CRL & OCSP report for liros.swatchgroup.com (The Swatch Group Services Ltd)

liros.swatchgroup.com

Certificate details for liros.swatchgroup.com (At position 0 in certificate chain)
Serial number:
hex: 7ccb6b5d6841e6713423bbddae4f46eb
int: 165880485357924952236207556251324729067
Issued by: thawte SSL CA - G2
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: The Swatch Group Services Ltd
State / Province: Bern
Locality: Biel
Country: CH
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

Check certificate compliance for liros.swatchgroup.com.

Certificate Revocation List (CRL)

This CRL was cached at
http://tj.symcb.com/tj.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://tj.symcb.com/tj.crl
Size: 131099 bytes (DER data)
Response time: 241.131311ms
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 3733

Relevant server response headers

Date:
Last Modified:

Server and network information

Server Software: Apache
Content Delivery Network (CDN): Akamai
Cache Information: TCP_REFRESH_HIT from a23-217-200-39.deploy.akamaitechnologies.com (AkamaiGHost/8.3.2.1-19774280) (S)

Raw CRL response headers

Accept-Ranges: [bytes]
Content-Type: [application/pkix-crl]
Date: [Sun, 30 Apr 2017 12:55:03 GMT]
Etag: ["fa5f45c012f0bea4f754b2a4000e3e2f:1493543502"]
Last-Modified: [Sun, 30 Apr 2017 09:11:42 GMT]
Server: [Apache]
Vary: [Accept-Encoding]
X-Cache: [TCP_REFRESH_HIT from a23-217-200-39.deploy.akamaitechnologies.com (AkamaiGHost/8.3.2.1-19774280) (S)]
  • Content-Type in response is set to 'application/pkix-crl (RFC 5280, section 4.2.1.13)'
  • This CRL file is DER encoded
  • Issuer field is byte-for-byte equivalent with issuers subject
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than seven days old, CRLs must be updated and reissued at least every seven days (Mozilla Maintenance Policy section 3)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is not the same as ThisUpdate (RFC 5019, section 6.2)
  • Expires cache header not set (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://tj.symcd.com (POST)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://tj.symcd.com (POST)
Size: 1413 bytes (DER data)
Response time: 235.924386ms
Signature algorithm: SHA1WithRSA
Signature type: CA Deligated
Signed by: thawte SSL CA - G2 OCSP Responder
Issued by: thawte SSL CA - G2
Signing certificate validity: 2017-04-26 - 2017-07-25
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 160h41m39s

Server and network information

Server Software: nginx/1.10.2
Content Delivery Network (CDN): Akamai
Cache Information: TCP_REFRESH_MISS from a23-217-200-53.deploy.akamaitechnologies.com (AkamaiGHost/8.3.2.1-19774280) (S)

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFEwTzBNMEswSTAJBgUrDgMCGgUABBRvdluGAc/lYx1bXFBnllP1ugYHmAQUwk9I
V/zRT5rAXTh9DgXb2S61UmACEHzLa11oQeZxNCO73a5PRus=
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIFgQoBAKCCBXowggV2BgkrBgEFBQcwAQEEggVnMIIFYzCBnqIWBBSo8ePKLt6A
nakScCw6GxfyWQBRKxgPMjAxNzA0MzAwNTM2NDJaMHMwcTBJMAkGBSsOAwIaBQAE
FG92W4YBz+VjHVtcUGeWU/W6BgeYBBTCT0hX/NFPmsBdOH0OBdvZLrVSYAIQfMtr
XWhB5nE0I7vdrk9G64AAGA8yMDE3MDQzMDA1MzY0MlqgERgPMjAxNzA1MDcwNTM2
NDJaMA0GCSqGSIb3DQEBBQUAA4IBAQAu82jINqR47khPCDp806MoR5rEtQDBT8fW
vkdbnBikjy0Y1K4RH5r+83K7pv6upcl1zl+sHgRUAm3sZSoWGJORsFNz43eHEM8S
TOt6gzaRFbrNEM1GZxFTlTHBCsurObV1vEj6d44AgiQLFmXhRoRWygkbCC2zk874
OB6IFOJ1fo+kSUfTcCBb2KmpmNHeUrOHChwqypTGxhuEh1B3X/w8lwQpM5+zHQQk
CUhBIWUkaUor5d0c7ffz0Txc7NLVF1mkJOaGWf3Y51O5+LYFH1lC7jlYu35UoLns
tDxhPASDjPlT+2cJ7kLkalcybqOkWXQ3plL6FXWtysNWblqhqHNAoIIDqjCCA6Yw
ggOiMIICiqADAgECAhAFtyBljrDdN6jRzbTIH+Y2MA0GCSqGSIb3DQEBCwUAMEEx
CzAJBgNVBAYTAlVTMRUwEwYDVQQKEwx0aGF3dGUsIEluYy4xGzAZBgNVBAMTEnRo
YXd0ZSBTU0wgQ0EgLSBHMjAeFw0xNzA0MjYwMDAwMDBaFw0xNzA3MjUyMzU5NTla
MCwxKjAoBgNVBAMTIXRoYXd0ZSBTU0wgQ0EgLSBHMiBPQ1NQIFJlc3BvbmRlcjCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJx30ZDrBZAfmw8zmL9jlODG
Hc1Fc4GgXD7z22LSv52vet8Eqkrf4FSQD3mdjCZFJciFO1uBKRkY1MyPN3tvjSFY
8WAG2tNw6V9/tQfdOoZIe3t1FcGm8OeBKznA6p9hc3T4yOJUk8VYsAARR77BlbXU
fMvwso7T4xwCP0VwWvUMwu6jhoJVQ1Wmfcc6SzfK6OZv1YdSECqF/C/rHjBGxYBl
oVGgKUJWZmoiBpYe+bmjLyny2w6qRcHw1gmjquB67crInNocC0VsnO7kzojw59JP
UWnaWaPRmdL2vu3Zm5ZmfxkggbtcCclfyDFXI5PYuyYWs3UFo4CNf6qP7FADSJUC
AwEAAaOBqjCBpzAPBgkrBgEFBQcwAQUEAgUAMCEGA1UdEQQaMBikFjAUMRIwEAYD
VQQDEwlUR1YtRS05ODIwHwYDVR0jBBgwFoAUwk9IV/zRT5rAXTh9DgXb2S61UmAw
HQYDVR0OBBYEFKjx48ou3oCdqRJwLDobF/JZAFErMAwGA1UdEwEB/wQCMAAwEwYD
VR0lBAwwCgYIKwYBBQUHAwkwDgYDVR0PAQH/BAQDAgeAMA0GCSqGSIb3DQEBCwUA
A4IBAQBPun6IH8i7V1dkHanQ9h7eoXPGUX5nip23k4hzo79xeR3e8p7Cxe12ghO6
S7kuxUXN1acalwyB68cXQvI1/9FSpRRs3HXmdK6RJ1aH/KzVxhQ2w+hrmKc8J9Qm
4nadcATgD0RDeHJRWWEWW1WLGLbEsYv+1BxPotro2JwYXvj9xDtdbVndOxR9rpbV
zjotmMKAuFHmt3EHxYIlPOBXMj06lEVdf8uVUKWN0M0CWqbS3LB3JZ8SJE2/ZhsY
nnYNGI+HHJj1JRA0ywSj/jqAim8DZdvMWYT34OZn/7YRvJLHjA7DmZkxcYT8Y3P2
GNdYFy2QCzW78JKqTTZ5Dx7BoCa5
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIDojCCAoqgAwIBAgIQBbcgZY6w3Teo0c20yB/mNjANBgkqhkiG9w0BAQsFADBB
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3RlLCBJbmMuMRswGQYDVQQDExJ0
aGF3dGUgU1NMIENBIC0gRzIwHhcNMTcwNDI2MDAwMDAwWhcNMTcwNzI1MjM1OTU5
WjAsMSowKAYDVQQDEyF0aGF3dGUgU1NMIENBIC0gRzIgT0NTUCBSZXNwb25kZXIw
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCcd9GQ6wWQH5sPM5i/Y5Tg
xh3NRXOBoFw+89ti0r+dr3rfBKpK3+BUkA95nYwmRSXIhTtbgSkZGNTMjzd7b40h
WPFgBtrTcOlff7UH3TqGSHt7dRXBpvDngSs5wOqfYXN0+MjiVJPFWLAAEUe+wZW1
1HzL8LKO0+McAj9FcFr1DMLuo4aCVUNVpn3HOks3yujmb9WHUhAqhfwv6x4wRsWA
ZaFRoClCVmZqIgaWHvm5oy8p8tsOqkXB8NYJo6rgeu3KyJzaHAtFbJzu5M6I8OfS
T1Fp2lmj0ZnS9r7t2ZuWZn8ZIIG7XAnJX8gxVyOT2LsmFrN1BaOAjX+qj+xQA0iV
AgMBAAGjgaowgacwDwYJKwYBBQUHMAEFBAIFADAhBgNVHREEGjAYpBYwFDESMBAG
A1UEAxMJVEdWLUUtOTgyMB8GA1UdIwQYMBaAFMJPSFf80U+awF04fQ4F29kutVJg
MB0GA1UdDgQWBBSo8ePKLt6AnakScCw6GxfyWQBRKzAMBgNVHRMBAf8EAjAAMBMG
A1UdJQQMMAoGCCsGAQUFBwMJMA4GA1UdDwEB/wQEAwIHgDANBgkqhkiG9w0BAQsF
AAOCAQEAT7p+iB/Iu1dXZB2p0PYe3qFzxlF+Z4qdt5OIc6O/cXkd3vKewsXtdoIT
uku5LsVFzdWnGpcMgevHF0LyNf/RUqUUbNx15nSukSdWh/ys1cYUNsPoa5inPCfU
JuJ2nXAE4A9EQ3hyUVlhFltVixi2xLGL/tQcT6La6NicGF74/cQ7XW1Z3TsUfa6W
1c46LZjCgLhR5rdxB8WCJTzgVzI9OpRFXX/LlVCljdDNAlqm0tywdyWfEiRNv2Yb
GJ52DRiPhxyY9SUQNMsEo/46gIpvA2XbzFmE9+DmZ/+2EbySx4wOw5mZMXGE/GNz
9hjXWBctkAs1u/CSqk02eQ8ewaAmuQ==
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [max-age=578499, public, no-transform, must-revalidate]
Content-Length: [1413]
Content-Transfer-Encoding: [binary]
Content-Type: [application/ocsp-response]
Date: [Sun, 30 Apr 2017 12:55:03 GMT]
Expires: [Sun, 7 May 2017 05:36:42 GMT]
Last-Modified: [Sun, 30 Apr 2017 05:36:42 GMT]
Server: [nginx/1.10.2]
X-Cache: [TCP_REFRESH_MISS from a23-217-200-53.deploy.akamaitechnologies.com (AkamaiGHost/8.3.2.1-19774280) (S)]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • OCSP response is valid for at least 8 hours (Microsoft)
  • OCSP response is available at least 8 hours before the current period expires or at ½ the validity if valid for more than 16 hours (Microsoft)
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)
This OCSP response was cached at
http://tj.symcd.com (GET)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://tj.symcd.com (GET)
Size: 1413 bytes (DER data)
Response time: 243.384512ms
Signature algorithm: SHA1WithRSA
Signature type: CA Deligated
Signed by: thawte SSL CA - G2 OCSP Responder
Issued by: thawte SSL CA - G2
Signing certificate validity: 2017-04-26 - 2017-07-25
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 160h41m39s

Server and network information

Server Software: nginx/1.10.2
Content Delivery Network (CDN): Akamai
Cache Information: TCP_MISS from a23-217-200-68.deploy.akamaitechnologies.com (AkamaiGHost/8.3.2.1-19774280) (-)

URL used for GET request

http:/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRvdluGAc%2FlYx1bXFBnllP1ugYHmAQUwk9IV%2FzRT5rAXTh9DgXb2S61UmACEHzLa11oQeZxNCO73a5PRus%3D

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFEwTzBNMEswSTAJBgUrDgMCGgUABBRvdluGAc/lYx1bXFBnllP1ugYHmAQUwk9I
V/zRT5rAXTh9DgXb2S61UmACEHzLa11oQeZxNCO73a5PRus=
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIFgQoBAKCCBXowggV2BgkrBgEFBQcwAQEEggVnMIIFYzCBnqIWBBSo8ePKLt6A
nakScCw6GxfyWQBRKxgPMjAxNzA0MzAwNTM2NDJaMHMwcTBJMAkGBSsOAwIaBQAE
FG92W4YBz+VjHVtcUGeWU/W6BgeYBBTCT0hX/NFPmsBdOH0OBdvZLrVSYAIQfMtr
XWhB5nE0I7vdrk9G64AAGA8yMDE3MDQzMDA1MzY0MlqgERgPMjAxNzA1MDcwNTM2
NDJaMA0GCSqGSIb3DQEBBQUAA4IBAQAu82jINqR47khPCDp806MoR5rEtQDBT8fW
vkdbnBikjy0Y1K4RH5r+83K7pv6upcl1zl+sHgRUAm3sZSoWGJORsFNz43eHEM8S
TOt6gzaRFbrNEM1GZxFTlTHBCsurObV1vEj6d44AgiQLFmXhRoRWygkbCC2zk874
OB6IFOJ1fo+kSUfTcCBb2KmpmNHeUrOHChwqypTGxhuEh1B3X/w8lwQpM5+zHQQk
CUhBIWUkaUor5d0c7ffz0Txc7NLVF1mkJOaGWf3Y51O5+LYFH1lC7jlYu35UoLns
tDxhPASDjPlT+2cJ7kLkalcybqOkWXQ3plL6FXWtysNWblqhqHNAoIIDqjCCA6Yw
ggOiMIICiqADAgECAhAFtyBljrDdN6jRzbTIH+Y2MA0GCSqGSIb3DQEBCwUAMEEx
CzAJBgNVBAYTAlVTMRUwEwYDVQQKEwx0aGF3dGUsIEluYy4xGzAZBgNVBAMTEnRo
YXd0ZSBTU0wgQ0EgLSBHMjAeFw0xNzA0MjYwMDAwMDBaFw0xNzA3MjUyMzU5NTla
MCwxKjAoBgNVBAMTIXRoYXd0ZSBTU0wgQ0EgLSBHMiBPQ1NQIFJlc3BvbmRlcjCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJx30ZDrBZAfmw8zmL9jlODG
Hc1Fc4GgXD7z22LSv52vet8Eqkrf4FSQD3mdjCZFJciFO1uBKRkY1MyPN3tvjSFY
8WAG2tNw6V9/tQfdOoZIe3t1FcGm8OeBKznA6p9hc3T4yOJUk8VYsAARR77BlbXU
fMvwso7T4xwCP0VwWvUMwu6jhoJVQ1Wmfcc6SzfK6OZv1YdSECqF/C/rHjBGxYBl
oVGgKUJWZmoiBpYe+bmjLyny2w6qRcHw1gmjquB67crInNocC0VsnO7kzojw59JP
UWnaWaPRmdL2vu3Zm5ZmfxkggbtcCclfyDFXI5PYuyYWs3UFo4CNf6qP7FADSJUC
AwEAAaOBqjCBpzAPBgkrBgEFBQcwAQUEAgUAMCEGA1UdEQQaMBikFjAUMRIwEAYD
VQQDEwlUR1YtRS05ODIwHwYDVR0jBBgwFoAUwk9IV/zRT5rAXTh9DgXb2S61UmAw
HQYDVR0OBBYEFKjx48ou3oCdqRJwLDobF/JZAFErMAwGA1UdEwEB/wQCMAAwEwYD
VR0lBAwwCgYIKwYBBQUHAwkwDgYDVR0PAQH/BAQDAgeAMA0GCSqGSIb3DQEBCwUA
A4IBAQBPun6IH8i7V1dkHanQ9h7eoXPGUX5nip23k4hzo79xeR3e8p7Cxe12ghO6
S7kuxUXN1acalwyB68cXQvI1/9FSpRRs3HXmdK6RJ1aH/KzVxhQ2w+hrmKc8J9Qm
4nadcATgD0RDeHJRWWEWW1WLGLbEsYv+1BxPotro2JwYXvj9xDtdbVndOxR9rpbV
zjotmMKAuFHmt3EHxYIlPOBXMj06lEVdf8uVUKWN0M0CWqbS3LB3JZ8SJE2/ZhsY
nnYNGI+HHJj1JRA0ywSj/jqAim8DZdvMWYT34OZn/7YRvJLHjA7DmZkxcYT8Y3P2
GNdYFy2QCzW78JKqTTZ5Dx7BoCa5
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIDojCCAoqgAwIBAgIQBbcgZY6w3Teo0c20yB/mNjANBgkqhkiG9w0BAQsFADBB
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3RlLCBJbmMuMRswGQYDVQQDExJ0
aGF3dGUgU1NMIENBIC0gRzIwHhcNMTcwNDI2MDAwMDAwWhcNMTcwNzI1MjM1OTU5
WjAsMSowKAYDVQQDEyF0aGF3dGUgU1NMIENBIC0gRzIgT0NTUCBSZXNwb25kZXIw
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCcd9GQ6wWQH5sPM5i/Y5Tg
xh3NRXOBoFw+89ti0r+dr3rfBKpK3+BUkA95nYwmRSXIhTtbgSkZGNTMjzd7b40h
WPFgBtrTcOlff7UH3TqGSHt7dRXBpvDngSs5wOqfYXN0+MjiVJPFWLAAEUe+wZW1
1HzL8LKO0+McAj9FcFr1DMLuo4aCVUNVpn3HOks3yujmb9WHUhAqhfwv6x4wRsWA
ZaFRoClCVmZqIgaWHvm5oy8p8tsOqkXB8NYJo6rgeu3KyJzaHAtFbJzu5M6I8OfS
T1Fp2lmj0ZnS9r7t2ZuWZn8ZIIG7XAnJX8gxVyOT2LsmFrN1BaOAjX+qj+xQA0iV
AgMBAAGjgaowgacwDwYJKwYBBQUHMAEFBAIFADAhBgNVHREEGjAYpBYwFDESMBAG
A1UEAxMJVEdWLUUtOTgyMB8GA1UdIwQYMBaAFMJPSFf80U+awF04fQ4F29kutVJg
MB0GA1UdDgQWBBSo8ePKLt6AnakScCw6GxfyWQBRKzAMBgNVHRMBAf8EAjAAMBMG
A1UdJQQMMAoGCCsGAQUFBwMJMA4GA1UdDwEB/wQEAwIHgDANBgkqhkiG9w0BAQsF
AAOCAQEAT7p+iB/Iu1dXZB2p0PYe3qFzxlF+Z4qdt5OIc6O/cXkd3vKewsXtdoIT
uku5LsVFzdWnGpcMgevHF0LyNf/RUqUUbNx15nSukSdWh/ys1cYUNsPoa5inPCfU
JuJ2nXAE4A9EQ3hyUVlhFltVixi2xLGL/tQcT6La6NicGF74/cQ7XW1Z3TsUfa6W
1c46LZjCgLhR5rdxB8WCJTzgVzI9OpRFXX/LlVCljdDNAlqm0tywdyWfEiRNv2Yb
GJ52DRiPhxyY9SUQNMsEo/46gIpvA2XbzFmE9+DmZ/+2EbySx4wOw5mZMXGE/GNz
9hjXWBctkAs1u/CSqk02eQ8ewaAmuQ==
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [max-age=578499, public, no-transform, must-revalidate]
Content-Length: [1413]
Content-Transfer-Encoding: [binary]
Content-Type: [application/ocsp-response]
Date: [Sun, 30 Apr 2017 12:55:03 GMT]
Expires: [Sun, 7 May 2017 05:36:42 GMT]
Last-Modified: [Sun, 30 Apr 2017 05:36:42 GMT]
Server: [nginx/1.10.2]
X-Cache: [TCP_MISS from a23-217-200-68.deploy.akamaitechnologies.com (AkamaiGHost/8.3.2.1-19774280) (-)]
  • OCSP requests is smaller than 255 bytes
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • OCSP response is valid for at least 8 hours (Microsoft)
  • OCSP response is available at least 8 hours before the current period expires or at ½ the validity if valid for more than 16 hours (Microsoft)
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

thawte SSL CA - G2 (CA Certificate)

Certificate details for thawte SSL CA - G2 (At position 1 in certificate chain)
Serial number:
hex: 1687d6886de2300685233dbf11bf6597
int: 29948327227862944430780750156152137111
Issued by: thawte Primary Root CA
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: thawte, Inc.
Country: US
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

Certificate Revocation List (CRL)

This CRL was cached at
http://t1.symcb.com/ThawtePCA.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://t1.symcb.com/ThawtePCA.crl
Size: 537 bytes (DER data)
Response time: 238.316439ms
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 1

Relevant server response headers

Date:
Last Modified:

Server and network information

Server Software: Apache
Content Delivery Network (CDN): Akamai
Cache Information: TCP_MEM_HIT from a23-217-200-71.deploy.akamaitechnologies.com (AkamaiGHost/8.3.2.1-19774280) (-)

Raw CRL response headers

Accept-Ranges: [bytes]
Content-Type: [application/pkix-crl]
Date: [Sun, 30 Apr 2017 12:55:03 GMT]
Etag: ["9a0c909d0279c1bbdf66260ef952850c:1490320987"]
Last-Modified: [Fri, 24 Mar 2017 02:01:25 GMT]
Server: [Apache]
Vary: [Accept-Encoding]
X-Cache: [TCP_MEM_HIT from a23-217-200-71.deploy.akamaitechnologies.com (AkamaiGHost/8.3.2.1-19774280) (-)]
  • Content-Type in response is set to 'application/pkix-crl (RFC 5280, section 4.2.1.13)'
  • This CRL file is DER encoded
  • Issuer field is byte-for-byte equivalent with issuers subject
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is not the same as ThisUpdate (RFC 5019, section 6.2)
  • Expires cache header not set (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://t2.symcb.com (POST)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://t2.symcb.com (POST)
Size: 1504 bytes (DER data)
Response time: 238.351205ms
Signature algorithm: SHA1WithRSA
Signature type: CA Deligated
Signed by: thawte Primary Root OCSP Responder Certificate 5
Issued by: thawte Primary Root CA
Signing certificate validity: 2016-11-22 - 2017-12-14
Signing certificate algorithm: SHA1-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 90h47m2s

Server and network information

Server Software: nginx/1.10.2
Content Delivery Network (CDN): Akamai
Cache Information: TCP_MEM_HIT from a23-217-200-68.deploy.akamaitechnologies.com (AkamaiGHost/8.3.2.1-19774280) (-)

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD/yl6nWPkczAQUe1tF
z6/Oy3r9MZIaarbzRutXSFACEBaH1oht4jAGhSM9vxG/ZZc=
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIF3AoBAKCCBdUwggXRBgkrBgEFBQcwAQEEggXCMIIFvjCBnqIWBBSy2bdAZSGF
dJEJzQWJNOXg5SwcIxgPMjAxNzA0MjcwNzM5NDNaMHMwcTBJMAkGBSsOAwIaBQAE
FDAXimvD1LuYJsIQcP/KXqdY+RzMBBR7W0XPr87Lev0xkhpqtvNG61dIUAIQFofW
iG3iMAaFIz2/Eb9ll4AAGA8yMDE3MDQyNzA3Mzk0M1qgERgPMjAxNzA1MDQwNzM5
NDNaMA0GCSqGSIb3DQEBBQUAA4IBAQBYjdRcNshl4JgStVG8EW4DV7sGKL5zgFOt
1qivLyP/wdc6Z24SYm/Xp7uKC2hqmUYdeuhOrtA06eng/a0XlU0oXTV00ie3KKfm
cFiluGl/KVbl/rhmHZPmBBHyiNhDWvtjKH8oKrYFf/SWwEgY2rHYHi1fiL/sKdjy
nZcoi/uG+n7Qbpbhi/HpUefO3bWme63yZbEnB8jOsaXHtTzTkqibpk1q89u5sx6r
hTjitcsV04nnK50DeWezkqZ5VGo4ZWLQLXjDi5VlfUhSOZPQvL6bXdQjIGY6tGVe
Qv0CRNSpbM6UYFkowUUi5ke5VxG7vtqzWGdkf6FHFcZr8WGI7ZYxoIIEBTCCBAEw
ggP9MIIC5aADAgECAhBqIaLOBLu8Jqunme8AdApUMA0GCSqGSIb3DQEBBQUAMIGp
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3RlLCBJbmMuMSgwJgYDVQQLEx9D
ZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9uMTgwNgYDVQQLEy8oYykgMjAw
NiB0aGF3dGUsIEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTEfMB0GA1UE
AxMWdGhhd3RlIFByaW1hcnkgUm9vdCBDQTAeFw0xNjExMjIwMDAwMDBaFw0xNzEy
MTQyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwx0aGF3dGUsIEluYy4x
OTA3BgNVBAMTMHRoYXd0ZSBQcmltYXJ5IFJvb3QgT0NTUCBSZXNwb25kZXIgQ2Vy
dGlmaWNhdGUgNTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMwOc/CD
T/ilVz6H2rkWETL80qIX5ttu5I16yxgPVYUP2Qy1D6dpiw9JZb0Tw134T58HpV+B
e3HSYDvEwPLyCBgKDNGAQ4RTEvuVDAJXhDHFDe+tE3wUWX0QCsmqMqXTc/BI18Zx
1vekmip6OnwyEoRdlaIeRv1qFLOGj9NqcQrh3CN/4SJb/DnWmTQta4gODnKS/ADF
WRs/wB3rqPDBZhBLBqywq6YRmzcz6hb/dpddqcTp7tDtEHmw+BDWTl/92a2YwJAw
9mKjfzqNYZa37ydH0MYioCjreLj++js4ZCM+av59twiH//GjaqSaQnW2z7rKM/5A
5tBowI+SWtr93p8CAwEAAaNqMGgwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDwYJKwYB
BQUHMAEFBAIFADAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIHgDAiBgNVHREE
GzAZpBcwFTETMBEGA1UEAxMKVEdWLU9GRi01MTANBgkqhkiG9w0BAQUFAAOCAQEA
MZQVzAXoEbM5j6fQNNDzrTvMeEMlOlf8ShOg6pa5Y6/s9m+3nEqxRZhdJXtqn7YI
2736XikAfsn7cVikARa66mlLn6QxdnbUHX/TUpJf2/nZqCb2T80lmSjOfLwBzdgD
9N4MUzs16ivcuEEEJhuBhtcp/66+oEQqdXdLejHG61bRkhnqrW6U9sGBPhoQw2Hq
G3zclM6IlNJX+LYxOuDDD/5SbKAbcy+QBsue7Yf5XG7lZacI9CVFreoggA+YR8VQ
SVChJNc4k3ALASLz2OckP2X/357OiJFcsoqNdeo70ZLPLS4U/gOn60QiAnxonBCJ
PjZyT4sg074MlhPJSGR+HA==
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIID/TCCAuWgAwIBAgIQaiGizgS7vCarp5nvAHQKVDANBgkqhkiG9w0BAQUFADCB
qTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMf
Q2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIw
MDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxHzAdBgNV
BAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwHhcNMTYxMTIyMDAwMDAwWhcNMTcx
MjE0MjM1OTU5WjBfMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3RlLCBJbmMu
MTkwNwYDVQQDEzB0aGF3dGUgUHJpbWFyeSBSb290IE9DU1AgUmVzcG9uZGVyIENl
cnRpZmljYXRlIDUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMDnPw
g0/4pVc+h9q5FhEy/NKiF+bbbuSNessYD1WFD9kMtQ+naYsPSWW9E8Nd+E+fB6Vf
gXtx0mA7xMDy8ggYCgzRgEOEUxL7lQwCV4QxxQ3vrRN8FFl9EArJqjKl03PwSNfG
cdb3pJoqejp8MhKEXZWiHkb9ahSzho/TanEK4dwjf+EiW/w51pk0LWuIDg5ykvwA
xVkbP8Ad66jwwWYQSwassKumEZs3M+oW/3aXXanE6e7Q7RB5sPgQ1k5f/dmtmMCQ
MPZio386jWGWt+8nR9DGIqAo63i4/vo7OGQjPmr+fbcIh//xo2qkmkJ1ts+6yjP+
QObQaMCPklra/d6fAgMBAAGjajBoMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA8GCSsG
AQUFBzABBQQCBQAwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCB4AwIgYDVR0R
BBswGaQXMBUxEzARBgNVBAMTClRHVi1PRkYtNTEwDQYJKoZIhvcNAQEFBQADggEB
ADGUFcwF6BGzOY+n0DTQ8607zHhDJTpX/EoToOqWuWOv7PZvt5xKsUWYXSV7ap+2
CNu9+l4pAH7J+3FYpAEWuuppS5+kMXZ21B1/01KSX9v52agm9k/NJZkozny8Ac3Y
A/TeDFM7Neor3LhBBCYbgYbXKf+uvqBEKnV3S3oxxutW0ZIZ6q1ulPbBgT4aEMNh
6ht83JTOiJTSV/i2MTrgww/+UmygG3MvkAbLnu2H+Vxu5WWnCPQlRa3qIIAPmEfF
UElQoSTXOJNwCwEi89jnJD9l/9+ezoiRXLKKjXXqO9GSzy0uFP4Dp+tEIgJ8aJwQ
iT42ck+LINO+DJYTyUhkfhw=
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [max-age=326822, public, no-transform, must-revalidate]
Content-Length: [1504]
Content-Transfer-Encoding: [binary]
Content-Type: [application/ocsp-response]
Date: [Sun, 30 Apr 2017 12:55:03 GMT]
Expires: [Thu, 4 May 2017 07:39:43 GMT]
Last-Modified: [Thu, 27 Apr 2017 07:39:43 GMT]
Server: [nginx/1.10.2]
X-Cache: [TCP_MEM_HIT from a23-217-200-68.deploy.akamaitechnologies.com (AkamaiGHost/8.3.2.1-19774280) (-)]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header outlives NextUpdate with 2m22s
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)
This OCSP response was cached at
http://t2.symcb.com (GET)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://t2.symcb.com (GET)
Size: 1504 bytes (DER data)
Response time: 238.072641ms
Signature algorithm: SHA1WithRSA
Signature type: CA Deligated
Signed by: thawte Primary Root OCSP Responder Certificate 5
Issued by: thawte Primary Root CA
Signing certificate validity: 2016-11-22 - 2017-12-14
Signing certificate algorithm: SHA1-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 90h45m43s

Server and network information

Server Software: nginx/1.10.2
Content Delivery Network (CDN): Akamai
Cache Information: TCP_REFRESH_MISS from a23-217-200-53.deploy.akamaitechnologies.com (AkamaiGHost/8.3.2.1-19774280) (S)

URL used for GET request

http:/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEBaH1oht4jAGhSM9vxG%2FZZc%3D

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD/yl6nWPkczAQUe1tF
z6/Oy3r9MZIaarbzRutXSFACEBaH1oht4jAGhSM9vxG/ZZc=
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIF3AoBAKCCBdUwggXRBgkrBgEFBQcwAQEEggXCMIIFvjCBnqIWBBSy2bdAZSGF
dJEJzQWJNOXg5SwcIxgPMjAxNzA0MjcwNzM5NDNaMHMwcTBJMAkGBSsOAwIaBQAE
FDAXimvD1LuYJsIQcP/KXqdY+RzMBBR7W0XPr87Lev0xkhpqtvNG61dIUAIQFofW
iG3iMAaFIz2/Eb9ll4AAGA8yMDE3MDQyNzA3Mzk0M1qgERgPMjAxNzA1MDQwNzM5
NDNaMA0GCSqGSIb3DQEBBQUAA4IBAQBYjdRcNshl4JgStVG8EW4DV7sGKL5zgFOt
1qivLyP/wdc6Z24SYm/Xp7uKC2hqmUYdeuhOrtA06eng/a0XlU0oXTV00ie3KKfm
cFiluGl/KVbl/rhmHZPmBBHyiNhDWvtjKH8oKrYFf/SWwEgY2rHYHi1fiL/sKdjy
nZcoi/uG+n7Qbpbhi/HpUefO3bWme63yZbEnB8jOsaXHtTzTkqibpk1q89u5sx6r
hTjitcsV04nnK50DeWezkqZ5VGo4ZWLQLXjDi5VlfUhSOZPQvL6bXdQjIGY6tGVe
Qv0CRNSpbM6UYFkowUUi5ke5VxG7vtqzWGdkf6FHFcZr8WGI7ZYxoIIEBTCCBAEw
ggP9MIIC5aADAgECAhBqIaLOBLu8Jqunme8AdApUMA0GCSqGSIb3DQEBBQUAMIGp
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3RlLCBJbmMuMSgwJgYDVQQLEx9D
ZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9uMTgwNgYDVQQLEy8oYykgMjAw
NiB0aGF3dGUsIEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTEfMB0GA1UE
AxMWdGhhd3RlIFByaW1hcnkgUm9vdCBDQTAeFw0xNjExMjIwMDAwMDBaFw0xNzEy
MTQyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwx0aGF3dGUsIEluYy4x
OTA3BgNVBAMTMHRoYXd0ZSBQcmltYXJ5IFJvb3QgT0NTUCBSZXNwb25kZXIgQ2Vy
dGlmaWNhdGUgNTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMwOc/CD
T/ilVz6H2rkWETL80qIX5ttu5I16yxgPVYUP2Qy1D6dpiw9JZb0Tw134T58HpV+B
e3HSYDvEwPLyCBgKDNGAQ4RTEvuVDAJXhDHFDe+tE3wUWX0QCsmqMqXTc/BI18Zx
1vekmip6OnwyEoRdlaIeRv1qFLOGj9NqcQrh3CN/4SJb/DnWmTQta4gODnKS/ADF
WRs/wB3rqPDBZhBLBqywq6YRmzcz6hb/dpddqcTp7tDtEHmw+BDWTl/92a2YwJAw
9mKjfzqNYZa37ydH0MYioCjreLj++js4ZCM+av59twiH//GjaqSaQnW2z7rKM/5A
5tBowI+SWtr93p8CAwEAAaNqMGgwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDwYJKwYB
BQUHMAEFBAIFADAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIHgDAiBgNVHREE
GzAZpBcwFTETMBEGA1UEAxMKVEdWLU9GRi01MTANBgkqhkiG9w0BAQUFAAOCAQEA
MZQVzAXoEbM5j6fQNNDzrTvMeEMlOlf8ShOg6pa5Y6/s9m+3nEqxRZhdJXtqn7YI
2736XikAfsn7cVikARa66mlLn6QxdnbUHX/TUpJf2/nZqCb2T80lmSjOfLwBzdgD
9N4MUzs16ivcuEEEJhuBhtcp/66+oEQqdXdLejHG61bRkhnqrW6U9sGBPhoQw2Hq
G3zclM6IlNJX+LYxOuDDD/5SbKAbcy+QBsue7Yf5XG7lZacI9CVFreoggA+YR8VQ
SVChJNc4k3ALASLz2OckP2X/357OiJFcsoqNdeo70ZLPLS4U/gOn60QiAnxonBCJ
PjZyT4sg074MlhPJSGR+HA==
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIID/TCCAuWgAwIBAgIQaiGizgS7vCarp5nvAHQKVDANBgkqhkiG9w0BAQUFADCB
qTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMf
Q2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIw
MDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxHzAdBgNV
BAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwHhcNMTYxMTIyMDAwMDAwWhcNMTcx
MjE0MjM1OTU5WjBfMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3RlLCBJbmMu
MTkwNwYDVQQDEzB0aGF3dGUgUHJpbWFyeSBSb290IE9DU1AgUmVzcG9uZGVyIENl
cnRpZmljYXRlIDUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMDnPw
g0/4pVc+h9q5FhEy/NKiF+bbbuSNessYD1WFD9kMtQ+naYsPSWW9E8Nd+E+fB6Vf
gXtx0mA7xMDy8ggYCgzRgEOEUxL7lQwCV4QxxQ3vrRN8FFl9EArJqjKl03PwSNfG
cdb3pJoqejp8MhKEXZWiHkb9ahSzho/TanEK4dwjf+EiW/w51pk0LWuIDg5ykvwA
xVkbP8Ad66jwwWYQSwassKumEZs3M+oW/3aXXanE6e7Q7RB5sPgQ1k5f/dmtmMCQ
MPZio386jWGWt+8nR9DGIqAo63i4/vo7OGQjPmr+fbcIh//xo2qkmkJ1ts+6yjP+
QObQaMCPklra/d6fAgMBAAGjajBoMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA8GCSsG
AQUFBzABBQQCBQAwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCB4AwIgYDVR0R
BBswGaQXMBUxEzARBgNVBAMTClRHVi1PRkYtNTEwDQYJKoZIhvcNAQEFBQADggEB
ADGUFcwF6BGzOY+n0DTQ8607zHhDJTpX/EoToOqWuWOv7PZvt5xKsUWYXSV7ap+2
CNu9+l4pAH7J+3FYpAEWuuppS5+kMXZ21B1/01KSX9v52agm9k/NJZkozny8Ac3Y
A/TeDFM7Neor3LhBBCYbgYbXKf+uvqBEKnV3S3oxxutW0ZIZ6q1ulPbBgT4aEMNh
6ht83JTOiJTSV/i2MTrgww/+UmygG3MvkAbLnu2H+Vxu5WWnCPQlRa3qIIAPmEfF
UElQoSTXOJNwCwEi89jnJD9l/9+ezoiRXLKKjXXqO9GSzy0uFP4Dp+tEIgJ8aJwQ
iT42ck+LINO+DJYTyUhkfhw=
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [max-age=326743, public, no-transform, must-revalidate]
Content-Length: [1504]
Content-Transfer-Encoding: [binary]
Content-Type: [application/ocsp-response]
Date: [Sun, 30 Apr 2017 12:55:03 GMT]
Expires: [Thu, 4 May 2017 07:39:43 GMT]
Last-Modified: [Thu, 27 Apr 2017 07:39:43 GMT]
Server: [nginx/1.10.2]
X-Cache: [TCP_REFRESH_MISS from a23-217-200-53.deploy.akamaitechnologies.com (AkamaiGHost/8.3.2.1-19774280) (S)]
  • OCSP requests is smaller than 255 bytes
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header outlives NextUpdate with 1m3s
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

thawte Primary Root CA (CA Certificate)

Certificate details for thawte Primary Root CA (At position 2 in certificate chain)
Serial number:
hex: 344ed55720d5edec49f42fce37db2b6d
int: 69529181992039203566298953787712940909
Issued by: thawte Primary Root CA
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: thawte, Inc.
Organization unit: Certification Services Division
Organization unit: (c) 2006 thawte, Inc. - For authorized use only
Country: US
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

This is a self signed certificate

Check the revocation status for another website

Created by Paul van Brouwershaven
Revoked certificates can't and should not be trusted, these certificate will cause errors like "NET::ERR_CERT_REVOKED" in browsers.