CRL & OCSP report for propertyfile.gov.bc.ca (Government of the Province of British Columbia)

propertyfile.gov.bc.ca

Certificate details for propertyfile.gov.bc.ca (At position 0 in certificate chain)
Serial number:
hex: 50d5735d
int: 1356165981
Issued by: Entrust Certification Authority - L1K
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: Government of the Province of British Columbia
State / Province: British Columbia
Locality: Victoria
Country: CA
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

Check certificate compliance for propertyfile.gov.bc.ca.

Certificate Revocation List (CRL)

This CRL was cached at
http://crl.entrust.net/level1k.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://crl.entrust.net/level1k.crl
Size: 1984787 bytes (DER data)
Response time: 17.727173ms
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 42595

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Content Delivery Network (CDN): Akamai
Cache Information: TCP_HIT from a23-219-93-206.deploy.akamaitechnologies.com (AkamaiGHost/8.3.4.1.2-20081415) (-)

Raw CRL response headers

Accept-Ranges: [bytes]
Cache-Control: [no-cache]
Content-Length: [1984787]
Content-Type: [application/x-pkcs7-crl]
Date: [Sun, 25 Jun 2017 03:40:52 GMT]
Expires: [Sun, 25 Jun 2017 03:40:52 GMT]
Last-Modified: [Sun, 25 Jun 2017 03:00:10 GMT]
Pragma: [no-cache]
X-Cache: [TCP_HIT from a23-219-93-206.deploy.akamaitechnologies.com (AkamaiGHost/8.3.4.1.2-20081415) (-)]
X-Frame-Options: [DENY]
  • Content-Type in response is set 'application/x-pkcs7-crl' and should be replaced with 'application/pkix-crl' (RFC 5280, section 4.2.1.13)
  • This CRL file is DER encoded
  • Issuer field is byte-for-byte equivalent with issuers subject
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than seven days old, CRLs must be updated and reissued at least every seven days (Mozilla Maintenance Policy section 3)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is not the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is not the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://ocsp.entrust.net (POST)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp.entrust.net (POST)
Size: 2108 bytes (DER data)
Response time: 66.318368ms
Signature algorithm: SHA1WithRSA
Signature type: CA Delegated
Signed by: OCSP1
Issued by: Entrust Certification Authority - L1K
Signing certificate validity: 2014-08-26 - 2017-08-26
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 1h0m0s

Server and network information

Content Delivery Network (CDN): Akamai
Cache Information: TCP_MISS from a23-219-93-102.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (-)

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MEUwQzBBMD8wPTAJBgUrDgMCGgUABBTMbSIc9rRVLC+HkV9a/vDh7s6DzAQUgqJw
dN28Uz/Pe9T3zX+nYMYKTL8CBFDVc10=
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIIOAoBAKCCCDEwgggtBgkrBgEFBQcwAQEEgggeMIIIGjCCAUqhgc0wgcoxCzAJ
BgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUg
d3d3LmVudHJ1c3QubmV0L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykgMjAxMiBF
bnRydXN0LCBJbmMuIC0gZm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxLjAsBgNVBAMT
JUVudHJ1c3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBMMUsxDjAMBgNVBAMT
BU9DU1AxGA8yMDE3MDYyNDIyNTMzMVowZzBlMD0wCQYFKw4DAhoFAAQUzG0iHPa0
VSwvh5FfWv7w4e7Og8wEFIKicHTdvFM/z3vU981/p2DGCky/AgRQ1XNdgAAYDzIw
MTcwNjI0MjI1MzMxWqARGA8yMDE3MDcwMTIyNTMzMVowDQYJKoZIhvcNAQEFBQAD
ggEBAFS/5syR034cgtthL+JWMxbHk5yrqHF1NCCvaTe6RADQm90M6mqz8ztMMtsK
TBb4RzNOrjLeIu40gYHhUMH9gBl1UxBAfi3O2J7xvLsuzq0Bc2Bhfm4e0CXwPS/A
uHUSuS2hbTbtR1tz2qkvY2OVyokELOL9VJSeDlYOcF/ttyffzgeXM4KBDy+xXLVt
xGGPJS1MFsC5AnL5vMhCK94inpOh40HKMusgS22/oL0B3lNVp/LfFoDYFhNVOrGN
PoRnLqF+dAJuc41R8Md/L4B1mOnoF3wIo9nF0Y7hhYe7WHiQw2AxQIaF/ELOt84K
nNE0kllDfss+V4lIBfjT8xtLTaWgggW0MIIFsDCCBawwggSUoAMCAQICDQD1nbmm
AAAAAFDR/sEwDQYJKoZIhvcNAQELBQAwgboxCzAJBgNVBAYTAlVTMRYwFAYDVQQK
Ew1FbnRydXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUgd3d3LmVudHJ1c3QubmV0L2xl
Z2FsLXRlcm1zMTkwNwYDVQQLEzAoYykgMjAxMiBFbnRydXN0LCBJbmMuIC0gZm9y
IGF1dGhvcml6ZWQgdXNlIG9ubHkxLjAsBgNVBAMTJUVudHJ1c3QgQ2VydGlmaWNh
dGlvbiBBdXRob3JpdHkgLSBMMUswHhcNMTQwODI2MTQ1MzA5WhcNMTcwODI2MTUy
MzA5WjCByjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAm
BgNVBAsTH1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsT
MChjKSAyMDEyIEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25s
eTEuMCwGA1UEAxMlRW50cnVzdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEwx
SzEOMAwGA1UEAxMFT0NTUDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDJ2olV6euD1UypXkHiIkBtqWnQN+pBpNQle7cbn6HqteOSP5k+le/tCKaVTNgO
Cy+Zdg1Rqk7AEAkYpRda22cp3OdBQN1106J6b2nZOMMuuQ/ZTD5thDaOaKw7W16p
axxYXMga5Iveivn3VXnZce/riWXgAu9mQl82qFSnNsICBRWTsyLxWYnJIh6YfLSB
jNxEiSqdiX6OuHz1z5raE1dhlGTKqrnAFA9v7P0pTmGiU/9j17pRhqIOgOAflyZF
wZ6sGJh5v9tI5dXUhhwOZuPY46zHwblYSGAdA3jxWzIxzjEsxyMXUZxng5nIZwS/
we7y3nX/24L/DkTM5JheA6QzAgMBAAGjggGdMIIBmTALBgNVHQ8EBAMCB4AwEwYD
VR0lBAwwCgYIKwYBBQUHAwkwDwYJKwYBBQUHMAEFBAIFADAzBggrBgEFBQcBAQQn
MCUwIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLmVudHJ1c3QubmV0MIHjBgNVHR8E
gdswgdgwgdWggdKggc+kgcwwgckxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRy
dXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUgd3d3LmVudHJ1c3QubmV0L2xlZ2FsLXRl
cm1zMTkwNwYDVQQLEzAoYykgMjAxMiBFbnRydXN0LCBJbmMuIC0gZm9yIGF1dGhv
cml6ZWQgdXNlIG9ubHkxLjAsBgNVBAMTJUVudHJ1c3QgQ2VydGlmaWNhdGlvbiBB
dXRob3JpdHkgLSBMMUsxDTALBgNVBAMTBENSTDEwHwYDVR0jBBgwFoAUgqJwdN28
Uz/Pe9T3zX+nYMYKTL8wHQYDVR0OBBYEFNUCBLbXoKgts70SJatS1NHllo3EMAkG
A1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAKknvrNG7098baAlYnkbIAiaJjR4
W91g17sNu04+G0Eq8GkVh5V1DwpELGGlCgq/yUimCKMtU8DqTzovm+49d19XKfyU
okLsN0Rnn6Ni5Rlp09ReR0HI+0X05zm4HhhI9S1hEmcEwaoMRAVhFfvpGLuc/DmL
UfOyN87rsOB0fGIdpX9prmlK8pq3baawHfodssH+fxTlAwN4vSedux3ADn8ao4Xr
ZFUgGG9serhKj4uUyySpJAE5ZGa6AVocRJEJrGbqvY/Sb9cB0PyHjRPAU28Aq2c7
ZSzUW606AlPseVJhUR+A65rLCH4EiuS9ckSTJNqPCyGs7cNkZIigKIY+NVQ=
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIFrDCCBJSgAwIBAgINAPWduaYAAAAAUNH+wTANBgkqhkiG9w0BAQsFADCBujEL
MAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1Nl
ZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDEy
IEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEuMCwGA1UE
AxMlRW50cnVzdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEwxSzAeFw0xNDA4
MjYxNDUzMDlaFw0xNzA4MjYxNTIzMDlaMIHKMQswCQYDVQQGEwJVUzEWMBQGA1UE
ChMNRW50cnVzdCwgSW5jLjEoMCYGA1UECxMfU2VlIHd3dy5lbnRydXN0Lm5ldC9s
ZWdhbC10ZXJtczE5MDcGA1UECxMwKGMpIDIwMTIgRW50cnVzdCwgSW5jLiAtIGZv
ciBhdXRob3JpemVkIHVzZSBvbmx5MS4wLAYDVQQDEyVFbnRydXN0IENlcnRpZmlj
YXRpb24gQXV0aG9yaXR5IC0gTDFLMQ4wDAYDVQQDEwVPQ1NQMTCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBAMnaiVXp64PVTKleQeIiQG2padA36kGk1CV7
txufoeq145I/mT6V7+0IppVM2A4LL5l2DVGqTsAQCRilF1rbZync50FA3XXTonpv
adk4wy65D9lMPm2ENo5orDtbXqlrHFhcyBrki96K+fdVedlx7+uJZeAC72ZCXzao
VKc2wgIFFZOzIvFZickiHph8tIGM3ESJKp2Jfo64fPXPmtoTV2GUZMqqucAUD2/s
/SlOYaJT/2PXulGGog6A4B+XJkXBnqwYmHm/20jl1dSGHA5m49jjrMfBuVhIYB0D
ePFbMjHOMSzHIxdRnGeDmchnBL/B7vLedf/bgv8ORMzkmF4DpDMCAwEAAaOCAZ0w
ggGZMAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDCTAPBgkrBgEFBQcw
AQUEAgUAMDMGCCsGAQUFBwEBBCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3Au
ZW50cnVzdC5uZXQwgeMGA1UdHwSB2zCB2DCB1aCB0qCBz6SBzDCByTELMAkGA1UE
BhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cu
ZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDEyIEVudHJ1
c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEuMCwGA1UEAxMlRW50
cnVzdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEwxSzENMAsGA1UEAxMEQ1JM
MTAfBgNVHSMEGDAWgBSConB03bxTP8971PfNf6dgxgpMvzAdBgNVHQ4EFgQU1QIE
ttegqC2zvRIlq1LU0eWWjcQwCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEA
qSe+s0bvT3xtoCVieRsgCJomNHhb3WDXuw27Tj4bQSrwaRWHlXUPCkQsYaUKCr/J
SKYIoy1TwOpPOi+b7j13X1cp/JSiQuw3RGefo2LlGWnT1F5HQcj7RfTnObgeGEj1
LWESZwTBqgxEBWEV++kYu5z8OYtR87I3zuuw4HR8Yh2lf2muaUrymrdtprAd+h2y
wf5/FOUDA3i9J527HcAOfxqjhetkVSAYb2x6uEqPi5TLJKkkATlkZroBWhxEkQms
Zuq9j9Jv1wHQ/IeNE8BTbwCrZztlLNRbrToCU+x5UmFRH4DrmssIfgSK5L1yRJMk
2o8LIaztw2RkiKAohj41VA==
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [public, no-transform, must-revalidate, max-age=3600]
Content-Length: [2108]
Content-Transfer-Encoding: [Binary]
Content-Type: [application/ocsp-response]
Date: [Sun, 25 Jun 2017 03:40:52 GMT]
Etag: ["58AEC1D6093DB72E926EEB63358EDBE3FB53462F"]
Expires: [Sun, 25 Jun 2017 04:40:52 GMT]
Last-Modified: [Sat, 24 Jun 2017 22:53:31 GMT]
X-Cache: [TCP_MISS from a23-219-93-102.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (-)]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • OCSP response is valid for at least 8 hours (Microsoft)
  • OCSP response is available at least 8 hours before the current period expires or at ½ the validity if valid for more than 16 hours (Microsoft)
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is not the same as the NextUpdate field (RFC 5019 section 6.2)
This OCSP response was cached at
http://ocsp.entrust.net (GET)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp.entrust.net (GET)
Size: 2108 bytes (DER data)
Response time: 125.563527ms
Signature algorithm: SHA1WithRSA
Signature type: CA Delegated
Signed by: OCSP1
Issued by: Entrust Certification Authority - L1K
Signing certificate validity: 2014-08-26 - 2017-08-26
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 59m58s

Server and network information

Content Delivery Network (CDN): Akamai
Cache Information: TCP_MISS from a23-219-93-86.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (-)

URL used for GET request

http://ocsp.entrust.net/MEUwQzBBMD8wPTAJBgUrDgMCGgUABBTMbSIc9rRVLC%2BHkV9a%2FvDh7s6DzAQUgqJwdN28Uz%2FPe9T3zX%2BnYMYKTL8CBFDVc10%3D

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MEUwQzBBMD8wPTAJBgUrDgMCGgUABBTMbSIc9rRVLC+HkV9a/vDh7s6DzAQUgqJw
dN28Uz/Pe9T3zX+nYMYKTL8CBFDVc10=
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIIOAoBAKCCCDEwgggtBgkrBgEFBQcwAQEEgggeMIIIGjCCAUqhgc0wgcoxCzAJ
BgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUg
d3d3LmVudHJ1c3QubmV0L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykgMjAxMiBF
bnRydXN0LCBJbmMuIC0gZm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxLjAsBgNVBAMT
JUVudHJ1c3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBMMUsxDjAMBgNVBAMT
BU9DU1AxGA8yMDE3MDYyNDIyNTMzMVowZzBlMD0wCQYFKw4DAhoFAAQUzG0iHPa0
VSwvh5FfWv7w4e7Og8wEFIKicHTdvFM/z3vU981/p2DGCky/AgRQ1XNdgAAYDzIw
MTcwNjI0MjI1MzMxWqARGA8yMDE3MDcwMTIyNTMzMVowDQYJKoZIhvcNAQEFBQAD
ggEBAFS/5syR034cgtthL+JWMxbHk5yrqHF1NCCvaTe6RADQm90M6mqz8ztMMtsK
TBb4RzNOrjLeIu40gYHhUMH9gBl1UxBAfi3O2J7xvLsuzq0Bc2Bhfm4e0CXwPS/A
uHUSuS2hbTbtR1tz2qkvY2OVyokELOL9VJSeDlYOcF/ttyffzgeXM4KBDy+xXLVt
xGGPJS1MFsC5AnL5vMhCK94inpOh40HKMusgS22/oL0B3lNVp/LfFoDYFhNVOrGN
PoRnLqF+dAJuc41R8Md/L4B1mOnoF3wIo9nF0Y7hhYe7WHiQw2AxQIaF/ELOt84K
nNE0kllDfss+V4lIBfjT8xtLTaWgggW0MIIFsDCCBawwggSUoAMCAQICDQD1nbmm
AAAAAFDR/sEwDQYJKoZIhvcNAQELBQAwgboxCzAJBgNVBAYTAlVTMRYwFAYDVQQK
Ew1FbnRydXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUgd3d3LmVudHJ1c3QubmV0L2xl
Z2FsLXRlcm1zMTkwNwYDVQQLEzAoYykgMjAxMiBFbnRydXN0LCBJbmMuIC0gZm9y
IGF1dGhvcml6ZWQgdXNlIG9ubHkxLjAsBgNVBAMTJUVudHJ1c3QgQ2VydGlmaWNh
dGlvbiBBdXRob3JpdHkgLSBMMUswHhcNMTQwODI2MTQ1MzA5WhcNMTcwODI2MTUy
MzA5WjCByjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAm
BgNVBAsTH1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsT
MChjKSAyMDEyIEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25s
eTEuMCwGA1UEAxMlRW50cnVzdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEwx
SzEOMAwGA1UEAxMFT0NTUDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDJ2olV6euD1UypXkHiIkBtqWnQN+pBpNQle7cbn6HqteOSP5k+le/tCKaVTNgO
Cy+Zdg1Rqk7AEAkYpRda22cp3OdBQN1106J6b2nZOMMuuQ/ZTD5thDaOaKw7W16p
axxYXMga5Iveivn3VXnZce/riWXgAu9mQl82qFSnNsICBRWTsyLxWYnJIh6YfLSB
jNxEiSqdiX6OuHz1z5raE1dhlGTKqrnAFA9v7P0pTmGiU/9j17pRhqIOgOAflyZF
wZ6sGJh5v9tI5dXUhhwOZuPY46zHwblYSGAdA3jxWzIxzjEsxyMXUZxng5nIZwS/
we7y3nX/24L/DkTM5JheA6QzAgMBAAGjggGdMIIBmTALBgNVHQ8EBAMCB4AwEwYD
VR0lBAwwCgYIKwYBBQUHAwkwDwYJKwYBBQUHMAEFBAIFADAzBggrBgEFBQcBAQQn
MCUwIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLmVudHJ1c3QubmV0MIHjBgNVHR8E
gdswgdgwgdWggdKggc+kgcwwgckxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRy
dXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUgd3d3LmVudHJ1c3QubmV0L2xlZ2FsLXRl
cm1zMTkwNwYDVQQLEzAoYykgMjAxMiBFbnRydXN0LCBJbmMuIC0gZm9yIGF1dGhv
cml6ZWQgdXNlIG9ubHkxLjAsBgNVBAMTJUVudHJ1c3QgQ2VydGlmaWNhdGlvbiBB
dXRob3JpdHkgLSBMMUsxDTALBgNVBAMTBENSTDEwHwYDVR0jBBgwFoAUgqJwdN28
Uz/Pe9T3zX+nYMYKTL8wHQYDVR0OBBYEFNUCBLbXoKgts70SJatS1NHllo3EMAkG
A1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAKknvrNG7098baAlYnkbIAiaJjR4
W91g17sNu04+G0Eq8GkVh5V1DwpELGGlCgq/yUimCKMtU8DqTzovm+49d19XKfyU
okLsN0Rnn6Ni5Rlp09ReR0HI+0X05zm4HhhI9S1hEmcEwaoMRAVhFfvpGLuc/DmL
UfOyN87rsOB0fGIdpX9prmlK8pq3baawHfodssH+fxTlAwN4vSedux3ADn8ao4Xr
ZFUgGG9serhKj4uUyySpJAE5ZGa6AVocRJEJrGbqvY/Sb9cB0PyHjRPAU28Aq2c7
ZSzUW606AlPseVJhUR+A65rLCH4EiuS9ckSTJNqPCyGs7cNkZIigKIY+NVQ=
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIFrDCCBJSgAwIBAgINAPWduaYAAAAAUNH+wTANBgkqhkiG9w0BAQsFADCBujEL
MAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1Nl
ZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDEy
IEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEuMCwGA1UE
AxMlRW50cnVzdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEwxSzAeFw0xNDA4
MjYxNDUzMDlaFw0xNzA4MjYxNTIzMDlaMIHKMQswCQYDVQQGEwJVUzEWMBQGA1UE
ChMNRW50cnVzdCwgSW5jLjEoMCYGA1UECxMfU2VlIHd3dy5lbnRydXN0Lm5ldC9s
ZWdhbC10ZXJtczE5MDcGA1UECxMwKGMpIDIwMTIgRW50cnVzdCwgSW5jLiAtIGZv
ciBhdXRob3JpemVkIHVzZSBvbmx5MS4wLAYDVQQDEyVFbnRydXN0IENlcnRpZmlj
YXRpb24gQXV0aG9yaXR5IC0gTDFLMQ4wDAYDVQQDEwVPQ1NQMTCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBAMnaiVXp64PVTKleQeIiQG2padA36kGk1CV7
txufoeq145I/mT6V7+0IppVM2A4LL5l2DVGqTsAQCRilF1rbZync50FA3XXTonpv
adk4wy65D9lMPm2ENo5orDtbXqlrHFhcyBrki96K+fdVedlx7+uJZeAC72ZCXzao
VKc2wgIFFZOzIvFZickiHph8tIGM3ESJKp2Jfo64fPXPmtoTV2GUZMqqucAUD2/s
/SlOYaJT/2PXulGGog6A4B+XJkXBnqwYmHm/20jl1dSGHA5m49jjrMfBuVhIYB0D
ePFbMjHOMSzHIxdRnGeDmchnBL/B7vLedf/bgv8ORMzkmF4DpDMCAwEAAaOCAZ0w
ggGZMAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDCTAPBgkrBgEFBQcw
AQUEAgUAMDMGCCsGAQUFBwEBBCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3Au
ZW50cnVzdC5uZXQwgeMGA1UdHwSB2zCB2DCB1aCB0qCBz6SBzDCByTELMAkGA1UE
BhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cu
ZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDEyIEVudHJ1
c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEuMCwGA1UEAxMlRW50
cnVzdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEwxSzENMAsGA1UEAxMEQ1JM
MTAfBgNVHSMEGDAWgBSConB03bxTP8971PfNf6dgxgpMvzAdBgNVHQ4EFgQU1QIE
ttegqC2zvRIlq1LU0eWWjcQwCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEA
qSe+s0bvT3xtoCVieRsgCJomNHhb3WDXuw27Tj4bQSrwaRWHlXUPCkQsYaUKCr/J
SKYIoy1TwOpPOi+b7j13X1cp/JSiQuw3RGefo2LlGWnT1F5HQcj7RfTnObgeGEj1
LWESZwTBqgxEBWEV++kYu5z8OYtR87I3zuuw4HR8Yh2lf2muaUrymrdtprAd+h2y
wf5/FOUDA3i9J527HcAOfxqjhetkVSAYb2x6uEqPi5TLJKkkATlkZroBWhxEkQms
Zuq9j9Jv1wHQ/IeNE8BTbwCrZztlLNRbrToCU+x5UmFRH4DrmssIfgSK5L1yRJMk
2o8LIaztw2RkiKAohj41VA==
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [public, no-transform, must-revalidate, max-age=3598]
Content-Length: [2108]
Content-Transfer-Encoding: [Binary]
Content-Type: [application/ocsp-response]
Date: [Sun, 25 Jun 2017 03:40:52 GMT]
Etag: ["58AEC1D6093DB72E926EEB63358EDBE3FB53462F"]
Expires: [Sun, 25 Jun 2017 04:40:50 GMT]
Last-Modified: [Sat, 24 Jun 2017 22:53:31 GMT]
X-Cache: [TCP_MISS from a23-219-93-86.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (-)]
  • OCSP requests is smaller than 255 bytes
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • OCSP response is valid for at least 8 hours (Microsoft)
  • OCSP response is available at least 8 hours before the current period expires or at ½ the validity if valid for more than 16 hours (Microsoft)
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is not the same as the NextUpdate field (RFC 5019 section 6.2)

Entrust Certification Authority - L1K (CA Certificate)

Certificate details for Entrust Certification Authority - L1K (At position 1 in certificate chain)
Serial number:
hex: ee94cc30000000051d37785
int: 4614832350436832027625092997
Issued by: Entrust Root Certification Authority - G2
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: Entrust, Inc.
Organization unit: See www.entrust.net/legal-terms
Organization unit: (c) 2012 Entrust, Inc. - for authorized use only
Country: US
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

This certificate contains no information about authoritative CRL(s) or OCSP servers

Check the revocation status for another website

Created by Paul van Brouwershaven
© 2015 - 2017 Digitorus B.V.
Revoked certificates can't and should not be trusted, these certificate will cause errors like "NET::ERR_CERT_REVOKED" in browsers.