CRL & OCSP report for ssl2186.cloudflare.com (CloudFlare, Inc.)

ssl2186.cloudflare.com

Certificate details for ssl2186.cloudflare.com (At position 0 in certificate chain)
Serial number:
hex: 11217591d4576e6996b99334f617a5d8c964
int: 1492294455813664342106998298135089651435876
Issued by: GlobalSign Organization Validation CA - G2
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: CloudFlare, Inc.
State / Province: CA
Locality: San Francisco
Country: US
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

Check certificate compliance for ssl2186.cloudflare.com.

Certificate Revocation List (CRL)

This CRL was cached at
http://crl.globalsign.com/gs/gsorganizationvalg2.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://crl.globalsign.com/gs/gsorganizationvalg2.crl
Size: 2648686 bytes (DER data)
Response time: 80.458868ms
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 71573

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: cloudflare-nginx
Content Delivery Network (CDN): CloudFlare, CloudFront
Cache Information: HIT, Miss from cloudfront

Raw CRL response headers

Accept-Ranges: [bytes]
Cache-Control: [public, no-transform, must-revalidate]
Cf-Cache-Status: [HIT]
Cf-Ray: [3761c802e37d472e-EWR]
Content-Length: [2648686]
Content-Type: [application/pkix-crl]
Date: [Wed, 28 Jun 2017 15:46:51 GMT]
Etag: [01566E]
Expires: [Wed, 05 Jul 2017 08:05:47 GMT]
Last-Modified: [Wed, 28 Jun 2017 08:05:47 GMT]
Server: [cloudflare-nginx]
Set-Cookie: [__cfduid=d15fbf92d0427efdbf13cd63bf14af66c1498664811; expires=Thu, 28-Jun-18 15:46:51 GMT; path=/; domain=.globalsign.com; HttpOnly]
Vary: [Accept-Encoding]
Via: [1.1 ac094a1c1bf8cbfbb98e93fa2b2431c0.cloudfront.net (CloudFront)]
X-Amz-Cf-Id: [5mS64fX5Qhp1a2-Zxqbbk5HwIBKWO_LxuHD2INsoaDEIhVwAm5zObg==]
X-Cache: [Miss from cloudfront]
  • Content-Type in response is set to 'application/pkix-crl (RFC 5280, section 4.2.1.13)'
  • This CRL file is DER encoded
  • Issuer field is byte-for-byte equivalent with issuers subject
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than seven days old, CRLs must be updated and reissued at least every seven days (Mozilla Maintenance Policy section 3)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://ocsp2.globalsign.com/gsorganizationvalg2 (POST)Revoked

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp2.globalsign.com/gsorganizationvalg2 (POST)
Size: 1580 bytes (DER data)
Response time: 570.750571ms
Signature algorithm: SHA256WithRSA
Signature type: CA Delegated
Signed by: GlobalSign Organization Validation CA - G2 OCSP Responder
Issued by: GlobalSign Organization Validation CA - G2
Signing certificate validity: 2017-04-07 - 2017-07-15
Signing certificate algorithm: SHA1-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Revoked

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: cloudflare-nginx
Content Delivery Network (CDN): CloudFlare
Cache Information: MISS

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFMwUTBPME0wSzAJBgUrDgMCGgUABBReGXQV/tqUV3SNMRE+s25eR/vhjwQUXUay
jcRLdBy77fVztjq3OI91nn4CEhEhdZHUV25plrmTNPYXpdjJZA==
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIGKAoBAKCCBiEwggYdBgkrBgEFBQcwAQEEggYOMIIGCjCBuKIWBBSEcGYA2z5x
eMLH53proefAGmx9mRgPMjAxNzA2MjgxNTQ2NTJaMIGMMIGJMEswCQYFKw4DAhoF
AAQUXhl0Ff7alFd0jTERPrNuXkf74Y8EFF1Gso3ES3Qcu+31c7Y6tziPdZ5+AhIR
IXWR1FduaZa5kzT2F6XYyWShFhgPMjAxNDA0MTYxNjEyMTVaoAMKAQAYDzIwMTcw
NjI4MTU0NjUyWqARGA8yMDE3MDcwMjE1NDY1MlowDQYJKoZIhvcNAQELBQADggEB
AHOjjyCD2hKoQcpjy3n7bAWi0ZrmNSNpjGc5hxk/f5VXOkW4GYYK0biZGv3CVifL
MKQboWNGQ9vCiY6DXD7/wW/cBe+DhdQ/z54+FVen7XyA/h1io8i+0IuyrJqSur9x
RLc8rom08rKoW6HkvfAArr7F4iko/5q7gRlA0Zd8QX8PTbxmtJg4Vn5scoT7pLEF
nkQtmQbgh0qaT6XAaVwjDrIkd6XOv9H1dBzsU0cQBIO0i/OFB/LWDMC8gpJ4s7XA
xvwOx5/l9uLpM0drrZL9iPJPmE66Hj8THMluhNg/334fe/wjuFHgTLUfnQLZUNFO
pxaUd4SihMfMwqF3ZqoUZSCgggQ3MIIEMzCCBC8wggMXoAMCAQICDAZqdeYQEB94
8lZiQTANBgkqhkiG9w0BAQUFADBdMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xv
YmFsU2lnbiBudi1zYTEzMDEGA1UEAxMqR2xvYmFsU2lnbiBPcmdhbml6YXRpb24g
VmFsaWRhdGlvbiBDQSAtIEcyMB4XDTE3MDQwNzAwMDAwMFoXDTE3MDcxNTAwMDAw
MFowgYMxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRUw
EwYDVQQFEwwyMDE2MTIwNzE2MjMxQjBABgNVBAMTOUdsb2JhbFNpZ24gT3JnYW5p
emF0aW9uIFZhbGlkYXRpb24gQ0EgLSBHMiBPQ1NQIFJlc3BvbmRlcjCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBAKDdHQeSnUbpdpLbYW28kSJ80stejbGW
APZ3Ddlk50TG0m27rXzVe/2Oh8lDUR3nmZOEiFjTusrJrzoafK3J4a4redLpxMoB
wowKQURWL2yYjtnp+gPzPOMETKoHwAUI+Vip06+/pqPpISaWo4VduIu1F33/TbHU
89JF8XGbnJS+7XIWbgqxPuzfrfMbD5pIe2lN14mV1WakJyCpLk+NrFdWoKRFf+RZ
duP89yVEhwguU6xbv0TtasMZbMNUY9oLokiEhTrOWvtd8sjX2CWArnQAOFB42xzU
z8KGVQOf+QtnHvQSbFzZij3p+f25BqVeBC1mF0zRF15Dv1ABHfa1gScCAwEAAaOB
xzCBxDAdBgNVHQ4EFgQUhHBmANs+cXjCx+d6a6HnwBpsfZkwHwYDVR0jBBgwFoAU
XUayjcRLdBy77fVztjq3OI91nn4wDwYJKwYBBQUHMAEFBAIFADBMBgNVHSAERTBD
MEEGCSsGAQQBoDIBXzA0MDIGCCsGAQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxz
aWduLmNvbS9yZXBvc2l0b3J5LzAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYI
KwYBBQUHAwkwDQYJKoZIhvcNAQEFBQADggEBAGfMhhRL9fYY18L9Ar3Gt8oYAIy4
SNs/HCN/LF4aRZW6cFv7dO8OTKNF/SzU8FZgh99+YF7nUPUaDFoeWhNpGGBrUust
UppnbKrlwCO/bZFOlmLDGVepEN+hzFjR89Qbz9KxSVlpo/RzEZp1b+V48iSDFrxj
rMXfKtllm0hlPXyJgc7cntvBbABUXPWaxZO3R7DVo62O6kiAXqESMhVKUAYflEEP
v4gT8NRMj01/NQ9oao909IDElr6YiygfNKxILrjwzQH6Rn7+JR4XKIxwdQMIKOAM
rbZK6zgk2J1D9rOw79WEkwij8HldtWxSFmE9kYN0Nbg8BDRXcX4KnaD77pg=
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIELzCCAxegAwIBAgIMBmp15hAQH3jyVmJBMA0GCSqGSIb3DQEBBQUAMF0xCzAJ
BgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTMwMQYDVQQDEypH
bG9iYWxTaWduIE9yZ2FuaXphdGlvbiBWYWxpZGF0aW9uIENBIC0gRzIwHhcNMTcw
NDA3MDAwMDAwWhcNMTcwNzE1MDAwMDAwWjCBgzELMAkGA1UEBhMCQkUxGTAXBgNV
BAoTEEdsb2JhbFNpZ24gbnYtc2ExFTATBgNVBAUTDDIwMTYxMjA3MTYyMzFCMEAG
A1UEAxM5R2xvYmFsU2lnbiBPcmdhbml6YXRpb24gVmFsaWRhdGlvbiBDQSAtIEcy
IE9DU1AgUmVzcG9uZGVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
oN0dB5KdRul2ktthbbyRInzSy16NsZYA9ncN2WTnRMbSbbutfNV7/Y6HyUNRHeeZ
k4SIWNO6ysmvOhp8rcnhrit50unEygHCjApBRFYvbJiO2en6A/M84wRMqgfABQj5
WKnTr7+mo+khJpajhV24i7UXff9NsdTz0kXxcZuclL7tchZuCrE+7N+t8xsPmkh7
aU3XiZXVZqQnIKkuT42sV1agpEV/5Fl24/z3JUSHCC5TrFu/RO1qwxlsw1Rj2gui
SISFOs5a+13yyNfYJYCudAA4UHjbHNTPwoZVA5/5C2ce9BJsXNmKPen5/bkGpV4E
LWYXTNEXXkO/UAEd9rWBJwIDAQABo4HHMIHEMB0GA1UdDgQWBBSEcGYA2z5xeMLH
53proefAGmx9mTAfBgNVHSMEGDAWgBRdRrKNxEt0HLvt9XO2Orc4j3WefjAPBgkr
BgEFBQcwAQUEAgUAMEwGA1UdIARFMEMwQQYJKwYBBAGgMgFfMDQwMgYIKwYBBQUH
AgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMA4GA1Ud
DwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDCTANBgkqhkiG9w0BAQUFAAOC
AQEAZ8yGFEv19hjXwv0Cvca3yhgAjLhI2z8cI38sXhpFlbpwW/t07w5Mo0X9LNTw
VmCH335gXudQ9RoMWh5aE2kYYGtS6y1SmmdsquXAI79tkU6WYsMZV6kQ36HMWNHz
1BvP0rFJWWmj9HMRmnVv5XjyJIMWvGOsxd8q2WWbSGU9fImBztye28FsAFRc9ZrF
k7dHsNWjrY7qSIBeoRIyFUpQBh+UQQ+/iBPw1EyPTX81D2hqj3T0gMSWvpiLKB80
rEguuPDNAfpGfv4lHhcojHB1Awgo4AyttkrrOCTYnUP2s7Dv1YSTCKPweV21bFIW
YT2Rg3Q1uDwENFdxfgqdoPvumA==
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [public, no-transform, must-revalidate]
Cf-Cache-Status: [MISS]
Cf-Ray: [3761c802e394471c-EWR]
Content-Length: [1580]
Content-Type: [application/ocsp-response]
Date: [Wed, 28 Jun 2017 15:46:52 GMT]
Etag: ["4763994f36ad1b9ec2f570973d43ae779087a63b"]
Expires: [Sun, 02 Jul 2017 15:46:52 GMT]
Last-Modified: [Wed, 28 Jun 2017 15:46:52 GMT]
Server: [cloudflare-nginx]
Set-Cookie: [__cfduid=da1f4731ee12703a9ad1ed825825ce6131498664811; expires=Thu, 28-Jun-18 15:46:51 GMT; path=/; domain=.globalsign.com; HttpOnly]
Vary: [Accept-Encoding]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • OCSP response is valid for at least 8 hours (Microsoft)
  • OCSP response is available at least 8 hours before the current period expires or at ½ the validity if valid for more than 16 hours (Microsoft)
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)
This OCSP response was cached at
http://ocsp2.globalsign.com/gsorganizationvalg2 (GET)Revoked

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp2.globalsign.com/gsorganizationvalg2 (GET)
Size: 1580 bytes (DER data)
Response time: 1.030337489s
Signature algorithm: SHA256WithRSA
Signature type: CA Delegated
Signed by: GlobalSign Organization Validation CA - G2 OCSP Responder
Issued by: GlobalSign Organization Validation CA - G2
Signing certificate validity: 2017-04-07 - 2017-07-15
Signing certificate algorithm: SHA1-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Revoked

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: cloudflare-nginx
Content Delivery Network (CDN): CloudFlare
Cache Information: HIT

URL used for GET request

http://ocsp2.globalsign.com/gsorganizationvalg2/MFMwUTBPME0wSzAJBgUrDgMCGgUABBReGXQV%2FtqUV3SNMRE%2Bs25eR%2FvhjwQUXUayjcRLdBy77fVztjq3OI91nn4CEhEhdZHUV25plrmTNPYXpdjJZA%3D%3D

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFMwUTBPME0wSzAJBgUrDgMCGgUABBReGXQV/tqUV3SNMRE+s25eR/vhjwQUXUay
jcRLdBy77fVztjq3OI91nn4CEhEhdZHUV25plrmTNPYXpdjJZA==
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIGKAoBAKCCBiEwggYdBgkrBgEFBQcwAQEEggYOMIIGCjCBuKIWBBSEcGYA2z5x
eMLH53proefAGmx9mRgPMjAxNzA2MjgxNTQ2NTJaMIGMMIGJMEswCQYFKw4DAhoF
AAQUXhl0Ff7alFd0jTERPrNuXkf74Y8EFF1Gso3ES3Qcu+31c7Y6tziPdZ5+AhIR
IXWR1FduaZa5kzT2F6XYyWShFhgPMjAxNDA0MTYxNjEyMTVaoAMKAQAYDzIwMTcw
NjI4MTU0NjUyWqARGA8yMDE3MDcwMjE1NDY1MlowDQYJKoZIhvcNAQELBQADggEB
AHOjjyCD2hKoQcpjy3n7bAWi0ZrmNSNpjGc5hxk/f5VXOkW4GYYK0biZGv3CVifL
MKQboWNGQ9vCiY6DXD7/wW/cBe+DhdQ/z54+FVen7XyA/h1io8i+0IuyrJqSur9x
RLc8rom08rKoW6HkvfAArr7F4iko/5q7gRlA0Zd8QX8PTbxmtJg4Vn5scoT7pLEF
nkQtmQbgh0qaT6XAaVwjDrIkd6XOv9H1dBzsU0cQBIO0i/OFB/LWDMC8gpJ4s7XA
xvwOx5/l9uLpM0drrZL9iPJPmE66Hj8THMluhNg/334fe/wjuFHgTLUfnQLZUNFO
pxaUd4SihMfMwqF3ZqoUZSCgggQ3MIIEMzCCBC8wggMXoAMCAQICDAZqdeYQEB94
8lZiQTANBgkqhkiG9w0BAQUFADBdMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xv
YmFsU2lnbiBudi1zYTEzMDEGA1UEAxMqR2xvYmFsU2lnbiBPcmdhbml6YXRpb24g
VmFsaWRhdGlvbiBDQSAtIEcyMB4XDTE3MDQwNzAwMDAwMFoXDTE3MDcxNTAwMDAw
MFowgYMxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRUw
EwYDVQQFEwwyMDE2MTIwNzE2MjMxQjBABgNVBAMTOUdsb2JhbFNpZ24gT3JnYW5p
emF0aW9uIFZhbGlkYXRpb24gQ0EgLSBHMiBPQ1NQIFJlc3BvbmRlcjCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBAKDdHQeSnUbpdpLbYW28kSJ80stejbGW
APZ3Ddlk50TG0m27rXzVe/2Oh8lDUR3nmZOEiFjTusrJrzoafK3J4a4redLpxMoB
wowKQURWL2yYjtnp+gPzPOMETKoHwAUI+Vip06+/pqPpISaWo4VduIu1F33/TbHU
89JF8XGbnJS+7XIWbgqxPuzfrfMbD5pIe2lN14mV1WakJyCpLk+NrFdWoKRFf+RZ
duP89yVEhwguU6xbv0TtasMZbMNUY9oLokiEhTrOWvtd8sjX2CWArnQAOFB42xzU
z8KGVQOf+QtnHvQSbFzZij3p+f25BqVeBC1mF0zRF15Dv1ABHfa1gScCAwEAAaOB
xzCBxDAdBgNVHQ4EFgQUhHBmANs+cXjCx+d6a6HnwBpsfZkwHwYDVR0jBBgwFoAU
XUayjcRLdBy77fVztjq3OI91nn4wDwYJKwYBBQUHMAEFBAIFADBMBgNVHSAERTBD
MEEGCSsGAQQBoDIBXzA0MDIGCCsGAQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxz
aWduLmNvbS9yZXBvc2l0b3J5LzAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYI
KwYBBQUHAwkwDQYJKoZIhvcNAQEFBQADggEBAGfMhhRL9fYY18L9Ar3Gt8oYAIy4
SNs/HCN/LF4aRZW6cFv7dO8OTKNF/SzU8FZgh99+YF7nUPUaDFoeWhNpGGBrUust
UppnbKrlwCO/bZFOlmLDGVepEN+hzFjR89Qbz9KxSVlpo/RzEZp1b+V48iSDFrxj
rMXfKtllm0hlPXyJgc7cntvBbABUXPWaxZO3R7DVo62O6kiAXqESMhVKUAYflEEP
v4gT8NRMj01/NQ9oao909IDElr6YiygfNKxILrjwzQH6Rn7+JR4XKIxwdQMIKOAM
rbZK6zgk2J1D9rOw79WEkwij8HldtWxSFmE9kYN0Nbg8BDRXcX4KnaD77pg=
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIELzCCAxegAwIBAgIMBmp15hAQH3jyVmJBMA0GCSqGSIb3DQEBBQUAMF0xCzAJ
BgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTMwMQYDVQQDEypH
bG9iYWxTaWduIE9yZ2FuaXphdGlvbiBWYWxpZGF0aW9uIENBIC0gRzIwHhcNMTcw
NDA3MDAwMDAwWhcNMTcwNzE1MDAwMDAwWjCBgzELMAkGA1UEBhMCQkUxGTAXBgNV
BAoTEEdsb2JhbFNpZ24gbnYtc2ExFTATBgNVBAUTDDIwMTYxMjA3MTYyMzFCMEAG
A1UEAxM5R2xvYmFsU2lnbiBPcmdhbml6YXRpb24gVmFsaWRhdGlvbiBDQSAtIEcy
IE9DU1AgUmVzcG9uZGVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
oN0dB5KdRul2ktthbbyRInzSy16NsZYA9ncN2WTnRMbSbbutfNV7/Y6HyUNRHeeZ
k4SIWNO6ysmvOhp8rcnhrit50unEygHCjApBRFYvbJiO2en6A/M84wRMqgfABQj5
WKnTr7+mo+khJpajhV24i7UXff9NsdTz0kXxcZuclL7tchZuCrE+7N+t8xsPmkh7
aU3XiZXVZqQnIKkuT42sV1agpEV/5Fl24/z3JUSHCC5TrFu/RO1qwxlsw1Rj2gui
SISFOs5a+13yyNfYJYCudAA4UHjbHNTPwoZVA5/5C2ce9BJsXNmKPen5/bkGpV4E
LWYXTNEXXkO/UAEd9rWBJwIDAQABo4HHMIHEMB0GA1UdDgQWBBSEcGYA2z5xeMLH
53proefAGmx9mTAfBgNVHSMEGDAWgBRdRrKNxEt0HLvt9XO2Orc4j3WefjAPBgkr
BgEFBQcwAQUEAgUAMEwGA1UdIARFMEMwQQYJKwYBBAGgMgFfMDQwMgYIKwYBBQUH
AgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMA4GA1Ud
DwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDCTANBgkqhkiG9w0BAQUFAAOC
AQEAZ8yGFEv19hjXwv0Cvca3yhgAjLhI2z8cI38sXhpFlbpwW/t07w5Mo0X9LNTw
VmCH335gXudQ9RoMWh5aE2kYYGtS6y1SmmdsquXAI79tkU6WYsMZV6kQ36HMWNHz
1BvP0rFJWWmj9HMRmnVv5XjyJIMWvGOsxd8q2WWbSGU9fImBztye28FsAFRc9ZrF
k7dHsNWjrY7qSIBeoRIyFUpQBh+UQQ+/iBPw1EyPTX81D2hqj3T0gMSWvpiLKB80
rEguuPDNAfpGfv4lHhcojHB1Awgo4AyttkrrOCTYnUP2s7Dv1YSTCKPweV21bFIW
YT2Rg3Q1uDwENFdxfgqdoPvumA==
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [public, no-transform, must-revalidate]
Cf-Cache-Status: [HIT]
Cf-Ray: [3761c802e6880773-EWR]
Content-Length: [1580]
Content-Type: [application/ocsp-response]
Date: [Wed, 28 Jun 2017 15:46:53 GMT]
Etag: ["4763994f36ad1b9ec2f570973d43ae779087a63b"]
Expires: [Sun, 02 Jul 2017 15:46:52 GMT]
Last-Modified: [Wed, 28 Jun 2017 15:46:52 GMT]
Server: [cloudflare-nginx]
Set-Cookie: [__cfduid=d20e93a2978d53712a9bcf0ea77e382f31498664811; expires=Thu, 28-Jun-18 15:46:51 GMT; path=/; domain=.globalsign.com; HttpOnly]
Vary: [Accept-Encoding]
  • OCSP requests is smaller than 255 bytes
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • OCSP response is valid for at least 8 hours (Microsoft)
  • OCSP response is available at least 8 hours before the current period expires or at ½ the validity if valid for more than 16 hours (Microsoft)
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

GlobalSign Organization Validation CA - G2 (CA Certificate)

Certificate details for GlobalSign Organization Validation CA - G2 (At position 1 in certificate chain)
Serial number:
hex: 400000000012f4ee1450c
int: 4835703278459819397301516
Issued by: GlobalSign Root CA
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: GlobalSign nv-sa
Country: BE
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

This certificate contains no information about authoritative CRL(s) or OCSP servers

Check the revocation status for another website

Created by Paul van Brouwershaven
© 2015 - 2017 Digitorus B.V.
Revoked certificates can't and should not be trusted, these certificate will cause errors like "NET::ERR_CERT_REVOKED" in browsers.