CRL & OCSP report for 0-jump.valueline.com.www.coolcat.org - coolcat.org (Springfield-Greene County Library District)

coolcat.org

This certificate was cached at
Certificate details for coolcat.org (At position 0 in certificate chain)
Serial number:
hex: e96f27548ebdb1340000000054cd3082
int: 310287265682499153059341146372816318594
Issued by: Entrust Certification Authority - L1M
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Company registration number: 1971-01-01
Organization: Springfield-Greene County Library District
State / Province: Missouri
Locality: Springfield
Country: US
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

View complete certificate details for 0-jump.valueline.com.www.coolcat.org.

Certificate Revocation List (CRL)

This CRL was cached at
http://crl.entrust.net/level1m.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://crl.entrust.net/level1m.crl
Size: 117897 bytes (DER data)
Response time: 200.754649ms
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 2504

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Content Delivery Network (CDN): Akamai
Cache Information: TCP_HIT from a23-219-92-52.deploy.akamaitechnologies.com (AkamaiGHost/8.2.4.2-19368535) (-)

Raw CRL response headers

Accept-Ranges: [bytes]
Cache-Control: [no-cache]
Content-Length: [117897]
Content-Type: [application/x-pkcs7-crl]
Date: [Sun, 26 Feb 2017 04:16:40 GMT]
Expires: [Sun, 26 Feb 2017 04:16:40 GMT]
Last-Modified: [Sun, 26 Feb 2017 04:00:04 GMT]
Pragma: [no-cache]
X-Cache: [TCP_HIT from a23-219-92-52.deploy.akamaitechnologies.com (AkamaiGHost/8.2.4.2-19368535) (-)]
X-Frame-Options: [DENY]
  • Content-Type in response is set 'application/x-pkcs7-crl' and should be replaced with 'application/pkix-crl' (RFC 5280, section 4.2.1.13)
  • This CRL file is DER encoded
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than seven days old, CRLs must be updated and reissued at least every seven days (Mozilla Maintenance Policy section 3)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is not the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is not the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://ocsp.entrust.net (GET)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp.entrust.net (GET)
Size: 1942 bytes (DER data)
Response time: 94.84484ms
Signature algorithm: SHA256WithRSA
Signature type: CA Deligated
Signed by: OCSP1
Issued by: Entrust Certification Authority - L1M
Signing certificate validity: 2014-12-09 - 2017-12-09
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 59m53s

Server and network information

Content Delivery Network (CDN): Akamai
Cache Information: TCP_REFRESH_MISS from a23-219-93-102.deploy.akamaitechnologies.com (AkamaiGHost/8.2.2.1.1-19192351) (S)

URL used for GET request

http:/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBQnuEQcScL%2FkljKed%2BRzpzFYOq9kwQUw%2FfQtSowra8NkSFwOVTdvIlwxzoCEQDpbydUjr2xNAAAAABUzTCC

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFIwUDBOMEwwSjAJBgUrDgMCGgUABBQnuEQcScL/kljKed+RzpzFYOq9kwQUw/fQ
tSowra8NkSFwOVTdvIlwxzoCEQDpbydUjr2xNAAAAABUzTCC
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIHkgoBAKCCB4swggeHBgkrBgEFBQcwAQEEggd4MIIHdDCCAVehgc0wgcoxCzAJ
BgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUg
d3d3LmVudHJ1c3QubmV0L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykgMjAxNCBF
bnRydXN0LCBJbmMuIC0gZm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxLjAsBgNVBAMT
JUVudHJ1c3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBMMU0xDjAMBgNVBAMT
BU9DU1AxGA8yMDE3MDIyNzA1NDQxM1owdDByMEowCQYFKw4DAhoFAAQUJ7hEHEnC
/5JYynnfkc6cxWDqvZMEFMP30LUqMK2vDZEhcDlU3byJcMc6AhEA6W8nVI69sTQA
AAAAVM0wgoAAGA8yMDE3MDIyNzA1NDQxM1qgERgPMjAxNzAzMDYwNTQ0MTNaMA0G
CSqGSIb3DQEBCwUAA4IBAQDB6Y7jXezHbmhEdHCJNmO/EfVEzoJU+m88rVznkZpS
TXh9aLZCU8HZD6gvJz1P4YdMnytpc4JdR6h0kBAZTwuOQWyVFmzquWRirHeBe+Jo
hIfCEhLGki2j0FUQAjV81GSd+cUf2MmPcFK/d12S3rt9GV1F5I+g5V5ov6ENqxD2
qbTdpdnwsymaR86fAwIBTPQwVuEbyLzabRGyhPwIWmJ0vKK/9JvvEiGMW22NF8zw
kn8jEuWQERkn0wO92FlflPS7zE9cQfsFgOkoDnDTYjf+z8Ii00/l4gSi/pxsgBFw
OE0CHvIfqwD2BfXItccsQN3JCRJmgTUtSqe6D6H4QjhDoIIFATCCBP0wggT5MIID
4aADAgECAg0A2oVyeAAAAABUP+RNMA0GCSqGSIb3DQEBCwUAMIG6MQswCQYDVQQG
EwJVUzEWMBQGA1UEChMNRW50cnVzdCwgSW5jLjEoMCYGA1UECxMfU2VlIHd3dy5l
bnRydXN0Lm5ldC9sZWdhbC10ZXJtczE5MDcGA1UECxMwKGMpIDIwMTQgRW50cnVz
dCwgSW5jLiAtIGZvciBhdXRob3JpemVkIHVzZSBvbmx5MS4wLAYDVQQDEyVFbnRy
dXN0IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gTDFNMB4XDTE0MTIwOTIwMjY1
MFoXDTE3MTIwOTIwNTY1MFowgcoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRy
dXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUgd3d3LmVudHJ1c3QubmV0L2xlZ2FsLXRl
cm1zMTkwNwYDVQQLEzAoYykgMjAxNCBFbnRydXN0LCBJbmMuIC0gZm9yIGF1dGhv
cml6ZWQgdXNlIG9ubHkxLjAsBgNVBAMTJUVudHJ1c3QgQ2VydGlmaWNhdGlvbiBB
dXRob3JpdHkgLSBMMU0xDjAMBgNVBAMTBU9DU1AxMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAydqJVenrg9VMqV5B4iJAbalp0DfqQaTUJXu3G5+h6rXj
kj+ZPpXv7QimlUzYDgsvmXYNUapOwBAJGKUXWttnKdznQUDdddOiem9p2TjDLrkP
2Uw+bYQ2jmisO1teqWscWFzIGuSL3or591V52XHv64ll4ALvZkJfNqhUpzbCAgUV
k7Mi8VmJySIemHy0gYzcRIkqnYl+jrh89c+a2hNXYZRkyqq5wBQPb+z9KU5holP/
Y9e6UYaiDoDgH5cmRcGerBiYeb/bSOXV1IYcDmbj2OOsx8G5WEhgHQN48VsyMc4x
LMcjF1GcZ4OZyGcEv8Hu8t51/9uC/w5EzOSYXgOkMwIDAQABo4HrMIHoMAsGA1Ud
DwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDCTAPBgkrBgEFBQcwAQUEAgUAMDMG
CCsGAQUFBwEBBCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZW50cnVzdC5u
ZXQwMwYDVR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5lbnRydXN0Lm5ldC9sZXZl
bDFtLmNybDAfBgNVHSMEGDAWgBTD99C1KjCtrw2RIXA5VN28iXDHOjAdBgNVHQ4E
FgQU1QIEttegqC2zvRIlq1LU0eWWjcQwCQYDVR0TBAIwADANBgkqhkiG9w0BAQsF
AAOCAQEAVKHzqMc0cQ3QPrDTBIVc4N/dhgaw8udv6DqG1qXSsU45FUsTddycDQyt
kaC2RlL9/68A0abRw3TjyvL6dPzmbdmpx9AeycOxd8FTn+x4tM1arCNY6p1zDFcb
XveuTj/s8ypbGArD6tKx+3A2k2DHD58tl1XdYDyP13cQhjucWWmiCxQzXHwUKLOR
sPstR8JFMQMhdhqae1kIp+EoYOEiGXGoPZs8n4Y8chtfrW65O2gszzYcnZTZI/RF
yGFGHZRrRaVSUxPScm34ZRh8BVJEvpxsFVd6oiqL1s9XOHsBQPkAjScD1JSPKONr
ll4qwjrE8YsregdSKt2enRgjM+rjZg==
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIE+TCCA+GgAwIBAgINANqFcngAAAAAVD/kTTANBgkqhkiG9w0BAQsFADCBujEL
MAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1Nl
ZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDE0
IEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEuMCwGA1UE
AxMlRW50cnVzdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEwxTTAeFw0xNDEy
MDkyMDI2NTBaFw0xNzEyMDkyMDU2NTBaMIHKMQswCQYDVQQGEwJVUzEWMBQGA1UE
ChMNRW50cnVzdCwgSW5jLjEoMCYGA1UECxMfU2VlIHd3dy5lbnRydXN0Lm5ldC9s
ZWdhbC10ZXJtczE5MDcGA1UECxMwKGMpIDIwMTQgRW50cnVzdCwgSW5jLiAtIGZv
ciBhdXRob3JpemVkIHVzZSBvbmx5MS4wLAYDVQQDEyVFbnRydXN0IENlcnRpZmlj
YXRpb24gQXV0aG9yaXR5IC0gTDFNMQ4wDAYDVQQDEwVPQ1NQMTCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBAMnaiVXp64PVTKleQeIiQG2padA36kGk1CV7
txufoeq145I/mT6V7+0IppVM2A4LL5l2DVGqTsAQCRilF1rbZync50FA3XXTonpv
adk4wy65D9lMPm2ENo5orDtbXqlrHFhcyBrki96K+fdVedlx7+uJZeAC72ZCXzao
VKc2wgIFFZOzIvFZickiHph8tIGM3ESJKp2Jfo64fPXPmtoTV2GUZMqqucAUD2/s
/SlOYaJT/2PXulGGog6A4B+XJkXBnqwYmHm/20jl1dSGHA5m49jjrMfBuVhIYB0D
ePFbMjHOMSzHIxdRnGeDmchnBL/B7vLedf/bgv8ORMzkmF4DpDMCAwEAAaOB6zCB
6DALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDwYJKwYBBQUHMAEF
BAIFADAzBggrBgEFBQcBAQQnMCUwIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLmVu
dHJ1c3QubmV0MDMGA1UdHwQsMCowKKAmoCSGImh0dHA6Ly9jcmwuZW50cnVzdC5u
ZXQvbGV2ZWwxbS5jcmwwHwYDVR0jBBgwFoAUw/fQtSowra8NkSFwOVTdvIlwxzow
HQYDVR0OBBYEFNUCBLbXoKgts70SJatS1NHllo3EMAkGA1UdEwQCMAAwDQYJKoZI
hvcNAQELBQADggEBAFSh86jHNHEN0D6w0wSFXODf3YYGsPLnb+g6htal0rFOORVL
E3XcnA0MrZGgtkZS/f+vANGm0cN048ry+nT85m3ZqcfQHsnDsXfBU5/seLTNWqwj
WOqdcwxXG173rk4/7PMqWxgKw+rSsftwNpNgxw+fLZdV3WA8j9d3EIY7nFlpogsU
M1x8FCizkbD7LUfCRTEDIXYamntZCKfhKGDhIhlxqD2bPJ+GPHIbX61uuTtoLM82
HJ2U2SP0RchhRh2Ua0WlUlMT0nJt+GUYfAVSRL6cbBVXeqIqi9bPVzh7AUD5AI0n
A9SUjyjja5ZeKsI6xPGLK3oHUirdnp0YIzPq42Y=
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [public, no-transform, must-revalidate, max-age=3593]
Content-Length: [1942]
Content-Transfer-Encoding: [Binary]
Content-Type: [application/ocsp-response]
Date: [Mon, 27 Feb 2017 06:38:52 GMT]
Etag: ["615BDB1CE9AB9DC9316CF60095E6CFBF35A9DDF8"]
Expires: [Mon, 27 Feb 2017 07:38:45 GMT]
Last-Modified: [Mon, 27 Feb 2017 05:44:13 GMT]
X-Cache: [TCP_REFRESH_MISS from a23-219-93-102.deploy.akamaitechnologies.com (AkamaiGHost/8.2.2.1.1-19192351) (S)]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is not the same as the NextUpdate field (RFC 5019 section 6.2)
This OCSP response was cached at
http://ocsp.entrust.net (POST)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp.entrust.net (POST)
Size: 1942 bytes (DER data)
Response time: 333.655204ms
Signature algorithm: SHA256WithRSA
Signature type: CA Deligated
Signed by: OCSP1
Issued by: Entrust Certification Authority - L1M
Signing certificate validity: 2014-12-09 - 2017-12-09
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 1h0m0s

Server and network information

Content Delivery Network (CDN): Akamai
Cache Information: TCP_MISS from a23-219-93-86.deploy.akamaitechnologies.com (AkamaiGHost/8.2.2.1.1-19192351) (-)

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFIwUDBOMEwwSjAJBgUrDgMCGgUABBQnuEQcScL/kljKed+RzpzFYOq9kwQUw/fQ
tSowra8NkSFwOVTdvIlwxzoCEQDpbydUjr2xNAAAAABUzTCC
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIHkgoBAKCCB4swggeHBgkrBgEFBQcwAQEEggd4MIIHdDCCAVehgc0wgcoxCzAJ
BgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUg
d3d3LmVudHJ1c3QubmV0L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykgMjAxNCBF
bnRydXN0LCBJbmMuIC0gZm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxLjAsBgNVBAMT
JUVudHJ1c3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBMMU0xDjAMBgNVBAMT
BU9DU1AxGA8yMDE3MDIyNzAzNDExOVowdDByMEowCQYFKw4DAhoFAAQUJ7hEHEnC
/5JYynnfkc6cxWDqvZMEFMP30LUqMK2vDZEhcDlU3byJcMc6AhEA6W8nVI69sTQA
AAAAVM0wgoAAGA8yMDE3MDIyNzAzNDExOVqgERgPMjAxNzAzMDYwMzQxMTlaMA0G
CSqGSIb3DQEBCwUAA4IBAQBB5zMTWBLSfFKdxOqD1C+1fIoLwHSlX7KxsAi0map0
8vaUwygnLVLjmXXh7Lb4JRvsSW1A4aTC4JMLKFQdua/Fa1h/2xMwFodygAsOBYDd
VqJIeHVD9CskcwGqyGPyAVjPqiZIXCWg32A5eseEMgJucfgNZFp85Ude7+kI39Pt
EphGA5Mf1oKjCzhCDR2z5ljalD7b0J4Eh2a4QeYMfvp8AfgMtDdfKn97ju8DZuN/
II6cI17bGXNVIo0QEW6s83JcmHhngVAa8pAH2AYUJFs7nHg9gNOdBl6vjcLW5wed
IsNUzZ7etxwBM+rCw+2YRZm83HvHs20K/FlO7YYxU0vSoIIFATCCBP0wggT5MIID
4aADAgECAg0A2oVyeAAAAABUP+RNMA0GCSqGSIb3DQEBCwUAMIG6MQswCQYDVQQG
EwJVUzEWMBQGA1UEChMNRW50cnVzdCwgSW5jLjEoMCYGA1UECxMfU2VlIHd3dy5l
bnRydXN0Lm5ldC9sZWdhbC10ZXJtczE5MDcGA1UECxMwKGMpIDIwMTQgRW50cnVz
dCwgSW5jLiAtIGZvciBhdXRob3JpemVkIHVzZSBvbmx5MS4wLAYDVQQDEyVFbnRy
dXN0IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gTDFNMB4XDTE0MTIwOTIwMjY1
MFoXDTE3MTIwOTIwNTY1MFowgcoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRy
dXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUgd3d3LmVudHJ1c3QubmV0L2xlZ2FsLXRl
cm1zMTkwNwYDVQQLEzAoYykgMjAxNCBFbnRydXN0LCBJbmMuIC0gZm9yIGF1dGhv
cml6ZWQgdXNlIG9ubHkxLjAsBgNVBAMTJUVudHJ1c3QgQ2VydGlmaWNhdGlvbiBB
dXRob3JpdHkgLSBMMU0xDjAMBgNVBAMTBU9DU1AxMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAydqJVenrg9VMqV5B4iJAbalp0DfqQaTUJXu3G5+h6rXj
kj+ZPpXv7QimlUzYDgsvmXYNUapOwBAJGKUXWttnKdznQUDdddOiem9p2TjDLrkP
2Uw+bYQ2jmisO1teqWscWFzIGuSL3or591V52XHv64ll4ALvZkJfNqhUpzbCAgUV
k7Mi8VmJySIemHy0gYzcRIkqnYl+jrh89c+a2hNXYZRkyqq5wBQPb+z9KU5holP/
Y9e6UYaiDoDgH5cmRcGerBiYeb/bSOXV1IYcDmbj2OOsx8G5WEhgHQN48VsyMc4x
LMcjF1GcZ4OZyGcEv8Hu8t51/9uC/w5EzOSYXgOkMwIDAQABo4HrMIHoMAsGA1Ud
DwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDCTAPBgkrBgEFBQcwAQUEAgUAMDMG
CCsGAQUFBwEBBCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZW50cnVzdC5u
ZXQwMwYDVR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5lbnRydXN0Lm5ldC9sZXZl
bDFtLmNybDAfBgNVHSMEGDAWgBTD99C1KjCtrw2RIXA5VN28iXDHOjAdBgNVHQ4E
FgQU1QIEttegqC2zvRIlq1LU0eWWjcQwCQYDVR0TBAIwADANBgkqhkiG9w0BAQsF
AAOCAQEAVKHzqMc0cQ3QPrDTBIVc4N/dhgaw8udv6DqG1qXSsU45FUsTddycDQyt
kaC2RlL9/68A0abRw3TjyvL6dPzmbdmpx9AeycOxd8FTn+x4tM1arCNY6p1zDFcb
XveuTj/s8ypbGArD6tKx+3A2k2DHD58tl1XdYDyP13cQhjucWWmiCxQzXHwUKLOR
sPstR8JFMQMhdhqae1kIp+EoYOEiGXGoPZs8n4Y8chtfrW65O2gszzYcnZTZI/RF
yGFGHZRrRaVSUxPScm34ZRh8BVJEvpxsFVd6oiqL1s9XOHsBQPkAjScD1JSPKONr
ll4qwjrE8YsregdSKt2enRgjM+rjZg==
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIE+TCCA+GgAwIBAgINANqFcngAAAAAVD/kTTANBgkqhkiG9w0BAQsFADCBujEL
MAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1Nl
ZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDE0
IEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEuMCwGA1UE
AxMlRW50cnVzdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEwxTTAeFw0xNDEy
MDkyMDI2NTBaFw0xNzEyMDkyMDU2NTBaMIHKMQswCQYDVQQGEwJVUzEWMBQGA1UE
ChMNRW50cnVzdCwgSW5jLjEoMCYGA1UECxMfU2VlIHd3dy5lbnRydXN0Lm5ldC9s
ZWdhbC10ZXJtczE5MDcGA1UECxMwKGMpIDIwMTQgRW50cnVzdCwgSW5jLiAtIGZv
ciBhdXRob3JpemVkIHVzZSBvbmx5MS4wLAYDVQQDEyVFbnRydXN0IENlcnRpZmlj
YXRpb24gQXV0aG9yaXR5IC0gTDFNMQ4wDAYDVQQDEwVPQ1NQMTCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBAMnaiVXp64PVTKleQeIiQG2padA36kGk1CV7
txufoeq145I/mT6V7+0IppVM2A4LL5l2DVGqTsAQCRilF1rbZync50FA3XXTonpv
adk4wy65D9lMPm2ENo5orDtbXqlrHFhcyBrki96K+fdVedlx7+uJZeAC72ZCXzao
VKc2wgIFFZOzIvFZickiHph8tIGM3ESJKp2Jfo64fPXPmtoTV2GUZMqqucAUD2/s
/SlOYaJT/2PXulGGog6A4B+XJkXBnqwYmHm/20jl1dSGHA5m49jjrMfBuVhIYB0D
ePFbMjHOMSzHIxdRnGeDmchnBL/B7vLedf/bgv8ORMzkmF4DpDMCAwEAAaOB6zCB
6DALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDwYJKwYBBQUHMAEF
BAIFADAzBggrBgEFBQcBAQQnMCUwIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLmVu
dHJ1c3QubmV0MDMGA1UdHwQsMCowKKAmoCSGImh0dHA6Ly9jcmwuZW50cnVzdC5u
ZXQvbGV2ZWwxbS5jcmwwHwYDVR0jBBgwFoAUw/fQtSowra8NkSFwOVTdvIlwxzow
HQYDVR0OBBYEFNUCBLbXoKgts70SJatS1NHllo3EMAkGA1UdEwQCMAAwDQYJKoZI
hvcNAQELBQADggEBAFSh86jHNHEN0D6w0wSFXODf3YYGsPLnb+g6htal0rFOORVL
E3XcnA0MrZGgtkZS/f+vANGm0cN048ry+nT85m3ZqcfQHsnDsXfBU5/seLTNWqwj
WOqdcwxXG173rk4/7PMqWxgKw+rSsftwNpNgxw+fLZdV3WA8j9d3EIY7nFlpogsU
M1x8FCizkbD7LUfCRTEDIXYamntZCKfhKGDhIhlxqD2bPJ+GPHIbX61uuTtoLM82
HJ2U2SP0RchhRh2Ua0WlUlMT0nJt+GUYfAVSRL6cbBVXeqIqi9bPVzh7AUD5AI0n
A9SUjyjja5ZeKsI6xPGLK3oHUirdnp0YIzPq42Y=
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [public, no-transform, must-revalidate, max-age=3600]
Content-Length: [1942]
Content-Transfer-Encoding: [Binary]
Content-Type: [application/ocsp-response]
Date: [Mon, 27 Feb 2017 06:38:53 GMT]
Etag: ["DB62120C4B28D4368A04A70C6B2C552FD665F78F"]
Expires: [Mon, 27 Feb 2017 07:38:53 GMT]
Last-Modified: [Mon, 27 Feb 2017 03:41:19 GMT]
X-Cache: [TCP_MISS from a23-219-93-86.deploy.akamaitechnologies.com (AkamaiGHost/8.2.2.1.1-19192351) (-)]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is not the same as the NextUpdate field (RFC 5019 section 6.2)

Entrust Certification Authority - L1M (CA Certificate)

This certificate was cached at
Certificate details for Entrust Certification Authority - L1M (At position 1 in certificate chain)
Serial number:
hex: 61a1e7d20000000051d366a6
int: 30215777750102225331854468774
Issued by: Entrust Root Certification Authority - G2
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: Entrust, Inc.
Organization unit: See www.entrust.net/legal-terms
Organization unit: (c) 2014 Entrust, Inc. - for authorized use only
Country: US
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

Certificate Revocation List (CRL)

This CRL was cached at
http://crl.entrust.net/g2ca.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://crl.entrust.net/g2ca.crl
Size: 1224 bytes (DER data)
Response time: 195.974626ms
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 14

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Content Delivery Network (CDN): Akamai
Cache Information: TCP_MEM_HIT from a23-219-92-52.deploy.akamaitechnologies.com (AkamaiGHost/8.2.4.2-19368535) (-)

Raw CRL response headers

Accept-Ranges: [bytes]
Cache-Control: [no-cache]
Content-Length: [1224]
Content-Type: [application/x-pkcs7-crl]
Date: [Sun, 26 Feb 2017 04:16:40 GMT]
Expires: [Sun, 26 Feb 2017 04:16:40 GMT]
Last-Modified: [Thu, 05 Jan 2017 20:27:50 GMT]
Pragma: [no-cache]
X-Cache: [TCP_MEM_HIT from a23-219-92-52.deploy.akamaitechnologies.com (AkamaiGHost/8.2.4.2-19368535) (-)]
X-Frame-Options: [DENY]
  • Content-Type in response is set 'application/x-pkcs7-crl' and should be replaced with 'application/pkix-crl' (RFC 5280, section 4.2.1.13)
  • This CRL file is DER encoded
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is not the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is not the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://ocsp.entrust.net (GET)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp.entrust.net (GET)
Size: 1991 bytes (DER data)
Response time: 12.90431ms
Signature algorithm: SHA1WithRSA
Signature type: CA Deligated
Signed by: Entrust Validation Authority
Issued by: Entrust Root Certification Authority - G2
Signing certificate validity: 2015-06-04 - 2017-06-04
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 24m25s

Server and network information

Content Delivery Network (CDN): Akamai
Cache Information: TCP_MEM_HIT from a23-219-93-102.deploy.akamaitechnologies.com (AkamaiGHost/8.2.2.1.1-19192351) (-)

URL used for GET request

http:/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBTLXNCzDvBhHecWjg70iJhBW0InywQUanImetAe733nO2lR1GyNn5ASZqsCDGGh59IAAAAAUdNmpg%3D%3D

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
ME0wSzBJMEcwRTAJBgUrDgMCGgUABBTLXNCzDvBhHecWjg70iJhBW0InywQUanIm
etAe733nO2lR1GyNn5ASZqsCDGGh59IAAAAAUdNmpg==
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIHwwoBAKCCB7wwgge4BgkrBgEFBQcwAQEEggepMIIHpTCCAW2hgegwgeUxCzAJ
BgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUg
d3d3LmVudHJ1c3QubmV0L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykgMjAwOSBF
bnRydXN0LCBJbmMuIC0gZm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxMjAwBgNVBAMT
KUVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcyMSUwIwYD
VQQDExxFbnRydXN0IFZhbGlkYXRpb24gQXV0aG9yaXR5GA8yMDE3MDIyNTIxMzYy
N1owbzBtMEUwCQYFKw4DAhoFAAQUy1zQsw7wYR3nFo4O9IiYQVtCJ8sEFGpyJnrQ
Hu995ztpUdRsjZ+QEmarAgxhoefSAAAAAFHTZqaAABgPMjAxNzAyMjUyMTM2Mjda
oBEYDzIwMTcwMzA0MjEzNjI3WjANBgkqhkiG9w0BAQUFAAOCAQEATKaSsw3GKVT3
LRAIkiwtZx8QKFfbXvNJSCKReLCHqDm18qBD/+KyazJjypn5B4Zk/FdkPloUYyJT
ghJUS5uTxX0xb37LaJWvRkHwn8fMEUHrRT2X9vIa5lJCqa/P+sJS7vS2l8iBcQoX
tEQgXL+jOOj2vjPShwx1b1ReUf+agIRpMQxGcMAPRgfe/Vr3FXPbn6BtcVIKQtpf
o5vG7xeSPecOYPnB/tMVqW0nfIa7os/ExMCyGf10uFL5Xw45LDPTjWV/tbIMcCkW
cbH1LzScjr1JQYN49w6Aeo/ZPHzvMizBol/faPf0ormkWRF1hZg447a8gzzeFl+b
l+56OeyEhqCCBRwwggUYMIIFFDCCA/ygAwIBAgIMTelQvQAAAABR03NIMA0GCSqG
SIb3DQEBCwUAMIG+MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNRW50cnVzdCwgSW5j
LjEoMCYGA1UECxMfU2VlIHd3dy5lbnRydXN0Lm5ldC9sZWdhbC10ZXJtczE5MDcG
A1UECxMwKGMpIDIwMDkgRW50cnVzdCwgSW5jLiAtIGZvciBhdXRob3JpemVkIHVz
ZSBvbmx5MTIwMAYDVQQDEylFbnRydXN0IFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRo
b3JpdHkgLSBHMjAeFw0xNTA2MDQxOTE1MzRaFw0xNzA2MDQxOTQ1MzRaMIHlMQsw
CQYDVQQGEwJVUzEWMBQGA1UEChMNRW50cnVzdCwgSW5jLjEoMCYGA1UECxMfU2Vl
IHd3dy5lbnRydXN0Lm5ldC9sZWdhbC10ZXJtczE5MDcGA1UECxMwKGMpIDIwMDkg
RW50cnVzdCwgSW5jLiAtIGZvciBhdXRob3JpemVkIHVzZSBvbmx5MTIwMAYDVQQD
EylFbnRydXN0IFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMjElMCMG
A1UEAxMcRW50cnVzdCBWYWxpZGF0aW9uIEF1dGhvcml0eTCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAMnaiVXp64PVTKleQeIiQG2padA36kGk1CV7txuf
oeq145I/mT6V7+0IppVM2A4LL5l2DVGqTsAQCRilF1rbZync50FA3XXTonpvadk4
wy65D9lMPm2ENo5orDtbXqlrHFhcyBrki96K+fdVedlx7+uJZeAC72ZCXzaoVKc2
wgIFFZOzIvFZickiHph8tIGM3ESJKp2Jfo64fPXPmtoTV2GUZMqqucAUD2/s/SlO
YaJT/2PXulGGog6A4B+XJkXBnqwYmHm/20jl1dSGHA5m49jjrMfBuVhIYB0DePFb
MjHOMSzHIxdRnGeDmchnBL/B7vLedf/bgv8ORMzkmF4DpDMCAwEAAaOB6DCB5TAL
BgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDwYJKwYBBQUHMAEFBAIF
ADAwBgNVHR8EKTAnMCWgI6Ahhh9odHRwOi8vY3JsLmVudHJ1c3QubmV0L2cyY2Eu
Y3JsMDMGCCsGAQUFBwEBBCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZW50
cnVzdC5uZXQwHwYDVR0jBBgwFoAUanImetAe733nO2lR1GyNn5ASZqswHQYDVR0O
BBYEFNUCBLbXoKgts70SJatS1NHllo3EMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQEL
BQADggEBADOiWIKLGjQVR7Sbhzs2OvR5l9pLfzoHnje8iLH3hM5+6mYDzhmt9jWY
DPS/xmPXPMc34VQjqkRFQmtl8pny1YwDraWyLVJR81WfRMa0Bl3QXK/PzPvNFSiX
p1ncZctaMa6Jsa6X/DMdB6KPMhRu9obdQGPaRv9hf215CuOblmFRmJUo/awWTgAP
fiIkI9zXoL6UeMPISDUk+OkSJWo1znzRX3Cjt1AZz5nlUvgdXZI7lvxdvrJsaurN
yrrGBQaFoZEy+jEKOn0XOph0sIfpPDw8GlWcXkbw38DjuwRW+SBl11O0uPoESBzs
sKEEqnkXHHoFz9QilxJrgbcV/S1hz9Q=
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgIMTelQvQAAAABR03NIMA0GCSqGSIb3DQEBCwUAMIG+MQsw
CQYDVQQGEwJVUzEWMBQGA1UEChMNRW50cnVzdCwgSW5jLjEoMCYGA1UECxMfU2Vl
IHd3dy5lbnRydXN0Lm5ldC9sZWdhbC10ZXJtczE5MDcGA1UECxMwKGMpIDIwMDkg
RW50cnVzdCwgSW5jLiAtIGZvciBhdXRob3JpemVkIHVzZSBvbmx5MTIwMAYDVQQD
EylFbnRydXN0IFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMjAeFw0x
NTA2MDQxOTE1MzRaFw0xNzA2MDQxOTQ1MzRaMIHlMQswCQYDVQQGEwJVUzEWMBQG
A1UEChMNRW50cnVzdCwgSW5jLjEoMCYGA1UECxMfU2VlIHd3dy5lbnRydXN0Lm5l
dC9sZWdhbC10ZXJtczE5MDcGA1UECxMwKGMpIDIwMDkgRW50cnVzdCwgSW5jLiAt
IGZvciBhdXRob3JpemVkIHVzZSBvbmx5MTIwMAYDVQQDEylFbnRydXN0IFJvb3Qg
Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMjElMCMGA1UEAxMcRW50cnVzdCBW
YWxpZGF0aW9uIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMnaiVXp64PVTKleQeIiQG2padA36kGk1CV7txufoeq145I/mT6V7+0IppVM
2A4LL5l2DVGqTsAQCRilF1rbZync50FA3XXTonpvadk4wy65D9lMPm2ENo5orDtb
XqlrHFhcyBrki96K+fdVedlx7+uJZeAC72ZCXzaoVKc2wgIFFZOzIvFZickiHph8
tIGM3ESJKp2Jfo64fPXPmtoTV2GUZMqqucAUD2/s/SlOYaJT/2PXulGGog6A4B+X
JkXBnqwYmHm/20jl1dSGHA5m49jjrMfBuVhIYB0DePFbMjHOMSzHIxdRnGeDmchn
BL/B7vLedf/bgv8ORMzkmF4DpDMCAwEAAaOB6DCB5TALBgNVHQ8EBAMCB4AwEwYD
VR0lBAwwCgYIKwYBBQUHAwkwDwYJKwYBBQUHMAEFBAIFADAwBgNVHR8EKTAnMCWg
I6Ahhh9odHRwOi8vY3JsLmVudHJ1c3QubmV0L2cyY2EuY3JsMDMGCCsGAQUFBwEB
BCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZW50cnVzdC5uZXQwHwYDVR0j
BBgwFoAUanImetAe733nO2lR1GyNn5ASZqswHQYDVR0OBBYEFNUCBLbXoKgts70S
JatS1NHllo3EMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBADOiWIKLGjQV
R7Sbhzs2OvR5l9pLfzoHnje8iLH3hM5+6mYDzhmt9jWYDPS/xmPXPMc34VQjqkRF
Qmtl8pny1YwDraWyLVJR81WfRMa0Bl3QXK/PzPvNFSiXp1ncZctaMa6Jsa6X/DMd
B6KPMhRu9obdQGPaRv9hf215CuOblmFRmJUo/awWTgAPfiIkI9zXoL6UeMPISDUk
+OkSJWo1znzRX3Cjt1AZz5nlUvgdXZI7lvxdvrJsaurNyrrGBQaFoZEy+jEKOn0X
Oph0sIfpPDw8GlWcXkbw38DjuwRW+SBl11O0uPoESBzssKEEqnkXHHoFz9QilxJr
gbcV/S1hz9Q=
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [public, no-transform, must-revalidate, max-age=1465]
Content-Length: [1991]
Content-Transfer-Encoding: [Binary]
Content-Type: [application/ocsp-response]
Date: [Sun, 26 Feb 2017 04:16:40 GMT]
Etag: ["701BAB0F467C3432CCD092884D684EF89EF2EC65"]
Expires: [Sun, 26 Feb 2017 04:41:05 GMT]
Last-Modified: [Sat, 25 Feb 2017 21:36:27 GMT]
X-Cache: [TCP_MEM_HIT from a23-219-93-102.deploy.akamaitechnologies.com (AkamaiGHost/8.2.2.1.1-19192351) (-)]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is not the same as the NextUpdate field (RFC 5019 section 6.2)
This OCSP response was cached at
http://ocsp.entrust.net (POST)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp.entrust.net (POST)
Size: 1991 bytes (DER data)
Response time: 12.394577ms
Signature algorithm: SHA1WithRSA
Signature type: CA Deligated
Signed by: Entrust Validation Authority
Issued by: Entrust Root Certification Authority - G2
Signing certificate validity: 2015-06-04 - 2017-06-04
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 12m15s

Server and network information

Content Delivery Network (CDN): Akamai
Cache Information: TCP_MEM_HIT from a23-219-93-86.deploy.akamaitechnologies.com (AkamaiGHost/8.2.2.1.1-19192351) (-)

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
ME0wSzBJMEcwRTAJBgUrDgMCGgUABBTLXNCzDvBhHecWjg70iJhBW0InywQUanIm
etAe733nO2lR1GyNn5ASZqsCDGGh59IAAAAAUdNmpg==
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIHwwoBAKCCB7wwgge4BgkrBgEFBQcwAQEEggepMIIHpTCCAW2hgegwgeUxCzAJ
BgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUg
d3d3LmVudHJ1c3QubmV0L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykgMjAwOSBF
bnRydXN0LCBJbmMuIC0gZm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxMjAwBgNVBAMT
KUVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcyMSUwIwYD
VQQDExxFbnRydXN0IFZhbGlkYXRpb24gQXV0aG9yaXR5GA8yMDE3MDIyNTIxMzYy
N1owbzBtMEUwCQYFKw4DAhoFAAQUy1zQsw7wYR3nFo4O9IiYQVtCJ8sEFGpyJnrQ
Hu995ztpUdRsjZ+QEmarAgxhoefSAAAAAFHTZqaAABgPMjAxNzAyMjUyMTM2Mjda
oBEYDzIwMTcwMzA0MjEzNjI3WjANBgkqhkiG9w0BAQUFAAOCAQEATKaSsw3GKVT3
LRAIkiwtZx8QKFfbXvNJSCKReLCHqDm18qBD/+KyazJjypn5B4Zk/FdkPloUYyJT
ghJUS5uTxX0xb37LaJWvRkHwn8fMEUHrRT2X9vIa5lJCqa/P+sJS7vS2l8iBcQoX
tEQgXL+jOOj2vjPShwx1b1ReUf+agIRpMQxGcMAPRgfe/Vr3FXPbn6BtcVIKQtpf
o5vG7xeSPecOYPnB/tMVqW0nfIa7os/ExMCyGf10uFL5Xw45LDPTjWV/tbIMcCkW
cbH1LzScjr1JQYN49w6Aeo/ZPHzvMizBol/faPf0ormkWRF1hZg447a8gzzeFl+b
l+56OeyEhqCCBRwwggUYMIIFFDCCA/ygAwIBAgIMTelQvQAAAABR03NIMA0GCSqG
SIb3DQEBCwUAMIG+MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNRW50cnVzdCwgSW5j
LjEoMCYGA1UECxMfU2VlIHd3dy5lbnRydXN0Lm5ldC9sZWdhbC10ZXJtczE5MDcG
A1UECxMwKGMpIDIwMDkgRW50cnVzdCwgSW5jLiAtIGZvciBhdXRob3JpemVkIHVz
ZSBvbmx5MTIwMAYDVQQDEylFbnRydXN0IFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRo
b3JpdHkgLSBHMjAeFw0xNTA2MDQxOTE1MzRaFw0xNzA2MDQxOTQ1MzRaMIHlMQsw
CQYDVQQGEwJVUzEWMBQGA1UEChMNRW50cnVzdCwgSW5jLjEoMCYGA1UECxMfU2Vl
IHd3dy5lbnRydXN0Lm5ldC9sZWdhbC10ZXJtczE5MDcGA1UECxMwKGMpIDIwMDkg
RW50cnVzdCwgSW5jLiAtIGZvciBhdXRob3JpemVkIHVzZSBvbmx5MTIwMAYDVQQD
EylFbnRydXN0IFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMjElMCMG
A1UEAxMcRW50cnVzdCBWYWxpZGF0aW9uIEF1dGhvcml0eTCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAMnaiVXp64PVTKleQeIiQG2padA36kGk1CV7txuf
oeq145I/mT6V7+0IppVM2A4LL5l2DVGqTsAQCRilF1rbZync50FA3XXTonpvadk4
wy65D9lMPm2ENo5orDtbXqlrHFhcyBrki96K+fdVedlx7+uJZeAC72ZCXzaoVKc2
wgIFFZOzIvFZickiHph8tIGM3ESJKp2Jfo64fPXPmtoTV2GUZMqqucAUD2/s/SlO
YaJT/2PXulGGog6A4B+XJkXBnqwYmHm/20jl1dSGHA5m49jjrMfBuVhIYB0DePFb
MjHOMSzHIxdRnGeDmchnBL/B7vLedf/bgv8ORMzkmF4DpDMCAwEAAaOB6DCB5TAL
BgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDwYJKwYBBQUHMAEFBAIF
ADAwBgNVHR8EKTAnMCWgI6Ahhh9odHRwOi8vY3JsLmVudHJ1c3QubmV0L2cyY2Eu
Y3JsMDMGCCsGAQUFBwEBBCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZW50
cnVzdC5uZXQwHwYDVR0jBBgwFoAUanImetAe733nO2lR1GyNn5ASZqswHQYDVR0O
BBYEFNUCBLbXoKgts70SJatS1NHllo3EMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQEL
BQADggEBADOiWIKLGjQVR7Sbhzs2OvR5l9pLfzoHnje8iLH3hM5+6mYDzhmt9jWY
DPS/xmPXPMc34VQjqkRFQmtl8pny1YwDraWyLVJR81WfRMa0Bl3QXK/PzPvNFSiX
p1ncZctaMa6Jsa6X/DMdB6KPMhRu9obdQGPaRv9hf215CuOblmFRmJUo/awWTgAP
fiIkI9zXoL6UeMPISDUk+OkSJWo1znzRX3Cjt1AZz5nlUvgdXZI7lvxdvrJsaurN
yrrGBQaFoZEy+jEKOn0XOph0sIfpPDw8GlWcXkbw38DjuwRW+SBl11O0uPoESBzs
sKEEqnkXHHoFz9QilxJrgbcV/S1hz9Q=
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgIMTelQvQAAAABR03NIMA0GCSqGSIb3DQEBCwUAMIG+MQsw
CQYDVQQGEwJVUzEWMBQGA1UEChMNRW50cnVzdCwgSW5jLjEoMCYGA1UECxMfU2Vl
IHd3dy5lbnRydXN0Lm5ldC9sZWdhbC10ZXJtczE5MDcGA1UECxMwKGMpIDIwMDkg
RW50cnVzdCwgSW5jLiAtIGZvciBhdXRob3JpemVkIHVzZSBvbmx5MTIwMAYDVQQD
EylFbnRydXN0IFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMjAeFw0x
NTA2MDQxOTE1MzRaFw0xNzA2MDQxOTQ1MzRaMIHlMQswCQYDVQQGEwJVUzEWMBQG
A1UEChMNRW50cnVzdCwgSW5jLjEoMCYGA1UECxMfU2VlIHd3dy5lbnRydXN0Lm5l
dC9sZWdhbC10ZXJtczE5MDcGA1UECxMwKGMpIDIwMDkgRW50cnVzdCwgSW5jLiAt
IGZvciBhdXRob3JpemVkIHVzZSBvbmx5MTIwMAYDVQQDEylFbnRydXN0IFJvb3Qg
Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMjElMCMGA1UEAxMcRW50cnVzdCBW
YWxpZGF0aW9uIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMnaiVXp64PVTKleQeIiQG2padA36kGk1CV7txufoeq145I/mT6V7+0IppVM
2A4LL5l2DVGqTsAQCRilF1rbZync50FA3XXTonpvadk4wy65D9lMPm2ENo5orDtb
XqlrHFhcyBrki96K+fdVedlx7+uJZeAC72ZCXzaoVKc2wgIFFZOzIvFZickiHph8
tIGM3ESJKp2Jfo64fPXPmtoTV2GUZMqqucAUD2/s/SlOYaJT/2PXulGGog6A4B+X
JkXBnqwYmHm/20jl1dSGHA5m49jjrMfBuVhIYB0DePFbMjHOMSzHIxdRnGeDmchn
BL/B7vLedf/bgv8ORMzkmF4DpDMCAwEAAaOB6DCB5TALBgNVHQ8EBAMCB4AwEwYD
VR0lBAwwCgYIKwYBBQUHAwkwDwYJKwYBBQUHMAEFBAIFADAwBgNVHR8EKTAnMCWg
I6Ahhh9odHRwOi8vY3JsLmVudHJ1c3QubmV0L2cyY2EuY3JsMDMGCCsGAQUFBwEB
BCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZW50cnVzdC5uZXQwHwYDVR0j
BBgwFoAUanImetAe733nO2lR1GyNn5ASZqswHQYDVR0OBBYEFNUCBLbXoKgts70S
JatS1NHllo3EMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBADOiWIKLGjQV
R7Sbhzs2OvR5l9pLfzoHnje8iLH3hM5+6mYDzhmt9jWYDPS/xmPXPMc34VQjqkRF
Qmtl8pny1YwDraWyLVJR81WfRMa0Bl3QXK/PzPvNFSiXp1ncZctaMa6Jsa6X/DMd
B6KPMhRu9obdQGPaRv9hf215CuOblmFRmJUo/awWTgAPfiIkI9zXoL6UeMPISDUk
+OkSJWo1znzRX3Cjt1AZz5nlUvgdXZI7lvxdvrJsaurNyrrGBQaFoZEy+jEKOn0X
Oph0sIfpPDw8GlWcXkbw38DjuwRW+SBl11O0uPoESBzssKEEqnkXHHoFz9QilxJr
gbcV/S1hz9Q=
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [public, no-transform, must-revalidate, max-age=735]
Content-Length: [1991]
Content-Transfer-Encoding: [Binary]
Content-Type: [application/ocsp-response]
Date: [Sun, 26 Feb 2017 04:16:40 GMT]
Etag: ["701BAB0F467C3432CCD092884D684EF89EF2EC65"]
Expires: [Sun, 26 Feb 2017 04:28:55 GMT]
Last-Modified: [Sat, 25 Feb 2017 21:36:27 GMT]
X-Cache: [TCP_MEM_HIT from a23-219-93-86.deploy.akamaitechnologies.com (AkamaiGHost/8.2.2.1.1-19192351) (-)]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is not the same as the NextUpdate field (RFC 5019 section 6.2)

Entrust Root Certification Authority - G2 (CA Certificate)

This certificate was cached at
Certificate details for Entrust Root Certification Authority - G2 (At position 2 in certificate chain)
Serial number:
hex: 4a538c28
int: 1246989352
Issued by: Entrust Root Certification Authority - G2
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: Entrust, Inc.
Organization unit: See www.entrust.net/legal-terms
Organization unit: (c) 2009 Entrust, Inc. - for authorized use only
Country: US
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

This is a self signed certificate

Check the revocation status for another website

Created by Paul van Brouwershaven
Revoked certificates can't and should not be trusted, these certificate will cause errors like "NET::ERR_CERT_REVOKED" in browsers.