CRL & OCSP report for liros.swatchgroup.com (The Swatch Group Services Ltd)

liros.swatchgroup.com

Certificate details for liros.swatchgroup.com (At position 0 in certificate chain)
Serial number:
hex: 7ccb6b5d6841e6713423bbddae4f46eb
int: 165880485357924952236207556251324729067
Issued by: thawte SSL CA - G2
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: The Swatch Group Services Ltd
State / Province: Bern
Locality: Biel
Country: CH
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

Check certificate compliance for liros.swatchgroup.com.

Certificate Revocation List (CRL)

This CRL was cached at
http://tj.symcb.com/tj.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://tj.symcb.com/tj.crl
Size: 127811 bytes (DER data)
Response time: 19.243054ms
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 3639

Relevant server response headers

Date:
Last Modified:

Server and network information

Server Software: Apache
Content Delivery Network (CDN): Akamai
Cache Information: TCP_HIT from a23-215-131-111.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (-)

Raw CRL response headers

Accept-Ranges: [bytes]
Content-Type: [application/pkix-crl]
Date: [Sun, 25 Jun 2017 22:47:49 GMT]
Etag: ["9f55b36c7de7c887124dbd02f81e5dbb:1498425103"]
Last-Modified: [Sun, 25 Jun 2017 21:11:43 GMT]
Server: [Apache]
Vary: [Accept-Encoding]
X-Cache: [TCP_HIT from a23-215-131-111.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (-)]
  • Content-Type in response is set to 'application/pkix-crl (RFC 5280, section 4.2.1.13)'
  • This CRL file is DER encoded
  • Issuer field is byte-for-byte equivalent with issuers subject
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than seven days old, CRLs must be updated and reissued at least every seven days (Mozilla Maintenance Policy section 3)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is not the same as ThisUpdate (RFC 5019, section 6.2)
  • Expires cache header not set (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://tj.symcd.com (POST)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://tj.symcd.com (POST)
Size: 1413 bytes (DER data)
Response time: 36.879896ms
Signature algorithm: SHA1WithRSA
Signature type: CA Delegated
Signed by: thawte SSL CA - G2 OCSP Responder
Issued by: thawte SSL CA - G2
Signing certificate validity: 2017-04-26 - 2017-07-25
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 153h0m19s

Server and network information

Server Software: nginx/1.10.2
Content Delivery Network (CDN): Akamai
Cache Information: TCP_MISS from a23-215-131-68.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (-)

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFEwTzBNMEswSTAJBgUrDgMCGgUABBRvdluGAc/lYx1bXFBnllP1ugYHmAQUwk9I
V/zRT5rAXTh9DgXb2S61UmACEHzLa11oQeZxNCO73a5PRus=
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIFgQoBAKCCBXowggV2BgkrBgEFBQcwAQEEggVnMIIFYzCBnqIWBBSo8ePKLt6A
nakScCw6GxfyWQBRKxgPMjAxNzA2MjUwNzQ4MDhaMHMwcTBJMAkGBSsOAwIaBQAE
FG92W4YBz+VjHVtcUGeWU/W6BgeYBBTCT0hX/NFPmsBdOH0OBdvZLrVSYAIQfMtr
XWhB5nE0I7vdrk9G64AAGA8yMDE3MDYyNTA3NDgwOFqgERgPMjAxNzA3MDIwNzQ4
MDhaMA0GCSqGSIb3DQEBBQUAA4IBAQBmb/XZvKCnETrZ/MGErfpZtaBiMh3W670I
ouyiz58X/7gz0FQ5sHZE2mtLsTCAslaPUvJzliJPaGvMEn1rvbxHT8vlY4n7ubID
m+FVHDZB7o7waxiW1bunRWJSyaovjeDjWlfVj6mT7osLjTg7a1M4m9jceTbBo6ca
p1kX9yQN7yMiG9hEEdi3gP8rwaLdP/+PiUsP1qZYcroU4Q18b022Ol+vHZHT5JTi
FCypAqTgXRXi7OoOrFlHCHAEaI80PFrtws9mHJP5tIiIW1W40w4cOuxllM/DqR1s
K+GiGTqcALxFcYW8a1YeBIYyYGdj1wL+yXy+wznJGQVpNCtIo9T5oIIDqjCCA6Yw
ggOiMIICiqADAgECAhAFtyBljrDdN6jRzbTIH+Y2MA0GCSqGSIb3DQEBCwUAMEEx
CzAJBgNVBAYTAlVTMRUwEwYDVQQKEwx0aGF3dGUsIEluYy4xGzAZBgNVBAMTEnRo
YXd0ZSBTU0wgQ0EgLSBHMjAeFw0xNzA0MjYwMDAwMDBaFw0xNzA3MjUyMzU5NTla
MCwxKjAoBgNVBAMTIXRoYXd0ZSBTU0wgQ0EgLSBHMiBPQ1NQIFJlc3BvbmRlcjCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJx30ZDrBZAfmw8zmL9jlODG
Hc1Fc4GgXD7z22LSv52vet8Eqkrf4FSQD3mdjCZFJciFO1uBKRkY1MyPN3tvjSFY
8WAG2tNw6V9/tQfdOoZIe3t1FcGm8OeBKznA6p9hc3T4yOJUk8VYsAARR77BlbXU
fMvwso7T4xwCP0VwWvUMwu6jhoJVQ1Wmfcc6SzfK6OZv1YdSECqF/C/rHjBGxYBl
oVGgKUJWZmoiBpYe+bmjLyny2w6qRcHw1gmjquB67crInNocC0VsnO7kzojw59JP
UWnaWaPRmdL2vu3Zm5ZmfxkggbtcCclfyDFXI5PYuyYWs3UFo4CNf6qP7FADSJUC
AwEAAaOBqjCBpzAPBgkrBgEFBQcwAQUEAgUAMCEGA1UdEQQaMBikFjAUMRIwEAYD
VQQDEwlUR1YtRS05ODIwHwYDVR0jBBgwFoAUwk9IV/zRT5rAXTh9DgXb2S61UmAw
HQYDVR0OBBYEFKjx48ou3oCdqRJwLDobF/JZAFErMAwGA1UdEwEB/wQCMAAwEwYD
VR0lBAwwCgYIKwYBBQUHAwkwDgYDVR0PAQH/BAQDAgeAMA0GCSqGSIb3DQEBCwUA
A4IBAQBPun6IH8i7V1dkHanQ9h7eoXPGUX5nip23k4hzo79xeR3e8p7Cxe12ghO6
S7kuxUXN1acalwyB68cXQvI1/9FSpRRs3HXmdK6RJ1aH/KzVxhQ2w+hrmKc8J9Qm
4nadcATgD0RDeHJRWWEWW1WLGLbEsYv+1BxPotro2JwYXvj9xDtdbVndOxR9rpbV
zjotmMKAuFHmt3EHxYIlPOBXMj06lEVdf8uVUKWN0M0CWqbS3LB3JZ8SJE2/ZhsY
nnYNGI+HHJj1JRA0ywSj/jqAim8DZdvMWYT34OZn/7YRvJLHjA7DmZkxcYT8Y3P2
GNdYFy2QCzW78JKqTTZ5Dx7BoCa5
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIDojCCAoqgAwIBAgIQBbcgZY6w3Teo0c20yB/mNjANBgkqhkiG9w0BAQsFADBB
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3RlLCBJbmMuMRswGQYDVQQDExJ0
aGF3dGUgU1NMIENBIC0gRzIwHhcNMTcwNDI2MDAwMDAwWhcNMTcwNzI1MjM1OTU5
WjAsMSowKAYDVQQDEyF0aGF3dGUgU1NMIENBIC0gRzIgT0NTUCBSZXNwb25kZXIw
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCcd9GQ6wWQH5sPM5i/Y5Tg
xh3NRXOBoFw+89ti0r+dr3rfBKpK3+BUkA95nYwmRSXIhTtbgSkZGNTMjzd7b40h
WPFgBtrTcOlff7UH3TqGSHt7dRXBpvDngSs5wOqfYXN0+MjiVJPFWLAAEUe+wZW1
1HzL8LKO0+McAj9FcFr1DMLuo4aCVUNVpn3HOks3yujmb9WHUhAqhfwv6x4wRsWA
ZaFRoClCVmZqIgaWHvm5oy8p8tsOqkXB8NYJo6rgeu3KyJzaHAtFbJzu5M6I8OfS
T1Fp2lmj0ZnS9r7t2ZuWZn8ZIIG7XAnJX8gxVyOT2LsmFrN1BaOAjX+qj+xQA0iV
AgMBAAGjgaowgacwDwYJKwYBBQUHMAEFBAIFADAhBgNVHREEGjAYpBYwFDESMBAG
A1UEAxMJVEdWLUUtOTgyMB8GA1UdIwQYMBaAFMJPSFf80U+awF04fQ4F29kutVJg
MB0GA1UdDgQWBBSo8ePKLt6AnakScCw6GxfyWQBRKzAMBgNVHRMBAf8EAjAAMBMG
A1UdJQQMMAoGCCsGAQUFBwMJMA4GA1UdDwEB/wQEAwIHgDANBgkqhkiG9w0BAQsF
AAOCAQEAT7p+iB/Iu1dXZB2p0PYe3qFzxlF+Z4qdt5OIc6O/cXkd3vKewsXtdoIT
uku5LsVFzdWnGpcMgevHF0LyNf/RUqUUbNx15nSukSdWh/ys1cYUNsPoa5inPCfU
JuJ2nXAE4A9EQ3hyUVlhFltVixi2xLGL/tQcT6La6NicGF74/cQ7XW1Z3TsUfa6W
1c46LZjCgLhR5rdxB8WCJTzgVzI9OpRFXX/LlVCljdDNAlqm0tywdyWfEiRNv2Yb
GJ52DRiPhxyY9SUQNMsEo/46gIpvA2XbzFmE9+DmZ/+2EbySx4wOw5mZMXGE/GNz
9hjXWBctkAs1u/CSqk02eQ8ewaAmuQ==
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [max-age=550819, public, no-transform, must-revalidate]
Content-Length: [1413]
Content-Transfer-Encoding: [binary]
Content-Type: [application/ocsp-response]
Date: [Sun, 25 Jun 2017 22:47:49 GMT]
Expires: [Sun, 2 Jul 2017 07:48:08 GMT]
Last-Modified: [Sun, 25 Jun 2017 07:48:08 GMT]
Server: [nginx/1.10.2]
X-Cache: [TCP_MISS from a23-215-131-68.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (-)]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • OCSP response is valid for at least 8 hours (Microsoft)
  • OCSP response is available at least 8 hours before the current period expires or at ½ the validity if valid for more than 16 hours (Microsoft)
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)
This OCSP response was cached at
http://tj.symcd.com (GET)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://tj.symcd.com (GET)
Size: 1413 bytes (DER data)
Response time: 76.664885ms
Signature algorithm: SHA1WithRSA
Signature type: CA Delegated
Signed by: thawte SSL CA - G2 OCSP Responder
Issued by: thawte SSL CA - G2
Signing certificate validity: 2017-04-26 - 2017-07-25
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 153h0m19s

Server and network information

Server Software: nginx/1.10.2
Content Delivery Network (CDN): Akamai
Cache Information: TCP_REFRESH_MISS from a23-215-131-68.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (S)

URL used for GET request

http://tj.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRvdluGAc%2FlYx1bXFBnllP1ugYHmAQUwk9IV%2FzRT5rAXTh9DgXb2S61UmACEHzLa11oQeZxNCO73a5PRus%3D

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFEwTzBNMEswSTAJBgUrDgMCGgUABBRvdluGAc/lYx1bXFBnllP1ugYHmAQUwk9I
V/zRT5rAXTh9DgXb2S61UmACEHzLa11oQeZxNCO73a5PRus=
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIFgQoBAKCCBXowggV2BgkrBgEFBQcwAQEEggVnMIIFYzCBnqIWBBSo8ePKLt6A
nakScCw6GxfyWQBRKxgPMjAxNzA2MjUwNzQ4MDhaMHMwcTBJMAkGBSsOAwIaBQAE
FG92W4YBz+VjHVtcUGeWU/W6BgeYBBTCT0hX/NFPmsBdOH0OBdvZLrVSYAIQfMtr
XWhB5nE0I7vdrk9G64AAGA8yMDE3MDYyNTA3NDgwOFqgERgPMjAxNzA3MDIwNzQ4
MDhaMA0GCSqGSIb3DQEBBQUAA4IBAQBmb/XZvKCnETrZ/MGErfpZtaBiMh3W670I
ouyiz58X/7gz0FQ5sHZE2mtLsTCAslaPUvJzliJPaGvMEn1rvbxHT8vlY4n7ubID
m+FVHDZB7o7waxiW1bunRWJSyaovjeDjWlfVj6mT7osLjTg7a1M4m9jceTbBo6ca
p1kX9yQN7yMiG9hEEdi3gP8rwaLdP/+PiUsP1qZYcroU4Q18b022Ol+vHZHT5JTi
FCypAqTgXRXi7OoOrFlHCHAEaI80PFrtws9mHJP5tIiIW1W40w4cOuxllM/DqR1s
K+GiGTqcALxFcYW8a1YeBIYyYGdj1wL+yXy+wznJGQVpNCtIo9T5oIIDqjCCA6Yw
ggOiMIICiqADAgECAhAFtyBljrDdN6jRzbTIH+Y2MA0GCSqGSIb3DQEBCwUAMEEx
CzAJBgNVBAYTAlVTMRUwEwYDVQQKEwx0aGF3dGUsIEluYy4xGzAZBgNVBAMTEnRo
YXd0ZSBTU0wgQ0EgLSBHMjAeFw0xNzA0MjYwMDAwMDBaFw0xNzA3MjUyMzU5NTla
MCwxKjAoBgNVBAMTIXRoYXd0ZSBTU0wgQ0EgLSBHMiBPQ1NQIFJlc3BvbmRlcjCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJx30ZDrBZAfmw8zmL9jlODG
Hc1Fc4GgXD7z22LSv52vet8Eqkrf4FSQD3mdjCZFJciFO1uBKRkY1MyPN3tvjSFY
8WAG2tNw6V9/tQfdOoZIe3t1FcGm8OeBKznA6p9hc3T4yOJUk8VYsAARR77BlbXU
fMvwso7T4xwCP0VwWvUMwu6jhoJVQ1Wmfcc6SzfK6OZv1YdSECqF/C/rHjBGxYBl
oVGgKUJWZmoiBpYe+bmjLyny2w6qRcHw1gmjquB67crInNocC0VsnO7kzojw59JP
UWnaWaPRmdL2vu3Zm5ZmfxkggbtcCclfyDFXI5PYuyYWs3UFo4CNf6qP7FADSJUC
AwEAAaOBqjCBpzAPBgkrBgEFBQcwAQUEAgUAMCEGA1UdEQQaMBikFjAUMRIwEAYD
VQQDEwlUR1YtRS05ODIwHwYDVR0jBBgwFoAUwk9IV/zRT5rAXTh9DgXb2S61UmAw
HQYDVR0OBBYEFKjx48ou3oCdqRJwLDobF/JZAFErMAwGA1UdEwEB/wQCMAAwEwYD
VR0lBAwwCgYIKwYBBQUHAwkwDgYDVR0PAQH/BAQDAgeAMA0GCSqGSIb3DQEBCwUA
A4IBAQBPun6IH8i7V1dkHanQ9h7eoXPGUX5nip23k4hzo79xeR3e8p7Cxe12ghO6
S7kuxUXN1acalwyB68cXQvI1/9FSpRRs3HXmdK6RJ1aH/KzVxhQ2w+hrmKc8J9Qm
4nadcATgD0RDeHJRWWEWW1WLGLbEsYv+1BxPotro2JwYXvj9xDtdbVndOxR9rpbV
zjotmMKAuFHmt3EHxYIlPOBXMj06lEVdf8uVUKWN0M0CWqbS3LB3JZ8SJE2/ZhsY
nnYNGI+HHJj1JRA0ywSj/jqAim8DZdvMWYT34OZn/7YRvJLHjA7DmZkxcYT8Y3P2
GNdYFy2QCzW78JKqTTZ5Dx7BoCa5
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIDojCCAoqgAwIBAgIQBbcgZY6w3Teo0c20yB/mNjANBgkqhkiG9w0BAQsFADBB
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3RlLCBJbmMuMRswGQYDVQQDExJ0
aGF3dGUgU1NMIENBIC0gRzIwHhcNMTcwNDI2MDAwMDAwWhcNMTcwNzI1MjM1OTU5
WjAsMSowKAYDVQQDEyF0aGF3dGUgU1NMIENBIC0gRzIgT0NTUCBSZXNwb25kZXIw
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCcd9GQ6wWQH5sPM5i/Y5Tg
xh3NRXOBoFw+89ti0r+dr3rfBKpK3+BUkA95nYwmRSXIhTtbgSkZGNTMjzd7b40h
WPFgBtrTcOlff7UH3TqGSHt7dRXBpvDngSs5wOqfYXN0+MjiVJPFWLAAEUe+wZW1
1HzL8LKO0+McAj9FcFr1DMLuo4aCVUNVpn3HOks3yujmb9WHUhAqhfwv6x4wRsWA
ZaFRoClCVmZqIgaWHvm5oy8p8tsOqkXB8NYJo6rgeu3KyJzaHAtFbJzu5M6I8OfS
T1Fp2lmj0ZnS9r7t2ZuWZn8ZIIG7XAnJX8gxVyOT2LsmFrN1BaOAjX+qj+xQA0iV
AgMBAAGjgaowgacwDwYJKwYBBQUHMAEFBAIFADAhBgNVHREEGjAYpBYwFDESMBAG
A1UEAxMJVEdWLUUtOTgyMB8GA1UdIwQYMBaAFMJPSFf80U+awF04fQ4F29kutVJg
MB0GA1UdDgQWBBSo8ePKLt6AnakScCw6GxfyWQBRKzAMBgNVHRMBAf8EAjAAMBMG
A1UdJQQMMAoGCCsGAQUFBwMJMA4GA1UdDwEB/wQEAwIHgDANBgkqhkiG9w0BAQsF
AAOCAQEAT7p+iB/Iu1dXZB2p0PYe3qFzxlF+Z4qdt5OIc6O/cXkd3vKewsXtdoIT
uku5LsVFzdWnGpcMgevHF0LyNf/RUqUUbNx15nSukSdWh/ys1cYUNsPoa5inPCfU
JuJ2nXAE4A9EQ3hyUVlhFltVixi2xLGL/tQcT6La6NicGF74/cQ7XW1Z3TsUfa6W
1c46LZjCgLhR5rdxB8WCJTzgVzI9OpRFXX/LlVCljdDNAlqm0tywdyWfEiRNv2Yb
GJ52DRiPhxyY9SUQNMsEo/46gIpvA2XbzFmE9+DmZ/+2EbySx4wOw5mZMXGE/GNz
9hjXWBctkAs1u/CSqk02eQ8ewaAmuQ==
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [max-age=550819, public, no-transform, must-revalidate]
Content-Length: [1413]
Content-Transfer-Encoding: [binary]
Content-Type: [application/ocsp-response]
Date: [Sun, 25 Jun 2017 22:47:49 GMT]
Expires: [Sun, 2 Jul 2017 07:48:08 GMT]
Last-Modified: [Sun, 25 Jun 2017 07:48:08 GMT]
Server: [nginx/1.10.2]
X-Cache: [TCP_REFRESH_MISS from a23-215-131-68.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (S)]
  • OCSP requests is smaller than 255 bytes
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • OCSP response is valid for at least 8 hours (Microsoft)
  • OCSP response is available at least 8 hours before the current period expires or at ½ the validity if valid for more than 16 hours (Microsoft)
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

thawte SSL CA - G2 (CA Certificate)

Certificate details for thawte SSL CA - G2 (At position 1 in certificate chain)
Serial number:
hex: 1687d6886de2300685233dbf11bf6597
int: 29948327227862944430780750156152137111
Issued by: thawte Primary Root CA
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: thawte, Inc.
Country: US
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

Certificate Revocation List (CRL)

This CRL was cached at
http://t1.symcb.com/ThawtePCA.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://t1.symcb.com/ThawtePCA.crl
Size: 537 bytes (DER data)
Response time: 10.542267ms
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 1

Relevant server response headers

Date:
Last Modified:

Server and network information

Server Software: Apache
Content Delivery Network (CDN): Akamai
Cache Information: TCP_MEM_HIT from a23-215-131-61.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (-)

Raw CRL response headers

Accept-Ranges: [bytes]
Content-Type: [application/pkix-crl]
Date: [Sun, 25 Jun 2017 22:47:49 GMT]
Etag: ["5a8afc61d4e871c162aeb1ae3cc55cbc:1498270523"]
Last-Modified: [Sat, 24 Jun 2017 02:15:23 GMT]
Server: [Apache]
Vary: [Accept-Encoding]
X-Cache: [TCP_MEM_HIT from a23-215-131-61.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (-)]
  • Content-Type in response is set to 'application/pkix-crl (RFC 5280, section 4.2.1.13)'
  • This CRL file is DER encoded
  • Issuer field is byte-for-byte equivalent with issuers subject
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is not the same as ThisUpdate (RFC 5019, section 6.2)
  • Expires cache header not set (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://t2.symcb.com (GET)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://t2.symcb.com (GET)
Size: 1504 bytes (DER data)
Response time: 10.940987ms
Signature algorithm: SHA1WithRSA
Signature type: CA Delegated
Signed by: thawte Primary Root OCSP Responder Certificate 5
Issued by: thawte Primary Root CA
Signing certificate validity: 2016-11-22 - 2017-12-14
Signing certificate algorithm: SHA1-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 164h36m19s

Server and network information

Server Software: nginx/1.10.2
Content Delivery Network (CDN): Akamai
Cache Information: TCP_MEM_HIT from a23-215-131-68.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (-)

URL used for GET request

http://t2.symcb.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEBaH1oht4jAGhSM9vxG%2FZZc%3D

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD/yl6nWPkczAQUe1tF
z6/Oy3r9MZIaarbzRutXSFACEBaH1oht4jAGhSM9vxG/ZZc=
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIF3AoBAKCCBdUwggXRBgkrBgEFBQcwAQEEggXCMIIFvjCBnqIWBBSy2bdAZSGF
dJEJzQWJNOXg5SwcIxgPMjAxNzA2MjUxOTIzMDdaMHMwcTBJMAkGBSsOAwIaBQAE
FDAXimvD1LuYJsIQcP/KXqdY+RzMBBR7W0XPr87Lev0xkhpqtvNG61dIUAIQFofW
iG3iMAaFIz2/Eb9ll4AAGA8yMDE3MDYyNTE5MjMwN1qgERgPMjAxNzA3MDIxOTIz
MDdaMA0GCSqGSIb3DQEBBQUAA4IBAQApm+3B41jYGrWusHQheMCe9h/1TVdcI7t7
DH3qhgKLI1oHL6m7F8tobJD/8jrvk7utyax+n80RZPzCYAGTrgrPC9xFeIpDwcWM
fDYpDStDnVqBHgPr7yGc4Dg8wqLxOuoLNZrJUoAXI224pofRFKgOpktPDda13sjL
zcveslHnly7BCIKDXaWZoTnoO6jfW2zIef3NdoUhmPsXLtw2VkOMbG7deGNmufyz
i3xFLW6L21REoef8vpC6BzHIEIgWGObcLL5dJJKVC8OYxlhfyYwSjULPuvDqKxBZ
ubG8PhW5gf54U8mwZjJIIAfBYw9jT6512t1jJwv3BkU1CRyc8/10oIIEBTCCBAEw
ggP9MIIC5aADAgECAhBqIaLOBLu8Jqunme8AdApUMA0GCSqGSIb3DQEBBQUAMIGp
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3RlLCBJbmMuMSgwJgYDVQQLEx9D
ZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9uMTgwNgYDVQQLEy8oYykgMjAw
NiB0aGF3dGUsIEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTEfMB0GA1UE
AxMWdGhhd3RlIFByaW1hcnkgUm9vdCBDQTAeFw0xNjExMjIwMDAwMDBaFw0xNzEy
MTQyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwx0aGF3dGUsIEluYy4x
OTA3BgNVBAMTMHRoYXd0ZSBQcmltYXJ5IFJvb3QgT0NTUCBSZXNwb25kZXIgQ2Vy
dGlmaWNhdGUgNTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMwOc/CD
T/ilVz6H2rkWETL80qIX5ttu5I16yxgPVYUP2Qy1D6dpiw9JZb0Tw134T58HpV+B
e3HSYDvEwPLyCBgKDNGAQ4RTEvuVDAJXhDHFDe+tE3wUWX0QCsmqMqXTc/BI18Zx
1vekmip6OnwyEoRdlaIeRv1qFLOGj9NqcQrh3CN/4SJb/DnWmTQta4gODnKS/ADF
WRs/wB3rqPDBZhBLBqywq6YRmzcz6hb/dpddqcTp7tDtEHmw+BDWTl/92a2YwJAw
9mKjfzqNYZa37ydH0MYioCjreLj++js4ZCM+av59twiH//GjaqSaQnW2z7rKM/5A
5tBowI+SWtr93p8CAwEAAaNqMGgwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDwYJKwYB
BQUHMAEFBAIFADAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIHgDAiBgNVHREE
GzAZpBcwFTETMBEGA1UEAxMKVEdWLU9GRi01MTANBgkqhkiG9w0BAQUFAAOCAQEA
MZQVzAXoEbM5j6fQNNDzrTvMeEMlOlf8ShOg6pa5Y6/s9m+3nEqxRZhdJXtqn7YI
2736XikAfsn7cVikARa66mlLn6QxdnbUHX/TUpJf2/nZqCb2T80lmSjOfLwBzdgD
9N4MUzs16ivcuEEEJhuBhtcp/66+oEQqdXdLejHG61bRkhnqrW6U9sGBPhoQw2Hq
G3zclM6IlNJX+LYxOuDDD/5SbKAbcy+QBsue7Yf5XG7lZacI9CVFreoggA+YR8VQ
SVChJNc4k3ALASLz2OckP2X/357OiJFcsoqNdeo70ZLPLS4U/gOn60QiAnxonBCJ
PjZyT4sg074MlhPJSGR+HA==
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIID/TCCAuWgAwIBAgIQaiGizgS7vCarp5nvAHQKVDANBgkqhkiG9w0BAQUFADCB
qTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMf
Q2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIw
MDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxHzAdBgNV
BAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwHhcNMTYxMTIyMDAwMDAwWhcNMTcx
MjE0MjM1OTU5WjBfMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3RlLCBJbmMu
MTkwNwYDVQQDEzB0aGF3dGUgUHJpbWFyeSBSb290IE9DU1AgUmVzcG9uZGVyIENl
cnRpZmljYXRlIDUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMDnPw
g0/4pVc+h9q5FhEy/NKiF+bbbuSNessYD1WFD9kMtQ+naYsPSWW9E8Nd+E+fB6Vf
gXtx0mA7xMDy8ggYCgzRgEOEUxL7lQwCV4QxxQ3vrRN8FFl9EArJqjKl03PwSNfG
cdb3pJoqejp8MhKEXZWiHkb9ahSzho/TanEK4dwjf+EiW/w51pk0LWuIDg5ykvwA
xVkbP8Ad66jwwWYQSwassKumEZs3M+oW/3aXXanE6e7Q7RB5sPgQ1k5f/dmtmMCQ
MPZio386jWGWt+8nR9DGIqAo63i4/vo7OGQjPmr+fbcIh//xo2qkmkJ1ts+6yjP+
QObQaMCPklra/d6fAgMBAAGjajBoMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA8GCSsG
AQUFBzABBQQCBQAwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCB4AwIgYDVR0R
BBswGaQXMBUxEzARBgNVBAMTClRHVi1PRkYtNTEwDQYJKoZIhvcNAQEFBQADggEB
ADGUFcwF6BGzOY+n0DTQ8607zHhDJTpX/EoToOqWuWOv7PZvt5xKsUWYXSV7ap+2
CNu9+l4pAH7J+3FYpAEWuuppS5+kMXZ21B1/01KSX9v52agm9k/NJZkozny8Ac3Y
A/TeDFM7Neor3LhBBCYbgYbXKf+uvqBEKnV3S3oxxutW0ZIZ6q1ulPbBgT4aEMNh
6ht83JTOiJTSV/i2MTrgww/+UmygG3MvkAbLnu2H+Vxu5WWnCPQlRa3qIIAPmEfF
UElQoSTXOJNwCwEi89jnJD9l/9+ezoiRXLKKjXXqO9GSzy0uFP4Dp+tEIgJ8aJwQ
iT42ck+LINO+DJYTyUhkfhw=
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [max-age=592579, public, no-transform, must-revalidate]
Content-Length: [1504]
Content-Transfer-Encoding: [binary]
Content-Type: [application/ocsp-response]
Date: [Sun, 25 Jun 2017 22:47:49 GMT]
Expires: [Sun, 2 Jul 2017 19:23:07 GMT]
Last-Modified: [Sun, 25 Jun 2017 19:23:07 GMT]
Server: [nginx/1.10.2]
X-Cache: [TCP_MEM_HIT from a23-215-131-68.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (-)]
  • OCSP requests is smaller than 255 bytes
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header outlives NextUpdate with 1m1s
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)
This OCSP response was cached at
http://t2.symcb.com (POST)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://t2.symcb.com (POST)
Size: 1504 bytes (DER data)
Response time: 57.551661ms
Signature algorithm: SHA1WithRSA
Signature type: CA Delegated
Signed by: thawte Primary Root OCSP Responder Certificate 5
Issued by: thawte Primary Root CA
Signing certificate validity: 2016-11-22 - 2017-12-14
Signing certificate algorithm: SHA1-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 164h35m18s

Server and network information

Server Software: nginx/1.10.2
Content Delivery Network (CDN): Akamai
Cache Information: TCP_REFRESH_MISS from a23-215-131-68.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (S)

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD/yl6nWPkczAQUe1tF
z6/Oy3r9MZIaarbzRutXSFACEBaH1oht4jAGhSM9vxG/ZZc=
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIF3AoBAKCCBdUwggXRBgkrBgEFBQcwAQEEggXCMIIFvjCBnqIWBBSy2bdAZSGF
dJEJzQWJNOXg5SwcIxgPMjAxNzA2MjUxOTIzMDdaMHMwcTBJMAkGBSsOAwIaBQAE
FDAXimvD1LuYJsIQcP/KXqdY+RzMBBR7W0XPr87Lev0xkhpqtvNG61dIUAIQFofW
iG3iMAaFIz2/Eb9ll4AAGA8yMDE3MDYyNTE5MjMwN1qgERgPMjAxNzA3MDIxOTIz
MDdaMA0GCSqGSIb3DQEBBQUAA4IBAQApm+3B41jYGrWusHQheMCe9h/1TVdcI7t7
DH3qhgKLI1oHL6m7F8tobJD/8jrvk7utyax+n80RZPzCYAGTrgrPC9xFeIpDwcWM
fDYpDStDnVqBHgPr7yGc4Dg8wqLxOuoLNZrJUoAXI224pofRFKgOpktPDda13sjL
zcveslHnly7BCIKDXaWZoTnoO6jfW2zIef3NdoUhmPsXLtw2VkOMbG7deGNmufyz
i3xFLW6L21REoef8vpC6BzHIEIgWGObcLL5dJJKVC8OYxlhfyYwSjULPuvDqKxBZ
ubG8PhW5gf54U8mwZjJIIAfBYw9jT6512t1jJwv3BkU1CRyc8/10oIIEBTCCBAEw
ggP9MIIC5aADAgECAhBqIaLOBLu8Jqunme8AdApUMA0GCSqGSIb3DQEBBQUAMIGp
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3RlLCBJbmMuMSgwJgYDVQQLEx9D
ZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9uMTgwNgYDVQQLEy8oYykgMjAw
NiB0aGF3dGUsIEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTEfMB0GA1UE
AxMWdGhhd3RlIFByaW1hcnkgUm9vdCBDQTAeFw0xNjExMjIwMDAwMDBaFw0xNzEy
MTQyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwx0aGF3dGUsIEluYy4x
OTA3BgNVBAMTMHRoYXd0ZSBQcmltYXJ5IFJvb3QgT0NTUCBSZXNwb25kZXIgQ2Vy
dGlmaWNhdGUgNTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMwOc/CD
T/ilVz6H2rkWETL80qIX5ttu5I16yxgPVYUP2Qy1D6dpiw9JZb0Tw134T58HpV+B
e3HSYDvEwPLyCBgKDNGAQ4RTEvuVDAJXhDHFDe+tE3wUWX0QCsmqMqXTc/BI18Zx
1vekmip6OnwyEoRdlaIeRv1qFLOGj9NqcQrh3CN/4SJb/DnWmTQta4gODnKS/ADF
WRs/wB3rqPDBZhBLBqywq6YRmzcz6hb/dpddqcTp7tDtEHmw+BDWTl/92a2YwJAw
9mKjfzqNYZa37ydH0MYioCjreLj++js4ZCM+av59twiH//GjaqSaQnW2z7rKM/5A
5tBowI+SWtr93p8CAwEAAaNqMGgwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDwYJKwYB
BQUHMAEFBAIFADAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIHgDAiBgNVHREE
GzAZpBcwFTETMBEGA1UEAxMKVEdWLU9GRi01MTANBgkqhkiG9w0BAQUFAAOCAQEA
MZQVzAXoEbM5j6fQNNDzrTvMeEMlOlf8ShOg6pa5Y6/s9m+3nEqxRZhdJXtqn7YI
2736XikAfsn7cVikARa66mlLn6QxdnbUHX/TUpJf2/nZqCb2T80lmSjOfLwBzdgD
9N4MUzs16ivcuEEEJhuBhtcp/66+oEQqdXdLejHG61bRkhnqrW6U9sGBPhoQw2Hq
G3zclM6IlNJX+LYxOuDDD/5SbKAbcy+QBsue7Yf5XG7lZacI9CVFreoggA+YR8VQ
SVChJNc4k3ALASLz2OckP2X/357OiJFcsoqNdeo70ZLPLS4U/gOn60QiAnxonBCJ
PjZyT4sg074MlhPJSGR+HA==
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIID/TCCAuWgAwIBAgIQaiGizgS7vCarp5nvAHQKVDANBgkqhkiG9w0BAQUFADCB
qTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMf
Q2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIw
MDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxHzAdBgNV
BAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwHhcNMTYxMTIyMDAwMDAwWhcNMTcx
MjE0MjM1OTU5WjBfMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3RlLCBJbmMu
MTkwNwYDVQQDEzB0aGF3dGUgUHJpbWFyeSBSb290IE9DU1AgUmVzcG9uZGVyIENl
cnRpZmljYXRlIDUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMDnPw
g0/4pVc+h9q5FhEy/NKiF+bbbuSNessYD1WFD9kMtQ+naYsPSWW9E8Nd+E+fB6Vf
gXtx0mA7xMDy8ggYCgzRgEOEUxL7lQwCV4QxxQ3vrRN8FFl9EArJqjKl03PwSNfG
cdb3pJoqejp8MhKEXZWiHkb9ahSzho/TanEK4dwjf+EiW/w51pk0LWuIDg5ykvwA
xVkbP8Ad66jwwWYQSwassKumEZs3M+oW/3aXXanE6e7Q7RB5sPgQ1k5f/dmtmMCQ
MPZio386jWGWt+8nR9DGIqAo63i4/vo7OGQjPmr+fbcIh//xo2qkmkJ1ts+6yjP+
QObQaMCPklra/d6fAgMBAAGjajBoMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA8GCSsG
AQUFBzABBQQCBQAwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCB4AwIgYDVR0R
BBswGaQXMBUxEzARBgNVBAMTClRHVi1PRkYtNTEwDQYJKoZIhvcNAQEFBQADggEB
ADGUFcwF6BGzOY+n0DTQ8607zHhDJTpX/EoToOqWuWOv7PZvt5xKsUWYXSV7ap+2
CNu9+l4pAH7J+3FYpAEWuuppS5+kMXZ21B1/01KSX9v52agm9k/NJZkozny8Ac3Y
A/TeDFM7Neor3LhBBCYbgYbXKf+uvqBEKnV3S3oxxutW0ZIZ6q1ulPbBgT4aEMNh
6ht83JTOiJTSV/i2MTrgww/+UmygG3MvkAbLnu2H+Vxu5WWnCPQlRa3qIIAPmEfF
UElQoSTXOJNwCwEi89jnJD9l/9+ezoiRXLKKjXXqO9GSzy0uFP4Dp+tEIgJ8aJwQ
iT42ck+LINO+DJYTyUhkfhw=
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [max-age=592518, public, no-transform, must-revalidate]
Content-Length: [1504]
Content-Transfer-Encoding: [binary]
Content-Type: [application/ocsp-response]
Date: [Sun, 25 Jun 2017 22:47:49 GMT]
Expires: [Sun, 2 Jul 2017 19:23:07 GMT]
Last-Modified: [Sun, 25 Jun 2017 19:23:07 GMT]
Server: [nginx/1.10.2]
X-Cache: [TCP_REFRESH_MISS from a23-215-131-68.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (S)]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

thawte Primary Root CA (CA Certificate)

Certificate details for thawte Primary Root CA (At position 2 in certificate chain)
Serial number:
hex: 344ed55720d5edec49f42fce37db2b6d
int: 69529181992039203566298953787712940909
Issued by: thawte Primary Root CA
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: thawte, Inc.
Organization unit: Certification Services Division
Organization unit: (c) 2006 thawte, Inc. - For authorized use only
Country: US
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

This is a self signed certificate

Check the revocation status for another website

Created by Paul van Brouwershaven
© 2015 - 2017 Digitorus B.V.
Revoked certificates can't and should not be trusted, these certificate will cause errors like "NET::ERR_CERT_REVOKED" in browsers.