CRL & OCSP report for ssl2534.cloudflare.com (CloudFlare, Inc.)

ssl2534.cloudflare.com

Certificate details for ssl2534.cloudflare.com (At position 0 in certificate chain)
Serial number:
hex: 1121f5cb27dbbdbb92766aabdc5518a98001
int: 1492464894651968410806441125408513712553985
Issued by: GlobalSign Organization Validation CA - G2
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: CloudFlare, Inc.
State / Province: CA
Locality: San Francisco
Country: US
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

Check certificate compliance for ssl2534.cloudflare.com.

Certificate Revocation List (CRL)

This CRL was cached at
http://crl.globalsign.com/gs/gsorganizationvalg2.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://crl.globalsign.com/gs/gsorganizationvalg2.crl
Size: 2648686 bytes (DER data)
Response time: 176.589032ms
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 71573

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: cloudflare-nginx
Content Delivery Network (CDN): CloudFlare, CloudFront
Cache Information: REVALIDATED, Miss from cloudfront

Raw CRL response headers

Accept-Ranges: [bytes]
Cache-Control: [public, no-transform, must-revalidate]
Cf-Cache-Status: [REVALIDATED]
Cf-Ray: [3761c543921e2192-EWR]
Content-Length: [2648686]
Content-Type: [application/pkix-crl]
Date: [Wed, 28 Jun 2017 15:44:59 GMT]
Etag: [01566E]
Expires: [Wed, 05 Jul 2017 08:05:47 GMT]
Last-Modified: [Wed, 28 Jun 2017 08:05:47 GMT]
Server: [cloudflare-nginx]
Set-Cookie: [__cfduid=df03bc4d47f3f61a08f078e2fbaf3eaad1498664699; expires=Thu, 28-Jun-18 15:44:59 GMT; path=/; domain=.globalsign.com; HttpOnly]
Vary: [Accept-Encoding]
Via: [1.1 ac094a1c1bf8cbfbb98e93fa2b2431c0.cloudfront.net (CloudFront)]
X-Amz-Cf-Id: [5mS64fX5Qhp1a2-Zxqbbk5HwIBKWO_LxuHD2INsoaDEIhVwAm5zObg==]
X-Cache: [Miss from cloudfront]
  • Content-Type in response is set to 'application/pkix-crl (RFC 5280, section 4.2.1.13)'
  • This CRL file is DER encoded
  • Issuer field is byte-for-byte equivalent with issuers subject
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than seven days old, CRLs must be updated and reissued at least every seven days (Mozilla Maintenance Policy section 3)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://ocsp2.globalsign.com/gsorganizationvalg2 (POST)Revoked

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp2.globalsign.com/gsorganizationvalg2 (POST)
Size: 1580 bytes (DER data)
Response time: 565.626132ms
Signature algorithm: SHA256WithRSA
Signature type: CA Delegated
Signed by: GlobalSign Organization Validation CA - G2 OCSP Responder
Issued by: GlobalSign Organization Validation CA - G2
Signing certificate validity: 2017-04-07 - 2017-07-15
Signing certificate algorithm: SHA1-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Revoked

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: cloudflare-nginx
Content Delivery Network (CDN): CloudFlare
Cache Information: MISS

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFMwUTBPME0wSzAJBgUrDgMCGgUABBReGXQV/tqUV3SNMRE+s25eR/vhjwQUXUay
jcRLdBy77fVztjq3OI91nn4CEhEh9csn2727knZqq9xVGKmAAQ==
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIGKAoBAKCCBiEwggYdBgkrBgEFBQcwAQEEggYOMIIGCjCBuKIWBBSEcGYA2z5x
eMLH53proefAGmx9mRgPMjAxNzA2MjgxNTQ0NTlaMIGMMIGJMEswCQYFKw4DAhoF
AAQUXhl0Ff7alFd0jTERPrNuXkf74Y8EFF1Gso3ES3Qcu+31c7Y6tziPdZ5+AhIR
IfXLJ9u9u5J2aqvcVRipgAGhFhgPMjAxNDA0MTYyMzM0NThaoAMKAQAYDzIwMTcw
NjI4MTU0NDU5WqARGA8yMDE3MDcwMjE1NDQ1OVowDQYJKoZIhvcNAQELBQADggEB
AFkCPdp1DWWNPo0mYDR6m8jIVZfN7c2tyxIB+go6Z6fBj7ht6/n5NRb4M1/ms0AH
mAil2tIxXGlkC0wJqiuVrN1gc9L6sCFVjmyjR59In1r4OQZURvR+SDZwLc3VDeXp
UeHHtTPBLfoXpkkT9i8rw1XTYpM3t8oyv9Cf3ali79DymYmMP+x8R/lk8KL0ZUCX
zkWElNkf9vc38unqh5Egi1e65NlAYDrvsEZjKqxSkkaqi+SfaNBrDANqAO66jAw2
OAqYE6ihJU/OnxwrWKaoLvAPTFBptbJrBqZZMiwtgzM/gW1KyfRO00IelqkZ2Slb
wF7WMHaQsg7/PxiV52wqeBCgggQ3MIIEMzCCBC8wggMXoAMCAQICDAZqdeYQEB94
8lZiQTANBgkqhkiG9w0BAQUFADBdMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xv
YmFsU2lnbiBudi1zYTEzMDEGA1UEAxMqR2xvYmFsU2lnbiBPcmdhbml6YXRpb24g
VmFsaWRhdGlvbiBDQSAtIEcyMB4XDTE3MDQwNzAwMDAwMFoXDTE3MDcxNTAwMDAw
MFowgYMxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRUw
EwYDVQQFEwwyMDE2MTIwNzE2MjMxQjBABgNVBAMTOUdsb2JhbFNpZ24gT3JnYW5p
emF0aW9uIFZhbGlkYXRpb24gQ0EgLSBHMiBPQ1NQIFJlc3BvbmRlcjCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBAKDdHQeSnUbpdpLbYW28kSJ80stejbGW
APZ3Ddlk50TG0m27rXzVe/2Oh8lDUR3nmZOEiFjTusrJrzoafK3J4a4redLpxMoB
wowKQURWL2yYjtnp+gPzPOMETKoHwAUI+Vip06+/pqPpISaWo4VduIu1F33/TbHU
89JF8XGbnJS+7XIWbgqxPuzfrfMbD5pIe2lN14mV1WakJyCpLk+NrFdWoKRFf+RZ
duP89yVEhwguU6xbv0TtasMZbMNUY9oLokiEhTrOWvtd8sjX2CWArnQAOFB42xzU
z8KGVQOf+QtnHvQSbFzZij3p+f25BqVeBC1mF0zRF15Dv1ABHfa1gScCAwEAAaOB
xzCBxDAdBgNVHQ4EFgQUhHBmANs+cXjCx+d6a6HnwBpsfZkwHwYDVR0jBBgwFoAU
XUayjcRLdBy77fVztjq3OI91nn4wDwYJKwYBBQUHMAEFBAIFADBMBgNVHSAERTBD
MEEGCSsGAQQBoDIBXzA0MDIGCCsGAQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxz
aWduLmNvbS9yZXBvc2l0b3J5LzAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYI
KwYBBQUHAwkwDQYJKoZIhvcNAQEFBQADggEBAGfMhhRL9fYY18L9Ar3Gt8oYAIy4
SNs/HCN/LF4aRZW6cFv7dO8OTKNF/SzU8FZgh99+YF7nUPUaDFoeWhNpGGBrUust
UppnbKrlwCO/bZFOlmLDGVepEN+hzFjR89Qbz9KxSVlpo/RzEZp1b+V48iSDFrxj
rMXfKtllm0hlPXyJgc7cntvBbABUXPWaxZO3R7DVo62O6kiAXqESMhVKUAYflEEP
v4gT8NRMj01/NQ9oao909IDElr6YiygfNKxILrjwzQH6Rn7+JR4XKIxwdQMIKOAM
rbZK6zgk2J1D9rOw79WEkwij8HldtWxSFmE9kYN0Nbg8BDRXcX4KnaD77pg=
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIELzCCAxegAwIBAgIMBmp15hAQH3jyVmJBMA0GCSqGSIb3DQEBBQUAMF0xCzAJ
BgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTMwMQYDVQQDEypH
bG9iYWxTaWduIE9yZ2FuaXphdGlvbiBWYWxpZGF0aW9uIENBIC0gRzIwHhcNMTcw
NDA3MDAwMDAwWhcNMTcwNzE1MDAwMDAwWjCBgzELMAkGA1UEBhMCQkUxGTAXBgNV
BAoTEEdsb2JhbFNpZ24gbnYtc2ExFTATBgNVBAUTDDIwMTYxMjA3MTYyMzFCMEAG
A1UEAxM5R2xvYmFsU2lnbiBPcmdhbml6YXRpb24gVmFsaWRhdGlvbiBDQSAtIEcy
IE9DU1AgUmVzcG9uZGVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
oN0dB5KdRul2ktthbbyRInzSy16NsZYA9ncN2WTnRMbSbbutfNV7/Y6HyUNRHeeZ
k4SIWNO6ysmvOhp8rcnhrit50unEygHCjApBRFYvbJiO2en6A/M84wRMqgfABQj5
WKnTr7+mo+khJpajhV24i7UXff9NsdTz0kXxcZuclL7tchZuCrE+7N+t8xsPmkh7
aU3XiZXVZqQnIKkuT42sV1agpEV/5Fl24/z3JUSHCC5TrFu/RO1qwxlsw1Rj2gui
SISFOs5a+13yyNfYJYCudAA4UHjbHNTPwoZVA5/5C2ce9BJsXNmKPen5/bkGpV4E
LWYXTNEXXkO/UAEd9rWBJwIDAQABo4HHMIHEMB0GA1UdDgQWBBSEcGYA2z5xeMLH
53proefAGmx9mTAfBgNVHSMEGDAWgBRdRrKNxEt0HLvt9XO2Orc4j3WefjAPBgkr
BgEFBQcwAQUEAgUAMEwGA1UdIARFMEMwQQYJKwYBBAGgMgFfMDQwMgYIKwYBBQUH
AgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMA4GA1Ud
DwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDCTANBgkqhkiG9w0BAQUFAAOC
AQEAZ8yGFEv19hjXwv0Cvca3yhgAjLhI2z8cI38sXhpFlbpwW/t07w5Mo0X9LNTw
VmCH335gXudQ9RoMWh5aE2kYYGtS6y1SmmdsquXAI79tkU6WYsMZV6kQ36HMWNHz
1BvP0rFJWWmj9HMRmnVv5XjyJIMWvGOsxd8q2WWbSGU9fImBztye28FsAFRc9ZrF
k7dHsNWjrY7qSIBeoRIyFUpQBh+UQQ+/iBPw1EyPTX81D2hqj3T0gMSWvpiLKB80
rEguuPDNAfpGfv4lHhcojHB1Awgo4AyttkrrOCTYnUP2s7Dv1YSTCKPweV21bFIW
YT2Rg3Q1uDwENFdxfgqdoPvumA==
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [public, no-transform, must-revalidate]
Cf-Cache-Status: [MISS]
Cf-Ray: [3761c543957421c8-EWR]
Content-Length: [1580]
Content-Type: [application/ocsp-response]
Date: [Wed, 28 Jun 2017 15:45:00 GMT]
Etag: ["a7845d9212d65974fd8b7f76baa0ab4086876f04"]
Expires: [Sun, 02 Jul 2017 15:44:59 GMT]
Last-Modified: [Wed, 28 Jun 2017 15:44:59 GMT]
Server: [cloudflare-nginx]
Set-Cookie: [__cfduid=d568510066facffe6a9618767665ffcd31498664699; expires=Thu, 28-Jun-18 15:44:59 GMT; path=/; domain=.globalsign.com; HttpOnly]
Vary: [Accept-Encoding]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • OCSP response is valid for at least 8 hours (Microsoft)
  • OCSP response is available at least 8 hours before the current period expires or at ½ the validity if valid for more than 16 hours (Microsoft)
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)
This OCSP response was cached at
http://ocsp2.globalsign.com/gsorganizationvalg2 (GET)Revoked

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp2.globalsign.com/gsorganizationvalg2 (GET)
Size: 1580 bytes (DER data)
Response time: 1.008413548s
Signature algorithm: SHA256WithRSA
Signature type: CA Delegated
Signed by: GlobalSign Organization Validation CA - G2 OCSP Responder
Issued by: GlobalSign Organization Validation CA - G2
Signing certificate validity: 2017-04-07 - 2017-07-15
Signing certificate algorithm: SHA1-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Revoked

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: cloudflare-nginx
Content Delivery Network (CDN): CloudFlare
Cache Information: HIT

URL used for GET request

http://ocsp2.globalsign.com/gsorganizationvalg2/MFMwUTBPME0wSzAJBgUrDgMCGgUABBReGXQV%2FtqUV3SNMRE%2Bs25eR%2FvhjwQUXUayjcRLdBy77fVztjq3OI91nn4CEhEh9csn2727knZqq9xVGKmAAQ%3D%3D

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFMwUTBPME0wSzAJBgUrDgMCGgUABBReGXQV/tqUV3SNMRE+s25eR/vhjwQUXUay
jcRLdBy77fVztjq3OI91nn4CEhEh9csn2727knZqq9xVGKmAAQ==
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIGKAoBAKCCBiEwggYdBgkrBgEFBQcwAQEEggYOMIIGCjCBuKIWBBSEcGYA2z5x
eMLH53proefAGmx9mRgPMjAxNzA2MjgxNTQ0NTlaMIGMMIGJMEswCQYFKw4DAhoF
AAQUXhl0Ff7alFd0jTERPrNuXkf74Y8EFF1Gso3ES3Qcu+31c7Y6tziPdZ5+AhIR
IfXLJ9u9u5J2aqvcVRipgAGhFhgPMjAxNDA0MTYyMzM0NThaoAMKAQAYDzIwMTcw
NjI4MTU0NDU5WqARGA8yMDE3MDcwMjE1NDQ1OVowDQYJKoZIhvcNAQELBQADggEB
AFkCPdp1DWWNPo0mYDR6m8jIVZfN7c2tyxIB+go6Z6fBj7ht6/n5NRb4M1/ms0AH
mAil2tIxXGlkC0wJqiuVrN1gc9L6sCFVjmyjR59In1r4OQZURvR+SDZwLc3VDeXp
UeHHtTPBLfoXpkkT9i8rw1XTYpM3t8oyv9Cf3ali79DymYmMP+x8R/lk8KL0ZUCX
zkWElNkf9vc38unqh5Egi1e65NlAYDrvsEZjKqxSkkaqi+SfaNBrDANqAO66jAw2
OAqYE6ihJU/OnxwrWKaoLvAPTFBptbJrBqZZMiwtgzM/gW1KyfRO00IelqkZ2Slb
wF7WMHaQsg7/PxiV52wqeBCgggQ3MIIEMzCCBC8wggMXoAMCAQICDAZqdeYQEB94
8lZiQTANBgkqhkiG9w0BAQUFADBdMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xv
YmFsU2lnbiBudi1zYTEzMDEGA1UEAxMqR2xvYmFsU2lnbiBPcmdhbml6YXRpb24g
VmFsaWRhdGlvbiBDQSAtIEcyMB4XDTE3MDQwNzAwMDAwMFoXDTE3MDcxNTAwMDAw
MFowgYMxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRUw
EwYDVQQFEwwyMDE2MTIwNzE2MjMxQjBABgNVBAMTOUdsb2JhbFNpZ24gT3JnYW5p
emF0aW9uIFZhbGlkYXRpb24gQ0EgLSBHMiBPQ1NQIFJlc3BvbmRlcjCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBAKDdHQeSnUbpdpLbYW28kSJ80stejbGW
APZ3Ddlk50TG0m27rXzVe/2Oh8lDUR3nmZOEiFjTusrJrzoafK3J4a4redLpxMoB
wowKQURWL2yYjtnp+gPzPOMETKoHwAUI+Vip06+/pqPpISaWo4VduIu1F33/TbHU
89JF8XGbnJS+7XIWbgqxPuzfrfMbD5pIe2lN14mV1WakJyCpLk+NrFdWoKRFf+RZ
duP89yVEhwguU6xbv0TtasMZbMNUY9oLokiEhTrOWvtd8sjX2CWArnQAOFB42xzU
z8KGVQOf+QtnHvQSbFzZij3p+f25BqVeBC1mF0zRF15Dv1ABHfa1gScCAwEAAaOB
xzCBxDAdBgNVHQ4EFgQUhHBmANs+cXjCx+d6a6HnwBpsfZkwHwYDVR0jBBgwFoAU
XUayjcRLdBy77fVztjq3OI91nn4wDwYJKwYBBQUHMAEFBAIFADBMBgNVHSAERTBD
MEEGCSsGAQQBoDIBXzA0MDIGCCsGAQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxz
aWduLmNvbS9yZXBvc2l0b3J5LzAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYI
KwYBBQUHAwkwDQYJKoZIhvcNAQEFBQADggEBAGfMhhRL9fYY18L9Ar3Gt8oYAIy4
SNs/HCN/LF4aRZW6cFv7dO8OTKNF/SzU8FZgh99+YF7nUPUaDFoeWhNpGGBrUust
UppnbKrlwCO/bZFOlmLDGVepEN+hzFjR89Qbz9KxSVlpo/RzEZp1b+V48iSDFrxj
rMXfKtllm0hlPXyJgc7cntvBbABUXPWaxZO3R7DVo62O6kiAXqESMhVKUAYflEEP
v4gT8NRMj01/NQ9oao909IDElr6YiygfNKxILrjwzQH6Rn7+JR4XKIxwdQMIKOAM
rbZK6zgk2J1D9rOw79WEkwij8HldtWxSFmE9kYN0Nbg8BDRXcX4KnaD77pg=
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIELzCCAxegAwIBAgIMBmp15hAQH3jyVmJBMA0GCSqGSIb3DQEBBQUAMF0xCzAJ
BgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTMwMQYDVQQDEypH
bG9iYWxTaWduIE9yZ2FuaXphdGlvbiBWYWxpZGF0aW9uIENBIC0gRzIwHhcNMTcw
NDA3MDAwMDAwWhcNMTcwNzE1MDAwMDAwWjCBgzELMAkGA1UEBhMCQkUxGTAXBgNV
BAoTEEdsb2JhbFNpZ24gbnYtc2ExFTATBgNVBAUTDDIwMTYxMjA3MTYyMzFCMEAG
A1UEAxM5R2xvYmFsU2lnbiBPcmdhbml6YXRpb24gVmFsaWRhdGlvbiBDQSAtIEcy
IE9DU1AgUmVzcG9uZGVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
oN0dB5KdRul2ktthbbyRInzSy16NsZYA9ncN2WTnRMbSbbutfNV7/Y6HyUNRHeeZ
k4SIWNO6ysmvOhp8rcnhrit50unEygHCjApBRFYvbJiO2en6A/M84wRMqgfABQj5
WKnTr7+mo+khJpajhV24i7UXff9NsdTz0kXxcZuclL7tchZuCrE+7N+t8xsPmkh7
aU3XiZXVZqQnIKkuT42sV1agpEV/5Fl24/z3JUSHCC5TrFu/RO1qwxlsw1Rj2gui
SISFOs5a+13yyNfYJYCudAA4UHjbHNTPwoZVA5/5C2ce9BJsXNmKPen5/bkGpV4E
LWYXTNEXXkO/UAEd9rWBJwIDAQABo4HHMIHEMB0GA1UdDgQWBBSEcGYA2z5xeMLH
53proefAGmx9mTAfBgNVHSMEGDAWgBRdRrKNxEt0HLvt9XO2Orc4j3WefjAPBgkr
BgEFBQcwAQUEAgUAMEwGA1UdIARFMEMwQQYJKwYBBAGgMgFfMDQwMgYIKwYBBQUH
AgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMA4GA1Ud
DwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDCTANBgkqhkiG9w0BAQUFAAOC
AQEAZ8yGFEv19hjXwv0Cvca3yhgAjLhI2z8cI38sXhpFlbpwW/t07w5Mo0X9LNTw
VmCH335gXudQ9RoMWh5aE2kYYGtS6y1SmmdsquXAI79tkU6WYsMZV6kQ36HMWNHz
1BvP0rFJWWmj9HMRmnVv5XjyJIMWvGOsxd8q2WWbSGU9fImBztye28FsAFRc9ZrF
k7dHsNWjrY7qSIBeoRIyFUpQBh+UQQ+/iBPw1EyPTX81D2hqj3T0gMSWvpiLKB80
rEguuPDNAfpGfv4lHhcojHB1Awgo4AyttkrrOCTYnUP2s7Dv1YSTCKPweV21bFIW
YT2Rg3Q1uDwENFdxfgqdoPvumA==
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [public, no-transform, must-revalidate]
Cf-Cache-Status: [HIT]
Cf-Ray: [3761c5439394186a-EWR]
Content-Length: [1580]
Content-Type: [application/ocsp-response]
Date: [Wed, 28 Jun 2017 15:45:00 GMT]
Etag: ["a7845d9212d65974fd8b7f76baa0ab4086876f04"]
Expires: [Sun, 02 Jul 2017 15:44:59 GMT]
Last-Modified: [Wed, 28 Jun 2017 15:44:59 GMT]
Server: [cloudflare-nginx]
Set-Cookie: [__cfduid=d40df067b07302487164da17d5516849e1498664699; expires=Thu, 28-Jun-18 15:44:59 GMT; path=/; domain=.globalsign.com; HttpOnly]
Vary: [Accept-Encoding]
  • OCSP requests is smaller than 255 bytes
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • OCSP response is valid for at least 8 hours (Microsoft)
  • OCSP response is available at least 8 hours before the current period expires or at ½ the validity if valid for more than 16 hours (Microsoft)
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

GlobalSign Organization Validation CA - G2 (CA Certificate)

Certificate details for GlobalSign Organization Validation CA - G2 (At position 1 in certificate chain)
Serial number:
hex: 400000000012f4ee1450c
int: 4835703278459819397301516
Issued by: GlobalSign Root CA
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: GlobalSign nv-sa
Country: BE
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

This certificate contains no information about authoritative CRL(s) or OCSP servers

Check the revocation status for another website

Created by Paul van Brouwershaven
© 2015 - 2017 Digitorus B.V.
Revoked certificates can't and should not be trusted, these certificate will cause errors like "NET::ERR_CERT_REVOKED" in browsers.