CRL & OCSP report for deliciousrewards.leancuisine.com (Nestle USA, Inc.)

deliciousrewards.leancuisine.com

Certificate details for deliciousrewards.leancuisine.com (At position 0 in certificate chain)
Serial number:
hex: 17284afa000100000ed3
int: 109357701499657501282003
Issued by: Nestle External CA
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: Nestle USA, Inc.
Organization unit: Consumer Marketing Technologies
State / Province: CA
Locality: Glendale
Country: US
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

Check certificate compliance for deliciousrewards.leancuisine.com.

Certificate Revocation List (CRL)

This CRL was cached at
http://crl.nestle.com/Nestle%20External%20CA(1).crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://crl.nestle.com/Nestle%20External%20CA(1).crl
Size: 31273 bytes (DER data)
Response time: 24.595609ms
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 846

Relevant server response headers

Date:
Last Modified:

Server and network information

Content Delivery Network (CDN): Incapsula

Raw CRL response headers

Content-Length: [31273]
Content-Type: [application/pkix-crl]
Date: [Sat, 29 Apr 2017 21:23:45 GMT]
Etag: ["591d3232d9e1d11:0"]
Last-Modified: [Tue, 19 Jul 2016 16:18:33 GMT]
Set-Cookie: [visid_incap_866298=F5ItTOnvQeK3LK7ifdm10mEEBVkAAAAAQUIPAAAAAABQ5vFA8v9FBwPRiiEy0YST; expires=Sun, 29 Apr 2018 08:59:01 GMT; path=/; Domain=.nestle.com incap_ses_480_866298=s/8yWCpV/BqIp+xq4k2pBmEEBVkAAAAAVAOnHR1DVKdSmOZmCRB+XQ==; path=/; Domain=.nestle.com]
X-Cdn: [Incapsula]
X-Iinfo: [10-42281168-0 0CNN RT(1493501025385 0) q(0 -1 -1 0) r(0 -1)]
  • Content-Type in response is set to 'application/pkix-crl (RFC 5280, section 4.2.1.13)'
  • This CRL file is DER encoded
  • Issuer field should be byte-for-byte equivalent with issuers subject
  • Response is already valid
  • Response is not expired
  • ThisUpdate is more than seven days old, CRLs must be updated and reissued at least every seven days (Mozilla Maintenance Policy section 3)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is not the same as ThisUpdate (RFC 5019, section 6.2)
  • Expires cache header not set (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

Nestle External CA (CA Certificate)

Certificate details for Nestle External CA (At position 1 in certificate chain)
Serial number:
hex: 867a5aaff875e150cf00ba36716950
int: 698249418010185685023792530021509456
Issued by: SwissSign Gold CA - G2
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: Nestle
Organization unit: IS/IT
State / Province: Vaud
Locality: Vevey
Country: CH
  • This certificate contains a link that needs to be downloaded via LDAP
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

Certificate Revocation List (CRL)

This CRL was cached at
ldap://directory.swisssign.net/CN=5B257B96A465517EB839F3C078665EE83AE7F0EE%2CO=SwissSign%2CC=CH?certificateRevocationList?base?objectClass=cRLDistributionPoint

CRL information

Raw CRL response headers

This CRL was cached at
http://crl.swisssign.net/5B257B96A465517EB839F3C078665EE83AE7F0EE

CRL information

Source: CRL Distribution Points in Certificate
Location: http://crl.swisssign.net/5B257B96A465517EB839F3C078665EE83AE7F0EE
Size: 708 bytes (DER data)
Response time: 147.377989ms
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 0

Relevant server response headers

Date:
Expires:

Server and network information

Server Software: Google Frontend

Raw CRL response headers

Age: [120]
Cache-Control: [public, max-age=3600]
Content-Length: [708]
Content-Type: [application/pkix-crl]
Date: [Sat, 29 Apr 2017 21:21:45 GMT]
Etag: ["AJFv3Q"]
Expires: [Sat, 29 Apr 2017 22:21:45 GMT]
Server: [Google Frontend]
X-Cloud-Trace-Context: [dbe900f2ad84e3609656a20ad44230de]
  • Content-Type in response is set to 'application/pkix-crl (RFC 5280, section 4.2.1.13)'
  • This CRL file is DER encoded
  • Issuer field is byte-for-byte equivalent with issuers subject
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified cache header not set (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is not the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://gold-root-g2.ocsp.swisssign.net/5B257B96A465517EB839F3C078665EE83AE7F0EE (GET)Revoked

OCSP response information

Source: Authority Information Access in Certificate
Location: http://gold-root-g2.ocsp.swisssign.net/5B257B96A465517EB839F3C078665EE83AE7F0EE (GET)
Size: 1749 bytes (DER data)
Response time: 440.496564ms
Signature algorithm: SHA1WithRSA
Signature type: CA Deligated
Signed by: OCSP Responder SwissSign Gold CA - G2
Issued by: SwissSign Gold CA - G2
Signing certificate validity: 2012-06-21 - 2027-06-21
Signing certificate algorithm: SHA1-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Revoked

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 13h55m46s

Server and network information

Server Software: Apache

URL used for GET request

http:/5B257B96A465517EB839F3C078665EE83AE7F0EE/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRWLiSVGpdkcjxkcyWacgNWnI4uogQUWyV7lqRlUX64OfPAeGZe6Drn8O4CEACGelqv%2BHXhUM8AujZxaVA%3D

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFEwTzBNMEswSTAJBgUrDgMCGgUABBRWLiSVGpdkcjxkcyWacgNWnI4uogQUWyV7
lqRlUX64OfPAeGZe6Drn8O4CEACGelqv+HXhUM8AujZxaVA=
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIG0QoBAKCCBsowggbGBgkrBgEFBQcwAQEEgga3MIIGszCB9qFWMFQxCzAJBgNV
BAYTAkNIMRUwEwYDVQQKEwxTd2lzc1NpZ24gQUcxLjAsBgNVBAMTJU9DU1AgUmVz
cG9uZGVyIFN3aXNzU2lnbiBHb2xkIENBIC0gRzIYDzIwMTcwNDI5MjEyMzQ1WjCB
ijCBhzBJMAkGBSsOAwIaBQAEFFYuJJUal2RyPGRzJZpyA1acji6iBBRbJXuWpGVR
frg588B4Zl7oOufw7gIQAIZ6Wq/4deFQzwC6NnFpUKEWGA8yMDE3MDMwMTA2NDQ1
NlqgAwoBABgPMjAxNzA0MjkxMTE5MzNaoBEYDzIwMTcwNDMwMTExOTMzWjANBgkq
hkiG9w0BAQUFAAOCAQEAJcql6u5WqVuDGcvnzKLUAYGKhiCCiDObfXenNARkJvhQ
Tv0eaDz4zri2NB6RYrvodT6Yz5X4Hb9bZm78PwNpyneMuEayykQ2zEL0yr33ZbjY
iPv1C7mTaBDsQUnEogmz7Z6sTI6/yumgr7ws/nBRhTzQYpFu3HEifkDLG/Nyky39
mlkp/Pb8PdWtNlm2T5OIZVguihz+S2HCOBNGV297/b9R01ASHv0otCcurFyv3Gyr
dpj+A3+Slt8X6NbbDWvQT4wqmrRGIPQR8Y5wIFhk4AZMa80YMOCseJ+LIL+hXngl
taug5tHgOpvhL6Qt/dKfUMEstAf/mIl1JM7PsYQCZKCCBKIwggSeMIIEmjCCAoKg
AwIBAgIPHVIlN47/ewXyHOzFJpg3MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYT
AkNIMRUwEwYDVQQKEwxTd2lzc1NpZ24gQUcxHzAdBgNVBAMTFlN3aXNzU2lnbiBH
b2xkIENBIC0gRzIwHhcNMTIwNjIxMDcyMTA3WhcNMjcwNjIxMDcyMTA3WjBUMQsw
CQYDVQQGEwJDSDEVMBMGA1UEChMMU3dpc3NTaWduIEFHMS4wLAYDVQQDEyVPQ1NQ
IFJlc3BvbmRlciBTd2lzc1NpZ24gR29sZCBDQSAtIEcyMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEAvstDB/vK48l1pqEEePMD6Bkn6VP1HnLwUFmPGzQe
hqWgY+j8GOtNXb3XWMq/li3xSsPqgGgoIKYFbvxGoubwa9LsNJ48SxECri2p6aYx
X+Ojz2vNqD8/8rT92VHgoTAAKbKqLYqBN7oDBfgteFbLSC9JDgJ0W+sConmFJiZt
ncSzVGUF1N+3vNDQgBlHokNFavi2QbI+5aMF7vxyDmQ+dWKAto5rsgt4/fAfWVja
dk9G/5YtQfe6M2IqUFKkbjE1IH5Tr/MmG5+YM663ufx15KIoALysM9cj5qTLBaVj
YfZVAf4JDwhXFWoWCidV+LeL21kffT8Gd1AFo+fR/b8F3QIDAQABo3gwdjAOBgNV
HQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwkwHQYDVR0OBBYEFJU/Np6n
dgkaJyJH2mg8yYHyQFaFMB8GA1UdIwQYMBaAFFsle5akZVF+uDnzwHhmXug65/Du
MA8GCSsGAQUFBzABBQQCBQAwDQYJKoZIhvcNAQEFBQADggIBAA+8zkag01A3xI5P
v3ww7I3RCCzIbOALFrOZkgOQHPOsv33RlAT955BHLaMAUNf4IvtxfPOppBBW6uCd
VCoDUovSfBnQAMX94e1rDhJCVhtHmegX8XfKq9JnvPfABsYXn3Jqznvkob+HeEEn
xdtpec4oiif4bWfnAjwCQV1FyTdkf13Xqv0IMnCvZ1Fjc0/+AHny5lQhiFpy4aGR
6e+WqmyKxdMmQ48TJ4yitKUUWTH9Oc2KtXVynWujwH5Sab2wdyFwJlB3T8cTOiir
U4H1RlpIdb+dpt2QwI4ARHr4i7mKM05fkTqwJUkOJET8C+6c0SuB4gbf6JPMzeS1
SP14kWddqFEb3HwGmjXkmTbI7Uzn89r35ya5ywyG//Og6Sx7LZ7PL2X+KSkRj4si
W/jWfRFpdIwVo1CyGc71kuwIZEr/0mozmFIWL7xtZcxxG/kxe/4gVrFL2phd6ixo
ht46A28F8RRVmRzSHGFY2SbNDQfE7scgasRM9QvEmBy5hecHUDmPrXgAVeeYgIKh
pMhbHzOIddA0bg8aEjy2L4mF220DSRsHKoLPo6UsZEdmmCUVqVId/4SicDnzLxgr
PEX0mdHHy6HJbPpYdRrSJU8y9ppFlWPr9WtVdTGoWyors5qZPQqelLmhAO/kv66c
KxVwOjlN7ieF8kqJjo711tEWceDO
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIEmjCCAoKgAwIBAgIPHVIlN47/ewXyHOzFJpg3MA0GCSqGSIb3DQEBBQUAMEUx
CzAJBgNVBAYTAkNIMRUwEwYDVQQKEwxTd2lzc1NpZ24gQUcxHzAdBgNVBAMTFlN3
aXNzU2lnbiBHb2xkIENBIC0gRzIwHhcNMTIwNjIxMDcyMTA3WhcNMjcwNjIxMDcy
MTA3WjBUMQswCQYDVQQGEwJDSDEVMBMGA1UEChMMU3dpc3NTaWduIEFHMS4wLAYD
VQQDEyVPQ1NQIFJlc3BvbmRlciBTd2lzc1NpZ24gR29sZCBDQSAtIEcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvstDB/vK48l1pqEEePMD6Bkn6VP1
HnLwUFmPGzQehqWgY+j8GOtNXb3XWMq/li3xSsPqgGgoIKYFbvxGoubwa9LsNJ48
SxECri2p6aYxX+Ojz2vNqD8/8rT92VHgoTAAKbKqLYqBN7oDBfgteFbLSC9JDgJ0
W+sConmFJiZtncSzVGUF1N+3vNDQgBlHokNFavi2QbI+5aMF7vxyDmQ+dWKAto5r
sgt4/fAfWVjadk9G/5YtQfe6M2IqUFKkbjE1IH5Tr/MmG5+YM663ufx15KIoALys
M9cj5qTLBaVjYfZVAf4JDwhXFWoWCidV+LeL21kffT8Gd1AFo+fR/b8F3QIDAQAB
o3gwdjAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwkwHQYDVR0O
BBYEFJU/Np6ndgkaJyJH2mg8yYHyQFaFMB8GA1UdIwQYMBaAFFsle5akZVF+uDnz
wHhmXug65/DuMA8GCSsGAQUFBzABBQQCBQAwDQYJKoZIhvcNAQEFBQADggIBAA+8
zkag01A3xI5Pv3ww7I3RCCzIbOALFrOZkgOQHPOsv33RlAT955BHLaMAUNf4Ivtx
fPOppBBW6uCdVCoDUovSfBnQAMX94e1rDhJCVhtHmegX8XfKq9JnvPfABsYXn3Jq
znvkob+HeEEnxdtpec4oiif4bWfnAjwCQV1FyTdkf13Xqv0IMnCvZ1Fjc0/+AHny
5lQhiFpy4aGR6e+WqmyKxdMmQ48TJ4yitKUUWTH9Oc2KtXVynWujwH5Sab2wdyFw
JlB3T8cTOiirU4H1RlpIdb+dpt2QwI4ARHr4i7mKM05fkTqwJUkOJET8C+6c0SuB
4gbf6JPMzeS1SP14kWddqFEb3HwGmjXkmTbI7Uzn89r35ya5ywyG//Og6Sx7LZ7P
L2X+KSkRj4siW/jWfRFpdIwVo1CyGc71kuwIZEr/0mozmFIWL7xtZcxxG/kxe/4g
VrFL2phd6ixoht46A28F8RRVmRzSHGFY2SbNDQfE7scgasRM9QvEmBy5hecHUDmP
rXgAVeeYgIKhpMhbHzOIddA0bg8aEjy2L4mF220DSRsHKoLPo6UsZEdmmCUVqVId
/4SicDnzLxgrPEX0mdHHy6HJbPpYdRrSJU8y9ppFlWPr9WtVdTGoWyors5qZPQqe
lLmhAO/kv66cKxVwOjlN7ieF8kqJjo711tEWceDO
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [max-age=50146, public, no-transform, must-revalidate]
Content-Length: [1749]
Content-Type: [application/ocsp-response]
Date: [Sat, 29 Apr 2017 21:23:45 GMT]
Etag: ["f1868828b04ef9f1cab3aa0b94be4894f4112cde"]
Expires: [Sun, 30 Apr 2017 11:19:33 GMT]
Last-Modified: [Sat, 29 Apr 2017 11:19:33 GMT]
Server: [Apache]
Set-Cookie: [AL_SESS=ATY4I6izQ06Bj6Py01Q7!C54d6OP_Cx_RGMXMu4iPSBs7ZJBXGBPLOipPUSMn8PQQXuU; Path=/; HttpOnly]
Strict-Transport-Security: [max-age=16070400]
X-Content-Type-Options: [nosniff]
X-Frame-Options: [SAMEORIGIN]
X-Xss-Protection: [1; mode=block]
  • OCSP requests is smaller than 255 bytes
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)
This OCSP response was cached at
http://gold-root-g2.ocsp.swisssign.net/5B257B96A465517EB839F3C078665EE83AE7F0EE (POST)Revoked

OCSP response information

Source: Authority Information Access in Certificate
Location: http://gold-root-g2.ocsp.swisssign.net/5B257B96A465517EB839F3C078665EE83AE7F0EE (POST)
Size: 1749 bytes (DER data)
Response time: 440.479947ms
Signature algorithm: SHA1WithRSA
Signature type: CA Deligated
Signed by: OCSP Responder SwissSign Gold CA - G2
Issued by: SwissSign Gold CA - G2
Signing certificate validity: 2012-06-21 - 2027-06-21
Signing certificate algorithm: SHA1-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Revoked

Relevant server response headers

Date:

Server and network information

Server Software: Apache

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFEwTzBNMEswSTAJBgUrDgMCGgUABBRWLiSVGpdkcjxkcyWacgNWnI4uogQUWyV7
lqRlUX64OfPAeGZe6Drn8O4CEACGelqv+HXhUM8AujZxaVA=
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIG0QoBAKCCBsowggbGBgkrBgEFBQcwAQEEgga3MIIGszCB9qFWMFQxCzAJBgNV
BAYTAkNIMRUwEwYDVQQKEwxTd2lzc1NpZ24gQUcxLjAsBgNVBAMTJU9DU1AgUmVz
cG9uZGVyIFN3aXNzU2lnbiBHb2xkIENBIC0gRzIYDzIwMTcwNDI5MjEyMzQ1WjCB
ijCBhzBJMAkGBSsOAwIaBQAEFFYuJJUal2RyPGRzJZpyA1acji6iBBRbJXuWpGVR
frg588B4Zl7oOufw7gIQAIZ6Wq/4deFQzwC6NnFpUKEWGA8yMDE3MDMwMTA2NDQ1
NlqgAwoBABgPMjAxNzA0MjkxMTE5MzNaoBEYDzIwMTcwNDMwMTExOTMzWjANBgkq
hkiG9w0BAQUFAAOCAQEAJcql6u5WqVuDGcvnzKLUAYGKhiCCiDObfXenNARkJvhQ
Tv0eaDz4zri2NB6RYrvodT6Yz5X4Hb9bZm78PwNpyneMuEayykQ2zEL0yr33ZbjY
iPv1C7mTaBDsQUnEogmz7Z6sTI6/yumgr7ws/nBRhTzQYpFu3HEifkDLG/Nyky39
mlkp/Pb8PdWtNlm2T5OIZVguihz+S2HCOBNGV297/b9R01ASHv0otCcurFyv3Gyr
dpj+A3+Slt8X6NbbDWvQT4wqmrRGIPQR8Y5wIFhk4AZMa80YMOCseJ+LIL+hXngl
taug5tHgOpvhL6Qt/dKfUMEstAf/mIl1JM7PsYQCZKCCBKIwggSeMIIEmjCCAoKg
AwIBAgIPHVIlN47/ewXyHOzFJpg3MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYT
AkNIMRUwEwYDVQQKEwxTd2lzc1NpZ24gQUcxHzAdBgNVBAMTFlN3aXNzU2lnbiBH
b2xkIENBIC0gRzIwHhcNMTIwNjIxMDcyMTA3WhcNMjcwNjIxMDcyMTA3WjBUMQsw
CQYDVQQGEwJDSDEVMBMGA1UEChMMU3dpc3NTaWduIEFHMS4wLAYDVQQDEyVPQ1NQ
IFJlc3BvbmRlciBTd2lzc1NpZ24gR29sZCBDQSAtIEcyMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEAvstDB/vK48l1pqEEePMD6Bkn6VP1HnLwUFmPGzQe
hqWgY+j8GOtNXb3XWMq/li3xSsPqgGgoIKYFbvxGoubwa9LsNJ48SxECri2p6aYx
X+Ojz2vNqD8/8rT92VHgoTAAKbKqLYqBN7oDBfgteFbLSC9JDgJ0W+sConmFJiZt
ncSzVGUF1N+3vNDQgBlHokNFavi2QbI+5aMF7vxyDmQ+dWKAto5rsgt4/fAfWVja
dk9G/5YtQfe6M2IqUFKkbjE1IH5Tr/MmG5+YM663ufx15KIoALysM9cj5qTLBaVj
YfZVAf4JDwhXFWoWCidV+LeL21kffT8Gd1AFo+fR/b8F3QIDAQABo3gwdjAOBgNV
HQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwkwHQYDVR0OBBYEFJU/Np6n
dgkaJyJH2mg8yYHyQFaFMB8GA1UdIwQYMBaAFFsle5akZVF+uDnzwHhmXug65/Du
MA8GCSsGAQUFBzABBQQCBQAwDQYJKoZIhvcNAQEFBQADggIBAA+8zkag01A3xI5P
v3ww7I3RCCzIbOALFrOZkgOQHPOsv33RlAT955BHLaMAUNf4IvtxfPOppBBW6uCd
VCoDUovSfBnQAMX94e1rDhJCVhtHmegX8XfKq9JnvPfABsYXn3Jqznvkob+HeEEn
xdtpec4oiif4bWfnAjwCQV1FyTdkf13Xqv0IMnCvZ1Fjc0/+AHny5lQhiFpy4aGR
6e+WqmyKxdMmQ48TJ4yitKUUWTH9Oc2KtXVynWujwH5Sab2wdyFwJlB3T8cTOiir
U4H1RlpIdb+dpt2QwI4ARHr4i7mKM05fkTqwJUkOJET8C+6c0SuB4gbf6JPMzeS1
SP14kWddqFEb3HwGmjXkmTbI7Uzn89r35ya5ywyG//Og6Sx7LZ7PL2X+KSkRj4si
W/jWfRFpdIwVo1CyGc71kuwIZEr/0mozmFIWL7xtZcxxG/kxe/4gVrFL2phd6ixo
ht46A28F8RRVmRzSHGFY2SbNDQfE7scgasRM9QvEmBy5hecHUDmPrXgAVeeYgIKh
pMhbHzOIddA0bg8aEjy2L4mF220DSRsHKoLPo6UsZEdmmCUVqVId/4SicDnzLxgr
PEX0mdHHy6HJbPpYdRrSJU8y9ppFlWPr9WtVdTGoWyors5qZPQqelLmhAO/kv66c
KxVwOjlN7ieF8kqJjo711tEWceDO
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIEmjCCAoKgAwIBAgIPHVIlN47/ewXyHOzFJpg3MA0GCSqGSIb3DQEBBQUAMEUx
CzAJBgNVBAYTAkNIMRUwEwYDVQQKEwxTd2lzc1NpZ24gQUcxHzAdBgNVBAMTFlN3
aXNzU2lnbiBHb2xkIENBIC0gRzIwHhcNMTIwNjIxMDcyMTA3WhcNMjcwNjIxMDcy
MTA3WjBUMQswCQYDVQQGEwJDSDEVMBMGA1UEChMMU3dpc3NTaWduIEFHMS4wLAYD
VQQDEyVPQ1NQIFJlc3BvbmRlciBTd2lzc1NpZ24gR29sZCBDQSAtIEcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvstDB/vK48l1pqEEePMD6Bkn6VP1
HnLwUFmPGzQehqWgY+j8GOtNXb3XWMq/li3xSsPqgGgoIKYFbvxGoubwa9LsNJ48
SxECri2p6aYxX+Ojz2vNqD8/8rT92VHgoTAAKbKqLYqBN7oDBfgteFbLSC9JDgJ0
W+sConmFJiZtncSzVGUF1N+3vNDQgBlHokNFavi2QbI+5aMF7vxyDmQ+dWKAto5r
sgt4/fAfWVjadk9G/5YtQfe6M2IqUFKkbjE1IH5Tr/MmG5+YM663ufx15KIoALys
M9cj5qTLBaVjYfZVAf4JDwhXFWoWCidV+LeL21kffT8Gd1AFo+fR/b8F3QIDAQAB
o3gwdjAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwkwHQYDVR0O
BBYEFJU/Np6ndgkaJyJH2mg8yYHyQFaFMB8GA1UdIwQYMBaAFFsle5akZVF+uDnz
wHhmXug65/DuMA8GCSsGAQUFBzABBQQCBQAwDQYJKoZIhvcNAQEFBQADggIBAA+8
zkag01A3xI5Pv3ww7I3RCCzIbOALFrOZkgOQHPOsv33RlAT955BHLaMAUNf4Ivtx
fPOppBBW6uCdVCoDUovSfBnQAMX94e1rDhJCVhtHmegX8XfKq9JnvPfABsYXn3Jq
znvkob+HeEEnxdtpec4oiif4bWfnAjwCQV1FyTdkf13Xqv0IMnCvZ1Fjc0/+AHny
5lQhiFpy4aGR6e+WqmyKxdMmQ48TJ4yitKUUWTH9Oc2KtXVynWujwH5Sab2wdyFw
JlB3T8cTOiirU4H1RlpIdb+dpt2QwI4ARHr4i7mKM05fkTqwJUkOJET8C+6c0SuB
4gbf6JPMzeS1SP14kWddqFEb3HwGmjXkmTbI7Uzn89r35ya5ywyG//Og6Sx7LZ7P
L2X+KSkRj4siW/jWfRFpdIwVo1CyGc71kuwIZEr/0mozmFIWL7xtZcxxG/kxe/4g
VrFL2phd6ixoht46A28F8RRVmRzSHGFY2SbNDQfE7scgasRM9QvEmBy5hecHUDmP
rXgAVeeYgIKhpMhbHzOIddA0bg8aEjy2L4mF220DSRsHKoLPo6UsZEdmmCUVqVId
/4SicDnzLxgrPEX0mdHHy6HJbPpYdRrSJU8y9ppFlWPr9WtVdTGoWyors5qZPQqe
lLmhAO/kv66cKxVwOjlN7ieF8kqJjo711tEWceDO
-----END CERTIFICATE-----

Raw OCSP response headers

Content-Length: [1749]
Content-Type: [application/ocsp-response]
Date: [Sat, 29 Apr 2017 21:23:45 GMT]
Server: [Apache]
Set-Cookie: [AL_SESS=ATn5XJqOGPueK4DXjETvMYPNuS4YjcX8uWN5DxqwqiYZIpDlqnCS8B45nyTxNVUyAWbm; Path=/; HttpOnly]
Strict-Transport-Security: [max-age=16070400]
X-Content-Type-Options: [nosniff]
X-Frame-Options: [SAMEORIGIN]
X-Xss-Protection: [1; mode=block]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified cache header not set (RFC 5019, section 6.2)
  • Expires cache header not set (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

SwissSign Gold CA - G2 (CA Certificate)

Certificate details for SwissSign Gold CA - G2 (At position 2 in certificate chain)
Serial number:
hex: bb401c43f55e4fb0
int: 13492815561806991280
Issued by: SwissSign Gold CA - G2
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: SwissSign AG
Country: CH
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

This is a self signed certificate

Check the revocation status for another website

Created by Paul van Brouwershaven
Revoked certificates can't and should not be trusted, these certificate will cause errors like "NET::ERR_CERT_REVOKED" in browsers.