CRL & OCSP report for reservations.grandtarghee.com (Grand Targhee Resort)

reservations.grandtarghee.com

Certificate details for reservations.grandtarghee.com (At position 0 in certificate chain)
Serial number:
hex: 3415ee5e1c9c86a20ee37ed14222ed69
int: 69233728684632610699017369918850133353
Issued by: VeriSign Class 3 Secure Server CA - G3
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: Grand Targhee Resort
Organization unit: IT
Organization unit: Terms of use at www.verisign.com/rpa (c)05
State / Province: Wyoming
Locality: Alta
Country: US
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

Check certificate compliance for reservations.grandtarghee.com.

Certificate Revocation List (CRL)

This CRL was cached at
http://SVRSecure-G3-crl.verisign.com/SVRSecureG3.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://SVRSecure-G3-crl.verisign.com/SVRSecureG3.crl
Size: 1040091 bytes (DER data)
Response time: 64.108804ms
This update:
Next update:
Revoked at:
Revoked certificates in CRL: 29704

Relevant server response headers

Date:
Last Modified:

Server and network information

Server Software: Apache
Content Delivery Network (CDN): Akamai
Cache Information: TCP_HIT from a23-215-131-61.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (-)

Raw CRL response headers

Accept-Ranges: [bytes]
Content-Type: [application/pkix-crl]
Date: [Tue, 27 Jun 2017 02:10:02 GMT]
Etag: ["f314952298c8589ddaae008e5f2a4d77:1498511443"]
Last-Modified: [Mon, 26 Jun 2017 21:10:43 GMT]
Server: [Apache]
Vary: [Accept-Encoding]
X-Cache: [TCP_HIT from a23-215-131-61.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (-)]
  • Content-Type in response is set to 'application/pkix-crl (RFC 5280, section 4.2.1.13)'
  • This CRL file is DER encoded
  • Issuer field is byte-for-byte equivalent with issuers subject
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than seven days old, CRLs must be updated and reissued at least every seven days (Mozilla Maintenance Policy section 3)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is not the same as ThisUpdate (RFC 5019, section 6.2)
  • Expires cache header not set (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://ocsp.verisign.com (POST)Revoked

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp.verisign.com (POST)
Size: 1754 bytes (DER data)
Response time: 26.236401ms
Signature algorithm: SHA1WithRSA
Signature type: CA Delegated
Signed by: VeriSign Class 3 Secure Server CA - G3 OCSP Responder
Issued by: VeriSign Class 3 Secure Server CA - G3
Signing certificate validity: 2017-06-02 - 2017-08-31
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Revoked

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 155h48m12s

Server and network information

Server Software: nginx/1.10.2
Content Delivery Network (CDN): Akamai
Cache Information: TCP_MISS from a23-215-131-108.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (-)

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFEwTzBNMEswSTAJBgUrDgMCGgUABBQMgSk4dLKWKRB+2DViUmQEUw3ggwQUDURc
FlNEwYJ+HSCrJfQBY9i+eaUCEDQV7l4cnIaiDuN+0UIi7Wk=
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIG1goBAKCCBs8wggbLBgkrBgEFBQcwAQEEgga8MIIGuDCBtqIWBBTBjuw7/woS
PypB0yB9KeXPlZFd4xgPMjAxNzA2MjYxMzU4MTRaMIGKMIGHMEkwCQYFKw4DAhoF
AAQUDIEpOHSylikQftg1YlJkBFMN4IMEFA1EXBZTRMGCfh0gqyX0AWPYvnmlAhA0
Fe5eHJyGog7jftFCIu1poRYYDzIwMTUwMTA2MDExMDExWqADCgEFGA8yMDE3MDYy
NjEzNTgxNFqgERgPMjAxNzA3MDMxMzU4MTRaMA0GCSqGSIb3DQEBBQUAA4IBAQCK
X8fch+VxvDy23Q/3IkpCWh2r0S1yxvCi/VFQkP3kY1toYW2pISRpl6E/EwI0DMtu
x7OXB3eyswNmo6J3Ul+9Mpr2VYC+HA4Mz3FVKdSz92f2vlQGfrYCVMc6hu1gLH87
U5BvPTX6ytIjqZ0RrH2UM+nUDSr4gEkSHunYKP3M/5IhMVCAZ41CV+R8ileiIxu7
Dv7luWAByAYMSMgf5FnvdggUfpa6vd+opdofvbCEEr9HtxJF7xGomBvWFa+ZgU4g
84Jp+gPMKqzKdTvi7DHcr6DcC29f7dk++X+0CP3eMmGrWXii4/Hdr+o3HzPMfNCY
RI5qIWQGAUBwfZrn3YQOoIIE5zCCBOMwggTfMIIDx6ADAgECAhBCk+b1xtl2f4SP
vB9uOGJ3MA0GCSqGSIb3DQEBCwUAMIG1MQswCQYDVQQGEwJVUzEXMBUGA1UEChMO
VmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsx
OzA5BgNVBAsTMlRlcm1zIG9mIHVzZSBhdCBodHRwczovL3d3dy52ZXJpc2lnbi5j
b20vcnBhIChjKTEwMS8wLQYDVQQDEyZWZXJpU2lnbiBDbGFzcyAzIFNlY3VyZSBT
ZXJ2ZXIgQ0EgLSBHMzAeFw0xNzA2MDIwMDAwMDBaFw0xNzA4MzEyMzU5NTlaMIGH
MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsT
FlZlcmlTaWduIFRydXN0IE5ldHdvcmsxPjA8BgNVBAMTNVZlcmlTaWduIENsYXNz
IDMgU2VjdXJlIFNlcnZlciBDQSAtIEczIE9DU1AgUmVzcG9uZGVyMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzzYV3jMiFmq1nr3/Gg5l7iseMIeFDr/t
Ii8VvOctFT7YqK5iKrKggPO1Th/xAQV/cKcv+INqkVvUZ0Q7VJ+OOslrSEg9Cx1u
lrRO7Fzac/tIoTLwcSvqS8wcNdLXHCkAG3J1QDhVPfdv5WBTqcr/dw0cDzf8Cke3
DEtM5Slbg7/SufbCAOKN3SOAENe09y+JFlgDIdKt6hsAa/mRM5jUZKHq5XbQ3tbn
U0H9Eh2NhCrFMsrFQ9eDtWGOlbyEdMTGtj3lODSnafp0RQMIddPO0/f7vkdPXdAh
lpQ7eULupB2KNgYWpF7CnaMXFmydFdFYJnrCJl3oSWfftz87j9BisQIDAQABo4IB
FTCCAREwCQYDVR0TBAIwADCBrAYDVR0gBIGkMIGhMIGeBgtghkgBhvhFAQcXAzCB
jjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL0NQUzBiBggr
BgEFBQcCAjBWMBUWDlZlcmlTaWduLCBJbmMuMAMCAQEaPVZlcmlTaWduJ3MgQ1BT
IGluY29ycC4gYnkgcmVmZXJlbmNlIGxpYWIuIGx0ZC4gKGMpOTcgVmVyaVNpZ24w
EwYDVR0lBAwwCgYIKwYBBQUHAwkwCwYDVR0PBAQDAgeAMA8GCSsGAQUFBzABBQQC
BQAwIgYDVR0RBBswGaQXMBUxEzARBgNVBAMTClRHVi1FLTE0ODgwDQYJKoZIhvcN
AQELBQADggEBABis7vLiHYJRlpuz6AJKFAHWC105XtqByTIJyyYPwVFGDt20AFzn
UY3hxFtXrZHIkHLD9ybmUtcHuTgAb1bjIZqchWEIUgOJeLzRWvvZm9XxBGhCM8vZ
vRYmYWpuLQr2QnKe+UF+AixlFkTKuYj6Y7AzW9tRayILy0x001bqNX0fBNOqauI+
ILaYiKf6rcT/xkT+vOeHlHGnCTDZWectNMZIiq7gwoSgTKzkw08zPt4+eQu9WFny
zQctNThfzq+7kQcNpPwdptARfZxNYG3Vd6eWU+IGPzaSFFaZlM5f6ddBnzavDhVC
kMAoM4Rp++1W20L/8WSGDLvaGWI8goEJuv4=
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIE3zCCA8egAwIBAgIQQpPm9cbZdn+Ej7wfbjhidzANBgkqhkiG9w0BAQsFADCB
tTELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug
YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykxMDEvMC0GA1UEAxMm
VmVyaVNpZ24gQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzMwHhcNMTcwNjAy
MDAwMDAwWhcNMTcwODMxMjM1OTU5WjCBhzELMAkGA1UEBhMCVVMxFzAVBgNVBAoT
DlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3Jr
MT4wPAYDVQQDEzVWZXJpU2lnbiBDbGFzcyAzIFNlY3VyZSBTZXJ2ZXIgQ0EgLSBH
MyBPQ1NQIFJlc3BvbmRlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AM82Fd4zIhZqtZ69/xoOZe4rHjCHhQ6/7SIvFbznLRU+2KiuYiqyoIDztU4f8QEF
f3CnL/iDapFb1GdEO1SfjjrJa0hIPQsdbpa0Tuxc2nP7SKEy8HEr6kvMHDXS1xwp
ABtydUA4VT33b+VgU6nK/3cNHA83/ApHtwxLTOUpW4O/0rn2wgDijd0jgBDXtPcv
iRZYAyHSreobAGv5kTOY1GSh6uV20N7W51NB/RIdjYQqxTLKxUPXg7VhjpW8hHTE
xrY95Tg0p2n6dEUDCHXTztP3+75HT13QIZaUO3lC7qQdijYGFqRewp2jFxZsnRXR
WCZ6wiZd6Eln37c/O4/QYrECAwEAAaOCARUwggERMAkGA1UdEwQCMAAwgawGA1Ud
IASBpDCBoTCBngYLYIZIAYb4RQEHFwMwgY4wKAYIKwYBBQUHAgEWHGh0dHBzOi8v
d3d3LnZlcmlzaWduLmNvbS9DUFMwYgYIKwYBBQUHAgIwVjAVFg5WZXJpU2lnbiwg
SW5jLjADAgEBGj1WZXJpU2lnbidzIENQUyBpbmNvcnAuIGJ5IHJlZmVyZW5jZSBs
aWFiLiBsdGQuIChjKTk3IFZlcmlTaWduMBMGA1UdJQQMMAoGCCsGAQUFBwMJMAsG
A1UdDwQEAwIHgDAPBgkrBgEFBQcwAQUEAgUAMCIGA1UdEQQbMBmkFzAVMRMwEQYD
VQQDEwpUR1YtRS0xNDg4MA0GCSqGSIb3DQEBCwUAA4IBAQAYrO7y4h2CUZabs+gC
ShQB1gtdOV7agckyCcsmD8FRRg7dtABc51GN4cRbV62RyJByw/cm5lLXB7k4AG9W
4yGanIVhCFIDiXi80Vr72ZvV8QRoQjPL2b0WJmFqbi0K9kJynvlBfgIsZRZEyrmI
+mOwM1vbUWsiC8tMdNNW6jV9HwTTqmriPiC2mIin+q3E/8ZE/rznh5Rxpwkw2Vnn
LTTGSIqu4MKEoEys5MNPMz7ePnkLvVhZ8s0HLTU4X86vu5EHDaT8HabQEX2cTWBt
1XenllPiBj82khRWmZTOX+nXQZ82rw4VQpDAKDOEafvtVttC//Fkhgy72hliPIKB
Cbr+
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [max-age=560892, public, no-transform, must-revalidate]
Content-Length: [1754]
Content-Transfer-Encoding: [binary]
Content-Type: [application/ocsp-response]
Date: [Tue, 27 Jun 2017 02:10:02 GMT]
Expires: [Mon, 3 Jul 2017 13:58:14 GMT]
Last-Modified: [Mon, 26 Jun 2017 13:58:14 GMT]
Server: [nginx/1.10.2]
X-Cache: [TCP_MISS from a23-215-131-108.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (-)]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • OCSP response is valid for at least 8 hours (Microsoft)
  • OCSP response is available at least 8 hours before the current period expires or at ½ the validity if valid for more than 16 hours (Microsoft)
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)
This OCSP response was cached at
http://ocsp.verisign.com (GET)Revoked

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp.verisign.com (GET)
Size: 1754 bytes (DER data)
Response time: 60.099206ms
Signature algorithm: SHA1WithRSA
Signature type: CA Delegated
Signed by: VeriSign Class 3 Secure Server CA - G3 OCSP Responder
Issued by: VeriSign Class 3 Secure Server CA - G3
Signing certificate validity: 2017-06-02 - 2017-08-31
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Revoked

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 155h48m12s

Server and network information

Server Software: nginx/1.10.2
Content Delivery Network (CDN): Akamai
Cache Information: TCP_MISS from a23-215-131-108.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (-)

URL used for GET request

http://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQMgSk4dLKWKRB%2B2DViUmQEUw3ggwQUDURcFlNEwYJ%2BHSCrJfQBY9i%2BeaUCEDQV7l4cnIaiDuN%2B0UIi7Wk%3D

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFEwTzBNMEswSTAJBgUrDgMCGgUABBQMgSk4dLKWKRB+2DViUmQEUw3ggwQUDURc
FlNEwYJ+HSCrJfQBY9i+eaUCEDQV7l4cnIaiDuN+0UIi7Wk=
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIG1goBAKCCBs8wggbLBgkrBgEFBQcwAQEEgga8MIIGuDCBtqIWBBTBjuw7/woS
PypB0yB9KeXPlZFd4xgPMjAxNzA2MjYxMzU4MTRaMIGKMIGHMEkwCQYFKw4DAhoF
AAQUDIEpOHSylikQftg1YlJkBFMN4IMEFA1EXBZTRMGCfh0gqyX0AWPYvnmlAhA0
Fe5eHJyGog7jftFCIu1poRYYDzIwMTUwMTA2MDExMDExWqADCgEFGA8yMDE3MDYy
NjEzNTgxNFqgERgPMjAxNzA3MDMxMzU4MTRaMA0GCSqGSIb3DQEBBQUAA4IBAQCK
X8fch+VxvDy23Q/3IkpCWh2r0S1yxvCi/VFQkP3kY1toYW2pISRpl6E/EwI0DMtu
x7OXB3eyswNmo6J3Ul+9Mpr2VYC+HA4Mz3FVKdSz92f2vlQGfrYCVMc6hu1gLH87
U5BvPTX6ytIjqZ0RrH2UM+nUDSr4gEkSHunYKP3M/5IhMVCAZ41CV+R8ileiIxu7
Dv7luWAByAYMSMgf5FnvdggUfpa6vd+opdofvbCEEr9HtxJF7xGomBvWFa+ZgU4g
84Jp+gPMKqzKdTvi7DHcr6DcC29f7dk++X+0CP3eMmGrWXii4/Hdr+o3HzPMfNCY
RI5qIWQGAUBwfZrn3YQOoIIE5zCCBOMwggTfMIIDx6ADAgECAhBCk+b1xtl2f4SP
vB9uOGJ3MA0GCSqGSIb3DQEBCwUAMIG1MQswCQYDVQQGEwJVUzEXMBUGA1UEChMO
VmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsx
OzA5BgNVBAsTMlRlcm1zIG9mIHVzZSBhdCBodHRwczovL3d3dy52ZXJpc2lnbi5j
b20vcnBhIChjKTEwMS8wLQYDVQQDEyZWZXJpU2lnbiBDbGFzcyAzIFNlY3VyZSBT
ZXJ2ZXIgQ0EgLSBHMzAeFw0xNzA2MDIwMDAwMDBaFw0xNzA4MzEyMzU5NTlaMIGH
MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsT
FlZlcmlTaWduIFRydXN0IE5ldHdvcmsxPjA8BgNVBAMTNVZlcmlTaWduIENsYXNz
IDMgU2VjdXJlIFNlcnZlciBDQSAtIEczIE9DU1AgUmVzcG9uZGVyMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzzYV3jMiFmq1nr3/Gg5l7iseMIeFDr/t
Ii8VvOctFT7YqK5iKrKggPO1Th/xAQV/cKcv+INqkVvUZ0Q7VJ+OOslrSEg9Cx1u
lrRO7Fzac/tIoTLwcSvqS8wcNdLXHCkAG3J1QDhVPfdv5WBTqcr/dw0cDzf8Cke3
DEtM5Slbg7/SufbCAOKN3SOAENe09y+JFlgDIdKt6hsAa/mRM5jUZKHq5XbQ3tbn
U0H9Eh2NhCrFMsrFQ9eDtWGOlbyEdMTGtj3lODSnafp0RQMIddPO0/f7vkdPXdAh
lpQ7eULupB2KNgYWpF7CnaMXFmydFdFYJnrCJl3oSWfftz87j9BisQIDAQABo4IB
FTCCAREwCQYDVR0TBAIwADCBrAYDVR0gBIGkMIGhMIGeBgtghkgBhvhFAQcXAzCB
jjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL0NQUzBiBggr
BgEFBQcCAjBWMBUWDlZlcmlTaWduLCBJbmMuMAMCAQEaPVZlcmlTaWduJ3MgQ1BT
IGluY29ycC4gYnkgcmVmZXJlbmNlIGxpYWIuIGx0ZC4gKGMpOTcgVmVyaVNpZ24w
EwYDVR0lBAwwCgYIKwYBBQUHAwkwCwYDVR0PBAQDAgeAMA8GCSsGAQUFBzABBQQC
BQAwIgYDVR0RBBswGaQXMBUxEzARBgNVBAMTClRHVi1FLTE0ODgwDQYJKoZIhvcN
AQELBQADggEBABis7vLiHYJRlpuz6AJKFAHWC105XtqByTIJyyYPwVFGDt20AFzn
UY3hxFtXrZHIkHLD9ybmUtcHuTgAb1bjIZqchWEIUgOJeLzRWvvZm9XxBGhCM8vZ
vRYmYWpuLQr2QnKe+UF+AixlFkTKuYj6Y7AzW9tRayILy0x001bqNX0fBNOqauI+
ILaYiKf6rcT/xkT+vOeHlHGnCTDZWectNMZIiq7gwoSgTKzkw08zPt4+eQu9WFny
zQctNThfzq+7kQcNpPwdptARfZxNYG3Vd6eWU+IGPzaSFFaZlM5f6ddBnzavDhVC
kMAoM4Rp++1W20L/8WSGDLvaGWI8goEJuv4=
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIE3zCCA8egAwIBAgIQQpPm9cbZdn+Ej7wfbjhidzANBgkqhkiG9w0BAQsFADCB
tTELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug
YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykxMDEvMC0GA1UEAxMm
VmVyaVNpZ24gQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzMwHhcNMTcwNjAy
MDAwMDAwWhcNMTcwODMxMjM1OTU5WjCBhzELMAkGA1UEBhMCVVMxFzAVBgNVBAoT
DlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3Jr
MT4wPAYDVQQDEzVWZXJpU2lnbiBDbGFzcyAzIFNlY3VyZSBTZXJ2ZXIgQ0EgLSBH
MyBPQ1NQIFJlc3BvbmRlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AM82Fd4zIhZqtZ69/xoOZe4rHjCHhQ6/7SIvFbznLRU+2KiuYiqyoIDztU4f8QEF
f3CnL/iDapFb1GdEO1SfjjrJa0hIPQsdbpa0Tuxc2nP7SKEy8HEr6kvMHDXS1xwp
ABtydUA4VT33b+VgU6nK/3cNHA83/ApHtwxLTOUpW4O/0rn2wgDijd0jgBDXtPcv
iRZYAyHSreobAGv5kTOY1GSh6uV20N7W51NB/RIdjYQqxTLKxUPXg7VhjpW8hHTE
xrY95Tg0p2n6dEUDCHXTztP3+75HT13QIZaUO3lC7qQdijYGFqRewp2jFxZsnRXR
WCZ6wiZd6Eln37c/O4/QYrECAwEAAaOCARUwggERMAkGA1UdEwQCMAAwgawGA1Ud
IASBpDCBoTCBngYLYIZIAYb4RQEHFwMwgY4wKAYIKwYBBQUHAgEWHGh0dHBzOi8v
d3d3LnZlcmlzaWduLmNvbS9DUFMwYgYIKwYBBQUHAgIwVjAVFg5WZXJpU2lnbiwg
SW5jLjADAgEBGj1WZXJpU2lnbidzIENQUyBpbmNvcnAuIGJ5IHJlZmVyZW5jZSBs
aWFiLiBsdGQuIChjKTk3IFZlcmlTaWduMBMGA1UdJQQMMAoGCCsGAQUFBwMJMAsG
A1UdDwQEAwIHgDAPBgkrBgEFBQcwAQUEAgUAMCIGA1UdEQQbMBmkFzAVMRMwEQYD
VQQDEwpUR1YtRS0xNDg4MA0GCSqGSIb3DQEBCwUAA4IBAQAYrO7y4h2CUZabs+gC
ShQB1gtdOV7agckyCcsmD8FRRg7dtABc51GN4cRbV62RyJByw/cm5lLXB7k4AG9W
4yGanIVhCFIDiXi80Vr72ZvV8QRoQjPL2b0WJmFqbi0K9kJynvlBfgIsZRZEyrmI
+mOwM1vbUWsiC8tMdNNW6jV9HwTTqmriPiC2mIin+q3E/8ZE/rznh5Rxpwkw2Vnn
LTTGSIqu4MKEoEys5MNPMz7ePnkLvVhZ8s0HLTU4X86vu5EHDaT8HabQEX2cTWBt
1XenllPiBj82khRWmZTOX+nXQZ82rw4VQpDAKDOEafvtVttC//Fkhgy72hliPIKB
Cbr+
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [max-age=560892, public, no-transform, must-revalidate]
Content-Length: [1754]
Content-Transfer-Encoding: [binary]
Content-Type: [application/ocsp-response]
Date: [Tue, 27 Jun 2017 02:10:02 GMT]
Expires: [Mon, 3 Jul 2017 13:58:14 GMT]
Last-Modified: [Mon, 26 Jun 2017 13:58:14 GMT]
Server: [nginx/1.10.2]
X-Cache: [TCP_MISS from a23-215-131-108.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (-)]
  • OCSP requests is smaller than 255 bytes
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • OCSP response is valid for at least 8 hours (Microsoft)
  • OCSP response is available at least 8 hours before the current period expires or at ½ the validity if valid for more than 16 hours (Microsoft)
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

VeriSign Class 3 Secure Server CA - G3 (CA Certificate)

Certificate details for VeriSign Class 3 Secure Server CA - G3 (At position 1 in certificate chain)
Serial number:
hex: 6ecc7aa5a7032009b8cebcf4e952d491
int: 147276795673788085925734830146256557201
Issued by: VeriSign Class 3 Public Primary Certification Authority - G5
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: VeriSign, Inc.
Organization unit: VeriSign Trust Network
Organization unit: Terms of use at https://www.verisign.com/rpa (c)10
Country: US
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

Certificate Revocation List (CRL)

This CRL was cached at
http://crl.verisign.com/pca3-g5.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://crl.verisign.com/pca3-g5.crl
Size: 571 bytes (DER data)
Response time: 14.21732ms
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 1

Relevant server response headers

Date:
Last Modified:

Server and network information

Server Software: Apache
Content Delivery Network (CDN): Akamai
Cache Information: TCP_MEM_HIT from a23-215-131-111.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (-)

Raw CRL response headers

Accept-Ranges: [bytes]
Content-Type: [application/pkix-crl]
Date: [Tue, 27 Jun 2017 02:10:02 GMT]
Etag: ["780c45f8cd93c167efbbaecd13f130d4:1498266187"]
Last-Modified: [Sat, 24 Jun 2017 00:54:07 GMT]
Server: [Apache]
Vary: [Accept-Encoding]
X-Cache: [TCP_MEM_HIT from a23-215-131-111.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (-)]
  • Content-Type in response is set to 'application/pkix-crl (RFC 5280, section 4.2.1.13)'
  • This CRL file is DER encoded
  • Issuer field is byte-for-byte equivalent with issuers subject
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is not the same as ThisUpdate (RFC 5019, section 6.2)
  • Expires cache header not set (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://ocsp.verisign.com (GET)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp.verisign.com (GET)
Size: 1763 bytes (DER data)
Response time: 9.576337ms
Signature algorithm: SHA1WithRSA
Signature type: CA Delegated
Signed by: Symantec Class 3 PCA - G5 OCSP Responder Certificate 5
Issued by: VeriSign Class 3 Public Primary Certification Authority - G5
Signing certificate validity: 2016-11-22 - 2017-12-14
Signing certificate algorithm: SHA1-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 88h26m2s

Server and network information

Server Software: nginx/1.10.2
Content Delivery Network (CDN): Akamai
Cache Information: TCP_MEM_HIT from a23-215-131-108.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (-)

URL used for GET request

http://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD%2BOyl%2B0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEG7MeqWnAyAJuM689OlS1JE%3D

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD+Oyl+0LhPg9JxyQm4gQUf9Nl
p8Ld7LvwMAnzQzn6Aq8zMTMCEG7MeqWnAyAJuM689OlS1JE=
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIG3woBAKCCBtgwggbUBgkrBgEFBQcwAQEEggbFMIIGwTCBnqIWBBSQV0mkqBQX
kkwRYz2FfxNyvss3WhgPMjAxNzA2MjMxODMzMDRaMHMwcTBJMAkGBSsOAwIaBQAE
FLnpsocChQP47KX7QuE+D0nHJCbiBBR/02Wnwt3su/AwCfNDOfoCrzMxMwIQbsx6
pacDIAm4zrz06VLUkYAAGA8yMDE3MDYyMzE4MzMwNFqgERgPMjAxNzA2MzAxODMz
MDRaMA0GCSqGSIb3DQEBBQUAA4IBAQA76C3qYXi6zEFr3sF+bwNihny0NTG4xKqI
lbOMYBSI8LE99EUbozTeNWUo8enp52jl/ufSOlbm0OP4OtX/IhwvazQG0sE/uf/R
gGi0UZFVZ4hfHS8GhKRtW1hG2lYSKWssO6JjwO/fB1Iu4pki82UBH//+BZUOjdVm
ohYDB935AgFoqpUhUFQAM2YzTj6ur+sopXTZ/PHFxY/aUVRm6hLkQSvKlOeQY/88
BJYEqWnrEHAWqR8Pk4+KoNemT3nHDrUV7cI4KGDW37/tT5tLtOd5tepW43u/LpHs
T9KwtkW+jCMbGBR51JjQQxgzQxOUGB7W3lnwQgl6QjRbiaXIvHXCoIIFCDCCBQQw
ggUAMIID6KADAgECAhBegKApA8bSjw2IPI2R/lTmMA0GCSqGSIb3DQEBBQUAMIHK
MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsT
FlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAyMDA2IFZlcmlT
aWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZl
cmlTaWduIENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRo
b3JpdHkgLSBHNTAeFw0xNjExMjIwMDAwMDBaFw0xNzEyMTQyMzU5NTlaMIGOMQsw
CQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAdBgNV
BAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxPzA9BgNVBAMTNlN5bWFudGVjIENs
YXNzIDMgUENBIC0gRzUgT0NTUCBSZXNwb25kZXIgQ2VydGlmaWNhdGUgNTCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKus48ejAx2d5OuOkBmO8gS4pszt
8W2iz3wKtJEX477WzDFyVVpOrWIQ1x0LhJWsdMUgZJP4Fu4InU+VFa5OWfdsUp0S
ayC8Ual6x2cENCgsuwaoUnCLNw2xBDBDAmqMKVoW5hb1/pq3lSt+4gYzv8iweNti
Gi0H2pqGwitTXjA8Nu2mGSH4KAPIMn0S0htUvmZYfZ0FhDbNjswoxumZMf696yPn
H0jCh3xguXl5FzxCrXqbcSQAhP0dgu11ES3U0Ev6IQ0LwsjfgnmJwTiz2y0tuvzW
zD/XLNNbvluii9g12GXvNL7JquIKRAqIdKQ7EZsX+SkKSvIR9gBcZlaa8kcCAwEA
AaOCARowggEWMAwGA1UdEwEB/wQCMAAwbAYDVR0gBGUwYzBhBgtghkgBhvhFAQcX
AzBSMCYGCCsGAQUFBwIBFhpodHRwOi8vd3d3LnN5bWF1dGguY29tL2NwczAoBggr
BgEFBQcCAjAcGhpodHRwOi8vd3d3LnN5bWF1dGguY29tL3JwYTATBgNVHSUEDDAK
BggrBgEFBQcDCTAOBgNVHQ8BAf8EBAMCB4AwDwYJKwYBBQUHMAEFBAIFADAiBgNV
HREEGzAZpBcwFTETMBEGA1UEAxMKVEdWLU9GRi01MDAdBgNVHQ4EFgQUkFdJpKgU
F5JMEWM9hX8Tcr7LN1owHwYDVR0jBBgwFoAUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMw
DQYJKoZIhvcNAQEFBQADggEBADx3TgsGZ9TU1FPRb8Ew9gv8YbDGqCoQxyspWLhU
tmnlJB20v08UjaCOOqm5R46EUt5q20++48jOhmO7M/SZKKPUoft5zE5LJjzgqlV4
QY8pAztecC5EEo0nfinPziS79FZacG/5is4Ogn25LwXaluQ11ZIe8NwTgySeLWKu
UV/cW2STVkrjczfg/i315quNHatQ49FUabhuCdEsmpDAX6MXWQgGr9TpX013D4Iv
TvC4Ybky6xFHj9eINHEkLzyrxrvmNhAgtn+m7fQ14H42X+NWDOBZ7a0UN2Bl46wP
KgTweDBW4KopH+VIYRwt8XjKjMiKkTMHxIU//xr1OCcvg+c=
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIQXoCgKQPG0o8NiDyNkf5U5jANBgkqhkiG9w0BAQUFADCB
yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp
U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW
ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0
aG9yaXR5IC0gRzUwHhcNMTYxMTIyMDAwMDAwWhcNMTcxMjE0MjM1OTU5WjCBjjEL
MAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYD
VQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMT8wPQYDVQQDEzZTeW1hbnRlYyBD
bGFzcyAzIFBDQSAtIEc1IE9DU1AgUmVzcG9uZGVyIENlcnRpZmljYXRlIDUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrrOPHowMdneTrjpAZjvIEuKbM
7fFtos98CrSRF+O+1swxclVaTq1iENcdC4SVrHTFIGST+BbuCJ1PlRWuTln3bFKd
EmsgvFGpesdnBDQoLLsGqFJwizcNsQQwQwJqjClaFuYW9f6at5UrfuIGM7/IsHjb
YhotB9qahsIrU14wPDbtphkh+CgDyDJ9EtIbVL5mWH2dBYQ2zY7MKMbpmTH+vesj
5x9Iwod8YLl5eRc8Qq16m3EkAIT9HYLtdREt1NBL+iENC8LI34J5icE4s9stLbr8
1sw/1yzTW75boovYNdhl7zS+yariCkQKiHSkOxGbF/kpCkryEfYAXGZWmvJHAgMB
AAGjggEaMIIBFjAMBgNVHRMBAf8EAjAAMGwGA1UdIARlMGMwYQYLYIZIAYb4RQEH
FwMwUjAmBggrBgEFBQcCARYaaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9jcHMwKAYI
KwYBBQUHAgIwHBoaaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9ycGEwEwYDVR0lBAww
CgYIKwYBBQUHAwkwDgYDVR0PAQH/BAQDAgeAMA8GCSsGAQUFBzABBQQCBQAwIgYD
VR0RBBswGaQXMBUxEzARBgNVBAMTClRHVi1PRkYtNTAwHQYDVR0OBBYEFJBXSaSo
FBeSTBFjPYV/E3K+yzdaMB8GA1UdIwQYMBaAFH/TZafC3ey78DAJ80M5+gKvMzEz
MA0GCSqGSIb3DQEBBQUAA4IBAQA8d04LBmfU1NRT0W/BMPYL/GGwxqgqEMcrKVi4
VLZp5SQdtL9PFI2gjjqpuUeOhFLeattPvuPIzoZjuzP0mSij1KH7ecxOSyY84KpV
eEGPKQM7XnAuRBKNJ34pz84ku/RWWnBv+YrODoJ9uS8F2pbkNdWSHvDcE4Mkni1i
rlFf3Ftkk1ZK43M34P4t9earjR2rUOPRVGm4bgnRLJqQwF+jF1kIBq/U6V9Ndw+C
L07wuGG5MusRR4/XiDRxJC88q8a75jYQILZ/pu30NeB+Nl/jVgzgWe2tFDdgZeOs
DyoE8HgwVuCqKR/lSGEcLfF4yozIipEzB8SFP/8a9TgnL4Pn
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [max-age=318362, public, no-transform, must-revalidate]
Content-Length: [1763]
Content-Transfer-Encoding: [binary]
Content-Type: [application/ocsp-response]
Date: [Tue, 27 Jun 2017 02:10:02 GMT]
Expires: [Fri, 30 Jun 2017 18:33:04 GMT]
Last-Modified: [Fri, 23 Jun 2017 18:33:04 GMT]
Server: [nginx/1.10.2]
X-Cache: [TCP_MEM_HIT from a23-215-131-108.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (-)]
  • OCSP requests is smaller than 255 bytes
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header outlives NextUpdate with 3m0s
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)
This OCSP response was cached at
http://ocsp.verisign.com (POST)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp.verisign.com (POST)
Size: 1763 bytes (DER data)
Response time: 22.37961ms
Signature algorithm: SHA1WithRSA
Signature type: CA Delegated
Signed by: Symantec Class 3 PCA - G5 OCSP Responder Certificate 5
Issued by: VeriSign Class 3 Public Primary Certification Authority - G5
Signing certificate validity: 2016-11-22 - 2017-12-14
Signing certificate algorithm: SHA1-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 88h23m2s

Server and network information

Server Software: nginx/1.10.2
Content Delivery Network (CDN): Akamai
Cache Information: TCP_REFRESH_MISS from a23-215-131-68.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (S)

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD+Oyl+0LhPg9JxyQm4gQUf9Nl
p8Ld7LvwMAnzQzn6Aq8zMTMCEG7MeqWnAyAJuM689OlS1JE=
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIG3woBAKCCBtgwggbUBgkrBgEFBQcwAQEEggbFMIIGwTCBnqIWBBSQV0mkqBQX
kkwRYz2FfxNyvss3WhgPMjAxNzA2MjMxODMzMDRaMHMwcTBJMAkGBSsOAwIaBQAE
FLnpsocChQP47KX7QuE+D0nHJCbiBBR/02Wnwt3su/AwCfNDOfoCrzMxMwIQbsx6
pacDIAm4zrz06VLUkYAAGA8yMDE3MDYyMzE4MzMwNFqgERgPMjAxNzA2MzAxODMz
MDRaMA0GCSqGSIb3DQEBBQUAA4IBAQA76C3qYXi6zEFr3sF+bwNihny0NTG4xKqI
lbOMYBSI8LE99EUbozTeNWUo8enp52jl/ufSOlbm0OP4OtX/IhwvazQG0sE/uf/R
gGi0UZFVZ4hfHS8GhKRtW1hG2lYSKWssO6JjwO/fB1Iu4pki82UBH//+BZUOjdVm
ohYDB935AgFoqpUhUFQAM2YzTj6ur+sopXTZ/PHFxY/aUVRm6hLkQSvKlOeQY/88
BJYEqWnrEHAWqR8Pk4+KoNemT3nHDrUV7cI4KGDW37/tT5tLtOd5tepW43u/LpHs
T9KwtkW+jCMbGBR51JjQQxgzQxOUGB7W3lnwQgl6QjRbiaXIvHXCoIIFCDCCBQQw
ggUAMIID6KADAgECAhBegKApA8bSjw2IPI2R/lTmMA0GCSqGSIb3DQEBBQUAMIHK
MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsT
FlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAyMDA2IFZlcmlT
aWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZl
cmlTaWduIENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRo
b3JpdHkgLSBHNTAeFw0xNjExMjIwMDAwMDBaFw0xNzEyMTQyMzU5NTlaMIGOMQsw
CQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAdBgNV
BAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxPzA9BgNVBAMTNlN5bWFudGVjIENs
YXNzIDMgUENBIC0gRzUgT0NTUCBSZXNwb25kZXIgQ2VydGlmaWNhdGUgNTCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKus48ejAx2d5OuOkBmO8gS4pszt
8W2iz3wKtJEX477WzDFyVVpOrWIQ1x0LhJWsdMUgZJP4Fu4InU+VFa5OWfdsUp0S
ayC8Ual6x2cENCgsuwaoUnCLNw2xBDBDAmqMKVoW5hb1/pq3lSt+4gYzv8iweNti
Gi0H2pqGwitTXjA8Nu2mGSH4KAPIMn0S0htUvmZYfZ0FhDbNjswoxumZMf696yPn
H0jCh3xguXl5FzxCrXqbcSQAhP0dgu11ES3U0Ev6IQ0LwsjfgnmJwTiz2y0tuvzW
zD/XLNNbvluii9g12GXvNL7JquIKRAqIdKQ7EZsX+SkKSvIR9gBcZlaa8kcCAwEA
AaOCARowggEWMAwGA1UdEwEB/wQCMAAwbAYDVR0gBGUwYzBhBgtghkgBhvhFAQcX
AzBSMCYGCCsGAQUFBwIBFhpodHRwOi8vd3d3LnN5bWF1dGguY29tL2NwczAoBggr
BgEFBQcCAjAcGhpodHRwOi8vd3d3LnN5bWF1dGguY29tL3JwYTATBgNVHSUEDDAK
BggrBgEFBQcDCTAOBgNVHQ8BAf8EBAMCB4AwDwYJKwYBBQUHMAEFBAIFADAiBgNV
HREEGzAZpBcwFTETMBEGA1UEAxMKVEdWLU9GRi01MDAdBgNVHQ4EFgQUkFdJpKgU
F5JMEWM9hX8Tcr7LN1owHwYDVR0jBBgwFoAUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMw
DQYJKoZIhvcNAQEFBQADggEBADx3TgsGZ9TU1FPRb8Ew9gv8YbDGqCoQxyspWLhU
tmnlJB20v08UjaCOOqm5R46EUt5q20++48jOhmO7M/SZKKPUoft5zE5LJjzgqlV4
QY8pAztecC5EEo0nfinPziS79FZacG/5is4Ogn25LwXaluQ11ZIe8NwTgySeLWKu
UV/cW2STVkrjczfg/i315quNHatQ49FUabhuCdEsmpDAX6MXWQgGr9TpX013D4Iv
TvC4Ybky6xFHj9eINHEkLzyrxrvmNhAgtn+m7fQ14H42X+NWDOBZ7a0UN2Bl46wP
KgTweDBW4KopH+VIYRwt8XjKjMiKkTMHxIU//xr1OCcvg+c=
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIQXoCgKQPG0o8NiDyNkf5U5jANBgkqhkiG9w0BAQUFADCB
yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp
U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW
ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0
aG9yaXR5IC0gRzUwHhcNMTYxMTIyMDAwMDAwWhcNMTcxMjE0MjM1OTU5WjCBjjEL
MAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYD
VQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMT8wPQYDVQQDEzZTeW1hbnRlYyBD
bGFzcyAzIFBDQSAtIEc1IE9DU1AgUmVzcG9uZGVyIENlcnRpZmljYXRlIDUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrrOPHowMdneTrjpAZjvIEuKbM
7fFtos98CrSRF+O+1swxclVaTq1iENcdC4SVrHTFIGST+BbuCJ1PlRWuTln3bFKd
EmsgvFGpesdnBDQoLLsGqFJwizcNsQQwQwJqjClaFuYW9f6at5UrfuIGM7/IsHjb
YhotB9qahsIrU14wPDbtphkh+CgDyDJ9EtIbVL5mWH2dBYQ2zY7MKMbpmTH+vesj
5x9Iwod8YLl5eRc8Qq16m3EkAIT9HYLtdREt1NBL+iENC8LI34J5icE4s9stLbr8
1sw/1yzTW75boovYNdhl7zS+yariCkQKiHSkOxGbF/kpCkryEfYAXGZWmvJHAgMB
AAGjggEaMIIBFjAMBgNVHRMBAf8EAjAAMGwGA1UdIARlMGMwYQYLYIZIAYb4RQEH
FwMwUjAmBggrBgEFBQcCARYaaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9jcHMwKAYI
KwYBBQUHAgIwHBoaaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9ycGEwEwYDVR0lBAww
CgYIKwYBBQUHAwkwDgYDVR0PAQH/BAQDAgeAMA8GCSsGAQUFBzABBQQCBQAwIgYD
VR0RBBswGaQXMBUxEzARBgNVBAMTClRHVi1PRkYtNTAwHQYDVR0OBBYEFJBXSaSo
FBeSTBFjPYV/E3K+yzdaMB8GA1UdIwQYMBaAFH/TZafC3ey78DAJ80M5+gKvMzEz
MA0GCSqGSIb3DQEBBQUAA4IBAQA8d04LBmfU1NRT0W/BMPYL/GGwxqgqEMcrKVi4
VLZp5SQdtL9PFI2gjjqpuUeOhFLeattPvuPIzoZjuzP0mSij1KH7ecxOSyY84KpV
eEGPKQM7XnAuRBKNJ34pz84ku/RWWnBv+YrODoJ9uS8F2pbkNdWSHvDcE4Mkni1i
rlFf3Ftkk1ZK43M34P4t9earjR2rUOPRVGm4bgnRLJqQwF+jF1kIBq/U6V9Ndw+C
L07wuGG5MusRR4/XiDRxJC88q8a75jYQILZ/pu30NeB+Nl/jVgzgWe2tFDdgZeOs
DyoE8HgwVuCqKR/lSGEcLfF4yozIipEzB8SFP/8a9TgnL4Pn
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [max-age=318182, public, no-transform, must-revalidate]
Content-Length: [1763]
Content-Transfer-Encoding: [binary]
Content-Type: [application/ocsp-response]
Date: [Tue, 27 Jun 2017 02:10:02 GMT]
Expires: [Fri, 30 Jun 2017 18:33:04 GMT]
Last-Modified: [Fri, 23 Jun 2017 18:33:04 GMT]
Server: [nginx/1.10.2]
X-Cache: [TCP_REFRESH_MISS from a23-215-131-68.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (S)]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

VeriSign Class 3 Public Primary Certification Authority - G5 (CA Certificate)

Certificate details for VeriSign Class 3 Public Primary Certification Authority - G5 (At position 2 in certificate chain)
Serial number:
hex: 18dad19e267de8bb4a2158cdcc6b3b4a
int: 33037644167568058970164719475676101450
Issued by: VeriSign Class 3 Public Primary Certification Authority - G5
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: VeriSign, Inc.
Organization unit: VeriSign Trust Network
Organization unit: (c) 2006 VeriSign, Inc. - For authorized use only
Country: US
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

This is a self signed certificate

Check the revocation status for another website

Created by Paul van Brouwershaven
© 2015 - 2017 Digitorus B.V.
Revoked certificates can't and should not be trusted, these certificate will cause errors like "NET::ERR_CERT_REVOKED" in browsers.