CRL & OCSP report for ssl6516.cloudflare.com (CloudFlare, Inc.)

ssl6516.cloudflare.com

Certificate details for ssl6516.cloudflare.com (At position 0 in certificate chain)
Serial number:
hex: 112175f3171b0a159e67da7fc222b489dc71
int: 1492294960820596323664604777597949442645105
Issued by: GlobalSign Organization Validation CA - G2
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: CloudFlare, Inc.
State / Province: CA
Locality: San Francisco
Country: US
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

Check certificate compliance for ssl6516.cloudflare.com.

Certificate Revocation List (CRL)

This CRL was cached at
http://crl.globalsign.com/gs/gsorganizationvalg2.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://crl.globalsign.com/gs/gsorganizationvalg2.crl
Size: 2648686 bytes (DER data)
Response time: 135.687454ms
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 71573

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: cloudflare-nginx
Content Delivery Network (CDN): CloudFlare, CloudFront
Cache Information: HIT, Miss from cloudfront

Raw CRL response headers

Accept-Ranges: [bytes]
Cache-Control: [public, no-transform, must-revalidate]
Cf-Cache-Status: [HIT]
Cf-Ray: [3754de4282f121b6-EWR]
Content-Length: [2648686]
Content-Type: [application/pkix-crl]
Date: [Tue, 27 Jun 2017 02:10:08 GMT]
Etag: [01566C]
Expires: [Mon, 03 Jul 2017 07:55:37 GMT]
Last-Modified: [Mon, 26 Jun 2017 07:55:37 GMT]
Server: [cloudflare-nginx]
Set-Cookie: [__cfduid=dffaa0e3fdc87f01143473fec85ba09901498529408; expires=Wed, 27-Jun-18 02:10:08 GMT; path=/; domain=.globalsign.com; HttpOnly]
Vary: [Accept-Encoding]
Via: [1.1 f542b972205e4ce339fc52e6b515e4b2.cloudfront.net (CloudFront)]
X-Amz-Cf-Id: [DY8cvBFgpxMY0e9hUYLnlqnMfeoxHJgO4AQxgwkKaLlOv5v0Xg327g==]
X-Cache: [Miss from cloudfront]
  • Content-Type in response is set to 'application/pkix-crl (RFC 5280, section 4.2.1.13)'
  • This CRL file is DER encoded
  • Issuer field is byte-for-byte equivalent with issuers subject
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than seven days old, CRLs must be updated and reissued at least every seven days (Mozilla Maintenance Policy section 3)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://ocsp2.globalsign.com/gsorganizationvalg2 (GET)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp2.globalsign.com/gsorganizationvalg2 (GET)
Size: 1556 bytes (DER data)
Response time: 578.032307ms
Signature algorithm: SHA256WithRSA
Signature type: CA Delegated
Signed by: GlobalSign Organization Validation CA - G2 OCSP Responder
Issued by: GlobalSign Organization Validation CA - G2
Signing certificate validity: 2017-04-07 - 2017-07-15
Signing certificate algorithm: SHA1-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: cloudflare-nginx
Content Delivery Network (CDN): CloudFlare
Cache Information: MISS

URL used for GET request

http://ocsp2.globalsign.com/gsorganizationvalg2/MFMwUTBPME0wSzAJBgUrDgMCGgUABBReGXQV%2FtqUV3SNMRE%2Bs25eR%2FvhjwQUXUayjcRLdBy77fVztjq3OI91nn4CEhEhdfMXGwoVnmfaf8IitInccQ%3D%3D

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFMwUTBPME0wSzAJBgUrDgMCGgUABBReGXQV/tqUV3SNMRE+s25eR/vhjwQUXUay
jcRLdBy77fVztjq3OI91nn4CEhEhdfMXGwoVnmfaf8IitInccQ==
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIGEAoBAKCCBgkwggYFBgkrBgEFBQcwAQEEggX2MIIF8jCBoKIWBBSEcGYA2z5x
eMLH53proefAGmx9mRgPMjAxNzA2MjcwMjEwMDhaMHUwczBLMAkGBSsOAwIaBQAE
FF4ZdBX+2pRXdI0xET6zbl5H++GPBBRdRrKNxEt0HLvt9XO2Orc4j3WefgISESF1
8xcbChWeZ9p/wiK0idxxgAAYDzIwMTcwNjI3MDIxMDA4WqARGA8yMDE3MDcwMTAy
MTAwOFowDQYJKoZIhvcNAQELBQADggEBAEhKp68h+PuNFLzgMDEypId/TL25yhp5
+t6bMPJzZ2o4maNiRP/ctfTKhYSyIKPshf94/t8YgalGhCuB2IK7SQgHZXxb8z2a
4aZu6ANPa2TcZ433xopILJF4e1ZEVLTKkgGXVp2bnBkUZWciDjWoO2qWwNfoMcXV
j3D+v1ZusPwu5/a4NhRifWgs9WBDWkt6FexL8oZaD6xU8oe9GoK5PznKMGUBbu8N
ryg1TpHCXoN7lInNtcW97WmbSb/m5QzvM3zhkIYsruKy6O5DUgeV9Oho+plApjm/
UapWRrmGWdRhffY2ERkhn+LBjxbVii2RZVgbPG6bYBCEXG1978Y03aSgggQ3MIIE
MzCCBC8wggMXoAMCAQICDAZqdeYQEB948lZiQTANBgkqhkiG9w0BAQUFADBdMQsw
CQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTEzMDEGA1UEAxMq
R2xvYmFsU2lnbiBPcmdhbml6YXRpb24gVmFsaWRhdGlvbiBDQSAtIEcyMB4XDTE3
MDQwNzAwMDAwMFoXDTE3MDcxNTAwMDAwMFowgYMxCzAJBgNVBAYTAkJFMRkwFwYD
VQQKExBHbG9iYWxTaWduIG52LXNhMRUwEwYDVQQFEwwyMDE2MTIwNzE2MjMxQjBA
BgNVBAMTOUdsb2JhbFNpZ24gT3JnYW5pemF0aW9uIFZhbGlkYXRpb24gQ0EgLSBH
MiBPQ1NQIFJlc3BvbmRlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AKDdHQeSnUbpdpLbYW28kSJ80stejbGWAPZ3Ddlk50TG0m27rXzVe/2Oh8lDUR3n
mZOEiFjTusrJrzoafK3J4a4redLpxMoBwowKQURWL2yYjtnp+gPzPOMETKoHwAUI
+Vip06+/pqPpISaWo4VduIu1F33/TbHU89JF8XGbnJS+7XIWbgqxPuzfrfMbD5pI
e2lN14mV1WakJyCpLk+NrFdWoKRFf+RZduP89yVEhwguU6xbv0TtasMZbMNUY9oL
okiEhTrOWvtd8sjX2CWArnQAOFB42xzUz8KGVQOf+QtnHvQSbFzZij3p+f25BqVe
BC1mF0zRF15Dv1ABHfa1gScCAwEAAaOBxzCBxDAdBgNVHQ4EFgQUhHBmANs+cXjC
x+d6a6HnwBpsfZkwHwYDVR0jBBgwFoAUXUayjcRLdBy77fVztjq3OI91nn4wDwYJ
KwYBBQUHMAEFBAIFADBMBgNVHSAERTBDMEEGCSsGAQQBoDIBXzA0MDIGCCsGAQUF
BwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzAOBgNV
HQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDQYJKoZIhvcNAQEFBQAD
ggEBAGfMhhRL9fYY18L9Ar3Gt8oYAIy4SNs/HCN/LF4aRZW6cFv7dO8OTKNF/SzU
8FZgh99+YF7nUPUaDFoeWhNpGGBrUustUppnbKrlwCO/bZFOlmLDGVepEN+hzFjR
89Qbz9KxSVlpo/RzEZp1b+V48iSDFrxjrMXfKtllm0hlPXyJgc7cntvBbABUXPWa
xZO3R7DVo62O6kiAXqESMhVKUAYflEEPv4gT8NRMj01/NQ9oao909IDElr6Yiygf
NKxILrjwzQH6Rn7+JR4XKIxwdQMIKOAMrbZK6zgk2J1D9rOw79WEkwij8HldtWxS
FmE9kYN0Nbg8BDRXcX4KnaD77pg=
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIELzCCAxegAwIBAgIMBmp15hAQH3jyVmJBMA0GCSqGSIb3DQEBBQUAMF0xCzAJ
BgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTMwMQYDVQQDEypH
bG9iYWxTaWduIE9yZ2FuaXphdGlvbiBWYWxpZGF0aW9uIENBIC0gRzIwHhcNMTcw
NDA3MDAwMDAwWhcNMTcwNzE1MDAwMDAwWjCBgzELMAkGA1UEBhMCQkUxGTAXBgNV
BAoTEEdsb2JhbFNpZ24gbnYtc2ExFTATBgNVBAUTDDIwMTYxMjA3MTYyMzFCMEAG
A1UEAxM5R2xvYmFsU2lnbiBPcmdhbml6YXRpb24gVmFsaWRhdGlvbiBDQSAtIEcy
IE9DU1AgUmVzcG9uZGVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
oN0dB5KdRul2ktthbbyRInzSy16NsZYA9ncN2WTnRMbSbbutfNV7/Y6HyUNRHeeZ
k4SIWNO6ysmvOhp8rcnhrit50unEygHCjApBRFYvbJiO2en6A/M84wRMqgfABQj5
WKnTr7+mo+khJpajhV24i7UXff9NsdTz0kXxcZuclL7tchZuCrE+7N+t8xsPmkh7
aU3XiZXVZqQnIKkuT42sV1agpEV/5Fl24/z3JUSHCC5TrFu/RO1qwxlsw1Rj2gui
SISFOs5a+13yyNfYJYCudAA4UHjbHNTPwoZVA5/5C2ce9BJsXNmKPen5/bkGpV4E
LWYXTNEXXkO/UAEd9rWBJwIDAQABo4HHMIHEMB0GA1UdDgQWBBSEcGYA2z5xeMLH
53proefAGmx9mTAfBgNVHSMEGDAWgBRdRrKNxEt0HLvt9XO2Orc4j3WefjAPBgkr
BgEFBQcwAQUEAgUAMEwGA1UdIARFMEMwQQYJKwYBBAGgMgFfMDQwMgYIKwYBBQUH
AgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMA4GA1Ud
DwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDCTANBgkqhkiG9w0BAQUFAAOC
AQEAZ8yGFEv19hjXwv0Cvca3yhgAjLhI2z8cI38sXhpFlbpwW/t07w5Mo0X9LNTw
VmCH335gXudQ9RoMWh5aE2kYYGtS6y1SmmdsquXAI79tkU6WYsMZV6kQ36HMWNHz
1BvP0rFJWWmj9HMRmnVv5XjyJIMWvGOsxd8q2WWbSGU9fImBztye28FsAFRc9ZrF
k7dHsNWjrY7qSIBeoRIyFUpQBh+UQQ+/iBPw1EyPTX81D2hqj3T0gMSWvpiLKB80
rEguuPDNAfpGfv4lHhcojHB1Awgo4AyttkrrOCTYnUP2s7Dv1YSTCKPweV21bFIW
YT2Rg3Q1uDwENFdxfgqdoPvumA==
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [public, no-transform, must-revalidate]
Cf-Cache-Status: [MISS]
Cf-Ray: [3754de4287b9183a-EWR]
Content-Length: [1556]
Content-Type: [application/ocsp-response]
Date: [Tue, 27 Jun 2017 02:10:08 GMT]
Etag: ["bfaee811410773dd69f8dfc13ca181fac77216fc"]
Expires: [Sat, 01 Jul 2017 02:10:08 GMT]
Last-Modified: [Tue, 27 Jun 2017 02:10:08 GMT]
Server: [cloudflare-nginx]
Set-Cookie: [__cfduid=de766bb92ee48a9e37ea566684e4d28271498529408; expires=Wed, 27-Jun-18 02:10:08 GMT; path=/; domain=.globalsign.com; HttpOnly]
Vary: [Accept-Encoding]
  • OCSP requests is smaller than 255 bytes
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • OCSP response is valid for at least 8 hours (Microsoft)
  • OCSP response is available at least 8 hours before the current period expires or at ½ the validity if valid for more than 16 hours (Microsoft)
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)
This OCSP response was cached at
http://ocsp2.globalsign.com/gsorganizationvalg2 (POST)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp2.globalsign.com/gsorganizationvalg2 (POST)
Size: 1556 bytes (DER data)
Response time: 1.015560128s
Signature algorithm: SHA256WithRSA
Signature type: CA Delegated
Signed by: GlobalSign Organization Validation CA - G2 OCSP Responder
Issued by: GlobalSign Organization Validation CA - G2
Signing certificate validity: 2017-04-07 - 2017-07-15
Signing certificate algorithm: SHA1-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: cloudflare-nginx
Content Delivery Network (CDN): CloudFlare
Cache Information: HIT

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFMwUTBPME0wSzAJBgUrDgMCGgUABBReGXQV/tqUV3SNMRE+s25eR/vhjwQUXUay
jcRLdBy77fVztjq3OI91nn4CEhEhdfMXGwoVnmfaf8IitInccQ==
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIGEAoBAKCCBgkwggYFBgkrBgEFBQcwAQEEggX2MIIF8jCBoKIWBBSEcGYA2z5x
eMLH53proefAGmx9mRgPMjAxNzA2MjcwMjEwMDhaMHUwczBLMAkGBSsOAwIaBQAE
FF4ZdBX+2pRXdI0xET6zbl5H++GPBBRdRrKNxEt0HLvt9XO2Orc4j3WefgISESF1
8xcbChWeZ9p/wiK0idxxgAAYDzIwMTcwNjI3MDIxMDA4WqARGA8yMDE3MDcwMTAy
MTAwOFowDQYJKoZIhvcNAQELBQADggEBAEhKp68h+PuNFLzgMDEypId/TL25yhp5
+t6bMPJzZ2o4maNiRP/ctfTKhYSyIKPshf94/t8YgalGhCuB2IK7SQgHZXxb8z2a
4aZu6ANPa2TcZ433xopILJF4e1ZEVLTKkgGXVp2bnBkUZWciDjWoO2qWwNfoMcXV
j3D+v1ZusPwu5/a4NhRifWgs9WBDWkt6FexL8oZaD6xU8oe9GoK5PznKMGUBbu8N
ryg1TpHCXoN7lInNtcW97WmbSb/m5QzvM3zhkIYsruKy6O5DUgeV9Oho+plApjm/
UapWRrmGWdRhffY2ERkhn+LBjxbVii2RZVgbPG6bYBCEXG1978Y03aSgggQ3MIIE
MzCCBC8wggMXoAMCAQICDAZqdeYQEB948lZiQTANBgkqhkiG9w0BAQUFADBdMQsw
CQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTEzMDEGA1UEAxMq
R2xvYmFsU2lnbiBPcmdhbml6YXRpb24gVmFsaWRhdGlvbiBDQSAtIEcyMB4XDTE3
MDQwNzAwMDAwMFoXDTE3MDcxNTAwMDAwMFowgYMxCzAJBgNVBAYTAkJFMRkwFwYD
VQQKExBHbG9iYWxTaWduIG52LXNhMRUwEwYDVQQFEwwyMDE2MTIwNzE2MjMxQjBA
BgNVBAMTOUdsb2JhbFNpZ24gT3JnYW5pemF0aW9uIFZhbGlkYXRpb24gQ0EgLSBH
MiBPQ1NQIFJlc3BvbmRlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AKDdHQeSnUbpdpLbYW28kSJ80stejbGWAPZ3Ddlk50TG0m27rXzVe/2Oh8lDUR3n
mZOEiFjTusrJrzoafK3J4a4redLpxMoBwowKQURWL2yYjtnp+gPzPOMETKoHwAUI
+Vip06+/pqPpISaWo4VduIu1F33/TbHU89JF8XGbnJS+7XIWbgqxPuzfrfMbD5pI
e2lN14mV1WakJyCpLk+NrFdWoKRFf+RZduP89yVEhwguU6xbv0TtasMZbMNUY9oL
okiEhTrOWvtd8sjX2CWArnQAOFB42xzUz8KGVQOf+QtnHvQSbFzZij3p+f25BqVe
BC1mF0zRF15Dv1ABHfa1gScCAwEAAaOBxzCBxDAdBgNVHQ4EFgQUhHBmANs+cXjC
x+d6a6HnwBpsfZkwHwYDVR0jBBgwFoAUXUayjcRLdBy77fVztjq3OI91nn4wDwYJ
KwYBBQUHMAEFBAIFADBMBgNVHSAERTBDMEEGCSsGAQQBoDIBXzA0MDIGCCsGAQUF
BwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzAOBgNV
HQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDQYJKoZIhvcNAQEFBQAD
ggEBAGfMhhRL9fYY18L9Ar3Gt8oYAIy4SNs/HCN/LF4aRZW6cFv7dO8OTKNF/SzU
8FZgh99+YF7nUPUaDFoeWhNpGGBrUustUppnbKrlwCO/bZFOlmLDGVepEN+hzFjR
89Qbz9KxSVlpo/RzEZp1b+V48iSDFrxjrMXfKtllm0hlPXyJgc7cntvBbABUXPWa
xZO3R7DVo62O6kiAXqESMhVKUAYflEEPv4gT8NRMj01/NQ9oao909IDElr6Yiygf
NKxILrjwzQH6Rn7+JR4XKIxwdQMIKOAMrbZK6zgk2J1D9rOw79WEkwij8HldtWxS
FmE9kYN0Nbg8BDRXcX4KnaD77pg=
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIELzCCAxegAwIBAgIMBmp15hAQH3jyVmJBMA0GCSqGSIb3DQEBBQUAMF0xCzAJ
BgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTMwMQYDVQQDEypH
bG9iYWxTaWduIE9yZ2FuaXphdGlvbiBWYWxpZGF0aW9uIENBIC0gRzIwHhcNMTcw
NDA3MDAwMDAwWhcNMTcwNzE1MDAwMDAwWjCBgzELMAkGA1UEBhMCQkUxGTAXBgNV
BAoTEEdsb2JhbFNpZ24gbnYtc2ExFTATBgNVBAUTDDIwMTYxMjA3MTYyMzFCMEAG
A1UEAxM5R2xvYmFsU2lnbiBPcmdhbml6YXRpb24gVmFsaWRhdGlvbiBDQSAtIEcy
IE9DU1AgUmVzcG9uZGVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
oN0dB5KdRul2ktthbbyRInzSy16NsZYA9ncN2WTnRMbSbbutfNV7/Y6HyUNRHeeZ
k4SIWNO6ysmvOhp8rcnhrit50unEygHCjApBRFYvbJiO2en6A/M84wRMqgfABQj5
WKnTr7+mo+khJpajhV24i7UXff9NsdTz0kXxcZuclL7tchZuCrE+7N+t8xsPmkh7
aU3XiZXVZqQnIKkuT42sV1agpEV/5Fl24/z3JUSHCC5TrFu/RO1qwxlsw1Rj2gui
SISFOs5a+13yyNfYJYCudAA4UHjbHNTPwoZVA5/5C2ce9BJsXNmKPen5/bkGpV4E
LWYXTNEXXkO/UAEd9rWBJwIDAQABo4HHMIHEMB0GA1UdDgQWBBSEcGYA2z5xeMLH
53proefAGmx9mTAfBgNVHSMEGDAWgBRdRrKNxEt0HLvt9XO2Orc4j3WefjAPBgkr
BgEFBQcwAQUEAgUAMEwGA1UdIARFMEMwQQYJKwYBBAGgMgFfMDQwMgYIKwYBBQUH
AgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMA4GA1Ud
DwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDCTANBgkqhkiG9w0BAQUFAAOC
AQEAZ8yGFEv19hjXwv0Cvca3yhgAjLhI2z8cI38sXhpFlbpwW/t07w5Mo0X9LNTw
VmCH335gXudQ9RoMWh5aE2kYYGtS6y1SmmdsquXAI79tkU6WYsMZV6kQ36HMWNHz
1BvP0rFJWWmj9HMRmnVv5XjyJIMWvGOsxd8q2WWbSGU9fImBztye28FsAFRc9ZrF
k7dHsNWjrY7qSIBeoRIyFUpQBh+UQQ+/iBPw1EyPTX81D2hqj3T0gMSWvpiLKB80
rEguuPDNAfpGfv4lHhcojHB1Awgo4AyttkrrOCTYnUP2s7Dv1YSTCKPweV21bFIW
YT2Rg3Q1uDwENFdxfgqdoPvumA==
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [public, no-transform, must-revalidate]
Cf-Cache-Status: [HIT]
Cf-Ray: [3754de42822d21bc-EWR]
Content-Length: [1556]
Content-Type: [application/ocsp-response]
Date: [Tue, 27 Jun 2017 02:10:09 GMT]
Etag: ["bfaee811410773dd69f8dfc13ca181fac77216fc"]
Expires: [Sat, 01 Jul 2017 02:10:08 GMT]
Last-Modified: [Tue, 27 Jun 2017 02:10:08 GMT]
Server: [cloudflare-nginx]
Set-Cookie: [__cfduid=d2b0582795c8624e5a9dde722152d37581498529408; expires=Wed, 27-Jun-18 02:10:08 GMT; path=/; domain=.globalsign.com; HttpOnly]
Vary: [Accept-Encoding]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • OCSP response is valid for at least 8 hours (Microsoft)
  • OCSP response is available at least 8 hours before the current period expires or at ½ the validity if valid for more than 16 hours (Microsoft)
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

GlobalSign Organization Validation CA - G2 (CA Certificate)

Certificate details for GlobalSign Organization Validation CA - G2 (At position 1 in certificate chain)
Serial number:
hex: 400000000012f4ee1450c
int: 4835703278459819397301516
Issued by: GlobalSign Root CA
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: GlobalSign nv-sa
Country: BE
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

Certificate Revocation List (CRL)

This CRL was cached at
http://crl.globalsign.net/root.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://crl.globalsign.net/root.crl
Size: 782 bytes (DER data)
Response time: 8.278653ms
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 7

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: cloudflare-nginx
Content Delivery Network (CDN): CloudFlare
Cache Information: HIT

Raw CRL response headers

Accept-Ranges: [bytes]
Cache-Control: [public, max-age=1547392]
Cf-Cache-Status: [HIT]
Cf-Ray: [3754de428439473a-EWR]
Content-Length: [782]
Content-Type: [application/pkix-crl]
Date: [Tue, 27 Jun 2017 02:10:08 GMT]
Etag: [39]
Expires: [Sat, 15 Jul 2017 00:00:00 GMT]
Last-Modified: [Wed, 19 Apr 2017 00:00:00 GMT]
Server: [cloudflare-nginx]
Set-Cookie: [__cfduid=d8a31190c1b07a4002b16dc8fc5d666771498529408; expires=Wed, 27-Jun-18 02:10:08 GMT; path=/; domain=.globalsign.net; HttpOnly]
Vary: [Accept-Encoding]
  • Content-Type in response is set to 'application/pkix-crl (RFC 5280, section 4.2.1.13)'
  • This CRL file is DER encoded
  • Issuer field is byte-for-byte equivalent with issuers subject
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://ocsp.globalsign.com/rootr1 (POST)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp.globalsign.com/rootr1 (POST)
Size: 1518 bytes (DER data)
Response time: 7.432025ms
Signature algorithm: SHA256WithRSA
Signature type: CA Delegated
Signed by: GlobalSign OCSP for Root R1 - Signer 1.2
Issued by: GlobalSign Root CA
Signing certificate validity: 2017-05-07 - 2017-08-15
Signing certificate algorithm: SHA1-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: cloudflare-nginx
Content Delivery Network (CDN): CloudFlare
Cache Information: HIT

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6+MgGqMQQUYHtm
GkUNl8qJUC99BM00qP/8/UsCCwQAAAAAAS9O4UUM
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIF6goBAKCCBeMwggXfBgkrBgEFBQcwAQEEggXQMIIFzDCBmaIWBBSvbfAxCEv8
w30kGCve74S5P2+ighgPMjAxNzA2MjcwMTI1MjRaMG4wbDBEMAkGBSsOAwIaBQAE
FLdXtbacB/gWIxOOkMkqDr4yAaoxBBRge2YaRQ2XyolQL30EzTSo//z9SwILBAAA
AAABL07hRQyAABgPMjAxNzA2MjcwMTI1MjRaoBEYDzIwMTcwNzAxMDEyNTI0WjAN
BgkqhkiG9w0BAQsFAAOCAQEAhZucHx3LJcZQowSSxOtE+7IopuHl9JFwoPzkZPii
fVq2jciCglM8kPNLFsB62B8x6sPEDflQW0BamfQj2J8Jn5Y9B42YztcFaA9sH4PF
CsqXDmaoTRwM9iChzETRUdQBNGDQj5su1Awl7l1pSXonNVjb2rBYX1H2jjfOx7CB
9LCk+7QMc2QfJi3bwlxPuvT2EdxXA86MdXui3ndzTI7J6YFLPzb2FXyAcAQkZPpY
NGpMiUBnTHpMaV1dVG6nB+d3w8cKf4a2O8zoXD2imvfnyJNlSfiNorPWgVLKk5Dx
cmoya5MfaUCWhraKwsNOM5qg8bhm/iNmzefSLaJZ9SH0jaCCBBgwggQUMIIEEDCC
AvigAwIBAgIOSPWzFgaTeJq7B6uGVtEwDQYJKoZIhvcNAQEFBQAwVzELMAkGA1UE
BhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jvb3Qg
Q0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xNzA1MDcwMDAwMDBa
Fw0xNzA4MTUwMDAwMDBaMFsxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxT
aWduIG52LXNhMTEwLwYDVQQDEyhHbG9iYWxTaWduIE9DU1AgZm9yIFJvb3QgUjEg
LSBTaWduZXIgMS4yMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1F7u
rTk5j7FgaI3ddIftk/QXhnH8pQzcsq8wk+wJKGeocjWxDmQAKedLAkDUXOMun0QA
lHi1mu2WdI18ZyZ7eAJGwa1R7iiy9Txfz88htJr5x6ArxpbsRbeXHsw/TCWMf+d3
RP9vfXFIe0Li1wYxoD9pcwi0M9O7KrDihY9zVplEtPgb3ic1AGUQFjmE4pNvBJpp
Eg95H2hWHjaQI5pjhXF8HTDejho6dJsKJ4fe7CZC4JlCYCCYgUQxczvoxyGmDVDt
euP8fMVmnSoEzq9qA8kPJql2d8iho4mhREqTj8MYYyU9Kl4Nuz+3KQ9t97AwUys2
pt3qELes6+MK9POWFwIDAQABo4HVMIHSMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUE
DDAKBggrBgEFBQcDCTAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSvbfAxCEv8w30k
GCve74S5P2+igjAfBgNVHSMEGDAWgBRge2YaRQ2XyolQL30EzTSo//z9SzAPBgkr
BgEFBQcwAQUEAgUAMEwGA1UdIARFMEMwQQYJKwYBBAGgMgFfMDQwMgYIKwYBBQUH
AgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMA0GCSqG
SIb3DQEBBQUAA4IBAQASHek+/Wbc9Xd0BWIaSS82VRB37lM6T+ZOz/522ZqHLXcR
jBwesOKcmeVyDNiHUqj9C3+cnwKNourW1R9h4FrW+wD5eDkJ3j3nO+kiczxCe7FV
KCWeTcPySiFPKoIH0fOpx2MdMc7XGRRHSP9cW2Rwo5yeglK5n7Ps4QGaKAuSiKNv
VNBW50fkwXNsOOBG+BbEOYcuNrnHSdGBbzlNvDo7FA9gpIaDKj0pLOALqchqZBrO
3HG1Z7c5n63+ef0dxBCbZ5yGLvNCzIv68hKcVibxYheGa/io1k8yrr8dDT2I7i3+
qiHCfDB4pKcihxppwAn/mJXwLE7BKS+FkpjswPEb
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIEEDCCAvigAwIBAgIOSPWzFgaTeJq7B6uGVtEwDQYJKoZIhvcNAQEFBQAwVzEL
MAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsT
B1Jvb3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xNzA1MDcw
MDAwMDBaFw0xNzA4MTUwMDAwMDBaMFsxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBH
bG9iYWxTaWduIG52LXNhMTEwLwYDVQQDEyhHbG9iYWxTaWduIE9DU1AgZm9yIFJv
b3QgUjEgLSBTaWduZXIgMS4yMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA1F7urTk5j7FgaI3ddIftk/QXhnH8pQzcsq8wk+wJKGeocjWxDmQAKedLAkDU
XOMun0QAlHi1mu2WdI18ZyZ7eAJGwa1R7iiy9Txfz88htJr5x6ArxpbsRbeXHsw/
TCWMf+d3RP9vfXFIe0Li1wYxoD9pcwi0M9O7KrDihY9zVplEtPgb3ic1AGUQFjmE
4pNvBJppEg95H2hWHjaQI5pjhXF8HTDejho6dJsKJ4fe7CZC4JlCYCCYgUQxczvo
xyGmDVDteuP8fMVmnSoEzq9qA8kPJql2d8iho4mhREqTj8MYYyU9Kl4Nuz+3KQ9t
97AwUys2pt3qELes6+MK9POWFwIDAQABo4HVMIHSMA4GA1UdDwEB/wQEAwIHgDAT
BgNVHSUEDDAKBggrBgEFBQcDCTAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSvbfAx
CEv8w30kGCve74S5P2+igjAfBgNVHSMEGDAWgBRge2YaRQ2XyolQL30EzTSo//z9
SzAPBgkrBgEFBQcwAQUEAgUAMEwGA1UdIARFMEMwQQYJKwYBBAGgMgFfMDQwMgYI
KwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkv
MA0GCSqGSIb3DQEBBQUAA4IBAQASHek+/Wbc9Xd0BWIaSS82VRB37lM6T+ZOz/52
2ZqHLXcRjBwesOKcmeVyDNiHUqj9C3+cnwKNourW1R9h4FrW+wD5eDkJ3j3nO+ki
czxCe7FVKCWeTcPySiFPKoIH0fOpx2MdMc7XGRRHSP9cW2Rwo5yeglK5n7Ps4QGa
KAuSiKNvVNBW50fkwXNsOOBG+BbEOYcuNrnHSdGBbzlNvDo7FA9gpIaDKj0pLOAL
qchqZBrO3HG1Z7c5n63+ef0dxBCbZ5yGLvNCzIv68hKcVibxYheGa/io1k8yrr8d
DT2I7i3+qiHCfDB4pKcihxppwAn/mJXwLE7BKS+FkpjswPEb
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [public, no-transform, must-revalidate]
Cf-Cache-Status: [HIT]
Cf-Ray: [3754de42879a2198-EWR]
Content-Length: [1518]
Content-Type: [application/ocsp-response]
Date: [Tue, 27 Jun 2017 02:10:08 GMT]
Etag: ["22a22fa5867299f4a84291fa5fb876c9162cab3d"]
Expires: [Sat, 01 Jul 2017 01:25:24 GMT]
Last-Modified: [Tue, 27 Jun 2017 01:25:24 GMT]
Server: [cloudflare-nginx]
Set-Cookie: [__cfduid=dde8c574f3854c2a181881ecec917b1701498529408; expires=Wed, 27-Jun-18 02:10:08 GMT; path=/; domain=.globalsign.com; HttpOnly]
Vary: [Accept-Encoding]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)
This OCSP response was cached at
http://ocsp.globalsign.com/rootr1 (GET)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp.globalsign.com/rootr1 (GET)
Size: 1518 bytes (DER data)
Response time: 22.392372ms
Signature algorithm: SHA256WithRSA
Signature type: CA Delegated
Signed by: GlobalSign OCSP for Root R1 - Signer 1.2
Issued by: GlobalSign Root CA
Signing certificate validity: 2017-05-07 - 2017-08-15
Signing certificate algorithm: SHA1-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: cloudflare-nginx
Content Delivery Network (CDN): CloudFlare
Cache Information: HIT

URL used for GET request

http://ocsp.globalsign.com/rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCCwQAAAAAAS9O4UUM

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6+MgGqMQQUYHtm
GkUNl8qJUC99BM00qP/8/UsCCwQAAAAAAS9O4UUM
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIF6goBAKCCBeMwggXfBgkrBgEFBQcwAQEEggXQMIIFzDCBmaIWBBSvbfAxCEv8
w30kGCve74S5P2+ighgPMjAxNzA2MjcwMTI1MjRaMG4wbDBEMAkGBSsOAwIaBQAE
FLdXtbacB/gWIxOOkMkqDr4yAaoxBBRge2YaRQ2XyolQL30EzTSo//z9SwILBAAA
AAABL07hRQyAABgPMjAxNzA2MjcwMTI1MjRaoBEYDzIwMTcwNzAxMDEyNTI0WjAN
BgkqhkiG9w0BAQsFAAOCAQEAhZucHx3LJcZQowSSxOtE+7IopuHl9JFwoPzkZPii
fVq2jciCglM8kPNLFsB62B8x6sPEDflQW0BamfQj2J8Jn5Y9B42YztcFaA9sH4PF
CsqXDmaoTRwM9iChzETRUdQBNGDQj5su1Awl7l1pSXonNVjb2rBYX1H2jjfOx7CB
9LCk+7QMc2QfJi3bwlxPuvT2EdxXA86MdXui3ndzTI7J6YFLPzb2FXyAcAQkZPpY
NGpMiUBnTHpMaV1dVG6nB+d3w8cKf4a2O8zoXD2imvfnyJNlSfiNorPWgVLKk5Dx
cmoya5MfaUCWhraKwsNOM5qg8bhm/iNmzefSLaJZ9SH0jaCCBBgwggQUMIIEEDCC
AvigAwIBAgIOSPWzFgaTeJq7B6uGVtEwDQYJKoZIhvcNAQEFBQAwVzELMAkGA1UE
BhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jvb3Qg
Q0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xNzA1MDcwMDAwMDBa
Fw0xNzA4MTUwMDAwMDBaMFsxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxT
aWduIG52LXNhMTEwLwYDVQQDEyhHbG9iYWxTaWduIE9DU1AgZm9yIFJvb3QgUjEg
LSBTaWduZXIgMS4yMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1F7u
rTk5j7FgaI3ddIftk/QXhnH8pQzcsq8wk+wJKGeocjWxDmQAKedLAkDUXOMun0QA
lHi1mu2WdI18ZyZ7eAJGwa1R7iiy9Txfz88htJr5x6ArxpbsRbeXHsw/TCWMf+d3
RP9vfXFIe0Li1wYxoD9pcwi0M9O7KrDihY9zVplEtPgb3ic1AGUQFjmE4pNvBJpp
Eg95H2hWHjaQI5pjhXF8HTDejho6dJsKJ4fe7CZC4JlCYCCYgUQxczvoxyGmDVDt
euP8fMVmnSoEzq9qA8kPJql2d8iho4mhREqTj8MYYyU9Kl4Nuz+3KQ9t97AwUys2
pt3qELes6+MK9POWFwIDAQABo4HVMIHSMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUE
DDAKBggrBgEFBQcDCTAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSvbfAxCEv8w30k
GCve74S5P2+igjAfBgNVHSMEGDAWgBRge2YaRQ2XyolQL30EzTSo//z9SzAPBgkr
BgEFBQcwAQUEAgUAMEwGA1UdIARFMEMwQQYJKwYBBAGgMgFfMDQwMgYIKwYBBQUH
AgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMA0GCSqG
SIb3DQEBBQUAA4IBAQASHek+/Wbc9Xd0BWIaSS82VRB37lM6T+ZOz/522ZqHLXcR
jBwesOKcmeVyDNiHUqj9C3+cnwKNourW1R9h4FrW+wD5eDkJ3j3nO+kiczxCe7FV
KCWeTcPySiFPKoIH0fOpx2MdMc7XGRRHSP9cW2Rwo5yeglK5n7Ps4QGaKAuSiKNv
VNBW50fkwXNsOOBG+BbEOYcuNrnHSdGBbzlNvDo7FA9gpIaDKj0pLOALqchqZBrO
3HG1Z7c5n63+ef0dxBCbZ5yGLvNCzIv68hKcVibxYheGa/io1k8yrr8dDT2I7i3+
qiHCfDB4pKcihxppwAn/mJXwLE7BKS+FkpjswPEb
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIEEDCCAvigAwIBAgIOSPWzFgaTeJq7B6uGVtEwDQYJKoZIhvcNAQEFBQAwVzEL
MAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsT
B1Jvb3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xNzA1MDcw
MDAwMDBaFw0xNzA4MTUwMDAwMDBaMFsxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBH
bG9iYWxTaWduIG52LXNhMTEwLwYDVQQDEyhHbG9iYWxTaWduIE9DU1AgZm9yIFJv
b3QgUjEgLSBTaWduZXIgMS4yMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA1F7urTk5j7FgaI3ddIftk/QXhnH8pQzcsq8wk+wJKGeocjWxDmQAKedLAkDU
XOMun0QAlHi1mu2WdI18ZyZ7eAJGwa1R7iiy9Txfz88htJr5x6ArxpbsRbeXHsw/
TCWMf+d3RP9vfXFIe0Li1wYxoD9pcwi0M9O7KrDihY9zVplEtPgb3ic1AGUQFjmE
4pNvBJppEg95H2hWHjaQI5pjhXF8HTDejho6dJsKJ4fe7CZC4JlCYCCYgUQxczvo
xyGmDVDteuP8fMVmnSoEzq9qA8kPJql2d8iho4mhREqTj8MYYyU9Kl4Nuz+3KQ9t
97AwUys2pt3qELes6+MK9POWFwIDAQABo4HVMIHSMA4GA1UdDwEB/wQEAwIHgDAT
BgNVHSUEDDAKBggrBgEFBQcDCTAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSvbfAx
CEv8w30kGCve74S5P2+igjAfBgNVHSMEGDAWgBRge2YaRQ2XyolQL30EzTSo//z9
SzAPBgkrBgEFBQcwAQUEAgUAMEwGA1UdIARFMEMwQQYJKwYBBAGgMgFfMDQwMgYI
KwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkv
MA0GCSqGSIb3DQEBBQUAA4IBAQASHek+/Wbc9Xd0BWIaSS82VRB37lM6T+ZOz/52
2ZqHLXcRjBwesOKcmeVyDNiHUqj9C3+cnwKNourW1R9h4FrW+wD5eDkJ3j3nO+ki
czxCe7FVKCWeTcPySiFPKoIH0fOpx2MdMc7XGRRHSP9cW2Rwo5yeglK5n7Ps4QGa
KAuSiKNvVNBW50fkwXNsOOBG+BbEOYcuNrnHSdGBbzlNvDo7FA9gpIaDKj0pLOAL
qchqZBrO3HG1Z7c5n63+ef0dxBCbZ5yGLvNCzIv68hKcVibxYheGa/io1k8yrr8d
DT2I7i3+qiHCfDB4pKcihxppwAn/mJXwLE7BKS+FkpjswPEb
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [public, no-transform, must-revalidate]
Cf-Cache-Status: [HIT]
Cf-Ray: [3754de4281f50ee5-EWR]
Content-Length: [1518]
Content-Type: [application/ocsp-response]
Date: [Tue, 27 Jun 2017 02:10:08 GMT]
Etag: ["22a22fa5867299f4a84291fa5fb876c9162cab3d"]
Expires: [Sat, 01 Jul 2017 01:25:24 GMT]
Last-Modified: [Tue, 27 Jun 2017 01:25:24 GMT]
Server: [cloudflare-nginx]
Set-Cookie: [__cfduid=d717d733befd4b046fa504b5652b9a14e1498529408; expires=Wed, 27-Jun-18 02:10:08 GMT; path=/; domain=.globalsign.com; HttpOnly]
Vary: [Accept-Encoding]
  • OCSP requests is smaller than 255 bytes
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

GlobalSign Root CA (CA Certificate)

Certificate details for GlobalSign Root CA (At position 2 in certificate chain)
Serial number:
hex: 40000000001154b5ac394
int: 4835703278459707669005204
Issued by: GlobalSign Root CA
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: GlobalSign nv-sa
Organization unit: Root CA
Country: BE
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

This is a self signed certificate

Check the revocation status for another website

Created by Paul van Brouwershaven
© 2015 - 2017 Digitorus B.V.
Revoked certificates can't and should not be trusted, these certificate will cause errors like "NET::ERR_CERT_REVOKED" in browsers.