CRL & OCSP report for *.trendmicro.com (Trend Micro Inc.)

*.trendmicro.com

Certificate details for *.trendmicro.com (At position 0 in certificate chain)
Serial number:
hex: 6f8b9adb679cb81f
int: 8037688227099621407
Issued by: Trend Micro CA
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: Trend Micro Inc.
State / Province: California
Locality: Cupertino
Country: US
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

Check certificate compliance for *.trendmicro.com.

Certificate Revocation List (CRL)

This CRL was cached at
http://crl.trendmicro.com/crl/trendmicroca.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://crl.trendmicro.com/crl/trendmicroca.crl
Size: 447 bytes (DER data)
Response time: 104.149928ms
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 0

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Content Delivery Network (CDN): Akamai
Cache Information: TCP_REFRESH_MISS from a23-204-138-181.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0.2-20192836) (S)

Raw CRL response headers

Accept-Ranges: [bytes]
Cache-Control: [no-cache]
Content-Length: [447]
Content-Type: [application/x-pkcs7-crl]
Date: [Wed, 28 Jun 2017 15:51:57 GMT]
Expires: [Wed, 28 Jun 2017 15:51:57 GMT]
Last-Modified: [Wed, 28 Jun 2017 10:57:04 GMT]
Pragma: [no-cache]
X-Cache: [TCP_REFRESH_MISS from a23-204-138-181.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0.2-20192836) (S)]
X-Frame-Options: [DENY]
  • Content-Type in response is set 'application/x-pkcs7-crl' and should be replaced with 'application/pkix-crl' (RFC 5280, section 4.2.1.13)
  • This CRL file is DER encoded
  • Issuer field should be byte-for-byte equivalent with issuers subject
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than seven days old, CRLs must be updated and reissued at least every seven days (Mozilla Maintenance Policy section 3)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is not the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is not the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://ocsp.trendmicro.com/tmca (POST)Server failed

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp.trendmicro.com/tmca (POST)
Size: 5 bytes (DER data)
Response time: 69.683838ms
Status: Server failed

Relevant server response headers

Date:

Server and network information

Content Delivery Network (CDN): Akamai
Cache Information: TCP_MISS from a23-215-131-63.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (-)

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTxWIodLXhftqBAApo1oPlHmcw/SgQUrTHH
+gLOZ/dlHPu6X8C7xVBMZ8gCCG+LmttnnLgf
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MAMKAQY=
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)


Raw OCSP response headers

Content-Length: [5]
Content-Transfer-Encoding: [Binary]
Content-Type: [application/ocsp-response]
Date: [Wed, 28 Jun 2017 15:51:57 GMT]
X-Cache: [TCP_MISS from a23-215-131-63.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (-)]
  • OCSP response must be valid for at least 8 hours (Microsoft)
  • OCSP response must be available at least 8 hours before the current period expires or at ½ the validity if valid for more than 16 hours (Microsoft)
  • Content-Type in response is set to 'application/ocsp-response'
  • ThisUpdate not set (RFC 5019, section 6.2)
  • Last-Modified cache header not set (RFC 5019, section 6.2)
  • NextUpdate not set (RFC 5019, section 2.2.4)
This OCSP response was cached at
http://ocsp.trendmicro.com/tmca (GET)Server failed

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp.trendmicro.com/tmca (GET)
Size: 5 bytes (DER data)
Response time: 106.106729ms
Status: Server failed

Relevant server response headers

Date:

Server and network information

Content Delivery Network (CDN): Akamai
Cache Information: TCP_MISS from a23-215-131-87.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (-)

URL used for GET request

http://ocsp.trendmicro.com/tmca/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTxWIodLXhftqBAApo1oPlHmcw%2FSgQUrTHH%2BgLOZ%2FdlHPu6X8C7xVBMZ8gCCG%2BLmttnnLgf

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTxWIodLXhftqBAApo1oPlHmcw/SgQUrTHH
+gLOZ/dlHPu6X8C7xVBMZ8gCCG+LmttnnLgf
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MAMKAQY=
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)


Raw OCSP response headers

Content-Length: [5]
Content-Transfer-Encoding: [Binary]
Content-Type: [application/ocsp-response]
Date: [Wed, 28 Jun 2017 15:51:57 GMT]
X-Cache: [TCP_MISS from a23-215-131-87.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (-)]
  • OCSP requests is smaller than 255 bytes
  • OCSP response must be valid for at least 8 hours (Microsoft)
  • OCSP response must be available at least 8 hours before the current period expires or at ½ the validity if valid for more than 16 hours (Microsoft)
  • Content-Type in response is set to 'application/ocsp-response'
  • ThisUpdate not set (RFC 5019, section 6.2)
  • Last-Modified cache header not set (RFC 5019, section 6.2)
  • NextUpdate not set (RFC 5019, section 2.2.4)

Trend Micro CA (CA Certificate)

Certificate details for Trend Micro CA (At position 1 in certificate chain)
Serial number:
hex: 3d847c1b4abb3202
int: 4432804389899153922
Issued by: AffirmTrust Networking
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: Trend Micro Inc
Country: US
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

Certificate Revocation List (CRL)

This CRL was cached at
http://crl.affirmtrust.com/crl/AffirmTrustNetworking.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://crl.affirmtrust.com/crl/AffirmTrustNetworking.crl
Size: 418 bytes (DER data)
Response time: 56.443695ms
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 0

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Content Delivery Network (CDN): Akamai
Cache Information: TCP_REFRESH_HIT from a23-204-138-166.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0.2-20192836) (S)

Raw CRL response headers

Accept-Ranges: [bytes]
Cache-Control: [no-cache]
Content-Length: [418]
Content-Type: [application/x-pkcs7-crl]
Date: [Wed, 28 Jun 2017 15:51:57 GMT]
Expires: [Wed, 28 Jun 2017 15:51:57 GMT]
Last-Modified: [Wed, 05 Apr 2017 18:05:54 GMT]
Pragma: [no-cache]
X-Cache: [TCP_REFRESH_HIT from a23-204-138-166.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0.2-20192836) (S)]
X-Frame-Options: [DENY]
  • Content-Type in response is set 'application/x-pkcs7-crl' and should be replaced with 'application/pkix-crl' (RFC 5280, section 4.2.1.13)
  • This CRL file is DER encoded
  • Issuer field should be byte-for-byte equivalent with issuers subject
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is older than ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is not the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://ocsp.trendmicro.com/ntwk (GET)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp.trendmicro.com/ntwk (GET)
Size: 1536 bytes (DER data)
Response time: 38.527932ms
Signature algorithm: SHA1WithRSA
Signature type: CA Delegated
Signed by: AffirmTrust Networking OCSP Signer
Issued by: AffirmTrust Networking
Signing certificate validity: 2017-04-10 - 2020-04-10
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 55m15s

Server and network information

Content Delivery Network (CDN): Akamai
Cache Information: TCP_MISS from a23-215-131-63.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (-)

URL used for GET request

http://ocsp.trendmicro.com/ntwk/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTDzGCRx1YDF98Dn1tKV5zEHz8o9AQUBx%2FS55zawm6iQLSwelAQUHTEyL0CCD2EfBtKuzIC

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTDzGCRx1YDF98Dn1tKV5zEHz8o9AQUBx/S
55zawm6iQLSwelAQUHTEyL0CCD2EfBtKuzIC
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIF/AoBAKCCBfUwggXxBgkrBgEFBQcwAQEEggXiMIIF3jCB0qFSMFAxCzAJBgNV
BAYTAlVTMRQwEgYDVQQKDAtBZmZpcm1UcnVzdDErMCkGA1UEAwwiQWZmaXJtVHJ1
c3QgTmV0d29ya2luZyBPQ1NQIFNpZ25lchgPMjAxNzA2MjgwODQ0MTJaMGswaTBB
MAkGBSsOAwIaBQAEFMPMYJHHVgMX3wOfW0pXnMQfPyj0BBQHH9LnnNrCbqJAtLB6
UBBQdMTIvQIIPYR8G0q7MgKAABgPMjAxNzA2MjgwODQ0MTJaoBEYDzIwMTcwNzA1
MDg0NDEyWjANBgkqhkiG9w0BAQUFAAOCAQEAbVJb/8sH8Y1wSFQYwrnsdV7Dw4jy
Y7R+ST1sK5D57jkLYSSnEnwUdgMc+uFuy89XMONtiyfHJMvwo674fPpnWsrlaRQl
UibAAwv9K7hwkIQ9iCCIqWt93DXmPDClXR+QGi8qNuUAX17F79O7fIjtkaZ4WjG+
YZMfRr93Ak7hFMZMDaT0qoFL9V1wQ1A6yQRhvgiYtXHWGPEibonLyLxaIGPS/Wss
+3ogyY8SXVf0z572O/EN9q/+M8j41s/o/kOUbkEm5PUcTjln5Et2wpx3LJY6KHxF
uQP9ESyM6C3vutk/XVDyJ8roU+8Vz4+D3r0gSyrJCjDoEctahAMFzwCOsKCCA/Ew
ggPtMIID6TCCAtGgAwIBAgIIFMMPBJCt2+0wDQYJKoZIhvcNAQELBQAwRDELMAkG
A1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZpcm1U
cnVzdCBOZXR3b3JraW5nMB4XDTE3MDQxMDE4NDIzNVoXDTIwMDQxMDE4NDIzNVow
UDELMAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MSswKQYDVQQDDCJB
ZmZpcm1UcnVzdCBOZXR3b3JraW5nIE9DU1AgU2lnbmVyMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEAzfNheb3MD89wKtDNMO59wqSCTyt7luUWYkrwrAq4
aivX5eQAtMjky+8ssFMf7SKGR82X1wOhEb76JsFGGLsYzOSQOzuOFXGyT7tDM5Yu
6E+ipwCz73MHnYv7RHMZgcX6Ue+mkFozEF2Ch2Kv1CzvUVsg0sayKV1N056Hc8mQ
/tm5fGeru1p0fEHiXEu5tn7u3JxzGmUtNVXgJl2UMix0K49is0MMThOwYfcqAqNi
zrVuhjzVO/9CMKfu5xbeEcqH+QN4Xlr7zSyq7fe+y/kAte6k+tY+/nqufDgfxpRL
57jX29zCEWsT2EiGu7aoAw0n094wzQZfrlHeoBpH2vIpIwIDAQABo4HSMIHPMB0G
A1UdDgQWBBRrSGWWfGXpJUf69nRkqhECTzu3zzAMBgNVHRMBAf8EAjAAMB8GA1Ud
IwQYMBaAFAcf0uec2sJuokC0sHpQEFB0xMi9MA8GCSsGAQUFBzABBQQCBQAwSQYD
VR0fBEIwQDA+oDygOoY4aHR0cDovL2NybC5hZmZpcm10cnVzdC5jb20vY3JsL0Fm
ZmlybVRydXN0TmV0d29ya2luZy5jcmwwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQM
MAoGCCsGAQUFBwMJMA0GCSqGSIb3DQEBCwUAA4IBAQAo3KWli74FvxM9aOjPzIVm
UEUKF1M/rBtkRyQVZBv0j8XW6JiOXwGilYEMjtYgsnPs5G7St8j6t+XhsMBF9tOX
t2oK3GPWlgfjdkrQyNkL909AMnj2TtivMbQejwlFJ3dGy/gXm/vIY+bUxglQ7eO7
A2epMR1lQezbxgz88aD+OuU5vlXSL9XfPqXWddEMCspjgOq5lpXY1HvcCWFzsL/x
5BHBX2p6SUUgaI13o39DprLjEMx5UVXajNxjSuwnXRkLlSXT3M4UpqXmEEmO14rC
gjAt3NdGclZQHYZ2zwqlbrd5dO1Po0WaBYHv3rECgBAbdoG/olEKM6yKXnVKxoTS
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIID6TCCAtGgAwIBAgIIFMMPBJCt2+0wDQYJKoZIhvcNAQELBQAwRDELMAkGA1UE
BhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVz
dCBOZXR3b3JraW5nMB4XDTE3MDQxMDE4NDIzNVoXDTIwMDQxMDE4NDIzNVowUDEL
MAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MSswKQYDVQQDDCJBZmZp
cm1UcnVzdCBOZXR3b3JraW5nIE9DU1AgU2lnbmVyMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAzfNheb3MD89wKtDNMO59wqSCTyt7luUWYkrwrAq4aivX
5eQAtMjky+8ssFMf7SKGR82X1wOhEb76JsFGGLsYzOSQOzuOFXGyT7tDM5Yu6E+i
pwCz73MHnYv7RHMZgcX6Ue+mkFozEF2Ch2Kv1CzvUVsg0sayKV1N056Hc8mQ/tm5
fGeru1p0fEHiXEu5tn7u3JxzGmUtNVXgJl2UMix0K49is0MMThOwYfcqAqNizrVu
hjzVO/9CMKfu5xbeEcqH+QN4Xlr7zSyq7fe+y/kAte6k+tY+/nqufDgfxpRL57jX
29zCEWsT2EiGu7aoAw0n094wzQZfrlHeoBpH2vIpIwIDAQABo4HSMIHPMB0GA1Ud
DgQWBBRrSGWWfGXpJUf69nRkqhECTzu3zzAMBgNVHRMBAf8EAjAAMB8GA1UdIwQY
MBaAFAcf0uec2sJuokC0sHpQEFB0xMi9MA8GCSsGAQUFBzABBQQCBQAwSQYDVR0f
BEIwQDA+oDygOoY4aHR0cDovL2NybC5hZmZpcm10cnVzdC5jb20vY3JsL0FmZmly
bVRydXN0TmV0d29ya2luZy5jcmwwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoG
CCsGAQUFBwMJMA0GCSqGSIb3DQEBCwUAA4IBAQAo3KWli74FvxM9aOjPzIVmUEUK
F1M/rBtkRyQVZBv0j8XW6JiOXwGilYEMjtYgsnPs5G7St8j6t+XhsMBF9tOXt2oK
3GPWlgfjdkrQyNkL909AMnj2TtivMbQejwlFJ3dGy/gXm/vIY+bUxglQ7eO7A2ep
MR1lQezbxgz88aD+OuU5vlXSL9XfPqXWddEMCspjgOq5lpXY1HvcCWFzsL/x5BHB
X2p6SUUgaI13o39DprLjEMx5UVXajNxjSuwnXRkLlSXT3M4UpqXmEEmO14rCgjAt
3NdGclZQHYZ2zwqlbrd5dO1Po0WaBYHv3rECgBAbdoG/olEKM6yKXnVKxoTS
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [public, no-transform, must-revalidate, max-age=3315]
Content-Length: [1536]
Content-Transfer-Encoding: [Binary]
Content-Type: [application/ocsp-response]
Date: [Wed, 28 Jun 2017 15:51:57 GMT]
Etag: ["999D874D5641ABD7DE5DD025A85AD4EC815840CC"]
Expires: [Wed, 28 Jun 2017 16:47:12 GMT]
Last-Modified: [Wed, 28 Jun 2017 08:44:12 GMT]
X-Cache: [TCP_MISS from a23-215-131-63.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (-)]
  • OCSP requests is smaller than 255 bytes
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is not the same as the NextUpdate field (RFC 5019 section 6.2)
This OCSP response was cached at
http://ocsp.trendmicro.com/ntwk (POST)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp.trendmicro.com/ntwk (POST)
Size: 1536 bytes (DER data)
Response time: 171.569862ms
Signature algorithm: SHA1WithRSA
Signature type: CA Delegated
Signed by: AffirmTrust Networking OCSP Signer
Issued by: AffirmTrust Networking
Signing certificate validity: 2017-04-10 - 2020-04-10
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 59m18s

Server and network information

Content Delivery Network (CDN): Akamai
Cache Information: TCP_MISS from a23-215-131-87.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (-)

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTDzGCRx1YDF98Dn1tKV5zEHz8o9AQUBx/S
55zawm6iQLSwelAQUHTEyL0CCD2EfBtKuzIC
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIF/AoBAKCCBfUwggXxBgkrBgEFBQcwAQEEggXiMIIF3jCB0qFSMFAxCzAJBgNV
BAYTAlVTMRQwEgYDVQQKDAtBZmZpcm1UcnVzdDErMCkGA1UEAwwiQWZmaXJtVHJ1
c3QgTmV0d29ya2luZyBPQ1NQIFNpZ25lchgPMjAxNzA2MjgwODQ0MTJaMGswaTBB
MAkGBSsOAwIaBQAEFMPMYJHHVgMX3wOfW0pXnMQfPyj0BBQHH9LnnNrCbqJAtLB6
UBBQdMTIvQIIPYR8G0q7MgKAABgPMjAxNzA2MjgwODQ0MTJaoBEYDzIwMTcwNzA1
MDg0NDEyWjANBgkqhkiG9w0BAQUFAAOCAQEAbVJb/8sH8Y1wSFQYwrnsdV7Dw4jy
Y7R+ST1sK5D57jkLYSSnEnwUdgMc+uFuy89XMONtiyfHJMvwo674fPpnWsrlaRQl
UibAAwv9K7hwkIQ9iCCIqWt93DXmPDClXR+QGi8qNuUAX17F79O7fIjtkaZ4WjG+
YZMfRr93Ak7hFMZMDaT0qoFL9V1wQ1A6yQRhvgiYtXHWGPEibonLyLxaIGPS/Wss
+3ogyY8SXVf0z572O/EN9q/+M8j41s/o/kOUbkEm5PUcTjln5Et2wpx3LJY6KHxF
uQP9ESyM6C3vutk/XVDyJ8roU+8Vz4+D3r0gSyrJCjDoEctahAMFzwCOsKCCA/Ew
ggPtMIID6TCCAtGgAwIBAgIIFMMPBJCt2+0wDQYJKoZIhvcNAQELBQAwRDELMAkG
A1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZpcm1U
cnVzdCBOZXR3b3JraW5nMB4XDTE3MDQxMDE4NDIzNVoXDTIwMDQxMDE4NDIzNVow
UDELMAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MSswKQYDVQQDDCJB
ZmZpcm1UcnVzdCBOZXR3b3JraW5nIE9DU1AgU2lnbmVyMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEAzfNheb3MD89wKtDNMO59wqSCTyt7luUWYkrwrAq4
aivX5eQAtMjky+8ssFMf7SKGR82X1wOhEb76JsFGGLsYzOSQOzuOFXGyT7tDM5Yu
6E+ipwCz73MHnYv7RHMZgcX6Ue+mkFozEF2Ch2Kv1CzvUVsg0sayKV1N056Hc8mQ
/tm5fGeru1p0fEHiXEu5tn7u3JxzGmUtNVXgJl2UMix0K49is0MMThOwYfcqAqNi
zrVuhjzVO/9CMKfu5xbeEcqH+QN4Xlr7zSyq7fe+y/kAte6k+tY+/nqufDgfxpRL
57jX29zCEWsT2EiGu7aoAw0n094wzQZfrlHeoBpH2vIpIwIDAQABo4HSMIHPMB0G
A1UdDgQWBBRrSGWWfGXpJUf69nRkqhECTzu3zzAMBgNVHRMBAf8EAjAAMB8GA1Ud
IwQYMBaAFAcf0uec2sJuokC0sHpQEFB0xMi9MA8GCSsGAQUFBzABBQQCBQAwSQYD
VR0fBEIwQDA+oDygOoY4aHR0cDovL2NybC5hZmZpcm10cnVzdC5jb20vY3JsL0Fm
ZmlybVRydXN0TmV0d29ya2luZy5jcmwwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQM
MAoGCCsGAQUFBwMJMA0GCSqGSIb3DQEBCwUAA4IBAQAo3KWli74FvxM9aOjPzIVm
UEUKF1M/rBtkRyQVZBv0j8XW6JiOXwGilYEMjtYgsnPs5G7St8j6t+XhsMBF9tOX
t2oK3GPWlgfjdkrQyNkL909AMnj2TtivMbQejwlFJ3dGy/gXm/vIY+bUxglQ7eO7
A2epMR1lQezbxgz88aD+OuU5vlXSL9XfPqXWddEMCspjgOq5lpXY1HvcCWFzsL/x
5BHBX2p6SUUgaI13o39DprLjEMx5UVXajNxjSuwnXRkLlSXT3M4UpqXmEEmO14rC
gjAt3NdGclZQHYZ2zwqlbrd5dO1Po0WaBYHv3rECgBAbdoG/olEKM6yKXnVKxoTS
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIID6TCCAtGgAwIBAgIIFMMPBJCt2+0wDQYJKoZIhvcNAQELBQAwRDELMAkGA1UE
BhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVz
dCBOZXR3b3JraW5nMB4XDTE3MDQxMDE4NDIzNVoXDTIwMDQxMDE4NDIzNVowUDEL
MAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MSswKQYDVQQDDCJBZmZp
cm1UcnVzdCBOZXR3b3JraW5nIE9DU1AgU2lnbmVyMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAzfNheb3MD89wKtDNMO59wqSCTyt7luUWYkrwrAq4aivX
5eQAtMjky+8ssFMf7SKGR82X1wOhEb76JsFGGLsYzOSQOzuOFXGyT7tDM5Yu6E+i
pwCz73MHnYv7RHMZgcX6Ue+mkFozEF2Ch2Kv1CzvUVsg0sayKV1N056Hc8mQ/tm5
fGeru1p0fEHiXEu5tn7u3JxzGmUtNVXgJl2UMix0K49is0MMThOwYfcqAqNizrVu
hjzVO/9CMKfu5xbeEcqH+QN4Xlr7zSyq7fe+y/kAte6k+tY+/nqufDgfxpRL57jX
29zCEWsT2EiGu7aoAw0n094wzQZfrlHeoBpH2vIpIwIDAQABo4HSMIHPMB0GA1Ud
DgQWBBRrSGWWfGXpJUf69nRkqhECTzu3zzAMBgNVHRMBAf8EAjAAMB8GA1UdIwQY
MBaAFAcf0uec2sJuokC0sHpQEFB0xMi9MA8GCSsGAQUFBzABBQQCBQAwSQYDVR0f
BEIwQDA+oDygOoY4aHR0cDovL2NybC5hZmZpcm10cnVzdC5jb20vY3JsL0FmZmly
bVRydXN0TmV0d29ya2luZy5jcmwwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoG
CCsGAQUFBwMJMA0GCSqGSIb3DQEBCwUAA4IBAQAo3KWli74FvxM9aOjPzIVmUEUK
F1M/rBtkRyQVZBv0j8XW6JiOXwGilYEMjtYgsnPs5G7St8j6t+XhsMBF9tOXt2oK
3GPWlgfjdkrQyNkL909AMnj2TtivMbQejwlFJ3dGy/gXm/vIY+bUxglQ7eO7A2ep
MR1lQezbxgz88aD+OuU5vlXSL9XfPqXWddEMCspjgOq5lpXY1HvcCWFzsL/x5BHB
X2p6SUUgaI13o39DprLjEMx5UVXajNxjSuwnXRkLlSXT3M4UpqXmEEmO14rCgjAt
3NdGclZQHYZ2zwqlbrd5dO1Po0WaBYHv3rECgBAbdoG/olEKM6yKXnVKxoTS
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [public, no-transform, must-revalidate, max-age=3558]
Content-Length: [1536]
Content-Transfer-Encoding: [Binary]
Content-Type: [application/ocsp-response]
Date: [Wed, 28 Jun 2017 15:51:57 GMT]
Etag: ["999D874D5641ABD7DE5DD025A85AD4EC815840CC"]
Expires: [Wed, 28 Jun 2017 16:51:15 GMT]
Last-Modified: [Wed, 28 Jun 2017 08:44:12 GMT]
X-Cache: [TCP_MISS from a23-215-131-87.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (-)]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is not the same as the NextUpdate field (RFC 5019 section 6.2)

AffirmTrust Networking (CA Certificate)

Certificate details for AffirmTrust Networking (At position 2 in certificate chain)
Serial number:
hex: 7c4f04391cd4992d
int: 8957382827206547757
Issued by: AffirmTrust Networking
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: AffirmTrust
Country: US
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

This is a self signed certificate

Check the revocation status for another website

Created by Paul van Brouwershaven
© 2015 - 2017 Digitorus B.V.
Revoked certificates can't and should not be trusted, these certificate will cause errors like "NET::ERR_CERT_REVOKED" in browsers.