CRL & OCSP report for www.marykay.com.tw (Mary Kay Inc.)

www.marykay.com.tw

Certificate details for www.marykay.com.tw (At position 0 in certificate chain)
Serial number:
hex: 4c204c63
int: 1277185123
Issued by: Entrust Certification Authority - L1E
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Company registration number: 2154790
Organization: Mary Kay Inc.
Organization unit: IST
State / Province: Texas
Locality: Addison
Country: US
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

Check certificate compliance for www.marykay.com.tw.

Certificate Revocation List (CRL)

This CRL was cached at
http://crl.entrust.net/level1e.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://crl.entrust.net/level1e.crl
Size: 988 bytes (DER data)
Response time: 90.097066ms
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 10

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Content Delivery Network (CDN): Akamai
Cache Information: TCP_MEM_HIT from a204-2-193-142.deploy.akamaitechnologies.com (AkamaiGHost/8.3.2-19674918) (-)

Raw CRL response headers

Accept-Ranges: [bytes]
Cache-Control: [no-cache]
Content-Length: [988]
Content-Type: [application/x-pkcs7-crl]
Date: [Fri, 28 Apr 2017 00:32:27 GMT]
Expires: [Fri, 28 Apr 2017 00:32:27 GMT]
Last-Modified: [Fri, 28 Apr 2017 00:00:02 GMT]
Pragma: [no-cache]
X-Cache: [TCP_MEM_HIT from a204-2-193-142.deploy.akamaitechnologies.com (AkamaiGHost/8.3.2-19674918) (-)]
X-Frame-Options: [DENY]
  • Content-Type in response is set 'application/x-pkcs7-crl' and should be replaced with 'application/pkix-crl' (RFC 5280, section 4.2.1.13)
  • This CRL file is DER encoded
  • Issuer field is byte-for-byte equivalent with issuers subject
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than seven days old, CRLs must be updated and reissued at least every seven days (Mozilla Maintenance Policy section 3)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is not the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is not the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://ocsp.entrust.net (POST)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp.entrust.net (POST)
Size: 1939 bytes (DER data)
Response time: 60.9292ms
Signature algorithm: SHA1WithRSA
Signature type: CA Deligated
Signed by: Entrust Validation Authority
Issued by: Entrust Certification Authority - L1E
Signing certificate validity: 2015-06-29 - 2018-06-29
Signing certificate algorithm: SHA1-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 1h0m0s

Server and network information

Content Delivery Network (CDN): Akamai
Cache Information: TCP_MISS from a23-217-200-69.deploy.akamaitechnologies.com (AkamaiGHost/8.3.2.1-19774280) (-)

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MEUwQzBBMD8wPTAJBgUrDgMCGgUABBSibb/xv9lph7oCC99XjpqWXu4cjgQUW0GK
ssRDwb2/yFRBVZ3glq3/uaECBEwgTGM=
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIHjwoBAKCCB4gwggeEBgkrBgEFBQcwAQEEggd1MIIHcTCCAVihgdswgdgxCzAJ
BgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMTkwNwYDVQQLEzB3d3cu
ZW50cnVzdC5uZXQvcnBhIGlzIGluY29ycG9yYXRlZCBieSByZWZlcmVuY2UxHzAd
BgNVBAsTFihjKSAyMDA5IEVudHJ1c3QsIEluYy4xLjAsBgNVBAMTJUVudHJ1c3Qg
Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBMMUUxJTAjBgNVBAMTHEVudHJ1c3Qg
VmFsaWRhdGlvbiBBdXRob3JpdHkYDzIwMTcwNDI3MjIxMzE5WjBnMGUwPTAJBgUr
DgMCGgUABBSibb/xv9lph7oCC99XjpqWXu4cjgQUW0GKssRDwb2/yFRBVZ3glq3/
uaECBEwgTGOAABgPMjAxNzA0MjcxMjE3MTdaoBEYDzIwMTcwNTA0MjIxMzE5WjAN
BgkqhkiG9w0BAQUFAAOCAQEAtUeBK8+ozD3LwWzCMTKUngpRRh7yZb9KLkMcsKdE
jdpk1XElmyiDXBQfM5HKY5g9O8oY0I/2Qvs1X8wqaHbW3EowPo3yPge0oiP1a4p2
KkKZKlSLKyZZ6qXhzWohoxsV8OzYQ+GLKmooh6QdwMMmNZsR4v4HXg/50m2wEYWw
8x9MaNUWjwyTc59q6I5dLCDp7ehRxAPj/rRXWOEJU6r6PJqS2EY/G8a+XjXJddUm
8AXm7iMiLjUKJiRDn5AmEGso8jBEwexLBsa/uoTGEeXJAuIOZluE7oG8orVgraqO
m9FYbo9UXhbnTcQFWVJukkcXioaLuunbMMv8d9K13W7pLKCCBP0wggT5MIIE9TCC
A92gAwIBAgIETCF72zANBgkqhkiG9w0BAQUFADCBsTELMAkGA1UEBhMCVVMxFjAU
BgNVBAoTDUVudHJ1c3QsIEluYy4xOTA3BgNVBAsTMHd3dy5lbnRydXN0Lm5ldC9y
cGEgaXMgaW5jb3Jwb3JhdGVkIGJ5IHJlZmVyZW5jZTEfMB0GA1UECxMWKGMpIDIw
MDkgRW50cnVzdCwgSW5jLjEuMCwGA1UEAxMlRW50cnVzdCBDZXJ0aWZpY2F0aW9u
IEF1dGhvcml0eSAtIEwxRTAeFw0xNTA2MjkxMjMyNTNaFw0xODA2MjkyMTI5MDha
MIHYMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNRW50cnVzdCwgSW5jLjE5MDcGA1UE
CxMwd3d3LmVudHJ1c3QubmV0L3JwYSBpcyBpbmNvcnBvcmF0ZWQgYnkgcmVmZXJl
bmNlMR8wHQYDVQQLExYoYykgMjAwOSBFbnRydXN0LCBJbmMuMS4wLAYDVQQDEyVF
bnRydXN0IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gTDFFMSUwIwYDVQQDExxF
bnRydXN0IFZhbGlkYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAydqJVenrg9VMqV5B4iJAbalp0DfqQaTUJXu3G5+h6rXjkj+Z
PpXv7QimlUzYDgsvmXYNUapOwBAJGKUXWttnKdznQUDdddOiem9p2TjDLrkP2Uw+
bYQ2jmisO1teqWscWFzIGuSL3or591V52XHv64ll4ALvZkJfNqhUpzbCAgUVk7Mi
8VmJySIemHy0gYzcRIkqnYl+jrh89c+a2hNXYZRkyqq5wBQPb+z9KU5holP/Y9e6
UYaiDoDgH5cmRcGerBiYeb/bSOXV1IYcDmbj2OOsx8G5WEhgHQN48VsyMc4xLMcj
F1GcZ4OZyGcEv8Hu8t51/9uC/w5EzOSYXgOkMwIDAQABo4HrMIHoMAsGA1UdDwQE
AwIHgDATBgNVHSUEDDAKBggrBgEFBQcDCTAPBgkrBgEFBQcwAQUEAgUAMDMGCCsG
AQUFBwEBBCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZW50cnVzdC5uZXQw
MwYDVR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5lbnRydXN0Lm5ldC9sZXZlbDFl
LmNybDAfBgNVHSMEGDAWgBRbQYqyxEPBvb/IVEFVneCWrf+5oTAdBgNVHQ4EFgQU
1QIEttegqC2zvRIlq1LU0eWWjcQwCQYDVR0TBAIwADANBgkqhkiG9w0BAQUFAAOC
AQEATlfSfSx2zp0khoOxt+tMuWjPL9vgmCvSGQvu06SVwmCSsORHW+S9bwDob9qH
CLrM2Sd0piMgEq3fcElEk7ijF+qTuAXuf0Fll0eAVoT98+AREWpqmGE6xIc73KKC
b/omx76WfWOkKm22tJclUCjVQgCRrzonsruVelvGs8yMju+u5y0KtnST4Y/rlpes
OmJFkIinJM5GT/poCuyl+OgK1WZ/BEnaN4hoL0BH8V8LjbKIvvgCs1VezQB7V+vg
BLBhep8350EGAvOdnMfoRPMgl+JI6qXOYCMSVGiEAtz38kRxKV8+5lWPaoplvE6z
0Dq2Jc3BORxCjzj/uK5sQ0V2UA==
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIE9TCCA92gAwIBAgIETCF72zANBgkqhkiG9w0BAQUFADCBsTELMAkGA1UEBhMC
VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xOTA3BgNVBAsTMHd3dy5lbnRydXN0
Lm5ldC9ycGEgaXMgaW5jb3Jwb3JhdGVkIGJ5IHJlZmVyZW5jZTEfMB0GA1UECxMW
KGMpIDIwMDkgRW50cnVzdCwgSW5jLjEuMCwGA1UEAxMlRW50cnVzdCBDZXJ0aWZp
Y2F0aW9uIEF1dGhvcml0eSAtIEwxRTAeFw0xNTA2MjkxMjMyNTNaFw0xODA2Mjky
MTI5MDhaMIHYMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNRW50cnVzdCwgSW5jLjE5
MDcGA1UECxMwd3d3LmVudHJ1c3QubmV0L3JwYSBpcyBpbmNvcnBvcmF0ZWQgYnkg
cmVmZXJlbmNlMR8wHQYDVQQLExYoYykgMjAwOSBFbnRydXN0LCBJbmMuMS4wLAYD
VQQDEyVFbnRydXN0IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gTDFFMSUwIwYD
VQQDExxFbnRydXN0IFZhbGlkYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEAydqJVenrg9VMqV5B4iJAbalp0DfqQaTUJXu3G5+h
6rXjkj+ZPpXv7QimlUzYDgsvmXYNUapOwBAJGKUXWttnKdznQUDdddOiem9p2TjD
LrkP2Uw+bYQ2jmisO1teqWscWFzIGuSL3or591V52XHv64ll4ALvZkJfNqhUpzbC
AgUVk7Mi8VmJySIemHy0gYzcRIkqnYl+jrh89c+a2hNXYZRkyqq5wBQPb+z9KU5h
olP/Y9e6UYaiDoDgH5cmRcGerBiYeb/bSOXV1IYcDmbj2OOsx8G5WEhgHQN48Vsy
Mc4xLMcjF1GcZ4OZyGcEv8Hu8t51/9uC/w5EzOSYXgOkMwIDAQABo4HrMIHoMAsG
A1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDCTAPBgkrBgEFBQcwAQUEAgUA
MDMGCCsGAQUFBwEBBCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZW50cnVz
dC5uZXQwMwYDVR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5lbnRydXN0Lm5ldC9s
ZXZlbDFlLmNybDAfBgNVHSMEGDAWgBRbQYqyxEPBvb/IVEFVneCWrf+5oTAdBgNV
HQ4EFgQU1QIEttegqC2zvRIlq1LU0eWWjcQwCQYDVR0TBAIwADANBgkqhkiG9w0B
AQUFAAOCAQEATlfSfSx2zp0khoOxt+tMuWjPL9vgmCvSGQvu06SVwmCSsORHW+S9
bwDob9qHCLrM2Sd0piMgEq3fcElEk7ijF+qTuAXuf0Fll0eAVoT98+AREWpqmGE6
xIc73KKCb/omx76WfWOkKm22tJclUCjVQgCRrzonsruVelvGs8yMju+u5y0KtnST
4Y/rlpesOmJFkIinJM5GT/poCuyl+OgK1WZ/BEnaN4hoL0BH8V8LjbKIvvgCs1Ve
zQB7V+vgBLBhep8350EGAvOdnMfoRPMgl+JI6qXOYCMSVGiEAtz38kRxKV8+5lWP
aoplvE6z0Dq2Jc3BORxCjzj/uK5sQ0V2UA==
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [public, no-transform, must-revalidate, max-age=3600]
Content-Length: [1939]
Content-Transfer-Encoding: [Binary]
Content-Type: [application/ocsp-response]
Date: [Fri, 28 Apr 2017 00:32:27 GMT]
Etag: ["8445D9E5490D3D37F94A9440D8E5C8DD58B21440"]
Expires: [Fri, 28 Apr 2017 01:32:27 GMT]
Last-Modified: [Thu, 27 Apr 2017 22:13:19 GMT]
X-Cache: [TCP_MISS from a23-217-200-69.deploy.akamaitechnologies.com (AkamaiGHost/8.3.2.1-19774280) (-)]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • OCSP response is valid for at least 8 hours (Microsoft)
  • OCSP response is available at least 8 hours before the current period expires or at ½ the validity if valid for more than 16 hours (Microsoft)
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is not the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is not the same as the NextUpdate field (RFC 5019 section 6.2)
This OCSP response was cached at
http://ocsp.entrust.net (GET)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp.entrust.net (GET)
Size: 1939 bytes (DER data)
Response time: 94.338485ms
Signature algorithm: SHA1WithRSA
Signature type: CA Deligated
Signed by: Entrust Validation Authority
Issued by: Entrust Certification Authority - L1E
Signing certificate validity: 2015-06-29 - 2018-06-29
Signing certificate algorithm: SHA1-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 1h0m0s

Server and network information

Content Delivery Network (CDN): Akamai
Cache Information: TCP_MISS from a23-217-200-39.deploy.akamaitechnologies.com (AkamaiGHost/8.3.2.1-19774280) (-)

URL used for GET request

http:/MEUwQzBBMD8wPTAJBgUrDgMCGgUABBSibb%2Fxv9lph7oCC99XjpqWXu4cjgQUW0GKssRDwb2%2FyFRBVZ3glq3%2FuaECBEwgTGM%3D

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MEUwQzBBMD8wPTAJBgUrDgMCGgUABBSibb/xv9lph7oCC99XjpqWXu4cjgQUW0GK
ssRDwb2/yFRBVZ3glq3/uaECBEwgTGM=
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIHjwoBAKCCB4gwggeEBgkrBgEFBQcwAQEEggd1MIIHcTCCAVihgdswgdgxCzAJ
BgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMTkwNwYDVQQLEzB3d3cu
ZW50cnVzdC5uZXQvcnBhIGlzIGluY29ycG9yYXRlZCBieSByZWZlcmVuY2UxHzAd
BgNVBAsTFihjKSAyMDA5IEVudHJ1c3QsIEluYy4xLjAsBgNVBAMTJUVudHJ1c3Qg
Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBMMUUxJTAjBgNVBAMTHEVudHJ1c3Qg
VmFsaWRhdGlvbiBBdXRob3JpdHkYDzIwMTcwNDI3MjIxMzE5WjBnMGUwPTAJBgUr
DgMCGgUABBSibb/xv9lph7oCC99XjpqWXu4cjgQUW0GKssRDwb2/yFRBVZ3glq3/
uaECBEwgTGOAABgPMjAxNzA0MjcxMjE3MTdaoBEYDzIwMTcwNTA0MjIxMzE5WjAN
BgkqhkiG9w0BAQUFAAOCAQEAtUeBK8+ozD3LwWzCMTKUngpRRh7yZb9KLkMcsKdE
jdpk1XElmyiDXBQfM5HKY5g9O8oY0I/2Qvs1X8wqaHbW3EowPo3yPge0oiP1a4p2
KkKZKlSLKyZZ6qXhzWohoxsV8OzYQ+GLKmooh6QdwMMmNZsR4v4HXg/50m2wEYWw
8x9MaNUWjwyTc59q6I5dLCDp7ehRxAPj/rRXWOEJU6r6PJqS2EY/G8a+XjXJddUm
8AXm7iMiLjUKJiRDn5AmEGso8jBEwexLBsa/uoTGEeXJAuIOZluE7oG8orVgraqO
m9FYbo9UXhbnTcQFWVJukkcXioaLuunbMMv8d9K13W7pLKCCBP0wggT5MIIE9TCC
A92gAwIBAgIETCF72zANBgkqhkiG9w0BAQUFADCBsTELMAkGA1UEBhMCVVMxFjAU
BgNVBAoTDUVudHJ1c3QsIEluYy4xOTA3BgNVBAsTMHd3dy5lbnRydXN0Lm5ldC9y
cGEgaXMgaW5jb3Jwb3JhdGVkIGJ5IHJlZmVyZW5jZTEfMB0GA1UECxMWKGMpIDIw
MDkgRW50cnVzdCwgSW5jLjEuMCwGA1UEAxMlRW50cnVzdCBDZXJ0aWZpY2F0aW9u
IEF1dGhvcml0eSAtIEwxRTAeFw0xNTA2MjkxMjMyNTNaFw0xODA2MjkyMTI5MDha
MIHYMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNRW50cnVzdCwgSW5jLjE5MDcGA1UE
CxMwd3d3LmVudHJ1c3QubmV0L3JwYSBpcyBpbmNvcnBvcmF0ZWQgYnkgcmVmZXJl
bmNlMR8wHQYDVQQLExYoYykgMjAwOSBFbnRydXN0LCBJbmMuMS4wLAYDVQQDEyVF
bnRydXN0IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gTDFFMSUwIwYDVQQDExxF
bnRydXN0IFZhbGlkYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAydqJVenrg9VMqV5B4iJAbalp0DfqQaTUJXu3G5+h6rXjkj+Z
PpXv7QimlUzYDgsvmXYNUapOwBAJGKUXWttnKdznQUDdddOiem9p2TjDLrkP2Uw+
bYQ2jmisO1teqWscWFzIGuSL3or591V52XHv64ll4ALvZkJfNqhUpzbCAgUVk7Mi
8VmJySIemHy0gYzcRIkqnYl+jrh89c+a2hNXYZRkyqq5wBQPb+z9KU5holP/Y9e6
UYaiDoDgH5cmRcGerBiYeb/bSOXV1IYcDmbj2OOsx8G5WEhgHQN48VsyMc4xLMcj
F1GcZ4OZyGcEv8Hu8t51/9uC/w5EzOSYXgOkMwIDAQABo4HrMIHoMAsGA1UdDwQE
AwIHgDATBgNVHSUEDDAKBggrBgEFBQcDCTAPBgkrBgEFBQcwAQUEAgUAMDMGCCsG
AQUFBwEBBCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZW50cnVzdC5uZXQw
MwYDVR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5lbnRydXN0Lm5ldC9sZXZlbDFl
LmNybDAfBgNVHSMEGDAWgBRbQYqyxEPBvb/IVEFVneCWrf+5oTAdBgNVHQ4EFgQU
1QIEttegqC2zvRIlq1LU0eWWjcQwCQYDVR0TBAIwADANBgkqhkiG9w0BAQUFAAOC
AQEATlfSfSx2zp0khoOxt+tMuWjPL9vgmCvSGQvu06SVwmCSsORHW+S9bwDob9qH
CLrM2Sd0piMgEq3fcElEk7ijF+qTuAXuf0Fll0eAVoT98+AREWpqmGE6xIc73KKC
b/omx76WfWOkKm22tJclUCjVQgCRrzonsruVelvGs8yMju+u5y0KtnST4Y/rlpes
OmJFkIinJM5GT/poCuyl+OgK1WZ/BEnaN4hoL0BH8V8LjbKIvvgCs1VezQB7V+vg
BLBhep8350EGAvOdnMfoRPMgl+JI6qXOYCMSVGiEAtz38kRxKV8+5lWPaoplvE6z
0Dq2Jc3BORxCjzj/uK5sQ0V2UA==
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIE9TCCA92gAwIBAgIETCF72zANBgkqhkiG9w0BAQUFADCBsTELMAkGA1UEBhMC
VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xOTA3BgNVBAsTMHd3dy5lbnRydXN0
Lm5ldC9ycGEgaXMgaW5jb3Jwb3JhdGVkIGJ5IHJlZmVyZW5jZTEfMB0GA1UECxMW
KGMpIDIwMDkgRW50cnVzdCwgSW5jLjEuMCwGA1UEAxMlRW50cnVzdCBDZXJ0aWZp
Y2F0aW9uIEF1dGhvcml0eSAtIEwxRTAeFw0xNTA2MjkxMjMyNTNaFw0xODA2Mjky
MTI5MDhaMIHYMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNRW50cnVzdCwgSW5jLjE5
MDcGA1UECxMwd3d3LmVudHJ1c3QubmV0L3JwYSBpcyBpbmNvcnBvcmF0ZWQgYnkg
cmVmZXJlbmNlMR8wHQYDVQQLExYoYykgMjAwOSBFbnRydXN0LCBJbmMuMS4wLAYD
VQQDEyVFbnRydXN0IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gTDFFMSUwIwYD
VQQDExxFbnRydXN0IFZhbGlkYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEAydqJVenrg9VMqV5B4iJAbalp0DfqQaTUJXu3G5+h
6rXjkj+ZPpXv7QimlUzYDgsvmXYNUapOwBAJGKUXWttnKdznQUDdddOiem9p2TjD
LrkP2Uw+bYQ2jmisO1teqWscWFzIGuSL3or591V52XHv64ll4ALvZkJfNqhUpzbC
AgUVk7Mi8VmJySIemHy0gYzcRIkqnYl+jrh89c+a2hNXYZRkyqq5wBQPb+z9KU5h
olP/Y9e6UYaiDoDgH5cmRcGerBiYeb/bSOXV1IYcDmbj2OOsx8G5WEhgHQN48Vsy
Mc4xLMcjF1GcZ4OZyGcEv8Hu8t51/9uC/w5EzOSYXgOkMwIDAQABo4HrMIHoMAsG
A1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDCTAPBgkrBgEFBQcwAQUEAgUA
MDMGCCsGAQUFBwEBBCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZW50cnVz
dC5uZXQwMwYDVR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5lbnRydXN0Lm5ldC9s
ZXZlbDFlLmNybDAfBgNVHSMEGDAWgBRbQYqyxEPBvb/IVEFVneCWrf+5oTAdBgNV
HQ4EFgQU1QIEttegqC2zvRIlq1LU0eWWjcQwCQYDVR0TBAIwADANBgkqhkiG9w0B
AQUFAAOCAQEATlfSfSx2zp0khoOxt+tMuWjPL9vgmCvSGQvu06SVwmCSsORHW+S9
bwDob9qHCLrM2Sd0piMgEq3fcElEk7ijF+qTuAXuf0Fll0eAVoT98+AREWpqmGE6
xIc73KKCb/omx76WfWOkKm22tJclUCjVQgCRrzonsruVelvGs8yMju+u5y0KtnST
4Y/rlpesOmJFkIinJM5GT/poCuyl+OgK1WZ/BEnaN4hoL0BH8V8LjbKIvvgCs1Ve
zQB7V+vgBLBhep8350EGAvOdnMfoRPMgl+JI6qXOYCMSVGiEAtz38kRxKV8+5lWP
aoplvE6z0Dq2Jc3BORxCjzj/uK5sQ0V2UA==
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [public, no-transform, must-revalidate, max-age=3600]
Content-Length: [1939]
Content-Transfer-Encoding: [Binary]
Content-Type: [application/ocsp-response]
Date: [Fri, 28 Apr 2017 00:32:27 GMT]
Etag: ["8445D9E5490D3D37F94A9440D8E5C8DD58B21440"]
Expires: [Fri, 28 Apr 2017 01:32:27 GMT]
Last-Modified: [Thu, 27 Apr 2017 22:13:19 GMT]
X-Cache: [TCP_MISS from a23-217-200-39.deploy.akamaitechnologies.com (AkamaiGHost/8.3.2.1-19774280) (-)]
  • OCSP requests is smaller than 255 bytes
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • OCSP response is valid for at least 8 hours (Microsoft)
  • OCSP response is available at least 8 hours before the current period expires or at ½ the validity if valid for more than 16 hours (Microsoft)
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is not the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is not the same as the NextUpdate field (RFC 5019 section 6.2)

Entrust Certification Authority - L1E (CA Certificate)

Certificate details for Entrust Certification Authority - L1E (At position 1 in certificate chain)
Serial number:
hex: 456b9adc
int: 1164679900
Issued by: Entrust Root Certification Authority
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: Entrust, Inc.
Organization unit: www.entrust.net/rpa is incorporated by reference
Organization unit: (c) 2009 Entrust, Inc.
Country: US
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

This certificate contains no information about authoritative CRL(s) or OCSP servers

Check the revocation status for another website

Created by Paul van Brouwershaven
Revoked certificates can't and should not be trusted, these certificate will cause errors like "NET::ERR_CERT_REVOKED" in browsers.