CRL & OCSP report for 0-jump.valueline.com.sierra.helenplum.org - sierra.helenplum.org (Helen M Plum Memorial Library)

One of the certificates in this chain can't be trusted!

One or more certificate in this chain can't be trusted because of revocation or an server error. Revoked certificates can't be trusted and will cause errors like "NET::ERR_CERT_REVOKED" in browsers

sierra.helenplum.org

Certificate details for sierra.helenplum.org (At position 0 in certificate chain)
Serial number:
hex: 7a06a301da36ef670000000050dbc746
int: 162200275446438647877495545723763803974
Issued by: Entrust Certification Authority - L1K
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: Helen M Plum Memorial Library
Organization unit: Public Library
State / Province: Illinois
Locality: Lombard
Country: US
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

Check certificate compliance for 0-jump.valueline.com.sierra.helenplum.org.

Certificate Revocation List (CRL)

This CRL was cached at
http://crl.entrust.net/level1k.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://crl.entrust.net/level1k.crl
Size: 1981334 bytes (DER data)
Response time: 64.917171ms
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 42532

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Content Delivery Network (CDN): Akamai
Cache Information: TCP_HIT from a23-219-88-164.deploy.akamaitechnologies.com (AkamaiGHost/8.3.4.1.2-20081415) (-)

Raw CRL response headers

Accept-Ranges: [bytes]
Cache-Control: [no-cache]
Content-Length: [1981334]
Content-Type: [application/x-pkcs7-crl]
Date: [Sat, 24 Jun 2017 03:36:03 GMT]
Expires: [Sat, 24 Jun 2017 03:36:03 GMT]
Last-Modified: [Sat, 24 Jun 2017 03:00:12 GMT]
Pragma: [no-cache]
X-Cache: [TCP_HIT from a23-219-88-164.deploy.akamaitechnologies.com (AkamaiGHost/8.3.4.1.2-20081415) (-)]
X-Frame-Options: [DENY]
  • Content-Type in response is set 'application/x-pkcs7-crl' and should be replaced with 'application/pkix-crl' (RFC 5280, section 4.2.1.13)
  • This CRL file is DER encoded
  • Issuer field is byte-for-byte equivalent with issuers subject
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than seven days old, CRLs must be updated and reissued at least every seven days (Mozilla Maintenance Policy section 3)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is not the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is not the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://ocsp.entrust.net (POST)Revoked

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp.entrust.net (POST)
Size: 2144 bytes (DER data)
Response time: 71.178845ms
Signature algorithm: SHA1WithRSA
Signature type: CA Delegated
Signed by: OCSP1
Issued by: Entrust Certification Authority - L1K
Signing certificate validity: 2014-08-26 - 2017-08-26
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Revoked

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 59m42s

Server and network information

Content Delivery Network (CDN): Akamai
Cache Information: TCP_MISS from a23-215-131-87.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (-)

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFEwTzBNMEswSTAJBgUrDgMCGgUABBTMbSIc9rRVLC+HkV9a/vDh7s6DzAQUgqJw
dN28Uz/Pe9T3zX+nYMYKTL8CEHoGowHaNu9nAAAAAFDbx0Y=
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIIXAoBAKCCCFUwgghRBgkrBgEFBQcwAQEEgghCMIIIPjCCAW6hgc0wgcoxCzAJ
BgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUg
d3d3LmVudHJ1c3QubmV0L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykgMjAxMiBF
bnRydXN0LCBJbmMuIC0gZm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxLjAsBgNVBAMT
JUVudHJ1c3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBMMUsxDjAMBgNVBAMT
BU9DU1AxGA8yMDE3MDYyMzIyNTIxN1owgYowgYcwSTAJBgUrDgMCGgUABBTMbSIc
9rRVLC+HkV9a/vDh7s6DzAQUgqJwdN28Uz/Pe9T3zX+nYMYKTL8CEHoGowHaNu9n
AAAAAFDbx0ahFhgPMjAxNzA2MTkxNzU3NDlaoAMKAQQYDzIwMTcwNjIzMjI1MjE3
WqARGA8yMDE3MDYzMDIyNTIxN1owDQYJKoZIhvcNAQEFBQADggEBAId+vpf+iR8O
zjQWRYlcN0xXEWL5hVk9y9jU7eR19Tg4nG7u31+1jevD6zkT83V3LJ8DvCSmSaGk
B12t2nfMTy1EFoxpHpIqjMH2y5wZ49Q+qmLhg13xZ60rYGTsUUSlAx6hEt+v4S5z
aq8Fa/jT+yGO0vpsRLtqyYvvJABzhKvTZy2jgxiEjfmuooz33VLX84eH/2rXYz7I
bivZk4dHaPgvKqz2kpBcwq+78fK8Clx2YXW8+3f6dChc3N5AzhaMJfcLajpoluTY
9Gr8djNeHxeoe6rArw4zUFs3JnD7wf4zy1CpvekDSf4CdJN1J054N+tUNbA/zRJ3
7ME7VuFuUU+gggW0MIIFsDCCBawwggSUoAMCAQICDQD1nbmmAAAAAFDR/sEwDQYJ
KoZIhvcNAQELBQAwgboxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJ
bmMuMSgwJgYDVQQLEx9TZWUgd3d3LmVudHJ1c3QubmV0L2xlZ2FsLXRlcm1zMTkw
NwYDVQQLEzAoYykgMjAxMiBFbnRydXN0LCBJbmMuIC0gZm9yIGF1dGhvcml6ZWQg
dXNlIG9ubHkxLjAsBgNVBAMTJUVudHJ1c3QgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
dHkgLSBMMUswHhcNMTQwODI2MTQ1MzA5WhcNMTcwODI2MTUyMzA5WjCByjELMAkG
A1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3
d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDEyIEVu
dHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEuMCwGA1UEAxMl
RW50cnVzdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEwxSzEOMAwGA1UEAxMF
T0NTUDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJ2olV6euD1Uyp
XkHiIkBtqWnQN+pBpNQle7cbn6HqteOSP5k+le/tCKaVTNgOCy+Zdg1Rqk7AEAkY
pRda22cp3OdBQN1106J6b2nZOMMuuQ/ZTD5thDaOaKw7W16paxxYXMga5Iveivn3
VXnZce/riWXgAu9mQl82qFSnNsICBRWTsyLxWYnJIh6YfLSBjNxEiSqdiX6OuHz1
z5raE1dhlGTKqrnAFA9v7P0pTmGiU/9j17pRhqIOgOAflyZFwZ6sGJh5v9tI5dXU
hhwOZuPY46zHwblYSGAdA3jxWzIxzjEsxyMXUZxng5nIZwS/we7y3nX/24L/DkTM
5JheA6QzAgMBAAGjggGdMIIBmTALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYB
BQUHAwkwDwYJKwYBBQUHMAEFBAIFADAzBggrBgEFBQcBAQQnMCUwIwYIKwYBBQUH
MAGGF2h0dHA6Ly9vY3NwLmVudHJ1c3QubmV0MIHjBgNVHR8EgdswgdgwgdWggdKg
gc+kgcwwgckxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMSgw
JgYDVQQLEx9TZWUgd3d3LmVudHJ1c3QubmV0L2xlZ2FsLXRlcm1zMTkwNwYDVQQL
EzAoYykgMjAxMiBFbnRydXN0LCBJbmMuIC0gZm9yIGF1dGhvcml6ZWQgdXNlIG9u
bHkxLjAsBgNVBAMTJUVudHJ1c3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBM
MUsxDTALBgNVBAMTBENSTDEwHwYDVR0jBBgwFoAUgqJwdN28Uz/Pe9T3zX+nYMYK
TL8wHQYDVR0OBBYEFNUCBLbXoKgts70SJatS1NHllo3EMAkGA1UdEwQCMAAwDQYJ
KoZIhvcNAQELBQADggEBAKknvrNG7098baAlYnkbIAiaJjR4W91g17sNu04+G0Eq
8GkVh5V1DwpELGGlCgq/yUimCKMtU8DqTzovm+49d19XKfyUokLsN0Rnn6Ni5Rlp
09ReR0HI+0X05zm4HhhI9S1hEmcEwaoMRAVhFfvpGLuc/DmLUfOyN87rsOB0fGId
pX9prmlK8pq3baawHfodssH+fxTlAwN4vSedux3ADn8ao4XrZFUgGG9serhKj4uU
yySpJAE5ZGa6AVocRJEJrGbqvY/Sb9cB0PyHjRPAU28Aq2c7ZSzUW606AlPseVJh
UR+A65rLCH4EiuS9ckSTJNqPCyGs7cNkZIigKIY+NVQ=
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIFrDCCBJSgAwIBAgINAPWduaYAAAAAUNH+wTANBgkqhkiG9w0BAQsFADCBujEL
MAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1Nl
ZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDEy
IEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEuMCwGA1UE
AxMlRW50cnVzdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEwxSzAeFw0xNDA4
MjYxNDUzMDlaFw0xNzA4MjYxNTIzMDlaMIHKMQswCQYDVQQGEwJVUzEWMBQGA1UE
ChMNRW50cnVzdCwgSW5jLjEoMCYGA1UECxMfU2VlIHd3dy5lbnRydXN0Lm5ldC9s
ZWdhbC10ZXJtczE5MDcGA1UECxMwKGMpIDIwMTIgRW50cnVzdCwgSW5jLiAtIGZv
ciBhdXRob3JpemVkIHVzZSBvbmx5MS4wLAYDVQQDEyVFbnRydXN0IENlcnRpZmlj
YXRpb24gQXV0aG9yaXR5IC0gTDFLMQ4wDAYDVQQDEwVPQ1NQMTCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBAMnaiVXp64PVTKleQeIiQG2padA36kGk1CV7
txufoeq145I/mT6V7+0IppVM2A4LL5l2DVGqTsAQCRilF1rbZync50FA3XXTonpv
adk4wy65D9lMPm2ENo5orDtbXqlrHFhcyBrki96K+fdVedlx7+uJZeAC72ZCXzao
VKc2wgIFFZOzIvFZickiHph8tIGM3ESJKp2Jfo64fPXPmtoTV2GUZMqqucAUD2/s
/SlOYaJT/2PXulGGog6A4B+XJkXBnqwYmHm/20jl1dSGHA5m49jjrMfBuVhIYB0D
ePFbMjHOMSzHIxdRnGeDmchnBL/B7vLedf/bgv8ORMzkmF4DpDMCAwEAAaOCAZ0w
ggGZMAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDCTAPBgkrBgEFBQcw
AQUEAgUAMDMGCCsGAQUFBwEBBCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3Au
ZW50cnVzdC5uZXQwgeMGA1UdHwSB2zCB2DCB1aCB0qCBz6SBzDCByTELMAkGA1UE
BhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cu
ZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDEyIEVudHJ1
c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEuMCwGA1UEAxMlRW50
cnVzdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEwxSzENMAsGA1UEAxMEQ1JM
MTAfBgNVHSMEGDAWgBSConB03bxTP8971PfNf6dgxgpMvzAdBgNVHQ4EFgQU1QIE
ttegqC2zvRIlq1LU0eWWjcQwCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEA
qSe+s0bvT3xtoCVieRsgCJomNHhb3WDXuw27Tj4bQSrwaRWHlXUPCkQsYaUKCr/J
SKYIoy1TwOpPOi+b7j13X1cp/JSiQuw3RGefo2LlGWnT1F5HQcj7RfTnObgeGEj1
LWESZwTBqgxEBWEV++kYu5z8OYtR87I3zuuw4HR8Yh2lf2muaUrymrdtprAd+h2y
wf5/FOUDA3i9J527HcAOfxqjhetkVSAYb2x6uEqPi5TLJKkkATlkZroBWhxEkQms
Zuq9j9Jv1wHQ/IeNE8BTbwCrZztlLNRbrToCU+x5UmFRH4DrmssIfgSK5L1yRJMk
2o8LIaztw2RkiKAohj41VA==
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [public, no-transform, must-revalidate, max-age=3582]
Content-Length: [2144]
Content-Transfer-Encoding: [Binary]
Content-Type: [application/ocsp-response]
Date: [Sat, 24 Jun 2017 03:38:38 GMT]
Etag: ["871E795C195B55CCC4E51B7B2C95B7F561AC1387"]
Expires: [Sat, 24 Jun 2017 04:38:20 GMT]
Last-Modified: [Fri, 23 Jun 2017 22:52:17 GMT]
X-Cache: [TCP_MISS from a23-215-131-87.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (-)]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • OCSP response is valid for at least 8 hours (Microsoft)
  • OCSP response is available at least 8 hours before the current period expires or at ½ the validity if valid for more than 16 hours (Microsoft)
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is not the same as the NextUpdate field (RFC 5019 section 6.2)
This OCSP response was cached at
http://ocsp.entrust.net (GET)Revoked

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp.entrust.net (GET)
Size: 2144 bytes (DER data)
Response time: 111.523399ms
Signature algorithm: SHA1WithRSA
Signature type: CA Delegated
Signed by: OCSP1
Issued by: Entrust Certification Authority - L1K
Signing certificate validity: 2014-08-26 - 2017-08-26
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Revoked

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 1h0m0s

Server and network information

Content Delivery Network (CDN): Akamai
Cache Information: TCP_MISS from a23-215-131-63.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (-)

URL used for GET request

http://ocsp.entrust.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTMbSIc9rRVLC%2BHkV9a%2FvDh7s6DzAQUgqJwdN28Uz%2FPe9T3zX%2BnYMYKTL8CEHoGowHaNu9nAAAAAFDbx0Y%3D

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFEwTzBNMEswSTAJBgUrDgMCGgUABBTMbSIc9rRVLC+HkV9a/vDh7s6DzAQUgqJw
dN28Uz/Pe9T3zX+nYMYKTL8CEHoGowHaNu9nAAAAAFDbx0Y=
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIIXAoBAKCCCFUwgghRBgkrBgEFBQcwAQEEgghCMIIIPjCCAW6hgc0wgcoxCzAJ
BgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUg
d3d3LmVudHJ1c3QubmV0L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykgMjAxMiBF
bnRydXN0LCBJbmMuIC0gZm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxLjAsBgNVBAMT
JUVudHJ1c3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBMMUsxDjAMBgNVBAMT
BU9DU1AxGA8yMDE3MDYyMzIyNTIxN1owgYowgYcwSTAJBgUrDgMCGgUABBTMbSIc
9rRVLC+HkV9a/vDh7s6DzAQUgqJwdN28Uz/Pe9T3zX+nYMYKTL8CEHoGowHaNu9n
AAAAAFDbx0ahFhgPMjAxNzA2MTkxNzU3NDlaoAMKAQQYDzIwMTcwNjIzMjI1MjE3
WqARGA8yMDE3MDYzMDIyNTIxN1owDQYJKoZIhvcNAQEFBQADggEBAId+vpf+iR8O
zjQWRYlcN0xXEWL5hVk9y9jU7eR19Tg4nG7u31+1jevD6zkT83V3LJ8DvCSmSaGk
B12t2nfMTy1EFoxpHpIqjMH2y5wZ49Q+qmLhg13xZ60rYGTsUUSlAx6hEt+v4S5z
aq8Fa/jT+yGO0vpsRLtqyYvvJABzhKvTZy2jgxiEjfmuooz33VLX84eH/2rXYz7I
bivZk4dHaPgvKqz2kpBcwq+78fK8Clx2YXW8+3f6dChc3N5AzhaMJfcLajpoluTY
9Gr8djNeHxeoe6rArw4zUFs3JnD7wf4zy1CpvekDSf4CdJN1J054N+tUNbA/zRJ3
7ME7VuFuUU+gggW0MIIFsDCCBawwggSUoAMCAQICDQD1nbmmAAAAAFDR/sEwDQYJ
KoZIhvcNAQELBQAwgboxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJ
bmMuMSgwJgYDVQQLEx9TZWUgd3d3LmVudHJ1c3QubmV0L2xlZ2FsLXRlcm1zMTkw
NwYDVQQLEzAoYykgMjAxMiBFbnRydXN0LCBJbmMuIC0gZm9yIGF1dGhvcml6ZWQg
dXNlIG9ubHkxLjAsBgNVBAMTJUVudHJ1c3QgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
dHkgLSBMMUswHhcNMTQwODI2MTQ1MzA5WhcNMTcwODI2MTUyMzA5WjCByjELMAkG
A1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3
d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDEyIEVu
dHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEuMCwGA1UEAxMl
RW50cnVzdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEwxSzEOMAwGA1UEAxMF
T0NTUDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJ2olV6euD1Uyp
XkHiIkBtqWnQN+pBpNQle7cbn6HqteOSP5k+le/tCKaVTNgOCy+Zdg1Rqk7AEAkY
pRda22cp3OdBQN1106J6b2nZOMMuuQ/ZTD5thDaOaKw7W16paxxYXMga5Iveivn3
VXnZce/riWXgAu9mQl82qFSnNsICBRWTsyLxWYnJIh6YfLSBjNxEiSqdiX6OuHz1
z5raE1dhlGTKqrnAFA9v7P0pTmGiU/9j17pRhqIOgOAflyZFwZ6sGJh5v9tI5dXU
hhwOZuPY46zHwblYSGAdA3jxWzIxzjEsxyMXUZxng5nIZwS/we7y3nX/24L/DkTM
5JheA6QzAgMBAAGjggGdMIIBmTALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYB
BQUHAwkwDwYJKwYBBQUHMAEFBAIFADAzBggrBgEFBQcBAQQnMCUwIwYIKwYBBQUH
MAGGF2h0dHA6Ly9vY3NwLmVudHJ1c3QubmV0MIHjBgNVHR8EgdswgdgwgdWggdKg
gc+kgcwwgckxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMSgw
JgYDVQQLEx9TZWUgd3d3LmVudHJ1c3QubmV0L2xlZ2FsLXRlcm1zMTkwNwYDVQQL
EzAoYykgMjAxMiBFbnRydXN0LCBJbmMuIC0gZm9yIGF1dGhvcml6ZWQgdXNlIG9u
bHkxLjAsBgNVBAMTJUVudHJ1c3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBM
MUsxDTALBgNVBAMTBENSTDEwHwYDVR0jBBgwFoAUgqJwdN28Uz/Pe9T3zX+nYMYK
TL8wHQYDVR0OBBYEFNUCBLbXoKgts70SJatS1NHllo3EMAkGA1UdEwQCMAAwDQYJ
KoZIhvcNAQELBQADggEBAKknvrNG7098baAlYnkbIAiaJjR4W91g17sNu04+G0Eq
8GkVh5V1DwpELGGlCgq/yUimCKMtU8DqTzovm+49d19XKfyUokLsN0Rnn6Ni5Rlp
09ReR0HI+0X05zm4HhhI9S1hEmcEwaoMRAVhFfvpGLuc/DmLUfOyN87rsOB0fGId
pX9prmlK8pq3baawHfodssH+fxTlAwN4vSedux3ADn8ao4XrZFUgGG9serhKj4uU
yySpJAE5ZGa6AVocRJEJrGbqvY/Sb9cB0PyHjRPAU28Aq2c7ZSzUW606AlPseVJh
UR+A65rLCH4EiuS9ckSTJNqPCyGs7cNkZIigKIY+NVQ=
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIFrDCCBJSgAwIBAgINAPWduaYAAAAAUNH+wTANBgkqhkiG9w0BAQsFADCBujEL
MAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1Nl
ZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDEy
IEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEuMCwGA1UE
AxMlRW50cnVzdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEwxSzAeFw0xNDA4
MjYxNDUzMDlaFw0xNzA4MjYxNTIzMDlaMIHKMQswCQYDVQQGEwJVUzEWMBQGA1UE
ChMNRW50cnVzdCwgSW5jLjEoMCYGA1UECxMfU2VlIHd3dy5lbnRydXN0Lm5ldC9s
ZWdhbC10ZXJtczE5MDcGA1UECxMwKGMpIDIwMTIgRW50cnVzdCwgSW5jLiAtIGZv
ciBhdXRob3JpemVkIHVzZSBvbmx5MS4wLAYDVQQDEyVFbnRydXN0IENlcnRpZmlj
YXRpb24gQXV0aG9yaXR5IC0gTDFLMQ4wDAYDVQQDEwVPQ1NQMTCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBAMnaiVXp64PVTKleQeIiQG2padA36kGk1CV7
txufoeq145I/mT6V7+0IppVM2A4LL5l2DVGqTsAQCRilF1rbZync50FA3XXTonpv
adk4wy65D9lMPm2ENo5orDtbXqlrHFhcyBrki96K+fdVedlx7+uJZeAC72ZCXzao
VKc2wgIFFZOzIvFZickiHph8tIGM3ESJKp2Jfo64fPXPmtoTV2GUZMqqucAUD2/s
/SlOYaJT/2PXulGGog6A4B+XJkXBnqwYmHm/20jl1dSGHA5m49jjrMfBuVhIYB0D
ePFbMjHOMSzHIxdRnGeDmchnBL/B7vLedf/bgv8ORMzkmF4DpDMCAwEAAaOCAZ0w
ggGZMAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDCTAPBgkrBgEFBQcw
AQUEAgUAMDMGCCsGAQUFBwEBBCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3Au
ZW50cnVzdC5uZXQwgeMGA1UdHwSB2zCB2DCB1aCB0qCBz6SBzDCByTELMAkGA1UE
BhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cu
ZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDEyIEVudHJ1
c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEuMCwGA1UEAxMlRW50
cnVzdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEwxSzENMAsGA1UEAxMEQ1JM
MTAfBgNVHSMEGDAWgBSConB03bxTP8971PfNf6dgxgpMvzAdBgNVHQ4EFgQU1QIE
ttegqC2zvRIlq1LU0eWWjcQwCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEA
qSe+s0bvT3xtoCVieRsgCJomNHhb3WDXuw27Tj4bQSrwaRWHlXUPCkQsYaUKCr/J
SKYIoy1TwOpPOi+b7j13X1cp/JSiQuw3RGefo2LlGWnT1F5HQcj7RfTnObgeGEj1
LWESZwTBqgxEBWEV++kYu5z8OYtR87I3zuuw4HR8Yh2lf2muaUrymrdtprAd+h2y
wf5/FOUDA3i9J527HcAOfxqjhetkVSAYb2x6uEqPi5TLJKkkATlkZroBWhxEkQms
Zuq9j9Jv1wHQ/IeNE8BTbwCrZztlLNRbrToCU+x5UmFRH4DrmssIfgSK5L1yRJMk
2o8LIaztw2RkiKAohj41VA==
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [public, no-transform, must-revalidate, max-age=3600]
Content-Length: [2144]
Content-Transfer-Encoding: [Binary]
Content-Type: [application/ocsp-response]
Date: [Sat, 24 Jun 2017 03:38:38 GMT]
Etag: ["871E795C195B55CCC4E51B7B2C95B7F561AC1387"]
Expires: [Sat, 24 Jun 2017 04:38:38 GMT]
Last-Modified: [Fri, 23 Jun 2017 22:52:17 GMT]
X-Cache: [TCP_MISS from a23-215-131-63.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (-)]
  • OCSP requests is smaller than 255 bytes
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • OCSP response is valid for at least 8 hours (Microsoft)
  • OCSP response is available at least 8 hours before the current period expires or at ½ the validity if valid for more than 16 hours (Microsoft)
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is not the same as the NextUpdate field (RFC 5019 section 6.2)

Entrust Certification Authority - L1K (CA Certificate)

Certificate details for Entrust Certification Authority - L1K (At position 1 in certificate chain)
Serial number:
hex: 51d360ee
int: 1372807406
Issued by: Entrust Root Certification Authority - G2
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: Entrust, Inc.
Organization unit: See www.entrust.net/legal-terms
Organization unit: (c) 2012 Entrust, Inc. - for authorized use only
Country: US
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

Certificate Revocation List (CRL)

This CRL was cached at
http://crl.entrust.net/g2ca.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://crl.entrust.net/g2ca.crl
Size: 1224 bytes (DER data)
Response time: 19.906359ms
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 14

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Content Delivery Network (CDN): Akamai
Cache Information: TCP_MEM_HIT from a23-219-88-164.deploy.akamaitechnologies.com (AkamaiGHost/8.3.4.1.2-20081415) (-)

Raw CRL response headers

Accept-Ranges: [bytes]
Cache-Control: [no-cache]
Content-Length: [1224]
Content-Type: [application/x-pkcs7-crl]
Date: [Sat, 24 Jun 2017 03:36:03 GMT]
Expires: [Sat, 24 Jun 2017 03:36:03 GMT]
Last-Modified: [Thu, 05 Jan 2017 20:27:50 GMT]
Pragma: [no-cache]
X-Cache: [TCP_MEM_HIT from a23-219-88-164.deploy.akamaitechnologies.com (AkamaiGHost/8.3.4.1.2-20081415) (-)]
X-Frame-Options: [DENY]
  • Content-Type in response is set 'application/x-pkcs7-crl' and should be replaced with 'application/pkix-crl' (RFC 5280, section 4.2.1.13)
  • This CRL file is DER encoded
  • Issuer field is byte-for-byte equivalent with issuers subject
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is not the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is not the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://ocsp.entrust.net (GET)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp.entrust.net (GET)
Size: 1983 bytes (DER data)
Response time: 9.954622ms
Signature algorithm: SHA1WithRSA
Signature type: CA Delegated
Signed by: Entrust Validation Authority
Issued by: Entrust Root Certification Authority - G2
Signing certificate validity: 2017-06-01 - 2019-06-01
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 43m4s

Server and network information

Content Delivery Network (CDN): Akamai
Cache Information: TCP_MEM_HIT from a23-219-93-102.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (-)

URL used for GET request

http://ocsp.entrust.net/MEUwQzBBMD8wPTAJBgUrDgMCGgUABBTLXNCzDvBhHecWjg70iJhBW0InywQUanImetAe733nO2lR1GyNn5ASZqsCBFHTYO4%3D

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MEUwQzBBMD8wPTAJBgUrDgMCGgUABBTLXNCzDvBhHecWjg70iJhBW0InywQUanIm
etAe733nO2lR1GyNn5ASZqsCBFHTYO4=
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIHuwoBAKCCB7QwggewBgkrBgEFBQcwAQEEggehMIIHnTCCAWWhgegwgeUxCzAJ
BgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUg
d3d3LmVudHJ1c3QubmV0L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykgMjAwOSBF
bnRydXN0LCBJbmMuIC0gZm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxMjAwBgNVBAMT
KUVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcyMSUwIwYD
VQQDExxFbnRydXN0IFZhbGlkYXRpb24gQXV0aG9yaXR5GA8yMDE3MDYyMjE4MDIx
MFowZzBlMD0wCQYFKw4DAhoFAAQUy1zQsw7wYR3nFo4O9IiYQVtCJ8sEFGpyJnrQ
Hu995ztpUdRsjZ+QEmarAgRR02DugAAYDzIwMTcwNjIyMTgwMjEwWqARGA8yMDE3
MDYyOTE4MDIxMFowDQYJKoZIhvcNAQEFBQADggEBAAsrm5kTstLAFuLYSOY/nQ/f
sOw1noI1qSCF4wR50fxAE0M7de8lbAqVUA5VZw+IRIT6pRtcHF+JC8wnh/ZDAbuH
BIORAkmD64MCSQAGWpdhgPfBG2A5XLdzeuFLyKDkIfp1PTl8jUtf7ZiRslYKq07F
mvyaVj/n8HB1Xa+hR0VFDk86n77Qf+sCIS6Oe9YPYm9hRIuTtIjJv4QdafNic4XO
AVvxNsIeidmRv43bGNe07UqgMKB1dydNQNnGA5MCJU66YG8DytkmGW6s4ABZpMC2
l94cu1y2tH0ZCm4v1w5DauOR0jxsTq98QkEUuBTb4GusfMrLNwLQTF+0njA0he6g
ggUcMIIFGDCCBRQwggP8oAMCAQICDDZG/98AAAAAUdOScDANBgkqhkiG9w0BAQsF
ADCBvjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNV
BAsTH1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChj
KSAyMDA5IEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEy
MDAGA1UEAxMpRW50cnVzdCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0g
RzIwHhcNMTcwNjAxMTUxODQzWhcNMTkwNjAxMTU0ODQzWjCB5TELMAkGA1UEBhMC
VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50
cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDA5IEVudHJ1c3Qs
IEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEyMDAGA1UEAxMpRW50cnVz
dCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzIxJTAjBgNVBAMTHEVu
dHJ1c3QgVmFsaWRhdGlvbiBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDJ2olV6euD1UypXkHiIkBtqWnQN+pBpNQle7cbn6HqteOSP5k+
le/tCKaVTNgOCy+Zdg1Rqk7AEAkYpRda22cp3OdBQN1106J6b2nZOMMuuQ/ZTD5t
hDaOaKw7W16paxxYXMga5Iveivn3VXnZce/riWXgAu9mQl82qFSnNsICBRWTsyLx
WYnJIh6YfLSBjNxEiSqdiX6OuHz1z5raE1dhlGTKqrnAFA9v7P0pTmGiU/9j17pR
hqIOgOAflyZFwZ6sGJh5v9tI5dXUhhwOZuPY46zHwblYSGAdA3jxWzIxzjEsxyMX
UZxng5nIZwS/we7y3nX/24L/DkTM5JheA6QzAgMBAAGjgegwgeUwCwYDVR0PBAQD
AgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA8GCSsGAQUFBzABBQQCBQAwMAYDVR0f
BCkwJzAloCOgIYYfaHR0cDovL2NybC5lbnRydXN0Lm5ldC9nMmNhLmNybDAzBggr
BgEFBQcBAQQnMCUwIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLmVudHJ1c3QubmV0
MB8GA1UdIwQYMBaAFGpyJnrQHu995ztpUdRsjZ+QEmarMB0GA1UdDgQWBBTVAgS2
16CoLbO9EiWrUtTR5ZaNxDAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQBY
sGHY8jHwREeB4S7Itm98wzr09NViG9at5a5f5H25MkgUjWmZLkGhK61RuOvlYC19
APuoHv+fVXqQYVJic7qyn5GRqRm8UAv0vnARTye2mVWEiahR8mPvJB4VSvM4CJry
5CkAAVEgatep6DcS7wIFswuCtAuvGnUDe3pPgQVksbdRCiZIGDf3Fk5xLsal3o6/
G6ccrvCWNcmwekX9QIT/vjjimasHRSyb75w5a9FCn/Yg6lXbOh4m2q8Yg+ApcHzx
1N2iCDu8gLDjEfKO89hAZOm7VwjRQDjtiPHFwaLTI0XbPdILn7DZjWV50JVIqGa+
lel9Uip0wjO2YbdaZEz4
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgIMNkb/3wAAAABR05JwMA0GCSqGSIb3DQEBCwUAMIG+MQsw
CQYDVQQGEwJVUzEWMBQGA1UEChMNRW50cnVzdCwgSW5jLjEoMCYGA1UECxMfU2Vl
IHd3dy5lbnRydXN0Lm5ldC9sZWdhbC10ZXJtczE5MDcGA1UECxMwKGMpIDIwMDkg
RW50cnVzdCwgSW5jLiAtIGZvciBhdXRob3JpemVkIHVzZSBvbmx5MTIwMAYDVQQD
EylFbnRydXN0IFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMjAeFw0x
NzA2MDExNTE4NDNaFw0xOTA2MDExNTQ4NDNaMIHlMQswCQYDVQQGEwJVUzEWMBQG
A1UEChMNRW50cnVzdCwgSW5jLjEoMCYGA1UECxMfU2VlIHd3dy5lbnRydXN0Lm5l
dC9sZWdhbC10ZXJtczE5MDcGA1UECxMwKGMpIDIwMDkgRW50cnVzdCwgSW5jLiAt
IGZvciBhdXRob3JpemVkIHVzZSBvbmx5MTIwMAYDVQQDEylFbnRydXN0IFJvb3Qg
Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMjElMCMGA1UEAxMcRW50cnVzdCBW
YWxpZGF0aW9uIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMnaiVXp64PVTKleQeIiQG2padA36kGk1CV7txufoeq145I/mT6V7+0IppVM
2A4LL5l2DVGqTsAQCRilF1rbZync50FA3XXTonpvadk4wy65D9lMPm2ENo5orDtb
XqlrHFhcyBrki96K+fdVedlx7+uJZeAC72ZCXzaoVKc2wgIFFZOzIvFZickiHph8
tIGM3ESJKp2Jfo64fPXPmtoTV2GUZMqqucAUD2/s/SlOYaJT/2PXulGGog6A4B+X
JkXBnqwYmHm/20jl1dSGHA5m49jjrMfBuVhIYB0DePFbMjHOMSzHIxdRnGeDmchn
BL/B7vLedf/bgv8ORMzkmF4DpDMCAwEAAaOB6DCB5TALBgNVHQ8EBAMCB4AwEwYD
VR0lBAwwCgYIKwYBBQUHAwkwDwYJKwYBBQUHMAEFBAIFADAwBgNVHR8EKTAnMCWg
I6Ahhh9odHRwOi8vY3JsLmVudHJ1c3QubmV0L2cyY2EuY3JsMDMGCCsGAQUFBwEB
BCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZW50cnVzdC5uZXQwHwYDVR0j
BBgwFoAUanImetAe733nO2lR1GyNn5ASZqswHQYDVR0OBBYEFNUCBLbXoKgts70S
JatS1NHllo3EMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAFiwYdjyMfBE
R4HhLsi2b3zDOvT01WIb1q3lrl/kfbkySBSNaZkuQaErrVG46+VgLX0A+6ge/59V
epBhUmJzurKfkZGpGbxQC/S+cBFPJ7aZVYSJqFHyY+8kHhVK8zgImvLkKQABUSBq
16noNxLvAgWzC4K0C68adQN7ek+BBWSxt1EKJkgYN/cWTnEuxqXejr8bpxyu8JY1
ybB6Rf1AhP++OOKZqwdFLJvvnDlr0UKf9iDqVds6HibarxiD4ClwfPHU3aIIO7yA
sOMR8o7z2EBk6btXCNFAOO2I8cXBotMjRds90gufsNmNZXnQlUioZr6V6X1SKnTC
M7Zht1pkTPg=
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [public, no-transform, must-revalidate, max-age=2584]
Content-Length: [1983]
Content-Transfer-Encoding: [Binary]
Content-Type: [application/ocsp-response]
Date: [Thu, 22 Jun 2017 18:56:15 GMT]
Etag: ["73C617AF6EDBC77D359A77B19350C152995C3060"]
Expires: [Thu, 22 Jun 2017 19:39:19 GMT]
Last-Modified: [Thu, 22 Jun 2017 18:02:10 GMT]
X-Cache: [TCP_MEM_HIT from a23-219-93-102.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (-)]
  • OCSP requests is smaller than 255 bytes
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is not the same as the NextUpdate field (RFC 5019 section 6.2)
This OCSP response was cached at
http://ocsp.entrust.net (POST)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp.entrust.net (POST)
Size: 1983 bytes (DER data)
Response time: 8.214955ms
Signature algorithm: SHA1WithRSA
Signature type: CA Delegated
Signed by: Entrust Validation Authority
Issued by: Entrust Root Certification Authority - G2
Signing certificate validity: 2017-06-01 - 2019-06-01
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 42m59s

Server and network information

Content Delivery Network (CDN): Akamai
Cache Information: TCP_MEM_HIT from a23-219-93-102.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (-)

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MEUwQzBBMD8wPTAJBgUrDgMCGgUABBTLXNCzDvBhHecWjg70iJhBW0InywQUanIm
etAe733nO2lR1GyNn5ASZqsCBFHTYO4=
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIHuwoBAKCCB7QwggewBgkrBgEFBQcwAQEEggehMIIHnTCCAWWhgegwgeUxCzAJ
BgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUg
d3d3LmVudHJ1c3QubmV0L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykgMjAwOSBF
bnRydXN0LCBJbmMuIC0gZm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxMjAwBgNVBAMT
KUVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcyMSUwIwYD
VQQDExxFbnRydXN0IFZhbGlkYXRpb24gQXV0aG9yaXR5GA8yMDE3MDYyMjE4MDIx
MFowZzBlMD0wCQYFKw4DAhoFAAQUy1zQsw7wYR3nFo4O9IiYQVtCJ8sEFGpyJnrQ
Hu995ztpUdRsjZ+QEmarAgRR02DugAAYDzIwMTcwNjIyMTgwMjEwWqARGA8yMDE3
MDYyOTE4MDIxMFowDQYJKoZIhvcNAQEFBQADggEBAAsrm5kTstLAFuLYSOY/nQ/f
sOw1noI1qSCF4wR50fxAE0M7de8lbAqVUA5VZw+IRIT6pRtcHF+JC8wnh/ZDAbuH
BIORAkmD64MCSQAGWpdhgPfBG2A5XLdzeuFLyKDkIfp1PTl8jUtf7ZiRslYKq07F
mvyaVj/n8HB1Xa+hR0VFDk86n77Qf+sCIS6Oe9YPYm9hRIuTtIjJv4QdafNic4XO
AVvxNsIeidmRv43bGNe07UqgMKB1dydNQNnGA5MCJU66YG8DytkmGW6s4ABZpMC2
l94cu1y2tH0ZCm4v1w5DauOR0jxsTq98QkEUuBTb4GusfMrLNwLQTF+0njA0he6g
ggUcMIIFGDCCBRQwggP8oAMCAQICDDZG/98AAAAAUdOScDANBgkqhkiG9w0BAQsF
ADCBvjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNV
BAsTH1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChj
KSAyMDA5IEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEy
MDAGA1UEAxMpRW50cnVzdCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0g
RzIwHhcNMTcwNjAxMTUxODQzWhcNMTkwNjAxMTU0ODQzWjCB5TELMAkGA1UEBhMC
VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50
cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDA5IEVudHJ1c3Qs
IEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEyMDAGA1UEAxMpRW50cnVz
dCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzIxJTAjBgNVBAMTHEVu
dHJ1c3QgVmFsaWRhdGlvbiBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDJ2olV6euD1UypXkHiIkBtqWnQN+pBpNQle7cbn6HqteOSP5k+
le/tCKaVTNgOCy+Zdg1Rqk7AEAkYpRda22cp3OdBQN1106J6b2nZOMMuuQ/ZTD5t
hDaOaKw7W16paxxYXMga5Iveivn3VXnZce/riWXgAu9mQl82qFSnNsICBRWTsyLx
WYnJIh6YfLSBjNxEiSqdiX6OuHz1z5raE1dhlGTKqrnAFA9v7P0pTmGiU/9j17pR
hqIOgOAflyZFwZ6sGJh5v9tI5dXUhhwOZuPY46zHwblYSGAdA3jxWzIxzjEsxyMX
UZxng5nIZwS/we7y3nX/24L/DkTM5JheA6QzAgMBAAGjgegwgeUwCwYDVR0PBAQD
AgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA8GCSsGAQUFBzABBQQCBQAwMAYDVR0f
BCkwJzAloCOgIYYfaHR0cDovL2NybC5lbnRydXN0Lm5ldC9nMmNhLmNybDAzBggr
BgEFBQcBAQQnMCUwIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLmVudHJ1c3QubmV0
MB8GA1UdIwQYMBaAFGpyJnrQHu995ztpUdRsjZ+QEmarMB0GA1UdDgQWBBTVAgS2
16CoLbO9EiWrUtTR5ZaNxDAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQBY
sGHY8jHwREeB4S7Itm98wzr09NViG9at5a5f5H25MkgUjWmZLkGhK61RuOvlYC19
APuoHv+fVXqQYVJic7qyn5GRqRm8UAv0vnARTye2mVWEiahR8mPvJB4VSvM4CJry
5CkAAVEgatep6DcS7wIFswuCtAuvGnUDe3pPgQVksbdRCiZIGDf3Fk5xLsal3o6/
G6ccrvCWNcmwekX9QIT/vjjimasHRSyb75w5a9FCn/Yg6lXbOh4m2q8Yg+ApcHzx
1N2iCDu8gLDjEfKO89hAZOm7VwjRQDjtiPHFwaLTI0XbPdILn7DZjWV50JVIqGa+
lel9Uip0wjO2YbdaZEz4
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgIMNkb/3wAAAABR05JwMA0GCSqGSIb3DQEBCwUAMIG+MQsw
CQYDVQQGEwJVUzEWMBQGA1UEChMNRW50cnVzdCwgSW5jLjEoMCYGA1UECxMfU2Vl
IHd3dy5lbnRydXN0Lm5ldC9sZWdhbC10ZXJtczE5MDcGA1UECxMwKGMpIDIwMDkg
RW50cnVzdCwgSW5jLiAtIGZvciBhdXRob3JpemVkIHVzZSBvbmx5MTIwMAYDVQQD
EylFbnRydXN0IFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMjAeFw0x
NzA2MDExNTE4NDNaFw0xOTA2MDExNTQ4NDNaMIHlMQswCQYDVQQGEwJVUzEWMBQG
A1UEChMNRW50cnVzdCwgSW5jLjEoMCYGA1UECxMfU2VlIHd3dy5lbnRydXN0Lm5l
dC9sZWdhbC10ZXJtczE5MDcGA1UECxMwKGMpIDIwMDkgRW50cnVzdCwgSW5jLiAt
IGZvciBhdXRob3JpemVkIHVzZSBvbmx5MTIwMAYDVQQDEylFbnRydXN0IFJvb3Qg
Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMjElMCMGA1UEAxMcRW50cnVzdCBW
YWxpZGF0aW9uIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMnaiVXp64PVTKleQeIiQG2padA36kGk1CV7txufoeq145I/mT6V7+0IppVM
2A4LL5l2DVGqTsAQCRilF1rbZync50FA3XXTonpvadk4wy65D9lMPm2ENo5orDtb
XqlrHFhcyBrki96K+fdVedlx7+uJZeAC72ZCXzaoVKc2wgIFFZOzIvFZickiHph8
tIGM3ESJKp2Jfo64fPXPmtoTV2GUZMqqucAUD2/s/SlOYaJT/2PXulGGog6A4B+X
JkXBnqwYmHm/20jl1dSGHA5m49jjrMfBuVhIYB0DePFbMjHOMSzHIxdRnGeDmchn
BL/B7vLedf/bgv8ORMzkmF4DpDMCAwEAAaOB6DCB5TALBgNVHQ8EBAMCB4AwEwYD
VR0lBAwwCgYIKwYBBQUHAwkwDwYJKwYBBQUHMAEFBAIFADAwBgNVHR8EKTAnMCWg
I6Ahhh9odHRwOi8vY3JsLmVudHJ1c3QubmV0L2cyY2EuY3JsMDMGCCsGAQUFBwEB
BCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZW50cnVzdC5uZXQwHwYDVR0j
BBgwFoAUanImetAe733nO2lR1GyNn5ASZqswHQYDVR0OBBYEFNUCBLbXoKgts70S
JatS1NHllo3EMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAFiwYdjyMfBE
R4HhLsi2b3zDOvT01WIb1q3lrl/kfbkySBSNaZkuQaErrVG46+VgLX0A+6ge/59V
epBhUmJzurKfkZGpGbxQC/S+cBFPJ7aZVYSJqFHyY+8kHhVK8zgImvLkKQABUSBq
16noNxLvAgWzC4K0C68adQN7ek+BBWSxt1EKJkgYN/cWTnEuxqXejr8bpxyu8JY1
ybB6Rf1AhP++OOKZqwdFLJvvnDlr0UKf9iDqVds6HibarxiD4ClwfPHU3aIIO7yA
sOMR8o7z2EBk6btXCNFAOO2I8cXBotMjRds90gufsNmNZXnQlUioZr6V6X1SKnTC
M7Zht1pkTPg=
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [public, no-transform, must-revalidate, max-age=2579]
Content-Length: [1983]
Content-Transfer-Encoding: [Binary]
Content-Type: [application/ocsp-response]
Date: [Thu, 22 Jun 2017 18:56:15 GMT]
Etag: ["73C617AF6EDBC77D359A77B19350C152995C3060"]
Expires: [Thu, 22 Jun 2017 19:39:14 GMT]
Last-Modified: [Thu, 22 Jun 2017 18:02:10 GMT]
X-Cache: [TCP_MEM_HIT from a23-219-93-102.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (-)]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is not the same as the NextUpdate field (RFC 5019 section 6.2)

Entrust Root Certification Authority - G2 (CA Certificate)

Certificate details for Entrust Root Certification Authority - G2 (At position 2 in certificate chain)
Serial number:
hex: 4a538c28
int: 1246989352
Issued by: Entrust Root Certification Authority - G2
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: Entrust, Inc.
Organization unit: See www.entrust.net/legal-terms
Organization unit: (c) 2009 Entrust, Inc. - for authorized use only
Country: US
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

This is a self signed certificate

Check the revocation status for another website

Created by Paul van Brouwershaven
© 2015 - 2017 Digitorus B.V.
Revoked certificates can't and should not be trusted, these certificate will cause errors like "NET::ERR_CERT_REVOKED" in browsers.