CRL & OCSP report for ssl7206.cloudflare.com (CloudFlare, Inc.)

ssl7206.cloudflare.com

Certificate details for ssl7206.cloudflare.com (At position 0 in certificate chain)
Serial number:
hex: 11215ae7f4edc3b1a2bbc5810d0fab2b21ba
int: 1492259013856255708392801795336269999055290
Issued by: GlobalSign Organization Validation CA - G2
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: CloudFlare, Inc.
State / Province: CA
Locality: San Francisco
Country: US
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

Check certificate compliance for ssl7206.cloudflare.com.

Certificate Revocation List (CRL)

This CRL was cached at
http://crl.globalsign.com/gs/gsorganizationvalg2.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://crl.globalsign.com/gs/gsorganizationvalg2.crl
Size: 2752138 bytes (DER data)
Response time: 34.05357ms
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 74369

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: cloudflare-nginx
Content Delivery Network (CDN): CloudFlare, CloudFront
Cache Information: HIT, Hit from cloudfront

Raw CRL response headers

Accept-Ranges: [bytes]
Cache-Control: [public, no-transform, must-revalidate]
Cf-Cache-Status: [HIT]
Cf-Ray: [35754853f44d21da-EWR]
Content-Length: [2752138]
Content-Type: [application/pkix-crl]
Date: [Sat, 29 Apr 2017 21:16:28 GMT]
Etag: [015632]
Expires: [Sat, 06 May 2017 04:16:58 GMT]
Last-Modified: [Sat, 29 Apr 2017 04:16:58 GMT]
Server: [cloudflare-nginx]
Set-Cookie: [__cfduid=df12086e6212213016891077da6fce1611493500588; expires=Sun, 29-Apr-18 21:16:28 GMT; path=/; domain=.globalsign.com; HttpOnly]
Vary: [Accept-Encoding]
Via: [1.1 d97deeb2385556a78005515cfaba11f9.cloudfront.net (CloudFront)]
X-Amz-Cf-Id: [eCJOWq6Qo8R-mPFUrRTqVNA_ZHx4VlmN1fyoBzRu_Mvd5LCXuwkdEw==]
X-Cache: [Hit from cloudfront]
  • Content-Type in response is set to 'application/pkix-crl (RFC 5280, section 4.2.1.13)'
  • This CRL file is DER encoded
  • Issuer field is byte-for-byte equivalent with issuers subject
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than seven days old, CRLs must be updated and reissued at least every seven days (Mozilla Maintenance Policy section 3)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://ocsp2.globalsign.com/gsorganizationvalg2 (POST)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp2.globalsign.com/gsorganizationvalg2 (POST)
Size: 1594 bytes (DER data)
Response time: 582.901779ms
Signature algorithm: SHA256WithRSA
Signature type: CA Deligated
Signed by: GlobalSign Organization Validation CA - G2 OCSP Responder
Issued by: GlobalSign Organization Validation CA - G2
Signing certificate validity: 2017-04-07 - 2017-07-15
Signing certificate algorithm: SHA1-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: cloudflare-nginx
Content Delivery Network (CDN): CloudFlare
Cache Information: MISS

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFMwUTBPME0wSzAJBgUrDgMCGgUABBReGXQV/tqUV3SNMRE+s25eR/vhjwQUXUay
jcRLdBy77fVztjq3OI91nn4CEhEhWuf07cOxorvFgQ0Pqyshug==
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIGNgoBAKCCBi8wggYrBgkrBgEFBQcwAQEEggYcMIIGGDCBxqIWBBSEcGYA2z5x
eMLH53proefAGmx9mRgPMjAxNzA0MjkyMTE2MjhaMIGaMIGXMEswCQYFKw4DAhoF
AAQUXhl0Ff7alFd0jTERPrNuXkf74Y8EFF1Gso3ES3Qcu+31c7Y6tziPdZ5+AhIR
IVrn9O3DsaK7xYEND6srIbqAABgPMjAxNzA0MjkyMTE2MjhaoBEYDzIwMTcwNTAz
MjExNjI4WqEiMCAwHgYJKwYBBQUHMAEGBBEYDzIwMTYwNDI5MjExNjI4WjANBgkq
hkiG9w0BAQsFAAOCAQEAdYP0732NCd4gcQkUX7Z+GRBAIiUNZyQBpUHBbLM4Cq7f
bJWvl5gYrqHuUSuNPtmTd2w60fhCltVna8PlzbsbswOqAw5dLkDoB7EUmXE4KUXa
E/xpA6FFe0hvyLrzLRwhV6aTR3tWmgflLIQ7hElc9VPX02Yvw/t3bKHkL/mt6m9P
ZEH1Z46jUIM3C3zhW7CnSIhcRyagK7NMWSnWytZyyYal/2JZ0OMkk4cxGxXuo9yQ
qdHMCVynjsIHhFVoObXDKjolbBufmidUTx0oWYs5aZdR/BgFGsrZ8xwj9n64HF7a
2ZXu6+QEgf2z9RSS/z7mTowHP7On/e9bMPqsIWM5uaCCBDcwggQzMIIELzCCAxeg
AwIBAgIMBmp15hAQH3jyVmJBMA0GCSqGSIb3DQEBBQUAMF0xCzAJBgNVBAYTAkJF
MRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTMwMQYDVQQDEypHbG9iYWxTaWdu
IE9yZ2FuaXphdGlvbiBWYWxpZGF0aW9uIENBIC0gRzIwHhcNMTcwNDA3MDAwMDAw
WhcNMTcwNzE1MDAwMDAwWjCBgzELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2Jh
bFNpZ24gbnYtc2ExFTATBgNVBAUTDDIwMTYxMjA3MTYyMzFCMEAGA1UEAxM5R2xv
YmFsU2lnbiBPcmdhbml6YXRpb24gVmFsaWRhdGlvbiBDQSAtIEcyIE9DU1AgUmVz
cG9uZGVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoN0dB5KdRul2
ktthbbyRInzSy16NsZYA9ncN2WTnRMbSbbutfNV7/Y6HyUNRHeeZk4SIWNO6ysmv
Ohp8rcnhrit50unEygHCjApBRFYvbJiO2en6A/M84wRMqgfABQj5WKnTr7+mo+kh
JpajhV24i7UXff9NsdTz0kXxcZuclL7tchZuCrE+7N+t8xsPmkh7aU3XiZXVZqQn
IKkuT42sV1agpEV/5Fl24/z3JUSHCC5TrFu/RO1qwxlsw1Rj2guiSISFOs5a+13y
yNfYJYCudAA4UHjbHNTPwoZVA5/5C2ce9BJsXNmKPen5/bkGpV4ELWYXTNEXXkO/
UAEd9rWBJwIDAQABo4HHMIHEMB0GA1UdDgQWBBSEcGYA2z5xeMLH53proefAGmx9
mTAfBgNVHSMEGDAWgBRdRrKNxEt0HLvt9XO2Orc4j3WefjAPBgkrBgEFBQcwAQUE
AgUAMEwGA1UdIARFMEMwQQYJKwYBBAGgMgFfMDQwMgYIKwYBBQUHAgEWJmh0dHBz
Oi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMA4GA1UdDwEB/wQEAwIH
gDATBgNVHSUEDDAKBggrBgEFBQcDCTANBgkqhkiG9w0BAQUFAAOCAQEAZ8yGFEv1
9hjXwv0Cvca3yhgAjLhI2z8cI38sXhpFlbpwW/t07w5Mo0X9LNTwVmCH335gXudQ
9RoMWh5aE2kYYGtS6y1SmmdsquXAI79tkU6WYsMZV6kQ36HMWNHz1BvP0rFJWWmj
9HMRmnVv5XjyJIMWvGOsxd8q2WWbSGU9fImBztye28FsAFRc9ZrFk7dHsNWjrY7q
SIBeoRIyFUpQBh+UQQ+/iBPw1EyPTX81D2hqj3T0gMSWvpiLKB80rEguuPDNAfpG
fv4lHhcojHB1Awgo4AyttkrrOCTYnUP2s7Dv1YSTCKPweV21bFIWYT2Rg3Q1uDwE
NFdxfgqdoPvumA==
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIELzCCAxegAwIBAgIMBmp15hAQH3jyVmJBMA0GCSqGSIb3DQEBBQUAMF0xCzAJ
BgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTMwMQYDVQQDEypH
bG9iYWxTaWduIE9yZ2FuaXphdGlvbiBWYWxpZGF0aW9uIENBIC0gRzIwHhcNMTcw
NDA3MDAwMDAwWhcNMTcwNzE1MDAwMDAwWjCBgzELMAkGA1UEBhMCQkUxGTAXBgNV
BAoTEEdsb2JhbFNpZ24gbnYtc2ExFTATBgNVBAUTDDIwMTYxMjA3MTYyMzFCMEAG
A1UEAxM5R2xvYmFsU2lnbiBPcmdhbml6YXRpb24gVmFsaWRhdGlvbiBDQSAtIEcy
IE9DU1AgUmVzcG9uZGVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
oN0dB5KdRul2ktthbbyRInzSy16NsZYA9ncN2WTnRMbSbbutfNV7/Y6HyUNRHeeZ
k4SIWNO6ysmvOhp8rcnhrit50unEygHCjApBRFYvbJiO2en6A/M84wRMqgfABQj5
WKnTr7+mo+khJpajhV24i7UXff9NsdTz0kXxcZuclL7tchZuCrE+7N+t8xsPmkh7
aU3XiZXVZqQnIKkuT42sV1agpEV/5Fl24/z3JUSHCC5TrFu/RO1qwxlsw1Rj2gui
SISFOs5a+13yyNfYJYCudAA4UHjbHNTPwoZVA5/5C2ce9BJsXNmKPen5/bkGpV4E
LWYXTNEXXkO/UAEd9rWBJwIDAQABo4HHMIHEMB0GA1UdDgQWBBSEcGYA2z5xeMLH
53proefAGmx9mTAfBgNVHSMEGDAWgBRdRrKNxEt0HLvt9XO2Orc4j3WefjAPBgkr
BgEFBQcwAQUEAgUAMEwGA1UdIARFMEMwQQYJKwYBBAGgMgFfMDQwMgYIKwYBBQUH
AgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMA4GA1Ud
DwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDCTANBgkqhkiG9w0BAQUFAAOC
AQEAZ8yGFEv19hjXwv0Cvca3yhgAjLhI2z8cI38sXhpFlbpwW/t07w5Mo0X9LNTw
VmCH335gXudQ9RoMWh5aE2kYYGtS6y1SmmdsquXAI79tkU6WYsMZV6kQ36HMWNHz
1BvP0rFJWWmj9HMRmnVv5XjyJIMWvGOsxd8q2WWbSGU9fImBztye28FsAFRc9ZrF
k7dHsNWjrY7qSIBeoRIyFUpQBh+UQQ+/iBPw1EyPTX81D2hqj3T0gMSWvpiLKB80
rEguuPDNAfpGfv4lHhcojHB1Awgo4AyttkrrOCTYnUP2s7Dv1YSTCKPweV21bFIW
YT2Rg3Q1uDwENFdxfgqdoPvumA==
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [public, no-transform, must-revalidate]
Cf-Cache-Status: [MISS]
Cf-Ray: [35754853f5c40697-EWR]
Content-Length: [1594]
Content-Type: [application/ocsp-response]
Date: [Sat, 29 Apr 2017 21:16:28 GMT]
Etag: ["c00397fcab6b09693c959f9df17a1d65edee5cd8"]
Expires: [Wed, 03 May 2017 21:16:28 GMT]
Last-Modified: [Sat, 29 Apr 2017 21:16:28 GMT]
Server: [cloudflare-nginx]
Set-Cookie: [__cfduid=da6703327fa4a70a01e35509173e217991493500588; expires=Sun, 29-Apr-18 21:16:28 GMT; path=/; domain=.globalsign.com; HttpOnly]
Vary: [Accept-Encoding]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • OCSP response is valid for at least 8 hours (Microsoft)
  • OCSP response is available at least 8 hours before the current period expires or at ½ the validity if valid for more than 16 hours (Microsoft)
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)
This OCSP response was cached at
http://ocsp2.globalsign.com/gsorganizationvalg2 (GET)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp2.globalsign.com/gsorganizationvalg2 (GET)
Size: 1594 bytes (DER data)
Response time: 1.010260288s
Signature algorithm: SHA256WithRSA
Signature type: CA Deligated
Signed by: GlobalSign Organization Validation CA - G2 OCSP Responder
Issued by: GlobalSign Organization Validation CA - G2
Signing certificate validity: 2017-04-07 - 2017-07-15
Signing certificate algorithm: SHA1-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: cloudflare-nginx
Content Delivery Network (CDN): CloudFlare
Cache Information: HIT

URL used for GET request

http:/gsorganizationvalg2/MFMwUTBPME0wSzAJBgUrDgMCGgUABBReGXQV%2FtqUV3SNMRE%2Bs25eR%2FvhjwQUXUayjcRLdBy77fVztjq3OI91nn4CEhEhWuf07cOxorvFgQ0Pqyshug%3D%3D

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFMwUTBPME0wSzAJBgUrDgMCGgUABBReGXQV/tqUV3SNMRE+s25eR/vhjwQUXUay
jcRLdBy77fVztjq3OI91nn4CEhEhWuf07cOxorvFgQ0Pqyshug==
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIGNgoBAKCCBi8wggYrBgkrBgEFBQcwAQEEggYcMIIGGDCBxqIWBBSEcGYA2z5x
eMLH53proefAGmx9mRgPMjAxNzA0MjkyMTE2MjhaMIGaMIGXMEswCQYFKw4DAhoF
AAQUXhl0Ff7alFd0jTERPrNuXkf74Y8EFF1Gso3ES3Qcu+31c7Y6tziPdZ5+AhIR
IVrn9O3DsaK7xYEND6srIbqAABgPMjAxNzA0MjkyMTE2MjhaoBEYDzIwMTcwNTAz
MjExNjI4WqEiMCAwHgYJKwYBBQUHMAEGBBEYDzIwMTYwNDI5MjExNjI4WjANBgkq
hkiG9w0BAQsFAAOCAQEAdYP0732NCd4gcQkUX7Z+GRBAIiUNZyQBpUHBbLM4Cq7f
bJWvl5gYrqHuUSuNPtmTd2w60fhCltVna8PlzbsbswOqAw5dLkDoB7EUmXE4KUXa
E/xpA6FFe0hvyLrzLRwhV6aTR3tWmgflLIQ7hElc9VPX02Yvw/t3bKHkL/mt6m9P
ZEH1Z46jUIM3C3zhW7CnSIhcRyagK7NMWSnWytZyyYal/2JZ0OMkk4cxGxXuo9yQ
qdHMCVynjsIHhFVoObXDKjolbBufmidUTx0oWYs5aZdR/BgFGsrZ8xwj9n64HF7a
2ZXu6+QEgf2z9RSS/z7mTowHP7On/e9bMPqsIWM5uaCCBDcwggQzMIIELzCCAxeg
AwIBAgIMBmp15hAQH3jyVmJBMA0GCSqGSIb3DQEBBQUAMF0xCzAJBgNVBAYTAkJF
MRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTMwMQYDVQQDEypHbG9iYWxTaWdu
IE9yZ2FuaXphdGlvbiBWYWxpZGF0aW9uIENBIC0gRzIwHhcNMTcwNDA3MDAwMDAw
WhcNMTcwNzE1MDAwMDAwWjCBgzELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2Jh
bFNpZ24gbnYtc2ExFTATBgNVBAUTDDIwMTYxMjA3MTYyMzFCMEAGA1UEAxM5R2xv
YmFsU2lnbiBPcmdhbml6YXRpb24gVmFsaWRhdGlvbiBDQSAtIEcyIE9DU1AgUmVz
cG9uZGVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoN0dB5KdRul2
ktthbbyRInzSy16NsZYA9ncN2WTnRMbSbbutfNV7/Y6HyUNRHeeZk4SIWNO6ysmv
Ohp8rcnhrit50unEygHCjApBRFYvbJiO2en6A/M84wRMqgfABQj5WKnTr7+mo+kh
JpajhV24i7UXff9NsdTz0kXxcZuclL7tchZuCrE+7N+t8xsPmkh7aU3XiZXVZqQn
IKkuT42sV1agpEV/5Fl24/z3JUSHCC5TrFu/RO1qwxlsw1Rj2guiSISFOs5a+13y
yNfYJYCudAA4UHjbHNTPwoZVA5/5C2ce9BJsXNmKPen5/bkGpV4ELWYXTNEXXkO/
UAEd9rWBJwIDAQABo4HHMIHEMB0GA1UdDgQWBBSEcGYA2z5xeMLH53proefAGmx9
mTAfBgNVHSMEGDAWgBRdRrKNxEt0HLvt9XO2Orc4j3WefjAPBgkrBgEFBQcwAQUE
AgUAMEwGA1UdIARFMEMwQQYJKwYBBAGgMgFfMDQwMgYIKwYBBQUHAgEWJmh0dHBz
Oi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMA4GA1UdDwEB/wQEAwIH
gDATBgNVHSUEDDAKBggrBgEFBQcDCTANBgkqhkiG9w0BAQUFAAOCAQEAZ8yGFEv1
9hjXwv0Cvca3yhgAjLhI2z8cI38sXhpFlbpwW/t07w5Mo0X9LNTwVmCH335gXudQ
9RoMWh5aE2kYYGtS6y1SmmdsquXAI79tkU6WYsMZV6kQ36HMWNHz1BvP0rFJWWmj
9HMRmnVv5XjyJIMWvGOsxd8q2WWbSGU9fImBztye28FsAFRc9ZrFk7dHsNWjrY7q
SIBeoRIyFUpQBh+UQQ+/iBPw1EyPTX81D2hqj3T0gMSWvpiLKB80rEguuPDNAfpG
fv4lHhcojHB1Awgo4AyttkrrOCTYnUP2s7Dv1YSTCKPweV21bFIWYT2Rg3Q1uDwE
NFdxfgqdoPvumA==
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIELzCCAxegAwIBAgIMBmp15hAQH3jyVmJBMA0GCSqGSIb3DQEBBQUAMF0xCzAJ
BgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTMwMQYDVQQDEypH
bG9iYWxTaWduIE9yZ2FuaXphdGlvbiBWYWxpZGF0aW9uIENBIC0gRzIwHhcNMTcw
NDA3MDAwMDAwWhcNMTcwNzE1MDAwMDAwWjCBgzELMAkGA1UEBhMCQkUxGTAXBgNV
BAoTEEdsb2JhbFNpZ24gbnYtc2ExFTATBgNVBAUTDDIwMTYxMjA3MTYyMzFCMEAG
A1UEAxM5R2xvYmFsU2lnbiBPcmdhbml6YXRpb24gVmFsaWRhdGlvbiBDQSAtIEcy
IE9DU1AgUmVzcG9uZGVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
oN0dB5KdRul2ktthbbyRInzSy16NsZYA9ncN2WTnRMbSbbutfNV7/Y6HyUNRHeeZ
k4SIWNO6ysmvOhp8rcnhrit50unEygHCjApBRFYvbJiO2en6A/M84wRMqgfABQj5
WKnTr7+mo+khJpajhV24i7UXff9NsdTz0kXxcZuclL7tchZuCrE+7N+t8xsPmkh7
aU3XiZXVZqQnIKkuT42sV1agpEV/5Fl24/z3JUSHCC5TrFu/RO1qwxlsw1Rj2gui
SISFOs5a+13yyNfYJYCudAA4UHjbHNTPwoZVA5/5C2ce9BJsXNmKPen5/bkGpV4E
LWYXTNEXXkO/UAEd9rWBJwIDAQABo4HHMIHEMB0GA1UdDgQWBBSEcGYA2z5xeMLH
53proefAGmx9mTAfBgNVHSMEGDAWgBRdRrKNxEt0HLvt9XO2Orc4j3WefjAPBgkr
BgEFBQcwAQUEAgUAMEwGA1UdIARFMEMwQQYJKwYBBAGgMgFfMDQwMgYIKwYBBQUH
AgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMA4GA1Ud
DwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDCTANBgkqhkiG9w0BAQUFAAOC
AQEAZ8yGFEv19hjXwv0Cvca3yhgAjLhI2z8cI38sXhpFlbpwW/t07w5Mo0X9LNTw
VmCH335gXudQ9RoMWh5aE2kYYGtS6y1SmmdsquXAI79tkU6WYsMZV6kQ36HMWNHz
1BvP0rFJWWmj9HMRmnVv5XjyJIMWvGOsxd8q2WWbSGU9fImBztye28FsAFRc9ZrF
k7dHsNWjrY7qSIBeoRIyFUpQBh+UQQ+/iBPw1EyPTX81D2hqj3T0gMSWvpiLKB80
rEguuPDNAfpGfv4lHhcojHB1Awgo4AyttkrrOCTYnUP2s7Dv1YSTCKPweV21bFIW
YT2Rg3Q1uDwENFdxfgqdoPvumA==
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [public, no-transform, must-revalidate]
Cf-Cache-Status: [HIT]
Cf-Ray: [35754853f2df0ec7-EWR]
Content-Length: [1594]
Content-Type: [application/ocsp-response]
Date: [Sat, 29 Apr 2017 21:16:29 GMT]
Etag: ["c00397fcab6b09693c959f9df17a1d65edee5cd8"]
Expires: [Wed, 03 May 2017 21:16:28 GMT]
Last-Modified: [Sat, 29 Apr 2017 21:16:28 GMT]
Server: [cloudflare-nginx]
Set-Cookie: [__cfduid=d13c0d37b65b8a68aa25f9492b311971c1493500588; expires=Sun, 29-Apr-18 21:16:28 GMT; path=/; domain=.globalsign.com; HttpOnly]
Vary: [Accept-Encoding]
  • OCSP requests is smaller than 255 bytes
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • OCSP response is valid for at least 8 hours (Microsoft)
  • OCSP response is available at least 8 hours before the current period expires or at ½ the validity if valid for more than 16 hours (Microsoft)
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

GlobalSign Organization Validation CA - G2 (CA Certificate)

Certificate details for GlobalSign Organization Validation CA - G2 (At position 1 in certificate chain)
Serial number:
hex: 400000000012f4ee1450c
int: 4835703278459819397301516
Issued by: GlobalSign Root CA
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: GlobalSign nv-sa
Country: BE
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

This certificate contains no information about authoritative CRL(s) or OCSP servers

Check the revocation status for another website

Created by Paul van Brouwershaven
Revoked certificates can't and should not be trusted, these certificate will cause errors like "NET::ERR_CERT_REVOKED" in browsers.