CRL & OCSP report for www.thervfactory.com

www.thervfactory.com

Certificate details for www.thervfactory.com (At position 0 in certificate chain)
Serial number:
hex: a3d34
int: 671028
Issued by: GeoTrust DV SSL CA
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Company registration number: IEE5xO3vpInogXvJSTGEewDU8Le7wBQ4
Organization unit: GT35251050
Organization unit: See www.geotrust.com/resources/cps (c)14
Organization unit: Domain Control Validated - QuickSSL(R) Premium
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

Check certificate compliance for www.thervfactory.com.

Certificate Revocation List (CRL)

This CRL was cached at
http://gtssldv-crl.geotrust.com/crls/gtssldv.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://gtssldv-crl.geotrust.com/crls/gtssldv.crl
Size: 3126 bytes (DER data)
Response time: 4.994826ms
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 120

Relevant server response headers

Date:
Last Modified:

Server and network information

Server Software: Apache
Content Delivery Network (CDN): Akamai
Cache Information: TCP_MEM_HIT from a23-215-131-111.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (-)

Raw CRL response headers

Accept-Ranges: [bytes]
Content-Type: [application/pkix-crl]
Date: [Tue, 27 Jun 2017 02:10:10 GMT]
Etag: ["ba7c751a3caa4e43d94daafb2545ef0e:1498528818"]
Last-Modified: [Tue, 27 Jun 2017 02:00:18 GMT]
Server: [Apache]
Vary: [Accept-Encoding]
X-Cache: [TCP_MEM_HIT from a23-215-131-111.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (-)]
  • Content-Type in response is set to 'application/pkix-crl (RFC 5280, section 4.2.1.13)'
  • This CRL file is DER encoded
  • Issuer field is byte-for-byte equivalent with issuers subject
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than seven days old, CRLs must be updated and reissued at least every seven days (Mozilla Maintenance Policy section 3)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is not the same as ThisUpdate (RFC 5019, section 6.2)
  • Expires cache header not set (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://gtssldv-ocsp.geotrust.com (POST)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://gtssldv-ocsp.geotrust.com (POST)
Size: 1383 bytes (DER data)
Response time: 26.68287ms
Signature algorithm: SHA1WithRSA
Signature type: CA Delegated
Signed by: GeoTrust DV SSL OCSP Responder
Issued by: GeoTrust DV SSL CA
Signing certificate validity: 2017-04-28 - 2018-05-22
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 101h42m12s

Server and network information

Server Software: nginx/1.10.2
Content Delivery Network (CDN): Akamai
Cache Information: TCP_MISS from a23-215-131-86.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (-)

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MEQwQjBAMD4wPDAJBgUrDgMCGgUABBRqknk2dTFx4YxndyPjxU1kh1SQkgQUjPTZ
kwpHvACgSs5LdW6gtrCyfvwCAwo9NA==
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIFYwoBAKCCBVwwggVYBgkrBgEFBQcwAQEEggVJMIIFRTCBkaIWBBQRh5cBkSKm
O+LM9jBZlxTyS9iH7RgPMjAxNzA2MjQwNzUyMjJaMGYwZDA8MAkGBSsOAwIaBQAE
FGqSeTZ1MXHhjGd3I+PFTWSHVJCSBBSM9NmTCke8AKBKzkt1bqC2sLJ+/AIDCj00
gAAYDzIwMTcwNjI0MDc1MjIyWqARGA8yMDE3MDcwMTA3NTIyMlowDQYJKoZIhvcN
AQEFBQADggEBAKlYXKVjHk+1wVWg5xBHk1Vt1KTR/O2/ZESDVykP/BHRczkuRCx4
TZJMoDqgQIilr+unEmzBn69od2glckkPHW9PGIWrmyO5sBj4h2PDPbuvaqeWokdI
z4rPYRw+A7BNJKNmFBd+EOPD0AUO0OetYelxJFzBopeEGH80TO7+LuRbVSYJGlXU
64u0AtTTEWy+/m1bc1JXqGQSd9MGJ5ONW+8keJbTxfvEd+YsaavX8O31cJj5lh8T
0uQF3K2X07ezRAoAI9lTqX3oiRL3F3phylCKgqwpP1E3nqYNLNOgeahEcyZ1ayRY
KGyPHyi3UX53uLSxlDjwah7d2IcydMBAHOygggOZMIIDlTCCA5EwggJ5oAMCAQIC
EAEAESroCeakGD7SF8rgMyowDQYJKoZIhvcNAQELBQAwYTELMAkGA1UEBhMCVVMx
FjAUBgNVBAoTDUdlb1RydXN0IEluYy4xHTAbBgNVBAsTFERvbWFpbiBWYWxpZGF0
ZWQgU1NMMRswGQYDVQQDExJHZW9UcnVzdCBEViBTU0wgQ0EwHhcNMTcwNDI4MTkw
NDEwWhcNMTgwNTIyMTkwNDEwWjApMScwJQYDVQQDEx5HZW9UcnVzdCBEViBTU0wg
T0NTUCBSZXNwb25kZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCt
gyWJoKLo2EpQRGFz/LIhMO8QxXcV94Wqrvn3zIRYc0aDDI+DF9QBJDVK2aUNZEzx
TCgh0yZ7d9hJdAmFF068k0Kk7v151eogl1MCtJpM5j8Qx+ARMp3aqa7cOkJ7+QRQ
3PqvoDa2PtciYGk7d54PvoR9e8BMGJXPvE2+YyXUsGj2M8r6fAHVHerEip0B3gik
LOtg3qTcWRIG6tcf0sxSijRqrAIS0kCMSfs/C5t8122+HHnAj3ZRr6sWzRvETKJf
EDivB8v1lUhc9UHYo67P0VGbO2xXpp15XmgQ27GnJIcThCoU9tP+7vu4W/LsuPda
WK1u+Z5O3qNkEARV5yy9AgMBAAGjfTB7MB8GA1UdIwQYMBaAFIz02ZMKR7wAoErO
S3VuoLawsn78MA8GCSsGAQUFBzABBQQCBQAwEwYDVR0lBAwwCgYIKwYBBQUHAwkw
DgYDVR0PAQH/BAQDAgeAMCIGA1UdEQQbMBmkFzAVMRMwEQYDVQQDEwpUR1YtT0ZG
LTk1MA0GCSqGSIb3DQEBCwUAA4IBAQAeigm3uXfiHeWx9YWUBW8B37HkAFYvdSPs
EGwtpRig42qFJk+L1mriWQVmHpcMWF/RgndMHWLNg3wGerbYmYhjheDybQhzqDu1
yq1YrmAFuKbG09v+6oj32lxp2i+iIsdUWHcY9tPy8XNPNvbCDp5ANxn7Fm8em1Sa
ZEBzBLdxk1n0qgkDN1dCy1zoARlnx2N3rVZhlKc0iKvzIF+0rYvU8VbKKy6ZD8aV
TQlDCTzVpWd1RqszCwUKY9iOrhrPvCXDSPB21n7cXAc1Hwt6a5bpBYtbspIn6yzD
ntjjzwysY8uQHDgud9chDJ5BV0/j3GVHGy3JEf+eMpqdkmbXDKtJ
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIDkTCCAnmgAwIBAgIQAQARKugJ5qQYPtIXyuAzKjANBgkqhkiG9w0BAQsFADBh
MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEdMBsGA1UECxMU
RG9tYWluIFZhbGlkYXRlZCBTU0wxGzAZBgNVBAMTEkdlb1RydXN0IERWIFNTTCBD
QTAeFw0xNzA0MjgxOTA0MTBaFw0xODA1MjIxOTA0MTBaMCkxJzAlBgNVBAMTHkdl
b1RydXN0IERWIFNTTCBPQ1NQIFJlc3BvbmRlcjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAK2DJYmgoujYSlBEYXP8siEw7xDFdxX3haqu+ffMhFhzRoMM
j4MX1AEkNUrZpQ1kTPFMKCHTJnt32El0CYUXTryTQqTu/XnV6iCXUwK0mkzmPxDH
4BEyndqprtw6Qnv5BFDc+q+gNrY+1yJgaTt3ng++hH17wEwYlc+8Tb5jJdSwaPYz
yvp8AdUd6sSKnQHeCKQs62DepNxZEgbq1x/SzFKKNGqsAhLSQIxJ+z8Lm3zXbb4c
ecCPdlGvqxbNG8RMol8QOK8Hy/WVSFz1Qdijrs/RUZs7bFemnXleaBDbsackhxOE
KhT20/7u+7hb8uy491pYrW75nk7eo2QQBFXnLL0CAwEAAaN9MHswHwYDVR0jBBgw
FoAUjPTZkwpHvACgSs5LdW6gtrCyfvwwDwYJKwYBBQUHMAEFBAIFADATBgNVHSUE
DDAKBggrBgEFBQcDCTAOBgNVHQ8BAf8EBAMCB4AwIgYDVR0RBBswGaQXMBUxEzAR
BgNVBAMTClRHVi1PRkYtOTUwDQYJKoZIhvcNAQELBQADggEBAB6KCbe5d+Id5bH1
hZQFbwHfseQAVi91I+wQbC2lGKDjaoUmT4vWauJZBWYelwxYX9GCd0wdYs2DfAZ6
ttiZiGOF4PJtCHOoO7XKrViuYAW4psbT2/7qiPfaXGnaL6Iix1RYdxj20/Lxc082
9sIOnkA3GfsWbx6bVJpkQHMEt3GTWfSqCQM3V0LLXOgBGWfHY3etVmGUpzSIq/Mg
X7Sti9TxVsorLpkPxpVNCUMJPNWlZ3VGqzMLBQpj2I6uGs+8JcNI8HbWftxcBzUf
C3prlukFi1uykifrLMOe2OPPDKxjy5AcOC531yEMnkFXT+PcZUcbLckR/54ymp2S
ZtcMq0k=
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [max-age=366132, public, no-transform, must-revalidate]
Content-Length: [1383]
Content-Transfer-Encoding: [binary]
Content-Type: [application/ocsp-response]
Date: [Tue, 27 Jun 2017 02:10:10 GMT]
Expires: [Sat, 1 Jul 2017 07:52:22 GMT]
Last-Modified: [Sat, 24 Jun 2017 07:52:22 GMT]
Server: [nginx/1.10.2]
X-Cache: [TCP_MISS from a23-215-131-86.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (-)]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • OCSP response is valid for at least 8 hours (Microsoft)
  • OCSP response is available at least 8 hours before the current period expires or at ½ the validity if valid for more than 16 hours (Microsoft)
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)
This OCSP response was cached at
http://gtssldv-ocsp.geotrust.com (GET)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://gtssldv-ocsp.geotrust.com (GET)
Size: 1383 bytes (DER data)
Response time: 47.496142ms
Signature algorithm: SHA1WithRSA
Signature type: CA Delegated
Signed by: GeoTrust DV SSL OCSP Responder
Issued by: GeoTrust DV SSL CA
Signing certificate validity: 2017-04-28 - 2018-05-22
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 101h42m12s

Server and network information

Server Software: nginx/1.10.2
Content Delivery Network (CDN): Akamai
Cache Information: TCP_MISS from a23-215-131-86.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (-)

URL used for GET request

http://gtssldv-ocsp.geotrust.com/MEQwQjBAMD4wPDAJBgUrDgMCGgUABBRqknk2dTFx4YxndyPjxU1kh1SQkgQUjPTZkwpHvACgSs5LdW6gtrCyfvwCAwo9NA%3D%3D

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MEQwQjBAMD4wPDAJBgUrDgMCGgUABBRqknk2dTFx4YxndyPjxU1kh1SQkgQUjPTZ
kwpHvACgSs5LdW6gtrCyfvwCAwo9NA==
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIFYwoBAKCCBVwwggVYBgkrBgEFBQcwAQEEggVJMIIFRTCBkaIWBBQRh5cBkSKm
O+LM9jBZlxTyS9iH7RgPMjAxNzA2MjQwNzUyMjJaMGYwZDA8MAkGBSsOAwIaBQAE
FGqSeTZ1MXHhjGd3I+PFTWSHVJCSBBSM9NmTCke8AKBKzkt1bqC2sLJ+/AIDCj00
gAAYDzIwMTcwNjI0MDc1MjIyWqARGA8yMDE3MDcwMTA3NTIyMlowDQYJKoZIhvcN
AQEFBQADggEBAKlYXKVjHk+1wVWg5xBHk1Vt1KTR/O2/ZESDVykP/BHRczkuRCx4
TZJMoDqgQIilr+unEmzBn69od2glckkPHW9PGIWrmyO5sBj4h2PDPbuvaqeWokdI
z4rPYRw+A7BNJKNmFBd+EOPD0AUO0OetYelxJFzBopeEGH80TO7+LuRbVSYJGlXU
64u0AtTTEWy+/m1bc1JXqGQSd9MGJ5ONW+8keJbTxfvEd+YsaavX8O31cJj5lh8T
0uQF3K2X07ezRAoAI9lTqX3oiRL3F3phylCKgqwpP1E3nqYNLNOgeahEcyZ1ayRY
KGyPHyi3UX53uLSxlDjwah7d2IcydMBAHOygggOZMIIDlTCCA5EwggJ5oAMCAQIC
EAEAESroCeakGD7SF8rgMyowDQYJKoZIhvcNAQELBQAwYTELMAkGA1UEBhMCVVMx
FjAUBgNVBAoTDUdlb1RydXN0IEluYy4xHTAbBgNVBAsTFERvbWFpbiBWYWxpZGF0
ZWQgU1NMMRswGQYDVQQDExJHZW9UcnVzdCBEViBTU0wgQ0EwHhcNMTcwNDI4MTkw
NDEwWhcNMTgwNTIyMTkwNDEwWjApMScwJQYDVQQDEx5HZW9UcnVzdCBEViBTU0wg
T0NTUCBSZXNwb25kZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCt
gyWJoKLo2EpQRGFz/LIhMO8QxXcV94Wqrvn3zIRYc0aDDI+DF9QBJDVK2aUNZEzx
TCgh0yZ7d9hJdAmFF068k0Kk7v151eogl1MCtJpM5j8Qx+ARMp3aqa7cOkJ7+QRQ
3PqvoDa2PtciYGk7d54PvoR9e8BMGJXPvE2+YyXUsGj2M8r6fAHVHerEip0B3gik
LOtg3qTcWRIG6tcf0sxSijRqrAIS0kCMSfs/C5t8122+HHnAj3ZRr6sWzRvETKJf
EDivB8v1lUhc9UHYo67P0VGbO2xXpp15XmgQ27GnJIcThCoU9tP+7vu4W/LsuPda
WK1u+Z5O3qNkEARV5yy9AgMBAAGjfTB7MB8GA1UdIwQYMBaAFIz02ZMKR7wAoErO
S3VuoLawsn78MA8GCSsGAQUFBzABBQQCBQAwEwYDVR0lBAwwCgYIKwYBBQUHAwkw
DgYDVR0PAQH/BAQDAgeAMCIGA1UdEQQbMBmkFzAVMRMwEQYDVQQDEwpUR1YtT0ZG
LTk1MA0GCSqGSIb3DQEBCwUAA4IBAQAeigm3uXfiHeWx9YWUBW8B37HkAFYvdSPs
EGwtpRig42qFJk+L1mriWQVmHpcMWF/RgndMHWLNg3wGerbYmYhjheDybQhzqDu1
yq1YrmAFuKbG09v+6oj32lxp2i+iIsdUWHcY9tPy8XNPNvbCDp5ANxn7Fm8em1Sa
ZEBzBLdxk1n0qgkDN1dCy1zoARlnx2N3rVZhlKc0iKvzIF+0rYvU8VbKKy6ZD8aV
TQlDCTzVpWd1RqszCwUKY9iOrhrPvCXDSPB21n7cXAc1Hwt6a5bpBYtbspIn6yzD
ntjjzwysY8uQHDgud9chDJ5BV0/j3GVHGy3JEf+eMpqdkmbXDKtJ
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIDkTCCAnmgAwIBAgIQAQARKugJ5qQYPtIXyuAzKjANBgkqhkiG9w0BAQsFADBh
MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEdMBsGA1UECxMU
RG9tYWluIFZhbGlkYXRlZCBTU0wxGzAZBgNVBAMTEkdlb1RydXN0IERWIFNTTCBD
QTAeFw0xNzA0MjgxOTA0MTBaFw0xODA1MjIxOTA0MTBaMCkxJzAlBgNVBAMTHkdl
b1RydXN0IERWIFNTTCBPQ1NQIFJlc3BvbmRlcjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAK2DJYmgoujYSlBEYXP8siEw7xDFdxX3haqu+ffMhFhzRoMM
j4MX1AEkNUrZpQ1kTPFMKCHTJnt32El0CYUXTryTQqTu/XnV6iCXUwK0mkzmPxDH
4BEyndqprtw6Qnv5BFDc+q+gNrY+1yJgaTt3ng++hH17wEwYlc+8Tb5jJdSwaPYz
yvp8AdUd6sSKnQHeCKQs62DepNxZEgbq1x/SzFKKNGqsAhLSQIxJ+z8Lm3zXbb4c
ecCPdlGvqxbNG8RMol8QOK8Hy/WVSFz1Qdijrs/RUZs7bFemnXleaBDbsackhxOE
KhT20/7u+7hb8uy491pYrW75nk7eo2QQBFXnLL0CAwEAAaN9MHswHwYDVR0jBBgw
FoAUjPTZkwpHvACgSs5LdW6gtrCyfvwwDwYJKwYBBQUHMAEFBAIFADATBgNVHSUE
DDAKBggrBgEFBQcDCTAOBgNVHQ8BAf8EBAMCB4AwIgYDVR0RBBswGaQXMBUxEzAR
BgNVBAMTClRHVi1PRkYtOTUwDQYJKoZIhvcNAQELBQADggEBAB6KCbe5d+Id5bH1
hZQFbwHfseQAVi91I+wQbC2lGKDjaoUmT4vWauJZBWYelwxYX9GCd0wdYs2DfAZ6
ttiZiGOF4PJtCHOoO7XKrViuYAW4psbT2/7qiPfaXGnaL6Iix1RYdxj20/Lxc082
9sIOnkA3GfsWbx6bVJpkQHMEt3GTWfSqCQM3V0LLXOgBGWfHY3etVmGUpzSIq/Mg
X7Sti9TxVsorLpkPxpVNCUMJPNWlZ3VGqzMLBQpj2I6uGs+8JcNI8HbWftxcBzUf
C3prlukFi1uykifrLMOe2OPPDKxjy5AcOC531yEMnkFXT+PcZUcbLckR/54ymp2S
ZtcMq0k=
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [max-age=366132, public, no-transform, must-revalidate]
Content-Length: [1383]
Content-Transfer-Encoding: [binary]
Content-Type: [application/ocsp-response]
Date: [Tue, 27 Jun 2017 02:10:10 GMT]
Expires: [Sat, 1 Jul 2017 07:52:22 GMT]
Last-Modified: [Sat, 24 Jun 2017 07:52:22 GMT]
Server: [nginx/1.10.2]
X-Cache: [TCP_MISS from a23-215-131-86.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (-)]
  • OCSP requests is smaller than 255 bytes
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • OCSP response is valid for at least 8 hours (Microsoft)
  • OCSP response is available at least 8 hours before the current period expires or at ½ the validity if valid for more than 16 hours (Microsoft)
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

GeoTrust DV SSL CA (CA Certificate)

Certificate details for GeoTrust DV SSL CA (At position 1 in certificate chain)
Serial number:
hex: 236d2
int: 145106
Issued by: GeoTrust Global CA
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: GeoTrust Inc.
Organization unit: Domain Validated SSL
Country: US
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

Certificate Revocation List (CRL)

This CRL was cached at
http://crl.geotrust.com/crls/gtglobal.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://crl.geotrust.com/crls/gtglobal.crl
Size: 665 bytes (DER data)
Response time: 7.037573ms
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 12

Relevant server response headers

Date:
Last Modified:

Server and network information

Server Software: Apache
Content Delivery Network (CDN): Akamai
Cache Information: TCP_MEM_HIT from a23-215-131-111.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (-)

Raw CRL response headers

Accept-Ranges: [bytes]
Content-Type: [application/pkix-crl]
Date: [Tue, 27 Jun 2017 02:10:10 GMT]
Etag: ["a42c482f90c2ce53466ecf223bc477d3:1498447818"]
Last-Modified: [Mon, 26 Jun 2017 03:30:18 GMT]
Server: [Apache]
Vary: [Accept-Encoding]
X-Cache: [TCP_MEM_HIT from a23-215-131-111.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (-)]
  • Content-Type in response is set to 'application/pkix-crl (RFC 5280, section 4.2.1.13)'
  • This CRL file is DER encoded
  • Issuer field is byte-for-byte equivalent with issuers subject
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is not the same as ThisUpdate (RFC 5019, section 6.2)
  • Expires cache header not set (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://ocsp.geotrust.com (GET)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp.geotrust.com (GET)
Size: 1377 bytes (DER data)
Response time: 7.309542ms
Signature algorithm: SHA1WithRSA
Signature type: CA Delegated
Signed by: GeoTrust Global CA TGV OCSP Responder 5
Issued by: GeoTrust Global CA
Signing certificate validity: 2016-12-08 - 2017-12-14
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 115h36m20s

Server and network information

Server Software: nginx/1.10.2
Content Delivery Network (CDN): Akamai
Cache Information: TCP_MEM_HIT from a23-215-131-86.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (-)

URL used for GET request

http://ocsp.geotrust.com/MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkqw0GRtsnCuD5V8sCXEROgByACAwI20g%3D%3D

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkq
w0GRtsnCuD5V8sCXEROgByACAwI20g==
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIFXQoBAKCCBVYwggVSBgkrBgEFBQcwAQEEggVDMIIFPzCBkaIWBBRW5FQnU+as
qXGB3YYiHprkenLEKhgPMjAxNzA2MjQyMTQyMjBaMGYwZDA8MAkGBSsOAwIaBQAE
FLG0OReQFreXeVAR8WC51KI82+3uBBQA+SrDQZG2ycK4PlXywJcRE6AHIAIDAjbS
gAAYDzIwMTcwNjI0MjE0MjIwWqARGA8yMDE3MDcwMTIxNDIyMFowDQYJKoZIhvcN
AQEFBQADggEBAGpCz/DnX32rfS7XLSMrNFjMwpbPmfxOtDY0C5mcow+pTwd7NY+P
NpLMfj7sESTHvrmoBAp+YG4huwimDoOVTTDvNd7rzwmXNj8d5qRalLxaa8MP1aKn
aDZvlPbnIOOmgXaLsacCSj9hYmFlaRU9N6piqyK9Tpmt00dYmdSfcD/f8hEEAkR1
gFoJ9El12XAjhD8DL5RE8GEdZ5dMTaL9soggrXpT3n0txGKwq5EAKiv2Wm4oHAiD
C1JCw2EMUEr03RJ4vAc/CKfbhENQge0MrfW209H8Ov+SUvnU2rnGPFFcU26WGYO4
22JbChTlk0HKUhg8nXX9m6T1OdyQQeCvBYSgggOTMIIDjzCCA4swggJzoAMCAQIC
EAEAAI8cK5YV9Xm5GF4OwmcwDQYJKoZIhvcNAQELBQAwQjELMAkGA1UEBhMCVVMx
FjAUBgNVBAoTDUdlb1RydXN0IEluYy4xGzAZBgNVBAMTEkdlb1RydXN0IEdsb2Jh
bCBDQTAeFw0xNjEyMDgxMTI1MzVaFw0xNzEyMTQxMTI1MzVaMDIxMDAuBgNVBAMT
J0dlb1RydXN0IEdsb2JhbCBDQSBUR1YgT0NTUCBSZXNwb25kZXIgNTCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBAKbsx72ex4lTCJDy3iHAy47zLOB03z8E
ucSDZIQMjk1A5aZfqz0MU5HHLOsi76EQo6uYR2R2rl9jgQ1EMbe0TidFyTrhse63
rmEyzQusz7sEjnsvckT7K/9j6DLmlFB/6oEhAgwfCONYbrDOfQHBCtd7e+x6STm0
WeKCF4/QqS+C5ZTUEzsNjhcAqeAMZnWEoyyJ6OpCiF9vDblCGa9nlh3SwW+nxKTq
qqiMlz9ZXN8//IHrectIKszEXXlpvtr4wJAz0KrUDfENqEbKNouP0fv1Ueno5Z7t
ue3CnHtCF+QxOQXDS3rKrQJcesKMrFC9+M5frbQuLSGz9ee/xCfnWW0CAwEAAaOB
jDCBiTAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1luMrMTjAPBgkrBgEFBQcw
AQUEAgUAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA4GA1UdDwEB/wQEAwIHgDAMBgNV
HRMBAf8EAjAAMCIGA1UdEQQbMBmkFzAVMRMwEQYDVQQDEwpUR1YtT0ZGLTU3MA0G
CSqGSIb3DQEBCwUAA4IBAQAEbWTM2eKR1XlWe9ui17q87Hk6NYXKQGwj/ss1ue8Q
1cnoA2/Mo1gG1Q/8LHJ97vK5yw65afq8M5mPbxdl/57jZTUF1kDmgEgvUde3O+h2
ZLIHPx1q2W2WDLT2ltYvaHaNr0Hnkb8MCQ27Z728Fsn5+Ilh/bDoA+NHEqlcfycq
oGKksT60iqnogUz/WZNUbzzBQD6NlpomMZUTOcF3/5L3Fe1OKkF1nGXW2QTW/mLZ
5Eviy4ZQTzQ34koPA5qC1nsWQ1zOE57jR8IJMC+mYQdFb71gehA8O0lB7fL6Kysj
zycnBkNHgJ9LQDd67gQ30FxfmbAnHV1xxWakX8lXTvIf
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIDizCCAnOgAwIBAgIQAQAAjxwrlhX1ebkYXg7CZzANBgkqhkiG9w0BAQsFADBC
MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMS
R2VvVHJ1c3QgR2xvYmFsIENBMB4XDTE2MTIwODExMjUzNVoXDTE3MTIxNDExMjUz
NVowMjEwMC4GA1UEAxMnR2VvVHJ1c3QgR2xvYmFsIENBIFRHViBPQ1NQIFJlc3Bv
bmRlciA1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApuzHvZ7HiVMI
kPLeIcDLjvMs4HTfPwS5xINkhAyOTUDlpl+rPQxTkccs6yLvoRCjq5hHZHauX2OB
DUQxt7ROJ0XJOuGx7reuYTLNC6zPuwSOey9yRPsr/2PoMuaUUH/qgSECDB8I41hu
sM59AcEK13t77HpJObRZ4oIXj9CpL4LllNQTOw2OFwCp4AxmdYSjLIno6kKIX28N
uUIZr2eWHdLBb6fEpOqqqIyXP1lc3z/8get5y0gqzMRdeWm+2vjAkDPQqtQN8Q2o
Rso2i4/R+/VR6ejlnu257cKce0IX5DE5BcNLesqtAlx6woysUL34zl+ttC4tIbP1
57/EJ+dZbQIDAQABo4GMMIGJMB8GA1UdIwQYMBaAFMB6mGiNifurBWQMEX2qfWW4
ysxOMA8GCSsGAQUFBzABBQQCBQAwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDgYDVR0P
AQH/BAQDAgeAMAwGA1UdEwEB/wQCMAAwIgYDVR0RBBswGaQXMBUxEzARBgNVBAMT
ClRHVi1PRkYtNTcwDQYJKoZIhvcNAQELBQADggEBAARtZMzZ4pHVeVZ726LXurzs
eTo1hcpAbCP+yzW57xDVyegDb8yjWAbVD/wscn3u8rnLDrlp+rwzmY9vF2X/nuNl
NQXWQOaASC9R17c76HZksgc/HWrZbZYMtPaW1i9odo2vQeeRvwwJDbtnvbwWyfn4
iWH9sOgD40cSqVx/JyqgYqSxPrSKqeiBTP9Zk1RvPMFAPo2WmiYxlRM5wXf/kvcV
7U4qQXWcZdbZBNb+YtnkS+LLhlBPNDfiSg8DmoLWexZDXM4TnuNHwgkwL6ZhB0Vv
vWB6EDw7SUHt8vorKyPPJycGQ0eAn0tAN3ruBDfQXF+ZsCcdXXHFZqRfyVdO8h8=
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [max-age=416180, public, no-transform, must-revalidate]
Content-Length: [1377]
Content-Transfer-Encoding: [binary]
Content-Type: [application/ocsp-response]
Date: [Tue, 27 Jun 2017 02:10:10 GMT]
Expires: [Sat, 1 Jul 2017 21:42:20 GMT]
Last-Modified: [Sat, 24 Jun 2017 21:42:20 GMT]
Server: [nginx/1.10.2]
X-Cache: [TCP_MEM_HIT from a23-215-131-86.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (-)]
  • OCSP requests is smaller than 255 bytes
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header outlives NextUpdate with 4m10s
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)
This OCSP response was cached at
http://ocsp.geotrust.com (POST)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp.geotrust.com (POST)
Size: 1377 bytes (DER data)
Response time: 39.062032ms
Signature algorithm: SHA1WithRSA
Signature type: CA Delegated
Signed by: GeoTrust Global CA TGV OCSP Responder 5
Issued by: GeoTrust Global CA
Signing certificate validity: 2016-12-08 - 2017-12-14
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 115h32m10s

Server and network information

Server Software: nginx/1.10.2
Content Delivery Network (CDN): Akamai
Cache Information: TCP_REFRESH_MISS from a23-215-131-68.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (S)

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkq
w0GRtsnCuD5V8sCXEROgByACAwI20g==
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIFXQoBAKCCBVYwggVSBgkrBgEFBQcwAQEEggVDMIIFPzCBkaIWBBRW5FQnU+as
qXGB3YYiHprkenLEKhgPMjAxNzA2MjQyMTQyMjBaMGYwZDA8MAkGBSsOAwIaBQAE
FLG0OReQFreXeVAR8WC51KI82+3uBBQA+SrDQZG2ycK4PlXywJcRE6AHIAIDAjbS
gAAYDzIwMTcwNjI0MjE0MjIwWqARGA8yMDE3MDcwMTIxNDIyMFowDQYJKoZIhvcN
AQEFBQADggEBAGpCz/DnX32rfS7XLSMrNFjMwpbPmfxOtDY0C5mcow+pTwd7NY+P
NpLMfj7sESTHvrmoBAp+YG4huwimDoOVTTDvNd7rzwmXNj8d5qRalLxaa8MP1aKn
aDZvlPbnIOOmgXaLsacCSj9hYmFlaRU9N6piqyK9Tpmt00dYmdSfcD/f8hEEAkR1
gFoJ9El12XAjhD8DL5RE8GEdZ5dMTaL9soggrXpT3n0txGKwq5EAKiv2Wm4oHAiD
C1JCw2EMUEr03RJ4vAc/CKfbhENQge0MrfW209H8Ov+SUvnU2rnGPFFcU26WGYO4
22JbChTlk0HKUhg8nXX9m6T1OdyQQeCvBYSgggOTMIIDjzCCA4swggJzoAMCAQIC
EAEAAI8cK5YV9Xm5GF4OwmcwDQYJKoZIhvcNAQELBQAwQjELMAkGA1UEBhMCVVMx
FjAUBgNVBAoTDUdlb1RydXN0IEluYy4xGzAZBgNVBAMTEkdlb1RydXN0IEdsb2Jh
bCBDQTAeFw0xNjEyMDgxMTI1MzVaFw0xNzEyMTQxMTI1MzVaMDIxMDAuBgNVBAMT
J0dlb1RydXN0IEdsb2JhbCBDQSBUR1YgT0NTUCBSZXNwb25kZXIgNTCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBAKbsx72ex4lTCJDy3iHAy47zLOB03z8E
ucSDZIQMjk1A5aZfqz0MU5HHLOsi76EQo6uYR2R2rl9jgQ1EMbe0TidFyTrhse63
rmEyzQusz7sEjnsvckT7K/9j6DLmlFB/6oEhAgwfCONYbrDOfQHBCtd7e+x6STm0
WeKCF4/QqS+C5ZTUEzsNjhcAqeAMZnWEoyyJ6OpCiF9vDblCGa9nlh3SwW+nxKTq
qqiMlz9ZXN8//IHrectIKszEXXlpvtr4wJAz0KrUDfENqEbKNouP0fv1Ueno5Z7t
ue3CnHtCF+QxOQXDS3rKrQJcesKMrFC9+M5frbQuLSGz9ee/xCfnWW0CAwEAAaOB
jDCBiTAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1luMrMTjAPBgkrBgEFBQcw
AQUEAgUAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA4GA1UdDwEB/wQEAwIHgDAMBgNV
HRMBAf8EAjAAMCIGA1UdEQQbMBmkFzAVMRMwEQYDVQQDEwpUR1YtT0ZGLTU3MA0G
CSqGSIb3DQEBCwUAA4IBAQAEbWTM2eKR1XlWe9ui17q87Hk6NYXKQGwj/ss1ue8Q
1cnoA2/Mo1gG1Q/8LHJ97vK5yw65afq8M5mPbxdl/57jZTUF1kDmgEgvUde3O+h2
ZLIHPx1q2W2WDLT2ltYvaHaNr0Hnkb8MCQ27Z728Fsn5+Ilh/bDoA+NHEqlcfycq
oGKksT60iqnogUz/WZNUbzzBQD6NlpomMZUTOcF3/5L3Fe1OKkF1nGXW2QTW/mLZ
5Eviy4ZQTzQ34koPA5qC1nsWQ1zOE57jR8IJMC+mYQdFb71gehA8O0lB7fL6Kysj
zycnBkNHgJ9LQDd67gQ30FxfmbAnHV1xxWakX8lXTvIf
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIDizCCAnOgAwIBAgIQAQAAjxwrlhX1ebkYXg7CZzANBgkqhkiG9w0BAQsFADBC
MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMS
R2VvVHJ1c3QgR2xvYmFsIENBMB4XDTE2MTIwODExMjUzNVoXDTE3MTIxNDExMjUz
NVowMjEwMC4GA1UEAxMnR2VvVHJ1c3QgR2xvYmFsIENBIFRHViBPQ1NQIFJlc3Bv
bmRlciA1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApuzHvZ7HiVMI
kPLeIcDLjvMs4HTfPwS5xINkhAyOTUDlpl+rPQxTkccs6yLvoRCjq5hHZHauX2OB
DUQxt7ROJ0XJOuGx7reuYTLNC6zPuwSOey9yRPsr/2PoMuaUUH/qgSECDB8I41hu
sM59AcEK13t77HpJObRZ4oIXj9CpL4LllNQTOw2OFwCp4AxmdYSjLIno6kKIX28N
uUIZr2eWHdLBb6fEpOqqqIyXP1lc3z/8get5y0gqzMRdeWm+2vjAkDPQqtQN8Q2o
Rso2i4/R+/VR6ejlnu257cKce0IX5DE5BcNLesqtAlx6woysUL34zl+ttC4tIbP1
57/EJ+dZbQIDAQABo4GMMIGJMB8GA1UdIwQYMBaAFMB6mGiNifurBWQMEX2qfWW4
ysxOMA8GCSsGAQUFBzABBQQCBQAwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDgYDVR0P
AQH/BAQDAgeAMAwGA1UdEwEB/wQCMAAwIgYDVR0RBBswGaQXMBUxEzARBgNVBAMT
ClRHVi1PRkYtNTcwDQYJKoZIhvcNAQELBQADggEBAARtZMzZ4pHVeVZ726LXurzs
eTo1hcpAbCP+yzW57xDVyegDb8yjWAbVD/wscn3u8rnLDrlp+rwzmY9vF2X/nuNl
NQXWQOaASC9R17c76HZksgc/HWrZbZYMtPaW1i9odo2vQeeRvwwJDbtnvbwWyfn4
iWH9sOgD40cSqVx/JyqgYqSxPrSKqeiBTP9Zk1RvPMFAPo2WmiYxlRM5wXf/kvcV
7U4qQXWcZdbZBNb+YtnkS+LLhlBPNDfiSg8DmoLWexZDXM4TnuNHwgkwL6ZhB0Vv
vWB6EDw7SUHt8vorKyPPJycGQ0eAn0tAN3ruBDfQXF+ZsCcdXXHFZqRfyVdO8h8=
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [max-age=415930, public, no-transform, must-revalidate]
Content-Length: [1377]
Content-Transfer-Encoding: [binary]
Content-Type: [application/ocsp-response]
Date: [Tue, 27 Jun 2017 02:10:10 GMT]
Expires: [Sat, 1 Jul 2017 21:42:20 GMT]
Last-Modified: [Sat, 24 Jun 2017 21:42:20 GMT]
Server: [nginx/1.10.2]
X-Cache: [TCP_REFRESH_MISS from a23-215-131-68.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (S)]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

GeoTrust Global CA (CA Certificate)

Certificate details for GeoTrust Global CA (At position 2 in certificate chain)
Serial number:
hex: 23456
int: 144470
Issued by: GeoTrust Global CA
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: GeoTrust Inc.
Country: US
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

This is a self signed certificate

Check the revocation status for another website

Created by Paul van Brouwershaven
© 2015 - 2017 Digitorus B.V.
Revoked certificates can't and should not be trusted, these certificate will cause errors like "NET::ERR_CERT_REVOKED" in browsers.