CRL & OCSP report for deliciousrewards.leancuisine.com (Nestle USA, Inc.)

deliciousrewards.leancuisine.com

Certificate details for deliciousrewards.leancuisine.com (At position 0 in certificate chain)
Serial number:
hex: 17284afa000100000ed3
int: 109357701499657501282003
Issued by: Nestle External CA
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: Nestle USA, Inc.
Organization unit: Consumer Marketing Technologies
State / Province: CA
Locality: Glendale
Country: US
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

Check certificate compliance for deliciousrewards.leancuisine.com.

Certificate Revocation List (CRL)

This CRL was cached at
http://crl.nestle.com/Nestle%20External%20CA(1).crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://crl.nestle.com/Nestle%20External%20CA(1).crl
Size: 31273 bytes (DER data)
Response time: 417.251112ms
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 846

Relevant server response headers

Date:
Last Modified:

Server and network information

Content Delivery Network (CDN): Incapsula

Raw CRL response headers

Content-Length: [31273]
Content-Type: [application/pkix-crl]
Date: [Wed, 28 Jun 2017 15:55:38 GMT]
Etag: ["591d3232d9e1d11:0"]
Last-Modified: [Tue, 19 Jul 2016 16:18:33 GMT]
Set-Cookie: [visid_incap_866298=ds7uLar3RXWspdw5KS9JjHrRU1kAAAAAQUIPAAAAAABmTbpJQADDzd9KFua38tc9; expires=Thu, 28 Jun 2018 14:08:07 GMT; path=/; Domain=.nestle.com incap_ses_480_866298=kWyMei0d5zZAXRwD9U2pBnrRU1kAAAAAPQIF46eIPghRqTRkCuaseA==; path=/; Domain=.nestle.com]
X-Cdn: [Incapsula]
X-Iinfo: [5-1452153-0 0CNN RT(1498665338193 44) q(0 -1 -1 2) r(0 -1)]
  • Content-Type in response is set to 'application/pkix-crl (RFC 5280, section 4.2.1.13)'
  • This CRL file is DER encoded
  • Issuer field should be byte-for-byte equivalent with issuers subject
  • Response is already valid
  • Response is not expired
  • ThisUpdate is more than seven days old, CRLs must be updated and reissued at least every seven days (Mozilla Maintenance Policy section 3)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is not the same as ThisUpdate (RFC 5019, section 6.2)
  • Expires cache header not set (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

Nestle External CA (CA Certificate)

Certificate details for Nestle External CA (At position 1 in certificate chain)
Serial number:
hex: 867a5aaff875e150cf00ba36716950
int: 698249418010185685023792530021509456
Issued by: SwissSign Gold CA - G2
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: Nestle
Organization unit: IS/IT
State / Province: Vaud
Locality: Vevey
Country: CH
  • This certificate contains a link that needs to be downloaded via LDAP
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

Certificate Revocation List (CRL)

This CRL was cached at
ldap://directory.swisssign.net/CN=5B257B96A465517EB839F3C078665EE83AE7F0EE%2CO=SwissSign%2CC=CH?certificateRevocationList?base?objectClass=cRLDistributionPoint

CRL information

Raw CRL response headers

This CRL was cached at
http://crl.swisssign.net/5B257B96A465517EB839F3C078665EE83AE7F0EE

CRL information

Source: CRL Distribution Points in Certificate
Location: http://crl.swisssign.net/5B257B96A465517EB839F3C078665EE83AE7F0EE
Size: 814 bytes (DER data)
Response time: 99.082768ms
This update:
Next update:
Revoked at:
Revoked certificates in CRL: 3

Relevant server response headers

Date:
Expires:

Server and network information

Server Software: Google Frontend

Raw CRL response headers

Age: [2707]
Cache-Control: [public, max-age=3600]
Content-Length: [814]
Content-Type: [application/pkix-crl]
Date: [Wed, 28 Jun 2017 15:10:31 GMT]
Etag: ["IwNlpQ"]
Expires: [Wed, 28 Jun 2017 16:10:31 GMT]
Server: [Google Frontend]
X-Cloud-Trace-Context: [66fe9e6893a0ca272a1c5d83f18962a4]
  • Content-Type in response is set to 'application/pkix-crl (RFC 5280, section 4.2.1.13)'
  • This CRL file is DER encoded
  • Issuer field is byte-for-byte equivalent with issuers subject
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified cache header not set (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is not the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://gold-root-g2.ocsp.swisssign.net/5B257B96A465517EB839F3C078665EE83AE7F0EE (POST)Revoked

OCSP response information

Source: Authority Information Access in Certificate
Location: http://gold-root-g2.ocsp.swisssign.net/5B257B96A465517EB839F3C078665EE83AE7F0EE (POST)
Size: 1749 bytes (DER data)
Response time: 324.282906ms
Signature algorithm: SHA1WithRSA
Signature type: CA Delegated
Signed by: OCSP Responder SwissSign Gold CA - G2
Issued by: SwissSign Gold CA - G2
Signing certificate validity: 2012-06-21 - 2027-06-21
Signing certificate algorithm: SHA1-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Revoked

Relevant server response headers

Date:

Server and network information

Server Software: Apache

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFEwTzBNMEswSTAJBgUrDgMCGgUABBRWLiSVGpdkcjxkcyWacgNWnI4uogQUWyV7
lqRlUX64OfPAeGZe6Drn8O4CEACGelqv+HXhUM8AujZxaVA=
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIG0QoBAKCCBsowggbGBgkrBgEFBQcwAQEEgga3MIIGszCB9qFWMFQxCzAJBgNV
BAYTAkNIMRUwEwYDVQQKEwxTd2lzc1NpZ24gQUcxLjAsBgNVBAMTJU9DU1AgUmVz
cG9uZGVyIFN3aXNzU2lnbiBHb2xkIENBIC0gRzIYDzIwMTcwNjI4MTU1NTM4WjCB
ijCBhzBJMAkGBSsOAwIaBQAEFFYuJJUal2RyPGRzJZpyA1acji6iBBRbJXuWpGVR
frg588B4Zl7oOufw7gIQAIZ6Wq/4deFQzwC6NnFpUKEWGA8yMDE3MDMwMTA2NDQ1
NlqgAwoBABgPMjAxNzA2MjgwODE3MjBaoBEYDzIwMTcwNjI5MDgxNzIwWjANBgkq
hkiG9w0BAQUFAAOCAQEAHRQTNrtYsipbDcvCGyxZaQccFXs09P3z9ziFzOzvZgvN
Sja0H3WwyssNKBdXkvLwk5RdWYuSygjvrLx2PRyqgKfwkY5Uq7fRl6ffHq/nv3e1
z90obwuM7X2N+CwLAYlV1VunCRgvtCFhN5vyJXs4sK21K/gtiuNwSsGPQe8PzFiP
QjSbOSLsLsT2spMLFdoHrEvxCYn98f1ZriBeBvjOoqrC4B6C1TNj2HwLzEGdDu9c
GEnMhaw5I7FyyqVDTHfhplEjzpUbhd122mwWhWcXr1kX4uE1eKSz82CgAcrg/uBy
VoKPsc+p//TG1Dh72VXZxdlQVG/F7YTireDf9kG9K6CCBKIwggSeMIIEmjCCAoKg
AwIBAgIPHVIlN47/ewXyHOzFJpg3MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYT
AkNIMRUwEwYDVQQKEwxTd2lzc1NpZ24gQUcxHzAdBgNVBAMTFlN3aXNzU2lnbiBH
b2xkIENBIC0gRzIwHhcNMTIwNjIxMDcyMTA3WhcNMjcwNjIxMDcyMTA3WjBUMQsw
CQYDVQQGEwJDSDEVMBMGA1UEChMMU3dpc3NTaWduIEFHMS4wLAYDVQQDEyVPQ1NQ
IFJlc3BvbmRlciBTd2lzc1NpZ24gR29sZCBDQSAtIEcyMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEAvstDB/vK48l1pqEEePMD6Bkn6VP1HnLwUFmPGzQe
hqWgY+j8GOtNXb3XWMq/li3xSsPqgGgoIKYFbvxGoubwa9LsNJ48SxECri2p6aYx
X+Ojz2vNqD8/8rT92VHgoTAAKbKqLYqBN7oDBfgteFbLSC9JDgJ0W+sConmFJiZt
ncSzVGUF1N+3vNDQgBlHokNFavi2QbI+5aMF7vxyDmQ+dWKAto5rsgt4/fAfWVja
dk9G/5YtQfe6M2IqUFKkbjE1IH5Tr/MmG5+YM663ufx15KIoALysM9cj5qTLBaVj
YfZVAf4JDwhXFWoWCidV+LeL21kffT8Gd1AFo+fR/b8F3QIDAQABo3gwdjAOBgNV
HQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwkwHQYDVR0OBBYEFJU/Np6n
dgkaJyJH2mg8yYHyQFaFMB8GA1UdIwQYMBaAFFsle5akZVF+uDnzwHhmXug65/Du
MA8GCSsGAQUFBzABBQQCBQAwDQYJKoZIhvcNAQEFBQADggIBAA+8zkag01A3xI5P
v3ww7I3RCCzIbOALFrOZkgOQHPOsv33RlAT955BHLaMAUNf4IvtxfPOppBBW6uCd
VCoDUovSfBnQAMX94e1rDhJCVhtHmegX8XfKq9JnvPfABsYXn3Jqznvkob+HeEEn
xdtpec4oiif4bWfnAjwCQV1FyTdkf13Xqv0IMnCvZ1Fjc0/+AHny5lQhiFpy4aGR
6e+WqmyKxdMmQ48TJ4yitKUUWTH9Oc2KtXVynWujwH5Sab2wdyFwJlB3T8cTOiir
U4H1RlpIdb+dpt2QwI4ARHr4i7mKM05fkTqwJUkOJET8C+6c0SuB4gbf6JPMzeS1
SP14kWddqFEb3HwGmjXkmTbI7Uzn89r35ya5ywyG//Og6Sx7LZ7PL2X+KSkRj4si
W/jWfRFpdIwVo1CyGc71kuwIZEr/0mozmFIWL7xtZcxxG/kxe/4gVrFL2phd6ixo
ht46A28F8RRVmRzSHGFY2SbNDQfE7scgasRM9QvEmBy5hecHUDmPrXgAVeeYgIKh
pMhbHzOIddA0bg8aEjy2L4mF220DSRsHKoLPo6UsZEdmmCUVqVId/4SicDnzLxgr
PEX0mdHHy6HJbPpYdRrSJU8y9ppFlWPr9WtVdTGoWyors5qZPQqelLmhAO/kv66c
KxVwOjlN7ieF8kqJjo711tEWceDO
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIEmjCCAoKgAwIBAgIPHVIlN47/ewXyHOzFJpg3MA0GCSqGSIb3DQEBBQUAMEUx
CzAJBgNVBAYTAkNIMRUwEwYDVQQKEwxTd2lzc1NpZ24gQUcxHzAdBgNVBAMTFlN3
aXNzU2lnbiBHb2xkIENBIC0gRzIwHhcNMTIwNjIxMDcyMTA3WhcNMjcwNjIxMDcy
MTA3WjBUMQswCQYDVQQGEwJDSDEVMBMGA1UEChMMU3dpc3NTaWduIEFHMS4wLAYD
VQQDEyVPQ1NQIFJlc3BvbmRlciBTd2lzc1NpZ24gR29sZCBDQSAtIEcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvstDB/vK48l1pqEEePMD6Bkn6VP1
HnLwUFmPGzQehqWgY+j8GOtNXb3XWMq/li3xSsPqgGgoIKYFbvxGoubwa9LsNJ48
SxECri2p6aYxX+Ojz2vNqD8/8rT92VHgoTAAKbKqLYqBN7oDBfgteFbLSC9JDgJ0
W+sConmFJiZtncSzVGUF1N+3vNDQgBlHokNFavi2QbI+5aMF7vxyDmQ+dWKAto5r
sgt4/fAfWVjadk9G/5YtQfe6M2IqUFKkbjE1IH5Tr/MmG5+YM663ufx15KIoALys
M9cj5qTLBaVjYfZVAf4JDwhXFWoWCidV+LeL21kffT8Gd1AFo+fR/b8F3QIDAQAB
o3gwdjAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwkwHQYDVR0O
BBYEFJU/Np6ndgkaJyJH2mg8yYHyQFaFMB8GA1UdIwQYMBaAFFsle5akZVF+uDnz
wHhmXug65/DuMA8GCSsGAQUFBzABBQQCBQAwDQYJKoZIhvcNAQEFBQADggIBAA+8
zkag01A3xI5Pv3ww7I3RCCzIbOALFrOZkgOQHPOsv33RlAT955BHLaMAUNf4Ivtx
fPOppBBW6uCdVCoDUovSfBnQAMX94e1rDhJCVhtHmegX8XfKq9JnvPfABsYXn3Jq
znvkob+HeEEnxdtpec4oiif4bWfnAjwCQV1FyTdkf13Xqv0IMnCvZ1Fjc0/+AHny
5lQhiFpy4aGR6e+WqmyKxdMmQ48TJ4yitKUUWTH9Oc2KtXVynWujwH5Sab2wdyFw
JlB3T8cTOiirU4H1RlpIdb+dpt2QwI4ARHr4i7mKM05fkTqwJUkOJET8C+6c0SuB
4gbf6JPMzeS1SP14kWddqFEb3HwGmjXkmTbI7Uzn89r35ya5ywyG//Og6Sx7LZ7P
L2X+KSkRj4siW/jWfRFpdIwVo1CyGc71kuwIZEr/0mozmFIWL7xtZcxxG/kxe/4g
VrFL2phd6ixoht46A28F8RRVmRzSHGFY2SbNDQfE7scgasRM9QvEmBy5hecHUDmP
rXgAVeeYgIKhpMhbHzOIddA0bg8aEjy2L4mF220DSRsHKoLPo6UsZEdmmCUVqVId
/4SicDnzLxgrPEX0mdHHy6HJbPpYdRrSJU8y9ppFlWPr9WtVdTGoWyors5qZPQqe
lLmhAO/kv66cKxVwOjlN7ieF8kqJjo711tEWceDO
-----END CERTIFICATE-----

Raw OCSP response headers

Content-Length: [1749]
Content-Type: [application/ocsp-response]
Date: [Wed, 28 Jun 2017 15:55:36 GMT]
Server: [Apache]
Set-Cookie: [AL_SESS=AcWb2v0iW6c7GRBWwYHLBEVhBjoQtZ90OZrzPuNgPjMv1TigHASiSICBGYIlpu389Rji; Path=/; HttpOnly]
Strict-Transport-Security: [max-age=16070400]
X-Content-Type-Options: [nosniff]
X-Frame-Options: [SAMEORIGIN]
X-Xss-Protection: [1; mode=block]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified cache header not set (RFC 5019, section 6.2)
  • Expires cache header not set (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)
This OCSP response was cached at
http://gold-root-g2.ocsp.swisssign.net/5B257B96A465517EB839F3C078665EE83AE7F0EE (GET)Revoked

OCSP response information

Source: Authority Information Access in Certificate
Location: http://gold-root-g2.ocsp.swisssign.net/5B257B96A465517EB839F3C078665EE83AE7F0EE (GET)
Size: 1749 bytes (DER data)
Response time: 325.950097ms
Signature algorithm: SHA1WithRSA
Signature type: CA Delegated
Signed by: OCSP Responder SwissSign Gold CA - G2
Issued by: SwissSign Gold CA - G2
Signing certificate validity: 2012-06-21 - 2027-06-21
Signing certificate algorithm: SHA1-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Revoked

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 16h21m41s

Server and network information

Server Software: Apache

URL used for GET request

http://gold-root-g2.ocsp.swisssign.net/5B257B96A465517EB839F3C078665EE83AE7F0EE/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRWLiSVGpdkcjxkcyWacgNWnI4uogQUWyV7lqRlUX64OfPAeGZe6Drn8O4CEACGelqv%2BHXhUM8AujZxaVA%3D

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFEwTzBNMEswSTAJBgUrDgMCGgUABBRWLiSVGpdkcjxkcyWacgNWnI4uogQUWyV7
lqRlUX64OfPAeGZe6Drn8O4CEACGelqv+HXhUM8AujZxaVA=
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIG0QoBAKCCBsowggbGBgkrBgEFBQcwAQEEgga3MIIGszCB9qFWMFQxCzAJBgNV
BAYTAkNIMRUwEwYDVQQKEwxTd2lzc1NpZ24gQUcxLjAsBgNVBAMTJU9DU1AgUmVz
cG9uZGVyIFN3aXNzU2lnbiBHb2xkIENBIC0gRzIYDzIwMTcwNjI4MTU1NTM4WjCB
ijCBhzBJMAkGBSsOAwIaBQAEFFYuJJUal2RyPGRzJZpyA1acji6iBBRbJXuWpGVR
frg588B4Zl7oOufw7gIQAIZ6Wq/4deFQzwC6NnFpUKEWGA8yMDE3MDMwMTA2NDQ1
NlqgAwoBABgPMjAxNzA2MjgwODE3MjBaoBEYDzIwMTcwNjI5MDgxNzIwWjANBgkq
hkiG9w0BAQUFAAOCAQEAHRQTNrtYsipbDcvCGyxZaQccFXs09P3z9ziFzOzvZgvN
Sja0H3WwyssNKBdXkvLwk5RdWYuSygjvrLx2PRyqgKfwkY5Uq7fRl6ffHq/nv3e1
z90obwuM7X2N+CwLAYlV1VunCRgvtCFhN5vyJXs4sK21K/gtiuNwSsGPQe8PzFiP
QjSbOSLsLsT2spMLFdoHrEvxCYn98f1ZriBeBvjOoqrC4B6C1TNj2HwLzEGdDu9c
GEnMhaw5I7FyyqVDTHfhplEjzpUbhd122mwWhWcXr1kX4uE1eKSz82CgAcrg/uBy
VoKPsc+p//TG1Dh72VXZxdlQVG/F7YTireDf9kG9K6CCBKIwggSeMIIEmjCCAoKg
AwIBAgIPHVIlN47/ewXyHOzFJpg3MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYT
AkNIMRUwEwYDVQQKEwxTd2lzc1NpZ24gQUcxHzAdBgNVBAMTFlN3aXNzU2lnbiBH
b2xkIENBIC0gRzIwHhcNMTIwNjIxMDcyMTA3WhcNMjcwNjIxMDcyMTA3WjBUMQsw
CQYDVQQGEwJDSDEVMBMGA1UEChMMU3dpc3NTaWduIEFHMS4wLAYDVQQDEyVPQ1NQ
IFJlc3BvbmRlciBTd2lzc1NpZ24gR29sZCBDQSAtIEcyMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEAvstDB/vK48l1pqEEePMD6Bkn6VP1HnLwUFmPGzQe
hqWgY+j8GOtNXb3XWMq/li3xSsPqgGgoIKYFbvxGoubwa9LsNJ48SxECri2p6aYx
X+Ojz2vNqD8/8rT92VHgoTAAKbKqLYqBN7oDBfgteFbLSC9JDgJ0W+sConmFJiZt
ncSzVGUF1N+3vNDQgBlHokNFavi2QbI+5aMF7vxyDmQ+dWKAto5rsgt4/fAfWVja
dk9G/5YtQfe6M2IqUFKkbjE1IH5Tr/MmG5+YM663ufx15KIoALysM9cj5qTLBaVj
YfZVAf4JDwhXFWoWCidV+LeL21kffT8Gd1AFo+fR/b8F3QIDAQABo3gwdjAOBgNV
HQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwkwHQYDVR0OBBYEFJU/Np6n
dgkaJyJH2mg8yYHyQFaFMB8GA1UdIwQYMBaAFFsle5akZVF+uDnzwHhmXug65/Du
MA8GCSsGAQUFBzABBQQCBQAwDQYJKoZIhvcNAQEFBQADggIBAA+8zkag01A3xI5P
v3ww7I3RCCzIbOALFrOZkgOQHPOsv33RlAT955BHLaMAUNf4IvtxfPOppBBW6uCd
VCoDUovSfBnQAMX94e1rDhJCVhtHmegX8XfKq9JnvPfABsYXn3Jqznvkob+HeEEn
xdtpec4oiif4bWfnAjwCQV1FyTdkf13Xqv0IMnCvZ1Fjc0/+AHny5lQhiFpy4aGR
6e+WqmyKxdMmQ48TJ4yitKUUWTH9Oc2KtXVynWujwH5Sab2wdyFwJlB3T8cTOiir
U4H1RlpIdb+dpt2QwI4ARHr4i7mKM05fkTqwJUkOJET8C+6c0SuB4gbf6JPMzeS1
SP14kWddqFEb3HwGmjXkmTbI7Uzn89r35ya5ywyG//Og6Sx7LZ7PL2X+KSkRj4si
W/jWfRFpdIwVo1CyGc71kuwIZEr/0mozmFIWL7xtZcxxG/kxe/4gVrFL2phd6ixo
ht46A28F8RRVmRzSHGFY2SbNDQfE7scgasRM9QvEmBy5hecHUDmPrXgAVeeYgIKh
pMhbHzOIddA0bg8aEjy2L4mF220DSRsHKoLPo6UsZEdmmCUVqVId/4SicDnzLxgr
PEX0mdHHy6HJbPpYdRrSJU8y9ppFlWPr9WtVdTGoWyors5qZPQqelLmhAO/kv66c
KxVwOjlN7ieF8kqJjo711tEWceDO
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIEmjCCAoKgAwIBAgIPHVIlN47/ewXyHOzFJpg3MA0GCSqGSIb3DQEBBQUAMEUx
CzAJBgNVBAYTAkNIMRUwEwYDVQQKEwxTd2lzc1NpZ24gQUcxHzAdBgNVBAMTFlN3
aXNzU2lnbiBHb2xkIENBIC0gRzIwHhcNMTIwNjIxMDcyMTA3WhcNMjcwNjIxMDcy
MTA3WjBUMQswCQYDVQQGEwJDSDEVMBMGA1UEChMMU3dpc3NTaWduIEFHMS4wLAYD
VQQDEyVPQ1NQIFJlc3BvbmRlciBTd2lzc1NpZ24gR29sZCBDQSAtIEcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvstDB/vK48l1pqEEePMD6Bkn6VP1
HnLwUFmPGzQehqWgY+j8GOtNXb3XWMq/li3xSsPqgGgoIKYFbvxGoubwa9LsNJ48
SxECri2p6aYxX+Ojz2vNqD8/8rT92VHgoTAAKbKqLYqBN7oDBfgteFbLSC9JDgJ0
W+sConmFJiZtncSzVGUF1N+3vNDQgBlHokNFavi2QbI+5aMF7vxyDmQ+dWKAto5r
sgt4/fAfWVjadk9G/5YtQfe6M2IqUFKkbjE1IH5Tr/MmG5+YM663ufx15KIoALys
M9cj5qTLBaVjYfZVAf4JDwhXFWoWCidV+LeL21kffT8Gd1AFo+fR/b8F3QIDAQAB
o3gwdjAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwkwHQYDVR0O
BBYEFJU/Np6ndgkaJyJH2mg8yYHyQFaFMB8GA1UdIwQYMBaAFFsle5akZVF+uDnz
wHhmXug65/DuMA8GCSsGAQUFBzABBQQCBQAwDQYJKoZIhvcNAQEFBQADggIBAA+8
zkag01A3xI5Pv3ww7I3RCCzIbOALFrOZkgOQHPOsv33RlAT955BHLaMAUNf4Ivtx
fPOppBBW6uCdVCoDUovSfBnQAMX94e1rDhJCVhtHmegX8XfKq9JnvPfABsYXn3Jq
znvkob+HeEEnxdtpec4oiif4bWfnAjwCQV1FyTdkf13Xqv0IMnCvZ1Fjc0/+AHny
5lQhiFpy4aGR6e+WqmyKxdMmQ48TJ4yitKUUWTH9Oc2KtXVynWujwH5Sab2wdyFw
JlB3T8cTOiirU4H1RlpIdb+dpt2QwI4ARHr4i7mKM05fkTqwJUkOJET8C+6c0SuB
4gbf6JPMzeS1SP14kWddqFEb3HwGmjXkmTbI7Uzn89r35ya5ywyG//Og6Sx7LZ7P
L2X+KSkRj4siW/jWfRFpdIwVo1CyGc71kuwIZEr/0mozmFIWL7xtZcxxG/kxe/4g
VrFL2phd6ixoht46A28F8RRVmRzSHGFY2SbNDQfE7scgasRM9QvEmBy5hecHUDmP
rXgAVeeYgIKhpMhbHzOIddA0bg8aEjy2L4mF220DSRsHKoLPo6UsZEdmmCUVqVId
/4SicDnzLxgrPEX0mdHHy6HJbPpYdRrSJU8y9ppFlWPr9WtVdTGoWyors5qZPQqe
lLmhAO/kv66cKxVwOjlN7ieF8kqJjo711tEWceDO
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [max-age=58901, public, no-transform, must-revalidate]
Content-Length: [1749]
Content-Type: [application/ocsp-response]
Date: [Wed, 28 Jun 2017 15:55:36 GMT]
Etag: ["94d11e34d2e6cb7ca8ee857d319c6c31f20b5487"]
Expires: [Thu, 29 Jun 2017 08:17:20 GMT]
Last-Modified: [Wed, 28 Jun 2017 08:17:20 GMT]
Server: [Apache]
Set-Cookie: [AL_SESS=AdMw7hNVpFa8Mppq0kRt6CUXwJTIefJDeGM6WhSjV2L4rV3U8fENkAunQocYoQgkZdxn; Path=/; HttpOnly]
Strict-Transport-Security: [max-age=16070400]
X-Content-Type-Options: [nosniff]
X-Frame-Options: [SAMEORIGIN]
X-Xss-Protection: [1; mode=block]
  • OCSP requests is smaller than 255 bytes
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

SwissSign Gold CA - G2 (CA Certificate)

Certificate details for SwissSign Gold CA - G2 (At position 2 in certificate chain)
Serial number:
hex: bb401c43f55e4fb0
int: 13492815561806991280
Issued by: SwissSign Gold CA - G2
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: SwissSign AG
Country: CH
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

This is a self signed certificate

Check the revocation status for another website

Created by Paul van Brouwershaven
© 2015 - 2017 Digitorus B.V.
Revoked certificates can't and should not be trusted, these certificate will cause errors like "NET::ERR_CERT_REVOKED" in browsers.