CRL & OCSP report for smudgefixx.com

smudgefixx.com

Certificate details for smudgefixx.com (At position 0 in certificate chain)
Serial number:
hex: 4e29d8893e090335f9678679
int: 24190419287503460733764994681
Issued by: GlobalSign Domain Validation CA - SHA256 - G3
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization unit: Domain Control Validated
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

Check certificate compliance for smudgefixx.com.

Certificate Revocation List (CRL)

This CRL was cached at
http://crl.globalsign.com/gsdomainvalsha2g3.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://crl.globalsign.com/gsdomainvalsha2g3.crl
Size: 856 bytes (DER data)
Response time: 226.531105ms
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 12

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: cloudflare-nginx
Content Delivery Network (CDN): CloudFlare, CloudFront
Cache Information: HIT, Miss from cloudfront

Raw CRL response headers

Accept-Ranges: [bytes]
Cache-Control: [public, no-transform, must-revalidate]
Cf-Cache-Status: [HIT]
Cf-Ray: [357aa27c14e506af-EWR]
Content-Length: [856]
Content-Type: [application/pkix-crl]
Date: [Sun, 30 Apr 2017 12:51:49 GMT]
Etag: [0256]
Expires: [Sun, 07 May 2017 03:01:44 GMT]
Last-Modified: [Sun, 30 Apr 2017 03:01:44 GMT]
Server: [cloudflare-nginx]
Set-Cookie: [__cfduid=d84299217a15ed5c60ef3c6401321f1561493556709; expires=Mon, 30-Apr-18 12:51:49 GMT; path=/; domain=.globalsign.com; HttpOnly]
Vary: [Accept-Encoding]
Via: [1.1 4ee3d5920fafcf4bca394fd489654c8c.cloudfront.net (CloudFront)]
X-Amz-Cf-Id: [ZJa9FhsXkyXFD1RRNMKxy1x9B7UtSm1-Zp2n0K_0FfyAU6MiU_otZg==]
X-Cache: [Miss from cloudfront]
  • Content-Type in response is set to 'application/pkix-crl (RFC 5280, section 4.2.1.13)'
  • This CRL file is DER encoded
  • Issuer field is byte-for-byte equivalent with issuers subject
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than seven days old, CRLs must be updated and reissued at least every seven days (Mozilla Maintenance Policy section 3)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://ocsp2.globalsign.com/gsdomainvalsha2g3 (POST)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp2.globalsign.com/gsdomainvalsha2g3 (POST)
Size: 1596 bytes (DER data)
Response time: 767.49611ms
Signature algorithm: SHA256WithRSA
Signature type: CA Deligated
Signed by: GlobalSign Domain Validation CA - SHA256 - G3 OCSP Responder
Issued by: GlobalSign Domain Validation CA - SHA256 - G3
Signing certificate validity: 2017-03-10 - 2017-06-10
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: cloudflare-nginx
Content Delivery Network (CDN): CloudFlare
Cache Information: MISS

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
ME0wSzBJMEcwRTAJBgUrDgMCGgUABBTkJrHpDjzXcmq2v4rT7Ui1Pq8dzAQUPYCC
ecVIgqPDEu7fmQ9XNUie0MsCDE4p2Ik+CQM1+WeGeQ==
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIGOAoBAKCCBjEwggYtBgkrBgEFBQcwAQEEggYeMIIGGjCBwKIWBBRy7UC62K7x
unuZPs0P2++yc/TRsBgPMjAxNzA0MzAxMjUxNTBaMIGUMIGRMEUwCQYFKw4DAhoF
AAQU5Cax6Q4813Jqtr+K0+1ItT6vHcwEFD2AgnnFSIKjwxLu35kPVzVIntDLAgxO
KdiJPgkDNflnhnmAABgPMjAxNzA0MzAxMjUxNTBaoBEYDzIwMTcwNTA0MTI1MTUw
WqEiMCAwHgYJKwYBBQUHMAEGBBEYDzIwMTYwNDMwMTI1MTUwWjANBgkqhkiG9w0B
AQsFAAOCAQEAamJWGvjllIgP1LEDURaExJiSF1a4BoqgsDRPjwkcKA/WXsZdIpd0
i9N8aNpSZb5lvhQsQAfN8RQlNj5tpG4cIABy5RzTeTXK4jHQM9OX1bc54pHC3cI/
wr2pUxkD/ihj8ddc/1H7L6qZTCkPcFtULZ+4zO/1CCjTgKWVwsjbt2he4AeIh233
0Bvs4B6gbHBcD2RdE981Gjs8wamTdeCR8IghDD1a7pvfPZsbJ0MnrWQw81oNVSGy
4x2D1ujorCbSY65v+Murkg5b+Sz2B1bjc6lKJnwQSjlXxsE52L8cnDmJ/FkGrj1Q
iomzXSDOZZfcXQXVOJKjCn87hnNnxzj80qCCBD8wggQ7MIIENzCCAx+gAwIBAgIM
D+A8SpfKhQYHSEq+MA0GCSqGSIb3DQEBCwUAMGAxCzAJBgNVBAYTAkJFMRkwFwYD
VQQKExBHbG9iYWxTaWduIG52LXNhMTYwNAYDVQQDEy1HbG9iYWxTaWduIERvbWFp
biBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0gRzMwHhcNMTcwMzEwMDg0MDE0WhcN
MTcwNjEwMDg0MDE0WjCBiDELMAkGA1UEBhMCU0cxGzAZBgNVBAoTEkdsb2JhbFNp
Z24gUHRlIEx0ZDEVMBMGA1UEBRMMMjAxNzAzMTAwMDAxMUUwQwYDVQQDEzxHbG9i
YWxTaWduIERvbWFpbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0gRzMgT0NTUCBS
ZXNwb25kZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/FsFl2fUy
GZHz+wNMWBAqfDrjT004vd+j5yNlZDctJz+ytJkj9QEpE6y85+8cjLW1sQuZqu1Q
ArsWNbMSaLxN1LTmAdtGSk8XtPwznyld10VFEYfGv4Ukpyx66KQeVNohiEOBtyWp
4TVr9kAQLPnCUgtfNftHg0Q9rFmON+HWjcd8Uz1Q8oihoG4A/6Z20FpVVe3rhBwp
tDmix0s2IPwQD+/t1l216mQD2HYO4ggDOUHhk9jBccTUzAcC+dy03N4Jgqe7mg/G
uBkfWO2KqQ2ghEWpaoR8yv4dzLJ6JsG+q14DoZ4s5zEGp0c2WPv2VC0ixvCukGcW
TTWSwXJNjZZVAgMBAAGjgccwgcQwHQYDVR0OBBYEFHLtQLrYrvG6e5k+zQ/b77Jz
9NGwMB8GA1UdIwQYMBaAFD2AgnnFSIKjwxLu35kPVzVIntDLMA8GCSsGAQUFBzAB
BQQCBQAwTAYDVR0gBEUwQzBBBgkrBgEEAaAyAV8wNDAyBggrBgEFBQcCARYmaHR0
cHM6Ly93d3cuZ2xvYmFsc2lnbi5jb20vcmVwb3NpdG9yeS8wDgYDVR0PAQH/BAQD
AgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA0GCSqGSIb3DQEBCwUAA4IBAQAMIXBt
vIoeBPBeAVDZM0lEBsyADXQG/JeSnNMA+Llex1JNhcKv32G23deLr91eZoDSgQgM
zjIYpbNzNzZV0hpdBTKplD2Mi0I12ivfS2JwQdn05qvrkAe0eqW2CfC2vOh0Tfuy
wyLkHgLe9wBi96+Ck5QWcvFnX9pdinbn4zDCK7/xL+3GnAf5Hs8jKUMOPkwJRezT
oE5ljSmEldQcAsjXFyKOWEYq9rmilbR/j2dTOSDOjGxNZf50lIRo3PYvGS/k1DCG
suYChENNcJkB3R+rpb7//HPoCvofGr98FpzRDyh07MZcPqkPQwke3m0q38TeLxlB
+BaKiHn30GXRDnP4
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIENzCCAx+gAwIBAgIMD+A8SpfKhQYHSEq+MA0GCSqGSIb3DQEBCwUAMGAxCzAJ
BgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTYwNAYDVQQDEy1H
bG9iYWxTaWduIERvbWFpbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0gRzMwHhcN
MTcwMzEwMDg0MDE0WhcNMTcwNjEwMDg0MDE0WjCBiDELMAkGA1UEBhMCU0cxGzAZ
BgNVBAoTEkdsb2JhbFNpZ24gUHRlIEx0ZDEVMBMGA1UEBRMMMjAxNzAzMTAwMDAx
MUUwQwYDVQQDEzxHbG9iYWxTaWduIERvbWFpbiBWYWxpZGF0aW9uIENBIC0gU0hB
MjU2IC0gRzMgT0NTUCBSZXNwb25kZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQC/FsFl2fUyGZHz+wNMWBAqfDrjT004vd+j5yNlZDctJz+ytJkj9QEp
E6y85+8cjLW1sQuZqu1QArsWNbMSaLxN1LTmAdtGSk8XtPwznyld10VFEYfGv4Uk
pyx66KQeVNohiEOBtyWp4TVr9kAQLPnCUgtfNftHg0Q9rFmON+HWjcd8Uz1Q8oih
oG4A/6Z20FpVVe3rhBwptDmix0s2IPwQD+/t1l216mQD2HYO4ggDOUHhk9jBccTU
zAcC+dy03N4Jgqe7mg/GuBkfWO2KqQ2ghEWpaoR8yv4dzLJ6JsG+q14DoZ4s5zEG
p0c2WPv2VC0ixvCukGcWTTWSwXJNjZZVAgMBAAGjgccwgcQwHQYDVR0OBBYEFHLt
QLrYrvG6e5k+zQ/b77Jz9NGwMB8GA1UdIwQYMBaAFD2AgnnFSIKjwxLu35kPVzVI
ntDLMA8GCSsGAQUFBzABBQQCBQAwTAYDVR0gBEUwQzBBBgkrBgEEAaAyAV8wNDAy
BggrBgEFBQcCARYmaHR0cHM6Ly93d3cuZ2xvYmFsc2lnbi5jb20vcmVwb3NpdG9y
eS8wDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA0GCSqGSIb3
DQEBCwUAA4IBAQAMIXBtvIoeBPBeAVDZM0lEBsyADXQG/JeSnNMA+Llex1JNhcKv
32G23deLr91eZoDSgQgMzjIYpbNzNzZV0hpdBTKplD2Mi0I12ivfS2JwQdn05qvr
kAe0eqW2CfC2vOh0TfuywyLkHgLe9wBi96+Ck5QWcvFnX9pdinbn4zDCK7/xL+3G
nAf5Hs8jKUMOPkwJRezToE5ljSmEldQcAsjXFyKOWEYq9rmilbR/j2dTOSDOjGxN
Zf50lIRo3PYvGS/k1DCGsuYChENNcJkB3R+rpb7//HPoCvofGr98FpzRDyh07MZc
PqkPQwke3m0q38TeLxlB+BaKiHn30GXRDnP4
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [public, no-transform, must-revalidate]
Cf-Cache-Status: [MISS]
Cf-Ray: [357aa27d7336183a-EWR]
Content-Length: [1596]
Content-Type: [application/ocsp-response]
Date: [Sun, 30 Apr 2017 12:51:50 GMT]
Etag: ["ae95b563cd80d2257ea9878a3252633aaa52dcb8"]
Expires: [Thu, 04 May 2017 12:51:50 GMT]
Last-Modified: [Sun, 30 Apr 2017 12:51:50 GMT]
Server: [cloudflare-nginx]
Set-Cookie: [__cfduid=d0f7af354df4c779d75204af676170acb1493556709; expires=Mon, 30-Apr-18 12:51:49 GMT; path=/; domain=.globalsign.com; HttpOnly]
Vary: [Accept-Encoding]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • OCSP response is valid for at least 8 hours (Microsoft)
  • OCSP response is available at least 8 hours before the current period expires or at ½ the validity if valid for more than 16 hours (Microsoft)
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)
This OCSP response was cached at
http://ocsp2.globalsign.com/gsdomainvalsha2g3 (GET)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp2.globalsign.com/gsdomainvalsha2g3 (GET)
Size: 1596 bytes (DER data)
Response time: 1.082108663s
Signature algorithm: SHA256WithRSA
Signature type: CA Deligated
Signed by: GlobalSign Domain Validation CA - SHA256 - G3 OCSP Responder
Issued by: GlobalSign Domain Validation CA - SHA256 - G3
Signing certificate validity: 2017-03-10 - 2017-06-10
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: cloudflare-nginx
Content Delivery Network (CDN): CloudFlare
Cache Information: HIT

URL used for GET request

http:/gsdomainvalsha2g3/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBTkJrHpDjzXcmq2v4rT7Ui1Pq8dzAQUPYCCecVIgqPDEu7fmQ9XNUie0MsCDE4p2Ik%2BCQM1%2BWeGeQ%3D%3D

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
ME0wSzBJMEcwRTAJBgUrDgMCGgUABBTkJrHpDjzXcmq2v4rT7Ui1Pq8dzAQUPYCC
ecVIgqPDEu7fmQ9XNUie0MsCDE4p2Ik+CQM1+WeGeQ==
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIGOAoBAKCCBjEwggYtBgkrBgEFBQcwAQEEggYeMIIGGjCBwKIWBBRy7UC62K7x
unuZPs0P2++yc/TRsBgPMjAxNzA0MzAxMjUxNTBaMIGUMIGRMEUwCQYFKw4DAhoF
AAQU5Cax6Q4813Jqtr+K0+1ItT6vHcwEFD2AgnnFSIKjwxLu35kPVzVIntDLAgxO
KdiJPgkDNflnhnmAABgPMjAxNzA0MzAxMjUxNTBaoBEYDzIwMTcwNTA0MTI1MTUw
WqEiMCAwHgYJKwYBBQUHMAEGBBEYDzIwMTYwNDMwMTI1MTUwWjANBgkqhkiG9w0B
AQsFAAOCAQEAamJWGvjllIgP1LEDURaExJiSF1a4BoqgsDRPjwkcKA/WXsZdIpd0
i9N8aNpSZb5lvhQsQAfN8RQlNj5tpG4cIABy5RzTeTXK4jHQM9OX1bc54pHC3cI/
wr2pUxkD/ihj8ddc/1H7L6qZTCkPcFtULZ+4zO/1CCjTgKWVwsjbt2he4AeIh233
0Bvs4B6gbHBcD2RdE981Gjs8wamTdeCR8IghDD1a7pvfPZsbJ0MnrWQw81oNVSGy
4x2D1ujorCbSY65v+Murkg5b+Sz2B1bjc6lKJnwQSjlXxsE52L8cnDmJ/FkGrj1Q
iomzXSDOZZfcXQXVOJKjCn87hnNnxzj80qCCBD8wggQ7MIIENzCCAx+gAwIBAgIM
D+A8SpfKhQYHSEq+MA0GCSqGSIb3DQEBCwUAMGAxCzAJBgNVBAYTAkJFMRkwFwYD
VQQKExBHbG9iYWxTaWduIG52LXNhMTYwNAYDVQQDEy1HbG9iYWxTaWduIERvbWFp
biBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0gRzMwHhcNMTcwMzEwMDg0MDE0WhcN
MTcwNjEwMDg0MDE0WjCBiDELMAkGA1UEBhMCU0cxGzAZBgNVBAoTEkdsb2JhbFNp
Z24gUHRlIEx0ZDEVMBMGA1UEBRMMMjAxNzAzMTAwMDAxMUUwQwYDVQQDEzxHbG9i
YWxTaWduIERvbWFpbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0gRzMgT0NTUCBS
ZXNwb25kZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/FsFl2fUy
GZHz+wNMWBAqfDrjT004vd+j5yNlZDctJz+ytJkj9QEpE6y85+8cjLW1sQuZqu1Q
ArsWNbMSaLxN1LTmAdtGSk8XtPwznyld10VFEYfGv4Ukpyx66KQeVNohiEOBtyWp
4TVr9kAQLPnCUgtfNftHg0Q9rFmON+HWjcd8Uz1Q8oihoG4A/6Z20FpVVe3rhBwp
tDmix0s2IPwQD+/t1l216mQD2HYO4ggDOUHhk9jBccTUzAcC+dy03N4Jgqe7mg/G
uBkfWO2KqQ2ghEWpaoR8yv4dzLJ6JsG+q14DoZ4s5zEGp0c2WPv2VC0ixvCukGcW
TTWSwXJNjZZVAgMBAAGjgccwgcQwHQYDVR0OBBYEFHLtQLrYrvG6e5k+zQ/b77Jz
9NGwMB8GA1UdIwQYMBaAFD2AgnnFSIKjwxLu35kPVzVIntDLMA8GCSsGAQUFBzAB
BQQCBQAwTAYDVR0gBEUwQzBBBgkrBgEEAaAyAV8wNDAyBggrBgEFBQcCARYmaHR0
cHM6Ly93d3cuZ2xvYmFsc2lnbi5jb20vcmVwb3NpdG9yeS8wDgYDVR0PAQH/BAQD
AgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA0GCSqGSIb3DQEBCwUAA4IBAQAMIXBt
vIoeBPBeAVDZM0lEBsyADXQG/JeSnNMA+Llex1JNhcKv32G23deLr91eZoDSgQgM
zjIYpbNzNzZV0hpdBTKplD2Mi0I12ivfS2JwQdn05qvrkAe0eqW2CfC2vOh0Tfuy
wyLkHgLe9wBi96+Ck5QWcvFnX9pdinbn4zDCK7/xL+3GnAf5Hs8jKUMOPkwJRezT
oE5ljSmEldQcAsjXFyKOWEYq9rmilbR/j2dTOSDOjGxNZf50lIRo3PYvGS/k1DCG
suYChENNcJkB3R+rpb7//HPoCvofGr98FpzRDyh07MZcPqkPQwke3m0q38TeLxlB
+BaKiHn30GXRDnP4
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIENzCCAx+gAwIBAgIMD+A8SpfKhQYHSEq+MA0GCSqGSIb3DQEBCwUAMGAxCzAJ
BgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTYwNAYDVQQDEy1H
bG9iYWxTaWduIERvbWFpbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0gRzMwHhcN
MTcwMzEwMDg0MDE0WhcNMTcwNjEwMDg0MDE0WjCBiDELMAkGA1UEBhMCU0cxGzAZ
BgNVBAoTEkdsb2JhbFNpZ24gUHRlIEx0ZDEVMBMGA1UEBRMMMjAxNzAzMTAwMDAx
MUUwQwYDVQQDEzxHbG9iYWxTaWduIERvbWFpbiBWYWxpZGF0aW9uIENBIC0gU0hB
MjU2IC0gRzMgT0NTUCBSZXNwb25kZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQC/FsFl2fUyGZHz+wNMWBAqfDrjT004vd+j5yNlZDctJz+ytJkj9QEp
E6y85+8cjLW1sQuZqu1QArsWNbMSaLxN1LTmAdtGSk8XtPwznyld10VFEYfGv4Uk
pyx66KQeVNohiEOBtyWp4TVr9kAQLPnCUgtfNftHg0Q9rFmON+HWjcd8Uz1Q8oih
oG4A/6Z20FpVVe3rhBwptDmix0s2IPwQD+/t1l216mQD2HYO4ggDOUHhk9jBccTU
zAcC+dy03N4Jgqe7mg/GuBkfWO2KqQ2ghEWpaoR8yv4dzLJ6JsG+q14DoZ4s5zEG
p0c2WPv2VC0ixvCukGcWTTWSwXJNjZZVAgMBAAGjgccwgcQwHQYDVR0OBBYEFHLt
QLrYrvG6e5k+zQ/b77Jz9NGwMB8GA1UdIwQYMBaAFD2AgnnFSIKjwxLu35kPVzVI
ntDLMA8GCSsGAQUFBzABBQQCBQAwTAYDVR0gBEUwQzBBBgkrBgEEAaAyAV8wNDAy
BggrBgEFBQcCARYmaHR0cHM6Ly93d3cuZ2xvYmFsc2lnbi5jb20vcmVwb3NpdG9y
eS8wDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA0GCSqGSIb3
DQEBCwUAA4IBAQAMIXBtvIoeBPBeAVDZM0lEBsyADXQG/JeSnNMA+Llex1JNhcKv
32G23deLr91eZoDSgQgMzjIYpbNzNzZV0hpdBTKplD2Mi0I12ivfS2JwQdn05qvr
kAe0eqW2CfC2vOh0TfuywyLkHgLe9wBi96+Ck5QWcvFnX9pdinbn4zDCK7/xL+3G
nAf5Hs8jKUMOPkwJRezToE5ljSmEldQcAsjXFyKOWEYq9rmilbR/j2dTOSDOjGxN
Zf50lIRo3PYvGS/k1DCGsuYChENNcJkB3R+rpb7//HPoCvofGr98FpzRDyh07MZc
PqkPQwke3m0q38TeLxlB+BaKiHn30GXRDnP4
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [public, no-transform, must-revalidate]
Cf-Cache-Status: [HIT]
Cf-Ray: [357aa27d820d186a-EWR]
Content-Length: [1596]
Content-Type: [application/ocsp-response]
Date: [Sun, 30 Apr 2017 12:51:51 GMT]
Etag: ["ae95b563cd80d2257ea9878a3252633aaa52dcb8"]
Expires: [Thu, 04 May 2017 12:51:50 GMT]
Last-Modified: [Sun, 30 Apr 2017 12:51:50 GMT]
Server: [cloudflare-nginx]
Set-Cookie: [__cfduid=dc3ae860e17080f93b7f0866daed08d9d1493556710; expires=Mon, 30-Apr-18 12:51:50 GMT; path=/; domain=.globalsign.com; HttpOnly]
Vary: [Accept-Encoding]
  • OCSP requests is smaller than 255 bytes
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • OCSP response is valid for at least 8 hours (Microsoft)
  • OCSP response is available at least 8 hours before the current period expires or at ½ the validity if valid for more than 16 hours (Microsoft)
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

GlobalSign Domain Validation CA - SHA256 - G3 (CA Certificate)

Certificate details for GlobalSign Domain Validation CA - SHA256 - G3 (At position 1 in certificate chain)
Serial number:
hex: 4707b100f41822434ec05b8c7b7f
int: 1440660458996309441122145202371455
Issued by: GlobalSign Root CA
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: GlobalSign nv-sa
Country: BE
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

This certificate contains no information about authoritative CRL(s) or OCSP servers

Check the revocation status for another website

Created by Paul van Brouwershaven
Revoked certificates can't and should not be trusted, these certificate will cause errors like "NET::ERR_CERT_REVOKED" in browsers.