CRL & OCSP report for *.trendmicro.com (Trend Micro Inc.)

*.trendmicro.com

Certificate details for *.trendmicro.com (At position 0 in certificate chain)
Serial number:
hex: 6f8b9adb679cb81f
int: 8037688227099621407
Issued by: Trend Micro CA
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: Trend Micro Inc.
State / Province: California
Locality: Cupertino
Country: US
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

Check certificate compliance for *.trendmicro.com.

Certificate Revocation List (CRL)

This CRL was cached at
http://crl.trendmicro.com/crl/trendmicroca.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://crl.trendmicro.com/crl/trendmicroca.crl
Size: 447 bytes (DER data)
Response time: 98.824713ms
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 0

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Content Delivery Network (CDN): Akamai
Cache Information: TCP_MISS from a23-219-93-213.deploy.akamaitechnologies.com (AkamaiGHost/8.3.2-19674918) (-)

Raw CRL response headers

Accept-Ranges: [bytes]
Cache-Control: [no-cache]
Content-Length: [447]
Content-Type: [application/x-pkcs7-crl]
Date: [Sat, 29 Apr 2017 21:18:29 GMT]
Expires: [Sat, 29 Apr 2017 21:18:29 GMT]
Last-Modified: [Sat, 29 Apr 2017 10:21:56 GMT]
Pragma: [no-cache]
X-Cache: [TCP_MISS from a23-219-93-213.deploy.akamaitechnologies.com (AkamaiGHost/8.3.2-19674918) (-)]
X-Frame-Options: [DENY]
  • Content-Type in response is set 'application/x-pkcs7-crl' and should be replaced with 'application/pkix-crl' (RFC 5280, section 4.2.1.13)
  • This CRL file is DER encoded
  • Issuer field should be byte-for-byte equivalent with issuers subject
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than seven days old, CRLs must be updated and reissued at least every seven days (Mozilla Maintenance Policy section 3)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is not the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is not the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://ocsp.trendmicro.com/tmca (POST)Server failed

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp.trendmicro.com/tmca (POST)
Size: 5 bytes (DER data)
Response time: 146.049163ms
Status: Server failed

Relevant server response headers

Date:

Server and network information

Content Delivery Network (CDN): Akamai
Cache Information: TCP_MISS from a23-217-200-39.deploy.akamaitechnologies.com (AkamaiGHost/8.3.2.1-19774280) (-)

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTxWIodLXhftqBAApo1oPlHmcw/SgQUrTHH
+gLOZ/dlHPu6X8C7xVBMZ8gCCG+LmttnnLgf
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MAMKAQY=
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)


Raw OCSP response headers

Content-Length: [5]
Content-Transfer-Encoding: [Binary]
Content-Type: [application/ocsp-response]
Date: [Sat, 29 Apr 2017 21:18:29 GMT]
X-Cache: [TCP_MISS from a23-217-200-39.deploy.akamaitechnologies.com (AkamaiGHost/8.3.2.1-19774280) (-)]
  • OCSP response must be valid for at least 8 hours (Microsoft)
  • OCSP response must be available at least 8 hours before the current period expires or at ½ the validity if valid for more than 16 hours (Microsoft)
  • Content-Type in response is set to 'application/ocsp-response'
  • ThisUpdate not set (RFC 5019, section 6.2)
  • Last-Modified cache header not set (RFC 5019, section 6.2)
  • NextUpdate not set (RFC 5019, section 2.2.4)
This OCSP response was cached at
http://ocsp.trendmicro.com/tmca (GET)Server failed

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp.trendmicro.com/tmca (GET)
Size: 5 bytes (DER data)
Response time: 174.335687ms
Status: Server failed

Relevant server response headers

Date:

Server and network information

Content Delivery Network (CDN): Akamai
Cache Information: TCP_MISS from a23-217-200-69.deploy.akamaitechnologies.com (AkamaiGHost/8.3.2.1-19774280) (-)

URL used for GET request

http:/tmca/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTxWIodLXhftqBAApo1oPlHmcw%2FSgQUrTHH%2BgLOZ%2FdlHPu6X8C7xVBMZ8gCCG%2BLmttnnLgf

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTxWIodLXhftqBAApo1oPlHmcw/SgQUrTHH
+gLOZ/dlHPu6X8C7xVBMZ8gCCG+LmttnnLgf
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MAMKAQY=
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)


Raw OCSP response headers

Content-Length: [5]
Content-Transfer-Encoding: [Binary]
Content-Type: [application/ocsp-response]
Date: [Sat, 29 Apr 2017 21:18:29 GMT]
X-Cache: [TCP_MISS from a23-217-200-69.deploy.akamaitechnologies.com (AkamaiGHost/8.3.2.1-19774280) (-)]
  • OCSP requests is smaller than 255 bytes
  • OCSP response must be valid for at least 8 hours (Microsoft)
  • OCSP response must be available at least 8 hours before the current period expires or at ½ the validity if valid for more than 16 hours (Microsoft)
  • Content-Type in response is set to 'application/ocsp-response'
  • ThisUpdate not set (RFC 5019, section 6.2)
  • Last-Modified cache header not set (RFC 5019, section 6.2)
  • NextUpdate not set (RFC 5019, section 2.2.4)

Trend Micro CA (CA Certificate)

Certificate details for Trend Micro CA (At position 1 in certificate chain)
Serial number:
hex: 3d847c1b4abb3202
int: 4432804389899153922
Issued by: AffirmTrust Networking
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: Trend Micro Inc
Country: US
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

Certificate Revocation List (CRL)

This CRL was cached at
http://crl.affirmtrust.com/crl/AffirmTrustNetworking.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://crl.affirmtrust.com/crl/AffirmTrustNetworking.crl
Size: 418 bytes (DER data)
Response time: 156.639801ms
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 0

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Content Delivery Network (CDN): Akamai
Cache Information: TCP_MISS from a23-219-93-213.deploy.akamaitechnologies.com (AkamaiGHost/8.3.2-19674918) (-)

Raw CRL response headers

Accept-Ranges: [bytes]
Cache-Control: [no-cache]
Content-Length: [418]
Content-Type: [application/x-pkcs7-crl]
Date: [Sat, 29 Apr 2017 21:18:29 GMT]
Expires: [Sat, 29 Apr 2017 21:18:29 GMT]
Last-Modified: [Wed, 05 Apr 2017 18:05:54 GMT]
Pragma: [no-cache]
Set-Cookie: [TS0199e426=01a277d5fea8a46dbd95b0cd3cd380c526c3305e55417606e946e5c93b0fe054c9ea5b9bf5f427242823b99dbff2739c88fcd066ac; Path=/]
X-Cache: [TCP_MISS from a23-219-93-213.deploy.akamaitechnologies.com (AkamaiGHost/8.3.2-19674918) (-)]
X-Frame-Options: [DENY]
  • Content-Type in response is set 'application/x-pkcs7-crl' and should be replaced with 'application/pkix-crl' (RFC 5280, section 4.2.1.13)
  • This CRL file is DER encoded
  • Issuer field should be byte-for-byte equivalent with issuers subject
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is older than ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is not the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://ocsp.trendmicro.com/ntwk (GET)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp.trendmicro.com/ntwk (GET)
Size: 1536 bytes (DER data)
Response time: 121.507166ms
Signature algorithm: SHA1WithRSA
Signature type: CA Deligated
Signed by: AffirmTrust Networking OCSP Signer
Issued by: AffirmTrust Networking
Signing certificate validity: 2017-04-10 - 2020-04-10
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 13m31s

Server and network information

Content Delivery Network (CDN): Akamai
Cache Information: TCP_REFRESH_HIT from a23-217-200-69.deploy.akamaitechnologies.com (AkamaiGHost/8.3.2.1-19774280) (S)

URL used for GET request

http:/ntwk/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTDzGCRx1YDF98Dn1tKV5zEHz8o9AQUBx%2FS55zawm6iQLSwelAQUHTEyL0CCD2EfBtKuzIC

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTDzGCRx1YDF98Dn1tKV5zEHz8o9AQUBx/S
55zawm6iQLSwelAQUHTEyL0CCD2EfBtKuzIC
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIF/AoBAKCCBfUwggXxBgkrBgEFBQcwAQEEggXiMIIF3jCB0qFSMFAxCzAJBgNV
BAYTAlVTMRQwEgYDVQQKDAtBZmZpcm1UcnVzdDErMCkGA1UEAwwiQWZmaXJtVHJ1
c3QgTmV0d29ya2luZyBPQ1NQIFNpZ25lchgPMjAxNzA0MjkxNTE4MjFaMGswaTBB
MAkGBSsOAwIaBQAEFMPMYJHHVgMX3wOfW0pXnMQfPyj0BBQHH9LnnNrCbqJAtLB6
UBBQdMTIvQIIPYR8G0q7MgKAABgPMjAxNzA0MjkxNTE4MjFaoBEYDzIwMTcwNTA2
MTUxODIxWjANBgkqhkiG9w0BAQUFAAOCAQEAqr+9S4WBC1plRaA878AMx0drrfAT
wr1evE5A3jU71Ji6IZSAKODEFF/BiF9s26ubjImHHGEiv/oHyewPuwumrlmjQN3l
rgQ4/nLEb+E4hLKvhrmXJ1DbJhKtWgRJQWaBtVUsDafs5T9//iMyiCe68IaGd+hq
JvHwCwygKSClEltc8J5VWzsw4q+lL44FCJiH05M2zMjpp+CInteJRFYGHQubdCFR
yieodpWO6HOhV6qTB0Y1ZN/gqoK5VvNjj3YqvaNJ/3uy/KNjiRKg3tKkc+SLjanp
WAzP+Di0xcyISX6VKagvh1eiU/SeQFnQdV027VtidXmdjclscEBonQQVJaCCA/Ew
ggPtMIID6TCCAtGgAwIBAgIIFMMPBJCt2+0wDQYJKoZIhvcNAQELBQAwRDELMAkG
A1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZpcm1U
cnVzdCBOZXR3b3JraW5nMB4XDTE3MDQxMDE4NDIzNVoXDTIwMDQxMDE4NDIzNVow
UDELMAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MSswKQYDVQQDDCJB
ZmZpcm1UcnVzdCBOZXR3b3JraW5nIE9DU1AgU2lnbmVyMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEAzfNheb3MD89wKtDNMO59wqSCTyt7luUWYkrwrAq4
aivX5eQAtMjky+8ssFMf7SKGR82X1wOhEb76JsFGGLsYzOSQOzuOFXGyT7tDM5Yu
6E+ipwCz73MHnYv7RHMZgcX6Ue+mkFozEF2Ch2Kv1CzvUVsg0sayKV1N056Hc8mQ
/tm5fGeru1p0fEHiXEu5tn7u3JxzGmUtNVXgJl2UMix0K49is0MMThOwYfcqAqNi
zrVuhjzVO/9CMKfu5xbeEcqH+QN4Xlr7zSyq7fe+y/kAte6k+tY+/nqufDgfxpRL
57jX29zCEWsT2EiGu7aoAw0n094wzQZfrlHeoBpH2vIpIwIDAQABo4HSMIHPMB0G
A1UdDgQWBBRrSGWWfGXpJUf69nRkqhECTzu3zzAMBgNVHRMBAf8EAjAAMB8GA1Ud
IwQYMBaAFAcf0uec2sJuokC0sHpQEFB0xMi9MA8GCSsGAQUFBzABBQQCBQAwSQYD
VR0fBEIwQDA+oDygOoY4aHR0cDovL2NybC5hZmZpcm10cnVzdC5jb20vY3JsL0Fm
ZmlybVRydXN0TmV0d29ya2luZy5jcmwwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQM
MAoGCCsGAQUFBwMJMA0GCSqGSIb3DQEBCwUAA4IBAQAo3KWli74FvxM9aOjPzIVm
UEUKF1M/rBtkRyQVZBv0j8XW6JiOXwGilYEMjtYgsnPs5G7St8j6t+XhsMBF9tOX
t2oK3GPWlgfjdkrQyNkL909AMnj2TtivMbQejwlFJ3dGy/gXm/vIY+bUxglQ7eO7
A2epMR1lQezbxgz88aD+OuU5vlXSL9XfPqXWddEMCspjgOq5lpXY1HvcCWFzsL/x
5BHBX2p6SUUgaI13o39DprLjEMx5UVXajNxjSuwnXRkLlSXT3M4UpqXmEEmO14rC
gjAt3NdGclZQHYZ2zwqlbrd5dO1Po0WaBYHv3rECgBAbdoG/olEKM6yKXnVKxoTS
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIID6TCCAtGgAwIBAgIIFMMPBJCt2+0wDQYJKoZIhvcNAQELBQAwRDELMAkGA1UE
BhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVz
dCBOZXR3b3JraW5nMB4XDTE3MDQxMDE4NDIzNVoXDTIwMDQxMDE4NDIzNVowUDEL
MAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MSswKQYDVQQDDCJBZmZp
cm1UcnVzdCBOZXR3b3JraW5nIE9DU1AgU2lnbmVyMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAzfNheb3MD89wKtDNMO59wqSCTyt7luUWYkrwrAq4aivX
5eQAtMjky+8ssFMf7SKGR82X1wOhEb76JsFGGLsYzOSQOzuOFXGyT7tDM5Yu6E+i
pwCz73MHnYv7RHMZgcX6Ue+mkFozEF2Ch2Kv1CzvUVsg0sayKV1N056Hc8mQ/tm5
fGeru1p0fEHiXEu5tn7u3JxzGmUtNVXgJl2UMix0K49is0MMThOwYfcqAqNizrVu
hjzVO/9CMKfu5xbeEcqH+QN4Xlr7zSyq7fe+y/kAte6k+tY+/nqufDgfxpRL57jX
29zCEWsT2EiGu7aoAw0n094wzQZfrlHeoBpH2vIpIwIDAQABo4HSMIHPMB0GA1Ud
DgQWBBRrSGWWfGXpJUf69nRkqhECTzu3zzAMBgNVHRMBAf8EAjAAMB8GA1UdIwQY
MBaAFAcf0uec2sJuokC0sHpQEFB0xMi9MA8GCSsGAQUFBzABBQQCBQAwSQYDVR0f
BEIwQDA+oDygOoY4aHR0cDovL2NybC5hZmZpcm10cnVzdC5jb20vY3JsL0FmZmly
bVRydXN0TmV0d29ya2luZy5jcmwwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoG
CCsGAQUFBwMJMA0GCSqGSIb3DQEBCwUAA4IBAQAo3KWli74FvxM9aOjPzIVmUEUK
F1M/rBtkRyQVZBv0j8XW6JiOXwGilYEMjtYgsnPs5G7St8j6t+XhsMBF9tOXt2oK
3GPWlgfjdkrQyNkL909AMnj2TtivMbQejwlFJ3dGy/gXm/vIY+bUxglQ7eO7A2ep
MR1lQezbxgz88aD+OuU5vlXSL9XfPqXWddEMCspjgOq5lpXY1HvcCWFzsL/x5BHB
X2p6SUUgaI13o39DprLjEMx5UVXajNxjSuwnXRkLlSXT3M4UpqXmEEmO14rCgjAt
3NdGclZQHYZ2zwqlbrd5dO1Po0WaBYHv3rECgBAbdoG/olEKM6yKXnVKxoTS
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [public, no-transform, must-revalidate, max-age=811]
Content-Length: [1536]
Content-Transfer-Encoding: [Binary]
Content-Type: [application/ocsp-response]
Date: [Sat, 29 Apr 2017 21:18:29 GMT]
Etag: ["B4A593E0F06C3F7A8AD0AF19196BAF2A15631654"]
Expires: [Sat, 29 Apr 2017 21:32:00 GMT]
Last-Modified: [Sat, 29 Apr 2017 15:18:21 GMT]
X-Cache: [TCP_REFRESH_HIT from a23-217-200-69.deploy.akamaitechnologies.com (AkamaiGHost/8.3.2.1-19774280) (S)]
  • OCSP requests is smaller than 255 bytes
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is not the same as the NextUpdate field (RFC 5019 section 6.2)
This OCSP response was cached at
http://ocsp.trendmicro.com/ntwk (POST)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp.trendmicro.com/ntwk (POST)
Size: 1536 bytes (DER data)
Response time: 296.56055ms
Signature algorithm: SHA1WithRSA
Signature type: CA Deligated
Signed by: AffirmTrust Networking OCSP Signer
Issued by: AffirmTrust Networking
Signing certificate validity: 2017-04-10 - 2020-04-10
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 59m14s

Server and network information

Content Delivery Network (CDN): Akamai
Cache Information: TCP_MISS from a23-217-200-39.deploy.akamaitechnologies.com (AkamaiGHost/8.3.2.1-19774280) (-)

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTDzGCRx1YDF98Dn1tKV5zEHz8o9AQUBx/S
55zawm6iQLSwelAQUHTEyL0CCD2EfBtKuzIC
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIF/AoBAKCCBfUwggXxBgkrBgEFBQcwAQEEggXiMIIF3jCB0qFSMFAxCzAJBgNV
BAYTAlVTMRQwEgYDVQQKDAtBZmZpcm1UcnVzdDErMCkGA1UEAwwiQWZmaXJtVHJ1
c3QgTmV0d29ya2luZyBPQ1NQIFNpZ25lchgPMjAxNzA0MjkxNTE4MjFaMGswaTBB
MAkGBSsOAwIaBQAEFMPMYJHHVgMX3wOfW0pXnMQfPyj0BBQHH9LnnNrCbqJAtLB6
UBBQdMTIvQIIPYR8G0q7MgKAABgPMjAxNzA0MjkxNTE4MjFaoBEYDzIwMTcwNTA2
MTUxODIxWjANBgkqhkiG9w0BAQUFAAOCAQEAqr+9S4WBC1plRaA878AMx0drrfAT
wr1evE5A3jU71Ji6IZSAKODEFF/BiF9s26ubjImHHGEiv/oHyewPuwumrlmjQN3l
rgQ4/nLEb+E4hLKvhrmXJ1DbJhKtWgRJQWaBtVUsDafs5T9//iMyiCe68IaGd+hq
JvHwCwygKSClEltc8J5VWzsw4q+lL44FCJiH05M2zMjpp+CInteJRFYGHQubdCFR
yieodpWO6HOhV6qTB0Y1ZN/gqoK5VvNjj3YqvaNJ/3uy/KNjiRKg3tKkc+SLjanp
WAzP+Di0xcyISX6VKagvh1eiU/SeQFnQdV027VtidXmdjclscEBonQQVJaCCA/Ew
ggPtMIID6TCCAtGgAwIBAgIIFMMPBJCt2+0wDQYJKoZIhvcNAQELBQAwRDELMAkG
A1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZpcm1U
cnVzdCBOZXR3b3JraW5nMB4XDTE3MDQxMDE4NDIzNVoXDTIwMDQxMDE4NDIzNVow
UDELMAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MSswKQYDVQQDDCJB
ZmZpcm1UcnVzdCBOZXR3b3JraW5nIE9DU1AgU2lnbmVyMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEAzfNheb3MD89wKtDNMO59wqSCTyt7luUWYkrwrAq4
aivX5eQAtMjky+8ssFMf7SKGR82X1wOhEb76JsFGGLsYzOSQOzuOFXGyT7tDM5Yu
6E+ipwCz73MHnYv7RHMZgcX6Ue+mkFozEF2Ch2Kv1CzvUVsg0sayKV1N056Hc8mQ
/tm5fGeru1p0fEHiXEu5tn7u3JxzGmUtNVXgJl2UMix0K49is0MMThOwYfcqAqNi
zrVuhjzVO/9CMKfu5xbeEcqH+QN4Xlr7zSyq7fe+y/kAte6k+tY+/nqufDgfxpRL
57jX29zCEWsT2EiGu7aoAw0n094wzQZfrlHeoBpH2vIpIwIDAQABo4HSMIHPMB0G
A1UdDgQWBBRrSGWWfGXpJUf69nRkqhECTzu3zzAMBgNVHRMBAf8EAjAAMB8GA1Ud
IwQYMBaAFAcf0uec2sJuokC0sHpQEFB0xMi9MA8GCSsGAQUFBzABBQQCBQAwSQYD
VR0fBEIwQDA+oDygOoY4aHR0cDovL2NybC5hZmZpcm10cnVzdC5jb20vY3JsL0Fm
ZmlybVRydXN0TmV0d29ya2luZy5jcmwwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQM
MAoGCCsGAQUFBwMJMA0GCSqGSIb3DQEBCwUAA4IBAQAo3KWli74FvxM9aOjPzIVm
UEUKF1M/rBtkRyQVZBv0j8XW6JiOXwGilYEMjtYgsnPs5G7St8j6t+XhsMBF9tOX
t2oK3GPWlgfjdkrQyNkL909AMnj2TtivMbQejwlFJ3dGy/gXm/vIY+bUxglQ7eO7
A2epMR1lQezbxgz88aD+OuU5vlXSL9XfPqXWddEMCspjgOq5lpXY1HvcCWFzsL/x
5BHBX2p6SUUgaI13o39DprLjEMx5UVXajNxjSuwnXRkLlSXT3M4UpqXmEEmO14rC
gjAt3NdGclZQHYZ2zwqlbrd5dO1Po0WaBYHv3rECgBAbdoG/olEKM6yKXnVKxoTS
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIID6TCCAtGgAwIBAgIIFMMPBJCt2+0wDQYJKoZIhvcNAQELBQAwRDELMAkGA1UE
BhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVz
dCBOZXR3b3JraW5nMB4XDTE3MDQxMDE4NDIzNVoXDTIwMDQxMDE4NDIzNVowUDEL
MAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MSswKQYDVQQDDCJBZmZp
cm1UcnVzdCBOZXR3b3JraW5nIE9DU1AgU2lnbmVyMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAzfNheb3MD89wKtDNMO59wqSCTyt7luUWYkrwrAq4aivX
5eQAtMjky+8ssFMf7SKGR82X1wOhEb76JsFGGLsYzOSQOzuOFXGyT7tDM5Yu6E+i
pwCz73MHnYv7RHMZgcX6Ue+mkFozEF2Ch2Kv1CzvUVsg0sayKV1N056Hc8mQ/tm5
fGeru1p0fEHiXEu5tn7u3JxzGmUtNVXgJl2UMix0K49is0MMThOwYfcqAqNizrVu
hjzVO/9CMKfu5xbeEcqH+QN4Xlr7zSyq7fe+y/kAte6k+tY+/nqufDgfxpRL57jX
29zCEWsT2EiGu7aoAw0n094wzQZfrlHeoBpH2vIpIwIDAQABo4HSMIHPMB0GA1Ud
DgQWBBRrSGWWfGXpJUf69nRkqhECTzu3zzAMBgNVHRMBAf8EAjAAMB8GA1UdIwQY
MBaAFAcf0uec2sJuokC0sHpQEFB0xMi9MA8GCSsGAQUFBzABBQQCBQAwSQYDVR0f
BEIwQDA+oDygOoY4aHR0cDovL2NybC5hZmZpcm10cnVzdC5jb20vY3JsL0FmZmly
bVRydXN0TmV0d29ya2luZy5jcmwwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoG
CCsGAQUFBwMJMA0GCSqGSIb3DQEBCwUAA4IBAQAo3KWli74FvxM9aOjPzIVmUEUK
F1M/rBtkRyQVZBv0j8XW6JiOXwGilYEMjtYgsnPs5G7St8j6t+XhsMBF9tOXt2oK
3GPWlgfjdkrQyNkL909AMnj2TtivMbQejwlFJ3dGy/gXm/vIY+bUxglQ7eO7A2ep
MR1lQezbxgz88aD+OuU5vlXSL9XfPqXWddEMCspjgOq5lpXY1HvcCWFzsL/x5BHB
X2p6SUUgaI13o39DprLjEMx5UVXajNxjSuwnXRkLlSXT3M4UpqXmEEmO14rCgjAt
3NdGclZQHYZ2zwqlbrd5dO1Po0WaBYHv3rECgBAbdoG/olEKM6yKXnVKxoTS
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [public, no-transform, must-revalidate, max-age=3554]
Content-Length: [1536]
Content-Transfer-Encoding: [Binary]
Content-Type: [application/ocsp-response]
Date: [Sat, 29 Apr 2017 21:18:29 GMT]
Etag: ["B4A593E0F06C3F7A8AD0AF19196BAF2A15631654"]
Expires: [Sat, 29 Apr 2017 22:17:43 GMT]
Last-Modified: [Sat, 29 Apr 2017 15:18:21 GMT]
X-Cache: [TCP_MISS from a23-217-200-39.deploy.akamaitechnologies.com (AkamaiGHost/8.3.2.1-19774280) (-)]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is not the same as the NextUpdate field (RFC 5019 section 6.2)

AffirmTrust Networking (CA Certificate)

Certificate details for AffirmTrust Networking (At position 2 in certificate chain)
Serial number:
hex: 7c4f04391cd4992d
int: 8957382827206547757
Issued by: AffirmTrust Networking
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: AffirmTrust
Country: US
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

This is a self signed certificate

Check the revocation status for another website

Created by Paul van Brouwershaven
Revoked certificates can't and should not be trusted, these certificate will cause errors like "NET::ERR_CERT_REVOKED" in browsers.