CRL & OCSP report for ssl2676.cloudflare.com (CloudFlare, Inc.)

ssl2676.cloudflare.com

Certificate details for ssl2676.cloudflare.com (At position 0 in certificate chain)
Serial number:
hex: 11219e689d9394efaa74c123cf709c7dfb78
int: 1492348740166553407799479425023705643613048
Issued by: GlobalSign Organization Validation CA - G2
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: CloudFlare, Inc.
State / Province: CA
Locality: San Francisco
Country: US
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

Check certificate compliance for ssl2676.cloudflare.com.

Certificate Revocation List (CRL)

This CRL was cached at
http://crl.globalsign.com/gs/gsorganizationvalg2.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://crl.globalsign.com/gs/gsorganizationvalg2.crl
Size: 2752101 bytes (DER data)
Response time: 1.062647135s
This update:
Next update:
Revoked at:
Revoked certificates in CRL: 74368

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: cloudflare-nginx
Content Delivery Network (CDN): CloudFlare, CloudFront
Cache Information: HIT, Hit from cloudfront

Raw CRL response headers

Accept-Ranges: [bytes]
Cache-Control: [public, no-transform, must-revalidate]
Cf-Cache-Status: [HIT]
Cf-Ray: [357aa85b74a518a0-EWR]
Content-Length: [2752101]
Content-Type: [application/pkix-crl]
Date: [Sun, 30 Apr 2017 12:55:50 GMT]
Etag: [015633]
Expires: [Sun, 07 May 2017 04:22:01 GMT]
Last-Modified: [Sun, 30 Apr 2017 04:22:01 GMT]
Server: [cloudflare-nginx]
Set-Cookie: [__cfduid=dd73faca7afbfc0750d3089d0b5ef51651493556950; expires=Mon, 30-Apr-18 12:55:50 GMT; path=/; domain=.globalsign.com; HttpOnly]
Vary: [Accept-Encoding]
Via: [1.1 d97deeb2385556a78005515cfaba11f9.cloudfront.net (CloudFront)]
X-Amz-Cf-Id: [lMvJjbPul6qzRANnRgvEBl-iq2vJZ4-4qP8YkfLdb9NeXaNYVpV6kw==]
X-Cache: [Hit from cloudfront]
  • Content-Type in response is set to 'application/pkix-crl (RFC 5280, section 4.2.1.13)'
  • This CRL file is DER encoded
  • Issuer field is byte-for-byte equivalent with issuers subject
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than seven days old, CRLs must be updated and reissued at least every seven days (Mozilla Maintenance Policy section 3)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://ocsp2.globalsign.com/gsorganizationvalg2 (POST)Revoked

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp2.globalsign.com/gsorganizationvalg2 (POST)
Size: 1580 bytes (DER data)
Response time: 1.036042116s
Signature algorithm: SHA256WithRSA
Signature type: CA Deligated
Signed by: GlobalSign Organization Validation CA - G2 OCSP Responder
Issued by: GlobalSign Organization Validation CA - G2
Signing certificate validity: 2017-04-07 - 2017-07-15
Signing certificate algorithm: SHA1-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Revoked

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: cloudflare-nginx
Content Delivery Network (CDN): CloudFlare
Cache Information: MISS

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFMwUTBPME0wSzAJBgUrDgMCGgUABBReGXQV/tqUV3SNMRE+s25eR/vhjwQUXUay
jcRLdBy77fVztjq3OI91nn4CEhEhnmidk5TvqnTBI89wnH37eA==
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIGKAoBAKCCBiEwggYdBgkrBgEFBQcwAQEEggYOMIIGCjCBuKIWBBSEcGYA2z5x
eMLH53proefAGmx9mRgPMjAxNzA0MzAxMjU1NTBaMIGMMIGJMEswCQYFKw4DAhoF
AAQUXhl0Ff7alFd0jTERPrNuXkf74Y8EFF1Gso3ES3Qcu+31c7Y6tziPdZ5+AhIR
IZ5onZOU76p0wSPPcJx9+3ihFhgPMjAxNDA0MTYxNDAwNTFaoAMKAQAYDzIwMTcw
NDMwMTI1NTUwWqARGA8yMDE3MDUwNDEyNTU1MFowDQYJKoZIhvcNAQELBQADggEB
ADo0x+QmHZo0DDjAJ3OvoiMfiBymlOaGM/sHB6DinP5V/1SvnSJTWmDD9hVM22KV
wUTKmv9C63NVlyoEMMv+wG/MxHsxylvkuCigsM1IDVNG0loslLf5fYJlHJqMAEY+
x5idh05kqFR6eiXPaVhoDWAqgclpx4dAhwvKs3KgCILNCHxfnFjEXt88rShTOQcY
mX4/Ti16++R4JvQNAiKiQJGBAJmrbzG4/K2KiUL6tvPFOFx6naCzqWFMjVucrrgS
t7wJ+r88a2Z+b+CDbmLOICN+kQ0FcrhCBgKINh9FKyPVPUeeGnnRu4oxDJq1eeJl
1MXJjJXcsdaUVj5y9ZdX+imgggQ3MIIEMzCCBC8wggMXoAMCAQICDAZqdeYQEB94
8lZiQTANBgkqhkiG9w0BAQUFADBdMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xv
YmFsU2lnbiBudi1zYTEzMDEGA1UEAxMqR2xvYmFsU2lnbiBPcmdhbml6YXRpb24g
VmFsaWRhdGlvbiBDQSAtIEcyMB4XDTE3MDQwNzAwMDAwMFoXDTE3MDcxNTAwMDAw
MFowgYMxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRUw
EwYDVQQFEwwyMDE2MTIwNzE2MjMxQjBABgNVBAMTOUdsb2JhbFNpZ24gT3JnYW5p
emF0aW9uIFZhbGlkYXRpb24gQ0EgLSBHMiBPQ1NQIFJlc3BvbmRlcjCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBAKDdHQeSnUbpdpLbYW28kSJ80stejbGW
APZ3Ddlk50TG0m27rXzVe/2Oh8lDUR3nmZOEiFjTusrJrzoafK3J4a4redLpxMoB
wowKQURWL2yYjtnp+gPzPOMETKoHwAUI+Vip06+/pqPpISaWo4VduIu1F33/TbHU
89JF8XGbnJS+7XIWbgqxPuzfrfMbD5pIe2lN14mV1WakJyCpLk+NrFdWoKRFf+RZ
duP89yVEhwguU6xbv0TtasMZbMNUY9oLokiEhTrOWvtd8sjX2CWArnQAOFB42xzU
z8KGVQOf+QtnHvQSbFzZij3p+f25BqVeBC1mF0zRF15Dv1ABHfa1gScCAwEAAaOB
xzCBxDAdBgNVHQ4EFgQUhHBmANs+cXjCx+d6a6HnwBpsfZkwHwYDVR0jBBgwFoAU
XUayjcRLdBy77fVztjq3OI91nn4wDwYJKwYBBQUHMAEFBAIFADBMBgNVHSAERTBD
MEEGCSsGAQQBoDIBXzA0MDIGCCsGAQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxz
aWduLmNvbS9yZXBvc2l0b3J5LzAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYI
KwYBBQUHAwkwDQYJKoZIhvcNAQEFBQADggEBAGfMhhRL9fYY18L9Ar3Gt8oYAIy4
SNs/HCN/LF4aRZW6cFv7dO8OTKNF/SzU8FZgh99+YF7nUPUaDFoeWhNpGGBrUust
UppnbKrlwCO/bZFOlmLDGVepEN+hzFjR89Qbz9KxSVlpo/RzEZp1b+V48iSDFrxj
rMXfKtllm0hlPXyJgc7cntvBbABUXPWaxZO3R7DVo62O6kiAXqESMhVKUAYflEEP
v4gT8NRMj01/NQ9oao909IDElr6YiygfNKxILrjwzQH6Rn7+JR4XKIxwdQMIKOAM
rbZK6zgk2J1D9rOw79WEkwij8HldtWxSFmE9kYN0Nbg8BDRXcX4KnaD77pg=
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIELzCCAxegAwIBAgIMBmp15hAQH3jyVmJBMA0GCSqGSIb3DQEBBQUAMF0xCzAJ
BgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTMwMQYDVQQDEypH
bG9iYWxTaWduIE9yZ2FuaXphdGlvbiBWYWxpZGF0aW9uIENBIC0gRzIwHhcNMTcw
NDA3MDAwMDAwWhcNMTcwNzE1MDAwMDAwWjCBgzELMAkGA1UEBhMCQkUxGTAXBgNV
BAoTEEdsb2JhbFNpZ24gbnYtc2ExFTATBgNVBAUTDDIwMTYxMjA3MTYyMzFCMEAG
A1UEAxM5R2xvYmFsU2lnbiBPcmdhbml6YXRpb24gVmFsaWRhdGlvbiBDQSAtIEcy
IE9DU1AgUmVzcG9uZGVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
oN0dB5KdRul2ktthbbyRInzSy16NsZYA9ncN2WTnRMbSbbutfNV7/Y6HyUNRHeeZ
k4SIWNO6ysmvOhp8rcnhrit50unEygHCjApBRFYvbJiO2en6A/M84wRMqgfABQj5
WKnTr7+mo+khJpajhV24i7UXff9NsdTz0kXxcZuclL7tchZuCrE+7N+t8xsPmkh7
aU3XiZXVZqQnIKkuT42sV1agpEV/5Fl24/z3JUSHCC5TrFu/RO1qwxlsw1Rj2gui
SISFOs5a+13yyNfYJYCudAA4UHjbHNTPwoZVA5/5C2ce9BJsXNmKPen5/bkGpV4E
LWYXTNEXXkO/UAEd9rWBJwIDAQABo4HHMIHEMB0GA1UdDgQWBBSEcGYA2z5xeMLH
53proefAGmx9mTAfBgNVHSMEGDAWgBRdRrKNxEt0HLvt9XO2Orc4j3WefjAPBgkr
BgEFBQcwAQUEAgUAMEwGA1UdIARFMEMwQQYJKwYBBAGgMgFfMDQwMgYIKwYBBQUH
AgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMA4GA1Ud
DwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDCTANBgkqhkiG9w0BAQUFAAOC
AQEAZ8yGFEv19hjXwv0Cvca3yhgAjLhI2z8cI38sXhpFlbpwW/t07w5Mo0X9LNTw
VmCH335gXudQ9RoMWh5aE2kYYGtS6y1SmmdsquXAI79tkU6WYsMZV6kQ36HMWNHz
1BvP0rFJWWmj9HMRmnVv5XjyJIMWvGOsxd8q2WWbSGU9fImBztye28FsAFRc9ZrF
k7dHsNWjrY7qSIBeoRIyFUpQBh+UQQ+/iBPw1EyPTX81D2hqj3T0gMSWvpiLKB80
rEguuPDNAfpGfv4lHhcojHB1Awgo4AyttkrrOCTYnUP2s7Dv1YSTCKPweV21bFIW
YT2Rg3Q1uDwENFdxfgqdoPvumA==
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [public, no-transform, must-revalidate]
Cf-Cache-Status: [MISS]
Cf-Ray: [357aa85cf3ef46fe-EWR]
Content-Length: [1580]
Content-Type: [application/ocsp-response]
Date: [Sun, 30 Apr 2017 12:55:51 GMT]
Etag: ["3497fbc4ae5d6a9ade8d282db64d1e247c8afd8e"]
Expires: [Thu, 04 May 2017 12:55:50 GMT]
Last-Modified: [Sun, 30 Apr 2017 12:55:50 GMT]
Server: [cloudflare-nginx]
Set-Cookie: [__cfduid=de973dea286c1fec4621b46ece0be743a1493556950; expires=Mon, 30-Apr-18 12:55:50 GMT; path=/; domain=.globalsign.com; HttpOnly]
Vary: [Accept-Encoding]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • OCSP response is valid for at least 8 hours (Microsoft)
  • OCSP response is available at least 8 hours before the current period expires or at ½ the validity if valid for more than 16 hours (Microsoft)
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)
This OCSP response was cached at
http://ocsp2.globalsign.com/gsorganizationvalg2 (GET)Revoked

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp2.globalsign.com/gsorganizationvalg2 (GET)
Size: 1580 bytes (DER data)
Response time: 1.539961952s
Signature algorithm: SHA256WithRSA
Signature type: CA Deligated
Signed by: GlobalSign Organization Validation CA - G2 OCSP Responder
Issued by: GlobalSign Organization Validation CA - G2
Signing certificate validity: 2017-04-07 - 2017-07-15
Signing certificate algorithm: SHA1-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Revoked

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: cloudflare-nginx
Content Delivery Network (CDN): CloudFlare
Cache Information: HIT

URL used for GET request

http:/gsorganizationvalg2/MFMwUTBPME0wSzAJBgUrDgMCGgUABBReGXQV%2FtqUV3SNMRE%2Bs25eR%2FvhjwQUXUayjcRLdBy77fVztjq3OI91nn4CEhEhnmidk5TvqnTBI89wnH37eA%3D%3D

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFMwUTBPME0wSzAJBgUrDgMCGgUABBReGXQV/tqUV3SNMRE+s25eR/vhjwQUXUay
jcRLdBy77fVztjq3OI91nn4CEhEhnmidk5TvqnTBI89wnH37eA==
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIGKAoBAKCCBiEwggYdBgkrBgEFBQcwAQEEggYOMIIGCjCBuKIWBBSEcGYA2z5x
eMLH53proefAGmx9mRgPMjAxNzA0MzAxMjU1NTBaMIGMMIGJMEswCQYFKw4DAhoF
AAQUXhl0Ff7alFd0jTERPrNuXkf74Y8EFF1Gso3ES3Qcu+31c7Y6tziPdZ5+AhIR
IZ5onZOU76p0wSPPcJx9+3ihFhgPMjAxNDA0MTYxNDAwNTFaoAMKAQAYDzIwMTcw
NDMwMTI1NTUwWqARGA8yMDE3MDUwNDEyNTU1MFowDQYJKoZIhvcNAQELBQADggEB
ADo0x+QmHZo0DDjAJ3OvoiMfiBymlOaGM/sHB6DinP5V/1SvnSJTWmDD9hVM22KV
wUTKmv9C63NVlyoEMMv+wG/MxHsxylvkuCigsM1IDVNG0loslLf5fYJlHJqMAEY+
x5idh05kqFR6eiXPaVhoDWAqgclpx4dAhwvKs3KgCILNCHxfnFjEXt88rShTOQcY
mX4/Ti16++R4JvQNAiKiQJGBAJmrbzG4/K2KiUL6tvPFOFx6naCzqWFMjVucrrgS
t7wJ+r88a2Z+b+CDbmLOICN+kQ0FcrhCBgKINh9FKyPVPUeeGnnRu4oxDJq1eeJl
1MXJjJXcsdaUVj5y9ZdX+imgggQ3MIIEMzCCBC8wggMXoAMCAQICDAZqdeYQEB94
8lZiQTANBgkqhkiG9w0BAQUFADBdMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xv
YmFsU2lnbiBudi1zYTEzMDEGA1UEAxMqR2xvYmFsU2lnbiBPcmdhbml6YXRpb24g
VmFsaWRhdGlvbiBDQSAtIEcyMB4XDTE3MDQwNzAwMDAwMFoXDTE3MDcxNTAwMDAw
MFowgYMxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRUw
EwYDVQQFEwwyMDE2MTIwNzE2MjMxQjBABgNVBAMTOUdsb2JhbFNpZ24gT3JnYW5p
emF0aW9uIFZhbGlkYXRpb24gQ0EgLSBHMiBPQ1NQIFJlc3BvbmRlcjCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBAKDdHQeSnUbpdpLbYW28kSJ80stejbGW
APZ3Ddlk50TG0m27rXzVe/2Oh8lDUR3nmZOEiFjTusrJrzoafK3J4a4redLpxMoB
wowKQURWL2yYjtnp+gPzPOMETKoHwAUI+Vip06+/pqPpISaWo4VduIu1F33/TbHU
89JF8XGbnJS+7XIWbgqxPuzfrfMbD5pIe2lN14mV1WakJyCpLk+NrFdWoKRFf+RZ
duP89yVEhwguU6xbv0TtasMZbMNUY9oLokiEhTrOWvtd8sjX2CWArnQAOFB42xzU
z8KGVQOf+QtnHvQSbFzZij3p+f25BqVeBC1mF0zRF15Dv1ABHfa1gScCAwEAAaOB
xzCBxDAdBgNVHQ4EFgQUhHBmANs+cXjCx+d6a6HnwBpsfZkwHwYDVR0jBBgwFoAU
XUayjcRLdBy77fVztjq3OI91nn4wDwYJKwYBBQUHMAEFBAIFADBMBgNVHSAERTBD
MEEGCSsGAQQBoDIBXzA0MDIGCCsGAQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxz
aWduLmNvbS9yZXBvc2l0b3J5LzAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYI
KwYBBQUHAwkwDQYJKoZIhvcNAQEFBQADggEBAGfMhhRL9fYY18L9Ar3Gt8oYAIy4
SNs/HCN/LF4aRZW6cFv7dO8OTKNF/SzU8FZgh99+YF7nUPUaDFoeWhNpGGBrUust
UppnbKrlwCO/bZFOlmLDGVepEN+hzFjR89Qbz9KxSVlpo/RzEZp1b+V48iSDFrxj
rMXfKtllm0hlPXyJgc7cntvBbABUXPWaxZO3R7DVo62O6kiAXqESMhVKUAYflEEP
v4gT8NRMj01/NQ9oao909IDElr6YiygfNKxILrjwzQH6Rn7+JR4XKIxwdQMIKOAM
rbZK6zgk2J1D9rOw79WEkwij8HldtWxSFmE9kYN0Nbg8BDRXcX4KnaD77pg=
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIELzCCAxegAwIBAgIMBmp15hAQH3jyVmJBMA0GCSqGSIb3DQEBBQUAMF0xCzAJ
BgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTMwMQYDVQQDEypH
bG9iYWxTaWduIE9yZ2FuaXphdGlvbiBWYWxpZGF0aW9uIENBIC0gRzIwHhcNMTcw
NDA3MDAwMDAwWhcNMTcwNzE1MDAwMDAwWjCBgzELMAkGA1UEBhMCQkUxGTAXBgNV
BAoTEEdsb2JhbFNpZ24gbnYtc2ExFTATBgNVBAUTDDIwMTYxMjA3MTYyMzFCMEAG
A1UEAxM5R2xvYmFsU2lnbiBPcmdhbml6YXRpb24gVmFsaWRhdGlvbiBDQSAtIEcy
IE9DU1AgUmVzcG9uZGVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
oN0dB5KdRul2ktthbbyRInzSy16NsZYA9ncN2WTnRMbSbbutfNV7/Y6HyUNRHeeZ
k4SIWNO6ysmvOhp8rcnhrit50unEygHCjApBRFYvbJiO2en6A/M84wRMqgfABQj5
WKnTr7+mo+khJpajhV24i7UXff9NsdTz0kXxcZuclL7tchZuCrE+7N+t8xsPmkh7
aU3XiZXVZqQnIKkuT42sV1agpEV/5Fl24/z3JUSHCC5TrFu/RO1qwxlsw1Rj2gui
SISFOs5a+13yyNfYJYCudAA4UHjbHNTPwoZVA5/5C2ce9BJsXNmKPen5/bkGpV4E
LWYXTNEXXkO/UAEd9rWBJwIDAQABo4HHMIHEMB0GA1UdDgQWBBSEcGYA2z5xeMLH
53proefAGmx9mTAfBgNVHSMEGDAWgBRdRrKNxEt0HLvt9XO2Orc4j3WefjAPBgkr
BgEFBQcwAQUEAgUAMEwGA1UdIARFMEMwQQYJKwYBBAGgMgFfMDQwMgYIKwYBBQUH
AgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMA4GA1Ud
DwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDCTANBgkqhkiG9w0BAQUFAAOC
AQEAZ8yGFEv19hjXwv0Cvca3yhgAjLhI2z8cI38sXhpFlbpwW/t07w5Mo0X9LNTw
VmCH335gXudQ9RoMWh5aE2kYYGtS6y1SmmdsquXAI79tkU6WYsMZV6kQ36HMWNHz
1BvP0rFJWWmj9HMRmnVv5XjyJIMWvGOsxd8q2WWbSGU9fImBztye28FsAFRc9ZrF
k7dHsNWjrY7qSIBeoRIyFUpQBh+UQQ+/iBPw1EyPTX81D2hqj3T0gMSWvpiLKB80
rEguuPDNAfpGfv4lHhcojHB1Awgo4AyttkrrOCTYnUP2s7Dv1YSTCKPweV21bFIW
YT2Rg3Q1uDwENFdxfgqdoPvumA==
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [public, no-transform, must-revalidate]
Cf-Cache-Status: [HIT]
Cf-Ray: [357aa85d03c91864-EWR]
Content-Length: [1580]
Content-Type: [application/ocsp-response]
Date: [Sun, 30 Apr 2017 12:55:51 GMT]
Etag: ["3497fbc4ae5d6a9ade8d282db64d1e247c8afd8e"]
Expires: [Thu, 04 May 2017 12:55:50 GMT]
Last-Modified: [Sun, 30 Apr 2017 12:55:50 GMT]
Server: [cloudflare-nginx]
Set-Cookie: [__cfduid=dd53cf2483764aa293bae3b07862bbab81493556950; expires=Mon, 30-Apr-18 12:55:50 GMT; path=/; domain=.globalsign.com; HttpOnly]
Vary: [Accept-Encoding]
  • OCSP requests is smaller than 255 bytes
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • OCSP response is valid for at least 8 hours (Microsoft)
  • OCSP response is available at least 8 hours before the current period expires or at ½ the validity if valid for more than 16 hours (Microsoft)
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

GlobalSign Organization Validation CA - G2 (CA Certificate)

Certificate details for GlobalSign Organization Validation CA - G2 (At position 1 in certificate chain)
Serial number:
hex: 400000000012f4ee1450c
int: 4835703278459819397301516
Issued by: GlobalSign Root CA
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: GlobalSign nv-sa
Country: BE
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

Certificate Revocation List (CRL)

This CRL was cached at
http://crl.globalsign.net/root.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://crl.globalsign.net/root.crl
Size: 782 bytes (DER data)
Response time: 234.949458ms
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 7

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: cloudflare-nginx
Content Delivery Network (CDN): CloudFlare
Cache Information: HIT

Raw CRL response headers

Accept-Ranges: [bytes]
Cache-Control: [public, max-age=6519850]
Cf-Cache-Status: [HIT]
Cf-Ray: [357aa85b72411876-EWR]
Content-Length: [782]
Content-Type: [application/pkix-crl]
Date: [Sun, 30 Apr 2017 12:55:50 GMT]
Etag: [39]
Expires: [Sat, 15 Jul 2017 00:00:00 GMT]
Last-Modified: [Wed, 19 Apr 2017 00:00:00 GMT]
Server: [cloudflare-nginx]
Set-Cookie: [__cfduid=d82bd14bd46a5ab81e466b5a7b2c9b54a1493556950; expires=Mon, 30-Apr-18 12:55:50 GMT; path=/; domain=.globalsign.net; HttpOnly]
Vary: [Accept-Encoding]
  • Content-Type in response is set to 'application/pkix-crl (RFC 5280, section 4.2.1.13)'
  • This CRL file is DER encoded
  • Issuer field is byte-for-byte equivalent with issuers subject
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://ocsp.globalsign.com/rootr1 (GET)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp.globalsign.com/rootr1 (GET)
Size: 1518 bytes (DER data)
Response time: 249.736831ms
Signature algorithm: SHA256WithRSA
Signature type: CA Deligated
Signed by: GlobalSign OCSP for Root R1 - Signer 1.1
Issued by: GlobalSign Root CA
Signing certificate validity: 2017-04-07 - 2017-07-15
Signing certificate algorithm: SHA1-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: cloudflare-nginx
Content Delivery Network (CDN): CloudFlare
Cache Information: HIT

URL used for GET request

http:/rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCCwQAAAAAAS9O4UUM

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6+MgGqMQQUYHtm
GkUNl8qJUC99BM00qP/8/UsCCwQAAAAAAS9O4UUM
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIF6goBAKCCBeMwggXfBgkrBgEFBQcwAQEEggXQMIIFzDCBmaIWBBRr0IWpLGvT
FeIMvlCoqIzANZCQQRgPMjAxNzA0MzAwOTU2MTFaMG4wbDBEMAkGBSsOAwIaBQAE
FLdXtbacB/gWIxOOkMkqDr4yAaoxBBRge2YaRQ2XyolQL30EzTSo//z9SwILBAAA
AAABL07hRQyAABgPMjAxNzA0MzAwOTU2MTFaoBEYDzIwMTcwNTA0MDk1NjExWjAN
BgkqhkiG9w0BAQsFAAOCAQEALyBrtj2IF87ldbNpFEuQV4Su1Ihelb+A1KbwCpZ4
OdBGhOnlks+rYXZut8Yi645rk2i5pyvu+LkQf6no4Ur4cC03xz/QJQSVtZoNEDO5
rUizNNlcJ/zoUFMeH+TJjqikYnM+Pm+/QylPbdjmdp22RFvKRowqJROEnFVSN3wF
TGGH8DeyG9eZ76Sl43yuQYoVIIQRcJWW4S5hv2sFS/5ZyZflcr56qy8RVeII1Ye+
2Nee1mZFyCpF5Sh9u/xvsL6sGZ0+BTE0H+S0f2yZUA6acmPokQZXf4jL2l7mOui/
W995SVMGuNSvWDcWou0nv5g+bzJ83u9BWifLfV3LUKCv/qCCBBgwggQUMIIEEDCC
AvigAwIBAgIOSPWzESmX3xEGSFD3EkEwDQYJKoZIhvcNAQEFBQAwVzELMAkGA1UE
BhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jvb3Qg
Q0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xNzA0MDcwMDAwMDBa
Fw0xNzA3MTUwMDAwMDBaMFsxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxT
aWduIG52LXNhMTEwLwYDVQQDEyhHbG9iYWxTaWduIE9DU1AgZm9yIFJvb3QgUjEg
LSBTaWduZXIgMS4xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuhvF
lmaool/STZVnvGSHel5cQ0D+Ru/AHHAD7pxWRN/ufb2Gq+KLdhWROdAI0eLvaQAV
Om3kxM9IPc0tZMEwI618halKDO1TG5zz/GQMp1r4wuaPqGEaqi6CD+UBFyaGlhLq
nsgB74qjtB5rl6bMy5/3An87DVuKN7IdC6kBuBTuGVk7tDcrS8bPF/LA+AzAz3g7
WTpMSlZAIXrEl5bgXzQHvHfYCpMsmcZBI4NmYgmtCNgphOwkxNQENcQPGhM/4eCj
0k3DtXtPXpp0iTPxVbBi/dQ2SKi73UqPttQNb5AQf2fHjCGClSKHk3sq0NisHrCW
gbcdT4ayMqDjSjh4SwIDAQABo4HVMIHSMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUE
DDAKBggrBgEFBQcDCTAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRr0IWpLGvTFeIM
vlCoqIzANZCQQTAfBgNVHSMEGDAWgBRge2YaRQ2XyolQL30EzTSo//z9SzAPBgkr
BgEFBQcwAQUEAgUAMEwGA1UdIARFMEMwQQYJKwYBBAGgMgFfMDQwMgYIKwYBBQUH
AgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMA0GCSqG
SIb3DQEBBQUAA4IBAQAxKJcSLXgYKslSd0pla6b8U8XXV3cP6kOd4LL40UG/B8gl
qJD+YBGv7oPJDAezG1pzmoqrcBQhKbWG8whhj5fKs56iMiz82Kaovb5s4CaRfcTJ
uzLHrHoLuGbAnLR/S+p2pFVcxNLE9TmQ9X5gwwvnrf/RxWjocetUcqnt7Nvoy/Fo
At16plXiUk1PAiz60EgUvyx4Jm9uirb+G7NQpmaP1FtyAYkBOr/XtbyYd3ZToUqj
9m1iy5o5NlDsBFNR6pYowu0/KJwNs+d5kjr2HtllfMrYP4yTv8fDNed1SyRxw7XH
xwCHbgWc12rPOOt3/hetmIelMQj8esDBp0ZsH3PF
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIEEDCCAvigAwIBAgIOSPWzESmX3xEGSFD3EkEwDQYJKoZIhvcNAQEFBQAwVzEL
MAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsT
B1Jvb3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xNzA0MDcw
MDAwMDBaFw0xNzA3MTUwMDAwMDBaMFsxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBH
bG9iYWxTaWduIG52LXNhMTEwLwYDVQQDEyhHbG9iYWxTaWduIE9DU1AgZm9yIFJv
b3QgUjEgLSBTaWduZXIgMS4xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAuhvFlmaool/STZVnvGSHel5cQ0D+Ru/AHHAD7pxWRN/ufb2Gq+KLdhWROdAI
0eLvaQAVOm3kxM9IPc0tZMEwI618halKDO1TG5zz/GQMp1r4wuaPqGEaqi6CD+UB
FyaGlhLqnsgB74qjtB5rl6bMy5/3An87DVuKN7IdC6kBuBTuGVk7tDcrS8bPF/LA
+AzAz3g7WTpMSlZAIXrEl5bgXzQHvHfYCpMsmcZBI4NmYgmtCNgphOwkxNQENcQP
GhM/4eCj0k3DtXtPXpp0iTPxVbBi/dQ2SKi73UqPttQNb5AQf2fHjCGClSKHk3sq
0NisHrCWgbcdT4ayMqDjSjh4SwIDAQABo4HVMIHSMA4GA1UdDwEB/wQEAwIHgDAT
BgNVHSUEDDAKBggrBgEFBQcDCTAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRr0IWp
LGvTFeIMvlCoqIzANZCQQTAfBgNVHSMEGDAWgBRge2YaRQ2XyolQL30EzTSo//z9
SzAPBgkrBgEFBQcwAQUEAgUAMEwGA1UdIARFMEMwQQYJKwYBBAGgMgFfMDQwMgYI
KwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkv
MA0GCSqGSIb3DQEBBQUAA4IBAQAxKJcSLXgYKslSd0pla6b8U8XXV3cP6kOd4LL4
0UG/B8glqJD+YBGv7oPJDAezG1pzmoqrcBQhKbWG8whhj5fKs56iMiz82Kaovb5s
4CaRfcTJuzLHrHoLuGbAnLR/S+p2pFVcxNLE9TmQ9X5gwwvnrf/RxWjocetUcqnt
7Nvoy/FoAt16plXiUk1PAiz60EgUvyx4Jm9uirb+G7NQpmaP1FtyAYkBOr/XtbyY
d3ZToUqj9m1iy5o5NlDsBFNR6pYowu0/KJwNs+d5kjr2HtllfMrYP4yTv8fDNed1
SyRxw7XHxwCHbgWc12rPOOt3/hetmIelMQj8esDBp0ZsH3PF
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [public, no-transform, must-revalidate]
Cf-Cache-Status: [HIT]
Cf-Ray: [357aa85b726d4740-EWR]
Content-Length: [1518]
Content-Type: [application/ocsp-response]
Date: [Sun, 30 Apr 2017 12:55:50 GMT]
Etag: ["7a4f757b2c4eb10cfff3e419dd9c0278c636041f"]
Expires: [Thu, 04 May 2017 09:56:11 GMT]
Last-Modified: [Sun, 30 Apr 2017 09:56:11 GMT]
Server: [cloudflare-nginx]
Set-Cookie: [__cfduid=d228b6c41e66631c50ef78c9cb22289681493556950; expires=Mon, 30-Apr-18 12:55:50 GMT; path=/; domain=.globalsign.com; HttpOnly]
Vary: [Accept-Encoding]
  • OCSP requests is smaller than 255 bytes
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)
This OCSP response was cached at
http://ocsp.globalsign.com/rootr1 (POST)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp.globalsign.com/rootr1 (POST)
Size: 1518 bytes (DER data)
Response time: 16.772126ms
Signature algorithm: SHA256WithRSA
Signature type: CA Deligated
Signed by: GlobalSign OCSP for Root R1 - Signer 1.1
Issued by: GlobalSign Root CA
Signing certificate validity: 2017-04-07 - 2017-07-15
Signing certificate algorithm: SHA1-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: cloudflare-nginx
Content Delivery Network (CDN): CloudFlare
Cache Information: HIT

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6+MgGqMQQUYHtm
GkUNl8qJUC99BM00qP/8/UsCCwQAAAAAAS9O4UUM
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIF6goBAKCCBeMwggXfBgkrBgEFBQcwAQEEggXQMIIFzDCBmaIWBBRr0IWpLGvT
FeIMvlCoqIzANZCQQRgPMjAxNzA0MzAwOTU2MTFaMG4wbDBEMAkGBSsOAwIaBQAE
FLdXtbacB/gWIxOOkMkqDr4yAaoxBBRge2YaRQ2XyolQL30EzTSo//z9SwILBAAA
AAABL07hRQyAABgPMjAxNzA0MzAwOTU2MTFaoBEYDzIwMTcwNTA0MDk1NjExWjAN
BgkqhkiG9w0BAQsFAAOCAQEALyBrtj2IF87ldbNpFEuQV4Su1Ihelb+A1KbwCpZ4
OdBGhOnlks+rYXZut8Yi645rk2i5pyvu+LkQf6no4Ur4cC03xz/QJQSVtZoNEDO5
rUizNNlcJ/zoUFMeH+TJjqikYnM+Pm+/QylPbdjmdp22RFvKRowqJROEnFVSN3wF
TGGH8DeyG9eZ76Sl43yuQYoVIIQRcJWW4S5hv2sFS/5ZyZflcr56qy8RVeII1Ye+
2Nee1mZFyCpF5Sh9u/xvsL6sGZ0+BTE0H+S0f2yZUA6acmPokQZXf4jL2l7mOui/
W995SVMGuNSvWDcWou0nv5g+bzJ83u9BWifLfV3LUKCv/qCCBBgwggQUMIIEEDCC
AvigAwIBAgIOSPWzESmX3xEGSFD3EkEwDQYJKoZIhvcNAQEFBQAwVzELMAkGA1UE
BhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jvb3Qg
Q0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xNzA0MDcwMDAwMDBa
Fw0xNzA3MTUwMDAwMDBaMFsxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxT
aWduIG52LXNhMTEwLwYDVQQDEyhHbG9iYWxTaWduIE9DU1AgZm9yIFJvb3QgUjEg
LSBTaWduZXIgMS4xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuhvF
lmaool/STZVnvGSHel5cQ0D+Ru/AHHAD7pxWRN/ufb2Gq+KLdhWROdAI0eLvaQAV
Om3kxM9IPc0tZMEwI618halKDO1TG5zz/GQMp1r4wuaPqGEaqi6CD+UBFyaGlhLq
nsgB74qjtB5rl6bMy5/3An87DVuKN7IdC6kBuBTuGVk7tDcrS8bPF/LA+AzAz3g7
WTpMSlZAIXrEl5bgXzQHvHfYCpMsmcZBI4NmYgmtCNgphOwkxNQENcQPGhM/4eCj
0k3DtXtPXpp0iTPxVbBi/dQ2SKi73UqPttQNb5AQf2fHjCGClSKHk3sq0NisHrCW
gbcdT4ayMqDjSjh4SwIDAQABo4HVMIHSMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUE
DDAKBggrBgEFBQcDCTAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRr0IWpLGvTFeIM
vlCoqIzANZCQQTAfBgNVHSMEGDAWgBRge2YaRQ2XyolQL30EzTSo//z9SzAPBgkr
BgEFBQcwAQUEAgUAMEwGA1UdIARFMEMwQQYJKwYBBAGgMgFfMDQwMgYIKwYBBQUH
AgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMA0GCSqG
SIb3DQEBBQUAA4IBAQAxKJcSLXgYKslSd0pla6b8U8XXV3cP6kOd4LL40UG/B8gl
qJD+YBGv7oPJDAezG1pzmoqrcBQhKbWG8whhj5fKs56iMiz82Kaovb5s4CaRfcTJ
uzLHrHoLuGbAnLR/S+p2pFVcxNLE9TmQ9X5gwwvnrf/RxWjocetUcqnt7Nvoy/Fo
At16plXiUk1PAiz60EgUvyx4Jm9uirb+G7NQpmaP1FtyAYkBOr/XtbyYd3ZToUqj
9m1iy5o5NlDsBFNR6pYowu0/KJwNs+d5kjr2HtllfMrYP4yTv8fDNed1SyRxw7XH
xwCHbgWc12rPOOt3/hetmIelMQj8esDBp0ZsH3PF
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIEEDCCAvigAwIBAgIOSPWzESmX3xEGSFD3EkEwDQYJKoZIhvcNAQEFBQAwVzEL
MAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsT
B1Jvb3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xNzA0MDcw
MDAwMDBaFw0xNzA3MTUwMDAwMDBaMFsxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBH
bG9iYWxTaWduIG52LXNhMTEwLwYDVQQDEyhHbG9iYWxTaWduIE9DU1AgZm9yIFJv
b3QgUjEgLSBTaWduZXIgMS4xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAuhvFlmaool/STZVnvGSHel5cQ0D+Ru/AHHAD7pxWRN/ufb2Gq+KLdhWROdAI
0eLvaQAVOm3kxM9IPc0tZMEwI618halKDO1TG5zz/GQMp1r4wuaPqGEaqi6CD+UB
FyaGlhLqnsgB74qjtB5rl6bMy5/3An87DVuKN7IdC6kBuBTuGVk7tDcrS8bPF/LA
+AzAz3g7WTpMSlZAIXrEl5bgXzQHvHfYCpMsmcZBI4NmYgmtCNgphOwkxNQENcQP
GhM/4eCj0k3DtXtPXpp0iTPxVbBi/dQ2SKi73UqPttQNb5AQf2fHjCGClSKHk3sq
0NisHrCWgbcdT4ayMqDjSjh4SwIDAQABo4HVMIHSMA4GA1UdDwEB/wQEAwIHgDAT
BgNVHSUEDDAKBggrBgEFBQcDCTAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRr0IWp
LGvTFeIMvlCoqIzANZCQQTAfBgNVHSMEGDAWgBRge2YaRQ2XyolQL30EzTSo//z9
SzAPBgkrBgEFBQcwAQUEAgUAMEwGA1UdIARFMEMwQQYJKwYBBAGgMgFfMDQwMgYI
KwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkv
MA0GCSqGSIb3DQEBBQUAA4IBAQAxKJcSLXgYKslSd0pla6b8U8XXV3cP6kOd4LL4
0UG/B8glqJD+YBGv7oPJDAezG1pzmoqrcBQhKbWG8whhj5fKs56iMiz82Kaovb5s
4CaRfcTJuzLHrHoLuGbAnLR/S+p2pFVcxNLE9TmQ9X5gwwvnrf/RxWjocetUcqnt
7Nvoy/FoAt16plXiUk1PAiz60EgUvyx4Jm9uirb+G7NQpmaP1FtyAYkBOr/XtbyY
d3ZToUqj9m1iy5o5NlDsBFNR6pYowu0/KJwNs+d5kjr2HtllfMrYP4yTv8fDNed1
SyRxw7XHxwCHbgWc12rPOOt3/hetmIelMQj8esDBp0ZsH3PF
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [public, no-transform, must-revalidate]
Cf-Cache-Status: [HIT]
Cf-Ray: [357aa85ce6032180-EWR]
Content-Length: [1518]
Content-Type: [application/ocsp-response]
Date: [Sun, 30 Apr 2017 12:55:50 GMT]
Etag: ["7a4f757b2c4eb10cfff3e419dd9c0278c636041f"]
Expires: [Thu, 04 May 2017 09:56:11 GMT]
Last-Modified: [Sun, 30 Apr 2017 09:56:11 GMT]
Server: [cloudflare-nginx]
Set-Cookie: [__cfduid=d3e26b2deb2de197cfacd89b281fd8e491493556950; expires=Mon, 30-Apr-18 12:55:50 GMT; path=/; domain=.globalsign.com; HttpOnly]
Vary: [Accept-Encoding]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

GlobalSign Root CA (CA Certificate)

Certificate details for GlobalSign Root CA (At position 2 in certificate chain)
Serial number:
hex: 40000000001154b5ac394
int: 4835703278459707669005204
Issued by: GlobalSign Root CA
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: GlobalSign nv-sa
Organization unit: Root CA
Country: BE
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

This is a self signed certificate

Check the revocation status for another website

Created by Paul van Brouwershaven
Revoked certificates can't and should not be trusted, these certificate will cause errors like "NET::ERR_CERT_REVOKED" in browsers.