CRL & OCSP report for www.cywgr.com

www.cywgr.com

Certificate details for www.cywgr.com (At position 0 in certificate chain)
Serial number:
hex: dfdd0324717ea2976d8f60c15f0993d3
int: 297565404400339996611788290450633888723
Issued by: PositiveSSL CA 2
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization unit: Domain Control Validated
Organization unit: PositiveSSL
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

Check certificate compliance for www.cywgr.com.

Certificate Revocation List (CRL)

This CRL was cached at
http://crl.comodoca.com/PositiveSSLCA2.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://crl.comodoca.com/PositiveSSLCA2.crl
Size: 94581 bytes (DER data)
Response time: 28.391074ms
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 2650

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: cloudflare-nginx
Content Delivery Network (CDN): CloudFlare
Cache Information: HIT

Raw CRL response headers

Cache-Control: [public, max-age=14400]
Cf-Cache-Status: [HIT]
Cf-Ray: [3754de6d609618a0-EWR]
Content-Type: [application/x-pkcs7-crl]
Date: [Tue, 27 Jun 2017 02:10:15 GMT]
Etag: ["59513c0d-ecc8"]
Expires: [Tue, 27 Jun 2017 06:10:15 GMT]
Last-Modified: [Mon, 26 Jun 2017 16:53:33 GMT]
Server: [cloudflare-nginx]
Set-Cookie: [__cfduid=daf8421b41e65905268d44626ac27e1651498529415; expires=Wed, 27-Jun-18 02:10:15 GMT; path=/; domain=.comodoca.com; HttpOnly]
Vary: [Accept-Encoding]
X-Ccacdn-Mirror-Id: [dwdccacrl4]
X-Content-Type-Options: [nosniff]
X-Frame-Options: [SAMEORIGIN]
X-Xss-Protection: [1; mode=block]
  • Content-Type in response is set 'application/x-pkcs7-crl' and should be replaced with 'application/pkix-crl' (RFC 5280, section 4.2.1.13)
  • This CRL file is DER encoded
  • Issuer field is byte-for-byte equivalent with issuers subject
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than seven days old, CRLs must be updated and reissued at least every seven days (Mozilla Maintenance Policy section 3)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is not the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://ocsp.comodoca.com (GET)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp.comodoca.com (GET)
Size: 472 bytes (DER data)
Response time: 155.030017ms
Signature algorithm: SHA256WithRSA
Signature type: CA Signed
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 100h51m22s

Server and network information

Server Software: Apache

URL used for GET request

http://ocsp.comodoca.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBQCJu4vX6KBCDTazDOA5oCs6Cf2BAQUmeRAX2sUXj4F2d3TY1T8Yrj3AKwCEQDf3QMkcX6il22PYMFfCZPT

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFIwUDBOMEwwSjAJBgUrDgMCGgUABBQCJu4vX6KBCDTazDOA5oCs6Cf2BAQUmeRA
X2sUXj4F2d3TY1T8Yrj3AKwCEQDf3QMkcX6il22PYMFfCZPT
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIB1AoBAKCCAc0wggHJBgkrBgEFBQcwAQEEggG6MIIBtjCBn6IWBBSZ5EBfaxRe
PgXZ3dNjVPxiuPcArBgPMjAxNzA2MjQwNzExMzhaMHQwcjBKMAkGBSsOAwIaBQAE
FAIm7i9fooEINNrMM4DmgKzoJ/YEBBSZ5EBfaxRePgXZ3dNjVPxiuPcArAIRAN/d
AyRxfqKXbY9gwV8Jk9OAABgPMjAxNzA2MjQwNzExMzhaoBEYDzIwMTcwNzAxMDcx
MTM4WjANBgkqhkiG9w0BAQsFAAOCAQEAL/rQ+OoaU/OCDhpG/nWnCn8mUeF2g6sp
Pcx0aGiGYh06I1VqTkQgD3vmjkBBIssGhwZxlK83h1f1ogqgLEySOuE5Ak8YBaSZ
5RfoAJMDxOHyRZB4b3J4CYeB9TcKZ4D/mNmdgvV6aq2/q2J/YZxDcYN/t11UrNFW
77rsAGkziyX2vSoir7cxGYHHafZzMLncbWmRnAac6Ml9YSFiiX/vGHE2k0SAr8I/
4zia18hsL4it3F4v1nfg5dCsV+ezt7/CAyzq2JypRvo+v6NS0D+DV64U7KftTpeM
tPr8r3S5o9GNeeMF+Qy9aqwONtitLUpQsmIXlbihQhF3EC/nj4VBog==
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)


Raw OCSP response headers

Cache-Control: [max-age=363082,public,no-transform,must-revalidate]
Content-Length: [472]
Content-Type: [application/ocsp-response]
Date: [Tue, 27 Jun 2017 02:10:15 GMT]
Etag: [3FB32E709DF94D194BEB09758CACE037AACAFC1E]
Expires: [Sat, 01 Jul 2017 07:11:38 GMT]
Last-Modified: [Sat, 24 Jun 2017 07:11:38 GMT]
Server: [Apache]
X-Ocsp-Reponder-Id: [rmdccaocsp16]
  • OCSP requests is smaller than 255 bytes
  • OCSP response is valid for at least 8 hours (Microsoft)
  • OCSP response is available at least 8 hours before the current period expires or at ½ the validity if valid for more than 16 hours (Microsoft)
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)
This OCSP response was cached at
http://ocsp.comodoca.com (POST)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp.comodoca.com (POST)
Size: 472 bytes (DER data)
Response time: 179.308419ms
Signature algorithm: SHA256WithRSA
Signature type: CA Signed
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 100h51m22s

Server and network information

Server Software: Apache

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFIwUDBOMEwwSjAJBgUrDgMCGgUABBQCJu4vX6KBCDTazDOA5oCs6Cf2BAQUmeRA
X2sUXj4F2d3TY1T8Yrj3AKwCEQDf3QMkcX6il22PYMFfCZPT
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIB1AoBAKCCAc0wggHJBgkrBgEFBQcwAQEEggG6MIIBtjCBn6IWBBSZ5EBfaxRe
PgXZ3dNjVPxiuPcArBgPMjAxNzA2MjQwNzExMzhaMHQwcjBKMAkGBSsOAwIaBQAE
FAIm7i9fooEINNrMM4DmgKzoJ/YEBBSZ5EBfaxRePgXZ3dNjVPxiuPcArAIRAN/d
AyRxfqKXbY9gwV8Jk9OAABgPMjAxNzA2MjQwNzExMzhaoBEYDzIwMTcwNzAxMDcx
MTM4WjANBgkqhkiG9w0BAQsFAAOCAQEAL/rQ+OoaU/OCDhpG/nWnCn8mUeF2g6sp
Pcx0aGiGYh06I1VqTkQgD3vmjkBBIssGhwZxlK83h1f1ogqgLEySOuE5Ak8YBaSZ
5RfoAJMDxOHyRZB4b3J4CYeB9TcKZ4D/mNmdgvV6aq2/q2J/YZxDcYN/t11UrNFW
77rsAGkziyX2vSoir7cxGYHHafZzMLncbWmRnAac6Ml9YSFiiX/vGHE2k0SAr8I/
4zia18hsL4it3F4v1nfg5dCsV+ezt7/CAyzq2JypRvo+v6NS0D+DV64U7KftTpeM
tPr8r3S5o9GNeeMF+Qy9aqwONtitLUpQsmIXlbihQhF3EC/nj4VBog==
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)


Raw OCSP response headers

Cache-Control: [max-age=363082,public,no-transform,must-revalidate]
Content-Length: [472]
Content-Type: [application/ocsp-response]
Date: [Tue, 27 Jun 2017 02:10:15 GMT]
Etag: [3FB32E709DF94D194BEB09758CACE037AACAFC1E]
Expires: [Sat, 01 Jul 2017 07:11:38 GMT]
Last-Modified: [Sat, 24 Jun 2017 07:11:38 GMT]
Server: [Apache]
X-Ocsp-Reponder-Id: [rmdccaocsp16]
  • OCSP response is valid for at least 8 hours (Microsoft)
  • OCSP response is available at least 8 hours before the current period expires or at ½ the validity if valid for more than 16 hours (Microsoft)
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

PositiveSSL CA 2 (CA Certificate)

Certificate details for PositiveSSL CA 2 (At position 1 in certificate chain)
Serial number:
hex: 76f124681459c28d548d697c40e001b
int: 9881311591143738296581580680411873307
Issued by: AddTrust External CA Root
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: COMODO CA Limited
State / Province: Greater Manchester
Locality: Salford
Country: GB
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

Certificate Revocation List (CRL)

This CRL was cached at
http://crl.usertrust.com/AddTrustExternalCARoot.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://crl.usertrust.com/AddTrustExternalCARoot.crl
Size: 602 bytes (DER data)
Response time: 175.317759ms
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 3

Relevant server response headers

Date:
Last Modified:

Server and network information

Server Software: nginx

Raw CRL response headers

Cache-Control: [max-age=3600]
Content-Type: [application/x-pkcs7-crl]
Date: [Tue, 27 Jun 2017 02:10:15 GMT]
Etag: ["59514795-22a"]
Last-Modified: [Mon, 26 Jun 2017 17:42:45 GMT]
Server: [nginx]
X-Ccacdn-Mirror-Id: [rmdccacrl7]
X-Content-Type-Options: [nosniff]
X-Frame-Options: [SAMEORIGIN]
X-Xss-Protection: [1; mode=block]
  • Content-Type in response is set 'application/x-pkcs7-crl' and should be replaced with 'application/pkix-crl' (RFC 5280, section 4.2.1.13)
  • This CRL file is DER encoded
  • Issuer field is byte-for-byte equivalent with issuers subject
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • Expires cache header not set (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://ocsp.usertrust.com (POST)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp.usertrust.com (POST)
Size: 471 bytes (DER data)
Response time: 168.934361ms
Signature algorithm: SHA256WithRSA
Signature type: CA Signed
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 120h49m32s

Server and network information

Server Software: Apache

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2Y
ejS0Jvf6xCZU7wO94CTLVBoCEAdvEkaBRZwo1UjWl8QOABs=
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIB0woBAKCCAcwwggHIBgkrBgEFBQcwAQEEggG5MIIBtTCBnqIWBBStvZh6NLQm
9/rEJlTvA73gJMtUGhgPMjAxNzA2MjUwMzA5NDhaMHMwcTBJMAkGBSsOAwIaBQAE
FHyxZlScq9tE7mImFq30ZXv3etWUBBStvZh6NLQm9/rEJlTvA73gJMtUGgIQB28S
RoFFnCjVSNaXxA4AG4AAGA8yMDE3MDYyNTAzMDk0OFqgERgPMjAxNzA3MDIwMzA5
NDhaMA0GCSqGSIb3DQEBCwUAA4IBAQBUJOJjzHTg6ejxpX2Ks6sjK/6mqCeVGV8f
dusoVuQsEG560i87aMwaif3c4o+kXsF3N9HBj1P50G6ae0ht7toaDQ47k+6S7TJ7
lopSGazUUjvki9K6vy4BVswU/QkC8RlVe4uzcFiQL9bjGXUBlTxIasKD9WyJA5h+
QQkobB1lwxD+gOB8jO3gm76JeTFBTIjlfBnkI8yyagMESEWt3rTawZLjkTjy3Kdy
oHYv6buZwx8y55K3ui3cUnC0NVvpTxSpO0iuUg6Motf4nw4g7fY6dUlc1+L8uDUv
7UsU7Bvh4w/uTDmynxo5TYYZnKhFymHzpNgl/cSjzq5rfuL+hHjq
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)


Raw OCSP response headers

Cache-Control: [max-age=434972,public,no-transform,must-revalidate]
Content-Length: [471]
Content-Type: [application/ocsp-response]
Date: [Tue, 27 Jun 2017 02:10:15 GMT]
Etag: [39A35ED8981B5211BB41FB1144A991B7EF9D8F66]
Expires: [Sun, 02 Jul 2017 03:09:48 GMT]
Last-Modified: [Sun, 25 Jun 2017 03:09:48 GMT]
Server: [Apache]
X-Ocsp-Reponder-Id: [rmdccaocsp16]
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)
This OCSP response was cached at
http://ocsp.usertrust.com (GET)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp.usertrust.com (GET)
Size: 471 bytes (DER data)
Response time: 173.766113ms
Signature algorithm: SHA256WithRSA
Signature type: CA Signed
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 120h49m32s

Server and network information

Server Software: Apache

URL used for GET request

http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCEAdvEkaBRZwo1UjWl8QOABs%3D

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2Y
ejS0Jvf6xCZU7wO94CTLVBoCEAdvEkaBRZwo1UjWl8QOABs=
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIB0woBAKCCAcwwggHIBgkrBgEFBQcwAQEEggG5MIIBtTCBnqIWBBStvZh6NLQm
9/rEJlTvA73gJMtUGhgPMjAxNzA2MjUwMzA5NDhaMHMwcTBJMAkGBSsOAwIaBQAE
FHyxZlScq9tE7mImFq30ZXv3etWUBBStvZh6NLQm9/rEJlTvA73gJMtUGgIQB28S
RoFFnCjVSNaXxA4AG4AAGA8yMDE3MDYyNTAzMDk0OFqgERgPMjAxNzA3MDIwMzA5
NDhaMA0GCSqGSIb3DQEBCwUAA4IBAQBUJOJjzHTg6ejxpX2Ks6sjK/6mqCeVGV8f
dusoVuQsEG560i87aMwaif3c4o+kXsF3N9HBj1P50G6ae0ht7toaDQ47k+6S7TJ7
lopSGazUUjvki9K6vy4BVswU/QkC8RlVe4uzcFiQL9bjGXUBlTxIasKD9WyJA5h+
QQkobB1lwxD+gOB8jO3gm76JeTFBTIjlfBnkI8yyagMESEWt3rTawZLjkTjy3Kdy
oHYv6buZwx8y55K3ui3cUnC0NVvpTxSpO0iuUg6Motf4nw4g7fY6dUlc1+L8uDUv
7UsU7Bvh4w/uTDmynxo5TYYZnKhFymHzpNgl/cSjzq5rfuL+hHjq
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)


Raw OCSP response headers

Cache-Control: [max-age=434972,public,no-transform,must-revalidate]
Content-Length: [471]
Content-Type: [application/ocsp-response]
Date: [Tue, 27 Jun 2017 02:10:15 GMT]
Etag: [39A35ED8981B5211BB41FB1144A991B7EF9D8F66]
Expires: [Sun, 02 Jul 2017 03:09:48 GMT]
Last-Modified: [Sun, 25 Jun 2017 03:09:48 GMT]
Server: [Apache]
X-Ocsp-Reponder-Id: [rmdccaocsp16]
  • OCSP requests is smaller than 255 bytes
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

AddTrust External CA Root (CA Certificate)

Certificate details for AddTrust External CA Root (At position 2 in certificate chain)
Serial number:
hex: 1
int: 1
Issued by: AddTrust External CA Root
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: AddTrust AB
Organization unit: AddTrust External TTP Network
Country: SE
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

This is a self signed certificate

Check the revocation status for another website

Created by Paul van Brouwershaven
© 2015 - 2017 Digitorus B.V.
Revoked certificates can't and should not be trusted, these certificate will cause errors like "NET::ERR_CERT_REVOKED" in browsers.