CRL & OCSP report for test.orthosecure.com (Flexible Architecture and Simplified Technology, Inc.)

test.orthosecure.com

Certificate details for test.orthosecure.com (At position 0 in certificate chain)
Serial number:
hex: 7187900f299c75dbe87be922bb2242ba
int: 150906645467881093326490644557632520890
Issued by: Symantec Class 3 EV SSL CA - G3
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Company registration number: 0101006694
Organization: Flexible Architecture and Simplified Technology, Inc.
State / Province: New Jersey
Locality: Edison
Country: US
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

Check certificate compliance for test.orthosecure.com.

Certificate Revocation List (CRL)

This CRL was cached at
http://sr.symcb.com/sr.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://sr.symcb.com/sr.crl
Size: 168498 bytes (DER data)
Response time: 35.986666ms
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 4800

Relevant server response headers

Date:
Last Modified:

Server and network information

Server Software: Apache
Content Delivery Network (CDN): Akamai
Cache Information: TCP_HIT from a23-217-200-39.deploy.akamaitechnologies.com (AkamaiGHost/8.3.2.1-19774280) (A)

Raw CRL response headers

Accept-Ranges: [bytes]
Content-Type: [application/pkix-crl]
Date: [Sun, 30 Apr 2017 12:52:47 GMT]
Etag: ["23560abb61970f4ae88f00b82840f53c:1493543486"]
Last-Modified: [Sun, 30 Apr 2017 09:11:26 GMT]
Server: [Apache]
Vary: [Accept-Encoding]
X-Cache: [TCP_HIT from a23-217-200-39.deploy.akamaitechnologies.com (AkamaiGHost/8.3.2.1-19774280) (A)]
  • Content-Type in response is set to 'application/pkix-crl (RFC 5280, section 4.2.1.13)'
  • This CRL file is DER encoded
  • Issuer field is byte-for-byte equivalent with issuers subject
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than seven days old, CRLs must be updated and reissued at least every seven days (Mozilla Maintenance Policy section 3)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is not the same as ThisUpdate (RFC 5019, section 6.2)
  • Expires cache header not set (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://sr.symcd.com (POST)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://sr.symcd.com (POST)
Size: 1595 bytes (DER data)
Response time: 260.787893ms
Signature algorithm: SHA1WithRSA
Signature type: CA Deligated
Signed by: Symantec Class 3 EV SSL CA - G3 OCSP Responder
Issued by: Symantec Class 3 EV SSL CA - G3
Signing certificate validity: 2017-04-28 - 2017-07-27
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 154h49m12s

Server and network information

Server Software: nginx/1.10.2
Content Delivery Network (CDN): Akamai
Cache Information: TCP_MISS from a23-217-200-53.deploy.akamaitechnologies.com (AkamaiGHost/8.3.2.1-19774280) (-)

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFEwTzBNMEswSTAJBgUrDgMCGgUABBR0JBRnBp/14Jg/Xj4aa6BlKlQVdQQUAVmr
5906C1mmZGPWzyAHV9WR52oCEHGHkA8pnHXb6HvpIrsiQro=
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIGNwoBAKCCBjAwggYsBgkrBgEFBQcwAQEEggYdMIIGGTCBnqIWBBTfBDfrEUrr
U2c4+9c91PVzM50CChgPMjAxNzA0MjkyMzQxNTlaMHMwcTBJMAkGBSsOAwIaBQAE
FHQkFGcGn/XgmD9ePhproGUqVBV1BBQBWavn3ToLWaZkY9bPIAdX1ZHnagIQcYeQ
Dymcddvoe+kiuyJCuoAAGA8yMDE3MDQyOTIzNDE1OVqgERgPMjAxNzA1MDYyMzQx
NTlaMA0GCSqGSIb3DQEBBQUAA4IBAQANGIYdDp9u7z9KTXCUybtjwg0Awcuk1li4
wE+V0RR7crrj/uxPV3cmJ7rxuQ/6h+FKCah+eZNoi0rO2j4rcEBnT8O50IDSJqcl
59nUu3cU3Q/lqgzP0WFoXrRPGBfyB8+T8LH4HXGZxE+Q7iUKo+V4SJXMT8ChT3SQ
hZN4gOT99OTGlTJs9CXqTdzxrsUEkFrFIfXfutbQ6Hrl2az2vcq45vrRcRMfYPn3
Gk6uczQTdukdZ7Z+PMegws6TLQCu7O4FDE6CxhiMiwwDb6IliYJsXsrniHpl7TSe
d6iij3lKVIt7WkaJ5eHNY3NrhjShAgs+0zKjzCTt/o0cHCR5SksjoIIEYDCCBFww
ggRYMIIDQKADAgECAhBDJUE7ZmqHz8osUmyNd6unMA0GCSqGSIb3DQEBCwUAMHcx
CzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0G
A1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazEoMCYGA1UEAxMfU3ltYW50ZWMg
Q2xhc3MgMyBFViBTU0wgQ0EgLSBHMzAeFw0xNzA0MjgwMDAwMDBaFw0xNzA3Mjcy
MzU5NTlaMDkxNzA1BgNVBAMTLlN5bWFudGVjIENsYXNzIDMgRVYgU1NMIENBIC0g
RzMgT0NTUCBSZXNwb25kZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQCqW4Hv9EY8NX2BWBC5QwIdGZTai8O+mCu2FMV+tR7R9d9bcM9ps6dMQP6wjSFr
Z9Z/lbvVI6fQt7WlngTxRLicUmGe6W6M9W58+0YiUqukRFC7uHyC5XxqpC2gSISC
89i7LRLks/fIQemG8nLC6dUkiB7DyPzZaCKW7PYK5kiwz07jSKyY1zA7A1yzpNGD
z+xfBLENoOmeAGGjSP+D9wseXvRsmRA55fejzu5iLw8n/M0jmc23Hrob4SO5IQnj
nyhmY24JPreLZYXBeKHcPH+ydOMe8++zRr4Y9hNaWrwsExPOg8xisplBktYgQYvp
Qrjug2qrQ7IwaSr3KmUSBOdzAgMBAAGjggEcMIIBGDAPBgkrBgEFBQcwAQUEAgUA
MCIGA1UdEQQbMBmkFzAVMRMwEQYDVQQDEwpUR1YtRS0xMDEwMB8GA1UdIwQYMBaA
FAFZq+fdOgtZpmRj1s8gB1fVkedqMB0GA1UdDgQWBBTfBDfrEUrrU2c4+9c91PVz
M50CCjAMBgNVHRMBAf8EAjAAMG4GA1UdIARnMGUwYwYLYIZIAYb4RQEHFwMwVDAm
BggrBgEFBQcCARYaaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9jcHMwKgYIKwYBBQUH
AgIwHhocICBodHRwOi8vd3d3LnN5bWF1dGguY29tL3JwYTATBgNVHSUEDDAKBggr
BgEFBQcDCTAOBgNVHQ8BAf8EBAMCB4AwDQYJKoZIhvcNAQELBQADggEBAGzUQNyF
xDKFWHpSsyoaiSu09TLOfKTQZffLcb319tBUHyFkhYVTiQD6rHsYiw+uz3StF87/
nHCEHAmlFO25Z1uEjnoTUM5trOOlgazzxseZSYCA/9X0+E6oO3q52NyvxSUcij36
arb23QcRyhRPX2FyWVM7Rre00ZQ9sHVafXraYsGCuUF14s9ITgnikazXxLg55pEE
b7AcV23AjtjbdICqvgv57jjxB1tA/oeelIUmT5ABwTHHTjIgmzNCsNrBolGgzIHc
FQ3iHnN74YODxb5TdH+bCSzXBjIIGblOHExzAeDU8oQ9kU8p68MuNa7j5ES+nVhv
09mdHbvTWqQ2OJU=
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIEWDCCA0CgAwIBAgIQQyVBO2Zqh8/KLFJsjXerpzANBgkqhkiG9w0BAQsFADB3
MQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAd
BgNVBAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxKDAmBgNVBAMTH1N5bWFudGVj
IENsYXNzIDMgRVYgU1NMIENBIC0gRzMwHhcNMTcwNDI4MDAwMDAwWhcNMTcwNzI3
MjM1OTU5WjA5MTcwNQYDVQQDEy5TeW1hbnRlYyBDbGFzcyAzIEVWIFNTTCBDQSAt
IEczIE9DU1AgUmVzcG9uZGVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAqluB7/RGPDV9gVgQuUMCHRmU2ovDvpgrthTFfrUe0fXfW3DPabOnTED+sI0h
a2fWf5W71SOn0Le1pZ4E8US4nFJhnulujPVufPtGIlKrpERQu7h8guV8aqQtoEiE
gvPYuy0S5LP3yEHphvJywunVJIgew8j82Wgiluz2CuZIsM9O40ismNcwOwNcs6TR
g8/sXwSxDaDpngBho0j/g/cLHl70bJkQOeX3o87uYi8PJ/zNI5nNtx66G+EjuSEJ
458oZmNuCT63i2WFwXih3Dx/snTjHvPvs0a+GPYTWlq8LBMTzoPMYrKZQZLWIEGL
6UK47oNqq0OyMGkq9yplEgTncwIDAQABo4IBHDCCARgwDwYJKwYBBQUHMAEFBAIF
ADAiBgNVHREEGzAZpBcwFTETMBEGA1UEAxMKVEdWLUUtMTAxMDAfBgNVHSMEGDAW
gBQBWavn3ToLWaZkY9bPIAdX1ZHnajAdBgNVHQ4EFgQU3wQ36xFK61NnOPvXPdT1
czOdAgowDAYDVR0TAQH/BAIwADBuBgNVHSAEZzBlMGMGC2CGSAGG+EUBBxcDMFQw
JgYIKwYBBQUHAgEWGmh0dHA6Ly93d3cuc3ltYXV0aC5jb20vY3BzMCoGCCsGAQUF
BwICMB4aHCAgaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9ycGEwEwYDVR0lBAwwCgYI
KwYBBQUHAwkwDgYDVR0PAQH/BAQDAgeAMA0GCSqGSIb3DQEBCwUAA4IBAQBs1EDc
hcQyhVh6UrMqGokrtPUyznyk0GX3y3G99fbQVB8hZIWFU4kA+qx7GIsPrs90rRfO
/5xwhBwJpRTtuWdbhI56E1DObazjpYGs88bHmUmAgP/V9PhOqDt6udjcr8UlHIo9
+mq29t0HEcoUT19hcllTO0a3tNGUPbB1Wn162mLBgrlBdeLPSE4J4pGs18S4OeaR
BG+wHFdtwI7Y23SAqr4L+e448QdbQP6HnpSFJk+QAcExx04yIJszQrDawaJRoMyB
3BUN4h5ze+GDg8W+U3R/mwks1wYyCBm5ThxMcwHg1PKEPZFPKevDLjWu4+REvp1Y
b9PZnR2701qkNjiV
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [max-age=557352, public, no-transform, must-revalidate]
Content-Length: [1595]
Content-Transfer-Encoding: [binary]
Content-Type: [application/ocsp-response]
Date: [Sun, 30 Apr 2017 12:52:47 GMT]
Expires: [Sat, 6 May 2017 23:41:59 GMT]
Last-Modified: [Sat, 29 Apr 2017 23:41:59 GMT]
Server: [nginx/1.10.2]
X-Cache: [TCP_MISS from a23-217-200-53.deploy.akamaitechnologies.com (AkamaiGHost/8.3.2.1-19774280) (-)]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • OCSP response is valid for at least 8 hours (Microsoft)
  • OCSP response is available at least 8 hours before the current period expires or at ½ the validity if valid for more than 16 hours (Microsoft)
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)
This OCSP response was cached at
http://sr.symcd.com (GET)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://sr.symcd.com (GET)
Size: 1595 bytes (DER data)
Response time: 274.018031ms
Signature algorithm: SHA1WithRSA
Signature type: CA Deligated
Signed by: Symantec Class 3 EV SSL CA - G3 OCSP Responder
Issued by: Symantec Class 3 EV SSL CA - G3
Signing certificate validity: 2017-04-28 - 2017-07-27
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 154h49m12s

Server and network information

Server Software: nginx/1.10.2
Content Delivery Network (CDN): Akamai
Cache Information: TCP_MISS from a23-217-200-68.deploy.akamaitechnologies.com (AkamaiGHost/8.3.2.1-19774280) (-)

URL used for GET request

http:/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR0JBRnBp%2F14Jg%2FXj4aa6BlKlQVdQQUAVmr5906C1mmZGPWzyAHV9WR52oCEHGHkA8pnHXb6HvpIrsiQro%3D

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFEwTzBNMEswSTAJBgUrDgMCGgUABBR0JBRnBp/14Jg/Xj4aa6BlKlQVdQQUAVmr
5906C1mmZGPWzyAHV9WR52oCEHGHkA8pnHXb6HvpIrsiQro=
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIGNwoBAKCCBjAwggYsBgkrBgEFBQcwAQEEggYdMIIGGTCBnqIWBBTfBDfrEUrr
U2c4+9c91PVzM50CChgPMjAxNzA0MjkyMzQxNTlaMHMwcTBJMAkGBSsOAwIaBQAE
FHQkFGcGn/XgmD9ePhproGUqVBV1BBQBWavn3ToLWaZkY9bPIAdX1ZHnagIQcYeQ
Dymcddvoe+kiuyJCuoAAGA8yMDE3MDQyOTIzNDE1OVqgERgPMjAxNzA1MDYyMzQx
NTlaMA0GCSqGSIb3DQEBBQUAA4IBAQANGIYdDp9u7z9KTXCUybtjwg0Awcuk1li4
wE+V0RR7crrj/uxPV3cmJ7rxuQ/6h+FKCah+eZNoi0rO2j4rcEBnT8O50IDSJqcl
59nUu3cU3Q/lqgzP0WFoXrRPGBfyB8+T8LH4HXGZxE+Q7iUKo+V4SJXMT8ChT3SQ
hZN4gOT99OTGlTJs9CXqTdzxrsUEkFrFIfXfutbQ6Hrl2az2vcq45vrRcRMfYPn3
Gk6uczQTdukdZ7Z+PMegws6TLQCu7O4FDE6CxhiMiwwDb6IliYJsXsrniHpl7TSe
d6iij3lKVIt7WkaJ5eHNY3NrhjShAgs+0zKjzCTt/o0cHCR5SksjoIIEYDCCBFww
ggRYMIIDQKADAgECAhBDJUE7ZmqHz8osUmyNd6unMA0GCSqGSIb3DQEBCwUAMHcx
CzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0G
A1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazEoMCYGA1UEAxMfU3ltYW50ZWMg
Q2xhc3MgMyBFViBTU0wgQ0EgLSBHMzAeFw0xNzA0MjgwMDAwMDBaFw0xNzA3Mjcy
MzU5NTlaMDkxNzA1BgNVBAMTLlN5bWFudGVjIENsYXNzIDMgRVYgU1NMIENBIC0g
RzMgT0NTUCBSZXNwb25kZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQCqW4Hv9EY8NX2BWBC5QwIdGZTai8O+mCu2FMV+tR7R9d9bcM9ps6dMQP6wjSFr
Z9Z/lbvVI6fQt7WlngTxRLicUmGe6W6M9W58+0YiUqukRFC7uHyC5XxqpC2gSISC
89i7LRLks/fIQemG8nLC6dUkiB7DyPzZaCKW7PYK5kiwz07jSKyY1zA7A1yzpNGD
z+xfBLENoOmeAGGjSP+D9wseXvRsmRA55fejzu5iLw8n/M0jmc23Hrob4SO5IQnj
nyhmY24JPreLZYXBeKHcPH+ydOMe8++zRr4Y9hNaWrwsExPOg8xisplBktYgQYvp
Qrjug2qrQ7IwaSr3KmUSBOdzAgMBAAGjggEcMIIBGDAPBgkrBgEFBQcwAQUEAgUA
MCIGA1UdEQQbMBmkFzAVMRMwEQYDVQQDEwpUR1YtRS0xMDEwMB8GA1UdIwQYMBaA
FAFZq+fdOgtZpmRj1s8gB1fVkedqMB0GA1UdDgQWBBTfBDfrEUrrU2c4+9c91PVz
M50CCjAMBgNVHRMBAf8EAjAAMG4GA1UdIARnMGUwYwYLYIZIAYb4RQEHFwMwVDAm
BggrBgEFBQcCARYaaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9jcHMwKgYIKwYBBQUH
AgIwHhocICBodHRwOi8vd3d3LnN5bWF1dGguY29tL3JwYTATBgNVHSUEDDAKBggr
BgEFBQcDCTAOBgNVHQ8BAf8EBAMCB4AwDQYJKoZIhvcNAQELBQADggEBAGzUQNyF
xDKFWHpSsyoaiSu09TLOfKTQZffLcb319tBUHyFkhYVTiQD6rHsYiw+uz3StF87/
nHCEHAmlFO25Z1uEjnoTUM5trOOlgazzxseZSYCA/9X0+E6oO3q52NyvxSUcij36
arb23QcRyhRPX2FyWVM7Rre00ZQ9sHVafXraYsGCuUF14s9ITgnikazXxLg55pEE
b7AcV23AjtjbdICqvgv57jjxB1tA/oeelIUmT5ABwTHHTjIgmzNCsNrBolGgzIHc
FQ3iHnN74YODxb5TdH+bCSzXBjIIGblOHExzAeDU8oQ9kU8p68MuNa7j5ES+nVhv
09mdHbvTWqQ2OJU=
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIEWDCCA0CgAwIBAgIQQyVBO2Zqh8/KLFJsjXerpzANBgkqhkiG9w0BAQsFADB3
MQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAd
BgNVBAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxKDAmBgNVBAMTH1N5bWFudGVj
IENsYXNzIDMgRVYgU1NMIENBIC0gRzMwHhcNMTcwNDI4MDAwMDAwWhcNMTcwNzI3
MjM1OTU5WjA5MTcwNQYDVQQDEy5TeW1hbnRlYyBDbGFzcyAzIEVWIFNTTCBDQSAt
IEczIE9DU1AgUmVzcG9uZGVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAqluB7/RGPDV9gVgQuUMCHRmU2ovDvpgrthTFfrUe0fXfW3DPabOnTED+sI0h
a2fWf5W71SOn0Le1pZ4E8US4nFJhnulujPVufPtGIlKrpERQu7h8guV8aqQtoEiE
gvPYuy0S5LP3yEHphvJywunVJIgew8j82Wgiluz2CuZIsM9O40ismNcwOwNcs6TR
g8/sXwSxDaDpngBho0j/g/cLHl70bJkQOeX3o87uYi8PJ/zNI5nNtx66G+EjuSEJ
458oZmNuCT63i2WFwXih3Dx/snTjHvPvs0a+GPYTWlq8LBMTzoPMYrKZQZLWIEGL
6UK47oNqq0OyMGkq9yplEgTncwIDAQABo4IBHDCCARgwDwYJKwYBBQUHMAEFBAIF
ADAiBgNVHREEGzAZpBcwFTETMBEGA1UEAxMKVEdWLUUtMTAxMDAfBgNVHSMEGDAW
gBQBWavn3ToLWaZkY9bPIAdX1ZHnajAdBgNVHQ4EFgQU3wQ36xFK61NnOPvXPdT1
czOdAgowDAYDVR0TAQH/BAIwADBuBgNVHSAEZzBlMGMGC2CGSAGG+EUBBxcDMFQw
JgYIKwYBBQUHAgEWGmh0dHA6Ly93d3cuc3ltYXV0aC5jb20vY3BzMCoGCCsGAQUF
BwICMB4aHCAgaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9ycGEwEwYDVR0lBAwwCgYI
KwYBBQUHAwkwDgYDVR0PAQH/BAQDAgeAMA0GCSqGSIb3DQEBCwUAA4IBAQBs1EDc
hcQyhVh6UrMqGokrtPUyznyk0GX3y3G99fbQVB8hZIWFU4kA+qx7GIsPrs90rRfO
/5xwhBwJpRTtuWdbhI56E1DObazjpYGs88bHmUmAgP/V9PhOqDt6udjcr8UlHIo9
+mq29t0HEcoUT19hcllTO0a3tNGUPbB1Wn162mLBgrlBdeLPSE4J4pGs18S4OeaR
BG+wHFdtwI7Y23SAqr4L+e448QdbQP6HnpSFJk+QAcExx04yIJszQrDawaJRoMyB
3BUN4h5ze+GDg8W+U3R/mwks1wYyCBm5ThxMcwHg1PKEPZFPKevDLjWu4+REvp1Y
b9PZnR2701qkNjiV
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [max-age=557352, public, no-transform, must-revalidate]
Content-Length: [1595]
Content-Transfer-Encoding: [binary]
Content-Type: [application/ocsp-response]
Date: [Sun, 30 Apr 2017 12:52:47 GMT]
Expires: [Sat, 6 May 2017 23:41:59 GMT]
Last-Modified: [Sat, 29 Apr 2017 23:41:59 GMT]
Server: [nginx/1.10.2]
X-Cache: [TCP_MISS from a23-217-200-68.deploy.akamaitechnologies.com (AkamaiGHost/8.3.2.1-19774280) (-)]
  • OCSP requests is smaller than 255 bytes
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • OCSP response is valid for at least 8 hours (Microsoft)
  • OCSP response is available at least 8 hours before the current period expires or at ½ the validity if valid for more than 16 hours (Microsoft)
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

Symantec Class 3 EV SSL CA - G3 (CA Certificate)

Certificate details for Symantec Class 3 EV SSL CA - G3 (At position 1 in certificate chain)
Serial number:
hex: 7ee14a6f6feff2d37f3fad654d3adab4
int: 168652503989349361584430187274382793396
Issued by: VeriSign Class 3 Public Primary Certification Authority - G5
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: Symantec Corporation
Organization unit: Symantec Trust Network
Country: US
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

This certificate contains no information about authoritative CRL(s) or OCSP servers

Check the revocation status for another website

Created by Paul van Brouwershaven
Revoked certificates can't and should not be trusted, these certificate will cause errors like "NET::ERR_CERT_REVOKED" in browsers.