CRL & OCSP report for selfservice.a-star.edu.sg (Agency for Science, Technology and Research)

selfservice.a-star.edu.sg

Certificate details for selfservice.a-star.edu.sg (At position 0 in certificate chain)
Serial number:
hex: 50d49c7e
int: 1356110974
Issued by: Entrust Certification Authority - L1K
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: Agency for Science, Technology and Research
Locality: Singapore
Country: SG
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

Check certificate compliance for selfservice.a-star.edu.sg.

Certificate Revocation List (CRL)

This CRL was cached at
http://crl.entrust.net/level1k.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://crl.entrust.net/level1k.crl
Size: 1896010 bytes (DER data)
Response time: 91.114486ms
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 41152

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Content Delivery Network (CDN): Akamai
Cache Information: TCP_HIT from a23-219-93-206.deploy.akamaitechnologies.com (AkamaiGHost/8.3.2-19674918) (-)

Raw CRL response headers

Accept-Ranges: [bytes]
Cache-Control: [no-cache]
Content-Length: [1896010]
Content-Type: [application/x-pkcs7-crl]
Date: [Sat, 29 Apr 2017 21:21:04 GMT]
Expires: [Sat, 29 Apr 2017 21:21:04 GMT]
Last-Modified: [Sat, 29 Apr 2017 21:00:09 GMT]
Pragma: [no-cache]
X-Cache: [TCP_HIT from a23-219-93-206.deploy.akamaitechnologies.com (AkamaiGHost/8.3.2-19674918) (-)]
X-Frame-Options: [DENY]
  • Content-Type in response is set 'application/x-pkcs7-crl' and should be replaced with 'application/pkix-crl' (RFC 5280, section 4.2.1.13)
  • This CRL file is DER encoded
  • Issuer field is byte-for-byte equivalent with issuers subject
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than seven days old, CRLs must be updated and reissued at least every seven days (Mozilla Maintenance Policy section 3)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is not the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is not the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://ocsp.entrust.net (POST)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp.entrust.net (POST)
Size: 2108 bytes (DER data)
Response time: 64.876606ms
Signature algorithm: SHA1WithRSA
Signature type: CA Deligated
Signed by: OCSP1
Issued by: Entrust Certification Authority - L1K
Signing certificate validity: 2014-08-26 - 2017-08-26
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 59m52s

Server and network information

Content Delivery Network (CDN): Akamai
Cache Information: TCP_MISS from a23-217-200-39.deploy.akamaitechnologies.com (AkamaiGHost/8.3.2.1-19774280) (-)

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MEUwQzBBMD8wPTAJBgUrDgMCGgUABBTMbSIc9rRVLC+HkV9a/vDh7s6DzAQUgqJw
dN28Uz/Pe9T3zX+nYMYKTL8CBFDUnH4=
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIIOAoBAKCCCDEwgggtBgkrBgEFBQcwAQEEgggeMIIIGjCCAUqhgc0wgcoxCzAJ
BgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUg
d3d3LmVudHJ1c3QubmV0L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykgMjAxMiBF
bnRydXN0LCBJbmMuIC0gZm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxLjAsBgNVBAMT
JUVudHJ1c3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBMMUsxDjAMBgNVBAMT
BU9DU1AxGA8yMDE3MDQyOTAxNDc1M1owZzBlMD0wCQYFKw4DAhoFAAQUzG0iHPa0
VSwvh5FfWv7w4e7Og8wEFIKicHTdvFM/z3vU981/p2DGCky/AgRQ1Jx+gAAYDzIw
MTcwNDI5MDE0NzUzWqARGA8yMDE3MDUwNjAxNDc1M1owDQYJKoZIhvcNAQEFBQAD
ggEBAJ6sQMk004wz4lKFzOUNRG8GlMWrFPeMedEogM+YmvRAwMh1DkLCszd7qz4n
ajRqYh3Jc8RiO34CgKLdGRL9Wm01az0HmPEGrlNn1Kl102q0Y0GXsNm8JXssm5c1
Ss/K97weHOSfjXPNrtLmDQd1GxeeI3fIdhRDyRh7ZLDEpY1Tg1Wf/+JIzP3hiWgl
aD45rlktXW3X+SwvK5vnqHsPm85UBhIGy5paSJUAnT95kCpR7SnB5AnVqxrpeYUS
WcFt///NeYECypx8b5vu7Di7BoCRcYJ4028SmDzcIPYExKBDW2e/wkEcFgwmoDdw
PwasGY8N/XT219V8vWViD0gXY2SgggW0MIIFsDCCBawwggSUoAMCAQICDQD1nbmm
AAAAAFDR/sEwDQYJKoZIhvcNAQELBQAwgboxCzAJBgNVBAYTAlVTMRYwFAYDVQQK
Ew1FbnRydXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUgd3d3LmVudHJ1c3QubmV0L2xl
Z2FsLXRlcm1zMTkwNwYDVQQLEzAoYykgMjAxMiBFbnRydXN0LCBJbmMuIC0gZm9y
IGF1dGhvcml6ZWQgdXNlIG9ubHkxLjAsBgNVBAMTJUVudHJ1c3QgQ2VydGlmaWNh
dGlvbiBBdXRob3JpdHkgLSBMMUswHhcNMTQwODI2MTQ1MzA5WhcNMTcwODI2MTUy
MzA5WjCByjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAm
BgNVBAsTH1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsT
MChjKSAyMDEyIEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25s
eTEuMCwGA1UEAxMlRW50cnVzdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEwx
SzEOMAwGA1UEAxMFT0NTUDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDJ2olV6euD1UypXkHiIkBtqWnQN+pBpNQle7cbn6HqteOSP5k+le/tCKaVTNgO
Cy+Zdg1Rqk7AEAkYpRda22cp3OdBQN1106J6b2nZOMMuuQ/ZTD5thDaOaKw7W16p
axxYXMga5Iveivn3VXnZce/riWXgAu9mQl82qFSnNsICBRWTsyLxWYnJIh6YfLSB
jNxEiSqdiX6OuHz1z5raE1dhlGTKqrnAFA9v7P0pTmGiU/9j17pRhqIOgOAflyZF
wZ6sGJh5v9tI5dXUhhwOZuPY46zHwblYSGAdA3jxWzIxzjEsxyMXUZxng5nIZwS/
we7y3nX/24L/DkTM5JheA6QzAgMBAAGjggGdMIIBmTALBgNVHQ8EBAMCB4AwEwYD
VR0lBAwwCgYIKwYBBQUHAwkwDwYJKwYBBQUHMAEFBAIFADAzBggrBgEFBQcBAQQn
MCUwIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLmVudHJ1c3QubmV0MIHjBgNVHR8E
gdswgdgwgdWggdKggc+kgcwwgckxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRy
dXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUgd3d3LmVudHJ1c3QubmV0L2xlZ2FsLXRl
cm1zMTkwNwYDVQQLEzAoYykgMjAxMiBFbnRydXN0LCBJbmMuIC0gZm9yIGF1dGhv
cml6ZWQgdXNlIG9ubHkxLjAsBgNVBAMTJUVudHJ1c3QgQ2VydGlmaWNhdGlvbiBB
dXRob3JpdHkgLSBMMUsxDTALBgNVBAMTBENSTDEwHwYDVR0jBBgwFoAUgqJwdN28
Uz/Pe9T3zX+nYMYKTL8wHQYDVR0OBBYEFNUCBLbXoKgts70SJatS1NHllo3EMAkG
A1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAKknvrNG7098baAlYnkbIAiaJjR4
W91g17sNu04+G0Eq8GkVh5V1DwpELGGlCgq/yUimCKMtU8DqTzovm+49d19XKfyU
okLsN0Rnn6Ni5Rlp09ReR0HI+0X05zm4HhhI9S1hEmcEwaoMRAVhFfvpGLuc/DmL
UfOyN87rsOB0fGIdpX9prmlK8pq3baawHfodssH+fxTlAwN4vSedux3ADn8ao4Xr
ZFUgGG9serhKj4uUyySpJAE5ZGa6AVocRJEJrGbqvY/Sb9cB0PyHjRPAU28Aq2c7
ZSzUW606AlPseVJhUR+A65rLCH4EiuS9ckSTJNqPCyGs7cNkZIigKIY+NVQ=
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIFrDCCBJSgAwIBAgINAPWduaYAAAAAUNH+wTANBgkqhkiG9w0BAQsFADCBujEL
MAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1Nl
ZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDEy
IEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEuMCwGA1UE
AxMlRW50cnVzdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEwxSzAeFw0xNDA4
MjYxNDUzMDlaFw0xNzA4MjYxNTIzMDlaMIHKMQswCQYDVQQGEwJVUzEWMBQGA1UE
ChMNRW50cnVzdCwgSW5jLjEoMCYGA1UECxMfU2VlIHd3dy5lbnRydXN0Lm5ldC9s
ZWdhbC10ZXJtczE5MDcGA1UECxMwKGMpIDIwMTIgRW50cnVzdCwgSW5jLiAtIGZv
ciBhdXRob3JpemVkIHVzZSBvbmx5MS4wLAYDVQQDEyVFbnRydXN0IENlcnRpZmlj
YXRpb24gQXV0aG9yaXR5IC0gTDFLMQ4wDAYDVQQDEwVPQ1NQMTCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBAMnaiVXp64PVTKleQeIiQG2padA36kGk1CV7
txufoeq145I/mT6V7+0IppVM2A4LL5l2DVGqTsAQCRilF1rbZync50FA3XXTonpv
adk4wy65D9lMPm2ENo5orDtbXqlrHFhcyBrki96K+fdVedlx7+uJZeAC72ZCXzao
VKc2wgIFFZOzIvFZickiHph8tIGM3ESJKp2Jfo64fPXPmtoTV2GUZMqqucAUD2/s
/SlOYaJT/2PXulGGog6A4B+XJkXBnqwYmHm/20jl1dSGHA5m49jjrMfBuVhIYB0D
ePFbMjHOMSzHIxdRnGeDmchnBL/B7vLedf/bgv8ORMzkmF4DpDMCAwEAAaOCAZ0w
ggGZMAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDCTAPBgkrBgEFBQcw
AQUEAgUAMDMGCCsGAQUFBwEBBCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3Au
ZW50cnVzdC5uZXQwgeMGA1UdHwSB2zCB2DCB1aCB0qCBz6SBzDCByTELMAkGA1UE
BhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cu
ZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDEyIEVudHJ1
c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEuMCwGA1UEAxMlRW50
cnVzdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEwxSzENMAsGA1UEAxMEQ1JM
MTAfBgNVHSMEGDAWgBSConB03bxTP8971PfNf6dgxgpMvzAdBgNVHQ4EFgQU1QIE
ttegqC2zvRIlq1LU0eWWjcQwCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEA
qSe+s0bvT3xtoCVieRsgCJomNHhb3WDXuw27Tj4bQSrwaRWHlXUPCkQsYaUKCr/J
SKYIoy1TwOpPOi+b7j13X1cp/JSiQuw3RGefo2LlGWnT1F5HQcj7RfTnObgeGEj1
LWESZwTBqgxEBWEV++kYu5z8OYtR87I3zuuw4HR8Yh2lf2muaUrymrdtprAd+h2y
wf5/FOUDA3i9J527HcAOfxqjhetkVSAYb2x6uEqPi5TLJKkkATlkZroBWhxEkQms
Zuq9j9Jv1wHQ/IeNE8BTbwCrZztlLNRbrToCU+x5UmFRH4DrmssIfgSK5L1yRJMk
2o8LIaztw2RkiKAohj41VA==
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [public, no-transform, must-revalidate, max-age=3592]
Content-Length: [2108]
Content-Transfer-Encoding: [Binary]
Content-Type: [application/ocsp-response]
Date: [Sat, 29 Apr 2017 21:21:04 GMT]
Etag: ["B3BE41CEBDBC07742DC8692D2F10F9BC78406E2F"]
Expires: [Sat, 29 Apr 2017 22:20:56 GMT]
Last-Modified: [Sat, 29 Apr 2017 01:47:53 GMT]
X-Cache: [TCP_MISS from a23-217-200-39.deploy.akamaitechnologies.com (AkamaiGHost/8.3.2.1-19774280) (-)]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • OCSP response is valid for at least 8 hours (Microsoft)
  • OCSP response is available at least 8 hours before the current period expires or at ½ the validity if valid for more than 16 hours (Microsoft)
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is not the same as the NextUpdate field (RFC 5019 section 6.2)
This OCSP response was cached at
http://ocsp.entrust.net (GET)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp.entrust.net (GET)
Size: 2108 bytes (DER data)
Response time: 92.965583ms
Signature algorithm: SHA1WithRSA
Signature type: CA Deligated
Signed by: OCSP1
Issued by: Entrust Certification Authority - L1K
Signing certificate validity: 2014-08-26 - 2017-08-26
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 59m52s

Server and network information

Content Delivery Network (CDN): Akamai
Cache Information: TCP_MISS from a23-217-200-39.deploy.akamaitechnologies.com (AkamaiGHost/8.3.2.1-19774280) (-)

URL used for GET request

http:/MEUwQzBBMD8wPTAJBgUrDgMCGgUABBTMbSIc9rRVLC%2BHkV9a%2FvDh7s6DzAQUgqJwdN28Uz%2FPe9T3zX%2BnYMYKTL8CBFDUnH4%3D

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MEUwQzBBMD8wPTAJBgUrDgMCGgUABBTMbSIc9rRVLC+HkV9a/vDh7s6DzAQUgqJw
dN28Uz/Pe9T3zX+nYMYKTL8CBFDUnH4=
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIIOAoBAKCCCDEwgggtBgkrBgEFBQcwAQEEgggeMIIIGjCCAUqhgc0wgcoxCzAJ
BgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUg
d3d3LmVudHJ1c3QubmV0L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykgMjAxMiBF
bnRydXN0LCBJbmMuIC0gZm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxLjAsBgNVBAMT
JUVudHJ1c3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBMMUsxDjAMBgNVBAMT
BU9DU1AxGA8yMDE3MDQyOTAxNDc1M1owZzBlMD0wCQYFKw4DAhoFAAQUzG0iHPa0
VSwvh5FfWv7w4e7Og8wEFIKicHTdvFM/z3vU981/p2DGCky/AgRQ1Jx+gAAYDzIw
MTcwNDI5MDE0NzUzWqARGA8yMDE3MDUwNjAxNDc1M1owDQYJKoZIhvcNAQEFBQAD
ggEBAJ6sQMk004wz4lKFzOUNRG8GlMWrFPeMedEogM+YmvRAwMh1DkLCszd7qz4n
ajRqYh3Jc8RiO34CgKLdGRL9Wm01az0HmPEGrlNn1Kl102q0Y0GXsNm8JXssm5c1
Ss/K97weHOSfjXPNrtLmDQd1GxeeI3fIdhRDyRh7ZLDEpY1Tg1Wf/+JIzP3hiWgl
aD45rlktXW3X+SwvK5vnqHsPm85UBhIGy5paSJUAnT95kCpR7SnB5AnVqxrpeYUS
WcFt///NeYECypx8b5vu7Di7BoCRcYJ4028SmDzcIPYExKBDW2e/wkEcFgwmoDdw
PwasGY8N/XT219V8vWViD0gXY2SgggW0MIIFsDCCBawwggSUoAMCAQICDQD1nbmm
AAAAAFDR/sEwDQYJKoZIhvcNAQELBQAwgboxCzAJBgNVBAYTAlVTMRYwFAYDVQQK
Ew1FbnRydXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUgd3d3LmVudHJ1c3QubmV0L2xl
Z2FsLXRlcm1zMTkwNwYDVQQLEzAoYykgMjAxMiBFbnRydXN0LCBJbmMuIC0gZm9y
IGF1dGhvcml6ZWQgdXNlIG9ubHkxLjAsBgNVBAMTJUVudHJ1c3QgQ2VydGlmaWNh
dGlvbiBBdXRob3JpdHkgLSBMMUswHhcNMTQwODI2MTQ1MzA5WhcNMTcwODI2MTUy
MzA5WjCByjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAm
BgNVBAsTH1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsT
MChjKSAyMDEyIEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25s
eTEuMCwGA1UEAxMlRW50cnVzdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEwx
SzEOMAwGA1UEAxMFT0NTUDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDJ2olV6euD1UypXkHiIkBtqWnQN+pBpNQle7cbn6HqteOSP5k+le/tCKaVTNgO
Cy+Zdg1Rqk7AEAkYpRda22cp3OdBQN1106J6b2nZOMMuuQ/ZTD5thDaOaKw7W16p
axxYXMga5Iveivn3VXnZce/riWXgAu9mQl82qFSnNsICBRWTsyLxWYnJIh6YfLSB
jNxEiSqdiX6OuHz1z5raE1dhlGTKqrnAFA9v7P0pTmGiU/9j17pRhqIOgOAflyZF
wZ6sGJh5v9tI5dXUhhwOZuPY46zHwblYSGAdA3jxWzIxzjEsxyMXUZxng5nIZwS/
we7y3nX/24L/DkTM5JheA6QzAgMBAAGjggGdMIIBmTALBgNVHQ8EBAMCB4AwEwYD
VR0lBAwwCgYIKwYBBQUHAwkwDwYJKwYBBQUHMAEFBAIFADAzBggrBgEFBQcBAQQn
MCUwIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLmVudHJ1c3QubmV0MIHjBgNVHR8E
gdswgdgwgdWggdKggc+kgcwwgckxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRy
dXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUgd3d3LmVudHJ1c3QubmV0L2xlZ2FsLXRl
cm1zMTkwNwYDVQQLEzAoYykgMjAxMiBFbnRydXN0LCBJbmMuIC0gZm9yIGF1dGhv
cml6ZWQgdXNlIG9ubHkxLjAsBgNVBAMTJUVudHJ1c3QgQ2VydGlmaWNhdGlvbiBB
dXRob3JpdHkgLSBMMUsxDTALBgNVBAMTBENSTDEwHwYDVR0jBBgwFoAUgqJwdN28
Uz/Pe9T3zX+nYMYKTL8wHQYDVR0OBBYEFNUCBLbXoKgts70SJatS1NHllo3EMAkG
A1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAKknvrNG7098baAlYnkbIAiaJjR4
W91g17sNu04+G0Eq8GkVh5V1DwpELGGlCgq/yUimCKMtU8DqTzovm+49d19XKfyU
okLsN0Rnn6Ni5Rlp09ReR0HI+0X05zm4HhhI9S1hEmcEwaoMRAVhFfvpGLuc/DmL
UfOyN87rsOB0fGIdpX9prmlK8pq3baawHfodssH+fxTlAwN4vSedux3ADn8ao4Xr
ZFUgGG9serhKj4uUyySpJAE5ZGa6AVocRJEJrGbqvY/Sb9cB0PyHjRPAU28Aq2c7
ZSzUW606AlPseVJhUR+A65rLCH4EiuS9ckSTJNqPCyGs7cNkZIigKIY+NVQ=
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIFrDCCBJSgAwIBAgINAPWduaYAAAAAUNH+wTANBgkqhkiG9w0BAQsFADCBujEL
MAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1Nl
ZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDEy
IEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEuMCwGA1UE
AxMlRW50cnVzdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEwxSzAeFw0xNDA4
MjYxNDUzMDlaFw0xNzA4MjYxNTIzMDlaMIHKMQswCQYDVQQGEwJVUzEWMBQGA1UE
ChMNRW50cnVzdCwgSW5jLjEoMCYGA1UECxMfU2VlIHd3dy5lbnRydXN0Lm5ldC9s
ZWdhbC10ZXJtczE5MDcGA1UECxMwKGMpIDIwMTIgRW50cnVzdCwgSW5jLiAtIGZv
ciBhdXRob3JpemVkIHVzZSBvbmx5MS4wLAYDVQQDEyVFbnRydXN0IENlcnRpZmlj
YXRpb24gQXV0aG9yaXR5IC0gTDFLMQ4wDAYDVQQDEwVPQ1NQMTCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBAMnaiVXp64PVTKleQeIiQG2padA36kGk1CV7
txufoeq145I/mT6V7+0IppVM2A4LL5l2DVGqTsAQCRilF1rbZync50FA3XXTonpv
adk4wy65D9lMPm2ENo5orDtbXqlrHFhcyBrki96K+fdVedlx7+uJZeAC72ZCXzao
VKc2wgIFFZOzIvFZickiHph8tIGM3ESJKp2Jfo64fPXPmtoTV2GUZMqqucAUD2/s
/SlOYaJT/2PXulGGog6A4B+XJkXBnqwYmHm/20jl1dSGHA5m49jjrMfBuVhIYB0D
ePFbMjHOMSzHIxdRnGeDmchnBL/B7vLedf/bgv8ORMzkmF4DpDMCAwEAAaOCAZ0w
ggGZMAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDCTAPBgkrBgEFBQcw
AQUEAgUAMDMGCCsGAQUFBwEBBCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3Au
ZW50cnVzdC5uZXQwgeMGA1UdHwSB2zCB2DCB1aCB0qCBz6SBzDCByTELMAkGA1UE
BhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cu
ZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDEyIEVudHJ1
c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEuMCwGA1UEAxMlRW50
cnVzdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEwxSzENMAsGA1UEAxMEQ1JM
MTAfBgNVHSMEGDAWgBSConB03bxTP8971PfNf6dgxgpMvzAdBgNVHQ4EFgQU1QIE
ttegqC2zvRIlq1LU0eWWjcQwCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEA
qSe+s0bvT3xtoCVieRsgCJomNHhb3WDXuw27Tj4bQSrwaRWHlXUPCkQsYaUKCr/J
SKYIoy1TwOpPOi+b7j13X1cp/JSiQuw3RGefo2LlGWnT1F5HQcj7RfTnObgeGEj1
LWESZwTBqgxEBWEV++kYu5z8OYtR87I3zuuw4HR8Yh2lf2muaUrymrdtprAd+h2y
wf5/FOUDA3i9J527HcAOfxqjhetkVSAYb2x6uEqPi5TLJKkkATlkZroBWhxEkQms
Zuq9j9Jv1wHQ/IeNE8BTbwCrZztlLNRbrToCU+x5UmFRH4DrmssIfgSK5L1yRJMk
2o8LIaztw2RkiKAohj41VA==
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [public, no-transform, must-revalidate, max-age=3592]
Content-Length: [2108]
Content-Transfer-Encoding: [Binary]
Content-Type: [application/ocsp-response]
Date: [Sat, 29 Apr 2017 21:21:04 GMT]
Etag: ["B3BE41CEBDBC07742DC8692D2F10F9BC78406E2F"]
Expires: [Sat, 29 Apr 2017 22:20:56 GMT]
Last-Modified: [Sat, 29 Apr 2017 01:47:53 GMT]
X-Cache: [TCP_MISS from a23-217-200-39.deploy.akamaitechnologies.com (AkamaiGHost/8.3.2.1-19774280) (-)]
  • OCSP requests is smaller than 255 bytes
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • OCSP response is valid for at least 8 hours (Microsoft)
  • OCSP response is available at least 8 hours before the current period expires or at ½ the validity if valid for more than 16 hours (Microsoft)
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is not the same as the NextUpdate field (RFC 5019 section 6.2)

Entrust Certification Authority - L1K (CA Certificate)

Certificate details for Entrust Certification Authority - L1K (At position 1 in certificate chain)
Serial number:
hex: ee94cc30000000051d37785
int: 4614832350436832027625092997
Issued by: Entrust Root Certification Authority - G2
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: Entrust, Inc.
Organization unit: See www.entrust.net/legal-terms
Organization unit: (c) 2012 Entrust, Inc. - for authorized use only
Country: US
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

This certificate contains no information about authoritative CRL(s) or OCSP servers

Check the revocation status for another website

Created by Paul van Brouwershaven
Revoked certificates can't and should not be trusted, these certificate will cause errors like "NET::ERR_CERT_REVOKED" in browsers.