CRL & OCSP report for 0-overview.thomsonone.com.mercury.concordia.ca - mercury.concordia.ca (Concordia University)

mercury.concordia.ca

This certificate was cached at
Certificate details for mercury.concordia.ca (At position 0 in certificate chain)
Serial number:
hex: 1afb6a65fa0560328d07b25c
int: 8350553088062490991349183068
Issued by: GlobalSign Organization Validation CA - SHA256 - G2
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: Concordia University
Organization unit: IITS
State / Province: Quebec
Locality: Montreal
Country: CA
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

View complete certificate details for 0-overview.thomsonone.com.mercury.concordia.ca.

Certificate Revocation List (CRL)

This CRL was cached at
http://crl.globalsign.com/gs/gsorganizationvalsha2g2.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://crl.globalsign.com/gs/gsorganizationvalsha2g2.crl
Size: 115254 bytes (DER data)
Response time: 18.750262ms
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 3466

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: cloudflare-nginx
Content Delivery Network (CDN): CloudFlare, CloudFront
Cache Information: HIT, Hit from cloudfront

Raw CRL response headers

Accept-Ranges: [bytes]
Cache-Control: [public, no-transform, must-revalidate]
Cf-Cache-Status: [HIT]
Cf-Ray: [3474641a65742156-EWR]
Content-Length: [115254]
Content-Type: [application/pkix-crl]
Date: [Wed, 29 Mar 2017 17:01:25 GMT]
Etag: [E461]
Expires: [Wed, 05 Apr 2017 02:26:00 GMT]
Last-Modified: [Wed, 29 Mar 2017 02:26:00 GMT]
Server: [cloudflare-nginx]
Set-Cookie: [__cfduid=dbbf0a30b430affe9623dd91fa455019c1490806885; expires=Thu, 29-Mar-18 17:01:25 GMT; path=/; domain=.globalsign.com; HttpOnly]
Vary: [Accept-Encoding]
Via: [1.1 ffd1fa62fb3d5b958da33257c789bbbe.cloudfront.net (CloudFront)]
X-Amz-Cf-Id: [RZoPZs5HcCluABDp8-vsaRC_pFJ7ipIxpVsV6DjjSvx-QNeR6Fh7aw==]
X-Cache: [Hit from cloudfront]
  • Content-Type in response is set to 'application/pkix-crl (RFC 5280, section 4.2.1.13)'
  • This CRL file is DER encoded
  • Issuer field is byte-for-byte equivalent with issuers subject
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than seven days old, CRLs must be updated and reissued at least every seven days (Mozilla Maintenance Policy section 3)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://ocsp2.globalsign.com/gsorganizationvalsha2g2 (GET)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp2.globalsign.com/gsorganizationvalsha2g2 (GET)
Size: 1570 bytes (DER data)
Response time: 6.381805ms
Signature algorithm: SHA256WithRSA
Signature type: CA Deligated
Signed by: GlobalSign Organization Validation CA - SHA256 - G2 - OCSP Responder
Issued by: GlobalSign Organization Validation CA - SHA256 - G2
Signing certificate validity: 2017-02-13 - 2017-05-16
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: cloudflare-nginx
Content Delivery Network (CDN): CloudFlare
Cache Information: HIT

URL used for GET request

http:/gsorganizationvalsha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCDBr7amX6BWAyjQeyXA%3D%3D

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h
8b0cFilTHMDMfTuDAEDmGnwCDBr7amX6BWAyjQeyXA==
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIGHgoBAKCCBhcwggYTBgkrBgEFBQcwAQEEggYEMIIGADCBmqIWBBScTQCZAA6L
sAGBdaG68NAl16AcRxgPMjAxNzAzMjkxNTEzNTVaMG8wbTBFMAkGBSsOAwIaBQAE
FAyeTZw97e+E2JHpcsfPhAa8GXsHBBSW3mHxvRwWKVMcwMx9O4MAQOYafAIMGvtq
ZfoFYDKNB7JcgAAYDzIwMTcwMzI5MTUxMzU1WqARGA8yMDE3MDQwMjE1MTM1NVow
DQYJKoZIhvcNAQELBQADggEBAFWc/Bh12orH7auSmpwD/H6D+e+hpLZBC4T7ALbZ
zZcsplXsYinHHh5eSgbpsn2Xr5AQtJvqjJEhAoRMfAdvnLxd3MN2cYsX+SUHgSS+
XzBqm+KbcNfkic09T1t5LllgR5/hHKG9QBlSL4PJfExgkXmqp6r+NOLpz0jJ4yO0
nHSbKvCOqIodiLYe21lwwmA284cl+EqpX5BZ2BAB5YP+ubKseisjBK1ZgJ2keYNP
VzshyWYOKU8fZ9/XuAX7BJ6Uo5968R6xus8AW2+0tMPNuT/WTDcxhVxpZpEQixjh
c305+71I/BFkb5G2ht+sEX5WAGfIZ6KMAKkj21e0aBe2qnWgggRLMIIERzCCBEMw
ggMroAMCAQICDG/ROC7q20OpUD07RTANBgkqhkiG9w0BAQsFADBmMQswCQYDVQQG
EwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTE8MDoGA1UEAxMzR2xvYmFs
U2lnbiBPcmdhbml6YXRpb24gVmFsaWRhdGlvbiBDQSAtIFNIQTI1NiAtIEcyMB4X
DTE3MDIxMzA3MTEwM1oXDTE3MDUxNjA3MTEwM1owgY4xCzAJBgNVBAYTAkJFMRkw
FwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRUwEwYDVQQFEwwyMDE3MDIxMzE1MDUx
TTBLBgNVBAMTREdsb2JhbFNpZ24gT3JnYW5pemF0aW9uIFZhbGlkYXRpb24gQ0Eg
LSBTSEEyNTYgLSBHMiAtIE9DU1AgUmVzcG9uZGVyMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEA0kOXzzBq49lSztun694Fi9cwEyLIZagm3jYnimSW+vpf
qQoFF/U48JGqWfXOt8Evncl6f6MtaGmvaxjguf2aru1EtxS5pdX8/4PtdRcGPmgb
wbn8VDIukn4P8So7v9afdh1eoiFk7Kjq9wzK+jiDcNplpqJtZdUVlD6s7laW4aVs
Ewe7UBk2hlaBxUfl0ztYmwd/3Ln+BjEyVRYpRNFFKGxkUeoNhzY3zRBAqp0dHP3H
bPCUGUGePmzp87283fRtBdRlO9ixk4C3bvZ+kJBXYoE/ootnRdWMuJCYubNh4EtN
+UbOE4J9gXFvO1PlBBxgL9YSc5KY65Y2HPeNoUfrYQIDAQABo4HHMIHEMB0GA1Ud
DgQWBBScTQCZAA6LsAGBdaG68NAl16AcRzAfBgNVHSMEGDAWgBSW3mHxvRwWKVMc
wMx9O4MAQOYafDAPBgkrBgEFBQcwAQUEAgUAMEwGA1UdIARFMEMwQQYJKwYBBAGg
MgFfMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3Jl
cG9zaXRvcnkvMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDCTAN
BgkqhkiG9w0BAQsFAAOCAQEAfz3YGCB7BW/M3Y2KpS/7zfM7W7T+lCGf6V/p5jPm
vxbDuIoYaXvnHSLLAPhJMYqqBwEuxdwgd1yHiq0mHfMlugUMgDIJkNA0kw7MoNFm
Bf/LjVOXkCBaetmy0XH4EHtvtCDrZTFbCsn9WA0yxvlGNiTKAADkJ+6AyFsXc0Dm
rlnTl7gi+zJiEh/a8H618QjuCBrlvBXriEUO3lVf5cRZW9bDwR5i+kcnfaaXXi0O
+p0YhTq6bW+C3Bmb4qI9EPkc+RK1oIwpePTNawmliKdOU9N3r0deD8eIR/MVhsjw
zDgcMZW9en2LPNjFyAkGGPbtcXXBsfgg0vC89/8AQVE9lw==
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIEQzCCAyugAwIBAgIMb9E4LurbQ6lQPTtFMA0GCSqGSIb3DQEBCwUAMGYxCzAJ
BgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTwwOgYDVQQDEzNH
bG9iYWxTaWduIE9yZ2FuaXphdGlvbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0g
RzIwHhcNMTcwMjEzMDcxMTAzWhcNMTcwNTE2MDcxMTAzWjCBjjELMAkGA1UEBhMC
QkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExFTATBgNVBAUTDDIwMTcwMjEz
MTUwNTFNMEsGA1UEAxNER2xvYmFsU2lnbiBPcmdhbml6YXRpb24gVmFsaWRhdGlv
biBDQSAtIFNIQTI1NiAtIEcyIC0gT0NTUCBSZXNwb25kZXIwggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQDSQ5fPMGrj2VLO26fr3gWL1zATIshlqCbeNieK
ZJb6+l+pCgUX9TjwkapZ9c63wS+dyXp/oy1oaa9rGOC5/Zqu7US3FLml1fz/g+11
FwY+aBvBufxUMi6Sfg/xKju/1p92HV6iIWTsqOr3DMr6OINw2mWmom1l1RWUPqzu
VpbhpWwTB7tQGTaGVoHFR+XTO1ibB3/cuf4GMTJVFilE0UUobGRR6g2HNjfNEECq
nR0c/cds8JQZQZ4+bOnzvbzd9G0F1GU72LGTgLdu9n6QkFdigT+ii2dF1Yy4kJi5
s2HgS035Rs4Tgn2BcW87U+UEHGAv1hJzkpjrljYc942hR+thAgMBAAGjgccwgcQw
HQYDVR0OBBYEFJxNAJkADouwAYF1obrw0CXXoBxHMB8GA1UdIwQYMBaAFJbeYfG9
HBYpUxzAzH07gwBA5hp8MA8GCSsGAQUFBzABBQQCBQAwTAYDVR0gBEUwQzBBBgkr
BgEEAaAyAV8wNDAyBggrBgEFBQcCARYmaHR0cHM6Ly93d3cuZ2xvYmFsc2lnbi5j
b20vcmVwb3NpdG9yeS8wDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUF
BwMJMA0GCSqGSIb3DQEBCwUAA4IBAQB/PdgYIHsFb8zdjYqlL/vN8ztbtP6UIZ/p
X+nmM+a/FsO4ihhpe+cdIssA+EkxiqoHAS7F3CB3XIeKrSYd8yW6BQyAMgmQ0DST
Dsyg0WYF/8uNU5eQIFp62bLRcfgQe2+0IOtlMVsKyf1YDTLG+UY2JMoAAOQn7oDI
WxdzQOauWdOXuCL7MmISH9rwfrXxCO4IGuW8FeuIRQ7eVV/lxFlb1sPBHmL6Ryd9
ppdeLQ76nRiFOrptb4LcGZvioj0Q+Rz5ErWgjCl49M1rCaWIp05T03evR14Px4hH
8xWGyPDMOBwxlb16fYs82MXICQYY9u1xdcGx+CDS8Lz3/wBBUT2X
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [public, no-transform, must-revalidate]
Cf-Cache-Status: [HIT]
Cf-Ray: [3474658db560472e-EWR]
Content-Length: [1570]
Content-Type: [application/ocsp-response]
Date: [Wed, 29 Mar 2017 17:02:24 GMT]
Etag: ["7483032b03cf51b328bcf4b7b01e13251fafdfcc"]
Expires: [Sun, 02 Apr 2017 15:13:55 GMT]
Last-Modified: [Wed, 29 Mar 2017 15:13:55 GMT]
Server: [cloudflare-nginx]
Set-Cookie: [__cfduid=d6b8423cfda03d9e64b90ad50f6fa42041490806944; expires=Thu, 29-Mar-18 17:02:24 GMT; path=/; domain=.globalsign.com; HttpOnly]
Vary: [Accept-Encoding]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)
This OCSP response was cached at
http://ocsp2.globalsign.com/gsorganizationvalsha2g2 (POST)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp2.globalsign.com/gsorganizationvalsha2g2 (POST)
Size: 1570 bytes (DER data)
Response time: 15.679029ms
Signature algorithm: SHA256WithRSA
Signature type: CA Deligated
Signed by: GlobalSign Organization Validation CA - SHA256 - G2 - OCSP Responder
Issued by: GlobalSign Organization Validation CA - SHA256 - G2
Signing certificate validity: 2017-02-13 - 2017-05-16
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: cloudflare-nginx
Content Delivery Network (CDN): CloudFlare
Cache Information: HIT

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h
8b0cFilTHMDMfTuDAEDmGnwCDBr7amX6BWAyjQeyXA==
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIGHgoBAKCCBhcwggYTBgkrBgEFBQcwAQEEggYEMIIGADCBmqIWBBScTQCZAA6L
sAGBdaG68NAl16AcRxgPMjAxNzAzMjkwODA3MzZaMG8wbTBFMAkGBSsOAwIaBQAE
FAyeTZw97e+E2JHpcsfPhAa8GXsHBBSW3mHxvRwWKVMcwMx9O4MAQOYafAIMGvtq
ZfoFYDKNB7JcgAAYDzIwMTcwMzI5MDgwNzM2WqARGA8yMDE3MDQwMjA4MDczNlow
DQYJKoZIhvcNAQELBQADggEBAAR/jwyh1t/gc178dAWCl8h5u7ElDmUKAhdfhzi1
QcKTP/asyzDthkEPzDz3Ho9i1BSBQD1ryLaXXG/VbJeSDMvVqPRbFvaSmkZ1XKMA
5jkQovlRCRWWsfAaHj5gOVngnrMm0krAPck/asVB/p1TcY4gs46Xf5H6nfiTZxpq
fVV2l1KbLjgpJUBbL6cDhK+Kc9df/hzjfpBTeBKjqqS6kiJm57aKS/ITsy9BdHWB
GB90tjAaerVOKjzs3N0uKPBJs/8P3N9TM7HjcrN8jNlLTq+QiLahBhaRRNfSXgSm
rvqVxHS0gwHTlvQgNhPS34KBLG93IwgFdth2et1wMSk+zt+gggRLMIIERzCCBEMw
ggMroAMCAQICDG/ROC7q20OpUD07RTANBgkqhkiG9w0BAQsFADBmMQswCQYDVQQG
EwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTE8MDoGA1UEAxMzR2xvYmFs
U2lnbiBPcmdhbml6YXRpb24gVmFsaWRhdGlvbiBDQSAtIFNIQTI1NiAtIEcyMB4X
DTE3MDIxMzA3MTEwM1oXDTE3MDUxNjA3MTEwM1owgY4xCzAJBgNVBAYTAkJFMRkw
FwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRUwEwYDVQQFEwwyMDE3MDIxMzE1MDUx
TTBLBgNVBAMTREdsb2JhbFNpZ24gT3JnYW5pemF0aW9uIFZhbGlkYXRpb24gQ0Eg
LSBTSEEyNTYgLSBHMiAtIE9DU1AgUmVzcG9uZGVyMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEA0kOXzzBq49lSztun694Fi9cwEyLIZagm3jYnimSW+vpf
qQoFF/U48JGqWfXOt8Evncl6f6MtaGmvaxjguf2aru1EtxS5pdX8/4PtdRcGPmgb
wbn8VDIukn4P8So7v9afdh1eoiFk7Kjq9wzK+jiDcNplpqJtZdUVlD6s7laW4aVs
Ewe7UBk2hlaBxUfl0ztYmwd/3Ln+BjEyVRYpRNFFKGxkUeoNhzY3zRBAqp0dHP3H
bPCUGUGePmzp87283fRtBdRlO9ixk4C3bvZ+kJBXYoE/ootnRdWMuJCYubNh4EtN
+UbOE4J9gXFvO1PlBBxgL9YSc5KY65Y2HPeNoUfrYQIDAQABo4HHMIHEMB0GA1Ud
DgQWBBScTQCZAA6LsAGBdaG68NAl16AcRzAfBgNVHSMEGDAWgBSW3mHxvRwWKVMc
wMx9O4MAQOYafDAPBgkrBgEFBQcwAQUEAgUAMEwGA1UdIARFMEMwQQYJKwYBBAGg
MgFfMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3Jl
cG9zaXRvcnkvMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDCTAN
BgkqhkiG9w0BAQsFAAOCAQEAfz3YGCB7BW/M3Y2KpS/7zfM7W7T+lCGf6V/p5jPm
vxbDuIoYaXvnHSLLAPhJMYqqBwEuxdwgd1yHiq0mHfMlugUMgDIJkNA0kw7MoNFm
Bf/LjVOXkCBaetmy0XH4EHtvtCDrZTFbCsn9WA0yxvlGNiTKAADkJ+6AyFsXc0Dm
rlnTl7gi+zJiEh/a8H618QjuCBrlvBXriEUO3lVf5cRZW9bDwR5i+kcnfaaXXi0O
+p0YhTq6bW+C3Bmb4qI9EPkc+RK1oIwpePTNawmliKdOU9N3r0deD8eIR/MVhsjw
zDgcMZW9en2LPNjFyAkGGPbtcXXBsfgg0vC89/8AQVE9lw==
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIEQzCCAyugAwIBAgIMb9E4LurbQ6lQPTtFMA0GCSqGSIb3DQEBCwUAMGYxCzAJ
BgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTwwOgYDVQQDEzNH
bG9iYWxTaWduIE9yZ2FuaXphdGlvbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0g
RzIwHhcNMTcwMjEzMDcxMTAzWhcNMTcwNTE2MDcxMTAzWjCBjjELMAkGA1UEBhMC
QkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExFTATBgNVBAUTDDIwMTcwMjEz
MTUwNTFNMEsGA1UEAxNER2xvYmFsU2lnbiBPcmdhbml6YXRpb24gVmFsaWRhdGlv
biBDQSAtIFNIQTI1NiAtIEcyIC0gT0NTUCBSZXNwb25kZXIwggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQDSQ5fPMGrj2VLO26fr3gWL1zATIshlqCbeNieK
ZJb6+l+pCgUX9TjwkapZ9c63wS+dyXp/oy1oaa9rGOC5/Zqu7US3FLml1fz/g+11
FwY+aBvBufxUMi6Sfg/xKju/1p92HV6iIWTsqOr3DMr6OINw2mWmom1l1RWUPqzu
VpbhpWwTB7tQGTaGVoHFR+XTO1ibB3/cuf4GMTJVFilE0UUobGRR6g2HNjfNEECq
nR0c/cds8JQZQZ4+bOnzvbzd9G0F1GU72LGTgLdu9n6QkFdigT+ii2dF1Yy4kJi5
s2HgS035Rs4Tgn2BcW87U+UEHGAv1hJzkpjrljYc942hR+thAgMBAAGjgccwgcQw
HQYDVR0OBBYEFJxNAJkADouwAYF1obrw0CXXoBxHMB8GA1UdIwQYMBaAFJbeYfG9
HBYpUxzAzH07gwBA5hp8MA8GCSsGAQUFBzABBQQCBQAwTAYDVR0gBEUwQzBBBgkr
BgEEAaAyAV8wNDAyBggrBgEFBQcCARYmaHR0cHM6Ly93d3cuZ2xvYmFsc2lnbi5j
b20vcmVwb3NpdG9yeS8wDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUF
BwMJMA0GCSqGSIb3DQEBCwUAA4IBAQB/PdgYIHsFb8zdjYqlL/vN8ztbtP6UIZ/p
X+nmM+a/FsO4ihhpe+cdIssA+EkxiqoHAS7F3CB3XIeKrSYd8yW6BQyAMgmQ0DST
Dsyg0WYF/8uNU5eQIFp62bLRcfgQe2+0IOtlMVsKyf1YDTLG+UY2JMoAAOQn7oDI
WxdzQOauWdOXuCL7MmISH9rwfrXxCO4IGuW8FeuIRQ7eVV/lxFlb1sPBHmL6Ryd9
ppdeLQ76nRiFOrptb4LcGZvioj0Q+Rz5ErWgjCl49M1rCaWIp05T03evR14Px4hH
8xWGyPDMOBwxlb16fYs82MXICQYY9u1xdcGx+CDS8Lz3/wBBUT2X
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [public, no-transform, must-revalidate]
Cf-Cache-Status: [HIT]
Cf-Ray: [3471635b632921ce-EWR]
Content-Length: [1570]
Content-Type: [application/ocsp-response]
Date: [Wed, 29 Mar 2017 08:16:37 GMT]
Etag: ["8e28912ac91902a845ca9ada751627c5dadfc1ee"]
Expires: [Sun, 02 Apr 2017 08:07:36 GMT]
Last-Modified: [Wed, 29 Mar 2017 08:07:36 GMT]
Server: [cloudflare-nginx]
Set-Cookie: [__cfduid=d46dacc743b4103c87ea3ed9ca645b3bf1490775397; expires=Thu, 29-Mar-18 08:16:37 GMT; path=/; domain=.globalsign.com; HttpOnly]
Vary: [Accept-Encoding]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

GlobalSign Organization Validation CA - SHA256 - G2 (CA Certificate)

This certificate was cached at
Certificate details for GlobalSign Organization Validation CA - SHA256 - G2 (At position 1 in certificate chain)
Serial number:
hex: 40000000001444ef04247
int: 4835703278459909592597063
Issued by: GlobalSign Root CA
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: GlobalSign nv-sa
Country: BE
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

Certificate Revocation List (CRL)

This CRL was cached at
http://crl.globalsign.net/root.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://crl.globalsign.net/root.crl
Size: 693 bytes (DER data)
Response time: 45.382388ms
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 5

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: cloudflare-nginx
Content Delivery Network (CDN): CloudFlare
Cache Information: HIT

Raw CRL response headers

Accept-Ranges: [bytes]
Cache-Control: [public, max-age=1407515]
Cf-Cache-Status: [HIT]
Cf-Ray: [3474641aa48a472e-EWR]
Content-Length: [693]
Content-Type: [application/pkix-crl]
Date: [Wed, 29 Mar 2017 17:01:25 GMT]
Etag: [37]
Expires: [Sat, 15 Apr 2017 00:00:00 GMT]
Last-Modified: [Sat, 07 Jan 2017 00:00:00 GMT]
Server: [cloudflare-nginx]
Set-Cookie: [__cfduid=de33fc6901e0f60204ba531587554d6481490806885; expires=Thu, 29-Mar-18 17:01:25 GMT; path=/; domain=.globalsign.net; HttpOnly]
Vary: [Accept-Encoding]
  • Content-Type in response is set to 'application/pkix-crl (RFC 5280, section 4.2.1.13)'
  • This CRL file is DER encoded
  • Issuer field is byte-for-byte equivalent with issuers subject
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://ocsp.globalsign.com/rootr1 (GET)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp.globalsign.com/rootr1 (GET)
Size: 1518 bytes (DER data)
Response time: 112.013776ms
Signature algorithm: SHA256WithRSA
Signature type: CA Deligated
Signed by: GlobalSign OCSP for Root R1 - Signer 1.2
Issued by: GlobalSign Root CA
Signing certificate validity: 2016-12-08 - 2017-05-15
Signing certificate algorithm: SHA1-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: cloudflare-nginx
Content Delivery Network (CDN): CloudFlare
Cache Information: HIT

URL used for GET request

http:/rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCCwQAAAAAAURO8EJH

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6+MgGqMQQUYHtm
GkUNl8qJUC99BM00qP/8/UsCCwQAAAAAAURO8EJH
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIF6goBAKCCBeMwggXfBgkrBgEFBQcwAQEEggXQMIIFzDCBmaIWBBTo5D4n+cHT
OzaRhTkWd1PUt9RfihgPMjAxNzAzMjkxNTIxNTdaMG4wbDBEMAkGBSsOAwIaBQAE
FLdXtbacB/gWIxOOkMkqDr4yAaoxBBRge2YaRQ2XyolQL30EzTSo//z9SwILBAAA
AAABRE7wQkeAABgPMjAxNzAzMjkxNTIxNTdaoBEYDzIwMTcwNDAyMTUyMTU3WjAN
BgkqhkiG9w0BAQsFAAOCAQEAQko0cFoV45WnBf4U+xXOjhyjtUKQ6y4+3MIIEzjR
g9gXieG5yYnioCuT/BEorB+B9wn4FRAaS3K4XdxX11bbOMz+ny1KDvIoAv2IQYnA
V6u6w/vAD7OSiUwEuouNqRA9Af5XI1a5ACGnMqZ61ZOKL53LPv/m/M6GEWnSjY7x
hmTPFUSol5qASMH47wVJ4E4Cw6mIfHXWDesckBg7+WDJXLXPXLKrTMT7K+BhxB65
PmqBzB2YH5TIyColbqzTHPUELqSHAaFJOeAiwFkTxxouZpqrUrz4HxrmDEUI1GU4
6Rmp/gsKol9lwdQCmzJyOzCdSFKgV5rW9wJejgZG65MJKqCCBBgwggQUMIIEEDCC
AvigAwIBAgIOSPWzECFVLDQzsNCb15cwDQYJKoZIhvcNAQEFBQAwVzELMAkGA1UE
BhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jvb3Qg
Q0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xNjEyMDgwMDAwMDBa
Fw0xNzA1MTUwMDAwMDBaMFsxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxT
aWduIG52LXNhMTEwLwYDVQQDEyhHbG9iYWxTaWduIE9DU1AgZm9yIFJvb3QgUjEg
LSBTaWduZXIgMS4yMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4eJO
rqLb90sYTgrLehHOwNb1Gr8BunC06AZDTH/msQRAp+ILqVzPC60EZsdKc1KGe19h
d27VEP/yOx0aFy1/Hmef8jjg8jbofGyDKJkWi5ho8/nT/TtH2EDmi1SQ5iXFDv0T
zzfcUhTaTzt1y2dAZxJDpYeJ7M22p+Uyx1nZ0MOKSbWUZ8JKe33+q7R1jECE84xp
aLG8JN486hq9e5BogGjIlAwg4JzR/n1NfYg61IGC1aSZzBTcclM9wSTr3suBbEUp
M/NvnkIReL4PHZikXupW0yNOB5A9U16iRoWvVZt9QzLji4YtU8D/uP7L0iCKMuu9
Ho9JlpvMlRLlLl3zYwIDAQABo4HVMIHSMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUE
DDAKBggrBgEFBQcDCTAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBTo5D4n+cHTOzaR
hTkWd1PUt9RfijAfBgNVHSMEGDAWgBRge2YaRQ2XyolQL30EzTSo//z9SzAPBgkr
BgEFBQcwAQUEAgUAMEwGA1UdIARFMEMwQQYJKwYBBAGgMgFfMDQwMgYIKwYBBQUH
AgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMA0GCSqG
SIb3DQEBBQUAA4IBAQA+U6mkht7qiRVGQBUpwmZveLWGVlzshYcUhqXmu+l4qVue
h4BJJt49W5nfDnX/tTQHXG365f3oVn8Dbsqt0K3j2DNZQwjLUmwt36ERjs9h1JlA
R52fmUAIoW/iG/7cy/2iQPcMfh//le05L30MaRs8/5sZwmVc1VxhrCfofbSp/gKy
BH2N4a2KCUNuvHmrdcX0FAx4Wjm/D3iignh8aCunfUktOskMUkSlUxb8UWwTgzJj
blibRmlsc3RmEOiAD+TR7GUSVq9H6B0Kzi4cXJ7dXWhoK+XNzNZX+sfaL+WjeDqd
Mkn4KpoU1NTyUz8PRHLvqUGigfTJ0z2lpy5fD7nU
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIEEDCCAvigAwIBAgIOSPWzECFVLDQzsNCb15cwDQYJKoZIhvcNAQEFBQAwVzEL
MAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsT
B1Jvb3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xNjEyMDgw
MDAwMDBaFw0xNzA1MTUwMDAwMDBaMFsxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBH
bG9iYWxTaWduIG52LXNhMTEwLwYDVQQDEyhHbG9iYWxTaWduIE9DU1AgZm9yIFJv
b3QgUjEgLSBTaWduZXIgMS4yMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA4eJOrqLb90sYTgrLehHOwNb1Gr8BunC06AZDTH/msQRAp+ILqVzPC60EZsdK
c1KGe19hd27VEP/yOx0aFy1/Hmef8jjg8jbofGyDKJkWi5ho8/nT/TtH2EDmi1SQ
5iXFDv0TzzfcUhTaTzt1y2dAZxJDpYeJ7M22p+Uyx1nZ0MOKSbWUZ8JKe33+q7R1
jECE84xpaLG8JN486hq9e5BogGjIlAwg4JzR/n1NfYg61IGC1aSZzBTcclM9wSTr
3suBbEUpM/NvnkIReL4PHZikXupW0yNOB5A9U16iRoWvVZt9QzLji4YtU8D/uP7L
0iCKMuu9Ho9JlpvMlRLlLl3zYwIDAQABo4HVMIHSMA4GA1UdDwEB/wQEAwIHgDAT
BgNVHSUEDDAKBggrBgEFBQcDCTAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBTo5D4n
+cHTOzaRhTkWd1PUt9RfijAfBgNVHSMEGDAWgBRge2YaRQ2XyolQL30EzTSo//z9
SzAPBgkrBgEFBQcwAQUEAgUAMEwGA1UdIARFMEMwQQYJKwYBBAGgMgFfMDQwMgYI
KwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkv
MA0GCSqGSIb3DQEBBQUAA4IBAQA+U6mkht7qiRVGQBUpwmZveLWGVlzshYcUhqXm
u+l4qVueh4BJJt49W5nfDnX/tTQHXG365f3oVn8Dbsqt0K3j2DNZQwjLUmwt36ER
js9h1JlAR52fmUAIoW/iG/7cy/2iQPcMfh//le05L30MaRs8/5sZwmVc1VxhrCfo
fbSp/gKyBH2N4a2KCUNuvHmrdcX0FAx4Wjm/D3iignh8aCunfUktOskMUkSlUxb8
UWwTgzJjblibRmlsc3RmEOiAD+TR7GUSVq9H6B0Kzi4cXJ7dXWhoK+XNzNZX+sfa
L+WjeDqdMkn4KpoU1NTyUz8PRHLvqUGigfTJ0z2lpy5fD7nU
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [public, no-transform, must-revalidate]
Cf-Cache-Status: [HIT]
Cf-Ray: [3474641b06db21c2-EWR]
Content-Length: [1518]
Content-Type: [application/ocsp-response]
Date: [Wed, 29 Mar 2017 17:01:25 GMT]
Etag: ["4f1d7b9acb9387f4a05dc1d45d80d80bd89259e9"]
Expires: [Sun, 02 Apr 2017 15:21:57 GMT]
Last-Modified: [Wed, 29 Mar 2017 15:21:57 GMT]
Server: [cloudflare-nginx]
Set-Cookie: [__cfduid=d11074d2bb9fa310c56eda86b409f0d6b1490806885; expires=Thu, 29-Mar-18 17:01:25 GMT; path=/; domain=.globalsign.com; HttpOnly]
Vary: [Accept-Encoding]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)
This OCSP response was cached at
http://ocsp.globalsign.com/rootr1 (POST)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp.globalsign.com/rootr1 (POST)
Size: 1518 bytes (DER data)
Response time: 113.168526ms
Signature algorithm: SHA256WithRSA
Signature type: CA Deligated
Signed by: GlobalSign OCSP for Root R1 - Signer 1.2
Issued by: GlobalSign Root CA
Signing certificate validity: 2016-12-08 - 2017-05-15
Signing certificate algorithm: SHA1-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: cloudflare-nginx
Content Delivery Network (CDN): CloudFlare
Cache Information: HIT

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6+MgGqMQQUYHtm
GkUNl8qJUC99BM00qP/8/UsCCwQAAAAAAURO8EJH
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIF6goBAKCCBeMwggXfBgkrBgEFBQcwAQEEggXQMIIFzDCBmaIWBBTo5D4n+cHT
OzaRhTkWd1PUt9RfihgPMjAxNzAzMjkxNTIxNTdaMG4wbDBEMAkGBSsOAwIaBQAE
FLdXtbacB/gWIxOOkMkqDr4yAaoxBBRge2YaRQ2XyolQL30EzTSo//z9SwILBAAA
AAABRE7wQkeAABgPMjAxNzAzMjkxNTIxNTdaoBEYDzIwMTcwNDAyMTUyMTU3WjAN
BgkqhkiG9w0BAQsFAAOCAQEAQko0cFoV45WnBf4U+xXOjhyjtUKQ6y4+3MIIEzjR
g9gXieG5yYnioCuT/BEorB+B9wn4FRAaS3K4XdxX11bbOMz+ny1KDvIoAv2IQYnA
V6u6w/vAD7OSiUwEuouNqRA9Af5XI1a5ACGnMqZ61ZOKL53LPv/m/M6GEWnSjY7x
hmTPFUSol5qASMH47wVJ4E4Cw6mIfHXWDesckBg7+WDJXLXPXLKrTMT7K+BhxB65
PmqBzB2YH5TIyColbqzTHPUELqSHAaFJOeAiwFkTxxouZpqrUrz4HxrmDEUI1GU4
6Rmp/gsKol9lwdQCmzJyOzCdSFKgV5rW9wJejgZG65MJKqCCBBgwggQUMIIEEDCC
AvigAwIBAgIOSPWzECFVLDQzsNCb15cwDQYJKoZIhvcNAQEFBQAwVzELMAkGA1UE
BhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jvb3Qg
Q0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xNjEyMDgwMDAwMDBa
Fw0xNzA1MTUwMDAwMDBaMFsxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxT
aWduIG52LXNhMTEwLwYDVQQDEyhHbG9iYWxTaWduIE9DU1AgZm9yIFJvb3QgUjEg
LSBTaWduZXIgMS4yMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4eJO
rqLb90sYTgrLehHOwNb1Gr8BunC06AZDTH/msQRAp+ILqVzPC60EZsdKc1KGe19h
d27VEP/yOx0aFy1/Hmef8jjg8jbofGyDKJkWi5ho8/nT/TtH2EDmi1SQ5iXFDv0T
zzfcUhTaTzt1y2dAZxJDpYeJ7M22p+Uyx1nZ0MOKSbWUZ8JKe33+q7R1jECE84xp
aLG8JN486hq9e5BogGjIlAwg4JzR/n1NfYg61IGC1aSZzBTcclM9wSTr3suBbEUp
M/NvnkIReL4PHZikXupW0yNOB5A9U16iRoWvVZt9QzLji4YtU8D/uP7L0iCKMuu9
Ho9JlpvMlRLlLl3zYwIDAQABo4HVMIHSMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUE
DDAKBggrBgEFBQcDCTAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBTo5D4n+cHTOzaR
hTkWd1PUt9RfijAfBgNVHSMEGDAWgBRge2YaRQ2XyolQL30EzTSo//z9SzAPBgkr
BgEFBQcwAQUEAgUAMEwGA1UdIARFMEMwQQYJKwYBBAGgMgFfMDQwMgYIKwYBBQUH
AgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMA0GCSqG
SIb3DQEBBQUAA4IBAQA+U6mkht7qiRVGQBUpwmZveLWGVlzshYcUhqXmu+l4qVue
h4BJJt49W5nfDnX/tTQHXG365f3oVn8Dbsqt0K3j2DNZQwjLUmwt36ERjs9h1JlA
R52fmUAIoW/iG/7cy/2iQPcMfh//le05L30MaRs8/5sZwmVc1VxhrCfofbSp/gKy
BH2N4a2KCUNuvHmrdcX0FAx4Wjm/D3iignh8aCunfUktOskMUkSlUxb8UWwTgzJj
blibRmlsc3RmEOiAD+TR7GUSVq9H6B0Kzi4cXJ7dXWhoK+XNzNZX+sfaL+WjeDqd
Mkn4KpoU1NTyUz8PRHLvqUGigfTJ0z2lpy5fD7nU
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIEEDCCAvigAwIBAgIOSPWzECFVLDQzsNCb15cwDQYJKoZIhvcNAQEFBQAwVzEL
MAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsT
B1Jvb3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xNjEyMDgw
MDAwMDBaFw0xNzA1MTUwMDAwMDBaMFsxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBH
bG9iYWxTaWduIG52LXNhMTEwLwYDVQQDEyhHbG9iYWxTaWduIE9DU1AgZm9yIFJv
b3QgUjEgLSBTaWduZXIgMS4yMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA4eJOrqLb90sYTgrLehHOwNb1Gr8BunC06AZDTH/msQRAp+ILqVzPC60EZsdK
c1KGe19hd27VEP/yOx0aFy1/Hmef8jjg8jbofGyDKJkWi5ho8/nT/TtH2EDmi1SQ
5iXFDv0TzzfcUhTaTzt1y2dAZxJDpYeJ7M22p+Uyx1nZ0MOKSbWUZ8JKe33+q7R1
jECE84xpaLG8JN486hq9e5BogGjIlAwg4JzR/n1NfYg61IGC1aSZzBTcclM9wSTr
3suBbEUpM/NvnkIReL4PHZikXupW0yNOB5A9U16iRoWvVZt9QzLji4YtU8D/uP7L
0iCKMuu9Ho9JlpvMlRLlLl3zYwIDAQABo4HVMIHSMA4GA1UdDwEB/wQEAwIHgDAT
BgNVHSUEDDAKBggrBgEFBQcDCTAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBTo5D4n
+cHTOzaRhTkWd1PUt9RfijAfBgNVHSMEGDAWgBRge2YaRQ2XyolQL30EzTSo//z9
SzAPBgkrBgEFBQcwAQUEAgUAMEwGA1UdIARFMEMwQQYJKwYBBAGgMgFfMDQwMgYI
KwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkv
MA0GCSqGSIb3DQEBBQUAA4IBAQA+U6mkht7qiRVGQBUpwmZveLWGVlzshYcUhqXm
u+l4qVueh4BJJt49W5nfDnX/tTQHXG365f3oVn8Dbsqt0K3j2DNZQwjLUmwt36ER
js9h1JlAR52fmUAIoW/iG/7cy/2iQPcMfh//le05L30MaRs8/5sZwmVc1VxhrCfo
fbSp/gKyBH2N4a2KCUNuvHmrdcX0FAx4Wjm/D3iignh8aCunfUktOskMUkSlUxb8
UWwTgzJjblibRmlsc3RmEOiAD+TR7GUSVq9H6B0Kzi4cXJ7dXWhoK+XNzNZX+sfa
L+WjeDqdMkn4KpoU1NTyUz8PRHLvqUGigfTJ0z2lpy5fD7nU
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [public, no-transform, must-revalidate]
Cf-Cache-Status: [HIT]
Cf-Ray: [3474641b03fd2162-EWR]
Content-Length: [1518]
Content-Type: [application/ocsp-response]
Date: [Wed, 29 Mar 2017 17:01:25 GMT]
Etag: ["4f1d7b9acb9387f4a05dc1d45d80d80bd89259e9"]
Expires: [Sun, 02 Apr 2017 15:21:57 GMT]
Last-Modified: [Wed, 29 Mar 2017 15:21:57 GMT]
Server: [cloudflare-nginx]
Set-Cookie: [__cfduid=d4f641d313d955af33857f63f192b39ec1490806885; expires=Thu, 29-Mar-18 17:01:25 GMT; path=/; domain=.globalsign.com; HttpOnly]
Vary: [Accept-Encoding]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

GlobalSign Root CA (CA Certificate)

This certificate was cached at
Certificate details for GlobalSign Root CA (At position 2 in certificate chain)
Serial number:
hex: 40000000001154b5ac394
int: 4835703278459707669005204
Issued by: GlobalSign Root CA
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: GlobalSign nv-sa
Organization unit: Root CA
Country: BE
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

This is a self signed certificate

Check the revocation status for another website

Created by Paul van Brouwershaven
Revoked certificates can't and should not be trusted, these certificate will cause errors like "NET::ERR_CERT_REVOKED" in browsers.