CRL & OCSP report for exhibit.evrazplace.com (Evraz Place)

exhibit.evrazplace.com

Certificate details for exhibit.evrazplace.com (At position 0 in certificate chain)
Serial number:
hex: 50d4dfbd
int: 1356128189
Issued by: Entrust Certification Authority - L1K
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: Evraz Place
Organization unit: IT
State / Province: Saskatchewan
Locality: Regina
Country: CA
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

Check certificate compliance for exhibit.evrazplace.com.

Certificate Revocation List (CRL)

This CRL was cached at
http://crl.entrust.net/level1k.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://crl.entrust.net/level1k.crl
Size: 1983170 bytes (DER data)
Response time: 23.815123ms
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 42564

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Content Delivery Network (CDN): Akamai
Cache Information: TCP_HIT from a23-219-93-23.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0.2-20192836) (-)

Raw CRL response headers

Accept-Ranges: [bytes]
Cache-Control: [no-cache]
Content-Length: [1983170]
Content-Type: [application/x-pkcs7-crl]
Date: [Sun, 25 Jun 2017 22:47:51 GMT]
Expires: [Sun, 25 Jun 2017 22:47:51 GMT]
Last-Modified: [Sun, 25 Jun 2017 22:00:10 GMT]
Pragma: [no-cache]
X-Cache: [TCP_HIT from a23-219-93-23.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0.2-20192836) (-)]
X-Frame-Options: [DENY]
  • Content-Type in response is set 'application/x-pkcs7-crl' and should be replaced with 'application/pkix-crl' (RFC 5280, section 4.2.1.13)
  • This CRL file is DER encoded
  • Issuer field is byte-for-byte equivalent with issuers subject
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than seven days old, CRLs must be updated and reissued at least every seven days (Mozilla Maintenance Policy section 3)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is not the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is not the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://ocsp.entrust.net (POST)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp.entrust.net (POST)
Size: 2108 bytes (DER data)
Response time: 74.700348ms
Signature algorithm: SHA1WithRSA
Signature type: CA Delegated
Signed by: OCSP1
Issued by: Entrust Certification Authority - L1K
Signing certificate validity: 2014-08-26 - 2017-08-26
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 59m36s

Server and network information

Content Delivery Network (CDN): Akamai
Cache Information: TCP_MISS from a23-215-131-87.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (-)

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MEUwQzBBMD8wPTAJBgUrDgMCGgUABBTMbSIc9rRVLC+HkV9a/vDh7s6DzAQUgqJw
dN28Uz/Pe9T3zX+nYMYKTL8CBFDU370=
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIIOAoBAKCCCDEwgggtBgkrBgEFBQcwAQEEgggeMIIIGjCCAUqhgc0wgcoxCzAJ
BgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUg
d3d3LmVudHJ1c3QubmV0L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykgMjAxMiBF
bnRydXN0LCBJbmMuIC0gZm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxLjAsBgNVBAMT
JUVudHJ1c3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBMMUsxDjAMBgNVBAMT
BU9DU1AxGA8yMDE3MDYyNDIyNTMzMVowZzBlMD0wCQYFKw4DAhoFAAQUzG0iHPa0
VSwvh5FfWv7w4e7Og8wEFIKicHTdvFM/z3vU981/p2DGCky/AgRQ1N+9gAAYDzIw
MTcwNjI0MjI1MzMxWqARGA8yMDE3MDcwMTIyNTMzMVowDQYJKoZIhvcNAQEFBQAD
ggEBAATuS4IU8P7ZcL/JfSfgT3mwMIcxAIJPQ/+fBQvE4j27ufdSOwu+0rFpoZ9i
6SX2GCpMS5fLAt/TimOL+MMLdkYjAQVmiKBZq/BG/Wy2cyAAYVVE2eIDwNY/ezTV
X2LpO2HJ4aWd2m1QdNn83O2Fanrvz03cVExSOCYSFrC4kGmFyMzugaetJk9J1ACd
QDtO3wiJYcIw44Jhm68cxm2vBCUEdIXEUo3JzSQmRS1MqOEpKOhYH9MNGY7+1oPf
SuCKGBXyT5tQJDZs3+X2KJ/cztI+1P61rZm/wizFAJ+GOp2HgdK9947d5W397gaF
F3CBWWJf+jQACUZ9oHAKuvWngEWgggW0MIIFsDCCBawwggSUoAMCAQICDQD1nbmm
AAAAAFDR/sEwDQYJKoZIhvcNAQELBQAwgboxCzAJBgNVBAYTAlVTMRYwFAYDVQQK
Ew1FbnRydXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUgd3d3LmVudHJ1c3QubmV0L2xl
Z2FsLXRlcm1zMTkwNwYDVQQLEzAoYykgMjAxMiBFbnRydXN0LCBJbmMuIC0gZm9y
IGF1dGhvcml6ZWQgdXNlIG9ubHkxLjAsBgNVBAMTJUVudHJ1c3QgQ2VydGlmaWNh
dGlvbiBBdXRob3JpdHkgLSBMMUswHhcNMTQwODI2MTQ1MzA5WhcNMTcwODI2MTUy
MzA5WjCByjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAm
BgNVBAsTH1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsT
MChjKSAyMDEyIEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25s
eTEuMCwGA1UEAxMlRW50cnVzdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEwx
SzEOMAwGA1UEAxMFT0NTUDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDJ2olV6euD1UypXkHiIkBtqWnQN+pBpNQle7cbn6HqteOSP5k+le/tCKaVTNgO
Cy+Zdg1Rqk7AEAkYpRda22cp3OdBQN1106J6b2nZOMMuuQ/ZTD5thDaOaKw7W16p
axxYXMga5Iveivn3VXnZce/riWXgAu9mQl82qFSnNsICBRWTsyLxWYnJIh6YfLSB
jNxEiSqdiX6OuHz1z5raE1dhlGTKqrnAFA9v7P0pTmGiU/9j17pRhqIOgOAflyZF
wZ6sGJh5v9tI5dXUhhwOZuPY46zHwblYSGAdA3jxWzIxzjEsxyMXUZxng5nIZwS/
we7y3nX/24L/DkTM5JheA6QzAgMBAAGjggGdMIIBmTALBgNVHQ8EBAMCB4AwEwYD
VR0lBAwwCgYIKwYBBQUHAwkwDwYJKwYBBQUHMAEFBAIFADAzBggrBgEFBQcBAQQn
MCUwIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLmVudHJ1c3QubmV0MIHjBgNVHR8E
gdswgdgwgdWggdKggc+kgcwwgckxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRy
dXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUgd3d3LmVudHJ1c3QubmV0L2xlZ2FsLXRl
cm1zMTkwNwYDVQQLEzAoYykgMjAxMiBFbnRydXN0LCBJbmMuIC0gZm9yIGF1dGhv
cml6ZWQgdXNlIG9ubHkxLjAsBgNVBAMTJUVudHJ1c3QgQ2VydGlmaWNhdGlvbiBB
dXRob3JpdHkgLSBMMUsxDTALBgNVBAMTBENSTDEwHwYDVR0jBBgwFoAUgqJwdN28
Uz/Pe9T3zX+nYMYKTL8wHQYDVR0OBBYEFNUCBLbXoKgts70SJatS1NHllo3EMAkG
A1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAKknvrNG7098baAlYnkbIAiaJjR4
W91g17sNu04+G0Eq8GkVh5V1DwpELGGlCgq/yUimCKMtU8DqTzovm+49d19XKfyU
okLsN0Rnn6Ni5Rlp09ReR0HI+0X05zm4HhhI9S1hEmcEwaoMRAVhFfvpGLuc/DmL
UfOyN87rsOB0fGIdpX9prmlK8pq3baawHfodssH+fxTlAwN4vSedux3ADn8ao4Xr
ZFUgGG9serhKj4uUyySpJAE5ZGa6AVocRJEJrGbqvY/Sb9cB0PyHjRPAU28Aq2c7
ZSzUW606AlPseVJhUR+A65rLCH4EiuS9ckSTJNqPCyGs7cNkZIigKIY+NVQ=
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIFrDCCBJSgAwIBAgINAPWduaYAAAAAUNH+wTANBgkqhkiG9w0BAQsFADCBujEL
MAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1Nl
ZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDEy
IEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEuMCwGA1UE
AxMlRW50cnVzdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEwxSzAeFw0xNDA4
MjYxNDUzMDlaFw0xNzA4MjYxNTIzMDlaMIHKMQswCQYDVQQGEwJVUzEWMBQGA1UE
ChMNRW50cnVzdCwgSW5jLjEoMCYGA1UECxMfU2VlIHd3dy5lbnRydXN0Lm5ldC9s
ZWdhbC10ZXJtczE5MDcGA1UECxMwKGMpIDIwMTIgRW50cnVzdCwgSW5jLiAtIGZv
ciBhdXRob3JpemVkIHVzZSBvbmx5MS4wLAYDVQQDEyVFbnRydXN0IENlcnRpZmlj
YXRpb24gQXV0aG9yaXR5IC0gTDFLMQ4wDAYDVQQDEwVPQ1NQMTCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBAMnaiVXp64PVTKleQeIiQG2padA36kGk1CV7
txufoeq145I/mT6V7+0IppVM2A4LL5l2DVGqTsAQCRilF1rbZync50FA3XXTonpv
adk4wy65D9lMPm2ENo5orDtbXqlrHFhcyBrki96K+fdVedlx7+uJZeAC72ZCXzao
VKc2wgIFFZOzIvFZickiHph8tIGM3ESJKp2Jfo64fPXPmtoTV2GUZMqqucAUD2/s
/SlOYaJT/2PXulGGog6A4B+XJkXBnqwYmHm/20jl1dSGHA5m49jjrMfBuVhIYB0D
ePFbMjHOMSzHIxdRnGeDmchnBL/B7vLedf/bgv8ORMzkmF4DpDMCAwEAAaOCAZ0w
ggGZMAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDCTAPBgkrBgEFBQcw
AQUEAgUAMDMGCCsGAQUFBwEBBCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3Au
ZW50cnVzdC5uZXQwgeMGA1UdHwSB2zCB2DCB1aCB0qCBz6SBzDCByTELMAkGA1UE
BhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cu
ZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDEyIEVudHJ1
c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEuMCwGA1UEAxMlRW50
cnVzdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEwxSzENMAsGA1UEAxMEQ1JM
MTAfBgNVHSMEGDAWgBSConB03bxTP8971PfNf6dgxgpMvzAdBgNVHQ4EFgQU1QIE
ttegqC2zvRIlq1LU0eWWjcQwCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEA
qSe+s0bvT3xtoCVieRsgCJomNHhb3WDXuw27Tj4bQSrwaRWHlXUPCkQsYaUKCr/J
SKYIoy1TwOpPOi+b7j13X1cp/JSiQuw3RGefo2LlGWnT1F5HQcj7RfTnObgeGEj1
LWESZwTBqgxEBWEV++kYu5z8OYtR87I3zuuw4HR8Yh2lf2muaUrymrdtprAd+h2y
wf5/FOUDA3i9J527HcAOfxqjhetkVSAYb2x6uEqPi5TLJKkkATlkZroBWhxEkQms
Zuq9j9Jv1wHQ/IeNE8BTbwCrZztlLNRbrToCU+x5UmFRH4DrmssIfgSK5L1yRJMk
2o8LIaztw2RkiKAohj41VA==
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [public, no-transform, must-revalidate, max-age=3576]
Content-Length: [2108]
Content-Transfer-Encoding: [Binary]
Content-Type: [application/ocsp-response]
Date: [Sun, 25 Jun 2017 22:47:51 GMT]
Etag: ["3FEED7DF784CDA4FA6C34D64546EC2821E6DAF0E"]
Expires: [Sun, 25 Jun 2017 23:47:27 GMT]
Last-Modified: [Sat, 24 Jun 2017 22:53:31 GMT]
X-Cache: [TCP_MISS from a23-215-131-87.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (-)]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • OCSP response is valid for at least 8 hours (Microsoft)
  • OCSP response is available at least 8 hours before the current period expires or at ½ the validity if valid for more than 16 hours (Microsoft)
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is not the same as the NextUpdate field (RFC 5019 section 6.2)
This OCSP response was cached at
http://ocsp.entrust.net (GET)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp.entrust.net (GET)
Size: 2108 bytes (DER data)
Response time: 128.129353ms
Signature algorithm: SHA1WithRSA
Signature type: CA Delegated
Signed by: OCSP1
Issued by: Entrust Certification Authority - L1K
Signing certificate validity: 2014-08-26 - 2017-08-26
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 59m17s

Server and network information

Content Delivery Network (CDN): Akamai
Cache Information: TCP_MISS from a23-215-131-87.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (-)

URL used for GET request

http://ocsp.entrust.net/MEUwQzBBMD8wPTAJBgUrDgMCGgUABBTMbSIc9rRVLC%2BHkV9a%2FvDh7s6DzAQUgqJwdN28Uz%2FPe9T3zX%2BnYMYKTL8CBFDU370%3D

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MEUwQzBBMD8wPTAJBgUrDgMCGgUABBTMbSIc9rRVLC+HkV9a/vDh7s6DzAQUgqJw
dN28Uz/Pe9T3zX+nYMYKTL8CBFDU370=
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIIOAoBAKCCCDEwgggtBgkrBgEFBQcwAQEEgggeMIIIGjCCAUqhgc0wgcoxCzAJ
BgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUg
d3d3LmVudHJ1c3QubmV0L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykgMjAxMiBF
bnRydXN0LCBJbmMuIC0gZm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxLjAsBgNVBAMT
JUVudHJ1c3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBMMUsxDjAMBgNVBAMT
BU9DU1AxGA8yMDE3MDYyNDIyNTMzMVowZzBlMD0wCQYFKw4DAhoFAAQUzG0iHPa0
VSwvh5FfWv7w4e7Og8wEFIKicHTdvFM/z3vU981/p2DGCky/AgRQ1N+9gAAYDzIw
MTcwNjI0MjI1MzMxWqARGA8yMDE3MDcwMTIyNTMzMVowDQYJKoZIhvcNAQEFBQAD
ggEBAATuS4IU8P7ZcL/JfSfgT3mwMIcxAIJPQ/+fBQvE4j27ufdSOwu+0rFpoZ9i
6SX2GCpMS5fLAt/TimOL+MMLdkYjAQVmiKBZq/BG/Wy2cyAAYVVE2eIDwNY/ezTV
X2LpO2HJ4aWd2m1QdNn83O2Fanrvz03cVExSOCYSFrC4kGmFyMzugaetJk9J1ACd
QDtO3wiJYcIw44Jhm68cxm2vBCUEdIXEUo3JzSQmRS1MqOEpKOhYH9MNGY7+1oPf
SuCKGBXyT5tQJDZs3+X2KJ/cztI+1P61rZm/wizFAJ+GOp2HgdK9947d5W397gaF
F3CBWWJf+jQACUZ9oHAKuvWngEWgggW0MIIFsDCCBawwggSUoAMCAQICDQD1nbmm
AAAAAFDR/sEwDQYJKoZIhvcNAQELBQAwgboxCzAJBgNVBAYTAlVTMRYwFAYDVQQK
Ew1FbnRydXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUgd3d3LmVudHJ1c3QubmV0L2xl
Z2FsLXRlcm1zMTkwNwYDVQQLEzAoYykgMjAxMiBFbnRydXN0LCBJbmMuIC0gZm9y
IGF1dGhvcml6ZWQgdXNlIG9ubHkxLjAsBgNVBAMTJUVudHJ1c3QgQ2VydGlmaWNh
dGlvbiBBdXRob3JpdHkgLSBMMUswHhcNMTQwODI2MTQ1MzA5WhcNMTcwODI2MTUy
MzA5WjCByjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAm
BgNVBAsTH1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsT
MChjKSAyMDEyIEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25s
eTEuMCwGA1UEAxMlRW50cnVzdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEwx
SzEOMAwGA1UEAxMFT0NTUDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDJ2olV6euD1UypXkHiIkBtqWnQN+pBpNQle7cbn6HqteOSP5k+le/tCKaVTNgO
Cy+Zdg1Rqk7AEAkYpRda22cp3OdBQN1106J6b2nZOMMuuQ/ZTD5thDaOaKw7W16p
axxYXMga5Iveivn3VXnZce/riWXgAu9mQl82qFSnNsICBRWTsyLxWYnJIh6YfLSB
jNxEiSqdiX6OuHz1z5raE1dhlGTKqrnAFA9v7P0pTmGiU/9j17pRhqIOgOAflyZF
wZ6sGJh5v9tI5dXUhhwOZuPY46zHwblYSGAdA3jxWzIxzjEsxyMXUZxng5nIZwS/
we7y3nX/24L/DkTM5JheA6QzAgMBAAGjggGdMIIBmTALBgNVHQ8EBAMCB4AwEwYD
VR0lBAwwCgYIKwYBBQUHAwkwDwYJKwYBBQUHMAEFBAIFADAzBggrBgEFBQcBAQQn
MCUwIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLmVudHJ1c3QubmV0MIHjBgNVHR8E
gdswgdgwgdWggdKggc+kgcwwgckxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRy
dXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUgd3d3LmVudHJ1c3QubmV0L2xlZ2FsLXRl
cm1zMTkwNwYDVQQLEzAoYykgMjAxMiBFbnRydXN0LCBJbmMuIC0gZm9yIGF1dGhv
cml6ZWQgdXNlIG9ubHkxLjAsBgNVBAMTJUVudHJ1c3QgQ2VydGlmaWNhdGlvbiBB
dXRob3JpdHkgLSBMMUsxDTALBgNVBAMTBENSTDEwHwYDVR0jBBgwFoAUgqJwdN28
Uz/Pe9T3zX+nYMYKTL8wHQYDVR0OBBYEFNUCBLbXoKgts70SJatS1NHllo3EMAkG
A1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAKknvrNG7098baAlYnkbIAiaJjR4
W91g17sNu04+G0Eq8GkVh5V1DwpELGGlCgq/yUimCKMtU8DqTzovm+49d19XKfyU
okLsN0Rnn6Ni5Rlp09ReR0HI+0X05zm4HhhI9S1hEmcEwaoMRAVhFfvpGLuc/DmL
UfOyN87rsOB0fGIdpX9prmlK8pq3baawHfodssH+fxTlAwN4vSedux3ADn8ao4Xr
ZFUgGG9serhKj4uUyySpJAE5ZGa6AVocRJEJrGbqvY/Sb9cB0PyHjRPAU28Aq2c7
ZSzUW606AlPseVJhUR+A65rLCH4EiuS9ckSTJNqPCyGs7cNkZIigKIY+NVQ=
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIFrDCCBJSgAwIBAgINAPWduaYAAAAAUNH+wTANBgkqhkiG9w0BAQsFADCBujEL
MAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1Nl
ZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDEy
IEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEuMCwGA1UE
AxMlRW50cnVzdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEwxSzAeFw0xNDA4
MjYxNDUzMDlaFw0xNzA4MjYxNTIzMDlaMIHKMQswCQYDVQQGEwJVUzEWMBQGA1UE
ChMNRW50cnVzdCwgSW5jLjEoMCYGA1UECxMfU2VlIHd3dy5lbnRydXN0Lm5ldC9s
ZWdhbC10ZXJtczE5MDcGA1UECxMwKGMpIDIwMTIgRW50cnVzdCwgSW5jLiAtIGZv
ciBhdXRob3JpemVkIHVzZSBvbmx5MS4wLAYDVQQDEyVFbnRydXN0IENlcnRpZmlj
YXRpb24gQXV0aG9yaXR5IC0gTDFLMQ4wDAYDVQQDEwVPQ1NQMTCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBAMnaiVXp64PVTKleQeIiQG2padA36kGk1CV7
txufoeq145I/mT6V7+0IppVM2A4LL5l2DVGqTsAQCRilF1rbZync50FA3XXTonpv
adk4wy65D9lMPm2ENo5orDtbXqlrHFhcyBrki96K+fdVedlx7+uJZeAC72ZCXzao
VKc2wgIFFZOzIvFZickiHph8tIGM3ESJKp2Jfo64fPXPmtoTV2GUZMqqucAUD2/s
/SlOYaJT/2PXulGGog6A4B+XJkXBnqwYmHm/20jl1dSGHA5m49jjrMfBuVhIYB0D
ePFbMjHOMSzHIxdRnGeDmchnBL/B7vLedf/bgv8ORMzkmF4DpDMCAwEAAaOCAZ0w
ggGZMAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDCTAPBgkrBgEFBQcw
AQUEAgUAMDMGCCsGAQUFBwEBBCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3Au
ZW50cnVzdC5uZXQwgeMGA1UdHwSB2zCB2DCB1aCB0qCBz6SBzDCByTELMAkGA1UE
BhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cu
ZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDEyIEVudHJ1
c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEuMCwGA1UEAxMlRW50
cnVzdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEwxSzENMAsGA1UEAxMEQ1JM
MTAfBgNVHSMEGDAWgBSConB03bxTP8971PfNf6dgxgpMvzAdBgNVHQ4EFgQU1QIE
ttegqC2zvRIlq1LU0eWWjcQwCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEA
qSe+s0bvT3xtoCVieRsgCJomNHhb3WDXuw27Tj4bQSrwaRWHlXUPCkQsYaUKCr/J
SKYIoy1TwOpPOi+b7j13X1cp/JSiQuw3RGefo2LlGWnT1F5HQcj7RfTnObgeGEj1
LWESZwTBqgxEBWEV++kYu5z8OYtR87I3zuuw4HR8Yh2lf2muaUrymrdtprAd+h2y
wf5/FOUDA3i9J527HcAOfxqjhetkVSAYb2x6uEqPi5TLJKkkATlkZroBWhxEkQms
Zuq9j9Jv1wHQ/IeNE8BTbwCrZztlLNRbrToCU+x5UmFRH4DrmssIfgSK5L1yRJMk
2o8LIaztw2RkiKAohj41VA==
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [public, no-transform, must-revalidate, max-age=3557]
Content-Length: [2108]
Content-Transfer-Encoding: [Binary]
Content-Type: [application/ocsp-response]
Date: [Sun, 25 Jun 2017 22:47:51 GMT]
Etag: ["3FEED7DF784CDA4FA6C34D64546EC2821E6DAF0E"]
Expires: [Sun, 25 Jun 2017 23:47:08 GMT]
Last-Modified: [Sat, 24 Jun 2017 22:53:31 GMT]
X-Cache: [TCP_MISS from a23-215-131-87.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (-)]
  • OCSP requests is smaller than 255 bytes
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • OCSP response is valid for at least 8 hours (Microsoft)
  • OCSP response is available at least 8 hours before the current period expires or at ½ the validity if valid for more than 16 hours (Microsoft)
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is not the same as the NextUpdate field (RFC 5019 section 6.2)

Entrust Certification Authority - L1K (CA Certificate)

Certificate details for Entrust Certification Authority - L1K (At position 1 in certificate chain)
Serial number:
hex: ee94cc30000000051d37785
int: 4614832350436832027625092997
Issued by: Entrust Root Certification Authority - G2
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: Entrust, Inc.
Organization unit: See www.entrust.net/legal-terms
Organization unit: (c) 2012 Entrust, Inc. - for authorized use only
Country: US
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

Certificate Revocation List (CRL)

This CRL was cached at
http://crl.entrust.net/g2ca.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://crl.entrust.net/g2ca.crl
Size: 1224 bytes (DER data)
Response time: 6.224354ms
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 14

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Content Delivery Network (CDN): Akamai
Cache Information: TCP_MEM_HIT from a23-219-93-23.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0.2-20192836) (-)

Raw CRL response headers

Accept-Ranges: [bytes]
Cache-Control: [no-cache]
Content-Length: [1224]
Content-Type: [application/x-pkcs7-crl]
Date: [Sun, 25 Jun 2017 22:47:51 GMT]
Expires: [Sun, 25 Jun 2017 22:47:51 GMT]
Last-Modified: [Thu, 05 Jan 2017 20:27:50 GMT]
Pragma: [no-cache]
X-Cache: [TCP_MEM_HIT from a23-219-93-23.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0.2-20192836) (-)]
X-Frame-Options: [DENY]
  • Content-Type in response is set 'application/x-pkcs7-crl' and should be replaced with 'application/pkix-crl' (RFC 5280, section 4.2.1.13)
  • This CRL file is DER encoded
  • Issuer field is byte-for-byte equivalent with issuers subject
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is not the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is not the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://ocsp.entrust.net (POST)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp.entrust.net (POST)
Size: 1991 bytes (DER data)
Response time: 7.139472ms
Signature algorithm: SHA1WithRSA
Signature type: CA Delegated
Signed by: Entrust Validation Authority
Issued by: Entrust Root Certification Authority - G2
Signing certificate validity: 2017-06-01 - 2019-06-01
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 47m30s

Server and network information

Content Delivery Network (CDN): Akamai
Cache Information: TCP_HIT from a23-215-131-63.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (-)

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
ME0wSzBJMEcwRTAJBgUrDgMCGgUABBTLXNCzDvBhHecWjg70iJhBW0InywQUanIm
etAe733nO2lR1GyNn5ASZqsCDA7pTMMAAAAAUdN3hQ==
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIHwwoBAKCCB7wwgge4BgkrBgEFBQcwAQEEggepMIIHpTCCAW2hgegwgeUxCzAJ
BgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUg
d3d3LmVudHJ1c3QubmV0L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykgMjAwOSBF
bnRydXN0LCBJbmMuIC0gZm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxMjAwBgNVBAMT
KUVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcyMSUwIwYD
VQQDExxFbnRydXN0IFZhbGlkYXRpb24gQXV0aG9yaXR5GA8yMDE3MDYyNTE4MDIy
OVowbzBtMEUwCQYFKw4DAhoFAAQUy1zQsw7wYR3nFo4O9IiYQVtCJ8sEFGpyJnrQ
Hu995ztpUdRsjZ+QEmarAgwO6UzDAAAAAFHTd4WAABgPMjAxNzA2MjUxODAyMjla
oBEYDzIwMTcwNzAyMTgwMjI5WjANBgkqhkiG9w0BAQUFAAOCAQEAgVEQ2f6QeERG
M9YftmSjDUNMDrNACdKOI0pUAT4noMdmfPoGPnIolcJbIySPN82tmYuW6d9Q1iej
v4HJxSQVYifp01yJivMAK4k+1PEZUduqfqgYh4N/DHI4w7eLJq222OxJbnLKb0Lz
u9c6ZvuTwB5elvq+/0z66FLSIxPjmLEYPYTn2JJMYA1FoNmaIGPx0movevSSpB/J
dg7P69BkXCVQU+paiRfCMlBPqXIRWnc1xwCiwPv/ijsz0LIBaJ5nl4c+UFOKl7Tf
YLUfA+AADYoTyVP++R+CXqeSGk1b1MmctiY+4JrcLwq5dI3BEJKML7YoZKhANoW9
2Dtgm1I2YqCCBRwwggUYMIIFFDCCA/ygAwIBAgIMNkb/3wAAAABR05JwMA0GCSqG
SIb3DQEBCwUAMIG+MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNRW50cnVzdCwgSW5j
LjEoMCYGA1UECxMfU2VlIHd3dy5lbnRydXN0Lm5ldC9sZWdhbC10ZXJtczE5MDcG
A1UECxMwKGMpIDIwMDkgRW50cnVzdCwgSW5jLiAtIGZvciBhdXRob3JpemVkIHVz
ZSBvbmx5MTIwMAYDVQQDEylFbnRydXN0IFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRo
b3JpdHkgLSBHMjAeFw0xNzA2MDExNTE4NDNaFw0xOTA2MDExNTQ4NDNaMIHlMQsw
CQYDVQQGEwJVUzEWMBQGA1UEChMNRW50cnVzdCwgSW5jLjEoMCYGA1UECxMfU2Vl
IHd3dy5lbnRydXN0Lm5ldC9sZWdhbC10ZXJtczE5MDcGA1UECxMwKGMpIDIwMDkg
RW50cnVzdCwgSW5jLiAtIGZvciBhdXRob3JpemVkIHVzZSBvbmx5MTIwMAYDVQQD
EylFbnRydXN0IFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMjElMCMG
A1UEAxMcRW50cnVzdCBWYWxpZGF0aW9uIEF1dGhvcml0eTCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAMnaiVXp64PVTKleQeIiQG2padA36kGk1CV7txuf
oeq145I/mT6V7+0IppVM2A4LL5l2DVGqTsAQCRilF1rbZync50FA3XXTonpvadk4
wy65D9lMPm2ENo5orDtbXqlrHFhcyBrki96K+fdVedlx7+uJZeAC72ZCXzaoVKc2
wgIFFZOzIvFZickiHph8tIGM3ESJKp2Jfo64fPXPmtoTV2GUZMqqucAUD2/s/SlO
YaJT/2PXulGGog6A4B+XJkXBnqwYmHm/20jl1dSGHA5m49jjrMfBuVhIYB0DePFb
MjHOMSzHIxdRnGeDmchnBL/B7vLedf/bgv8ORMzkmF4DpDMCAwEAAaOB6DCB5TAL
BgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDwYJKwYBBQUHMAEFBAIF
ADAwBgNVHR8EKTAnMCWgI6Ahhh9odHRwOi8vY3JsLmVudHJ1c3QubmV0L2cyY2Eu
Y3JsMDMGCCsGAQUFBwEBBCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZW50
cnVzdC5uZXQwHwYDVR0jBBgwFoAUanImetAe733nO2lR1GyNn5ASZqswHQYDVR0O
BBYEFNUCBLbXoKgts70SJatS1NHllo3EMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQEL
BQADggEBAFiwYdjyMfBER4HhLsi2b3zDOvT01WIb1q3lrl/kfbkySBSNaZkuQaEr
rVG46+VgLX0A+6ge/59VepBhUmJzurKfkZGpGbxQC/S+cBFPJ7aZVYSJqFHyY+8k
HhVK8zgImvLkKQABUSBq16noNxLvAgWzC4K0C68adQN7ek+BBWSxt1EKJkgYN/cW
TnEuxqXejr8bpxyu8JY1ybB6Rf1AhP++OOKZqwdFLJvvnDlr0UKf9iDqVds6Hiba
rxiD4ClwfPHU3aIIO7yAsOMR8o7z2EBk6btXCNFAOO2I8cXBotMjRds90gufsNmN
ZXnQlUioZr6V6X1SKnTCM7Zht1pkTPg=
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgIMNkb/3wAAAABR05JwMA0GCSqGSIb3DQEBCwUAMIG+MQsw
CQYDVQQGEwJVUzEWMBQGA1UEChMNRW50cnVzdCwgSW5jLjEoMCYGA1UECxMfU2Vl
IHd3dy5lbnRydXN0Lm5ldC9sZWdhbC10ZXJtczE5MDcGA1UECxMwKGMpIDIwMDkg
RW50cnVzdCwgSW5jLiAtIGZvciBhdXRob3JpemVkIHVzZSBvbmx5MTIwMAYDVQQD
EylFbnRydXN0IFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMjAeFw0x
NzA2MDExNTE4NDNaFw0xOTA2MDExNTQ4NDNaMIHlMQswCQYDVQQGEwJVUzEWMBQG
A1UEChMNRW50cnVzdCwgSW5jLjEoMCYGA1UECxMfU2VlIHd3dy5lbnRydXN0Lm5l
dC9sZWdhbC10ZXJtczE5MDcGA1UECxMwKGMpIDIwMDkgRW50cnVzdCwgSW5jLiAt
IGZvciBhdXRob3JpemVkIHVzZSBvbmx5MTIwMAYDVQQDEylFbnRydXN0IFJvb3Qg
Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMjElMCMGA1UEAxMcRW50cnVzdCBW
YWxpZGF0aW9uIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMnaiVXp64PVTKleQeIiQG2padA36kGk1CV7txufoeq145I/mT6V7+0IppVM
2A4LL5l2DVGqTsAQCRilF1rbZync50FA3XXTonpvadk4wy65D9lMPm2ENo5orDtb
XqlrHFhcyBrki96K+fdVedlx7+uJZeAC72ZCXzaoVKc2wgIFFZOzIvFZickiHph8
tIGM3ESJKp2Jfo64fPXPmtoTV2GUZMqqucAUD2/s/SlOYaJT/2PXulGGog6A4B+X
JkXBnqwYmHm/20jl1dSGHA5m49jjrMfBuVhIYB0DePFbMjHOMSzHIxdRnGeDmchn
BL/B7vLedf/bgv8ORMzkmF4DpDMCAwEAAaOB6DCB5TALBgNVHQ8EBAMCB4AwEwYD
VR0lBAwwCgYIKwYBBQUHAwkwDwYJKwYBBQUHMAEFBAIFADAwBgNVHR8EKTAnMCWg
I6Ahhh9odHRwOi8vY3JsLmVudHJ1c3QubmV0L2cyY2EuY3JsMDMGCCsGAQUFBwEB
BCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZW50cnVzdC5uZXQwHwYDVR0j
BBgwFoAUanImetAe733nO2lR1GyNn5ASZqswHQYDVR0OBBYEFNUCBLbXoKgts70S
JatS1NHllo3EMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAFiwYdjyMfBE
R4HhLsi2b3zDOvT01WIb1q3lrl/kfbkySBSNaZkuQaErrVG46+VgLX0A+6ge/59V
epBhUmJzurKfkZGpGbxQC/S+cBFPJ7aZVYSJqFHyY+8kHhVK8zgImvLkKQABUSBq
16noNxLvAgWzC4K0C68adQN7ek+BBWSxt1EKJkgYN/cWTnEuxqXejr8bpxyu8JY1
ybB6Rf1AhP++OOKZqwdFLJvvnDlr0UKf9iDqVds6HibarxiD4ClwfPHU3aIIO7yA
sOMR8o7z2EBk6btXCNFAOO2I8cXBotMjRds90gufsNmNZXnQlUioZr6V6X1SKnTC
M7Zht1pkTPg=
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [public, no-transform, must-revalidate, max-age=2850]
Content-Length: [1991]
Content-Transfer-Encoding: [Binary]
Content-Type: [application/ocsp-response]
Date: [Sun, 25 Jun 2017 22:47:51 GMT]
Etag: ["7390B6561623D0E36AF150824B9D716F7C3097D2"]
Expires: [Sun, 25 Jun 2017 23:35:21 GMT]
Last-Modified: [Sun, 25 Jun 2017 18:02:29 GMT]
X-Cache: [TCP_HIT from a23-215-131-63.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (-)]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is not the same as the NextUpdate field (RFC 5019 section 6.2)
This OCSP response was cached at
http://ocsp.entrust.net (GET)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp.entrust.net (GET)
Size: 1991 bytes (DER data)
Response time: 13.087087ms
Signature algorithm: SHA1WithRSA
Signature type: CA Delegated
Signed by: Entrust Validation Authority
Issued by: Entrust Root Certification Authority - G2
Signing certificate validity: 2017-06-01 - 2019-06-01
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 36m32s

Server and network information

Content Delivery Network (CDN): Akamai
Cache Information: TCP_MEM_HIT from a23-215-131-63.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (-)

URL used for GET request

http://ocsp.entrust.net/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBTLXNCzDvBhHecWjg70iJhBW0InywQUanImetAe733nO2lR1GyNn5ASZqsCDA7pTMMAAAAAUdN3hQ%3D%3D

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
ME0wSzBJMEcwRTAJBgUrDgMCGgUABBTLXNCzDvBhHecWjg70iJhBW0InywQUanIm
etAe733nO2lR1GyNn5ASZqsCDA7pTMMAAAAAUdN3hQ==
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIHwwoBAKCCB7wwgge4BgkrBgEFBQcwAQEEggepMIIHpTCCAW2hgegwgeUxCzAJ
BgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUg
d3d3LmVudHJ1c3QubmV0L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykgMjAwOSBF
bnRydXN0LCBJbmMuIC0gZm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxMjAwBgNVBAMT
KUVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcyMSUwIwYD
VQQDExxFbnRydXN0IFZhbGlkYXRpb24gQXV0aG9yaXR5GA8yMDE3MDYyNTE4MDIy
OVowbzBtMEUwCQYFKw4DAhoFAAQUy1zQsw7wYR3nFo4O9IiYQVtCJ8sEFGpyJnrQ
Hu995ztpUdRsjZ+QEmarAgwO6UzDAAAAAFHTd4WAABgPMjAxNzA2MjUxODAyMjla
oBEYDzIwMTcwNzAyMTgwMjI5WjANBgkqhkiG9w0BAQUFAAOCAQEAgVEQ2f6QeERG
M9YftmSjDUNMDrNACdKOI0pUAT4noMdmfPoGPnIolcJbIySPN82tmYuW6d9Q1iej
v4HJxSQVYifp01yJivMAK4k+1PEZUduqfqgYh4N/DHI4w7eLJq222OxJbnLKb0Lz
u9c6ZvuTwB5elvq+/0z66FLSIxPjmLEYPYTn2JJMYA1FoNmaIGPx0movevSSpB/J
dg7P69BkXCVQU+paiRfCMlBPqXIRWnc1xwCiwPv/ijsz0LIBaJ5nl4c+UFOKl7Tf
YLUfA+AADYoTyVP++R+CXqeSGk1b1MmctiY+4JrcLwq5dI3BEJKML7YoZKhANoW9
2Dtgm1I2YqCCBRwwggUYMIIFFDCCA/ygAwIBAgIMNkb/3wAAAABR05JwMA0GCSqG
SIb3DQEBCwUAMIG+MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNRW50cnVzdCwgSW5j
LjEoMCYGA1UECxMfU2VlIHd3dy5lbnRydXN0Lm5ldC9sZWdhbC10ZXJtczE5MDcG
A1UECxMwKGMpIDIwMDkgRW50cnVzdCwgSW5jLiAtIGZvciBhdXRob3JpemVkIHVz
ZSBvbmx5MTIwMAYDVQQDEylFbnRydXN0IFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRo
b3JpdHkgLSBHMjAeFw0xNzA2MDExNTE4NDNaFw0xOTA2MDExNTQ4NDNaMIHlMQsw
CQYDVQQGEwJVUzEWMBQGA1UEChMNRW50cnVzdCwgSW5jLjEoMCYGA1UECxMfU2Vl
IHd3dy5lbnRydXN0Lm5ldC9sZWdhbC10ZXJtczE5MDcGA1UECxMwKGMpIDIwMDkg
RW50cnVzdCwgSW5jLiAtIGZvciBhdXRob3JpemVkIHVzZSBvbmx5MTIwMAYDVQQD
EylFbnRydXN0IFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMjElMCMG
A1UEAxMcRW50cnVzdCBWYWxpZGF0aW9uIEF1dGhvcml0eTCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAMnaiVXp64PVTKleQeIiQG2padA36kGk1CV7txuf
oeq145I/mT6V7+0IppVM2A4LL5l2DVGqTsAQCRilF1rbZync50FA3XXTonpvadk4
wy65D9lMPm2ENo5orDtbXqlrHFhcyBrki96K+fdVedlx7+uJZeAC72ZCXzaoVKc2
wgIFFZOzIvFZickiHph8tIGM3ESJKp2Jfo64fPXPmtoTV2GUZMqqucAUD2/s/SlO
YaJT/2PXulGGog6A4B+XJkXBnqwYmHm/20jl1dSGHA5m49jjrMfBuVhIYB0DePFb
MjHOMSzHIxdRnGeDmchnBL/B7vLedf/bgv8ORMzkmF4DpDMCAwEAAaOB6DCB5TAL
BgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDwYJKwYBBQUHMAEFBAIF
ADAwBgNVHR8EKTAnMCWgI6Ahhh9odHRwOi8vY3JsLmVudHJ1c3QubmV0L2cyY2Eu
Y3JsMDMGCCsGAQUFBwEBBCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZW50
cnVzdC5uZXQwHwYDVR0jBBgwFoAUanImetAe733nO2lR1GyNn5ASZqswHQYDVR0O
BBYEFNUCBLbXoKgts70SJatS1NHllo3EMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQEL
BQADggEBAFiwYdjyMfBER4HhLsi2b3zDOvT01WIb1q3lrl/kfbkySBSNaZkuQaEr
rVG46+VgLX0A+6ge/59VepBhUmJzurKfkZGpGbxQC/S+cBFPJ7aZVYSJqFHyY+8k
HhVK8zgImvLkKQABUSBq16noNxLvAgWzC4K0C68adQN7ek+BBWSxt1EKJkgYN/cW
TnEuxqXejr8bpxyu8JY1ybB6Rf1AhP++OOKZqwdFLJvvnDlr0UKf9iDqVds6Hiba
rxiD4ClwfPHU3aIIO7yAsOMR8o7z2EBk6btXCNFAOO2I8cXBotMjRds90gufsNmN
ZXnQlUioZr6V6X1SKnTCM7Zht1pkTPg=
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgIMNkb/3wAAAABR05JwMA0GCSqGSIb3DQEBCwUAMIG+MQsw
CQYDVQQGEwJVUzEWMBQGA1UEChMNRW50cnVzdCwgSW5jLjEoMCYGA1UECxMfU2Vl
IHd3dy5lbnRydXN0Lm5ldC9sZWdhbC10ZXJtczE5MDcGA1UECxMwKGMpIDIwMDkg
RW50cnVzdCwgSW5jLiAtIGZvciBhdXRob3JpemVkIHVzZSBvbmx5MTIwMAYDVQQD
EylFbnRydXN0IFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMjAeFw0x
NzA2MDExNTE4NDNaFw0xOTA2MDExNTQ4NDNaMIHlMQswCQYDVQQGEwJVUzEWMBQG
A1UEChMNRW50cnVzdCwgSW5jLjEoMCYGA1UECxMfU2VlIHd3dy5lbnRydXN0Lm5l
dC9sZWdhbC10ZXJtczE5MDcGA1UECxMwKGMpIDIwMDkgRW50cnVzdCwgSW5jLiAt
IGZvciBhdXRob3JpemVkIHVzZSBvbmx5MTIwMAYDVQQDEylFbnRydXN0IFJvb3Qg
Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMjElMCMGA1UEAxMcRW50cnVzdCBW
YWxpZGF0aW9uIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMnaiVXp64PVTKleQeIiQG2padA36kGk1CV7txufoeq145I/mT6V7+0IppVM
2A4LL5l2DVGqTsAQCRilF1rbZync50FA3XXTonpvadk4wy65D9lMPm2ENo5orDtb
XqlrHFhcyBrki96K+fdVedlx7+uJZeAC72ZCXzaoVKc2wgIFFZOzIvFZickiHph8
tIGM3ESJKp2Jfo64fPXPmtoTV2GUZMqqucAUD2/s/SlOYaJT/2PXulGGog6A4B+X
JkXBnqwYmHm/20jl1dSGHA5m49jjrMfBuVhIYB0DePFbMjHOMSzHIxdRnGeDmchn
BL/B7vLedf/bgv8ORMzkmF4DpDMCAwEAAaOB6DCB5TALBgNVHQ8EBAMCB4AwEwYD
VR0lBAwwCgYIKwYBBQUHAwkwDwYJKwYBBQUHMAEFBAIFADAwBgNVHR8EKTAnMCWg
I6Ahhh9odHRwOi8vY3JsLmVudHJ1c3QubmV0L2cyY2EuY3JsMDMGCCsGAQUFBwEB
BCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZW50cnVzdC5uZXQwHwYDVR0j
BBgwFoAUanImetAe733nO2lR1GyNn5ASZqswHQYDVR0OBBYEFNUCBLbXoKgts70S
JatS1NHllo3EMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAFiwYdjyMfBE
R4HhLsi2b3zDOvT01WIb1q3lrl/kfbkySBSNaZkuQaErrVG46+VgLX0A+6ge/59V
epBhUmJzurKfkZGpGbxQC/S+cBFPJ7aZVYSJqFHyY+8kHhVK8zgImvLkKQABUSBq
16noNxLvAgWzC4K0C68adQN7ek+BBWSxt1EKJkgYN/cWTnEuxqXejr8bpxyu8JY1
ybB6Rf1AhP++OOKZqwdFLJvvnDlr0UKf9iDqVds6HibarxiD4ClwfPHU3aIIO7yA
sOMR8o7z2EBk6btXCNFAOO2I8cXBotMjRds90gufsNmNZXnQlUioZr6V6X1SKnTC
M7Zht1pkTPg=
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [public, no-transform, must-revalidate, max-age=2192]
Content-Length: [1991]
Content-Transfer-Encoding: [Binary]
Content-Type: [application/ocsp-response]
Date: [Sun, 25 Jun 2017 22:47:51 GMT]
Etag: ["7390B6561623D0E36AF150824B9D716F7C3097D2"]
Expires: [Sun, 25 Jun 2017 23:24:23 GMT]
Last-Modified: [Sun, 25 Jun 2017 18:02:29 GMT]
X-Cache: [TCP_MEM_HIT from a23-215-131-63.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (-)]
  • OCSP requests is smaller than 255 bytes
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is not the same as the NextUpdate field (RFC 5019 section 6.2)

Entrust Root Certification Authority - G2 (CA Certificate)

Certificate details for Entrust Root Certification Authority - G2 (At position 2 in certificate chain)
Serial number:
hex: 4a538c28
int: 1246989352
Issued by: Entrust Root Certification Authority - G2
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: Entrust, Inc.
Organization unit: See www.entrust.net/legal-terms
Organization unit: (c) 2009 Entrust, Inc. - for authorized use only
Country: US
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

This is a self signed certificate

Check the revocation status for another website

Created by Paul van Brouwershaven
© 2015 - 2017 Digitorus B.V.
Revoked certificates can't and should not be trusted, these certificate will cause errors like "NET::ERR_CERT_REVOKED" in browsers.