CRL & OCSP report for www.annuaireequestre.com

www.annuaireequestre.com

Certificate details for www.annuaireequestre.com (At position 0 in certificate chain)
Serial number:
hex: 14bb1
int: 84913
Issued by: GeoTrust DV SSL CA - G4
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization unit: GT67734177
Organization unit: See www.geotrust.com/resources/cps (c)15
Organization unit: Domain Control Validated - QuickSSL(R) Premium
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

Check certificate compliance for www.annuaireequestre.com.

Certificate Revocation List (CRL)

This CRL was cached at
http://gu.symcb.com/gu.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://gu.symcb.com/gu.crl
Size: 4331 bytes (DER data)
Response time: 26.622883ms
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 175

Relevant server response headers

Date:
Last Modified:

Server and network information

Server Software: Apache
Content Delivery Network (CDN): Akamai
Cache Information: TCP_MEM_HIT from a23-215-131-111.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (-)

Raw CRL response headers

Accept-Ranges: [bytes]
Content-Type: [application/pkix-crl]
Date: [Tue, 27 Jun 2017 02:10:19 GMT]
Etag: ["130f1b292f2726cfadee67a318c05c56:1498507219"]
Last-Modified: [Mon, 26 Jun 2017 20:00:19 GMT]
Server: [Apache]
Vary: [Accept-Encoding]
X-Cache: [TCP_MEM_HIT from a23-215-131-111.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (-)]
  • Content-Type in response is set to 'application/pkix-crl (RFC 5280, section 4.2.1.13)'
  • This CRL file is DER encoded
  • Issuer field is byte-for-byte equivalent with issuers subject
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than seven days old, CRLs must be updated and reissued at least every seven days (Mozilla Maintenance Policy section 3)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is not the same as ThisUpdate (RFC 5019, section 6.2)
  • Expires cache header not set (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://gu.symcd.com (POST)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://gu.symcd.com (POST)
Size: 1443 bytes (DER data)
Response time: 74.575251ms
Signature algorithm: SHA1WithRSA
Signature type: CA Delegated
Signed by: GeoTrust DV SSL CA - G4 OCSP Responder
Issued by: GeoTrust DV SSL CA - G4
Signing certificate validity: 2017-04-28 - 2018-05-22
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 121h12m4s

Server and network information

Server Software: nginx/1.10.2
Content Delivery Network (CDN): Akamai
Cache Information: TCP_MISS from a23-215-131-68.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (-)

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MEQwQjBAMD4wPDAJBgUrDgMCGgUABBQL/mvtX4G40i11eM+z5k7NQa9tkwQUC1Ds
d+8qm//sA6EK/63G5CoYxz4CAwFLsQ==
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIFnwoBAKCCBZgwggWUBgkrBgEFBQcwAQEEggWFMIIFgTCBkaIWBBTQbHRAXx6K
spJaSbCc0z3Kfs2qzBgPMjAxNzA2MjUwMzIyMjNaMGYwZDA8MAkGBSsOAwIaBQAE
FAv+a+1fgbjSLXV4z7PmTs1Br22TBBQLUOx37yqb/+wDoQr/rcbkKhjHPgIDAUux
gAAYDzIwMTcwNjI1MDMyMjIzWqARGA8yMDE3MDcwMjAzMjIyM1owDQYJKoZIhvcN
AQEFBQADggEBABJXR1TkozbIqD2ByS2FPt02wO05pCWwZVHx2FrCZUM+6MUa4lsK
OTgYAbgKE2JNPkLrEA3x9uzf6xPmowQVmbAk4IWLHskZO7hnA6H5U1GiXirCH0id
kkD+uraxvzMycXTpXSlRhouqI575GYgj/cLjaRgI3Yr2Zvo9N14+z2fqkGhHnt6K
doTFlgxdmx5PzVlz27oMscyvQcY1t69KvAb7SIh+fzzH8jixKVGO7kT6gTF7IXNn
tGQ/WvcwBraElzp4Eza29kLPFovZmWNRcQHg/5XY2+8HQIObDaanJ2qWrzls6pGn
MqNdaQngur6XQ/rd9uPhI4W61oq5Pt+Yfc2gggPVMIID0TCCA80wggK1oAMCAQIC
EAEAE0uv/afC7XVA0hdgNMswDQYJKoZIhvcNAQELBQAwZjELMAkGA1UEBhMCVVMx
FjAUBgNVBAoTDUdlb1RydXN0IEluYy4xHTAbBgNVBAsTFERvbWFpbiBWYWxpZGF0
ZWQgU1NMMSAwHgYDVQQDExdHZW9UcnVzdCBEViBTU0wgQ0EgLSBHNDAeFw0xNzA0
MjgxOTE5MTlaFw0xODA1MjIxOTE5MTlaMDExLzAtBgNVBAMTJkdlb1RydXN0IERW
IFNTTCBDQSAtIEc0IE9DU1AgUmVzcG9uZGVyMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAwxUK3BkwxWlh1+QZjH9GpHSy4v204vN/MTt32yeZO2KwaPGU
o3G1iXlv8rRg76pL0bgUT+6t3Mayn4TmqyLVpQWViqy8PITEpGWnE2MXj0+dZBvI
L4n/kj7NG2Ai1tsTh4fonjRZ7n4jAkMgyaqh/uFEKAcSXALR+qh3vEpkOEOcc9+5
uUB6yRKjzoAXh53k845WWT0XrYy2HS+i+Mg93wvZRDT0JONyBmV0exjzc8X64y9w
6aO28iGgxJcwvjy1XJMvKgUVCl4bUXnMWVGW2rSq2ihCpcuMGUX29NOspKrg5gFk
4YAPTrqZ5CzdZ8/WOaZurlpQYlWz8Qo33D01DwIDAQABo4GrMIGoMB8GA1UdIwQY
MBaAFAtQ7HfvKpv/7AOhCv+txuQqGMc+MA8GCSsGAQUFBzABBQQCBQAwHQYDVR0O
BBYEFNBsdEBfHoqyklpJsJzTPcp+zarMMBMGA1UdJQQMMAoGCCsGAQUFBwMJMAwG
A1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgeAMCIGA1UdEQQbMBmkFzAVMRMwEQYD
VQQDEwpUR1YtT0ZGLTk5MA0GCSqGSIb3DQEBCwUAA4IBAQCxQD6Z3iYG8HyIIf2c
lXuHBm8YV3nV14ZVrwDP8C1rpWEuZiuoyHUaaXSfm1odSVN9iyu3CGihA7llRjUs
wIVHOovbCqmEA/37WDBmzdaIMXN1oKpLs6V1VdVwL7hb0H9jnKToagUkBjCY9ncZ
OVfJkH66yhJG8v7Rp6mJojl8qU35TiFZh53cdiVhKrBrJTKT/hOW+OuTYtYTjerX
C9FhFvukt4wwfsAbdsAVWkqgD64jgvZEoeRPwx59wORigELZj2+BnI8JbgGqtdLG
lVN946MBQDM0xI6Kpa6795y1H9saQs6My7Sk+f6Wn+oywiaSRXy/rI3FQ2sLdm/P
tExH
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIDzTCCArWgAwIBAgIQAQATS6/9p8LtdUDSF2A0yzANBgkqhkiG9w0BAQsFADBm
MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEdMBsGA1UECxMU
RG9tYWluIFZhbGlkYXRlZCBTU0wxIDAeBgNVBAMTF0dlb1RydXN0IERWIFNTTCBD
QSAtIEc0MB4XDTE3MDQyODE5MTkxOVoXDTE4MDUyMjE5MTkxOVowMTEvMC0GA1UE
AxMmR2VvVHJ1c3QgRFYgU1NMIENBIC0gRzQgT0NTUCBSZXNwb25kZXIwggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDFQrcGTDFaWHX5BmMf0akdLLi/bTi
838xO3fbJ5k7YrBo8ZSjcbWJeW/ytGDvqkvRuBRP7q3cxrKfhOarItWlBZWKrLw8
hMSkZacTYxePT51kG8gvif+SPs0bYCLW2xOHh+ieNFnufiMCQyDJqqH+4UQoBxJc
AtH6qHe8SmQ4Q5xz37m5QHrJEqPOgBeHneTzjlZZPRetjLYdL6L4yD3fC9lENPQk
43IGZXR7GPNzxfrjL3Dpo7byIaDElzC+PLVcky8qBRUKXhtRecxZUZbatKraKEKl
y4wZRfb006ykquDmAWThgA9OupnkLN1nz9Y5pm6uWlBiVbPxCjfcPTUPAgMBAAGj
gaswgagwHwYDVR0jBBgwFoAUC1Dsd+8qm//sA6EK/63G5CoYxz4wDwYJKwYBBQUH
MAEFBAIFADAdBgNVHQ4EFgQU0Gx0QF8eirKSWkmwnNM9yn7NqswwEwYDVR0lBAww
CgYIKwYBBQUHAwkwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCB4AwIgYDVR0R
BBswGaQXMBUxEzARBgNVBAMTClRHVi1PRkYtOTkwDQYJKoZIhvcNAQELBQADggEB
ALFAPpneJgbwfIgh/ZyVe4cGbxhXedXXhlWvAM/wLWulYS5mK6jIdRppdJ+bWh1J
U32LK7cIaKEDuWVGNSzAhUc6i9sKqYQD/ftYMGbN1ogxc3WgqkuzpXVV1XAvuFvQ
f2OcpOhqBSQGMJj2dxk5V8mQfrrKEkby/tGnqYmiOXypTflOIVmHndx2JWEqsGsl
MpP+E5b465Ni1hON6tcL0WEW+6S3jDB+wBt2wBVaSqAPriOC9kSh5E/DHn3A5GKA
QtmPb4GcjwluAaq10saVU33jowFAMzTEjoqlrrv3nLUf2xpCzozLtKT5/paf6jLC
JpJFfL+sjcVDawt2b8+0TEc=
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [max-age=436324, public, no-transform, must-revalidate]
Content-Length: [1443]
Content-Transfer-Encoding: [binary]
Content-Type: [application/ocsp-response]
Date: [Tue, 27 Jun 2017 02:10:19 GMT]
Expires: [Sun, 2 Jul 2017 03:22:23 GMT]
Last-Modified: [Sun, 25 Jun 2017 03:22:23 GMT]
Server: [nginx/1.10.2]
X-Cache: [TCP_MISS from a23-215-131-68.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (-)]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • OCSP response is valid for at least 8 hours (Microsoft)
  • OCSP response is available at least 8 hours before the current period expires or at ½ the validity if valid for more than 16 hours (Microsoft)
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)
This OCSP response was cached at
http://gu.symcd.com (GET)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://gu.symcd.com (GET)
Size: 1443 bytes (DER data)
Response time: 84.436331ms
Signature algorithm: SHA1WithRSA
Signature type: CA Delegated
Signed by: GeoTrust DV SSL CA - G4 OCSP Responder
Issued by: GeoTrust DV SSL CA - G4
Signing certificate validity: 2017-04-28 - 2018-05-22
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 121h12m4s

Server and network information

Server Software: nginx/1.10.2
Content Delivery Network (CDN): Akamai
Cache Information: TCP_MISS from a23-215-131-68.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (-)

URL used for GET request

http://gu.symcd.com/MEQwQjBAMD4wPDAJBgUrDgMCGgUABBQL%2FmvtX4G40i11eM%2Bz5k7NQa9tkwQUC1Dsd%2B8qm%2F%2FsA6EK%2F63G5CoYxz4CAwFLsQ%3D%3D

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MEQwQjBAMD4wPDAJBgUrDgMCGgUABBQL/mvtX4G40i11eM+z5k7NQa9tkwQUC1Ds
d+8qm//sA6EK/63G5CoYxz4CAwFLsQ==
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIFnwoBAKCCBZgwggWUBgkrBgEFBQcwAQEEggWFMIIFgTCBkaIWBBTQbHRAXx6K
spJaSbCc0z3Kfs2qzBgPMjAxNzA2MjUwMzIyMjNaMGYwZDA8MAkGBSsOAwIaBQAE
FAv+a+1fgbjSLXV4z7PmTs1Br22TBBQLUOx37yqb/+wDoQr/rcbkKhjHPgIDAUux
gAAYDzIwMTcwNjI1MDMyMjIzWqARGA8yMDE3MDcwMjAzMjIyM1owDQYJKoZIhvcN
AQEFBQADggEBABJXR1TkozbIqD2ByS2FPt02wO05pCWwZVHx2FrCZUM+6MUa4lsK
OTgYAbgKE2JNPkLrEA3x9uzf6xPmowQVmbAk4IWLHskZO7hnA6H5U1GiXirCH0id
kkD+uraxvzMycXTpXSlRhouqI575GYgj/cLjaRgI3Yr2Zvo9N14+z2fqkGhHnt6K
doTFlgxdmx5PzVlz27oMscyvQcY1t69KvAb7SIh+fzzH8jixKVGO7kT6gTF7IXNn
tGQ/WvcwBraElzp4Eza29kLPFovZmWNRcQHg/5XY2+8HQIObDaanJ2qWrzls6pGn
MqNdaQngur6XQ/rd9uPhI4W61oq5Pt+Yfc2gggPVMIID0TCCA80wggK1oAMCAQIC
EAEAE0uv/afC7XVA0hdgNMswDQYJKoZIhvcNAQELBQAwZjELMAkGA1UEBhMCVVMx
FjAUBgNVBAoTDUdlb1RydXN0IEluYy4xHTAbBgNVBAsTFERvbWFpbiBWYWxpZGF0
ZWQgU1NMMSAwHgYDVQQDExdHZW9UcnVzdCBEViBTU0wgQ0EgLSBHNDAeFw0xNzA0
MjgxOTE5MTlaFw0xODA1MjIxOTE5MTlaMDExLzAtBgNVBAMTJkdlb1RydXN0IERW
IFNTTCBDQSAtIEc0IE9DU1AgUmVzcG9uZGVyMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAwxUK3BkwxWlh1+QZjH9GpHSy4v204vN/MTt32yeZO2KwaPGU
o3G1iXlv8rRg76pL0bgUT+6t3Mayn4TmqyLVpQWViqy8PITEpGWnE2MXj0+dZBvI
L4n/kj7NG2Ai1tsTh4fonjRZ7n4jAkMgyaqh/uFEKAcSXALR+qh3vEpkOEOcc9+5
uUB6yRKjzoAXh53k845WWT0XrYy2HS+i+Mg93wvZRDT0JONyBmV0exjzc8X64y9w
6aO28iGgxJcwvjy1XJMvKgUVCl4bUXnMWVGW2rSq2ihCpcuMGUX29NOspKrg5gFk
4YAPTrqZ5CzdZ8/WOaZurlpQYlWz8Qo33D01DwIDAQABo4GrMIGoMB8GA1UdIwQY
MBaAFAtQ7HfvKpv/7AOhCv+txuQqGMc+MA8GCSsGAQUFBzABBQQCBQAwHQYDVR0O
BBYEFNBsdEBfHoqyklpJsJzTPcp+zarMMBMGA1UdJQQMMAoGCCsGAQUFBwMJMAwG
A1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgeAMCIGA1UdEQQbMBmkFzAVMRMwEQYD
VQQDEwpUR1YtT0ZGLTk5MA0GCSqGSIb3DQEBCwUAA4IBAQCxQD6Z3iYG8HyIIf2c
lXuHBm8YV3nV14ZVrwDP8C1rpWEuZiuoyHUaaXSfm1odSVN9iyu3CGihA7llRjUs
wIVHOovbCqmEA/37WDBmzdaIMXN1oKpLs6V1VdVwL7hb0H9jnKToagUkBjCY9ncZ
OVfJkH66yhJG8v7Rp6mJojl8qU35TiFZh53cdiVhKrBrJTKT/hOW+OuTYtYTjerX
C9FhFvukt4wwfsAbdsAVWkqgD64jgvZEoeRPwx59wORigELZj2+BnI8JbgGqtdLG
lVN946MBQDM0xI6Kpa6795y1H9saQs6My7Sk+f6Wn+oywiaSRXy/rI3FQ2sLdm/P
tExH
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIDzTCCArWgAwIBAgIQAQATS6/9p8LtdUDSF2A0yzANBgkqhkiG9w0BAQsFADBm
MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEdMBsGA1UECxMU
RG9tYWluIFZhbGlkYXRlZCBTU0wxIDAeBgNVBAMTF0dlb1RydXN0IERWIFNTTCBD
QSAtIEc0MB4XDTE3MDQyODE5MTkxOVoXDTE4MDUyMjE5MTkxOVowMTEvMC0GA1UE
AxMmR2VvVHJ1c3QgRFYgU1NMIENBIC0gRzQgT0NTUCBSZXNwb25kZXIwggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDFQrcGTDFaWHX5BmMf0akdLLi/bTi
838xO3fbJ5k7YrBo8ZSjcbWJeW/ytGDvqkvRuBRP7q3cxrKfhOarItWlBZWKrLw8
hMSkZacTYxePT51kG8gvif+SPs0bYCLW2xOHh+ieNFnufiMCQyDJqqH+4UQoBxJc
AtH6qHe8SmQ4Q5xz37m5QHrJEqPOgBeHneTzjlZZPRetjLYdL6L4yD3fC9lENPQk
43IGZXR7GPNzxfrjL3Dpo7byIaDElzC+PLVcky8qBRUKXhtRecxZUZbatKraKEKl
y4wZRfb006ykquDmAWThgA9OupnkLN1nz9Y5pm6uWlBiVbPxCjfcPTUPAgMBAAGj
gaswgagwHwYDVR0jBBgwFoAUC1Dsd+8qm//sA6EK/63G5CoYxz4wDwYJKwYBBQUH
MAEFBAIFADAdBgNVHQ4EFgQU0Gx0QF8eirKSWkmwnNM9yn7NqswwEwYDVR0lBAww
CgYIKwYBBQUHAwkwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCB4AwIgYDVR0R
BBswGaQXMBUxEzARBgNVBAMTClRHVi1PRkYtOTkwDQYJKoZIhvcNAQELBQADggEB
ALFAPpneJgbwfIgh/ZyVe4cGbxhXedXXhlWvAM/wLWulYS5mK6jIdRppdJ+bWh1J
U32LK7cIaKEDuWVGNSzAhUc6i9sKqYQD/ftYMGbN1ogxc3WgqkuzpXVV1XAvuFvQ
f2OcpOhqBSQGMJj2dxk5V8mQfrrKEkby/tGnqYmiOXypTflOIVmHndx2JWEqsGsl
MpP+E5b465Ni1hON6tcL0WEW+6S3jDB+wBt2wBVaSqAPriOC9kSh5E/DHn3A5GKA
QtmPb4GcjwluAaq10saVU33jowFAMzTEjoqlrrv3nLUf2xpCzozLtKT5/paf6jLC
JpJFfL+sjcVDawt2b8+0TEc=
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [max-age=436324, public, no-transform, must-revalidate]
Content-Length: [1443]
Content-Transfer-Encoding: [binary]
Content-Type: [application/ocsp-response]
Date: [Tue, 27 Jun 2017 02:10:19 GMT]
Expires: [Sun, 2 Jul 2017 03:22:23 GMT]
Last-Modified: [Sun, 25 Jun 2017 03:22:23 GMT]
Server: [nginx/1.10.2]
X-Cache: [TCP_MISS from a23-215-131-68.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (-)]
  • OCSP requests is smaller than 255 bytes
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • OCSP response is valid for at least 8 hours (Microsoft)
  • OCSP response is available at least 8 hours before the current period expires or at ½ the validity if valid for more than 16 hours (Microsoft)
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

GeoTrust DV SSL CA - G4 (CA Certificate)

Certificate details for GeoTrust DV SSL CA - G4 (At position 1 in certificate chain)
Serial number:
hex: 23a78
int: 146040
Issued by: GeoTrust Global CA
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: GeoTrust Inc.
Organization unit: Domain Validated SSL
Country: US
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

Certificate Revocation List (CRL)

This CRL was cached at
http://g.symcb.com/crls/gtglobal.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://g.symcb.com/crls/gtglobal.crl
Size: 665 bytes (DER data)
Response time: 28.708749ms
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 12

Relevant server response headers

Date:
Last Modified:

Server and network information

Server Software: Apache
Content Delivery Network (CDN): Akamai
Cache Information: TCP_MEM_HIT from a23-215-131-111.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (-)

Raw CRL response headers

Accept-Ranges: [bytes]
Content-Type: [application/pkix-crl]
Date: [Tue, 27 Jun 2017 02:10:19 GMT]
Etag: ["a42c482f90c2ce53466ecf223bc477d3:1498447818"]
Last-Modified: [Mon, 26 Jun 2017 03:30:18 GMT]
Server: [Apache]
Vary: [Accept-Encoding]
X-Cache: [TCP_MEM_HIT from a23-215-131-111.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (-)]
  • Content-Type in response is set to 'application/pkix-crl (RFC 5280, section 4.2.1.13)'
  • This CRL file is DER encoded
  • Issuer field is byte-for-byte equivalent with issuers subject
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is not the same as ThisUpdate (RFC 5019, section 6.2)
  • Expires cache header not set (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://g.symcd.com (POST)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://g.symcd.com (POST)
Size: 1377 bytes (DER data)
Response time: 48.642966ms
Signature algorithm: SHA1WithRSA
Signature type: CA Delegated
Signed by: GeoTrust Global CA TGV OCSP Responder 5
Issued by: GeoTrust Global CA
Signing certificate validity: 2016-12-08 - 2017-12-14
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 114h27m54s

Server and network information

Server Software: nginx/1.10.2
Content Delivery Network (CDN): Akamai
Cache Information: TCP_REFRESH_MISS from a23-215-131-86.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (S)

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkq
w0GRtsnCuD5V8sCXEROgByACAwI6eA==
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIFXQoBAKCCBVYwggVSBgkrBgEFBQcwAQEEggVDMIIFPzCBkaIWBBRW5FQnU+as
qXGB3YYiHprkenLEKhgPMjAxNzA2MjQyMDM4MTNaMGYwZDA8MAkGBSsOAwIaBQAE
FLG0OReQFreXeVAR8WC51KI82+3uBBQA+SrDQZG2ycK4PlXywJcRE6AHIAIDAjp4
gAAYDzIwMTcwNjI0MjAzODEzWqARGA8yMDE3MDcwMTIwMzgxM1owDQYJKoZIhvcN
AQEFBQADggEBAJMVRWJNua+si/bUOmF2jhb99wV5JvctWeNVmf68ua0880sNZCJE
URRuPm+iegkFhuRoofeFygXQ+Z83ZLLIzxD2RQYTcUdHG5z25gH3gZ8z6Ou6qF3m
I/IFhiNurZiA4Krc/fVeibG7U+4wcsdKJlX5luR+bDjwwZrxZXT3K3OdEBqwNdLf
PlJDt4nX+P1Pab/1O5NUP3QVr9ubecygRzB4ModJa3a/+DGN6fMxHHIuqmIgFOHu
rCpPl7iUWFuKjhIIYYFEX3eoHfZaTDcWAABF6keq8c8LOVBCLLRP08ZrdpGPTbaR
N1Q7/cgcKl2Ghcw+TTL/0j/EPns+I+THA+ugggOTMIIDjzCCA4swggJzoAMCAQIC
EAEAAI8cK5YV9Xm5GF4OwmcwDQYJKoZIhvcNAQELBQAwQjELMAkGA1UEBhMCVVMx
FjAUBgNVBAoTDUdlb1RydXN0IEluYy4xGzAZBgNVBAMTEkdlb1RydXN0IEdsb2Jh
bCBDQTAeFw0xNjEyMDgxMTI1MzVaFw0xNzEyMTQxMTI1MzVaMDIxMDAuBgNVBAMT
J0dlb1RydXN0IEdsb2JhbCBDQSBUR1YgT0NTUCBSZXNwb25kZXIgNTCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBAKbsx72ex4lTCJDy3iHAy47zLOB03z8E
ucSDZIQMjk1A5aZfqz0MU5HHLOsi76EQo6uYR2R2rl9jgQ1EMbe0TidFyTrhse63
rmEyzQusz7sEjnsvckT7K/9j6DLmlFB/6oEhAgwfCONYbrDOfQHBCtd7e+x6STm0
WeKCF4/QqS+C5ZTUEzsNjhcAqeAMZnWEoyyJ6OpCiF9vDblCGa9nlh3SwW+nxKTq
qqiMlz9ZXN8//IHrectIKszEXXlpvtr4wJAz0KrUDfENqEbKNouP0fv1Ueno5Z7t
ue3CnHtCF+QxOQXDS3rKrQJcesKMrFC9+M5frbQuLSGz9ee/xCfnWW0CAwEAAaOB
jDCBiTAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1luMrMTjAPBgkrBgEFBQcw
AQUEAgUAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA4GA1UdDwEB/wQEAwIHgDAMBgNV
HRMBAf8EAjAAMCIGA1UdEQQbMBmkFzAVMRMwEQYDVQQDEwpUR1YtT0ZGLTU3MA0G
CSqGSIb3DQEBCwUAA4IBAQAEbWTM2eKR1XlWe9ui17q87Hk6NYXKQGwj/ss1ue8Q
1cnoA2/Mo1gG1Q/8LHJ97vK5yw65afq8M5mPbxdl/57jZTUF1kDmgEgvUde3O+h2
ZLIHPx1q2W2WDLT2ltYvaHaNr0Hnkb8MCQ27Z728Fsn5+Ilh/bDoA+NHEqlcfycq
oGKksT60iqnogUz/WZNUbzzBQD6NlpomMZUTOcF3/5L3Fe1OKkF1nGXW2QTW/mLZ
5Eviy4ZQTzQ34koPA5qC1nsWQ1zOE57jR8IJMC+mYQdFb71gehA8O0lB7fL6Kysj
zycnBkNHgJ9LQDd67gQ30FxfmbAnHV1xxWakX8lXTvIf
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIDizCCAnOgAwIBAgIQAQAAjxwrlhX1ebkYXg7CZzANBgkqhkiG9w0BAQsFADBC
MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMS
R2VvVHJ1c3QgR2xvYmFsIENBMB4XDTE2MTIwODExMjUzNVoXDTE3MTIxNDExMjUz
NVowMjEwMC4GA1UEAxMnR2VvVHJ1c3QgR2xvYmFsIENBIFRHViBPQ1NQIFJlc3Bv
bmRlciA1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApuzHvZ7HiVMI
kPLeIcDLjvMs4HTfPwS5xINkhAyOTUDlpl+rPQxTkccs6yLvoRCjq5hHZHauX2OB
DUQxt7ROJ0XJOuGx7reuYTLNC6zPuwSOey9yRPsr/2PoMuaUUH/qgSECDB8I41hu
sM59AcEK13t77HpJObRZ4oIXj9CpL4LllNQTOw2OFwCp4AxmdYSjLIno6kKIX28N
uUIZr2eWHdLBb6fEpOqqqIyXP1lc3z/8get5y0gqzMRdeWm+2vjAkDPQqtQN8Q2o
Rso2i4/R+/VR6ejlnu257cKce0IX5DE5BcNLesqtAlx6woysUL34zl+ttC4tIbP1
57/EJ+dZbQIDAQABo4GMMIGJMB8GA1UdIwQYMBaAFMB6mGiNifurBWQMEX2qfWW4
ysxOMA8GCSsGAQUFBzABBQQCBQAwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDgYDVR0P
AQH/BAQDAgeAMAwGA1UdEwEB/wQCMAAwIgYDVR0RBBswGaQXMBUxEzARBgNVBAMT
ClRHVi1PRkYtNTcwDQYJKoZIhvcNAQELBQADggEBAARtZMzZ4pHVeVZ726LXurzs
eTo1hcpAbCP+yzW57xDVyegDb8yjWAbVD/wscn3u8rnLDrlp+rwzmY9vF2X/nuNl
NQXWQOaASC9R17c76HZksgc/HWrZbZYMtPaW1i9odo2vQeeRvwwJDbtnvbwWyfn4
iWH9sOgD40cSqVx/JyqgYqSxPrSKqeiBTP9Zk1RvPMFAPo2WmiYxlRM5wXf/kvcV
7U4qQXWcZdbZBNb+YtnkS+LLhlBPNDfiSg8DmoLWexZDXM4TnuNHwgkwL6ZhB0Vv
vWB6EDw7SUHt8vorKyPPJycGQ0eAn0tAN3ruBDfQXF+ZsCcdXXHFZqRfyVdO8h8=
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [max-age=412074, public, no-transform, must-revalidate]
Content-Length: [1377]
Content-Transfer-Encoding: [binary]
Content-Type: [application/ocsp-response]
Date: [Tue, 27 Jun 2017 02:10:19 GMT]
Expires: [Sat, 1 Jul 2017 20:38:13 GMT]
Last-Modified: [Sat, 24 Jun 2017 20:38:13 GMT]
Server: [nginx/1.10.2]
X-Cache: [TCP_REFRESH_MISS from a23-215-131-86.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (S)]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)
This OCSP response was cached at
http://g.symcd.com (GET)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://g.symcd.com (GET)
Size: 1377 bytes (DER data)
Response time: 72.695856ms
Signature algorithm: SHA1WithRSA
Signature type: CA Delegated
Signed by: GeoTrust Global CA TGV OCSP Responder 5
Issued by: GeoTrust Global CA
Signing certificate validity: 2016-12-08 - 2017-12-14
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 114h32m2s

Server and network information

Server Software: nginx/1.10.2
Content Delivery Network (CDN): Akamai
Cache Information: TCP_REFRESH_MISS from a23-215-131-86.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (S)

URL used for GET request

http://g.symcd.com/MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkqw0GRtsnCuD5V8sCXEROgByACAwI6eA%3D%3D

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkq
w0GRtsnCuD5V8sCXEROgByACAwI6eA==
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIFXQoBAKCCBVYwggVSBgkrBgEFBQcwAQEEggVDMIIFPzCBkaIWBBRW5FQnU+as
qXGB3YYiHprkenLEKhgPMjAxNzA2MjQyMDM4MTNaMGYwZDA8MAkGBSsOAwIaBQAE
FLG0OReQFreXeVAR8WC51KI82+3uBBQA+SrDQZG2ycK4PlXywJcRE6AHIAIDAjp4
gAAYDzIwMTcwNjI0MjAzODEzWqARGA8yMDE3MDcwMTIwMzgxM1owDQYJKoZIhvcN
AQEFBQADggEBAJMVRWJNua+si/bUOmF2jhb99wV5JvctWeNVmf68ua0880sNZCJE
URRuPm+iegkFhuRoofeFygXQ+Z83ZLLIzxD2RQYTcUdHG5z25gH3gZ8z6Ou6qF3m
I/IFhiNurZiA4Krc/fVeibG7U+4wcsdKJlX5luR+bDjwwZrxZXT3K3OdEBqwNdLf
PlJDt4nX+P1Pab/1O5NUP3QVr9ubecygRzB4ModJa3a/+DGN6fMxHHIuqmIgFOHu
rCpPl7iUWFuKjhIIYYFEX3eoHfZaTDcWAABF6keq8c8LOVBCLLRP08ZrdpGPTbaR
N1Q7/cgcKl2Ghcw+TTL/0j/EPns+I+THA+ugggOTMIIDjzCCA4swggJzoAMCAQIC
EAEAAI8cK5YV9Xm5GF4OwmcwDQYJKoZIhvcNAQELBQAwQjELMAkGA1UEBhMCVVMx
FjAUBgNVBAoTDUdlb1RydXN0IEluYy4xGzAZBgNVBAMTEkdlb1RydXN0IEdsb2Jh
bCBDQTAeFw0xNjEyMDgxMTI1MzVaFw0xNzEyMTQxMTI1MzVaMDIxMDAuBgNVBAMT
J0dlb1RydXN0IEdsb2JhbCBDQSBUR1YgT0NTUCBSZXNwb25kZXIgNTCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBAKbsx72ex4lTCJDy3iHAy47zLOB03z8E
ucSDZIQMjk1A5aZfqz0MU5HHLOsi76EQo6uYR2R2rl9jgQ1EMbe0TidFyTrhse63
rmEyzQusz7sEjnsvckT7K/9j6DLmlFB/6oEhAgwfCONYbrDOfQHBCtd7e+x6STm0
WeKCF4/QqS+C5ZTUEzsNjhcAqeAMZnWEoyyJ6OpCiF9vDblCGa9nlh3SwW+nxKTq
qqiMlz9ZXN8//IHrectIKszEXXlpvtr4wJAz0KrUDfENqEbKNouP0fv1Ueno5Z7t
ue3CnHtCF+QxOQXDS3rKrQJcesKMrFC9+M5frbQuLSGz9ee/xCfnWW0CAwEAAaOB
jDCBiTAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1luMrMTjAPBgkrBgEFBQcw
AQUEAgUAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA4GA1UdDwEB/wQEAwIHgDAMBgNV
HRMBAf8EAjAAMCIGA1UdEQQbMBmkFzAVMRMwEQYDVQQDEwpUR1YtT0ZGLTU3MA0G
CSqGSIb3DQEBCwUAA4IBAQAEbWTM2eKR1XlWe9ui17q87Hk6NYXKQGwj/ss1ue8Q
1cnoA2/Mo1gG1Q/8LHJ97vK5yw65afq8M5mPbxdl/57jZTUF1kDmgEgvUde3O+h2
ZLIHPx1q2W2WDLT2ltYvaHaNr0Hnkb8MCQ27Z728Fsn5+Ilh/bDoA+NHEqlcfycq
oGKksT60iqnogUz/WZNUbzzBQD6NlpomMZUTOcF3/5L3Fe1OKkF1nGXW2QTW/mLZ
5Eviy4ZQTzQ34koPA5qC1nsWQ1zOE57jR8IJMC+mYQdFb71gehA8O0lB7fL6Kysj
zycnBkNHgJ9LQDd67gQ30FxfmbAnHV1xxWakX8lXTvIf
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIDizCCAnOgAwIBAgIQAQAAjxwrlhX1ebkYXg7CZzANBgkqhkiG9w0BAQsFADBC
MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMS
R2VvVHJ1c3QgR2xvYmFsIENBMB4XDTE2MTIwODExMjUzNVoXDTE3MTIxNDExMjUz
NVowMjEwMC4GA1UEAxMnR2VvVHJ1c3QgR2xvYmFsIENBIFRHViBPQ1NQIFJlc3Bv
bmRlciA1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApuzHvZ7HiVMI
kPLeIcDLjvMs4HTfPwS5xINkhAyOTUDlpl+rPQxTkccs6yLvoRCjq5hHZHauX2OB
DUQxt7ROJ0XJOuGx7reuYTLNC6zPuwSOey9yRPsr/2PoMuaUUH/qgSECDB8I41hu
sM59AcEK13t77HpJObRZ4oIXj9CpL4LllNQTOw2OFwCp4AxmdYSjLIno6kKIX28N
uUIZr2eWHdLBb6fEpOqqqIyXP1lc3z/8get5y0gqzMRdeWm+2vjAkDPQqtQN8Q2o
Rso2i4/R+/VR6ejlnu257cKce0IX5DE5BcNLesqtAlx6woysUL34zl+ttC4tIbP1
57/EJ+dZbQIDAQABo4GMMIGJMB8GA1UdIwQYMBaAFMB6mGiNifurBWQMEX2qfWW4
ysxOMA8GCSsGAQUFBzABBQQCBQAwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDgYDVR0P
AQH/BAQDAgeAMAwGA1UdEwEB/wQCMAAwIgYDVR0RBBswGaQXMBUxEzARBgNVBAMT
ClRHVi1PRkYtNTcwDQYJKoZIhvcNAQELBQADggEBAARtZMzZ4pHVeVZ726LXurzs
eTo1hcpAbCP+yzW57xDVyegDb8yjWAbVD/wscn3u8rnLDrlp+rwzmY9vF2X/nuNl
NQXWQOaASC9R17c76HZksgc/HWrZbZYMtPaW1i9odo2vQeeRvwwJDbtnvbwWyfn4
iWH9sOgD40cSqVx/JyqgYqSxPrSKqeiBTP9Zk1RvPMFAPo2WmiYxlRM5wXf/kvcV
7U4qQXWcZdbZBNb+YtnkS+LLhlBPNDfiSg8DmoLWexZDXM4TnuNHwgkwL6ZhB0Vv
vWB6EDw7SUHt8vorKyPPJycGQ0eAn0tAN3ruBDfQXF+ZsCcdXXHFZqRfyVdO8h8=
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [max-age=412322, public, no-transform, must-revalidate]
Content-Length: [1377]
Content-Transfer-Encoding: [binary]
Content-Type: [application/ocsp-response]
Date: [Tue, 27 Jun 2017 02:10:19 GMT]
Expires: [Sat, 1 Jul 2017 20:38:13 GMT]
Last-Modified: [Sat, 24 Jun 2017 20:38:13 GMT]
Server: [nginx/1.10.2]
X-Cache: [TCP_REFRESH_MISS from a23-215-131-86.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (S)]
  • OCSP requests is smaller than 255 bytes
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header outlives NextUpdate with 4m8s
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

GeoTrust Global CA (CA Certificate)

Certificate details for GeoTrust Global CA (At position 2 in certificate chain)
Serial number:
hex: 23456
int: 144470
Issued by: GeoTrust Global CA
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: GeoTrust Inc.
Country: US
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

This is a self signed certificate

Check the revocation status for another website

Created by Paul van Brouwershaven
© 2015 - 2017 Digitorus B.V.
Revoked certificates can't and should not be trusted, these certificate will cause errors like "NET::ERR_CERT_REVOKED" in browsers.