBflA3pekEyJxCoKwGVo+QyVOnkRWuEiTvFYwMNJT1GtS0pRe6cz9TQ6KVXuSA
c7Tsk9QXhCKQJI0B/xA99y/dIxj3F6NRiZs//xc0RtWtsxiZSZ3pqVWmlBw56Oeg
ggUcMIIFGDCCBRQwggP8oAMCAQICDE3pUL0AAAAAUdNzSDANBgkqhkiG9w0BAQsF
ADCBvjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNV
BAsTH1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChj
KSAyMDA5IEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEy
MDAGA1UEAxMpRW50cnVzdCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0g
RzIwHhcNMTUwNjA0MTkxNTM0WhcNMTcwNjA0MTk0NTM0WjCB5TELMAkGA1UEBhMC
VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50
cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDA5IEVudHJ1c3Qs
IEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEyMDAGA1UEAxMpRW50cnVz
dCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzIxJTAjBgNVBAMTHEVu
dHJ1c3QgVmFsaWRhdGlvbiBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDJ2olV6euD1UypXkHiIkBtqWnQN+pBpNQle7cbn6HqteOSP5k+
le/tCKaVTNgOCy+Zdg1Rqk7AEAkYpRda22cp3OdBQN1106J6b2nZOMMuuQ/ZTD5t
hDaOaKw7W16paxxYXMga5Iveivn3VXnZce/riWXgAu9mQl82qFSnNsICBRWTsyLx
WYnJIh6YfLSBjNxEiSqdiX6OuHz1z5raE1dhlGTKqrnAFA9v7P0pTmGiU/9j17pR
hqIOgOAflyZFwZ6sGJh5v9tI5dXUhhwOZuPY46zHwblYSGAdA3jxWzIxzjEsxyMX
UZxng5nIZwS/we7y3nX/24L/DkTM5JheA6QzAgMBAAGjgegwgeUwCwYDVR0PBAQD
AgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA8GCSsGAQUFBzABBQQCBQAwMAYDVR0f
BCkwJzAloCOgIYYfaHR0cDovL2NybC5lbnRydXN0Lm5ldC9nMmNhLmNybDAzBggr
BgEFBQcBAQQnMCUwIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLmVudHJ1c3QubmV0
MB8GA1UdIwQYMBaAFGpyJnrQHu995ztpUdRsjZ+QEmarMB0GA1UdDgQWBBTVAgS2
16CoLbO9EiWrUtTR5ZaNxDAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQAz
oliCixo0FUe0m4c7Njr0eZfaS386B543vIix94TOfupmA84ZrfY1mAz0v8Zj1zzH
N+FUI6pERUJrZfKZ8tWMA62lsi1SUfNVn0TGtAZd0Fyvz8z7zRUol6dZ3GXLWjGu
ibGul/wzHQeijzIUbvaG3UBj2kb/YX9teQrjm5ZhUZiVKP2sFk4AD34iJCPc16C+
lHjDyEg1JPjpEiVqNc580V9wo7dQGc+Z5VL4HV2SO5b8Xb6ybGrqzcq6xgUGhaGR
MvoxCjp9FzqYdLCH6Tw8PBpVnF5G8N/A47sEVvkgZddTtLj6BEgc7LChBKp5Fxx6
Bc/UIpcSa4G3Ff0tYc/U
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgIMTelQvQAAAABR03NIMA0GCSqGSIb3DQEBCwUAMIG+MQsw
CQYDVQQGEwJVUzEWMBQGA1UEChMNRW50cnVzdCwgSW5jLjEoMCYGA1UECxMfU2Vl
IHd3dy5lbnRydXN0Lm5ldC9sZWdhbC10ZXJtczE5MDcGA1UECxMwKGMpIDIwMDkg
RW50cnVzdCwgSW5jLiAtIGZvciBhdXRob3JpemVkIHVzZSBvbmx5MTIwMAYDVQQD
EylFbnRydXN0IFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMjAeFw0x
NTA2MDQxOTE1MzRaFw0xNzA2MDQxOTQ1MzRaMIHlMQswCQYDVQQGEwJVUzEWMBQG
A1UEChMNRW50cnVzdCwgSW5jLjEoMCYGA1UECxMfU2VlIHd3dy5lbnRydXN0Lm5l
dC9sZWdhbC10ZXJtczE5MDcGA1UECxMwKGMpIDIwMDkgRW50cnVzdCwgSW5jLiAt
IGZvciBhdXRob3JpemVkIHVzZSBvbmx5MTIwMAYDVQQDEylFbnRydXN0IFJvb3Qg
Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMjElMCMGA1UEAxMcRW50cnVzdCBW
YWxpZGF0aW9uIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMnaiVXp64PVTKleQeIiQG2padA36kGk1CV7txufoeq145I/mT6V7+0IppVM
2A4LL5l2DVGqTsAQCRilF1rbZync50FA3XXTonpvadk4wy65D9lMPm2ENo5orDtb
XqlrHFhcyBrki96K+fdVedlx7+uJZeAC72ZCXzaoVKc2wgIFFZOzIvFZickiHph8
tIGM3ESJKp2Jfo64fPXPmtoTV2GUZMqqucAUD2/s/SlOYaJT/2PXulGGog6A4B+X
JkXBnqwYmHm/20jl1dSGHA5m49jjrMfBuVhIYB0DePFbMjHOMSzHIxdRnGeDmchn
BL/B7vLedf/bgv8ORMzkmF4DpDMCAwEAAaOB6DCB5TALBgNVHQ8EBAMCB4AwEwYD
VR0lBAwwCgYIKwYBBQUHAwkwDwYJKwYBBQUHMAEFBAIFADAwBgNVHR8EKTAnMCWg
I6Ahhh9odHRwOi8vY3JsLmVudHJ1c3QubmV0L2cyY2EuY3JsMDMGCCsGAQUFBwEB
BCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZW50cnVzdC5uZXQwHwYDVR0j
BBgwFoAUanImetAe733nO2lR1GyNn5ASZqswHQYDVR0OBBYEFNUCBLbXoKgts70S
JatS1NHllo3EMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBADOiWIKLGjQV
R7Sbhzs2OvR5l9pLfzoHnje8iLH3hM5+6mYDzhmt9jWYDPS/xmPXPMc34VQjqkRF
Qmtl8pny1YwDraWyLVJR81WfRMa0Bl3QXK/PzPvNFSiXp1ncZctaMa6Jsa6X/DMd
B6KPMhRu9obdQGPaRv9hf215CuOblmFRmJUo/awWTgAPfiIkI9zXoL6UeMPISDUk
+OkSJWo1znzRX3Cjt1AZz5nlUvgdXZI7lvxdvrJsaurNyrrGBQaFoZEy+jEKOn0X
Oph0sIfpPDw8GlWcXkbw38DjuwRW+SBl11O0uPoESBzssKEEqnkXHHoFz9QilxJr
gbcV/S1hz9Q=
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [public, no-transform, must-revalidate, max-age=2114]
Content-Length: [1983]
Content-Transfer-Encoding: [Binary]
Content-Type: [application/ocsp-response]
Date: [Fri, 20 Jan 2017 19:43:50 GMT]
Etag: ["66529642778F24783205E549A8EB5A52B491E6B6"]
Expires: [Fri, 20 Jan 2017 20:19:04 GMT]
Last-Modified: [Fri, 20 Jan 2017 18:52:22 GMT]
X-Cache: [TCP_MEM_HIT from a165-254-35-185.deploy.akamaitechnologies.com (AkamaiGHost/8.2.0.0.2-18911410) (-)]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is not the same as the NextUpdate field (RFC 5019 section 6.2)
This OCSP response was cached at
http://ocsp.entrust.net (GET)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp.entrust.net (GET)
Size: 1983 bytes (DER data)
Response time: 5.313744ms
Signature algorithm: SHA1WithRSA
Signature type: CA Deligated
Signed by: Entrust Validation Authority
Issued by: Entrust Root Certification Authority - G2
Signing certificate validity: 2015-06-04 - 2017-06-04
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 46m54s

Server and network information

Content Delivery Network (CDN): Akamai
Cache Information: TCP_MEM_HIT from a165-254-35-191.deploy.akamaitechnologies.com (AkamaiGHost/8.2.0.0.2-18911410) (-)

URL used for GET request

http:/MEUwQzBBMD8wPTAJBgUrDgMCGgUABBTLXNCzDvBhHecWjg70iJhBW0InywQUanImetAe733nO2lR1GyNn5ASZqsCBFHTYO4%3D

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MEUwQzBBMD8wPTAJBgUrDgMCGgUABBTLXNCzDvBhHecWjg70iJhBW0InywQUanIm
etAe733nO2lR1GyNn5ASZqsCBFHTYO4=
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIHuwoBAKCCB7QwggewBgkrBgEFBQcwAQEEggehMIIHnTCCAWWhgegwgeUxCzAJ
BgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUg
d3d3LmVudHJ1c3QubmV0L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykgMjAwOSBF
bnRydXN0LCBJbmMuIC0gZm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxMjAwBgNVBAMT
KUVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcyMSUwIwYD
VQQDExxFbnRydXN0IFZhbGlkYXRpb24gQXV0aG9yaXR5GA8yMDE3MDEyMDE3MTIx
NVowZzBlMD0wCQYFKw4DAhoFAAQUy1zQsw7wYR3nFo4O9IiYQVtCJ8sEFGpyJnrQ
Hu995ztpUdRsjZ+QEmarAgRR02DugAAYDzIwMTcwMTIwMTcxMjE1WqARGA8yMDE3
MDEyNzE3MTIxNVowDQYJKoZIhvcNAQEFBQADggEBAKLLWHBkrea22mib4fsCmxV0
zUweNDp5f4Eg5nrGu0qkXgzqEYlXW3ygu3QKOhQSr9h6yOxUWxE4QMWeEuV2z2Ed
G2zIDrapIMFuFBoMz/MUOUT1nwNg9y615+r61xIwnUNY9xy3YyvBNzq8IULS3pdL
JYZVBgWAAAd1SyGT4zcafvh5I03DBoBl3s3VyYeGRoFooX21Ri5v0TJqzoPN39bd
iivqPyeTJmAR+K0uuUkP472QQB1PGUzgx5PvK+wpqyyLijc2OXiMdYIIQkRaBT6X
OSOmEsd9+jVh6AgVzUHTkAija8DE2TjHcXUXoArYdeLHhhb32tGn7zwcPI+Xg3Kg
ggUcMIIFGDCCBRQwggP8oAMCAQICDE3pUL0AAAAAUdNzSDANBgkqhkiG9w0BAQsF
ADCBvjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNV
BAsTH1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChj
KSAyMDA5IEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEy
MDAGA1UEAxMpRW50cnVzdCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0g
RzIwHhcNMTUwNjA0MTkxNTM0WhcNMTcwNjA0MTk0NTM0WjCB5TELMAkGA1UEBhMC
VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50
cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDA5IEVudHJ1c3Qs
IEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEyMDAGA1UEAxMpRW50cnVz
dCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzIxJTAjBgNVBAMTHEVu
dHJ1c3QgVmFsaWRhdGlvbiBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDJ2olV6euD1UypXkHiIkBtqWnQN+pBpNQle7cbn6HqteOSP5k+
le/tCKaVTNgOCy+Zdg1Rqk7AEAkYpRda22cp3OdBQN1106J6b2nZOMMuuQ/ZTD5t
hDaOaKw7W16paxxYXMga5Iveivn3VXnZce/riWXgAu9mQl82qFSnNsICBRWTsyLx
WYnJIh6YfLSBjNxEiSqdiX6OuHz1z5raE1dhlGTKqrnAFA9v7P0pTmGiU/9j17pR
hqIOgOAflyZFwZ6sGJh5v9tI5dXUhhwOZuPY46zHwblYSGAdA3jxWzIxzjEsxyMX
UZxng5nIZwS/we7y3nX/24L/DkTM5JheA6QzAgMBAAGjgegwgeUwCwYDVR0PBAQD
AgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA8GCSsGAQUFBzABBQQCBQAwMAYDVR0f
BCkwJzAloCOgIYYfaHR0cDovL2NybC5lbnRydXN0Lm5ldC9nMmNhLmNybDAzBggr
BgEFBQcBAQQnMCUwIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLmVudHJ1c3QubmV0
MB8GA1UdIwQYMBaAFGpyJnrQHu995ztpUdRsjZ+QEmarMB0GA1UdDgQWBBTVAgS2
16CoLbO9EiWrUtTR5ZaNxDAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQAz
oliCixo0FUe0m4c7Njr0eZfaS386B543vIix94TOfupmA84ZrfY1mAz0v8Zj1zzH
N+FUI6pERUJrZfKZ8tWMA62lsi1SUfNVn0TGtAZd0Fyvz8z7zRUol6dZ3GXLWjGu
ibGul/wzHQeijzIUbvaG3UBj2kb/YX9teQrjm5ZhUZiVKP2sFk4AD34iJCPc16C+
lHjDyEg1JPjpEiVqNc580V9wo7dQGc+Z5VL4HV2SO5b8Xb6ybGrqzcq6xgUGhaGR
MvoxCjp9FzqYdLCH6Tw8PBpVnF5G8N/A47sEVvkgZddTtLj6BEgc7LChBKp5Fxx6
Bc/UIpcSa4G3Ff0tYc/U
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgIMTelQvQAAAABR03NIMA0GCSqGSIb3DQEBCwUAMIG+MQsw
CQYDVQQGEwJVUzEWMBQGA1UEChMNRW50cnVzdCwgSW5jLjEoMCYGA1UECxMfU2Vl
IHd3dy5lbnRydXN0Lm5ldC9sZWdhbC10ZXJtczE5MDcGA1UECxMwKGMpIDIwMDkg
RW50cnVzdCwgSW5jLiAtIGZvciBhdXRob3JpemVkIHVzZSBvbmx5MTIwMAYDVQQD
EylFbnRydXN0IFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMjAeFw0x
NTA2MDQxOTE1MzRaFw0xNzA2MDQxOTQ1MzRaMIHlMQswCQYDVQQGEwJVUzEWMBQG
A1UEChMNRW50cnVzdCwgSW5jLjEoMCYGA1UECxMfU2VlIHd3dy5lbnRydXN0Lm5l
dC9sZWdhbC10ZXJtczE5MDcGA1UECxMwKGMpIDIwMDkgRW50cnVzdCwgSW5jLiAt
IGZvciBhdXRob3JpemVkIHVzZSBvbmx5MTIwMAYDVQQDEylFbnRydXN0IFJvb3Qg
Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMjElMCMGA1UEAxMcRW50cnVzdCBW
YWxpZGF0aW9uIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMnaiVXp64PVTKleQeIiQG2padA36kGk1CV7txufoeq145I/mT6V7+0IppVM
2A4LL5l2DVGqTsAQCRilF1rbZync50FA3XXTonpvadk4wy65D9lMPm2ENo5orDtb
XqlrHFhcyBrki96K+fdVedlx7+uJZeAC72ZCXzaoVKc2wgIFFZOzIvFZickiHph8
tIGM3ESJKp2Jfo64fPXPmtoTV2GUZMqqucAUD2/s/SlOYaJT/2PXulGGog6A4B+X
JkXBnqwYmHm/20jl1dSGHA5m49jjrMfBuVhIYB0DePFbMjHOMSzHIxdRnGeDmchn
BL/B7vLedf/bgv8ORMzkmF4DpDMCAwEAAaOB6DCB5TALBgNVHQ8EBAMCB4AwEwYD
VR0lBAwwCgYIKwYBBQUHAwkwDwYJKwYBBQUHMAEFBAIFADAwBgNVHR8EKTAnMCWg
I6Ahhh9odHRwOi8vY3JsLmVudHJ1c3QubmV0L2cyY2EuY3JsMDMGCCsGAQUFBwEB
BCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZW50cnVzdC5uZXQwHwYDVR0j
BBgwFoAUanImetAe733nO2lR1GyNn5ASZqswHQYDVR0OBBYEFNUCBLbXoKgts70S
JatS1NHllo3EMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBADOiWIKLGjQV
R7Sbhzs2OvR5l9pLfzoHnje8iLH3hM5+6mYDzhmt9jWYDPS/xmPXPMc34VQjqkRF
Qmtl8pny1YwDraWyLVJR81WfRMa0Bl3QXK/PzPvNFSiXp1ncZctaMa6Jsa6X/DMd
B6KPMhRu9obdQGPaRv9hf215CuOblmFRmJUo/awWTgAPfiIkI9zXoL6UeMPISDUk
+OkSJWo1znzRX3Cjt1AZz5nlUvgdXZI7lvxdvrJsaurNyrrGBQaFoZEy+jEKOn0X
Oph0sIfpPDw8GlWcXkbw38DjuwRW+SBl11O0uPoESBzssKEEqnkXHHoFz9QilxJr
gbcV/S1hz9Q=
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [public, no-transform, must-revalidate, max-age=2814]
Content-Length: [1983]
Content-Transfer-Encoding: [Binary]
Content-Type: [application/ocsp-response]
Date: [Fri, 20 Jan 2017 19:43:50 GMT]
Etag: ["3AB76827A78C007BD21DA2C0EEF63C071493460E"]
Expires: [Fri, 20 Jan 2017 20:30:44 GMT]
Last-Modified: [Fri, 20 Jan 2017 17:12:15 GMT]
X-Cache: [TCP_MEM_HIT from a165-254-35-191.deploy.akamaitechnologies.com (AkamaiGHost/8.2.0.0.2-18911410) (-)]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is not the same as the NextUpdate field (RFC 5019 section 6.2)

Entrust Root Certification Authority - G2 (CA Certificate)

This certificate was cached at
Certificate details for Entrust Root Certification Authority - G2 (At position 2 in certificate chain)
Serial number:
hex: 4a538c28
int: 1246989352
Issued by: Entrust Root Certification Authority - G2
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: Entrust, Inc.
Organization unit: See www.entrust.net/legal-terms
Organization unit: (c) 2009 Entrust, Inc. - for authorized use only
Country: US
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

This is a self signed certificate

Check the revocation status for another website

Created by Paul van Brouwershaven
Revoked certificates can't and should not be trusted, these certificate will cause errors like "NET::ERR_CERT_REVOKED" in browsers.