CRL & OCSP report for posti.viestiratkaisu.fi (Vakka-Suomen Puhelin Oy)

posti.viestiratkaisu.fi

Certificate details for posti.viestiratkaisu.fi (At position 0 in certificate chain)
Serial number:
hex: 4c208ee2
int: 1277202146
Issued by: Entrust Certification Authority - L1C
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: Vakka-Suomen Puhelin Oy
Organization unit: Internet Services
Locality: Uusikaupunki
Country: FI
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

Check certificate compliance for posti.viestiratkaisu.fi.

Certificate Revocation List (CRL)

This CRL was cached at
http://crl.entrust.net/level1c.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://crl.entrust.net/level1c.crl
Size: 502307 bytes (DER data)
Response time: 14.415202ms
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 13476

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Content Delivery Network (CDN): Akamai
Cache Information: TCP_HIT from a23-204-138-181.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0.2-20192836) (-)

Raw CRL response headers

Accept-Ranges: [bytes]
Cache-Control: [no-cache]
Content-Length: [502307]
Content-Type: [application/x-pkcs7-crl]
Date: [Wed, 28 Jun 2017 15:57:51 GMT]
Expires: [Wed, 28 Jun 2017 15:57:51 GMT]
Last-Modified: [Wed, 28 Jun 2017 15:00:03 GMT]
Pragma: [no-cache]
X-Cache: [TCP_HIT from a23-204-138-181.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0.2-20192836) (-)]
X-Frame-Options: [DENY]
  • Content-Type in response is set 'application/x-pkcs7-crl' and should be replaced with 'application/pkix-crl' (RFC 5280, section 4.2.1.13)
  • This CRL file is DER encoded
  • Issuer field is byte-for-byte equivalent with issuers subject
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than seven days old, CRLs must be updated and reissued at least every seven days (Mozilla Maintenance Policy section 3)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is not the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is not the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://ocsp.entrust.net (POST)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp.entrust.net (POST)
Size: 1951 bytes (DER data)
Response time: 60.257773ms
Signature algorithm: SHA1WithRSA
Signature type: CA Delegated
Signed by: Entrust Validation Authority
Issued by: Entrust Certification Authority - L1C
Signing certificate validity: 2016-12-19 - 2019-03-31
Signing certificate algorithm: SHA1-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 1h0m0s

Server and network information

Content Delivery Network (CDN): Akamai
Cache Information: TCP_MISS from a23-215-131-87.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (-)

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MEUwQzBBMD8wPTAJBgUrDgMCGgUABBTYqntZF2XfWd4vuxzYev4PhVs0zQQUHvGr
iQb4SQ8BM3fuFHruGXyTKE0CBEwgjuI=
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIHmwoBAKCCB5QwggeQBgkrBgEFBQcwAQEEggeBMIIHfTCCAVihgdswgdgxCzAJ
BgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMTkwNwYDVQQLEzB3d3cu
ZW50cnVzdC5uZXQvcnBhIGlzIGluY29ycG9yYXRlZCBieSByZWZlcmVuY2UxHzAd
BgNVBAsTFihjKSAyMDA5IEVudHJ1c3QsIEluYy4xLjAsBgNVBAMTJUVudHJ1c3Qg
Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBMMUMxJTAjBgNVBAMTHEVudHJ1c3Qg
VmFsaWRhdGlvbiBBdXRob3JpdHkYDzIwMTcwNjI4MTQ0MTA2WjBnMGUwPTAJBgUr
DgMCGgUABBTYqntZF2XfWd4vuxzYev4PhVs0zQQUHvGriQb4SQ8BM3fuFHruGXyT
KE0CBEwgjuKAABgPMjAxNzA2MjgwODI5MTBaoBEYDzIwMTcwNzA1MTQ0MTA2WjAN
BgkqhkiG9w0BAQUFAAOCAQEAL/A4VUA4CTAxPMesPwwop1yuhJsdYDIgSZuR1ad4
DsPCuiTtSKeEDT5KSTF5zIKUDjcpfhXkQy2ElFgdQ09SZa43D2pdLWPkr0uuc3FX
289Vd+TExaKCh9HBTmCPB1+Wd7EUAJM8NVXN6+GkjVWAc6ii2HayP93vcAiH9QkY
J37THmDu6Reqgr8RxcaRMoPxPc1+tYkDWuWB0nczw/r9KoCP6u3MPx9Xtsa1zW7Q
+KWX0gQ4EULkUjpI1dSZh/1+3xXcuVsZFDkPmm5vRjvS2xWHVs+f22FMZ09RSnSe
YAds5CJNolROPO/Ix4SmVcvDiGXmg7XVPgszNCkaC7XU26CCBQkwggUFMIIFATCC
A+mgAwIBAgIQSRs9EH1lT8wAAAAATCVnLjANBgkqhkiG9w0BAQUFADCBsTELMAkG
A1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xOTA3BgNVBAsTMHd3dy5l
bnRydXN0Lm5ldC9ycGEgaXMgaW5jb3Jwb3JhdGVkIGJ5IHJlZmVyZW5jZTEfMB0G
A1UECxMWKGMpIDIwMDkgRW50cnVzdCwgSW5jLjEuMCwGA1UEAxMlRW50cnVzdCBD
ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEwxQzAeFw0xNjEyMTkxODA2MTdaFw0x
OTAzMzExMDAwMDBaMIHYMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNRW50cnVzdCwg
SW5jLjE5MDcGA1UECxMwd3d3LmVudHJ1c3QubmV0L3JwYSBpcyBpbmNvcnBvcmF0
ZWQgYnkgcmVmZXJlbmNlMR8wHQYDVQQLExYoYykgMjAwOSBFbnRydXN0LCBJbmMu
MS4wLAYDVQQDEyVFbnRydXN0IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gTDFD
MSUwIwYDVQQDExxFbnRydXN0IFZhbGlkYXRpb24gQXV0aG9yaXR5MIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAydqJVenrg9VMqV5B4iJAbalp0DfqQaTU
JXu3G5+h6rXjkj+ZPpXv7QimlUzYDgsvmXYNUapOwBAJGKUXWttnKdznQUDdddOi
em9p2TjDLrkP2Uw+bYQ2jmisO1teqWscWFzIGuSL3or591V52XHv64ll4ALvZkJf
NqhUpzbCAgUVk7Mi8VmJySIemHy0gYzcRIkqnYl+jrh89c+a2hNXYZRkyqq5wBQP
b+z9KU5holP/Y9e6UYaiDoDgH5cmRcGerBiYeb/bSOXV1IYcDmbj2OOsx8G5WEhg
HQN48VsyMc4xLMcjF1GcZ4OZyGcEv8Hu8t51/9uC/w5EzOSYXgOkMwIDAQABo4Hr
MIHoMAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDCTAPBgkrBgEFBQcw
AQUEAgUAMDMGCCsGAQUFBwEBBCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3Au
ZW50cnVzdC5uZXQwMwYDVR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5lbnRydXN0
Lm5ldC9sZXZlbDFjLmNybDAfBgNVHSMEGDAWgBQe8auJBvhJDwEzd+4Ueu4ZfJMo
TTAdBgNVHQ4EFgQU1QIEttegqC2zvRIlq1LU0eWWjcQwCQYDVR0TBAIwADANBgkq
hkiG9w0BAQUFAAOCAQEAJEDCuqRRUtzvn2mOteNs17i97HQOgxvAQxb/uynxottd
NgKDDIOtaEhYhfmST5kfNuNSBl07T4GM7HPuDA//3vi+DHdYELorPlzUuXkqunxn
q602ZsbxTSHAlG32ICofy3ccvB35KLwytpq1w4F1sHOTDUWn/awGXIo52eMflfZP
SJrGtidcu7IwkgMasKPSXEkyJy+JMQpt7vYreYNvTRqFuMr0Hh7wAXDr+zGzFV/X
2u/wSJlpPydrDzLquvMlFKNfpq4rz5jVWcDVmdjzrT7ZNAr8vG7yNagV0GJ+Grj/
77YCM0IJhGHnjWBi/iKdn3V5K95em0Sv0cmbd+Tpgg==
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgIQSRs9EH1lT8wAAAAATCVnLjANBgkqhkiG9w0BAQUFADCB
sTELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xOTA3BgNVBAsT
MHd3dy5lbnRydXN0Lm5ldC9ycGEgaXMgaW5jb3Jwb3JhdGVkIGJ5IHJlZmVyZW5j
ZTEfMB0GA1UECxMWKGMpIDIwMDkgRW50cnVzdCwgSW5jLjEuMCwGA1UEAxMlRW50
cnVzdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEwxQzAeFw0xNjEyMTkxODA2
MTdaFw0xOTAzMzExMDAwMDBaMIHYMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNRW50
cnVzdCwgSW5jLjE5MDcGA1UECxMwd3d3LmVudHJ1c3QubmV0L3JwYSBpcyBpbmNv
cnBvcmF0ZWQgYnkgcmVmZXJlbmNlMR8wHQYDVQQLExYoYykgMjAwOSBFbnRydXN0
LCBJbmMuMS4wLAYDVQQDEyVFbnRydXN0IENlcnRpZmljYXRpb24gQXV0aG9yaXR5
IC0gTDFDMSUwIwYDVQQDExxFbnRydXN0IFZhbGlkYXRpb24gQXV0aG9yaXR5MIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAydqJVenrg9VMqV5B4iJAbalp
0DfqQaTUJXu3G5+h6rXjkj+ZPpXv7QimlUzYDgsvmXYNUapOwBAJGKUXWttnKdzn
QUDdddOiem9p2TjDLrkP2Uw+bYQ2jmisO1teqWscWFzIGuSL3or591V52XHv64ll
4ALvZkJfNqhUpzbCAgUVk7Mi8VmJySIemHy0gYzcRIkqnYl+jrh89c+a2hNXYZRk
yqq5wBQPb+z9KU5holP/Y9e6UYaiDoDgH5cmRcGerBiYeb/bSOXV1IYcDmbj2OOs
x8G5WEhgHQN48VsyMc4xLMcjF1GcZ4OZyGcEv8Hu8t51/9uC/w5EzOSYXgOkMwID
AQABo4HrMIHoMAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDCTAPBgkr
BgEFBQcwAQUEAgUAMDMGCCsGAQUFBwEBBCcwJTAjBggrBgEFBQcwAYYXaHR0cDov
L29jc3AuZW50cnVzdC5uZXQwMwYDVR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5l
bnRydXN0Lm5ldC9sZXZlbDFjLmNybDAfBgNVHSMEGDAWgBQe8auJBvhJDwEzd+4U
eu4ZfJMoTTAdBgNVHQ4EFgQU1QIEttegqC2zvRIlq1LU0eWWjcQwCQYDVR0TBAIw
ADANBgkqhkiG9w0BAQUFAAOCAQEAJEDCuqRRUtzvn2mOteNs17i97HQOgxvAQxb/
uynxottdNgKDDIOtaEhYhfmST5kfNuNSBl07T4GM7HPuDA//3vi+DHdYELorPlzU
uXkqunxnq602ZsbxTSHAlG32ICofy3ccvB35KLwytpq1w4F1sHOTDUWn/awGXIo5
2eMflfZPSJrGtidcu7IwkgMasKPSXEkyJy+JMQpt7vYreYNvTRqFuMr0Hh7wAXDr
+zGzFV/X2u/wSJlpPydrDzLquvMlFKNfpq4rz5jVWcDVmdjzrT7ZNAr8vG7yNagV
0GJ+Grj/77YCM0IJhGHnjWBi/iKdn3V5K95em0Sv0cmbd+Tpgg==
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [public, no-transform, must-revalidate, max-age=3600]
Content-Length: [1951]
Content-Transfer-Encoding: [Binary]
Content-Type: [application/ocsp-response]
Date: [Wed, 28 Jun 2017 15:57:51 GMT]
Etag: ["8B892919B5D7E080585296C3CC47AB42F85AB111"]
Expires: [Wed, 28 Jun 2017 16:57:51 GMT]
Last-Modified: [Wed, 28 Jun 2017 14:41:06 GMT]
X-Cache: [TCP_MISS from a23-215-131-87.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (-)]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • OCSP response is valid for at least 8 hours (Microsoft)
  • OCSP response is available at least 8 hours before the current period expires or at ½ the validity if valid for more than 16 hours (Microsoft)
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is not the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is not the same as the NextUpdate field (RFC 5019 section 6.2)
This OCSP response was cached at
http://ocsp.entrust.net (GET)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp.entrust.net (GET)
Size: 1951 bytes (DER data)
Response time: 98.982825ms
Signature algorithm: SHA1WithRSA
Signature type: CA Delegated
Signed by: Entrust Validation Authority
Issued by: Entrust Certification Authority - L1C
Signing certificate validity: 2016-12-19 - 2019-03-31
Signing certificate algorithm: SHA1-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 1h0m0s

Server and network information

Content Delivery Network (CDN): Akamai
Cache Information: TCP_MISS from a23-215-131-87.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (-)

URL used for GET request

http://ocsp.entrust.net/MEUwQzBBMD8wPTAJBgUrDgMCGgUABBTYqntZF2XfWd4vuxzYev4PhVs0zQQUHvGriQb4SQ8BM3fuFHruGXyTKE0CBEwgjuI%3D

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MEUwQzBBMD8wPTAJBgUrDgMCGgUABBTYqntZF2XfWd4vuxzYev4PhVs0zQQUHvGr
iQb4SQ8BM3fuFHruGXyTKE0CBEwgjuI=
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIHmwoBAKCCB5QwggeQBgkrBgEFBQcwAQEEggeBMIIHfTCCAVihgdswgdgxCzAJ
BgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMTkwNwYDVQQLEzB3d3cu
ZW50cnVzdC5uZXQvcnBhIGlzIGluY29ycG9yYXRlZCBieSByZWZlcmVuY2UxHzAd
BgNVBAsTFihjKSAyMDA5IEVudHJ1c3QsIEluYy4xLjAsBgNVBAMTJUVudHJ1c3Qg
Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBMMUMxJTAjBgNVBAMTHEVudHJ1c3Qg
VmFsaWRhdGlvbiBBdXRob3JpdHkYDzIwMTcwNjI4MTQ0MTA2WjBnMGUwPTAJBgUr
DgMCGgUABBTYqntZF2XfWd4vuxzYev4PhVs0zQQUHvGriQb4SQ8BM3fuFHruGXyT
KE0CBEwgjuKAABgPMjAxNzA2MjgwODI5MTBaoBEYDzIwMTcwNzA1MTQ0MTA2WjAN
BgkqhkiG9w0BAQUFAAOCAQEAL/A4VUA4CTAxPMesPwwop1yuhJsdYDIgSZuR1ad4
DsPCuiTtSKeEDT5KSTF5zIKUDjcpfhXkQy2ElFgdQ09SZa43D2pdLWPkr0uuc3FX
289Vd+TExaKCh9HBTmCPB1+Wd7EUAJM8NVXN6+GkjVWAc6ii2HayP93vcAiH9QkY
J37THmDu6Reqgr8RxcaRMoPxPc1+tYkDWuWB0nczw/r9KoCP6u3MPx9Xtsa1zW7Q
+KWX0gQ4EULkUjpI1dSZh/1+3xXcuVsZFDkPmm5vRjvS2xWHVs+f22FMZ09RSnSe
YAds5CJNolROPO/Ix4SmVcvDiGXmg7XVPgszNCkaC7XU26CCBQkwggUFMIIFATCC
A+mgAwIBAgIQSRs9EH1lT8wAAAAATCVnLjANBgkqhkiG9w0BAQUFADCBsTELMAkG
A1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xOTA3BgNVBAsTMHd3dy5l
bnRydXN0Lm5ldC9ycGEgaXMgaW5jb3Jwb3JhdGVkIGJ5IHJlZmVyZW5jZTEfMB0G
A1UECxMWKGMpIDIwMDkgRW50cnVzdCwgSW5jLjEuMCwGA1UEAxMlRW50cnVzdCBD
ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEwxQzAeFw0xNjEyMTkxODA2MTdaFw0x
OTAzMzExMDAwMDBaMIHYMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNRW50cnVzdCwg
SW5jLjE5MDcGA1UECxMwd3d3LmVudHJ1c3QubmV0L3JwYSBpcyBpbmNvcnBvcmF0
ZWQgYnkgcmVmZXJlbmNlMR8wHQYDVQQLExYoYykgMjAwOSBFbnRydXN0LCBJbmMu
MS4wLAYDVQQDEyVFbnRydXN0IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gTDFD
MSUwIwYDVQQDExxFbnRydXN0IFZhbGlkYXRpb24gQXV0aG9yaXR5MIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAydqJVenrg9VMqV5B4iJAbalp0DfqQaTU
JXu3G5+h6rXjkj+ZPpXv7QimlUzYDgsvmXYNUapOwBAJGKUXWttnKdznQUDdddOi
em9p2TjDLrkP2Uw+bYQ2jmisO1teqWscWFzIGuSL3or591V52XHv64ll4ALvZkJf
NqhUpzbCAgUVk7Mi8VmJySIemHy0gYzcRIkqnYl+jrh89c+a2hNXYZRkyqq5wBQP
b+z9KU5holP/Y9e6UYaiDoDgH5cmRcGerBiYeb/bSOXV1IYcDmbj2OOsx8G5WEhg
HQN48VsyMc4xLMcjF1GcZ4OZyGcEv8Hu8t51/9uC/w5EzOSYXgOkMwIDAQABo4Hr
MIHoMAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDCTAPBgkrBgEFBQcw
AQUEAgUAMDMGCCsGAQUFBwEBBCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3Au
ZW50cnVzdC5uZXQwMwYDVR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5lbnRydXN0
Lm5ldC9sZXZlbDFjLmNybDAfBgNVHSMEGDAWgBQe8auJBvhJDwEzd+4Ueu4ZfJMo
TTAdBgNVHQ4EFgQU1QIEttegqC2zvRIlq1LU0eWWjcQwCQYDVR0TBAIwADANBgkq
hkiG9w0BAQUFAAOCAQEAJEDCuqRRUtzvn2mOteNs17i97HQOgxvAQxb/uynxottd
NgKDDIOtaEhYhfmST5kfNuNSBl07T4GM7HPuDA//3vi+DHdYELorPlzUuXkqunxn
q602ZsbxTSHAlG32ICofy3ccvB35KLwytpq1w4F1sHOTDUWn/awGXIo52eMflfZP
SJrGtidcu7IwkgMasKPSXEkyJy+JMQpt7vYreYNvTRqFuMr0Hh7wAXDr+zGzFV/X
2u/wSJlpPydrDzLquvMlFKNfpq4rz5jVWcDVmdjzrT7ZNAr8vG7yNagV0GJ+Grj/
77YCM0IJhGHnjWBi/iKdn3V5K95em0Sv0cmbd+Tpgg==
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgIQSRs9EH1lT8wAAAAATCVnLjANBgkqhkiG9w0BAQUFADCB
sTELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xOTA3BgNVBAsT
MHd3dy5lbnRydXN0Lm5ldC9ycGEgaXMgaW5jb3Jwb3JhdGVkIGJ5IHJlZmVyZW5j
ZTEfMB0GA1UECxMWKGMpIDIwMDkgRW50cnVzdCwgSW5jLjEuMCwGA1UEAxMlRW50
cnVzdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEwxQzAeFw0xNjEyMTkxODA2
MTdaFw0xOTAzMzExMDAwMDBaMIHYMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNRW50
cnVzdCwgSW5jLjE5MDcGA1UECxMwd3d3LmVudHJ1c3QubmV0L3JwYSBpcyBpbmNv
cnBvcmF0ZWQgYnkgcmVmZXJlbmNlMR8wHQYDVQQLExYoYykgMjAwOSBFbnRydXN0
LCBJbmMuMS4wLAYDVQQDEyVFbnRydXN0IENlcnRpZmljYXRpb24gQXV0aG9yaXR5
IC0gTDFDMSUwIwYDVQQDExxFbnRydXN0IFZhbGlkYXRpb24gQXV0aG9yaXR5MIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAydqJVenrg9VMqV5B4iJAbalp
0DfqQaTUJXu3G5+h6rXjkj+ZPpXv7QimlUzYDgsvmXYNUapOwBAJGKUXWttnKdzn
QUDdddOiem9p2TjDLrkP2Uw+bYQ2jmisO1teqWscWFzIGuSL3or591V52XHv64ll
4ALvZkJfNqhUpzbCAgUVk7Mi8VmJySIemHy0gYzcRIkqnYl+jrh89c+a2hNXYZRk
yqq5wBQPb+z9KU5holP/Y9e6UYaiDoDgH5cmRcGerBiYeb/bSOXV1IYcDmbj2OOs
x8G5WEhgHQN48VsyMc4xLMcjF1GcZ4OZyGcEv8Hu8t51/9uC/w5EzOSYXgOkMwID
AQABo4HrMIHoMAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDCTAPBgkr
BgEFBQcwAQUEAgUAMDMGCCsGAQUFBwEBBCcwJTAjBggrBgEFBQcwAYYXaHR0cDov
L29jc3AuZW50cnVzdC5uZXQwMwYDVR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5l
bnRydXN0Lm5ldC9sZXZlbDFjLmNybDAfBgNVHSMEGDAWgBQe8auJBvhJDwEzd+4U
eu4ZfJMoTTAdBgNVHQ4EFgQU1QIEttegqC2zvRIlq1LU0eWWjcQwCQYDVR0TBAIw
ADANBgkqhkiG9w0BAQUFAAOCAQEAJEDCuqRRUtzvn2mOteNs17i97HQOgxvAQxb/
uynxottdNgKDDIOtaEhYhfmST5kfNuNSBl07T4GM7HPuDA//3vi+DHdYELorPlzU
uXkqunxnq602ZsbxTSHAlG32ICofy3ccvB35KLwytpq1w4F1sHOTDUWn/awGXIo5
2eMflfZPSJrGtidcu7IwkgMasKPSXEkyJy+JMQpt7vYreYNvTRqFuMr0Hh7wAXDr
+zGzFV/X2u/wSJlpPydrDzLquvMlFKNfpq4rz5jVWcDVmdjzrT7ZNAr8vG7yNagV
0GJ+Grj/77YCM0IJhGHnjWBi/iKdn3V5K95em0Sv0cmbd+Tpgg==
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [public, no-transform, must-revalidate, max-age=3600]
Content-Length: [1951]
Content-Transfer-Encoding: [Binary]
Content-Type: [application/ocsp-response]
Date: [Wed, 28 Jun 2017 15:57:51 GMT]
Etag: ["8B892919B5D7E080585296C3CC47AB42F85AB111"]
Expires: [Wed, 28 Jun 2017 16:57:51 GMT]
Last-Modified: [Wed, 28 Jun 2017 14:41:06 GMT]
X-Cache: [TCP_MISS from a23-215-131-87.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (-)]
  • OCSP requests is smaller than 255 bytes
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • OCSP response is valid for at least 8 hours (Microsoft)
  • OCSP response is available at least 8 hours before the current period expires or at ½ the validity if valid for more than 16 hours (Microsoft)
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is not the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is not the same as the NextUpdate field (RFC 5019 section 6.2)

Entrust Certification Authority - L1C (CA Certificate)

Certificate details for Entrust Certification Authority - L1C (At position 1 in certificate chain)
Serial number:
hex: 4c0e8c39
int: 1276021817
Issued by: Entrust.net Certification Authority (2048)
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: Entrust, Inc.
Organization unit: www.entrust.net/rpa is incorporated by reference
Organization unit: (c) 2009 Entrust, Inc.
Country: US
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

This certificate contains no information about authoritative CRL(s) or OCSP servers

Check the revocation status for another website

Created by Paul van Brouwershaven
© 2015 - 2017 Digitorus B.V.
Revoked certificates can't and should not be trusted, these certificate will cause errors like "NET::ERR_CERT_REVOKED" in browsers.