CRL & OCSP report for leden.gospelkoorspring.org

leden.gospelkoorspring.org

Certificate details for leden.gospelkoorspring.org (At position 0 in certificate chain)
Serial number:
hex: 9ea
int: 2538
Issued by: RapidSSL SHA256 CA - G3
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization unit: GT39004730
Organization unit: See www.rapidssl.com/resources/cps (c)14
Organization unit: Domain Control Validated - RapidSSL(R)
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

Check certificate compliance for leden.gospelkoorspring.org.

Certificate Revocation List (CRL)

This CRL was cached at
http://gv.symcb.com/gv.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://gv.symcb.com/gv.crl
Size: 13134 bytes (DER data)
Response time: 8.029625ms
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 577

Relevant server response headers

Date:
Last Modified:

Server and network information

Server Software: Apache
Content Delivery Network (CDN): Akamai
Cache Information: TCP_MEM_HIT from a23-219-93-63.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (-)

Raw CRL response headers

Accept-Ranges: [bytes]
Content-Type: [application/pkix-crl]
Date: [Wed, 28 Jun 2017 15:42:28 GMT]
Etag: ["10d699906d80070793e0471c10504917:1498647619"]
Last-Modified: [Wed, 28 Jun 2017 11:00:19 GMT]
Server: [Apache]
Vary: [Accept-Encoding]
X-Cache: [TCP_MEM_HIT from a23-219-93-63.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (-)]
  • Content-Type in response is set to 'application/pkix-crl (RFC 5280, section 4.2.1.13)'
  • This CRL file is DER encoded
  • Issuer field is byte-for-byte equivalent with issuers subject
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than seven days old, CRLs must be updated and reissued at least every seven days (Mozilla Maintenance Policy section 3)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is not the same as ThisUpdate (RFC 5019, section 6.2)
  • Expires cache header not set (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://gv.symcd.com (POST)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://gv.symcd.com (POST)
Size: 1411 bytes (DER data)
Response time: 37.37386ms
Signature algorithm: SHA1WithRSA
Signature type: CA Delegated
Signed by: RapidSSL SHA256 CA - G3 OCSP Responder
Issued by: RapidSSL SHA256 CA - G3
Signing certificate validity: 2017-04-28 - 2018-05-22
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 129h45m19s

Server and network information

Server Software: nginx/1.10.2
Content Delivery Network (CDN): Akamai
Cache Information: TCP_REFRESH_MISS from a23-219-93-85.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (S)

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MEMwQTA/MD0wOzAJBgUrDgMCGgUABBRAC0Z68eay0wmDug1gfn5ZN0gkxAQUw5zz
/NNGCDS7zkZ/oHxb8+IIy1kCAgnq
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIFfwoBAKCCBXgwggV0BgkrBgEFBQcwAQEEggVlMIIFYTCBkKIWBBQqG3Lp+ruf
HEcH47mpoWFYREDnsBgPMjAxNzA2MjcwMTI3NDdaMGUwYzA7MAkGBSsOAwIaBQAE
FEALRnrx5rLTCYO6DWB+flk3SCTEBBTDnPP800YINLvORn+gfFvz4gjLWQICCeqA
ABgPMjAxNzA2MjcwMTI3NDdaoBEYDzIwMTcwNzA0MDEyNzQ3WjANBgkqhkiG9w0B
AQUFAAOCAQEALDHIR77N5gJlRZp7ppFXMzIKXPPlPpKSHmmzhiaylsupDdDJr4Qt
WL98moN8n9To7M4eGEIR8hoBrdIy6TYEUnFXF7fs0z5NCt59jbcq3yCMJYld8rYb
vMfjEbmL79CeB5V2J/h0UPRmnSG0BVIHvl2cYhqnkO67gy1frTNFCkSpa1t+vbgC
FrAgZt7FVTq9lQvgXTPnBYTsl/Ycl+9V3U2cBaB2U9HVpXuEfb7oPJOGW8VcJoBb
lFz43ui/xhaNZ8PvpFc8Byu1U9JyiqAyduFZWajaqe/zXwjIKwqr3+Na1GbXEvMn
p5Mh4p2RZBUXIDrc9gHRv+6K5TyLURYk3aCCA7YwggOyMIIDrjCCApagAwIBAgIQ
AQAJbmtwZEd6Ngo/5tOm/TANBgkqhkiG9w0BAQsFADBHMQswCQYDVQQGEwJVUzEW
MBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEgMB4GA1UEAxMXUmFwaWRTU0wgU0hBMjU2
IENBIC0gRzMwHhcNMTcwNDI4MTkxNjEyWhcNMTgwNTIyMTkxNjEyWjAxMS8wLQYD
VQQDEyZSYXBpZFNTTCBTSEEyNTYgQ0EgLSBHMyBPQ1NQIFJlc3BvbmRlcjCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMxYQ6eb7JyYLZw9iPrdFojK+59M
zsmgvdQnBuwOUjYAc2PDtUiBYNJAJzFua4BEd6ugtuL800lrQl2INT7spbUqC8BW
S31W/4gKJ5NVLa6IdE0lZ/Igw/VvP54GMFlR3maQdq5SnwF/IGy4ie5Peg2c8vpH
whkztLP//y/5TkgAr8XcDVkbVt6It58zWK6xL3MCYlwAverS4BNZoCWnrdcMjLH1
fbfJ8KVhyOETiXzOs7dGbeJr+SI80rKiVtWFmoC/Rmwot/YXMRmVD7WDUYaw/Xea
QQnerGOL9nyWru70sSDTKQGUE5YpDR4pw3hJrkn4YfZaJDvMV5uXMvUUKAkCAwEA
AaOBqzCBqDAfBgNVHSMEGDAWgBTDnPP800YINLvORn+gfFvz4gjLWTAPBgkrBgEF
BQcwAQUEAgUAMB0GA1UdDgQWBBQqG3Lp+rufHEcH47mpoWFYREDnsDATBgNVHSUE
DDAKBggrBgEFBQcDCTAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIHgDAiBgNV
HREEGzAZpBcwFTETMBEGA1UEAxMKVEdWLU9GRi05ODANBgkqhkiG9w0BAQsFAAOC
AQEAeMxStQ9SI/5HvggkJ7D6xL/uVkWn1+yEJ8CaqshqQY2/nZAWvicOei5gYZYe
2+iRsC7Zpw9gWxxR02o+8G8lAvY4NMClM49mLFVmqFMzg39l+BJb3BUFsO7p0pHR
P+gxkIYt/4teJ7euAggH/DKLugYwUFuiBDSWj94gHKZ0kI0PPd/9vaESaEv1rCap
cpGy7/Pyq9XOSGLP9n/hIH6uNXmIXmWshauwxYh+GcARUTOi4gQfdjAF/3KaLPjK
Gj8cAhGve2+OOd0q2ScMtyKGAkChrs0WgzePtBbcvH4xl7klvluw4LbDhOEmQpBV
0UmS0rLCFaQEmm1LQGRirucx0A==
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIDrjCCApagAwIBAgIQAQAJbmtwZEd6Ngo/5tOm/TANBgkqhkiG9w0BAQsFADBH
MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEgMB4GA1UEAxMX
UmFwaWRTU0wgU0hBMjU2IENBIC0gRzMwHhcNMTcwNDI4MTkxNjEyWhcNMTgwNTIy
MTkxNjEyWjAxMS8wLQYDVQQDEyZSYXBpZFNTTCBTSEEyNTYgQ0EgLSBHMyBPQ1NQ
IFJlc3BvbmRlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMxYQ6eb
7JyYLZw9iPrdFojK+59MzsmgvdQnBuwOUjYAc2PDtUiBYNJAJzFua4BEd6ugtuL8
00lrQl2INT7spbUqC8BWS31W/4gKJ5NVLa6IdE0lZ/Igw/VvP54GMFlR3maQdq5S
nwF/IGy4ie5Peg2c8vpHwhkztLP//y/5TkgAr8XcDVkbVt6It58zWK6xL3MCYlwA
verS4BNZoCWnrdcMjLH1fbfJ8KVhyOETiXzOs7dGbeJr+SI80rKiVtWFmoC/Rmwo
t/YXMRmVD7WDUYaw/XeaQQnerGOL9nyWru70sSDTKQGUE5YpDR4pw3hJrkn4YfZa
JDvMV5uXMvUUKAkCAwEAAaOBqzCBqDAfBgNVHSMEGDAWgBTDnPP800YINLvORn+g
fFvz4gjLWTAPBgkrBgEFBQcwAQUEAgUAMB0GA1UdDgQWBBQqG3Lp+rufHEcH47mp
oWFYREDnsDATBgNVHSUEDDAKBggrBgEFBQcDCTAMBgNVHRMBAf8EAjAAMA4GA1Ud
DwEB/wQEAwIHgDAiBgNVHREEGzAZpBcwFTETMBEGA1UEAxMKVEdWLU9GRi05ODAN
BgkqhkiG9w0BAQsFAAOCAQEAeMxStQ9SI/5HvggkJ7D6xL/uVkWn1+yEJ8Caqshq
QY2/nZAWvicOei5gYZYe2+iRsC7Zpw9gWxxR02o+8G8lAvY4NMClM49mLFVmqFMz
g39l+BJb3BUFsO7p0pHRP+gxkIYt/4teJ7euAggH/DKLugYwUFuiBDSWj94gHKZ0
kI0PPd/9vaESaEv1rCapcpGy7/Pyq9XOSGLP9n/hIH6uNXmIXmWshauwxYh+GcAR
UTOi4gQfdjAF/3KaLPjKGj8cAhGve2+OOd0q2ScMtyKGAkChrs0WgzePtBbcvH4x
l7klvluw4LbDhOEmQpBV0UmS0rLCFaQEmm1LQGRirucx0A==
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [max-age=467119, public, no-transform, must-revalidate]
Content-Length: [1411]
Content-Transfer-Encoding: [binary]
Content-Type: [application/ocsp-response]
Date: [Wed, 28 Jun 2017 15:42:28 GMT]
Expires: [Tue, 4 Jul 2017 01:27:47 GMT]
Last-Modified: [Tue, 27 Jun 2017 01:27:47 GMT]
Server: [nginx/1.10.2]
X-Cache: [TCP_REFRESH_MISS from a23-219-93-85.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (S)]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • OCSP response is valid for at least 8 hours (Microsoft)
  • OCSP response is available at least 8 hours before the current period expires or at ½ the validity if valid for more than 16 hours (Microsoft)
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)
This OCSP response was cached at
http://gv.symcd.com (GET)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://gv.symcd.com (GET)
Size: 1411 bytes (DER data)
Response time: 69.276759ms
Signature algorithm: SHA1WithRSA
Signature type: CA Delegated
Signed by: RapidSSL SHA256 CA - G3 OCSP Responder
Issued by: RapidSSL SHA256 CA - G3
Signing certificate validity: 2017-04-28 - 2018-05-22
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 129h45m19s

Server and network information

Server Software: nginx/1.10.2
Content Delivery Network (CDN): Akamai
Cache Information: TCP_MISS from a23-219-93-86.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (-)

URL used for GET request

http://gv.symcd.com/MEMwQTA%2FMD0wOzAJBgUrDgMCGgUABBRAC0Z68eay0wmDug1gfn5ZN0gkxAQUw5zz%2FNNGCDS7zkZ%2FoHxb8%2BIIy1kCAgnq

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MEMwQTA/MD0wOzAJBgUrDgMCGgUABBRAC0Z68eay0wmDug1gfn5ZN0gkxAQUw5zz
/NNGCDS7zkZ/oHxb8+IIy1kCAgnq
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIFfwoBAKCCBXgwggV0BgkrBgEFBQcwAQEEggVlMIIFYTCBkKIWBBQqG3Lp+ruf
HEcH47mpoWFYREDnsBgPMjAxNzA2MjcwMTI3NDdaMGUwYzA7MAkGBSsOAwIaBQAE
FEALRnrx5rLTCYO6DWB+flk3SCTEBBTDnPP800YINLvORn+gfFvz4gjLWQICCeqA
ABgPMjAxNzA2MjcwMTI3NDdaoBEYDzIwMTcwNzA0MDEyNzQ3WjANBgkqhkiG9w0B
AQUFAAOCAQEALDHIR77N5gJlRZp7ppFXMzIKXPPlPpKSHmmzhiaylsupDdDJr4Qt
WL98moN8n9To7M4eGEIR8hoBrdIy6TYEUnFXF7fs0z5NCt59jbcq3yCMJYld8rYb
vMfjEbmL79CeB5V2J/h0UPRmnSG0BVIHvl2cYhqnkO67gy1frTNFCkSpa1t+vbgC
FrAgZt7FVTq9lQvgXTPnBYTsl/Ycl+9V3U2cBaB2U9HVpXuEfb7oPJOGW8VcJoBb
lFz43ui/xhaNZ8PvpFc8Byu1U9JyiqAyduFZWajaqe/zXwjIKwqr3+Na1GbXEvMn
p5Mh4p2RZBUXIDrc9gHRv+6K5TyLURYk3aCCA7YwggOyMIIDrjCCApagAwIBAgIQ
AQAJbmtwZEd6Ngo/5tOm/TANBgkqhkiG9w0BAQsFADBHMQswCQYDVQQGEwJVUzEW
MBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEgMB4GA1UEAxMXUmFwaWRTU0wgU0hBMjU2
IENBIC0gRzMwHhcNMTcwNDI4MTkxNjEyWhcNMTgwNTIyMTkxNjEyWjAxMS8wLQYD
VQQDEyZSYXBpZFNTTCBTSEEyNTYgQ0EgLSBHMyBPQ1NQIFJlc3BvbmRlcjCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMxYQ6eb7JyYLZw9iPrdFojK+59M
zsmgvdQnBuwOUjYAc2PDtUiBYNJAJzFua4BEd6ugtuL800lrQl2INT7spbUqC8BW
S31W/4gKJ5NVLa6IdE0lZ/Igw/VvP54GMFlR3maQdq5SnwF/IGy4ie5Peg2c8vpH
whkztLP//y/5TkgAr8XcDVkbVt6It58zWK6xL3MCYlwAverS4BNZoCWnrdcMjLH1
fbfJ8KVhyOETiXzOs7dGbeJr+SI80rKiVtWFmoC/Rmwot/YXMRmVD7WDUYaw/Xea
QQnerGOL9nyWru70sSDTKQGUE5YpDR4pw3hJrkn4YfZaJDvMV5uXMvUUKAkCAwEA
AaOBqzCBqDAfBgNVHSMEGDAWgBTDnPP800YINLvORn+gfFvz4gjLWTAPBgkrBgEF
BQcwAQUEAgUAMB0GA1UdDgQWBBQqG3Lp+rufHEcH47mpoWFYREDnsDATBgNVHSUE
DDAKBggrBgEFBQcDCTAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIHgDAiBgNV
HREEGzAZpBcwFTETMBEGA1UEAxMKVEdWLU9GRi05ODANBgkqhkiG9w0BAQsFAAOC
AQEAeMxStQ9SI/5HvggkJ7D6xL/uVkWn1+yEJ8CaqshqQY2/nZAWvicOei5gYZYe
2+iRsC7Zpw9gWxxR02o+8G8lAvY4NMClM49mLFVmqFMzg39l+BJb3BUFsO7p0pHR
P+gxkIYt/4teJ7euAggH/DKLugYwUFuiBDSWj94gHKZ0kI0PPd/9vaESaEv1rCap
cpGy7/Pyq9XOSGLP9n/hIH6uNXmIXmWshauwxYh+GcARUTOi4gQfdjAF/3KaLPjK
Gj8cAhGve2+OOd0q2ScMtyKGAkChrs0WgzePtBbcvH4xl7klvluw4LbDhOEmQpBV
0UmS0rLCFaQEmm1LQGRirucx0A==
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIDrjCCApagAwIBAgIQAQAJbmtwZEd6Ngo/5tOm/TANBgkqhkiG9w0BAQsFADBH
MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEgMB4GA1UEAxMX
UmFwaWRTU0wgU0hBMjU2IENBIC0gRzMwHhcNMTcwNDI4MTkxNjEyWhcNMTgwNTIy
MTkxNjEyWjAxMS8wLQYDVQQDEyZSYXBpZFNTTCBTSEEyNTYgQ0EgLSBHMyBPQ1NQ
IFJlc3BvbmRlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMxYQ6eb
7JyYLZw9iPrdFojK+59MzsmgvdQnBuwOUjYAc2PDtUiBYNJAJzFua4BEd6ugtuL8
00lrQl2INT7spbUqC8BWS31W/4gKJ5NVLa6IdE0lZ/Igw/VvP54GMFlR3maQdq5S
nwF/IGy4ie5Peg2c8vpHwhkztLP//y/5TkgAr8XcDVkbVt6It58zWK6xL3MCYlwA
verS4BNZoCWnrdcMjLH1fbfJ8KVhyOETiXzOs7dGbeJr+SI80rKiVtWFmoC/Rmwo
t/YXMRmVD7WDUYaw/XeaQQnerGOL9nyWru70sSDTKQGUE5YpDR4pw3hJrkn4YfZa
JDvMV5uXMvUUKAkCAwEAAaOBqzCBqDAfBgNVHSMEGDAWgBTDnPP800YINLvORn+g
fFvz4gjLWTAPBgkrBgEFBQcwAQUEAgUAMB0GA1UdDgQWBBQqG3Lp+rufHEcH47mp
oWFYREDnsDATBgNVHSUEDDAKBggrBgEFBQcDCTAMBgNVHRMBAf8EAjAAMA4GA1Ud
DwEB/wQEAwIHgDAiBgNVHREEGzAZpBcwFTETMBEGA1UEAxMKVEdWLU9GRi05ODAN
BgkqhkiG9w0BAQsFAAOCAQEAeMxStQ9SI/5HvggkJ7D6xL/uVkWn1+yEJ8Caqshq
QY2/nZAWvicOei5gYZYe2+iRsC7Zpw9gWxxR02o+8G8lAvY4NMClM49mLFVmqFMz
g39l+BJb3BUFsO7p0pHRP+gxkIYt/4teJ7euAggH/DKLugYwUFuiBDSWj94gHKZ0
kI0PPd/9vaESaEv1rCapcpGy7/Pyq9XOSGLP9n/hIH6uNXmIXmWshauwxYh+GcAR
UTOi4gQfdjAF/3KaLPjKGj8cAhGve2+OOd0q2ScMtyKGAkChrs0WgzePtBbcvH4x
l7klvluw4LbDhOEmQpBV0UmS0rLCFaQEmm1LQGRirucx0A==
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [max-age=467119, public, no-transform, must-revalidate]
Content-Length: [1411]
Content-Transfer-Encoding: [binary]
Content-Type: [application/ocsp-response]
Date: [Wed, 28 Jun 2017 15:42:28 GMT]
Expires: [Tue, 4 Jul 2017 01:27:47 GMT]
Last-Modified: [Tue, 27 Jun 2017 01:27:47 GMT]
Server: [nginx/1.10.2]
X-Cache: [TCP_MISS from a23-219-93-86.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (-)]
  • OCSP requests is smaller than 255 bytes
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • OCSP response is valid for at least 8 hours (Microsoft)
  • OCSP response is available at least 8 hours before the current period expires or at ½ the validity if valid for more than 16 hours (Microsoft)
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

RapidSSL SHA256 CA - G3 (CA Certificate)

Certificate details for RapidSSL SHA256 CA - G3 (At position 1 in certificate chain)
Serial number:
hex: 23a77
int: 146039
Issued by: GeoTrust Global CA
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: GeoTrust Inc.
Country: US
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

Certificate Revocation List (CRL)

This CRL was cached at
http://g.symcb.com/crls/gtglobal.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://g.symcb.com/crls/gtglobal.crl
Size: 665 bytes (DER data)
Response time: 8.860605ms
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 12

Relevant server response headers

Date:
Last Modified:

Server and network information

Server Software: Apache
Content Delivery Network (CDN): Akamai
Cache Information: TCP_MEM_HIT from a23-219-93-108.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (-)

Raw CRL response headers

Accept-Ranges: [bytes]
Content-Type: [application/pkix-crl]
Date: [Wed, 28 Jun 2017 15:42:28 GMT]
Etag: ["a42c482f90c2ce53466ecf223bc477d3:1498447818"]
Last-Modified: [Mon, 26 Jun 2017 03:30:18 GMT]
Server: [Apache]
Vary: [Accept-Encoding]
X-Cache: [TCP_MEM_HIT from a23-219-93-108.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (-)]
  • Content-Type in response is set to 'application/pkix-crl (RFC 5280, section 4.2.1.13)'
  • This CRL file is DER encoded
  • Issuer field is byte-for-byte equivalent with issuers subject
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is not the same as ThisUpdate (RFC 5019, section 6.2)
  • Expires cache header not set (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://g.symcd.com (GET)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://g.symcd.com (GET)
Size: 1377 bytes (DER data)
Response time: 6.073143ms
Signature algorithm: SHA1WithRSA
Signature type: CA Delegated
Signed by: GeoTrust Global CA TGV OCSP Responder 5
Issued by: GeoTrust Global CA
Signing certificate validity: 2016-12-08 - 2017-12-14
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 162h21m5s

Server and network information

Server Software: nginx/1.10.2
Content Delivery Network (CDN): Akamai
Cache Information: TCP_MEM_HIT from a23-219-93-85.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (-)

URL used for GET request

http://g.symcd.com/MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkqw0GRtsnCuD5V8sCXEROgByACAwI6dw%3D%3D

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkq
w0GRtsnCuD5V8sCXEROgByACAwI6dw==
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIFXQoBAKCCBVYwggVSBgkrBgEFBQcwAQEEggVDMIIFPzCBkaIWBBRW5FQnU+as
qXGB3YYiHprkenLEKhgPMjAxNzA2MjgxMDAyMjZaMGYwZDA8MAkGBSsOAwIaBQAE
FLG0OReQFreXeVAR8WC51KI82+3uBBQA+SrDQZG2ycK4PlXywJcRE6AHIAIDAjp3
gAAYDzIwMTcwNjI4MTAwMjI2WqARGA8yMDE3MDcwNTEwMDIyNlowDQYJKoZIhvcN
AQEFBQADggEBAD6vYLQXBMyL5Yr3/kpXSVVBAfyZ/SCIVCPD+ek/fV2/OztYyQw8
fahwYGLgNO4/Z08QucTiY4RYdYauctZFCghqJtF7pqQyzd7EXilYkWgmgnKqeLzy
/yUqkTnBfVGGOycVjXz+3SUsuRzDyCLaR+9icdM1x7p+Xo9GqREaz8Cq63wJORFZ
LqPoPAF+FLaugnRINGwRrIxUt5F2Uxs7b/rihvT/d8RfZGv8IixqeBgH4qQaNujM
xxLxuPm/CJBIAT93FLPxieMVYyGuX64pEU5iD9MWTGNxSjyxwa3A/Y209/zA/X9J
1J+PsZL+e7uwjM0M96ITIJLxc8UMcnS3XtGgggOTMIIDjzCCA4swggJzoAMCAQIC
EAEAAI8cK5YV9Xm5GF4OwmcwDQYJKoZIhvcNAQELBQAwQjELMAkGA1UEBhMCVVMx
FjAUBgNVBAoTDUdlb1RydXN0IEluYy4xGzAZBgNVBAMTEkdlb1RydXN0IEdsb2Jh
bCBDQTAeFw0xNjEyMDgxMTI1MzVaFw0xNzEyMTQxMTI1MzVaMDIxMDAuBgNVBAMT
J0dlb1RydXN0IEdsb2JhbCBDQSBUR1YgT0NTUCBSZXNwb25kZXIgNTCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBAKbsx72ex4lTCJDy3iHAy47zLOB03z8E
ucSDZIQMjk1A5aZfqz0MU5HHLOsi76EQo6uYR2R2rl9jgQ1EMbe0TidFyTrhse63
rmEyzQusz7sEjnsvckT7K/9j6DLmlFB/6oEhAgwfCONYbrDOfQHBCtd7e+x6STm0
WeKCF4/QqS+C5ZTUEzsNjhcAqeAMZnWEoyyJ6OpCiF9vDblCGa9nlh3SwW+nxKTq
qqiMlz9ZXN8//IHrectIKszEXXlpvtr4wJAz0KrUDfENqEbKNouP0fv1Ueno5Z7t
ue3CnHtCF+QxOQXDS3rKrQJcesKMrFC9+M5frbQuLSGz9ee/xCfnWW0CAwEAAaOB
jDCBiTAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1luMrMTjAPBgkrBgEFBQcw
AQUEAgUAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA4GA1UdDwEB/wQEAwIHgDAMBgNV
HRMBAf8EAjAAMCIGA1UdEQQbMBmkFzAVMRMwEQYDVQQDEwpUR1YtT0ZGLTU3MA0G
CSqGSIb3DQEBCwUAA4IBAQAEbWTM2eKR1XlWe9ui17q87Hk6NYXKQGwj/ss1ue8Q
1cnoA2/Mo1gG1Q/8LHJ97vK5yw65afq8M5mPbxdl/57jZTUF1kDmgEgvUde3O+h2
ZLIHPx1q2W2WDLT2ltYvaHaNr0Hnkb8MCQ27Z728Fsn5+Ilh/bDoA+NHEqlcfycq
oGKksT60iqnogUz/WZNUbzzBQD6NlpomMZUTOcF3/5L3Fe1OKkF1nGXW2QTW/mLZ
5Eviy4ZQTzQ34koPA5qC1nsWQ1zOE57jR8IJMC+mYQdFb71gehA8O0lB7fL6Kysj
zycnBkNHgJ9LQDd67gQ30FxfmbAnHV1xxWakX8lXTvIf
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIDizCCAnOgAwIBAgIQAQAAjxwrlhX1ebkYXg7CZzANBgkqhkiG9w0BAQsFADBC
MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMS
R2VvVHJ1c3QgR2xvYmFsIENBMB4XDTE2MTIwODExMjUzNVoXDTE3MTIxNDExMjUz
NVowMjEwMC4GA1UEAxMnR2VvVHJ1c3QgR2xvYmFsIENBIFRHViBPQ1NQIFJlc3Bv
bmRlciA1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApuzHvZ7HiVMI
kPLeIcDLjvMs4HTfPwS5xINkhAyOTUDlpl+rPQxTkccs6yLvoRCjq5hHZHauX2OB
DUQxt7ROJ0XJOuGx7reuYTLNC6zPuwSOey9yRPsr/2PoMuaUUH/qgSECDB8I41hu
sM59AcEK13t77HpJObRZ4oIXj9CpL4LllNQTOw2OFwCp4AxmdYSjLIno6kKIX28N
uUIZr2eWHdLBb6fEpOqqqIyXP1lc3z/8get5y0gqzMRdeWm+2vjAkDPQqtQN8Q2o
Rso2i4/R+/VR6ejlnu257cKce0IX5DE5BcNLesqtAlx6woysUL34zl+ttC4tIbP1
57/EJ+dZbQIDAQABo4GMMIGJMB8GA1UdIwQYMBaAFMB6mGiNifurBWQMEX2qfWW4
ysxOMA8GCSsGAQUFBzABBQQCBQAwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDgYDVR0P
AQH/BAQDAgeAMAwGA1UdEwEB/wQCMAAwIgYDVR0RBBswGaQXMBUxEzARBgNVBAMT
ClRHVi1PRkYtNTcwDQYJKoZIhvcNAQELBQADggEBAARtZMzZ4pHVeVZ726LXurzs
eTo1hcpAbCP+yzW57xDVyegDb8yjWAbVD/wscn3u8rnLDrlp+rwzmY9vF2X/nuNl
NQXWQOaASC9R17c76HZksgc/HWrZbZYMtPaW1i9odo2vQeeRvwwJDbtnvbwWyfn4
iWH9sOgD40cSqVx/JyqgYqSxPrSKqeiBTP9Zk1RvPMFAPo2WmiYxlRM5wXf/kvcV
7U4qQXWcZdbZBNb+YtnkS+LLhlBPNDfiSg8DmoLWexZDXM4TnuNHwgkwL6ZhB0Vv
vWB6EDw7SUHt8vorKyPPJycGQ0eAn0tAN3ruBDfQXF+ZsCcdXXHFZqRfyVdO8h8=
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [max-age=584465, public, no-transform, must-revalidate]
Content-Length: [1377]
Content-Transfer-Encoding: [binary]
Content-Type: [application/ocsp-response]
Date: [Wed, 28 Jun 2017 15:42:28 GMT]
Expires: [Wed, 5 Jul 2017 10:02:26 GMT]
Last-Modified: [Wed, 28 Jun 2017 10:02:26 GMT]
Server: [nginx/1.10.2]
X-Cache: [TCP_MEM_HIT from a23-219-93-85.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (-)]
  • OCSP requests is smaller than 255 bytes
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header outlives NextUpdate with 1m7s
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)
This OCSP response was cached at
http://g.symcd.com (POST)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://g.symcd.com (POST)
Size: 1377 bytes (DER data)
Response time: 35.645376ms
Signature algorithm: SHA1WithRSA
Signature type: CA Delegated
Signed by: GeoTrust Global CA TGV OCSP Responder 5
Issued by: GeoTrust Global CA
Signing certificate validity: 2016-12-08 - 2017-12-14
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 162h19m58s

Server and network information

Server Software: nginx/1.10.2
Content Delivery Network (CDN): Akamai
Cache Information: TCP_REFRESH_MISS from a23-219-93-85.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (S)

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkq
w0GRtsnCuD5V8sCXEROgByACAwI6dw==
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIFXQoBAKCCBVYwggVSBgkrBgEFBQcwAQEEggVDMIIFPzCBkaIWBBRW5FQnU+as
qXGB3YYiHprkenLEKhgPMjAxNzA2MjgxMDAyMjZaMGYwZDA8MAkGBSsOAwIaBQAE
FLG0OReQFreXeVAR8WC51KI82+3uBBQA+SrDQZG2ycK4PlXywJcRE6AHIAIDAjp3
gAAYDzIwMTcwNjI4MTAwMjI2WqARGA8yMDE3MDcwNTEwMDIyNlowDQYJKoZIhvcN
AQEFBQADggEBAD6vYLQXBMyL5Yr3/kpXSVVBAfyZ/SCIVCPD+ek/fV2/OztYyQw8
fahwYGLgNO4/Z08QucTiY4RYdYauctZFCghqJtF7pqQyzd7EXilYkWgmgnKqeLzy
/yUqkTnBfVGGOycVjXz+3SUsuRzDyCLaR+9icdM1x7p+Xo9GqREaz8Cq63wJORFZ
LqPoPAF+FLaugnRINGwRrIxUt5F2Uxs7b/rihvT/d8RfZGv8IixqeBgH4qQaNujM
xxLxuPm/CJBIAT93FLPxieMVYyGuX64pEU5iD9MWTGNxSjyxwa3A/Y209/zA/X9J
1J+PsZL+e7uwjM0M96ITIJLxc8UMcnS3XtGgggOTMIIDjzCCA4swggJzoAMCAQIC
EAEAAI8cK5YV9Xm5GF4OwmcwDQYJKoZIhvcNAQELBQAwQjELMAkGA1UEBhMCVVMx
FjAUBgNVBAoTDUdlb1RydXN0IEluYy4xGzAZBgNVBAMTEkdlb1RydXN0IEdsb2Jh
bCBDQTAeFw0xNjEyMDgxMTI1MzVaFw0xNzEyMTQxMTI1MzVaMDIxMDAuBgNVBAMT
J0dlb1RydXN0IEdsb2JhbCBDQSBUR1YgT0NTUCBSZXNwb25kZXIgNTCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBAKbsx72ex4lTCJDy3iHAy47zLOB03z8E
ucSDZIQMjk1A5aZfqz0MU5HHLOsi76EQo6uYR2R2rl9jgQ1EMbe0TidFyTrhse63
rmEyzQusz7sEjnsvckT7K/9j6DLmlFB/6oEhAgwfCONYbrDOfQHBCtd7e+x6STm0
WeKCF4/QqS+C5ZTUEzsNjhcAqeAMZnWEoyyJ6OpCiF9vDblCGa9nlh3SwW+nxKTq
qqiMlz9ZXN8//IHrectIKszEXXlpvtr4wJAz0KrUDfENqEbKNouP0fv1Ueno5Z7t
ue3CnHtCF+QxOQXDS3rKrQJcesKMrFC9+M5frbQuLSGz9ee/xCfnWW0CAwEAAaOB
jDCBiTAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1luMrMTjAPBgkrBgEFBQcw
AQUEAgUAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA4GA1UdDwEB/wQEAwIHgDAMBgNV
HRMBAf8EAjAAMCIGA1UdEQQbMBmkFzAVMRMwEQYDVQQDEwpUR1YtT0ZGLTU3MA0G
CSqGSIb3DQEBCwUAA4IBAQAEbWTM2eKR1XlWe9ui17q87Hk6NYXKQGwj/ss1ue8Q
1cnoA2/Mo1gG1Q/8LHJ97vK5yw65afq8M5mPbxdl/57jZTUF1kDmgEgvUde3O+h2
ZLIHPx1q2W2WDLT2ltYvaHaNr0Hnkb8MCQ27Z728Fsn5+Ilh/bDoA+NHEqlcfycq
oGKksT60iqnogUz/WZNUbzzBQD6NlpomMZUTOcF3/5L3Fe1OKkF1nGXW2QTW/mLZ
5Eviy4ZQTzQ34koPA5qC1nsWQ1zOE57jR8IJMC+mYQdFb71gehA8O0lB7fL6Kysj
zycnBkNHgJ9LQDd67gQ30FxfmbAnHV1xxWakX8lXTvIf
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIDizCCAnOgAwIBAgIQAQAAjxwrlhX1ebkYXg7CZzANBgkqhkiG9w0BAQsFADBC
MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMS
R2VvVHJ1c3QgR2xvYmFsIENBMB4XDTE2MTIwODExMjUzNVoXDTE3MTIxNDExMjUz
NVowMjEwMC4GA1UEAxMnR2VvVHJ1c3QgR2xvYmFsIENBIFRHViBPQ1NQIFJlc3Bv
bmRlciA1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApuzHvZ7HiVMI
kPLeIcDLjvMs4HTfPwS5xINkhAyOTUDlpl+rPQxTkccs6yLvoRCjq5hHZHauX2OB
DUQxt7ROJ0XJOuGx7reuYTLNC6zPuwSOey9yRPsr/2PoMuaUUH/qgSECDB8I41hu
sM59AcEK13t77HpJObRZ4oIXj9CpL4LllNQTOw2OFwCp4AxmdYSjLIno6kKIX28N
uUIZr2eWHdLBb6fEpOqqqIyXP1lc3z/8get5y0gqzMRdeWm+2vjAkDPQqtQN8Q2o
Rso2i4/R+/VR6ejlnu257cKce0IX5DE5BcNLesqtAlx6woysUL34zl+ttC4tIbP1
57/EJ+dZbQIDAQABo4GMMIGJMB8GA1UdIwQYMBaAFMB6mGiNifurBWQMEX2qfWW4
ysxOMA8GCSsGAQUFBzABBQQCBQAwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDgYDVR0P
AQH/BAQDAgeAMAwGA1UdEwEB/wQCMAAwIgYDVR0RBBswGaQXMBUxEzARBgNVBAMT
ClRHVi1PRkYtNTcwDQYJKoZIhvcNAQELBQADggEBAARtZMzZ4pHVeVZ726LXurzs
eTo1hcpAbCP+yzW57xDVyegDb8yjWAbVD/wscn3u8rnLDrlp+rwzmY9vF2X/nuNl
NQXWQOaASC9R17c76HZksgc/HWrZbZYMtPaW1i9odo2vQeeRvwwJDbtnvbwWyfn4
iWH9sOgD40cSqVx/JyqgYqSxPrSKqeiBTP9Zk1RvPMFAPo2WmiYxlRM5wXf/kvcV
7U4qQXWcZdbZBNb+YtnkS+LLhlBPNDfiSg8DmoLWexZDXM4TnuNHwgkwL6ZhB0Vv
vWB6EDw7SUHt8vorKyPPJycGQ0eAn0tAN3ruBDfQXF+ZsCcdXXHFZqRfyVdO8h8=
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [max-age=584398, public, no-transform, must-revalidate]
Content-Length: [1377]
Content-Transfer-Encoding: [binary]
Content-Type: [application/ocsp-response]
Date: [Wed, 28 Jun 2017 15:42:28 GMT]
Expires: [Wed, 5 Jul 2017 10:02:26 GMT]
Last-Modified: [Wed, 28 Jun 2017 10:02:26 GMT]
Server: [nginx/1.10.2]
X-Cache: [TCP_REFRESH_MISS from a23-219-93-85.deploy.akamaitechnologies.com (AkamaiGHost/9.0.0-20100727) (S)]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

GeoTrust Global CA (CA Certificate)

Certificate details for GeoTrust Global CA (At position 2 in certificate chain)
Serial number:
hex: 23456
int: 144470
Issued by: GeoTrust Global CA
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: GeoTrust Inc.
Country: US
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

This is a self signed certificate

Check the revocation status for another website

Created by Paul van Brouwershaven
© 2015 - 2017 Digitorus B.V.
Revoked certificates can't and should not be trusted, these certificate will cause errors like "NET::ERR_CERT_REVOKED" in browsers.