CRL & OCSP report for ssl6490.cloudflare.com (CloudFlare, Inc.)

ssl6490.cloudflare.com

Certificate details for ssl6490.cloudflare.com (At position 0 in certificate chain)
Serial number:
hex: 11213e3acfa927eaebdef014979e0ff87f4e
int: 1492220896449132323429720017763629086048078
Issued by: GlobalSign Organization Validation CA - G2
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: CloudFlare, Inc.
State / Province: CA
Locality: San Francisco
Country: US
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

Check certificate compliance for ssl6490.cloudflare.com.

Certificate Revocation List (CRL)

This CRL was cached at
http://crl.globalsign.com/gs/gsorganizationvalg2.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://crl.globalsign.com/gs/gsorganizationvalg2.crl
Size: 2648686 bytes (DER data)
Response time: 109.215379ms
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 71573

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: cloudflare-nginx
Content Delivery Network (CDN): CloudFlare, CloudFront
Cache Information: HIT, Miss from cloudfront

Raw CRL response headers

Accept-Ranges: [bytes]
Cache-Control: [public, no-transform, must-revalidate]
Cf-Cache-Status: [HIT]
Cf-Ray: [3761d1c0e0ed0edf-EWR]
Content-Length: [2648686]
Content-Type: [application/pkix-crl]
Date: [Wed, 28 Jun 2017 15:53:31 GMT]
Etag: [01566E]
Expires: [Wed, 05 Jul 2017 08:05:47 GMT]
Last-Modified: [Wed, 28 Jun 2017 08:05:47 GMT]
Server: [cloudflare-nginx]
Set-Cookie: [__cfduid=d0f52f43765fe1fbea5efca5836d139641498665211; expires=Thu, 28-Jun-18 15:53:31 GMT; path=/; domain=.globalsign.com; HttpOnly]
Vary: [Accept-Encoding]
Via: [1.1 ac094a1c1bf8cbfbb98e93fa2b2431c0.cloudfront.net (CloudFront)]
X-Amz-Cf-Id: [5mS64fX5Qhp1a2-Zxqbbk5HwIBKWO_LxuHD2INsoaDEIhVwAm5zObg==]
X-Cache: [Miss from cloudfront]
  • Content-Type in response is set to 'application/pkix-crl (RFC 5280, section 4.2.1.13)'
  • This CRL file is DER encoded
  • Issuer field is byte-for-byte equivalent with issuers subject
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than seven days old, CRLs must be updated and reissued at least every seven days (Mozilla Maintenance Policy section 3)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://ocsp2.globalsign.com/gsorganizationvalg2 (GET)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp2.globalsign.com/gsorganizationvalg2 (GET)
Size: 1594 bytes (DER data)
Response time: 401.430135ms
Signature algorithm: SHA256WithRSA
Signature type: CA Delegated
Signed by: GlobalSign Organization Validation CA - G2 OCSP Responder
Issued by: GlobalSign Organization Validation CA - G2
Signing certificate validity: 2017-04-07 - 2017-07-15
Signing certificate algorithm: SHA1-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: cloudflare-nginx
Content Delivery Network (CDN): CloudFlare
Cache Information: MISS

URL used for GET request

http://ocsp2.globalsign.com/gsorganizationvalg2/MFMwUTBPME0wSzAJBgUrDgMCGgUABBReGXQV%2FtqUV3SNMRE%2Bs25eR%2FvhjwQUXUayjcRLdBy77fVztjq3OI91nn4CEhEhPjrPqSfq697wFJeeD%2Fh%2FTg%3D%3D

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFMwUTBPME0wSzAJBgUrDgMCGgUABBReGXQV/tqUV3SNMRE+s25eR/vhjwQUXUay
jcRLdBy77fVztjq3OI91nn4CEhEhPjrPqSfq697wFJeeD/h/Tg==
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIGNgoBAKCCBi8wggYrBgkrBgEFBQcwAQEEggYcMIIGGDCBxqIWBBSEcGYA2z5x
eMLH53proefAGmx9mRgPMjAxNzA2MjgxNTUzMzFaMIGaMIGXMEswCQYFKw4DAhoF
AAQUXhl0Ff7alFd0jTERPrNuXkf74Y8EFF1Gso3ES3Qcu+31c7Y6tziPdZ5+AhIR
IT46z6kn6uve8BSXng/4f06AABgPMjAxNzA2MjgxNTUzMzFaoBEYDzIwMTcwNzAy
MTU1MzMxWqEiMCAwHgYJKwYBBQUHMAEGBBEYDzIwMTYwNjI4MTU1MzMxWjANBgkq
hkiG9w0BAQsFAAOCAQEAALPCUtQKRWyXs//84MSQL9C08odmDlw40PwxkCLsqoeR
KnAdOmkhtDzxBAXprCHobUP34OAosYOd9H3yLwF/HbHimSeog/LKT0TdHwlafrWc
Ip17j1KHEwhQ8aWSn9WIIEfJa3Ddhu+Y9Wzfj9wsgefJrSIQNsxb36v/bNZ/QoPQ
0mn2dD0PwvOTv3b/eX4eY2YSru3c/dQr34pSajO7CRQso5q/zod8OyqHUtw8BKeP
kSw2SdG3b+Jwa60RtOoZY6ByukedAruv8ncDP4gqTbIst8Pe4jndDab29d7pylZV
cvVN787KjqygUnQGpPLOuE/FN+I+D1qp5YFH8kghJaCCBDcwggQzMIIELzCCAxeg
AwIBAgIMBmp15hAQH3jyVmJBMA0GCSqGSIb3DQEBBQUAMF0xCzAJBgNVBAYTAkJF
MRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTMwMQYDVQQDEypHbG9iYWxTaWdu
IE9yZ2FuaXphdGlvbiBWYWxpZGF0aW9uIENBIC0gRzIwHhcNMTcwNDA3MDAwMDAw
WhcNMTcwNzE1MDAwMDAwWjCBgzELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2Jh
bFNpZ24gbnYtc2ExFTATBgNVBAUTDDIwMTYxMjA3MTYyMzFCMEAGA1UEAxM5R2xv
YmFsU2lnbiBPcmdhbml6YXRpb24gVmFsaWRhdGlvbiBDQSAtIEcyIE9DU1AgUmVz
cG9uZGVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoN0dB5KdRul2
ktthbbyRInzSy16NsZYA9ncN2WTnRMbSbbutfNV7/Y6HyUNRHeeZk4SIWNO6ysmv
Ohp8rcnhrit50unEygHCjApBRFYvbJiO2en6A/M84wRMqgfABQj5WKnTr7+mo+kh
JpajhV24i7UXff9NsdTz0kXxcZuclL7tchZuCrE+7N+t8xsPmkh7aU3XiZXVZqQn
IKkuT42sV1agpEV/5Fl24/z3JUSHCC5TrFu/RO1qwxlsw1Rj2guiSISFOs5a+13y
yNfYJYCudAA4UHjbHNTPwoZVA5/5C2ce9BJsXNmKPen5/bkGpV4ELWYXTNEXXkO/
UAEd9rWBJwIDAQABo4HHMIHEMB0GA1UdDgQWBBSEcGYA2z5xeMLH53proefAGmx9
mTAfBgNVHSMEGDAWgBRdRrKNxEt0HLvt9XO2Orc4j3WefjAPBgkrBgEFBQcwAQUE
AgUAMEwGA1UdIARFMEMwQQYJKwYBBAGgMgFfMDQwMgYIKwYBBQUHAgEWJmh0dHBz
Oi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMA4GA1UdDwEB/wQEAwIH
gDATBgNVHSUEDDAKBggrBgEFBQcDCTANBgkqhkiG9w0BAQUFAAOCAQEAZ8yGFEv1
9hjXwv0Cvca3yhgAjLhI2z8cI38sXhpFlbpwW/t07w5Mo0X9LNTwVmCH335gXudQ
9RoMWh5aE2kYYGtS6y1SmmdsquXAI79tkU6WYsMZV6kQ36HMWNHz1BvP0rFJWWmj
9HMRmnVv5XjyJIMWvGOsxd8q2WWbSGU9fImBztye28FsAFRc9ZrFk7dHsNWjrY7q
SIBeoRIyFUpQBh+UQQ+/iBPw1EyPTX81D2hqj3T0gMSWvpiLKB80rEguuPDNAfpG
fv4lHhcojHB1Awgo4AyttkrrOCTYnUP2s7Dv1YSTCKPweV21bFIWYT2Rg3Q1uDwE
NFdxfgqdoPvumA==
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIELzCCAxegAwIBAgIMBmp15hAQH3jyVmJBMA0GCSqGSIb3DQEBBQUAMF0xCzAJ
BgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTMwMQYDVQQDEypH
bG9iYWxTaWduIE9yZ2FuaXphdGlvbiBWYWxpZGF0aW9uIENBIC0gRzIwHhcNMTcw
NDA3MDAwMDAwWhcNMTcwNzE1MDAwMDAwWjCBgzELMAkGA1UEBhMCQkUxGTAXBgNV
BAoTEEdsb2JhbFNpZ24gbnYtc2ExFTATBgNVBAUTDDIwMTYxMjA3MTYyMzFCMEAG
A1UEAxM5R2xvYmFsU2lnbiBPcmdhbml6YXRpb24gVmFsaWRhdGlvbiBDQSAtIEcy
IE9DU1AgUmVzcG9uZGVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
oN0dB5KdRul2ktthbbyRInzSy16NsZYA9ncN2WTnRMbSbbutfNV7/Y6HyUNRHeeZ
k4SIWNO6ysmvOhp8rcnhrit50unEygHCjApBRFYvbJiO2en6A/M84wRMqgfABQj5
WKnTr7+mo+khJpajhV24i7UXff9NsdTz0kXxcZuclL7tchZuCrE+7N+t8xsPmkh7
aU3XiZXVZqQnIKkuT42sV1agpEV/5Fl24/z3JUSHCC5TrFu/RO1qwxlsw1Rj2gui
SISFOs5a+13yyNfYJYCudAA4UHjbHNTPwoZVA5/5C2ce9BJsXNmKPen5/bkGpV4E
LWYXTNEXXkO/UAEd9rWBJwIDAQABo4HHMIHEMB0GA1UdDgQWBBSEcGYA2z5xeMLH
53proefAGmx9mTAfBgNVHSMEGDAWgBRdRrKNxEt0HLvt9XO2Orc4j3WefjAPBgkr
BgEFBQcwAQUEAgUAMEwGA1UdIARFMEMwQQYJKwYBBAGgMgFfMDQwMgYIKwYBBQUH
AgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMA4GA1Ud
DwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDCTANBgkqhkiG9w0BAQUFAAOC
AQEAZ8yGFEv19hjXwv0Cvca3yhgAjLhI2z8cI38sXhpFlbpwW/t07w5Mo0X9LNTw
VmCH335gXudQ9RoMWh5aE2kYYGtS6y1SmmdsquXAI79tkU6WYsMZV6kQ36HMWNHz
1BvP0rFJWWmj9HMRmnVv5XjyJIMWvGOsxd8q2WWbSGU9fImBztye28FsAFRc9ZrF
k7dHsNWjrY7qSIBeoRIyFUpQBh+UQQ+/iBPw1EyPTX81D2hqj3T0gMSWvpiLKB80
rEguuPDNAfpGfv4lHhcojHB1Awgo4AyttkrrOCTYnUP2s7Dv1YSTCKPweV21bFIW
YT2Rg3Q1uDwENFdxfgqdoPvumA==
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [public, no-transform, must-revalidate]
Cf-Cache-Status: [MISS]
Cf-Ray: [3761d1c0e7684722-EWR]
Content-Length: [1594]
Content-Type: [application/ocsp-response]
Date: [Wed, 28 Jun 2017 15:53:31 GMT]
Etag: ["a9d1ff75fe354768a8dea92750c799de0e2fbbc5"]
Expires: [Sun, 02 Jul 2017 15:53:31 GMT]
Last-Modified: [Wed, 28 Jun 2017 15:53:31 GMT]
Server: [cloudflare-nginx]
Set-Cookie: [__cfduid=d5141788540672b989380c8747e79d66e1498665211; expires=Thu, 28-Jun-18 15:53:31 GMT; path=/; domain=.globalsign.com; HttpOnly]
Vary: [Accept-Encoding]
  • OCSP requests is smaller than 255 bytes
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • OCSP response is valid for at least 8 hours (Microsoft)
  • OCSP response is available at least 8 hours before the current period expires or at ½ the validity if valid for more than 16 hours (Microsoft)
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)
This OCSP response was cached at
http://ocsp2.globalsign.com/gsorganizationvalg2 (POST)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp2.globalsign.com/gsorganizationvalg2 (POST)
Size: 1594 bytes (DER data)
Response time: 530.765058ms
Signature algorithm: SHA256WithRSA
Signature type: CA Delegated
Signed by: GlobalSign Organization Validation CA - G2 OCSP Responder
Issued by: GlobalSign Organization Validation CA - G2
Signing certificate validity: 2017-04-07 - 2017-07-15
Signing certificate algorithm: SHA1-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: cloudflare-nginx
Content Delivery Network (CDN): CloudFlare
Cache Information: HIT

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFMwUTBPME0wSzAJBgUrDgMCGgUABBReGXQV/tqUV3SNMRE+s25eR/vhjwQUXUay
jcRLdBy77fVztjq3OI91nn4CEhEhPjrPqSfq697wFJeeD/h/Tg==
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIGNgoBAKCCBi8wggYrBgkrBgEFBQcwAQEEggYcMIIGGDCBxqIWBBSEcGYA2z5x
eMLH53proefAGmx9mRgPMjAxNzA2MjgxNTUzMzFaMIGaMIGXMEswCQYFKw4DAhoF
AAQUXhl0Ff7alFd0jTERPrNuXkf74Y8EFF1Gso3ES3Qcu+31c7Y6tziPdZ5+AhIR
IT46z6kn6uve8BSXng/4f06AABgPMjAxNzA2MjgxNTUzMzFaoBEYDzIwMTcwNzAy
MTU1MzMxWqEiMCAwHgYJKwYBBQUHMAEGBBEYDzIwMTYwNjI4MTU1MzMxWjANBgkq
hkiG9w0BAQsFAAOCAQEAALPCUtQKRWyXs//84MSQL9C08odmDlw40PwxkCLsqoeR
KnAdOmkhtDzxBAXprCHobUP34OAosYOd9H3yLwF/HbHimSeog/LKT0TdHwlafrWc
Ip17j1KHEwhQ8aWSn9WIIEfJa3Ddhu+Y9Wzfj9wsgefJrSIQNsxb36v/bNZ/QoPQ
0mn2dD0PwvOTv3b/eX4eY2YSru3c/dQr34pSajO7CRQso5q/zod8OyqHUtw8BKeP
kSw2SdG3b+Jwa60RtOoZY6ByukedAruv8ncDP4gqTbIst8Pe4jndDab29d7pylZV
cvVN787KjqygUnQGpPLOuE/FN+I+D1qp5YFH8kghJaCCBDcwggQzMIIELzCCAxeg
AwIBAgIMBmp15hAQH3jyVmJBMA0GCSqGSIb3DQEBBQUAMF0xCzAJBgNVBAYTAkJF
MRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTMwMQYDVQQDEypHbG9iYWxTaWdu
IE9yZ2FuaXphdGlvbiBWYWxpZGF0aW9uIENBIC0gRzIwHhcNMTcwNDA3MDAwMDAw
WhcNMTcwNzE1MDAwMDAwWjCBgzELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2Jh
bFNpZ24gbnYtc2ExFTATBgNVBAUTDDIwMTYxMjA3MTYyMzFCMEAGA1UEAxM5R2xv
YmFsU2lnbiBPcmdhbml6YXRpb24gVmFsaWRhdGlvbiBDQSAtIEcyIE9DU1AgUmVz
cG9uZGVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoN0dB5KdRul2
ktthbbyRInzSy16NsZYA9ncN2WTnRMbSbbutfNV7/Y6HyUNRHeeZk4SIWNO6ysmv
Ohp8rcnhrit50unEygHCjApBRFYvbJiO2en6A/M84wRMqgfABQj5WKnTr7+mo+kh
JpajhV24i7UXff9NsdTz0kXxcZuclL7tchZuCrE+7N+t8xsPmkh7aU3XiZXVZqQn
IKkuT42sV1agpEV/5Fl24/z3JUSHCC5TrFu/RO1qwxlsw1Rj2guiSISFOs5a+13y
yNfYJYCudAA4UHjbHNTPwoZVA5/5C2ce9BJsXNmKPen5/bkGpV4ELWYXTNEXXkO/
UAEd9rWBJwIDAQABo4HHMIHEMB0GA1UdDgQWBBSEcGYA2z5xeMLH53proefAGmx9
mTAfBgNVHSMEGDAWgBRdRrKNxEt0HLvt9XO2Orc4j3WefjAPBgkrBgEFBQcwAQUE
AgUAMEwGA1UdIARFMEMwQQYJKwYBBAGgMgFfMDQwMgYIKwYBBQUHAgEWJmh0dHBz
Oi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMA4GA1UdDwEB/wQEAwIH
gDATBgNVHSUEDDAKBggrBgEFBQcDCTANBgkqhkiG9w0BAQUFAAOCAQEAZ8yGFEv1
9hjXwv0Cvca3yhgAjLhI2z8cI38sXhpFlbpwW/t07w5Mo0X9LNTwVmCH335gXudQ
9RoMWh5aE2kYYGtS6y1SmmdsquXAI79tkU6WYsMZV6kQ36HMWNHz1BvP0rFJWWmj
9HMRmnVv5XjyJIMWvGOsxd8q2WWbSGU9fImBztye28FsAFRc9ZrFk7dHsNWjrY7q
SIBeoRIyFUpQBh+UQQ+/iBPw1EyPTX81D2hqj3T0gMSWvpiLKB80rEguuPDNAfpG
fv4lHhcojHB1Awgo4AyttkrrOCTYnUP2s7Dv1YSTCKPweV21bFIWYT2Rg3Q1uDwE
NFdxfgqdoPvumA==
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIELzCCAxegAwIBAgIMBmp15hAQH3jyVmJBMA0GCSqGSIb3DQEBBQUAMF0xCzAJ
BgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTMwMQYDVQQDEypH
bG9iYWxTaWduIE9yZ2FuaXphdGlvbiBWYWxpZGF0aW9uIENBIC0gRzIwHhcNMTcw
NDA3MDAwMDAwWhcNMTcwNzE1MDAwMDAwWjCBgzELMAkGA1UEBhMCQkUxGTAXBgNV
BAoTEEdsb2JhbFNpZ24gbnYtc2ExFTATBgNVBAUTDDIwMTYxMjA3MTYyMzFCMEAG
A1UEAxM5R2xvYmFsU2lnbiBPcmdhbml6YXRpb24gVmFsaWRhdGlvbiBDQSAtIEcy
IE9DU1AgUmVzcG9uZGVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
oN0dB5KdRul2ktthbbyRInzSy16NsZYA9ncN2WTnRMbSbbutfNV7/Y6HyUNRHeeZ
k4SIWNO6ysmvOhp8rcnhrit50unEygHCjApBRFYvbJiO2en6A/M84wRMqgfABQj5
WKnTr7+mo+khJpajhV24i7UXff9NsdTz0kXxcZuclL7tchZuCrE+7N+t8xsPmkh7
aU3XiZXVZqQnIKkuT42sV1agpEV/5Fl24/z3JUSHCC5TrFu/RO1qwxlsw1Rj2gui
SISFOs5a+13yyNfYJYCudAA4UHjbHNTPwoZVA5/5C2ce9BJsXNmKPen5/bkGpV4E
LWYXTNEXXkO/UAEd9rWBJwIDAQABo4HHMIHEMB0GA1UdDgQWBBSEcGYA2z5xeMLH
53proefAGmx9mTAfBgNVHSMEGDAWgBRdRrKNxEt0HLvt9XO2Orc4j3WefjAPBgkr
BgEFBQcwAQUEAgUAMEwGA1UdIARFMEMwQQYJKwYBBAGgMgFfMDQwMgYIKwYBBQUH
AgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMA4GA1Ud
DwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDCTANBgkqhkiG9w0BAQUFAAOC
AQEAZ8yGFEv19hjXwv0Cvca3yhgAjLhI2z8cI38sXhpFlbpwW/t07w5Mo0X9LNTw
VmCH335gXudQ9RoMWh5aE2kYYGtS6y1SmmdsquXAI79tkU6WYsMZV6kQ36HMWNHz
1BvP0rFJWWmj9HMRmnVv5XjyJIMWvGOsxd8q2WWbSGU9fImBztye28FsAFRc9ZrF
k7dHsNWjrY7qSIBeoRIyFUpQBh+UQQ+/iBPw1EyPTX81D2hqj3T0gMSWvpiLKB80
rEguuPDNAfpGfv4lHhcojHB1Awgo4AyttkrrOCTYnUP2s7Dv1YSTCKPweV21bFIW
YT2Rg3Q1uDwENFdxfgqdoPvumA==
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [public, no-transform, must-revalidate]
Cf-Cache-Status: [HIT]
Cf-Ray: [3761d1c0e3602180-EWR]
Content-Length: [1594]
Content-Type: [application/ocsp-response]
Date: [Wed, 28 Jun 2017 15:53:31 GMT]
Etag: ["a9d1ff75fe354768a8dea92750c799de0e2fbbc5"]
Expires: [Sun, 02 Jul 2017 15:53:31 GMT]
Last-Modified: [Wed, 28 Jun 2017 15:53:31 GMT]
Server: [cloudflare-nginx]
Set-Cookie: [__cfduid=df76f19752f87667f7bd54ced870d6b691498665211; expires=Thu, 28-Jun-18 15:53:31 GMT; path=/; domain=.globalsign.com; HttpOnly]
Vary: [Accept-Encoding]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • OCSP response is valid for at least 8 hours (Microsoft)
  • OCSP response is available at least 8 hours before the current period expires or at ½ the validity if valid for more than 16 hours (Microsoft)
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

GlobalSign Organization Validation CA - G2 (CA Certificate)

Certificate details for GlobalSign Organization Validation CA - G2 (At position 1 in certificate chain)
Serial number:
hex: 400000000012f4ee1450c
int: 4835703278459819397301516
Issued by: GlobalSign Root CA
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: GlobalSign nv-sa
Country: BE
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

This certificate contains no information about authoritative CRL(s) or OCSP servers

Check the revocation status for another website

Created by Paul van Brouwershaven
© 2015 - 2017 Digitorus B.V.
Revoked certificates can't and should not be trusted, these certificate will cause errors like "NET::ERR_CERT_REVOKED" in browsers.