CRL & OCSP report for mijnrooster.amvilco.nl

mijnrooster.amvilco.nl

Certificate details for mijnrooster.amvilco.nl (At position 0 in certificate chain)
Serial number:
hex: 6f2fa
int: 455418
Issued by: RapidSSL SHA256 CA - G3
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization unit: GT43806176
Organization unit: See www.rapidssl.com/resources/cps (c)15
Organization unit: Domain Control Validated - RapidSSL(R)
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

Check certificate compliance for mijnrooster.amvilco.nl.

Certificate Revocation List (CRL)

This CRL was cached at
http://gv.symcb.com/gv.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://gv.symcb.com/gv.crl
Size: 13156 bytes (DER data)
Response time: 8.392117ms
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 578

Relevant server response headers

Date:
Last Modified:

Server and network information

Server Software: Apache
Content Delivery Network (CDN): Akamai
Cache Information: TCP_MEM_HIT from a23-215-131-111.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (-)

Raw CRL response headers

Accept-Ranges: [bytes]
Content-Type: [application/pkix-crl]
Date: [Sun, 25 Jun 2017 22:48:08 GMT]
Etag: ["4fc85fdddbadc20e8cb6970ac41b4fa2:1498388421"]
Last-Modified: [Sun, 25 Jun 2017 11:00:21 GMT]
Server: [Apache]
Vary: [Accept-Encoding]
X-Cache: [TCP_MEM_HIT from a23-215-131-111.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (-)]
  • Content-Type in response is set to 'application/pkix-crl (RFC 5280, section 4.2.1.13)'
  • This CRL file is DER encoded
  • Issuer field is byte-for-byte equivalent with issuers subject
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than seven days old, CRLs must be updated and reissued at least every seven days (Mozilla Maintenance Policy section 3)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is not the same as ThisUpdate (RFC 5019, section 6.2)
  • Expires cache header not set (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://gv.symcd.com (GET)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://gv.symcd.com (GET)
Size: 1412 bytes (DER data)
Response time: 42.225762ms
Signature algorithm: SHA1WithRSA
Signature type: CA Delegated
Signed by: RapidSSL SHA256 CA - G3 OCSP Responder
Issued by: RapidSSL SHA256 CA - G3
Signing certificate validity: 2017-04-28 - 2018-05-22
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 88h24m50s

Server and network information

Server Software: nginx/1.10.2
Content Delivery Network (CDN): Akamai
Cache Information: TCP_MISS from a23-215-131-86.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (-)

URL used for GET request

http://gv.symcd.com/MEQwQjBAMD4wPDAJBgUrDgMCGgUABBRAC0Z68eay0wmDug1gfn5ZN0gkxAQUw5zz%2FNNGCDS7zkZ%2FoHxb8%2BIIy1kCAwby%2Bg%3D%3D

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MEQwQjBAMD4wPDAJBgUrDgMCGgUABBRAC0Z68eay0wmDug1gfn5ZN0gkxAQUw5zz
/NNGCDS7zkZ/oHxb8+IIy1kCAwby+g==
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIFgAoBAKCCBXkwggV1BgkrBgEFBQcwAQEEggVmMIIFYjCBkaIWBBQqG3Lp+ruf
HEcH47mpoWFYREDnsBgPMjAxNzA2MjIxNTEyNThaMGYwZDA8MAkGBSsOAwIaBQAE
FEALRnrx5rLTCYO6DWB+flk3SCTEBBTDnPP800YINLvORn+gfFvz4gjLWQIDBvL6
gAAYDzIwMTcwNjIyMTUxMjU4WqARGA8yMDE3MDYyOTE1MTI1OFowDQYJKoZIhvcN
AQEFBQADggEBALQWAjiiOhSK+cAFtaRZodxwReU1Spiit/eQMdMTKKpQsp+VyRo5
ut3fggjF20JS3gYh2F/1tRCxyVFZrz/7oJvicmH8Gf7uG0jUypFUGvKE+FHFz59i
tNXH0tnQGlynypCDIhZ/5oWFiaB1QAupwO1gygD5yCwDtToNdGSIytNMAHgWXqL3
XGdjjiznPFgwQQ9g+o0Rvzcs05Ou1zbdKuwgiXqMh5WoGzOr0ehvLun8B2PKc/Se
rLIOiqYiqDUSmVXKqJitKmK2ehsCB3VAvCfmS8qGGX9ojl807SOyMsJ74G+USjTx
9DXqpkGaEB5S7/xYCXgpMcQSYJtXzsdw852gggO2MIIDsjCCA64wggKWoAMCAQIC
EAEACW5rcGRHejYKP+bTpv0wDQYJKoZIhvcNAQELBQAwRzELMAkGA1UEBhMCVVMx
FjAUBgNVBAoTDUdlb1RydXN0IEluYy4xIDAeBgNVBAMTF1JhcGlkU1NMIFNIQTI1
NiBDQSAtIEczMB4XDTE3MDQyODE5MTYxMloXDTE4MDUyMjE5MTYxMlowMTEvMC0G
A1UEAxMmUmFwaWRTU0wgU0hBMjU2IENBIC0gRzMgT0NTUCBSZXNwb25kZXIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMWEOnm+ycmC2cPYj63RaIyvuf
TM7JoL3UJwbsDlI2AHNjw7VIgWDSQCcxbmuARHeroLbi/NNJa0JdiDU+7KW1KgvA
Vkt9Vv+ICieTVS2uiHRNJWfyIMP1bz+eBjBZUd5mkHauUp8BfyBsuInuT3oNnPL6
R8IZM7Sz//8v+U5IAK/F3A1ZG1beiLefM1iusS9zAmJcAL3q0uATWaAlp63XDIyx
9X23yfClYcjhE4l8zrO3Rm3ia/kiPNKyolbVhZqAv0ZsKLf2FzEZlQ+1g1GGsP13
mkEJ3qxji/Z8lq7u9LEg0ykBlBOWKQ0eKcN4Sa5J+GH2WiQ7zFeblzL1FCgJAgMB
AAGjgaswgagwHwYDVR0jBBgwFoAUw5zz/NNGCDS7zkZ/oHxb8+IIy1kwDwYJKwYB
BQUHMAEFBAIFADAdBgNVHQ4EFgQUKhty6fq7nxxHB+O5qaFhWERA57AwEwYDVR0l
BAwwCgYIKwYBBQUHAwkwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCB4AwIgYD
VR0RBBswGaQXMBUxEzARBgNVBAMTClRHVi1PRkYtOTgwDQYJKoZIhvcNAQELBQAD
ggEBAHjMUrUPUiP+R74IJCew+sS/7lZFp9fshCfAmqrIakGNv52QFr4nDnouYGGW
HtvokbAu2acPYFscUdNqPvBvJQL2ODTApTOPZixVZqhTM4N/ZfgSW9wVBbDu6dKR
0T/oMZCGLf+LXie3rgIIB/wyi7oGMFBbogQ0lo/eIBymdJCNDz3f/b2hEmhL9awm
qXKRsu/z8qvVzkhiz/Z/4SB+rjV5iF5lrIWrsMWIfhnAEVEzouIEH3YwBf9ymiz4
yho/HAIRr3tvjjndKtknDLcihgJAoa7NFoM3j7QW3Lx+MZe5Jb5bsOC2w4ThJkKQ
VdFJktKywhWkBJptS0BkYq7nMdA=
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIDrjCCApagAwIBAgIQAQAJbmtwZEd6Ngo/5tOm/TANBgkqhkiG9w0BAQsFADBH
MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEgMB4GA1UEAxMX
UmFwaWRTU0wgU0hBMjU2IENBIC0gRzMwHhcNMTcwNDI4MTkxNjEyWhcNMTgwNTIy
MTkxNjEyWjAxMS8wLQYDVQQDEyZSYXBpZFNTTCBTSEEyNTYgQ0EgLSBHMyBPQ1NQ
IFJlc3BvbmRlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMxYQ6eb
7JyYLZw9iPrdFojK+59MzsmgvdQnBuwOUjYAc2PDtUiBYNJAJzFua4BEd6ugtuL8
00lrQl2INT7spbUqC8BWS31W/4gKJ5NVLa6IdE0lZ/Igw/VvP54GMFlR3maQdq5S
nwF/IGy4ie5Peg2c8vpHwhkztLP//y/5TkgAr8XcDVkbVt6It58zWK6xL3MCYlwA
verS4BNZoCWnrdcMjLH1fbfJ8KVhyOETiXzOs7dGbeJr+SI80rKiVtWFmoC/Rmwo
t/YXMRmVD7WDUYaw/XeaQQnerGOL9nyWru70sSDTKQGUE5YpDR4pw3hJrkn4YfZa
JDvMV5uXMvUUKAkCAwEAAaOBqzCBqDAfBgNVHSMEGDAWgBTDnPP800YINLvORn+g
fFvz4gjLWTAPBgkrBgEFBQcwAQUEAgUAMB0GA1UdDgQWBBQqG3Lp+rufHEcH47mp
oWFYREDnsDATBgNVHSUEDDAKBggrBgEFBQcDCTAMBgNVHRMBAf8EAjAAMA4GA1Ud
DwEB/wQEAwIHgDAiBgNVHREEGzAZpBcwFTETMBEGA1UEAxMKVEdWLU9GRi05ODAN
BgkqhkiG9w0BAQsFAAOCAQEAeMxStQ9SI/5HvggkJ7D6xL/uVkWn1+yEJ8Caqshq
QY2/nZAWvicOei5gYZYe2+iRsC7Zpw9gWxxR02o+8G8lAvY4NMClM49mLFVmqFMz
g39l+BJb3BUFsO7p0pHRP+gxkIYt/4teJ7euAggH/DKLugYwUFuiBDSWj94gHKZ0
kI0PPd/9vaESaEv1rCapcpGy7/Pyq9XOSGLP9n/hIH6uNXmIXmWshauwxYh+GcAR
UTOi4gQfdjAF/3KaLPjKGj8cAhGve2+OOd0q2ScMtyKGAkChrs0WgzePtBbcvH4x
l7klvluw4LbDhOEmQpBV0UmS0rLCFaQEmm1LQGRirucx0A==
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [max-age=318290, public, no-transform, must-revalidate]
Content-Length: [1412]
Content-Transfer-Encoding: [binary]
Content-Type: [application/ocsp-response]
Date: [Sun, 25 Jun 2017 22:48:08 GMT]
Expires: [Thu, 29 Jun 2017 15:12:58 GMT]
Last-Modified: [Thu, 22 Jun 2017 15:12:58 GMT]
Server: [nginx/1.10.2]
X-Cache: [TCP_MISS from a23-215-131-86.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (-)]
  • OCSP requests is smaller than 255 bytes
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • OCSP response is valid for at least 8 hours (Microsoft)
  • OCSP response is available at least 8 hours before the current period expires or at ½ the validity if valid for more than 16 hours (Microsoft)
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)
This OCSP response was cached at
http://gv.symcd.com (POST)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://gv.symcd.com (POST)
Size: 1412 bytes (DER data)
Response time: 100.496512ms
Signature algorithm: SHA1WithRSA
Signature type: CA Delegated
Signed by: RapidSSL SHA256 CA - G3 OCSP Responder
Issued by: RapidSSL SHA256 CA - G3
Signing certificate validity: 2017-04-28 - 2018-05-22
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 88h24m50s

Server and network information

Server Software: nginx/1.10.2
Content Delivery Network (CDN): Akamai
Cache Information: TCP_MISS from a23-215-131-86.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (-)

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MEQwQjBAMD4wPDAJBgUrDgMCGgUABBRAC0Z68eay0wmDug1gfn5ZN0gkxAQUw5zz
/NNGCDS7zkZ/oHxb8+IIy1kCAwby+g==
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIFgAoBAKCCBXkwggV1BgkrBgEFBQcwAQEEggVmMIIFYjCBkaIWBBQqG3Lp+ruf
HEcH47mpoWFYREDnsBgPMjAxNzA2MjIxNTEyNThaMGYwZDA8MAkGBSsOAwIaBQAE
FEALRnrx5rLTCYO6DWB+flk3SCTEBBTDnPP800YINLvORn+gfFvz4gjLWQIDBvL6
gAAYDzIwMTcwNjIyMTUxMjU4WqARGA8yMDE3MDYyOTE1MTI1OFowDQYJKoZIhvcN
AQEFBQADggEBALQWAjiiOhSK+cAFtaRZodxwReU1Spiit/eQMdMTKKpQsp+VyRo5
ut3fggjF20JS3gYh2F/1tRCxyVFZrz/7oJvicmH8Gf7uG0jUypFUGvKE+FHFz59i
tNXH0tnQGlynypCDIhZ/5oWFiaB1QAupwO1gygD5yCwDtToNdGSIytNMAHgWXqL3
XGdjjiznPFgwQQ9g+o0Rvzcs05Ou1zbdKuwgiXqMh5WoGzOr0ehvLun8B2PKc/Se
rLIOiqYiqDUSmVXKqJitKmK2ehsCB3VAvCfmS8qGGX9ojl807SOyMsJ74G+USjTx
9DXqpkGaEB5S7/xYCXgpMcQSYJtXzsdw852gggO2MIIDsjCCA64wggKWoAMCAQIC
EAEACW5rcGRHejYKP+bTpv0wDQYJKoZIhvcNAQELBQAwRzELMAkGA1UEBhMCVVMx
FjAUBgNVBAoTDUdlb1RydXN0IEluYy4xIDAeBgNVBAMTF1JhcGlkU1NMIFNIQTI1
NiBDQSAtIEczMB4XDTE3MDQyODE5MTYxMloXDTE4MDUyMjE5MTYxMlowMTEvMC0G
A1UEAxMmUmFwaWRTU0wgU0hBMjU2IENBIC0gRzMgT0NTUCBSZXNwb25kZXIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMWEOnm+ycmC2cPYj63RaIyvuf
TM7JoL3UJwbsDlI2AHNjw7VIgWDSQCcxbmuARHeroLbi/NNJa0JdiDU+7KW1KgvA
Vkt9Vv+ICieTVS2uiHRNJWfyIMP1bz+eBjBZUd5mkHauUp8BfyBsuInuT3oNnPL6
R8IZM7Sz//8v+U5IAK/F3A1ZG1beiLefM1iusS9zAmJcAL3q0uATWaAlp63XDIyx
9X23yfClYcjhE4l8zrO3Rm3ia/kiPNKyolbVhZqAv0ZsKLf2FzEZlQ+1g1GGsP13
mkEJ3qxji/Z8lq7u9LEg0ykBlBOWKQ0eKcN4Sa5J+GH2WiQ7zFeblzL1FCgJAgMB
AAGjgaswgagwHwYDVR0jBBgwFoAUw5zz/NNGCDS7zkZ/oHxb8+IIy1kwDwYJKwYB
BQUHMAEFBAIFADAdBgNVHQ4EFgQUKhty6fq7nxxHB+O5qaFhWERA57AwEwYDVR0l
BAwwCgYIKwYBBQUHAwkwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCB4AwIgYD
VR0RBBswGaQXMBUxEzARBgNVBAMTClRHVi1PRkYtOTgwDQYJKoZIhvcNAQELBQAD
ggEBAHjMUrUPUiP+R74IJCew+sS/7lZFp9fshCfAmqrIakGNv52QFr4nDnouYGGW
HtvokbAu2acPYFscUdNqPvBvJQL2ODTApTOPZixVZqhTM4N/ZfgSW9wVBbDu6dKR
0T/oMZCGLf+LXie3rgIIB/wyi7oGMFBbogQ0lo/eIBymdJCNDz3f/b2hEmhL9awm
qXKRsu/z8qvVzkhiz/Z/4SB+rjV5iF5lrIWrsMWIfhnAEVEzouIEH3YwBf9ymiz4
yho/HAIRr3tvjjndKtknDLcihgJAoa7NFoM3j7QW3Lx+MZe5Jb5bsOC2w4ThJkKQ
VdFJktKywhWkBJptS0BkYq7nMdA=
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIDrjCCApagAwIBAgIQAQAJbmtwZEd6Ngo/5tOm/TANBgkqhkiG9w0BAQsFADBH
MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEgMB4GA1UEAxMX
UmFwaWRTU0wgU0hBMjU2IENBIC0gRzMwHhcNMTcwNDI4MTkxNjEyWhcNMTgwNTIy
MTkxNjEyWjAxMS8wLQYDVQQDEyZSYXBpZFNTTCBTSEEyNTYgQ0EgLSBHMyBPQ1NQ
IFJlc3BvbmRlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMxYQ6eb
7JyYLZw9iPrdFojK+59MzsmgvdQnBuwOUjYAc2PDtUiBYNJAJzFua4BEd6ugtuL8
00lrQl2INT7spbUqC8BWS31W/4gKJ5NVLa6IdE0lZ/Igw/VvP54GMFlR3maQdq5S
nwF/IGy4ie5Peg2c8vpHwhkztLP//y/5TkgAr8XcDVkbVt6It58zWK6xL3MCYlwA
verS4BNZoCWnrdcMjLH1fbfJ8KVhyOETiXzOs7dGbeJr+SI80rKiVtWFmoC/Rmwo
t/YXMRmVD7WDUYaw/XeaQQnerGOL9nyWru70sSDTKQGUE5YpDR4pw3hJrkn4YfZa
JDvMV5uXMvUUKAkCAwEAAaOBqzCBqDAfBgNVHSMEGDAWgBTDnPP800YINLvORn+g
fFvz4gjLWTAPBgkrBgEFBQcwAQUEAgUAMB0GA1UdDgQWBBQqG3Lp+rufHEcH47mp
oWFYREDnsDATBgNVHSUEDDAKBggrBgEFBQcDCTAMBgNVHRMBAf8EAjAAMA4GA1Ud
DwEB/wQEAwIHgDAiBgNVHREEGzAZpBcwFTETMBEGA1UEAxMKVEdWLU9GRi05ODAN
BgkqhkiG9w0BAQsFAAOCAQEAeMxStQ9SI/5HvggkJ7D6xL/uVkWn1+yEJ8Caqshq
QY2/nZAWvicOei5gYZYe2+iRsC7Zpw9gWxxR02o+8G8lAvY4NMClM49mLFVmqFMz
g39l+BJb3BUFsO7p0pHRP+gxkIYt/4teJ7euAggH/DKLugYwUFuiBDSWj94gHKZ0
kI0PPd/9vaESaEv1rCapcpGy7/Pyq9XOSGLP9n/hIH6uNXmIXmWshauwxYh+GcAR
UTOi4gQfdjAF/3KaLPjKGj8cAhGve2+OOd0q2ScMtyKGAkChrs0WgzePtBbcvH4x
l7klvluw4LbDhOEmQpBV0UmS0rLCFaQEmm1LQGRirucx0A==
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [max-age=318290, public, no-transform, must-revalidate]
Content-Length: [1412]
Content-Transfer-Encoding: [binary]
Content-Type: [application/ocsp-response]
Date: [Sun, 25 Jun 2017 22:48:08 GMT]
Expires: [Thu, 29 Jun 2017 15:12:58 GMT]
Last-Modified: [Thu, 22 Jun 2017 15:12:58 GMT]
Server: [nginx/1.10.2]
X-Cache: [TCP_MISS from a23-215-131-86.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (-)]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • OCSP response is valid for at least 8 hours (Microsoft)
  • OCSP response is available at least 8 hours before the current period expires or at ½ the validity if valid for more than 16 hours (Microsoft)
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

RapidSSL SHA256 CA - G3 (CA Certificate)

Certificate details for RapidSSL SHA256 CA - G3 (At position 1 in certificate chain)
Serial number:
hex: 23a77
int: 146039
Issued by: GeoTrust Global CA
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: GeoTrust Inc.
Country: US
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

Certificate Revocation List (CRL)

This CRL was cached at
http://g.symcb.com/crls/gtglobal.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://g.symcb.com/crls/gtglobal.crl
Size: 665 bytes (DER data)
Response time: 4.677027ms
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 12

Relevant server response headers

Date:
Last Modified:

Server and network information

Server Software: Apache
Content Delivery Network (CDN): Akamai
Cache Information: TCP_MEM_HIT from a23-215-131-61.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (-)

Raw CRL response headers

Accept-Ranges: [bytes]
Content-Type: [application/pkix-crl]
Date: [Sun, 25 Jun 2017 22:48:08 GMT]
Etag: ["ca736a3a4c64c88b82602fe64aa4182d:1490382195"]
Last-Modified: [Fri, 24 Mar 2017 18:49:54 GMT]
Server: [Apache]
Vary: [Accept-Encoding]
X-Cache: [TCP_MEM_HIT from a23-215-131-61.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (-)]
  • Content-Type in response is set to 'application/pkix-crl (RFC 5280, section 4.2.1.13)'
  • This CRL file is DER encoded
  • Issuer field is byte-for-byte equivalent with issuers subject
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is not the same as ThisUpdate (RFC 5019, section 6.2)
  • Expires cache header not set (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://g.symcd.com (POST)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://g.symcd.com (POST)
Size: 1377 bytes (DER data)
Response time: 4.057025ms
Signature algorithm: SHA1WithRSA
Signature type: CA Delegated
Signed by: GeoTrust Global CA TGV OCSP Responder 5
Issued by: GeoTrust Global CA
Signing certificate validity: 2016-12-08 - 2017-12-14
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 143h24m43s

Server and network information

Server Software: nginx/1.10.2
Content Delivery Network (CDN): Akamai
Cache Information: TCP_MEM_HIT from a23-215-131-68.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (-)

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkq
w0GRtsnCuD5V8sCXEROgByACAwI6dw==
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIFXQoBAKCCBVYwggVSBgkrBgEFBQcwAQEEggVDMIIFPzCBkaIWBBRW5FQnU+as
qXGB3YYiHprkenLEKhgPMjAxNzA2MjQyMjEyMjBaMGYwZDA8MAkGBSsOAwIaBQAE
FLG0OReQFreXeVAR8WC51KI82+3uBBQA+SrDQZG2ycK4PlXywJcRE6AHIAIDAjp3
gAAYDzIwMTcwNjI0MjIxMjIwWqARGA8yMDE3MDcwMTIyMTIyMFowDQYJKoZIhvcN
AQEFBQADggEBAJ7uo1avsqh2Jeyrt8KRcnnJNHh/LrTuCDSu4VQyGTZnbT67ci0I
pH7mCbGtTg3ey8K3ZMtGePMYFmoZtHkahOGvv183iGMOgvRfuvpSzcAtAfFlhZHO
eaG0TuBPnDxKx6cI4Wz4DV4h+jyRrBccy5ZWX6wMfmYuD/m9OWzVNmGLZb15zWVa
eW5zQq047A1vQH0HOUfEeDaw/EwFK33LLn8hJilr4unJAfmX8omGGk6mxYp49nwo
n4lOQn9A76yE+esSj/pvBwZvjGsUeOvLc2e0Ie4TcxwUKDYEdt6W5S95/2YG0VWi
BXyA6377UNGlpX59xwHMezfmYy0QZEoG/26gggOTMIIDjzCCA4swggJzoAMCAQIC
EAEAAI8cK5YV9Xm5GF4OwmcwDQYJKoZIhvcNAQELBQAwQjELMAkGA1UEBhMCVVMx
FjAUBgNVBAoTDUdlb1RydXN0IEluYy4xGzAZBgNVBAMTEkdlb1RydXN0IEdsb2Jh
bCBDQTAeFw0xNjEyMDgxMTI1MzVaFw0xNzEyMTQxMTI1MzVaMDIxMDAuBgNVBAMT
J0dlb1RydXN0IEdsb2JhbCBDQSBUR1YgT0NTUCBSZXNwb25kZXIgNTCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBAKbsx72ex4lTCJDy3iHAy47zLOB03z8E
ucSDZIQMjk1A5aZfqz0MU5HHLOsi76EQo6uYR2R2rl9jgQ1EMbe0TidFyTrhse63
rmEyzQusz7sEjnsvckT7K/9j6DLmlFB/6oEhAgwfCONYbrDOfQHBCtd7e+x6STm0
WeKCF4/QqS+C5ZTUEzsNjhcAqeAMZnWEoyyJ6OpCiF9vDblCGa9nlh3SwW+nxKTq
qqiMlz9ZXN8//IHrectIKszEXXlpvtr4wJAz0KrUDfENqEbKNouP0fv1Ueno5Z7t
ue3CnHtCF+QxOQXDS3rKrQJcesKMrFC9+M5frbQuLSGz9ee/xCfnWW0CAwEAAaOB
jDCBiTAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1luMrMTjAPBgkrBgEFBQcw
AQUEAgUAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA4GA1UdDwEB/wQEAwIHgDAMBgNV
HRMBAf8EAjAAMCIGA1UdEQQbMBmkFzAVMRMwEQYDVQQDEwpUR1YtT0ZGLTU3MA0G
CSqGSIb3DQEBCwUAA4IBAQAEbWTM2eKR1XlWe9ui17q87Hk6NYXKQGwj/ss1ue8Q
1cnoA2/Mo1gG1Q/8LHJ97vK5yw65afq8M5mPbxdl/57jZTUF1kDmgEgvUde3O+h2
ZLIHPx1q2W2WDLT2ltYvaHaNr0Hnkb8MCQ27Z728Fsn5+Ilh/bDoA+NHEqlcfycq
oGKksT60iqnogUz/WZNUbzzBQD6NlpomMZUTOcF3/5L3Fe1OKkF1nGXW2QTW/mLZ
5Eviy4ZQTzQ34koPA5qC1nsWQ1zOE57jR8IJMC+mYQdFb71gehA8O0lB7fL6Kysj
zycnBkNHgJ9LQDd67gQ30FxfmbAnHV1xxWakX8lXTvIf
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIDizCCAnOgAwIBAgIQAQAAjxwrlhX1ebkYXg7CZzANBgkqhkiG9w0BAQsFADBC
MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMS
R2VvVHJ1c3QgR2xvYmFsIENBMB4XDTE2MTIwODExMjUzNVoXDTE3MTIxNDExMjUz
NVowMjEwMC4GA1UEAxMnR2VvVHJ1c3QgR2xvYmFsIENBIFRHViBPQ1NQIFJlc3Bv
bmRlciA1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApuzHvZ7HiVMI
kPLeIcDLjvMs4HTfPwS5xINkhAyOTUDlpl+rPQxTkccs6yLvoRCjq5hHZHauX2OB
DUQxt7ROJ0XJOuGx7reuYTLNC6zPuwSOey9yRPsr/2PoMuaUUH/qgSECDB8I41hu
sM59AcEK13t77HpJObRZ4oIXj9CpL4LllNQTOw2OFwCp4AxmdYSjLIno6kKIX28N
uUIZr2eWHdLBb6fEpOqqqIyXP1lc3z/8get5y0gqzMRdeWm+2vjAkDPQqtQN8Q2o
Rso2i4/R+/VR6ejlnu257cKce0IX5DE5BcNLesqtAlx6woysUL34zl+ttC4tIbP1
57/EJ+dZbQIDAQABo4GMMIGJMB8GA1UdIwQYMBaAFMB6mGiNifurBWQMEX2qfWW4
ysxOMA8GCSsGAQUFBzABBQQCBQAwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDgYDVR0P
AQH/BAQDAgeAMAwGA1UdEwEB/wQCMAAwIgYDVR0RBBswGaQXMBUxEzARBgNVBAMT
ClRHVi1PRkYtNTcwDQYJKoZIhvcNAQELBQADggEBAARtZMzZ4pHVeVZ726LXurzs
eTo1hcpAbCP+yzW57xDVyegDb8yjWAbVD/wscn3u8rnLDrlp+rwzmY9vF2X/nuNl
NQXWQOaASC9R17c76HZksgc/HWrZbZYMtPaW1i9odo2vQeeRvwwJDbtnvbwWyfn4
iWH9sOgD40cSqVx/JyqgYqSxPrSKqeiBTP9Zk1RvPMFAPo2WmiYxlRM5wXf/kvcV
7U4qQXWcZdbZBNb+YtnkS+LLhlBPNDfiSg8DmoLWexZDXM4TnuNHwgkwL6ZhB0Vv
vWB6EDw7SUHt8vorKyPPJycGQ0eAn0tAN3ruBDfQXF+ZsCcdXXHFZqRfyVdO8h8=
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [max-age=516283, public, no-transform, must-revalidate]
Content-Length: [1377]
Content-Transfer-Encoding: [binary]
Content-Type: [application/ocsp-response]
Date: [Sun, 25 Jun 2017 22:48:08 GMT]
Expires: [Sat, 1 Jul 2017 22:12:20 GMT]
Last-Modified: [Sat, 24 Jun 2017 22:12:20 GMT]
Server: [nginx/1.10.2]
X-Cache: [TCP_MEM_HIT from a23-215-131-68.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (-)]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header outlives NextUpdate with 31s
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)
This OCSP response was cached at
http://g.symcd.com (GET)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://g.symcd.com (GET)
Size: 1377 bytes (DER data)
Response time: 5.630117ms
Signature algorithm: SHA1WithRSA
Signature type: CA Delegated
Signed by: GeoTrust Global CA TGV OCSP Responder 5
Issued by: GeoTrust Global CA
Signing certificate validity: 2016-12-08 - 2017-12-14
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 143h28m16s

Server and network information

Server Software: nginx/1.10.2
Content Delivery Network (CDN): Akamai
Cache Information: TCP_MEM_HIT from a23-215-131-68.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (-)

URL used for GET request

http://g.symcd.com/MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkqw0GRtsnCuD5V8sCXEROgByACAwI6dw%3D%3D

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkq
w0GRtsnCuD5V8sCXEROgByACAwI6dw==
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIFXQoBAKCCBVYwggVSBgkrBgEFBQcwAQEEggVDMIIFPzCBkaIWBBRW5FQnU+as
qXGB3YYiHprkenLEKhgPMjAxNzA2MjQyMjEyMjBaMGYwZDA8MAkGBSsOAwIaBQAE
FLG0OReQFreXeVAR8WC51KI82+3uBBQA+SrDQZG2ycK4PlXywJcRE6AHIAIDAjp3
gAAYDzIwMTcwNjI0MjIxMjIwWqARGA8yMDE3MDcwMTIyMTIyMFowDQYJKoZIhvcN
AQEFBQADggEBAJ7uo1avsqh2Jeyrt8KRcnnJNHh/LrTuCDSu4VQyGTZnbT67ci0I
pH7mCbGtTg3ey8K3ZMtGePMYFmoZtHkahOGvv183iGMOgvRfuvpSzcAtAfFlhZHO
eaG0TuBPnDxKx6cI4Wz4DV4h+jyRrBccy5ZWX6wMfmYuD/m9OWzVNmGLZb15zWVa
eW5zQq047A1vQH0HOUfEeDaw/EwFK33LLn8hJilr4unJAfmX8omGGk6mxYp49nwo
n4lOQn9A76yE+esSj/pvBwZvjGsUeOvLc2e0Ie4TcxwUKDYEdt6W5S95/2YG0VWi
BXyA6377UNGlpX59xwHMezfmYy0QZEoG/26gggOTMIIDjzCCA4swggJzoAMCAQIC
EAEAAI8cK5YV9Xm5GF4OwmcwDQYJKoZIhvcNAQELBQAwQjELMAkGA1UEBhMCVVMx
FjAUBgNVBAoTDUdlb1RydXN0IEluYy4xGzAZBgNVBAMTEkdlb1RydXN0IEdsb2Jh
bCBDQTAeFw0xNjEyMDgxMTI1MzVaFw0xNzEyMTQxMTI1MzVaMDIxMDAuBgNVBAMT
J0dlb1RydXN0IEdsb2JhbCBDQSBUR1YgT0NTUCBSZXNwb25kZXIgNTCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBAKbsx72ex4lTCJDy3iHAy47zLOB03z8E
ucSDZIQMjk1A5aZfqz0MU5HHLOsi76EQo6uYR2R2rl9jgQ1EMbe0TidFyTrhse63
rmEyzQusz7sEjnsvckT7K/9j6DLmlFB/6oEhAgwfCONYbrDOfQHBCtd7e+x6STm0
WeKCF4/QqS+C5ZTUEzsNjhcAqeAMZnWEoyyJ6OpCiF9vDblCGa9nlh3SwW+nxKTq
qqiMlz9ZXN8//IHrectIKszEXXlpvtr4wJAz0KrUDfENqEbKNouP0fv1Ueno5Z7t
ue3CnHtCF+QxOQXDS3rKrQJcesKMrFC9+M5frbQuLSGz9ee/xCfnWW0CAwEAAaOB
jDCBiTAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1luMrMTjAPBgkrBgEFBQcw
AQUEAgUAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA4GA1UdDwEB/wQEAwIHgDAMBgNV
HRMBAf8EAjAAMCIGA1UdEQQbMBmkFzAVMRMwEQYDVQQDEwpUR1YtT0ZGLTU3MA0G
CSqGSIb3DQEBCwUAA4IBAQAEbWTM2eKR1XlWe9ui17q87Hk6NYXKQGwj/ss1ue8Q
1cnoA2/Mo1gG1Q/8LHJ97vK5yw65afq8M5mPbxdl/57jZTUF1kDmgEgvUde3O+h2
ZLIHPx1q2W2WDLT2ltYvaHaNr0Hnkb8MCQ27Z728Fsn5+Ilh/bDoA+NHEqlcfycq
oGKksT60iqnogUz/WZNUbzzBQD6NlpomMZUTOcF3/5L3Fe1OKkF1nGXW2QTW/mLZ
5Eviy4ZQTzQ34koPA5qC1nsWQ1zOE57jR8IJMC+mYQdFb71gehA8O0lB7fL6Kysj
zycnBkNHgJ9LQDd67gQ30FxfmbAnHV1xxWakX8lXTvIf
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIDizCCAnOgAwIBAgIQAQAAjxwrlhX1ebkYXg7CZzANBgkqhkiG9w0BAQsFADBC
MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMS
R2VvVHJ1c3QgR2xvYmFsIENBMB4XDTE2MTIwODExMjUzNVoXDTE3MTIxNDExMjUz
NVowMjEwMC4GA1UEAxMnR2VvVHJ1c3QgR2xvYmFsIENBIFRHViBPQ1NQIFJlc3Bv
bmRlciA1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApuzHvZ7HiVMI
kPLeIcDLjvMs4HTfPwS5xINkhAyOTUDlpl+rPQxTkccs6yLvoRCjq5hHZHauX2OB
DUQxt7ROJ0XJOuGx7reuYTLNC6zPuwSOey9yRPsr/2PoMuaUUH/qgSECDB8I41hu
sM59AcEK13t77HpJObRZ4oIXj9CpL4LllNQTOw2OFwCp4AxmdYSjLIno6kKIX28N
uUIZr2eWHdLBb6fEpOqqqIyXP1lc3z/8get5y0gqzMRdeWm+2vjAkDPQqtQN8Q2o
Rso2i4/R+/VR6ejlnu257cKce0IX5DE5BcNLesqtAlx6woysUL34zl+ttC4tIbP1
57/EJ+dZbQIDAQABo4GMMIGJMB8GA1UdIwQYMBaAFMB6mGiNifurBWQMEX2qfWW4
ysxOMA8GCSsGAQUFBzABBQQCBQAwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDgYDVR0P
AQH/BAQDAgeAMAwGA1UdEwEB/wQCMAAwIgYDVR0RBBswGaQXMBUxEzARBgNVBAMT
ClRHVi1PRkYtNTcwDQYJKoZIhvcNAQELBQADggEBAARtZMzZ4pHVeVZ726LXurzs
eTo1hcpAbCP+yzW57xDVyegDb8yjWAbVD/wscn3u8rnLDrlp+rwzmY9vF2X/nuNl
NQXWQOaASC9R17c76HZksgc/HWrZbZYMtPaW1i9odo2vQeeRvwwJDbtnvbwWyfn4
iWH9sOgD40cSqVx/JyqgYqSxPrSKqeiBTP9Zk1RvPMFAPo2WmiYxlRM5wXf/kvcV
7U4qQXWcZdbZBNb+YtnkS+LLhlBPNDfiSg8DmoLWexZDXM4TnuNHwgkwL6ZhB0Vv
vWB6EDw7SUHt8vorKyPPJycGQ0eAn0tAN3ruBDfQXF+ZsCcdXXHFZqRfyVdO8h8=
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [max-age=516496, public, no-transform, must-revalidate]
Content-Length: [1377]
Content-Transfer-Encoding: [binary]
Content-Type: [application/ocsp-response]
Date: [Sun, 25 Jun 2017 22:48:08 GMT]
Expires: [Sat, 1 Jul 2017 22:12:20 GMT]
Last-Modified: [Sat, 24 Jun 2017 22:12:20 GMT]
Server: [nginx/1.10.2]
X-Cache: [TCP_MEM_HIT from a23-215-131-68.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (-)]
  • OCSP requests is smaller than 255 bytes
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header outlives NextUpdate with 4m4s
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

GeoTrust Global CA (CA Certificate)

Certificate details for GeoTrust Global CA (At position 2 in certificate chain)
Serial number:
hex: 23456
int: 144470
Issued by: GeoTrust Global CA
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: GeoTrust Inc.
Country: US
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

This is a self signed certificate

Check the revocation status for another website

Created by Paul van Brouwershaven
© 2015 - 2017 Digitorus B.V.
Revoked certificates can't and should not be trusted, these certificate will cause errors like "NET::ERR_CERT_REVOKED" in browsers.