CRL & OCSP report for 0-library.morningstar.com.www.saclibrarycatalog.org - www.saclibrarycatalog.org (Sacramento Public Library)

www.saclibrarycatalog.org

This certificate was cached at
Certificate details for www.saclibrarycatalog.org (At position 0 in certificate chain)
Serial number:
hex: 4ebf277e03b7f9aaa29f4a2dd9ae4220
int: 104672313369077476847371751963740750368
Issued by: Symantec Class 3 Secure Server CA - G4
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: Sacramento Public Library
Organization unit: SYS
State / Province: California
Locality: Sacramento
Country: US
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

View complete certificate details for 0-library.morningstar.com.www.saclibrarycatalog.org.

Certificate Revocation List (CRL)

This CRL was cached at
http://ss.symcb.com/ss.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://ss.symcb.com/ss.crl
Size: 1214428 bytes (DER data)
Response time: 38.312123ms
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 34687

Relevant server response headers

Date:
Last Modified:

Server and network information

Server Software: Apache
Content Delivery Network (CDN): Akamai
Cache Information: TCP_HIT from a63-238-85-174.deploy.akamaitechnologies.com (AkamaiGHost/8.2.0.0.2-18911410) (-)

Raw CRL response headers

Accept-Ranges: [bytes]
Content-Type: [application/pkix-crl]
Date: [Fri, 20 Jan 2017 23:21:56 GMT]
Etag: ["16ddd032a45fb08dc12a963a64952d96:1484946691"]
Last-Modified: [Fri, 20 Jan 2017 21:11:31 GMT]
Server: [Apache]
Vary: [Accept-Encoding]
X-Cache: [TCP_HIT from a63-238-85-174.deploy.akamaitechnologies.com (AkamaiGHost/8.2.0.0.2-18911410) (-)]
  • Content-Type in response is set to 'application/pkix-crl (RFC 5280, section 4.2.1.13)'
  • This CRL file is DER encoded
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than seven days old, CRLs must be updated and reissued at least every seven days (Mozilla Maintenance Policy section 3)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is not the same as ThisUpdate (RFC 5019, section 6.2)
  • Expires cache header not set (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://ss.symcd.com (GET)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ss.symcd.com (GET)
Size: 1609 bytes (DER data)
Response time: 28.629711ms
Signature algorithm: SHA1WithRSA
Signature type: CA Deligated
Signed by: Symantec Class 3 Secure Server CA - G4 OCSP Responder
Issued by: Symantec Class 3 Secure Server CA - G4
Signing certificate validity: 2016-11-13 - 2017-02-11
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 110h56m17s

Server and network information

Server Software: nginx/1.10.2
Content Delivery Network (CDN): Akamai
Cache Information: TCP_MISS from a23-219-93-85.deploy.akamaitechnologies.com (AkamaiGHost/8.2.0.0.2-18911410) (-)

URL used for GET request

http:/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTRsWSLjJ8N0Wujis0rUBfV%2Bc%2FAZAQUX2DPYZBV34RDFIpgKrL1evRDGO8CEE6%2FJ34Dt%2Fmqop9KLdmuQiA%3D

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFEwTzBNMEswSTAJBgUrDgMCGgUABBTRsWSLjJ8N0Wujis0rUBfV+c/AZAQUX2DP
YZBV34RDFIpgKrL1evRDGO8CEE6/J34Dt/mqop9KLdmuQiA=
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIGRQoBAKCCBj4wggY6BgkrBgEFBQcwAQEEggYrMIIGJzCBnqIWBBRvtI4meZ3i
8NGv/nuec9w2fiK90hgPMjAxNzAxMTcyMzE0NTVaMHMwcTBJMAkGBSsOAwIaBQAE
FNGxZIuMnw3Ra6OKzStQF9X5z8BkBBRfYM9hkFXfhEMUimAqsvV69EMY7wIQTr8n
fgO3+aqin0ot2a5CIIAAGA8yMDE3MDExNzIzMTQ1NVqgERgPMjAxNzAxMjQyMzE0
NTVaMA0GCSqGSIb3DQEBBQUAA4IBAQDKuFV7w+ZcL0XSuiumQy118sH0rhK4zv4u
IqaKADTq9PEotsnR8q1R4Ny+X5w3tHgj2JDR1eaHkXRIYYLBC4Xe/EBGSUtHaOyH
9tWhfW4acUjaSjfuKH8oJrgFAcSe11iDj3rgUsF3uQxISUEgDvdElCj+5sgP4HDt
gSFX5F7J9U+xXCGyyBe6iLAmR2pEPiWp4BxJCay7PmitJmmlaMDi/f+cnanGgc30
InVNocvq+A1wg5o4MiUM1Uze9XnFV8LxYvkUk3YCwaGAPoXOzkcF41q6ZEwNxwCO
IWiUZiJ680uMuONKkkcrn5QOVTUeqPtCG4VD3JpH+jo7cfnHO5YboIIEbjCCBGow
ggRmMIIDTqADAgECAhBaromtrBK9/aJnf4rFpdnuMA0GCSqGSIb3DQEBCwUAMH4x
CzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0G
A1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazEvMC0GA1UEAxMmU3ltYW50ZWMg
Q2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzQwHhcNMTYxMTEzMDAwMDAwWhcN
MTcwMjExMjM1OTU5WjBAMT4wPAYDVQQDEzVTeW1hbnRlYyBDbGFzcyAzIFNlY3Vy
ZSBTZXJ2ZXIgQ0EgLSBHNCBPQ1NQIFJlc3BvbmRlcjCCASIwDQYJKoZIhvcNAQEB
BQADggEPADCCAQoCggEBAOmOMOSlB5PJyqTEZ7b63MW6gKDrVC4kaAETPRMNL0mu
qV4jGne17yt4G652zyfBrRom/NBu+N910zsZgpOVxFMrbXeQROCg91cIG6iCurog
MQiDkwpzo8G/3mDNbxLfK1I6KDwxzR3UZqD6hDjozNjcWxLz3Wgr+Y+bf8DLWz4T
TxTAHKM9Pv254gV2ZB2Etoz8LhTMyiPrLKFbQuKdNPnqlm7qxtzv4nf9nMeTNGOU
8LnCQ+iBAgPaAQjfyuBJu+UEinxsUgZxLQqU0rkDJF7qFYVN8gwVS4O3wfxGuDbX
dsi8VSFXl7f2DFqBsQ0pRxBnk7RpJLtlNqYaeJFrU48CAwEAAaOCARwwggEYMA8G
CSsGAQUFBzABBQQCBQAwIgYDVR0RBBswGaQXMBUxEzARBgNVBAMTClRHVi1ELTI3
NzUwHwYDVR0jBBgwFoAUX2DPYZBV34RDFIpgKrL1evRDGO8wHQYDVR0OBBYEFG+0
jiZ5neLw0a/+e55z3DZ+Ir3SMAwGA1UdEwEB/wQCMAAwbgYDVR0gBGcwZTBjBgtg
hkgBhvhFAQcXAzBUMCYGCCsGAQUFBwIBFhpodHRwOi8vd3d3LnN5bWF1dGguY29t
L2NwczAqBggrBgEFBQcCAjAeGhwgIGh0dHA6Ly93d3cuc3ltYXV0aC5jb20vcnBh
MBMGA1UdJQQMMAoGCCsGAQUFBwMJMA4GA1UdDwEB/wQEAwIHgDANBgkqhkiG9w0B
AQsFAAOCAQEAiZnk1ilmTrooasKLUyep7cBYGOzGrEnGFiXRz0hJK2I26kvcn+DA
xJE1MAWC+Dmj0CBwmkwH0l6jrbB2dqTWNrY70dv+MUfLblRIdRinmiJVtA37VKKn
Otmfi/WR/yhz5t6kKPgtrEvmDxjjc9iG3wQfq/ekewQSe5DeUB6ZsEVicPaOVTJ8
ckY+EMwHvhlyqKsQoAVqC9K1uWA4Yeju8xF97/1eoznaJ5dF4eOUG57rbfmykvF7
NPMWXKfabvrVNQsneD1hc05ugHvQXfx+3J5DCcCk287c0pkP2dJEmATLg5A/w2pH
AdkYySkSz6c950rvRhlB/65uXvLDtq3FWA==
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIEZjCCA06gAwIBAgIQWq6JrawSvf2iZ3+KxaXZ7jANBgkqhkiG9w0BAQsFADB+
MQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAd
BgNVBAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxLzAtBgNVBAMTJlN5bWFudGVj
IENsYXNzIDMgU2VjdXJlIFNlcnZlciBDQSAtIEc0MB4XDTE2MTExMzAwMDAwMFoX
DTE3MDIxMTIzNTk1OVowQDE+MDwGA1UEAxM1U3ltYW50ZWMgQ2xhc3MgMyBTZWN1
cmUgU2VydmVyIENBIC0gRzQgT0NTUCBSZXNwb25kZXIwggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQDpjjDkpQeTycqkxGe2+tzFuoCg61QuJGgBEz0TDS9J
rqleIxp3te8reBuuds8nwa0aJvzQbvjfddM7GYKTlcRTK213kETgoPdXCBuogrq6
IDEIg5MKc6PBv95gzW8S3ytSOig8Mc0d1Gag+oQ46MzY3FsS891oK/mPm3/Ay1s+
E08UwByjPT79ueIFdmQdhLaM/C4UzMoj6yyhW0LinTT56pZu6sbc7+J3/ZzHkzRj
lPC5wkPogQID2gEI38rgSbvlBIp8bFIGcS0KlNK5AyRe6hWFTfIMFUuDt8H8Rrg2
13bIvFUhV5e39gxagbENKUcQZ5O0aSS7ZTamGniRa1OPAgMBAAGjggEcMIIBGDAP
BgkrBgEFBQcwAQUEAgUAMCIGA1UdEQQbMBmkFzAVMRMwEQYDVQQDEwpUR1YtRC0y
Nzc1MB8GA1UdIwQYMBaAFF9gz2GQVd+EQxSKYCqy9Xr0QxjvMB0GA1UdDgQWBBRv
tI4meZ3i8NGv/nuec9w2fiK90jAMBgNVHRMBAf8EAjAAMG4GA1UdIARnMGUwYwYL
YIZIAYb4RQEHFwMwVDAmBggrBgEFBQcCARYaaHR0cDovL3d3dy5zeW1hdXRoLmNv
bS9jcHMwKgYIKwYBBQUHAgIwHhocICBodHRwOi8vd3d3LnN5bWF1dGguY29tL3Jw
YTATBgNVHSUEDDAKBggrBgEFBQcDCTAOBgNVHQ8BAf8EBAMCB4AwDQYJKoZIhvcN
AQELBQADggEBAImZ5NYpZk66KGrCi1Mnqe3AWBjsxqxJxhYl0c9ISStiNupL3J/g
wMSRNTAFgvg5o9AgcJpMB9Jeo62wdnak1ja2O9Hb/jFHy25USHUYp5oiVbQN+1Si
pzrZn4v1kf8oc+bepCj4LaxL5g8Y43PYht8EH6v3pHsEEnuQ3lAembBFYnD2jlUy
fHJGPhDMB74ZcqirEKAFagvStblgOGHo7vMRfe/9XqM52ieXReHjlBue6235spLx
ezTzFlyn2m761TULJ3g9YXNOboB70F38ftyeQwnApNvO3NKZD9nSRJgEy4OQP8Nq
RwHZGMkpEs+nPedK70YZQf+ubl7yw7atxVg=
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [max-age=399377, public, no-transform, must-revalidate]
Content-Length: [1609]
Content-Transfer-Encoding: [binary]
Content-Type: [application/ocsp-response]
Date: [Fri, 20 Jan 2017 08:18:38 GMT]
Expires: [Tue, 24 Jan 2017 23:14:55 GMT]
Last-Modified: [Tue, 17 Jan 2017 23:14:55 GMT]
Server: [nginx/1.10.2]
X-Cache: [TCP_MISS from a23-219-93-85.deploy.akamaitechnologies.com (AkamaiGHost/8.2.0.0.2-18911410) (-)]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)
This OCSP response was cached at
http://ss.symcd.com (POST)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ss.symcd.com (POST)
Size: 1609 bytes (DER data)
Response time: 12.644086ms
Signature algorithm: SHA1WithRSA
Signature type: CA Deligated
Signed by: Symantec Class 3 Secure Server CA - G4 OCSP Responder
Issued by: Symantec Class 3 Secure Server CA - G4
Signing certificate validity: 2016-11-13 - 2017-02-11
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 110h56m17s

Server and network information

Server Software: nginx/1.10.2
Content Delivery Network (CDN): Akamai
Cache Information: TCP_REFRESH_MISS from a23-219-93-86.deploy.akamaitechnologies.com (AkamaiGHost/8.2.0.0.2-18911410) (S)

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFEwTzBNMEswSTAJBgUrDgMCGgUABBTRsWSLjJ8N0Wujis0rUBfV+c/AZAQUX2DP
YZBV34RDFIpgKrL1evRDGO8CEE6/J34Dt/mqop9KLdmuQiA=
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIGRQoBAKCCBj4wggY6BgkrBgEFBQcwAQEEggYrMIIGJzCBnqIWBBRvtI4meZ3i
8NGv/nuec9w2fiK90hgPMjAxNzAxMTcyMzE0NTVaMHMwcTBJMAkGBSsOAwIaBQAE
FNGxZIuMnw3Ra6OKzStQF9X5z8BkBBRfYM9hkFXfhEMUimAqsvV69EMY7wIQTr8n
fgO3+aqin0ot2a5CIIAAGA8yMDE3MDExNzIzMTQ1NVqgERgPMjAxNzAxMjQyMzE0
NTVaMA0GCSqGSIb3DQEBBQUAA4IBAQDKuFV7w+ZcL0XSuiumQy118sH0rhK4zv4u
IqaKADTq9PEotsnR8q1R4Ny+X5w3tHgj2JDR1eaHkXRIYYLBC4Xe/EBGSUtHaOyH
9tWhfW4acUjaSjfuKH8oJrgFAcSe11iDj3rgUsF3uQxISUEgDvdElCj+5sgP4HDt
gSFX5F7J9U+xXCGyyBe6iLAmR2pEPiWp4BxJCay7PmitJmmlaMDi/f+cnanGgc30
InVNocvq+A1wg5o4MiUM1Uze9XnFV8LxYvkUk3YCwaGAPoXOzkcF41q6ZEwNxwCO
IWiUZiJ680uMuONKkkcrn5QOVTUeqPtCG4VD3JpH+jo7cfnHO5YboIIEbjCCBGow
ggRmMIIDTqADAgECAhBaromtrBK9/aJnf4rFpdnuMA0GCSqGSIb3DQEBCwUAMH4x
CzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0G
A1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazEvMC0GA1UEAxMmU3ltYW50ZWMg
Q2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzQwHhcNMTYxMTEzMDAwMDAwWhcN
MTcwMjExMjM1OTU5WjBAMT4wPAYDVQQDEzVTeW1hbnRlYyBDbGFzcyAzIFNlY3Vy
ZSBTZXJ2ZXIgQ0EgLSBHNCBPQ1NQIFJlc3BvbmRlcjCCASIwDQYJKoZIhvcNAQEB
BQADggEPADCCAQoCggEBAOmOMOSlB5PJyqTEZ7b63MW6gKDrVC4kaAETPRMNL0mu
qV4jGne17yt4G652zyfBrRom/NBu+N910zsZgpOVxFMrbXeQROCg91cIG6iCurog
MQiDkwpzo8G/3mDNbxLfK1I6KDwxzR3UZqD6hDjozNjcWxLz3Wgr+Y+bf8DLWz4T
TxTAHKM9Pv254gV2ZB2Etoz8LhTMyiPrLKFbQuKdNPnqlm7qxtzv4nf9nMeTNGOU
8LnCQ+iBAgPaAQjfyuBJu+UEinxsUgZxLQqU0rkDJF7qFYVN8gwVS4O3wfxGuDbX
dsi8VSFXl7f2DFqBsQ0pRxBnk7RpJLtlNqYaeJFrU48CAwEAAaOCARwwggEYMA8G
CSsGAQUFBzABBQQCBQAwIgYDVR0RBBswGaQXMBUxEzARBgNVBAMTClRHVi1ELTI3
NzUwHwYDVR0jBBgwFoAUX2DPYZBV34RDFIpgKrL1evRDGO8wHQYDVR0OBBYEFG+0
jiZ5neLw0a/+e55z3DZ+Ir3SMAwGA1UdEwEB/wQCMAAwbgYDVR0gBGcwZTBjBgtg
hkgBhvhFAQcXAzBUMCYGCCsGAQUFBwIBFhpodHRwOi8vd3d3LnN5bWF1dGguY29t
L2NwczAqBggrBgEFBQcCAjAeGhwgIGh0dHA6Ly93d3cuc3ltYXV0aC5jb20vcnBh
MBMGA1UdJQQMMAoGCCsGAQUFBwMJMA4GA1UdDwEB/wQEAwIHgDANBgkqhkiG9w0B
AQsFAAOCAQEAiZnk1ilmTrooasKLUyep7cBYGOzGrEnGFiXRz0hJK2I26kvcn+DA
xJE1MAWC+Dmj0CBwmkwH0l6jrbB2dqTWNrY70dv+MUfLblRIdRinmiJVtA37VKKn
Otmfi/WR/yhz5t6kKPgtrEvmDxjjc9iG3wQfq/ekewQSe5DeUB6ZsEVicPaOVTJ8
ckY+EMwHvhlyqKsQoAVqC9K1uWA4Yeju8xF97/1eoznaJ5dF4eOUG57rbfmykvF7
NPMWXKfabvrVNQsneD1hc05ugHvQXfx+3J5DCcCk287c0pkP2dJEmATLg5A/w2pH
AdkYySkSz6c950rvRhlB/65uXvLDtq3FWA==
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIEZjCCA06gAwIBAgIQWq6JrawSvf2iZ3+KxaXZ7jANBgkqhkiG9w0BAQsFADB+
MQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAd
BgNVBAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxLzAtBgNVBAMTJlN5bWFudGVj
IENsYXNzIDMgU2VjdXJlIFNlcnZlciBDQSAtIEc0MB4XDTE2MTExMzAwMDAwMFoX
DTE3MDIxMTIzNTk1OVowQDE+MDwGA1UEAxM1U3ltYW50ZWMgQ2xhc3MgMyBTZWN1
cmUgU2VydmVyIENBIC0gRzQgT0NTUCBSZXNwb25kZXIwggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQDpjjDkpQeTycqkxGe2+tzFuoCg61QuJGgBEz0TDS9J
rqleIxp3te8reBuuds8nwa0aJvzQbvjfddM7GYKTlcRTK213kETgoPdXCBuogrq6
IDEIg5MKc6PBv95gzW8S3ytSOig8Mc0d1Gag+oQ46MzY3FsS891oK/mPm3/Ay1s+
E08UwByjPT79ueIFdmQdhLaM/C4UzMoj6yyhW0LinTT56pZu6sbc7+J3/ZzHkzRj
lPC5wkPogQID2gEI38rgSbvlBIp8bFIGcS0KlNK5AyRe6hWFTfIMFUuDt8H8Rrg2
13bIvFUhV5e39gxagbENKUcQZ5O0aSS7ZTamGniRa1OPAgMBAAGjggEcMIIBGDAP
BgkrBgEFBQcwAQUEAgUAMCIGA1UdEQQbMBmkFzAVMRMwEQYDVQQDEwpUR1YtRC0y
Nzc1MB8GA1UdIwQYMBaAFF9gz2GQVd+EQxSKYCqy9Xr0QxjvMB0GA1UdDgQWBBRv
tI4meZ3i8NGv/nuec9w2fiK90jAMBgNVHRMBAf8EAjAAMG4GA1UdIARnMGUwYwYL
YIZIAYb4RQEHFwMwVDAmBggrBgEFBQcCARYaaHR0cDovL3d3dy5zeW1hdXRoLmNv
bS9jcHMwKgYIKwYBBQUHAgIwHhocICBodHRwOi8vd3d3LnN5bWF1dGguY29tL3Jw
YTATBgNVHSUEDDAKBggrBgEFBQcDCTAOBgNVHQ8BAf8EBAMCB4AwDQYJKoZIhvcN
AQELBQADggEBAImZ5NYpZk66KGrCi1Mnqe3AWBjsxqxJxhYl0c9ISStiNupL3J/g
wMSRNTAFgvg5o9AgcJpMB9Jeo62wdnak1ja2O9Hb/jFHy25USHUYp5oiVbQN+1Si
pzrZn4v1kf8oc+bepCj4LaxL5g8Y43PYht8EH6v3pHsEEnuQ3lAembBFYnD2jlUy
fHJGPhDMB74ZcqirEKAFagvStblgOGHo7vMRfe/9XqM52ieXReHjlBue6235spLx
ezTzFlyn2m761TULJ3g9YXNOboB70F38ftyeQwnApNvO3NKZD9nSRJgEy4OQP8Nq
RwHZGMkpEs+nPedK70YZQf+ubl7yw7atxVg=
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [max-age=399377, public, no-transform, must-revalidate]
Content-Length: [1609]
Content-Transfer-Encoding: [binary]
Content-Type: [application/ocsp-response]
Date: [Fri, 20 Jan 2017 08:18:38 GMT]
Expires: [Tue, 24 Jan 2017 23:14:55 GMT]
Last-Modified: [Tue, 17 Jan 2017 23:14:55 GMT]
Server: [nginx/1.10.2]
X-Cache: [TCP_REFRESH_MISS from a23-219-93-86.deploy.akamaitechnologies.com (AkamaiGHost/8.2.0.0.2-18911410) (S)]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

Symantec Class 3 Secure Server CA - G4 (CA Certificate)

This certificate was cached at
Certificate details for Symantec Class 3 Secure Server CA - G4 (At position 1 in certificate chain)
Serial number:
hex: 513fb9743870b73440418d30930699ff
int: 107998343814376832458216740669838760447
Issued by: VeriSign Class 3 Public Primary Certification Authority - G5
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: Symantec Corporation
Organization unit: Symantec Trust Network
Country: US
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

Certificate Revocation List (CRL)

This CRL was cached at
http://s1.symcb.com/pca3-g5.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://s1.symcb.com/pca3-g5.crl
Size: 571 bytes (DER data)
Response time: 34.382461ms
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 1

Relevant server response headers

Date:
Last Modified:

Server and network information

Server Software: Apache
Content Delivery Network (CDN): Akamai
Cache Information: TCP_REFRESH_HIT from a165-254-48-163.deploy.akamaitechnologies.com (AkamaiGHost/8.2.0.0.2-18911410) (S)

Raw CRL response headers

Accept-Ranges: [bytes]
Content-Type: [application/pkix-crl]
Date: [Sat, 21 Jan 2017 05:04:02 GMT]
Etag: ["9ce830b466c3c02d8c43fb9f0232ce31:1482269716"]
Last-Modified: [Tue, 20 Dec 2016 21:35:16 GMT]
Server: [Apache]
Vary: [Accept-Encoding]
X-Cache: [TCP_REFRESH_HIT from a165-254-48-163.deploy.akamaitechnologies.com (AkamaiGHost/8.2.0.0.2-18911410) (S)]
  • Content-Type in response is set to 'application/pkix-crl (RFC 5280, section 4.2.1.13)'
  • This CRL file is DER encoded
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is not the same as ThisUpdate (RFC 5019, section 6.2)
  • Expires cache header not set (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://s2.symcb.com (GET)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://s2.symcb.com (GET)
Size: 1763 bytes (DER data)
Response time: 12.494766ms
Signature algorithm: SHA1WithRSA
Signature type: CA Deligated
Signed by: Symantec Class 3 PCA - G5 OCSP Responder Certificate 5
Issued by: VeriSign Class 3 Public Primary Certification Authority - G5
Signing certificate validity: 2016-11-22 - 2017-12-14
Signing certificate algorithm: SHA1-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 111h34m49s

Server and network information

Server Software: nginx/1.10.2
Content Delivery Network (CDN): Akamai
Cache Information: TCP_REFRESH_MISS from a72-247-10-194.deploy.akamaitechnologies.com (AkamaiGHost/8.2.0.0.2-18911410) (S)

URL used for GET request

http:/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD%2BOyl%2B0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEFE%2FuXQ4cLc0QEGNMJMGmf8%3D

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD+Oyl+0LhPg9JxyQm4gQUf9Nl
p8Ld7LvwMAnzQzn6Aq8zMTMCEFE/uXQ4cLc0QEGNMJMGmf8=
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIG3woBAKCCBtgwggbUBgkrBgEFBQcwAQEEggbFMIIGwTCBnqIWBBSQV0mkqBQX
kkwRYz2FfxNyvss3WhgPMjAxNzAxMTgxMjMwNTNaMHMwcTBJMAkGBSsOAwIaBQAE
FLnpsocChQP47KX7QuE+D0nHJCbiBBR/02Wnwt3su/AwCfNDOfoCrzMxMwIQUT+5
dDhwtzRAQY0wkwaZ/4AAGA8yMDE3MDExODEyMzA1M1qgERgPMjAxNzAxMjUxMjMw
NTNaMA0GCSqGSIb3DQEBBQUAA4IBAQAa1X7gsohk8JtGotjue0eCOJQcrLEb/HWn
dz4YIIWXhlbrm8AO9tOMKkcYhqMoIa+R+A57ogKZ7iGSF4KnzSnHjwdcHerjIJpY
yrwAuIvzovpX+6WAVqAl7P5CWBAnRu6Uemczrnhksi2QjM4M9/8tugM6gcSXP5T7
ZMwF7cilLICEqLWS5cKGGGWZSzmkMQCH4VniZ308zMjUOGy5CYiZuulbvMVzSK3I
w0lAGT4dnF/T+jG60xtKQdMtziqgj5RULL9cRfJwMbL1Pe90yyw96vkbw1ioutrf
S5uvfSkrWbLpR3gTIxO/cp5mxgFzwHZ+FukTBc/C4klA2lple0enoIIFCDCCBQQw
ggUAMIID6KADAgECAhBegKApA8bSjw2IPI2R/lTmMA0GCSqGSIb3DQEBBQUAMIHK
MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsT
FlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAyMDA2IFZlcmlT
aWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZl
cmlTaWduIENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRo
b3JpdHkgLSBHNTAeFw0xNjExMjIwMDAwMDBaFw0xNzEyMTQyMzU5NTlaMIGOMQsw
CQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAdBgNV
BAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxPzA9BgNVBAMTNlN5bWFudGVjIENs
YXNzIDMgUENBIC0gRzUgT0NTUCBSZXNwb25kZXIgQ2VydGlmaWNhdGUgNTCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKus48ejAx2d5OuOkBmO8gS4pszt
8W2iz3wKtJEX477WzDFyVVpOrWIQ1x0LhJWsdMUgZJP4Fu4InU+VFa5OWfdsUp0S
ayC8Ual6x2cENCgsuwaoUnCLNw2xBDBDAmqMKVoW5hb1/pq3lSt+4gYzv8iweNti
Gi0H2pqGwitTXjA8Nu2mGSH4KAPIMn0S0htUvmZYfZ0FhDbNjswoxumZMf696yPn
H0jCh3xguXl5FzxCrXqbcSQAhP0dgu11ES3U0Ev6IQ0LwsjfgnmJwTiz2y0tuvzW
zD/XLNNbvluii9g12GXvNL7JquIKRAqIdKQ7EZsX+SkKSvIR9gBcZlaa8kcCAwEA
AaOCARowggEWMAwGA1UdEwEB/wQCMAAwbAYDVR0gBGUwYzBhBgtghkgBhvhFAQcX
AzBSMCYGCCsGAQUFBwIBFhpodHRwOi8vd3d3LnN5bWF1dGguY29tL2NwczAoBggr
BgEFBQcCAjAcGhpodHRwOi8vd3d3LnN5bWF1dGguY29tL3JwYTATBgNVHSUEDDAK
BggrBgEFBQcDCTAOBgNVHQ8BAf8EBAMCB4AwDwYJKwYBBQUHMAEFBAIFADAiBgNV
HREEGzAZpBcwFTETMBEGA1UEAxMKVEdWLU9GRi01MDAdBgNVHQ4EFgQUkFdJpKgU
F5JMEWM9hX8Tcr7LN1owHwYDVR0jBBgwFoAUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMw
DQYJKoZIhvcNAQEFBQADggEBADx3TgsGZ9TU1FPRb8Ew9gv8YbDGqCoQxyspWLhU
tmnlJB20v08UjaCOOqm5R46EUt5q20++48jOhmO7M/SZKKPUoft5zE5LJjzgqlV4
QY8pAztecC5EEo0nfinPziS79FZacG/5is4Ogn25LwXaluQ11ZIe8NwTgySeLWKu
UV/cW2STVkrjczfg/i315quNHatQ49FUabhuCdEsmpDAX6MXWQgGr9TpX013D4Iv
TvC4Ybky6xFHj9eINHEkLzyrxrvmNhAgtn+m7fQ14H42X+NWDOBZ7a0UN2Bl46wP
KgTweDBW4KopH+VIYRwt8XjKjMiKkTMHxIU//xr1OCcvg+c=
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIQXoCgKQPG0o8NiDyNkf5U5jANBgkqhkiG9w0BAQUFADCB
yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp
U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW
ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0
aG9yaXR5IC0gRzUwHhcNMTYxMTIyMDAwMDAwWhcNMTcxMjE0MjM1OTU5WjCBjjEL
MAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYD
VQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMT8wPQYDVQQDEzZTeW1hbnRlYyBD
bGFzcyAzIFBDQSAtIEc1IE9DU1AgUmVzcG9uZGVyIENlcnRpZmljYXRlIDUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrrOPHowMdneTrjpAZjvIEuKbM
7fFtos98CrSRF+O+1swxclVaTq1iENcdC4SVrHTFIGST+BbuCJ1PlRWuTln3bFKd
EmsgvFGpesdnBDQoLLsGqFJwizcNsQQwQwJqjClaFuYW9f6at5UrfuIGM7/IsHjb
YhotB9qahsIrU14wPDbtphkh+CgDyDJ9EtIbVL5mWH2dBYQ2zY7MKMbpmTH+vesj
5x9Iwod8YLl5eRc8Qq16m3EkAIT9HYLtdREt1NBL+iENC8LI34J5icE4s9stLbr8
1sw/1yzTW75boovYNdhl7zS+yariCkQKiHSkOxGbF/kpCkryEfYAXGZWmvJHAgMB
AAGjggEaMIIBFjAMBgNVHRMBAf8EAjAAMGwGA1UdIARlMGMwYQYLYIZIAYb4RQEH
FwMwUjAmBggrBgEFBQcCARYaaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9jcHMwKAYI
KwYBBQUHAgIwHBoaaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9ycGEwEwYDVR0lBAww
CgYIKwYBBQUHAwkwDgYDVR0PAQH/BAQDAgeAMA8GCSsGAQUFBzABBQQCBQAwIgYD
VR0RBBswGaQXMBUxEzARBgNVBAMTClRHVi1PRkYtNTAwHQYDVR0OBBYEFJBXSaSo
FBeSTBFjPYV/E3K+yzdaMB8GA1UdIwQYMBaAFH/TZafC3ey78DAJ80M5+gKvMzEz
MA0GCSqGSIb3DQEBBQUAA4IBAQA8d04LBmfU1NRT0W/BMPYL/GGwxqgqEMcrKVi4
VLZp5SQdtL9PFI2gjjqpuUeOhFLeattPvuPIzoZjuzP0mSij1KH7ecxOSyY84KpV
eEGPKQM7XnAuRBKNJ34pz84ku/RWWnBv+YrODoJ9uS8F2pbkNdWSHvDcE4Mkni1i
rlFf3Ftkk1ZK43M34P4t9earjR2rUOPRVGm4bgnRLJqQwF+jF1kIBq/U6V9Ndw+C
L07wuGG5MusRR4/XiDRxJC88q8a75jYQILZ/pu30NeB+Nl/jVgzgWe2tFDdgZeOs
DyoE8HgwVuCqKR/lSGEcLfF4yozIipEzB8SFP/8a9TgnL4Pn
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [max-age=401689, public, no-transform, must-revalidate]
Content-Length: [1763]
Content-Transfer-Encoding: [binary]
Content-Type: [application/ocsp-response]
Date: [Fri, 20 Jan 2017 20:57:44 GMT]
Expires: [Wed, 25 Jan 2017 12:30:53 GMT]
Last-Modified: [Wed, 18 Jan 2017 12:30:53 GMT]
Server: [nginx/1.10.2]
X-Cache: [TCP_REFRESH_MISS from a72-247-10-194.deploy.akamaitechnologies.com (AkamaiGHost/8.2.0.0.2-18911410) (S)]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header outlives NextUpdate with 1m40s
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)
This OCSP response was cached at
http://s2.symcb.com (POST)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://s2.symcb.com (POST)
Size: 1763 bytes (DER data)
Response time: 8.396406ms
Signature algorithm: SHA1WithRSA
Signature type: CA Deligated
Signed by: Symantec Class 3 PCA - G5 OCSP Responder Certificate 5
Issued by: VeriSign Class 3 Public Primary Certification Authority - G5
Signing certificate validity: 2016-11-22 - 2017-12-14
Signing certificate algorithm: SHA1-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 111h37m16s

Server and network information

Server Software: nginx/1.10.2
Content Delivery Network (CDN): Akamai
Cache Information: TCP_REFRESH_MISS from a72-247-10-179.deploy.akamaitechnologies.com (AkamaiGHost/8.2.0.0.2-18911410) (S)

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD+Oyl+0LhPg9JxyQm4gQUf9Nl
p8Ld7LvwMAnzQzn6Aq8zMTMCEFE/uXQ4cLc0QEGNMJMGmf8=
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIG3woBAKCCBtgwggbUBgkrBgEFBQcwAQEEggbFMIIGwTCBnqIWBBSQV0mkqBQX
kkwRYz2FfxNyvss3WhgPMjAxNzAxMTgxMjMwNTNaMHMwcTBJMAkGBSsOAwIaBQAE
FLnpsocChQP47KX7QuE+D0nHJCbiBBR/02Wnwt3su/AwCfNDOfoCrzMxMwIQUT+5
dDhwtzRAQY0wkwaZ/4AAGA8yMDE3MDExODEyMzA1M1qgERgPMjAxNzAxMjUxMjMw
NTNaMA0GCSqGSIb3DQEBBQUAA4IBAQAa1X7gsohk8JtGotjue0eCOJQcrLEb/HWn
dz4YIIWXhlbrm8AO9tOMKkcYhqMoIa+R+A57ogKZ7iGSF4KnzSnHjwdcHerjIJpY
yrwAuIvzovpX+6WAVqAl7P5CWBAnRu6Uemczrnhksi2QjM4M9/8tugM6gcSXP5T7
ZMwF7cilLICEqLWS5cKGGGWZSzmkMQCH4VniZ308zMjUOGy5CYiZuulbvMVzSK3I
w0lAGT4dnF/T+jG60xtKQdMtziqgj5RULL9cRfJwMbL1Pe90yyw96vkbw1ioutrf
S5uvfSkrWbLpR3gTIxO/cp5mxgFzwHZ+FukTBc/C4klA2lple0enoIIFCDCCBQQw
ggUAMIID6KADAgECAhBegKApA8bSjw2IPI2R/lTmMA0GCSqGSIb3DQEBBQUAMIHK
MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsT
FlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAyMDA2IFZlcmlT
aWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZl
cmlTaWduIENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRo
b3JpdHkgLSBHNTAeFw0xNjExMjIwMDAwMDBaFw0xNzEyMTQyMzU5NTlaMIGOMQsw
CQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAdBgNV
BAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxPzA9BgNVBAMTNlN5bWFudGVjIENs
YXNzIDMgUENBIC0gRzUgT0NTUCBSZXNwb25kZXIgQ2VydGlmaWNhdGUgNTCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKus48ejAx2d5OuOkBmO8gS4pszt
8W2iz3wKtJEX477WzDFyVVpOrWIQ1x0LhJWsdMUgZJP4Fu4InU+VFa5OWfdsUp0S
ayC8Ual6x2cENCgsuwaoUnCLNw2xBDBDAmqMKVoW5hb1/pq3lSt+4gYzv8iweNti
Gi0H2pqGwitTXjA8Nu2mGSH4KAPIMn0S0htUvmZYfZ0FhDbNjswoxumZMf696yPn
H0jCh3xguXl5FzxCrXqbcSQAhP0dgu11ES3U0Ev6IQ0LwsjfgnmJwTiz2y0tuvzW
zD/XLNNbvluii9g12GXvNL7JquIKRAqIdKQ7EZsX+SkKSvIR9gBcZlaa8kcCAwEA
AaOCARowggEWMAwGA1UdEwEB/wQCMAAwbAYDVR0gBGUwYzBhBgtghkgBhvhFAQcX
AzBSMCYGCCsGAQUFBwIBFhpodHRwOi8vd3d3LnN5bWF1dGguY29tL2NwczAoBggr
BgEFBQcCAjAcGhpodHRwOi8vd3d3LnN5bWF1dGguY29tL3JwYTATBgNVHSUEDDAK
BggrBgEFBQcDCTAOBgNVHQ8BAf8EBAMCB4AwDwYJKwYBBQUHMAEFBAIFADAiBgNV
HREEGzAZpBcwFTETMBEGA1UEAxMKVEdWLU9GRi01MDAdBgNVHQ4EFgQUkFdJpKgU
F5JMEWM9hX8Tcr7LN1owHwYDVR0jBBgwFoAUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMw
DQYJKoZIhvcNAQEFBQADggEBADx3TgsGZ9TU1FPRb8Ew9gv8YbDGqCoQxyspWLhU
tmnlJB20v08UjaCOOqm5R46EUt5q20++48jOhmO7M/SZKKPUoft5zE5LJjzgqlV4
QY8pAztecC5EEo0nfinPziS79FZacG/5is4Ogn25LwXaluQ11ZIe8NwTgySeLWKu
UV/cW2STVkrjczfg/i315quNHatQ49FUabhuCdEsmpDAX6MXWQgGr9TpX013D4Iv
TvC4Ybky6xFHj9eINHEkLzyrxrvmNhAgtn+m7fQ14H42X+NWDOBZ7a0UN2Bl46wP
KgTweDBW4KopH+VIYRwt8XjKjMiKkTMHxIU//xr1OCcvg+c=
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIQXoCgKQPG0o8NiDyNkf5U5jANBgkqhkiG9w0BAQUFADCB
yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp
U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW
ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0
aG9yaXR5IC0gRzUwHhcNMTYxMTIyMDAwMDAwWhcNMTcxMjE0MjM1OTU5WjCBjjEL
MAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYD
VQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMT8wPQYDVQQDEzZTeW1hbnRlYyBD
bGFzcyAzIFBDQSAtIEc1IE9DU1AgUmVzcG9uZGVyIENlcnRpZmljYXRlIDUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrrOPHowMdneTrjpAZjvIEuKbM
7fFtos98CrSRF+O+1swxclVaTq1iENcdC4SVrHTFIGST+BbuCJ1PlRWuTln3bFKd
EmsgvFGpesdnBDQoLLsGqFJwizcNsQQwQwJqjClaFuYW9f6at5UrfuIGM7/IsHjb
YhotB9qahsIrU14wPDbtphkh+CgDyDJ9EtIbVL5mWH2dBYQ2zY7MKMbpmTH+vesj
5x9Iwod8YLl5eRc8Qq16m3EkAIT9HYLtdREt1NBL+iENC8LI34J5icE4s9stLbr8
1sw/1yzTW75boovYNdhl7zS+yariCkQKiHSkOxGbF/kpCkryEfYAXGZWmvJHAgMB
AAGjggEaMIIBFjAMBgNVHRMBAf8EAjAAMGwGA1UdIARlMGMwYQYLYIZIAYb4RQEH
FwMwUjAmBggrBgEFBQcCARYaaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9jcHMwKAYI
KwYBBQUHAgIwHBoaaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9ycGEwEwYDVR0lBAww
CgYIKwYBBQUHAwkwDgYDVR0PAQH/BAQDAgeAMA8GCSsGAQUFBzABBQQCBQAwIgYD
VR0RBBswGaQXMBUxEzARBgNVBAMTClRHVi1PRkYtNTAwHQYDVR0OBBYEFJBXSaSo
FBeSTBFjPYV/E3K+yzdaMB8GA1UdIwQYMBaAFH/TZafC3ey78DAJ80M5+gKvMzEz
MA0GCSqGSIb3DQEBBQUAA4IBAQA8d04LBmfU1NRT0W/BMPYL/GGwxqgqEMcrKVi4
VLZp5SQdtL9PFI2gjjqpuUeOhFLeattPvuPIzoZjuzP0mSij1KH7ecxOSyY84KpV
eEGPKQM7XnAuRBKNJ34pz84ku/RWWnBv+YrODoJ9uS8F2pbkNdWSHvDcE4Mkni1i
rlFf3Ftkk1ZK43M34P4t9earjR2rUOPRVGm4bgnRLJqQwF+jF1kIBq/U6V9Ndw+C
L07wuGG5MusRR4/XiDRxJC88q8a75jYQILZ/pu30NeB+Nl/jVgzgWe2tFDdgZeOs
DyoE8HgwVuCqKR/lSGEcLfF4yozIipEzB8SFP/8a9TgnL4Pn
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [max-age=401836, public, no-transform, must-revalidate]
Content-Length: [1763]
Content-Transfer-Encoding: [binary]
Content-Type: [application/ocsp-response]
Date: [Fri, 20 Jan 2017 20:57:44 GMT]
Expires: [Wed, 25 Jan 2017 12:30:53 GMT]
Last-Modified: [Wed, 18 Jan 2017 12:30:53 GMT]
Server: [nginx/1.10.2]
X-Cache: [TCP_REFRESH_MISS from a72-247-10-179.deploy.akamaitechnologies.com (AkamaiGHost/8.2.0.0.2-18911410) (S)]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header outlives NextUpdate with 4m7s
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

VeriSign Class 3 Public Primary Certification Authority - G5 (CA Certificate)

This certificate was cached at
Certificate details for VeriSign Class 3 Public Primary Certification Authority - G5 (At position 2 in certificate chain)
Serial number:
hex: 18dad19e267de8bb4a2158cdcc6b3b4a
int: 33037644167568058970164719475676101450
Issued by: VeriSign Class 3 Public Primary Certification Authority - G5
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: VeriSign, Inc.
Organization unit: VeriSign Trust Network
Organization unit: (c) 2006 VeriSign, Inc. - For authorized use only
Country: US
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

This is a self signed certificate

Check the revocation status for another website

Created by Paul van Brouwershaven
Revoked certificates can't and should not be trusted, these certificate will cause errors like "NET::ERR_CERT_REVOKED" in browsers.