CRL & OCSP report for *.marcello-labs.de (Marcel Schmidt)

*.marcello-labs.de

Certificate details for *.marcello-labs.de (At position 0 in certificate chain)
Serial number:
hex: 6772e67c8f224
int: 1819891053687332
Issued by: StartCom Class 2 Primary Intermediate Server CA
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: Marcel Schmidt
State / Province: Sachsen-Anhalt
Locality: Güterglück
Country: DE
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

Check certificate compliance for *.marcello-labs.de.

Certificate Revocation List (CRL)

This CRL was cached at
http://crl.startssl.com/crt2-crl.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://crl.startssl.com/crt2-crl.crl
Size: 60027 bytes (DER data)
Response time: 123.665633ms
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 2543

Relevant server response headers

Date:
Last Modified:

Server and network information

Server Software: nginx/1.0.12
Content Delivery Network (CDN): Akamai
Cache Information: TCP_HIT from a23-219-93-206.deploy.akamaitechnologies.com (AkamaiGHost/8.3.2-19674918) (-)

Raw CRL response headers

Accept-Ranges: [bytes]
Content-Length: [81335]
Content-Type: [application/pkix-crl]
Date: [Sat, 29 Apr 2017 21:19:43 GMT]
Last-Modified: [Sat, 29 Apr 2017 16:46:30 GMT]
Server: [nginx/1.0.12]
X-Cache: [TCP_HIT from a23-219-93-206.deploy.akamaitechnologies.com (AkamaiGHost/8.3.2-19674918) (-)]
  • Content-Type in response is set to 'application/pkix-crl (RFC 5280, section 4.2.1.13)'
  • This CRL should be in DER format but is PEM encoded
  • Issuer field is byte-for-byte equivalent with issuers subject
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than seven days old, CRLs must be updated and reissued at least every seven days (Mozilla Maintenance Policy section 3)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is not the same as ThisUpdate (RFC 5019, section 6.2)
  • Expires cache header not set (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://ocsp.startssl.com/sub/class2/server/ca (GET)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp.startssl.com/sub/class2/server/ca (GET)
Size: 1897 bytes (DER data)
Response time: 292.692643ms
Signature algorithm: SHA256WithRSA
Signature type: CA Deligated
Signed by: StartCom Class 2 Primary Intermediate Server CA OCSP Responder
Issued by: StartCom Class 2 Primary Intermediate Server CA
Signing certificate validity: 2017-03-03 - 2017-06-21
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: nginx/1.7.2
Content Delivery Network (CDN): Akamai
Cache Information: TCP_MISS from a23-219-93-206.deploy.akamaitechnologies.com (AkamaiGHost/8.3.2-19674918) (-)

URL used for GET request

http:/sub/class2/server/ca/MEgwRjBEMEIwQDAJBgUrDgMCGgUABBS5stVtsCGzbkL2JyRYBsSpppea6wQUEdsjRf1UzGpxb4SKA9e%2B9wEvJoYCBwZ3LmfI8iQ%3D

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MEgwRjBEMEIwQDAJBgUrDgMCGgUABBS5stVtsCGzbkL2JyRYBsSpppea6wQUEdsj
Rf1UzGpxb4SKA9e+9wEvJoYCBwZ3LmfI8iQ=
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIHZQoBAKCCB14wggdaBgkrBgEFBQcwAQEEggdLMIIHRzCCAR6hgZ4wgZsxCzAJ
BgNVBAYTAklMMRYwFAYDVQQKDA1TdGFydENvbSBMdGQuMSswKQYDVQQLDCJTZWN1
cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMUcwRQYDVQQDDD5TdGFydENv
bSBDbGFzcyAyIFByaW1hcnkgSW50ZXJtZWRpYXRlIFNlcnZlciBDQSBPQ1NQIFJl
c3BvbmRlchgPMjAxNzA0MjkyMDEyMjJaMGowaDBAMAkGBSsOAwIaBQAEFLmy1W2w
IbNuQvYnJFgGxKmml5rrBBQR2yNF/VTManFvhIoD1773AS8mhgIHBncuZ8jyJIAA
GA8yMDE3MDQyOTIwMTIyMlqgERgPMjAxNzA1MDMyMDIyMjJaMA0GCSqGSIb3DQEB
CwUAA4IBAQA7K7o9rLdWXh7PrU3fw61O/V5a8kMlv8mNbwGF6N3t05lQOdUx1XwW
sp5BWq6b+SaQAe2ZmbOv488ngrNg14JrvgSOPeweDBIanr4ItAp507XyVfZ8xqvn
VVEKa3vETHRU+Op3KYvMUUhKVw/j8aoI0lvUAHTVMtKhQLNsKKZXBTo3Ja6/7pfT
tvEA//SK0A7nV5ijsWAZ/hKbV3tC1UB4PDyVunZ3paHi0Lq8QrHoa7eTxwALYZ0r
uH+hKIIcS08zjvMgvg5oMnftA0RoHYCNBbIjVabOE464sVYhJvn6U5NrEeFEaK+D
S7iWuND4/ny/AotFF7GcAciR9F2TKxSpoIIFDTCCBQkwggUFMIID7aADAgECAhBi
UrM+4E8/J08lmWbWZoEFMA0GCSqGSIb3DQEBCwUAMIGMMQswCQYDVQQGEwJJTDEW
MBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwg
Q2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMvU3RhcnRDb20gQ2xhc3MgMiBQ
cmltYXJ5IEludGVybWVkaWF0ZSBTZXJ2ZXIgQ0EwHhcNMTcwMzAzMDE0NDM5WhcN
MTcwNjIxMDE0NDM5WjCBmzELMAkGA1UEBhMCSUwxFjAUBgNVBAoMDVN0YXJ0Q29t
IEx0ZC4xKzApBgNVBAsMIlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25p
bmcxRzBFBgNVBAMMPlN0YXJ0Q29tIENsYXNzIDIgUHJpbWFyeSBJbnRlcm1lZGlh
dGUgU2VydmVyIENBIE9DU1AgUmVzcG9uZGVyMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEArCXe7D1I3cEfSIb7t+ljAUuL4VmIPmg0Xv3AYRz2GWn6ZekF
9gwRqJ8Etg5SCHjL1ryAKqjbVHSPZAkFWotq/M9WP2wd3g+JK+2I5GfC1bS83S/F
KEHLbhF5ypXoLIpkUfrEZu89Wys245FfoLiIHCWcvZazbCz2TMDYTiEADMLhndJB
uy7XDcTqY/CUjIJUj47Xzkh2oajj0rze0iPKf58uUHydaM2lwWJRPYR0tRNpvMXr
gZpinb8e8o5yiyOLJzd4rQqHOyy/Bb/k7Ri6BVlHl4/tsOJzbXcHcuEsk1MVIj9Q
4c8SxaGPS9IZTG2mMv3sGXQz8Vty9AgSwnnTbwIDAQABo4IBUDCCAUwwDgYDVR0P
AQH/BAQDAgOoMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA8GCSsGAQUFBzABBQQCBQAw
DAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUzwTuedkNupSaica2QQ7FPAqOk4IwHwYD
VR0jBBgwFoAUEdsjRf1UzGpxb4SKA9e+9wEvJoYwgY4GCCsGAQUFBwEBBIGBMH8w
OQYIKwYBBQUHMAGGLWh0dHA6Ly9vY3NwLnN0YXJ0c3NsLmNvbS9zdWIvY2xhc3My
L3NlcnZlci9jYTBCBggrBgEFBQcwAoY2aHR0cDovL2FpYS5zdGFydHNzbC5jb20v
Y2VydHMvc3ViLmNsYXNzMi5zZXJ2ZXIuY2EuY3J0MDUGA1UdHwQuMCwwKqAooCaG
JGh0dHA6Ly9jcmwuc3RhcnRzc2wuY29tL2NydDItY3JsLmNybDANBgkqhkiG9w0B
AQsFAAOCAQEAVGzxWCRsHhGZkv8dC44Ic8VsYchDtJ7DbUoB9SXonI3oLIO27VMw
gfnFULiFgAFL+mItjweljuGBSNhNhDaZFJxwf1CZpROasmQqk1rXRiita4d/Cqhr
WO9GKH+XowPxjC4d+fVObh9SsN5xaiBzaOuEzjkUSdiPMOjcJqb7ya1d7y68l2ku
UKqeQWFHBXFcNF9/xJTsOk4unWPtg46CDfQMusjDW4UoTPm5Ztocjz9NmwxI0bq1
0VKfUQ/ZaBqM1DqzABRr8+xWtQxzIzFHWU/IHz5tOH0ncj5/jOzgY4RrHwmmc33P
vJR8U9yMFnO/dN5nd/K1vAug9Z5xKsZLow==
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIQYlKzPuBPPydPJZlm1maBBTANBgkqhkiG9w0BAQsFADCB
jDELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsT
IlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxODA2BgNVBAMTL1N0
YXJ0Q29tIENsYXNzIDIgUHJpbWFyeSBJbnRlcm1lZGlhdGUgU2VydmVyIENBMB4X
DTE3MDMwMzAxNDQzOVoXDTE3MDYyMTAxNDQzOVowgZsxCzAJBgNVBAYTAklMMRYw
FAYDVQQKDA1TdGFydENvbSBMdGQuMSswKQYDVQQLDCJTZWN1cmUgRGlnaXRhbCBD
ZXJ0aWZpY2F0ZSBTaWduaW5nMUcwRQYDVQQDDD5TdGFydENvbSBDbGFzcyAyIFBy
aW1hcnkgSW50ZXJtZWRpYXRlIFNlcnZlciBDQSBPQ1NQIFJlc3BvbmRlcjCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKwl3uw9SN3BH0iG+7fpYwFLi+FZ
iD5oNF79wGEc9hlp+mXpBfYMEaifBLYOUgh4y9a8gCqo21R0j2QJBVqLavzPVj9s
Hd4PiSvtiORnwtW0vN0vxShBy24RecqV6CyKZFH6xGbvPVsrNuORX6C4iBwlnL2W
s2ws9kzA2E4hAAzC4Z3SQbsu1w3E6mPwlIyCVI+O185IdqGo49K83tIjyn+fLlB8
nWjNpcFiUT2EdLUTabzF64GaYp2/HvKOcosjiyc3eK0KhzssvwW/5O0YugVZR5eP
7bDic213B3LhLJNTFSI/UOHPEsWhj0vSGUxtpjL97Bl0M/FbcvQIEsJ5028CAwEA
AaOCAVAwggFMMA4GA1UdDwEB/wQEAwIDqDATBgNVHSUEDDAKBggrBgEFBQcDCTAP
BgkrBgEFBQcwAQUEAgUAMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFM8E7nnZDbqU
monGtkEOxTwKjpOCMB8GA1UdIwQYMBaAFBHbI0X9VMxqcW+EigPXvvcBLyaGMIGO
BggrBgEFBQcBAQSBgTB/MDkGCCsGAQUFBzABhi1odHRwOi8vb2NzcC5zdGFydHNz
bC5jb20vc3ViL2NsYXNzMi9zZXJ2ZXIvY2EwQgYIKwYBBQUHMAKGNmh0dHA6Ly9h
aWEuc3RhcnRzc2wuY29tL2NlcnRzL3N1Yi5jbGFzczIuc2VydmVyLmNhLmNydDA1
BgNVHR8ELjAsMCqgKKAmhiRodHRwOi8vY3JsLnN0YXJ0c3NsLmNvbS9jcnQyLWNy
bC5jcmwwDQYJKoZIhvcNAQELBQADggEBAFRs8VgkbB4RmZL/HQuOCHPFbGHIQ7Se
w21KAfUl6JyN6CyDtu1TMIH5xVC4hYABS/piLY8HpY7hgUjYTYQ2mRSccH9QmaUT
mrJkKpNa10YorWuHfwqoa1jvRih/l6MD8YwuHfn1Tm4fUrDecWogc2jrhM45FEnY
jzDo3Cam+8mtXe8uvJdpLlCqnkFhRwVxXDRff8SU7DpOLp1j7YOOgg30DLrIw1uF
KEz5uWbaHI8/TZsMSNG6tdFSn1EP2WgajNQ6swAUa/PsVrUMcyMxR1lPyB8+bTh9
J3I+f4zs4GOEax8JpnN9z7yUfFPcjBZzv3TeZ3fytbwLoPWecSrGS6M=
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [max-age=0, no-cache, no-store]
Content-Length: [1897]
Content-Transfer-Encoding: [Binary]
Content-Type: [application/ocsp-response]
Date: [Sat, 29 Apr 2017 21:19:43 GMT]
Etag: ["6F9F14ED34DE96E1C04945AA1D60D4FD2B4A3AF1"]
Expires: [Sat, 29 Apr 2017 21:19:43 GMT]
Last-Modified: [Sat, 29 Apr 2017 20:12:22 GMT]
Pragma: [no-cache]
Server: [nginx/1.7.2]
X-Cache: [TCP_MISS from a23-219-93-206.deploy.akamaitechnologies.com (AkamaiGHost/8.3.2-19674918) (-)]
  • OCSP requests is smaller than 255 bytes
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • OCSP response is valid for at least 8 hours (Microsoft)
  • OCSP response is available at least 8 hours before the current period expires or at ½ the validity if valid for more than 16 hours (Microsoft)
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is not the same as the NextUpdate field (RFC 5019 section 6.2)
This OCSP response was cached at
http://ocsp.startssl.com/sub/class2/server/ca (POST)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp.startssl.com/sub/class2/server/ca (POST)
Size: 1897 bytes (DER data)
Response time: 292.301246ms
Signature algorithm: SHA256WithRSA
Signature type: CA Deligated
Signed by: StartCom Class 2 Primary Intermediate Server CA OCSP Responder
Issued by: StartCom Class 2 Primary Intermediate Server CA
Signing certificate validity: 2017-03-03 - 2017-06-21
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: nginx/1.7.2
Content Delivery Network (CDN): Akamai
Cache Information: TCP_MISS from a23-219-93-206.deploy.akamaitechnologies.com (AkamaiGHost/8.3.2-19674918) (-)

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MEgwRjBEMEIwQDAJBgUrDgMCGgUABBS5stVtsCGzbkL2JyRYBsSpppea6wQUEdsj
Rf1UzGpxb4SKA9e+9wEvJoYCBwZ3LmfI8iQ=
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIHZQoBAKCCB14wggdaBgkrBgEFBQcwAQEEggdLMIIHRzCCAR6hgZ4wgZsxCzAJ
BgNVBAYTAklMMRYwFAYDVQQKDA1TdGFydENvbSBMdGQuMSswKQYDVQQLDCJTZWN1
cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMUcwRQYDVQQDDD5TdGFydENv
bSBDbGFzcyAyIFByaW1hcnkgSW50ZXJtZWRpYXRlIFNlcnZlciBDQSBPQ1NQIFJl
c3BvbmRlchgPMjAxNzA0MjkyMDEyMjJaMGowaDBAMAkGBSsOAwIaBQAEFLmy1W2w
IbNuQvYnJFgGxKmml5rrBBQR2yNF/VTManFvhIoD1773AS8mhgIHBncuZ8jyJIAA
GA8yMDE3MDQyOTIwMTIyMlqgERgPMjAxNzA1MDMyMDIyMjJaMA0GCSqGSIb3DQEB
CwUAA4IBAQA7K7o9rLdWXh7PrU3fw61O/V5a8kMlv8mNbwGF6N3t05lQOdUx1XwW
sp5BWq6b+SaQAe2ZmbOv488ngrNg14JrvgSOPeweDBIanr4ItAp507XyVfZ8xqvn
VVEKa3vETHRU+Op3KYvMUUhKVw/j8aoI0lvUAHTVMtKhQLNsKKZXBTo3Ja6/7pfT
tvEA//SK0A7nV5ijsWAZ/hKbV3tC1UB4PDyVunZ3paHi0Lq8QrHoa7eTxwALYZ0r
uH+hKIIcS08zjvMgvg5oMnftA0RoHYCNBbIjVabOE464sVYhJvn6U5NrEeFEaK+D
S7iWuND4/ny/AotFF7GcAciR9F2TKxSpoIIFDTCCBQkwggUFMIID7aADAgECAhBi
UrM+4E8/J08lmWbWZoEFMA0GCSqGSIb3DQEBCwUAMIGMMQswCQYDVQQGEwJJTDEW
MBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwg
Q2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMvU3RhcnRDb20gQ2xhc3MgMiBQ
cmltYXJ5IEludGVybWVkaWF0ZSBTZXJ2ZXIgQ0EwHhcNMTcwMzAzMDE0NDM5WhcN
MTcwNjIxMDE0NDM5WjCBmzELMAkGA1UEBhMCSUwxFjAUBgNVBAoMDVN0YXJ0Q29t
IEx0ZC4xKzApBgNVBAsMIlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25p
bmcxRzBFBgNVBAMMPlN0YXJ0Q29tIENsYXNzIDIgUHJpbWFyeSBJbnRlcm1lZGlh
dGUgU2VydmVyIENBIE9DU1AgUmVzcG9uZGVyMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEArCXe7D1I3cEfSIb7t+ljAUuL4VmIPmg0Xv3AYRz2GWn6ZekF
9gwRqJ8Etg5SCHjL1ryAKqjbVHSPZAkFWotq/M9WP2wd3g+JK+2I5GfC1bS83S/F
KEHLbhF5ypXoLIpkUfrEZu89Wys245FfoLiIHCWcvZazbCz2TMDYTiEADMLhndJB
uy7XDcTqY/CUjIJUj47Xzkh2oajj0rze0iPKf58uUHydaM2lwWJRPYR0tRNpvMXr
gZpinb8e8o5yiyOLJzd4rQqHOyy/Bb/k7Ri6BVlHl4/tsOJzbXcHcuEsk1MVIj9Q
4c8SxaGPS9IZTG2mMv3sGXQz8Vty9AgSwnnTbwIDAQABo4IBUDCCAUwwDgYDVR0P
AQH/BAQDAgOoMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA8GCSsGAQUFBzABBQQCBQAw
DAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUzwTuedkNupSaica2QQ7FPAqOk4IwHwYD
VR0jBBgwFoAUEdsjRf1UzGpxb4SKA9e+9wEvJoYwgY4GCCsGAQUFBwEBBIGBMH8w
OQYIKwYBBQUHMAGGLWh0dHA6Ly9vY3NwLnN0YXJ0c3NsLmNvbS9zdWIvY2xhc3My
L3NlcnZlci9jYTBCBggrBgEFBQcwAoY2aHR0cDovL2FpYS5zdGFydHNzbC5jb20v
Y2VydHMvc3ViLmNsYXNzMi5zZXJ2ZXIuY2EuY3J0MDUGA1UdHwQuMCwwKqAooCaG
JGh0dHA6Ly9jcmwuc3RhcnRzc2wuY29tL2NydDItY3JsLmNybDANBgkqhkiG9w0B
AQsFAAOCAQEAVGzxWCRsHhGZkv8dC44Ic8VsYchDtJ7DbUoB9SXonI3oLIO27VMw
gfnFULiFgAFL+mItjweljuGBSNhNhDaZFJxwf1CZpROasmQqk1rXRiita4d/Cqhr
WO9GKH+XowPxjC4d+fVObh9SsN5xaiBzaOuEzjkUSdiPMOjcJqb7ya1d7y68l2ku
UKqeQWFHBXFcNF9/xJTsOk4unWPtg46CDfQMusjDW4UoTPm5Ztocjz9NmwxI0bq1
0VKfUQ/ZaBqM1DqzABRr8+xWtQxzIzFHWU/IHz5tOH0ncj5/jOzgY4RrHwmmc33P
vJR8U9yMFnO/dN5nd/K1vAug9Z5xKsZLow==
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIQYlKzPuBPPydPJZlm1maBBTANBgkqhkiG9w0BAQsFADCB
jDELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsT
IlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxODA2BgNVBAMTL1N0
YXJ0Q29tIENsYXNzIDIgUHJpbWFyeSBJbnRlcm1lZGlhdGUgU2VydmVyIENBMB4X
DTE3MDMwMzAxNDQzOVoXDTE3MDYyMTAxNDQzOVowgZsxCzAJBgNVBAYTAklMMRYw
FAYDVQQKDA1TdGFydENvbSBMdGQuMSswKQYDVQQLDCJTZWN1cmUgRGlnaXRhbCBD
ZXJ0aWZpY2F0ZSBTaWduaW5nMUcwRQYDVQQDDD5TdGFydENvbSBDbGFzcyAyIFBy
aW1hcnkgSW50ZXJtZWRpYXRlIFNlcnZlciBDQSBPQ1NQIFJlc3BvbmRlcjCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKwl3uw9SN3BH0iG+7fpYwFLi+FZ
iD5oNF79wGEc9hlp+mXpBfYMEaifBLYOUgh4y9a8gCqo21R0j2QJBVqLavzPVj9s
Hd4PiSvtiORnwtW0vN0vxShBy24RecqV6CyKZFH6xGbvPVsrNuORX6C4iBwlnL2W
s2ws9kzA2E4hAAzC4Z3SQbsu1w3E6mPwlIyCVI+O185IdqGo49K83tIjyn+fLlB8
nWjNpcFiUT2EdLUTabzF64GaYp2/HvKOcosjiyc3eK0KhzssvwW/5O0YugVZR5eP
7bDic213B3LhLJNTFSI/UOHPEsWhj0vSGUxtpjL97Bl0M/FbcvQIEsJ5028CAwEA
AaOCAVAwggFMMA4GA1UdDwEB/wQEAwIDqDATBgNVHSUEDDAKBggrBgEFBQcDCTAP
BgkrBgEFBQcwAQUEAgUAMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFM8E7nnZDbqU
monGtkEOxTwKjpOCMB8GA1UdIwQYMBaAFBHbI0X9VMxqcW+EigPXvvcBLyaGMIGO
BggrBgEFBQcBAQSBgTB/MDkGCCsGAQUFBzABhi1odHRwOi8vb2NzcC5zdGFydHNz
bC5jb20vc3ViL2NsYXNzMi9zZXJ2ZXIvY2EwQgYIKwYBBQUHMAKGNmh0dHA6Ly9h
aWEuc3RhcnRzc2wuY29tL2NlcnRzL3N1Yi5jbGFzczIuc2VydmVyLmNhLmNydDA1
BgNVHR8ELjAsMCqgKKAmhiRodHRwOi8vY3JsLnN0YXJ0c3NsLmNvbS9jcnQyLWNy
bC5jcmwwDQYJKoZIhvcNAQELBQADggEBAFRs8VgkbB4RmZL/HQuOCHPFbGHIQ7Se
w21KAfUl6JyN6CyDtu1TMIH5xVC4hYABS/piLY8HpY7hgUjYTYQ2mRSccH9QmaUT
mrJkKpNa10YorWuHfwqoa1jvRih/l6MD8YwuHfn1Tm4fUrDecWogc2jrhM45FEnY
jzDo3Cam+8mtXe8uvJdpLlCqnkFhRwVxXDRff8SU7DpOLp1j7YOOgg30DLrIw1uF
KEz5uWbaHI8/TZsMSNG6tdFSn1EP2WgajNQ6swAUa/PsVrUMcyMxR1lPyB8+bTh9
J3I+f4zs4GOEax8JpnN9z7yUfFPcjBZzv3TeZ3fytbwLoPWecSrGS6M=
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [max-age=0, no-cache, no-store]
Content-Length: [1897]
Content-Transfer-Encoding: [Binary]
Content-Type: [application/ocsp-response]
Date: [Sat, 29 Apr 2017 21:19:43 GMT]
Etag: ["6F9F14ED34DE96E1C04945AA1D60D4FD2B4A3AF1"]
Expires: [Sat, 29 Apr 2017 21:19:43 GMT]
Last-Modified: [Sat, 29 Apr 2017 20:12:22 GMT]
Pragma: [no-cache]
Server: [nginx/1.7.2]
X-Cache: [TCP_MISS from a23-219-93-206.deploy.akamaitechnologies.com (AkamaiGHost/8.3.2-19674918) (-)]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • OCSP response is valid for at least 8 hours (Microsoft)
  • OCSP response is available at least 8 hours before the current period expires or at ½ the validity if valid for more than 16 hours (Microsoft)
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is not the same as the NextUpdate field (RFC 5019 section 6.2)

StartCom Class 2 Primary Intermediate Server CA (CA Certificate)

Certificate details for StartCom Class 2 Primary Intermediate Server CA (At position 1 in certificate chain)
Serial number:
hex: 1cab36472d9c51
int: 8069548958653521
Issued by: StartCom Certification Authority
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: StartCom Ltd.
Organization unit: Secure Digital Certificate Signing
Country: IL
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

Certificate Revocation List (CRL)

This CRL was cached at
http://crl.startssl.com/sfsca.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://crl.startssl.com/sfsca.crl
Size: 952 bytes (DER data)
Response time: 120.724192ms
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 7

Relevant server response headers

Date:
Last Modified:

Server and network information

Server Software: nginx/1.0.12
Content Delivery Network (CDN): Akamai
Cache Information: TCP_MEM_HIT from a23-219-93-206.deploy.akamaitechnologies.com (AkamaiGHost/8.3.2-19674918) (-)

Raw CRL response headers

Accept-Ranges: [bytes]
Content-Length: [952]
Content-Type: [application/pkix-crl]
Date: [Sat, 29 Apr 2017 21:19:43 GMT]
Last-Modified: [Wed, 12 Apr 2017 08:39:01 GMT]
Server: [nginx/1.0.12]
X-Cache: [TCP_MEM_HIT from a23-219-93-206.deploy.akamaitechnologies.com (AkamaiGHost/8.3.2-19674918) (-)]
  • Content-Type in response is set to 'application/pkix-crl (RFC 5280, section 4.2.1.13)'
  • This CRL file is DER encoded
  • Issuer field is byte-for-byte equivalent with issuers subject
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is not the same as ThisUpdate (RFC 5019, section 6.2)
  • Expires cache header not set (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://ocsp.startssl.com/ca (GET)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp.startssl.com/ca (GET)
Size: 1760 bytes (DER data)
Response time: 121.551507ms
Signature algorithm: SHA1WithRSA
Signature type: CA Deligated
Signed by: StartCom OCSP Responder
Issued by: StartCom Certification Authority
Signing certificate validity: 2016-09-20 - 2017-09-20
Signing certificate algorithm: SHA1-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: nginx/1.7.2
Content Delivery Network (CDN): Akamai
Cache Information: TCP_MEM_HIT from a23-219-93-206.deploy.akamaitechnologies.com (AkamaiGHost/8.3.2-19674918) (-)

URL used for GET request

http:/ca/MEgwRjBEMEIwQDAJBgUrDgMCGgUABBRBc6bT2N9qzRkeiWvn5WI5MHBpNQQUTgvvGqRAW6UXaYcwyjRoQ9BBrvICBxyrNkctnFE%3D

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MEgwRjBEMEIwQDAJBgUrDgMCGgUABBRBc6bT2N9qzRkeiWvn5WI5MHBpNQQUTgvv
GqRAW6UXaYcwyjRoQ9BBrvICBxyrNkctnFE=
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIG3AoBAKCCBtUwggbRBgkrBgEFBQcwAQEEggbCMIIGvjCByKFJMEcxCzAJBgNV
BAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSAwHgYDVQQDExdTdGFydENv
bSBPQ1NQIFJlc3BvbmRlchgPMjAxNzA0MjkxMDEyMjdaMGowaDBAMAkGBSsOAwIa
BQAEFEFzptPY32rNGR6Ja+flYjkwcGk1BBROC+8apEBbpRdphzDKNGhD0EGu8gIH
HKs2Ry2cUYAAGA8yMDE3MDQyOTEwMTIyN1qgERgPMjAxNzA1MDMxMDIyMjdaMA0G
CSqGSIb3DQEBBQUAA4IBAQAZz2rxbjMn4Ciw/zeVcce0rhnD/cajf1owPK8Opm16
WUt0QI1DCm2NhHxpxT0E0rREEx0c3+NCCBvXFy+d8k87hhuW58AybDdTNFCgJwLX
1q5GAEUQRRH91ZvMRVUDT5aGFeVt25qg8tC3+qGVX87D2SZZ42fFZFpwyZTO1YLy
382vnLEsJYObGbKYAEaZciOL41airj+rxyHhs43xrvEHAK+C67eK7pDlJ2wIkAC/
YB/MwoaxBdLD9fwfYjOKQmsHbHa/POgtt8/pAJEEdO4Fjs/CaBZpYxV/3cv8xuhP
WG4bZPlqHzTq7r/nXNL0Ya37NaXyAXAPen8OdomxLdN6oIIE2zCCBNcwggTTMIIC
u6ADAgECAhB0G1CHgU03TwwiPka2dpOyMA0GCSqGSIb3DQEBBQUAMH0xCzAJBgNV
BAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQLEyJTZWN1cmUg
RGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMSkwJwYDVQQDEyBTdGFydENvbSBD
ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xNjA5MjAwMDAxMDFaFw0xNzA5MjAw
MDAxMDFaMEcxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSAw
HgYDVQQDExdTdGFydENvbSBPQ1NQIFJlc3BvbmRlcjCCASIwDQYJKoZIhvcNAQEB
BQADggEPADCCAQoCggEBAL67V5Yt7+ta/FzjtC7S1XWouzbVRn73/KGBfj5JWHFX
jL1oKcHHeyuiQ46IawZ3TKMIZafle69rt2/J+q+K1AcF+yWfnYlsXO4fPd2zuNXq
9mLqlxwsYYLGwYo51ZY09YMenMo2hqcnE2jN4GNhW8HA7M5b1D7frPplzXZkcG2l
9imHwapl+RItDefLqTYvoGXZE8JhefiFx1SkYwZ9Da9hMjWavMInQQwS6HgUU63e
PBAj6oS9IBvEeGzFGeXeRKPOAtlwhsA1787V5OeamA5Ms2/8IEch2fITwUxkXLsh
EuQpb9HqR0vPpWnCd5/SCWIRtNQV5XCTU6VyFcru1f8CAwEAAaOBhDCBgTALBgNV
HQ8EBAMCA6gwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDAYDVR0TAQH/BAIwADAPBgkr
BgEFBQcwAQUEAgUAMB0GA1UdDgQWBBRfdFkMIvy5C8QhXMZu/hEmn9cqHTAfBgNV
HSMEGDAWgBROC+8apEBbpRdphzDKNGhD0EGu8jANBgkqhkiG9w0BAQUFAAOCAgEA
LbOpeDVprhn5SMPJuyRZGpe0vRR5FhCPmjJyCiGwi1ddVI++Eg56nTWABnde9aW5
W64x0MWuoEhg1+FOh5D2fIEztbKQKGQ8hDiQGTSz9Gy9KrZAzaEKOvpHVriq2Zne
su8W2w2cPahu09mY6ivtwJF5jVdLA3iG1X4xtiXUzdBqG+cQiWQBwbK/L1KepHA8
3G1S8xvOSWkBJQwZ/plkrTXNUARa3nOhGvsQKw6OcAo3+FdfrTn5KvVUFxjQ6xXV
vJcSK46LbD5NAD3hp8N3OJVLfvIpHnVVBcIBbhNR4kBe+GNSnGHuwbM1WAPq2V0n
pFD1WWYWHdYwVu4z9yAa2vhoYd7S/6eUhVH8FgCafBcQVoTuH2lXITW2aB23z5+1
YOedwbnb2B2j7T8iIgYG8zNJFoOa0Ue4mXRR7KH0kyanxVSPjtn6ZgM+xBu7yP5L
+W2rWCjPPRwbLxdWaCuPvJ3EsUONbcI0OtY8FbKr01Qurk7i3Qme1iPneOUenpnd
Ln4cNb6gKZ8b1rRB+AlJCm7DnEDyarEEd62wzRFMb+djTU5SPZ0bococQpeHZ35U
HuvFisJndbw17UkiLu8Dhivq6BaskcehToq0bhyewa8Pr1s+zcMUmSEqfLIBZONz
HxtCF0DFldDA5OJB8Y4iOMGSMxKxsKhAaBWolVceORM=
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIE0zCCArugAwIBAgIQdBtQh4FNN08MIj5GtnaTsjANBgkqhkiG9w0BAQUFADB9
MQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMi
U2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3Rh
cnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTYwOTIwMDAwMTAxWhcN
MTcwOTIwMDAwMTAxWjBHMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20g
THRkLjEgMB4GA1UEAxMXU3RhcnRDb20gT0NTUCBSZXNwb25kZXIwggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+u1eWLe/rWvxc47Qu0tV1qLs21UZ+9/yh
gX4+SVhxV4y9aCnBx3srokOOiGsGd0yjCGWn5Xuva7dvyfqvitQHBfsln52JbFzu
Hz3ds7jV6vZi6pccLGGCxsGKOdWWNPWDHpzKNoanJxNozeBjYVvBwOzOW9Q+36z6
Zc12ZHBtpfYph8GqZfkSLQ3ny6k2L6Bl2RPCYXn4hcdUpGMGfQ2vYTI1mrzCJ0EM
Euh4FFOt3jwQI+qEvSAbxHhsxRnl3kSjzgLZcIbANe/O1eTnmpgOTLNv/CBHIdny
E8FMZFy7IRLkKW/R6kdLz6Vpwnef0gliEbTUFeVwk1OlchXK7tX/AgMBAAGjgYQw
gYEwCwYDVR0PBAQDAgOoMBMGA1UdJQQMMAoGCCsGAQUFBwMJMAwGA1UdEwEB/wQC
MAAwDwYJKwYBBQUHMAEFBAIFADAdBgNVHQ4EFgQUX3RZDCL8uQvEIVzGbv4RJp/X
Kh0wHwYDVR0jBBgwFoAUTgvvGqRAW6UXaYcwyjRoQ9BBrvIwDQYJKoZIhvcNAQEF
BQADggIBAC2zqXg1aa4Z+UjDybskWRqXtL0UeRYQj5oycgohsItXXVSPvhIOep01
gAZ3XvWluVuuMdDFrqBIYNfhToeQ9nyBM7WykChkPIQ4kBk0s/RsvSq2QM2hCjr6
R1a4qtmZ3rLvFtsNnD2obtPZmOor7cCReY1XSwN4htV+MbYl1M3QahvnEIlkAcGy
vy9SnqRwPNxtUvMbzklpASUMGf6ZZK01zVAEWt5zoRr7ECsOjnAKN/hXX605+Sr1
VBcY0OsV1byXEiuOi2w+TQA94afDdziVS37yKR51VQXCAW4TUeJAXvhjUpxh7sGz
NVgD6tldJ6RQ9VlmFh3WMFbuM/cgGtr4aGHe0v+nlIVR/BYAmnwXEFaE7h9pVyE1
tmgdt8+ftWDnncG529gdo+0/IiIGBvMzSRaDmtFHuJl0Ueyh9JMmp8VUj47Z+mYD
PsQbu8j+S/ltq1gozz0cGy8XVmgrj7ydxLFDjW3CNDrWPBWyq9NULq5O4t0JntYj
53jlHp6Z3S5+HDW+oCmfG9a0QfgJSQpuw5xA8mqxBHetsM0RTG/nY01OUj2dG6HK
HEKXh2d+VB7rxYrCZ3W8Ne1JIi7vA4Yr6ugWrJHHoU6KtG4cnsGvD69bPs3DFJkh
KnyyAWTjcx8bQhdAxZXQwOTiQfGOIjjBkjMSsbCoQGgVqJVXHjkT
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [max-age=0, no-cache, no-store]
Content-Length: [1760]
Content-Transfer-Encoding: [Binary]
Content-Type: [application/ocsp-response]
Date: [Sat, 29 Apr 2017 21:19:43 GMT]
Etag: ["07C4718BCC9DED9D05C50AF1C5908964CCB2C399"]
Expires: [Sat, 29 Apr 2017 21:19:43 GMT]
Last-Modified: [Sat, 29 Apr 2017 10:12:27 GMT]
Pragma: [no-cache]
Server: [nginx/1.7.2]
X-Cache: [TCP_MEM_HIT from a23-219-93-206.deploy.akamaitechnologies.com (AkamaiGHost/8.3.2-19674918) (-)]
  • OCSP requests is smaller than 255 bytes
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is not the same as the NextUpdate field (RFC 5019 section 6.2)
This OCSP response was cached at
http://ocsp.startssl.com/ca (POST)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp.startssl.com/ca (POST)
Size: 1760 bytes (DER data)
Response time: 293.182801ms
Signature algorithm: SHA1WithRSA
Signature type: CA Deligated
Signed by: StartCom OCSP Responder
Issued by: StartCom Certification Authority
Signing certificate validity: 2016-09-20 - 2017-09-20
Signing certificate algorithm: SHA1-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: nginx/1.7.2
Content Delivery Network (CDN): Akamai
Cache Information: TCP_MISS from a23-219-93-206.deploy.akamaitechnologies.com (AkamaiGHost/8.3.2-19674918) (-)

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MEgwRjBEMEIwQDAJBgUrDgMCGgUABBRBc6bT2N9qzRkeiWvn5WI5MHBpNQQUTgvv
GqRAW6UXaYcwyjRoQ9BBrvICBxyrNkctnFE=
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIG3AoBAKCCBtUwggbRBgkrBgEFBQcwAQEEggbCMIIGvjCByKFJMEcxCzAJBgNV
BAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSAwHgYDVQQDExdTdGFydENv
bSBPQ1NQIFJlc3BvbmRlchgPMjAxNzA0MjkxMDEyMjdaMGowaDBAMAkGBSsOAwIa
BQAEFEFzptPY32rNGR6Ja+flYjkwcGk1BBROC+8apEBbpRdphzDKNGhD0EGu8gIH
HKs2Ry2cUYAAGA8yMDE3MDQyOTEwMTIyN1qgERgPMjAxNzA1MDMxMDIyMjdaMA0G
CSqGSIb3DQEBBQUAA4IBAQAZz2rxbjMn4Ciw/zeVcce0rhnD/cajf1owPK8Opm16
WUt0QI1DCm2NhHxpxT0E0rREEx0c3+NCCBvXFy+d8k87hhuW58AybDdTNFCgJwLX
1q5GAEUQRRH91ZvMRVUDT5aGFeVt25qg8tC3+qGVX87D2SZZ42fFZFpwyZTO1YLy
382vnLEsJYObGbKYAEaZciOL41airj+rxyHhs43xrvEHAK+C67eK7pDlJ2wIkAC/
YB/MwoaxBdLD9fwfYjOKQmsHbHa/POgtt8/pAJEEdO4Fjs/CaBZpYxV/3cv8xuhP
WG4bZPlqHzTq7r/nXNL0Ya37NaXyAXAPen8OdomxLdN6oIIE2zCCBNcwggTTMIIC
u6ADAgECAhB0G1CHgU03TwwiPka2dpOyMA0GCSqGSIb3DQEBBQUAMH0xCzAJBgNV
BAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQLEyJTZWN1cmUg
RGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMSkwJwYDVQQDEyBTdGFydENvbSBD
ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xNjA5MjAwMDAxMDFaFw0xNzA5MjAw
MDAxMDFaMEcxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSAw
HgYDVQQDExdTdGFydENvbSBPQ1NQIFJlc3BvbmRlcjCCASIwDQYJKoZIhvcNAQEB
BQADggEPADCCAQoCggEBAL67V5Yt7+ta/FzjtC7S1XWouzbVRn73/KGBfj5JWHFX
jL1oKcHHeyuiQ46IawZ3TKMIZafle69rt2/J+q+K1AcF+yWfnYlsXO4fPd2zuNXq
9mLqlxwsYYLGwYo51ZY09YMenMo2hqcnE2jN4GNhW8HA7M5b1D7frPplzXZkcG2l
9imHwapl+RItDefLqTYvoGXZE8JhefiFx1SkYwZ9Da9hMjWavMInQQwS6HgUU63e
PBAj6oS9IBvEeGzFGeXeRKPOAtlwhsA1787V5OeamA5Ms2/8IEch2fITwUxkXLsh
EuQpb9HqR0vPpWnCd5/SCWIRtNQV5XCTU6VyFcru1f8CAwEAAaOBhDCBgTALBgNV
HQ8EBAMCA6gwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDAYDVR0TAQH/BAIwADAPBgkr
BgEFBQcwAQUEAgUAMB0GA1UdDgQWBBRfdFkMIvy5C8QhXMZu/hEmn9cqHTAfBgNV
HSMEGDAWgBROC+8apEBbpRdphzDKNGhD0EGu8jANBgkqhkiG9w0BAQUFAAOCAgEA
LbOpeDVprhn5SMPJuyRZGpe0vRR5FhCPmjJyCiGwi1ddVI++Eg56nTWABnde9aW5
W64x0MWuoEhg1+FOh5D2fIEztbKQKGQ8hDiQGTSz9Gy9KrZAzaEKOvpHVriq2Zne
su8W2w2cPahu09mY6ivtwJF5jVdLA3iG1X4xtiXUzdBqG+cQiWQBwbK/L1KepHA8
3G1S8xvOSWkBJQwZ/plkrTXNUARa3nOhGvsQKw6OcAo3+FdfrTn5KvVUFxjQ6xXV
vJcSK46LbD5NAD3hp8N3OJVLfvIpHnVVBcIBbhNR4kBe+GNSnGHuwbM1WAPq2V0n
pFD1WWYWHdYwVu4z9yAa2vhoYd7S/6eUhVH8FgCafBcQVoTuH2lXITW2aB23z5+1
YOedwbnb2B2j7T8iIgYG8zNJFoOa0Ue4mXRR7KH0kyanxVSPjtn6ZgM+xBu7yP5L
+W2rWCjPPRwbLxdWaCuPvJ3EsUONbcI0OtY8FbKr01Qurk7i3Qme1iPneOUenpnd
Ln4cNb6gKZ8b1rRB+AlJCm7DnEDyarEEd62wzRFMb+djTU5SPZ0bococQpeHZ35U
HuvFisJndbw17UkiLu8Dhivq6BaskcehToq0bhyewa8Pr1s+zcMUmSEqfLIBZONz
HxtCF0DFldDA5OJB8Y4iOMGSMxKxsKhAaBWolVceORM=
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIE0zCCArugAwIBAgIQdBtQh4FNN08MIj5GtnaTsjANBgkqhkiG9w0BAQUFADB9
MQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMi
U2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3Rh
cnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTYwOTIwMDAwMTAxWhcN
MTcwOTIwMDAwMTAxWjBHMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20g
THRkLjEgMB4GA1UEAxMXU3RhcnRDb20gT0NTUCBSZXNwb25kZXIwggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+u1eWLe/rWvxc47Qu0tV1qLs21UZ+9/yh
gX4+SVhxV4y9aCnBx3srokOOiGsGd0yjCGWn5Xuva7dvyfqvitQHBfsln52JbFzu
Hz3ds7jV6vZi6pccLGGCxsGKOdWWNPWDHpzKNoanJxNozeBjYVvBwOzOW9Q+36z6
Zc12ZHBtpfYph8GqZfkSLQ3ny6k2L6Bl2RPCYXn4hcdUpGMGfQ2vYTI1mrzCJ0EM
Euh4FFOt3jwQI+qEvSAbxHhsxRnl3kSjzgLZcIbANe/O1eTnmpgOTLNv/CBHIdny
E8FMZFy7IRLkKW/R6kdLz6Vpwnef0gliEbTUFeVwk1OlchXK7tX/AgMBAAGjgYQw
gYEwCwYDVR0PBAQDAgOoMBMGA1UdJQQMMAoGCCsGAQUFBwMJMAwGA1UdEwEB/wQC
MAAwDwYJKwYBBQUHMAEFBAIFADAdBgNVHQ4EFgQUX3RZDCL8uQvEIVzGbv4RJp/X
Kh0wHwYDVR0jBBgwFoAUTgvvGqRAW6UXaYcwyjRoQ9BBrvIwDQYJKoZIhvcNAQEF
BQADggIBAC2zqXg1aa4Z+UjDybskWRqXtL0UeRYQj5oycgohsItXXVSPvhIOep01
gAZ3XvWluVuuMdDFrqBIYNfhToeQ9nyBM7WykChkPIQ4kBk0s/RsvSq2QM2hCjr6
R1a4qtmZ3rLvFtsNnD2obtPZmOor7cCReY1XSwN4htV+MbYl1M3QahvnEIlkAcGy
vy9SnqRwPNxtUvMbzklpASUMGf6ZZK01zVAEWt5zoRr7ECsOjnAKN/hXX605+Sr1
VBcY0OsV1byXEiuOi2w+TQA94afDdziVS37yKR51VQXCAW4TUeJAXvhjUpxh7sGz
NVgD6tldJ6RQ9VlmFh3WMFbuM/cgGtr4aGHe0v+nlIVR/BYAmnwXEFaE7h9pVyE1
tmgdt8+ftWDnncG529gdo+0/IiIGBvMzSRaDmtFHuJl0Ueyh9JMmp8VUj47Z+mYD
PsQbu8j+S/ltq1gozz0cGy8XVmgrj7ydxLFDjW3CNDrWPBWyq9NULq5O4t0JntYj
53jlHp6Z3S5+HDW+oCmfG9a0QfgJSQpuw5xA8mqxBHetsM0RTG/nY01OUj2dG6HK
HEKXh2d+VB7rxYrCZ3W8Ne1JIi7vA4Yr6ugWrJHHoU6KtG4cnsGvD69bPs3DFJkh
KnyyAWTjcx8bQhdAxZXQwOTiQfGOIjjBkjMSsbCoQGgVqJVXHjkT
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [max-age=0, no-cache, no-store]
Content-Length: [1760]
Content-Transfer-Encoding: [Binary]
Content-Type: [application/ocsp-response]
Date: [Sat, 29 Apr 2017 21:19:43 GMT]
Etag: ["07C4718BCC9DED9D05C50AF1C5908964CCB2C399"]
Expires: [Sat, 29 Apr 2017 21:19:43 GMT]
Last-Modified: [Sat, 29 Apr 2017 10:12:27 GMT]
Pragma: [no-cache]
Server: [nginx/1.7.2]
X-Cache: [TCP_MISS from a23-219-93-206.deploy.akamaitechnologies.com (AkamaiGHost/8.3.2-19674918) (-)]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is not the same as the NextUpdate field (RFC 5019 section 6.2)

StartCom Certification Authority (CA Certificate)

Certificate details for StartCom Certification Authority (At position 2 in certificate chain)
Serial number:
hex: 1
int: 1
Issued by: StartCom Certification Authority
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: StartCom Ltd.
Organization unit: Secure Digital Certificate Signing
Country: IL
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

This is a self signed certificate

Certificate Revocation List (CRL)

This CRL was cached at
http://cert.startcom.org/sfsca-crl.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://cert.startcom.org/sfsca-crl.crl
Size: 952 bytes (DER data)
Response time: 508.510683ms
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 7

Relevant server response headers

Date:
Last Modified:

Server and network information

Server Software: nginx/1.9.14

Raw CRL response headers

Accept-Ranges: [bytes]
Connection: [keep-alive]
Content-Length: [952]
Content-Type: [application/pkix-crl]
Date: [Sat, 29 Apr 2017 21:19:43 GMT]
Etag: ["58ede862-3b8"]
Last-Modified: [Wed, 12 Apr 2017 08:42:10 GMT]
Server: [nginx/1.9.14]
  • Content-Type in response is set to 'application/pkix-crl (RFC 5280, section 4.2.1.13)'
  • This CRL file is DER encoded
  • Issuer field is byte-for-byte equivalent with issuers subject
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is not the same as ThisUpdate (RFC 5019, section 6.2)
  • Expires cache header not set (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)
This CRL was cached at
http://crl.startcom.org/sfsca-crl.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://crl.startcom.org/sfsca-crl.crl
Size: 0 bytes (DER data)
Response time: 0s

Raw CRL response headers

Check the revocation status for another website

Created by Paul van Brouwershaven
Revoked certificates can't and should not be trusted, these certificate will cause errors like "NET::ERR_CERT_REVOKED" in browsers.