CRL & OCSP report for cloud.azevem.com

cloud.azevem.com

Certificate details for cloud.azevem.com (At position 0 in certificate chain)
Serial number:
hex: 22cba18fe0c228ee8e1d6af3bcb65fbc
int: 46251064986102504250271058694317170620
Issued by: StartCom Class 1 DV Server CA
Public Key Algorithm: RSA
Not valid before:
Not valid after:
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

Check certificate compliance for cloud.azevem.com.

Certificate Revocation List (CRL)

This CRL was cached at
http://crl.startssl.com/sca-server1.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://crl.startssl.com/sca-server1.crl
Size: 35998 bytes (DER data)
Response time: 253.061052ms
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 1014

Relevant server response headers

Date:
Last Modified:

Server and network information

Server Software: nginx/1.0.12
Content Delivery Network (CDN): Akamai
Cache Information: TCP_MEM_HIT from a23-219-92-108.deploy.akamaitechnologies.com (AkamaiGHost/8.3.2-19674918) (-)

Raw CRL response headers

Accept-Ranges: [bytes]
Content-Length: [48798]
Content-Type: [application/pkix-crl]
Date: [Sun, 30 Apr 2017 12:51:43 GMT]
Last-Modified: [Sun, 30 Apr 2017 04:46:29 GMT]
Server: [nginx/1.0.12]
X-Cache: [TCP_MEM_HIT from a23-219-92-108.deploy.akamaitechnologies.com (AkamaiGHost/8.3.2-19674918) (-)]
  • Content-Type in response is set to 'application/pkix-crl (RFC 5280, section 4.2.1.13)'
  • This CRL should be in DER format but is PEM encoded
  • Issuer field is byte-for-byte equivalent with issuers subject
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than seven days old, CRLs must be updated and reissued at least every seven days (Mozilla Maintenance Policy section 3)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is not the same as ThisUpdate (RFC 5019, section 6.2)
  • Expires cache header not set (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://ocsp.startssl.com (GET)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp.startssl.com (GET)
Size: 1816 bytes (DER data)
Response time: 538.331275ms
Signature algorithm: SHA256WithRSA
Signature type: CA Deligated
Signed by: StartCom Class 1 DV Server CA OCSP Responder
Issued by: StartCom Class 1 DV Server CA
Signing certificate validity: 2017-03-03 - 2017-06-21
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: nginx/1.7.2
Content Delivery Network (CDN): Akamai
Cache Information: TCP_MISS from a23-219-92-86.deploy.akamaitechnologies.com (AkamaiGHost/8.3.2-19674918) (-)

URL used for GET request

http:/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRRaBWasZmbOlXoYMAiydUZ4DA9KQQU15FOAcSwv%2FjIZ5NEnOcz%2Bq2TDK8CECLLoY%2Fgwijujh1q87y2X7w%3D

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFEwTzBNMEswSTAJBgUrDgMCGgUABBRRaBWasZmbOlXoYMAiydUZ4DA9KQQU15FO
AcSwv/jIZ5NEnOcz+q2TDK8CECLLoY/gwijujh1q87y2X7w=
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIHFAoBAKCCBw0wggcJBgkrBgEFBQcwAQEEggb6MIIG9jCCAROhgYowgYcxCzAJ
BgNVBAYTAklMMRYwFAYDVQQKDA1TdGFydENvbSBMdGQuMSkwJwYDVQQLDCBTdGFy
dENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTE1MDMGA1UEAwwsU3RhcnRDb20g
Q2xhc3MgMSBEViBTZXJ2ZXIgQ0EgT0NTUCBSZXNwb25kZXIYDzIwMTcwNDMwMTI1
MjA3WjBzMHEwSTAJBgUrDgMCGgUABBRRaBWasZmbOlXoYMAiydUZ4DA9KQQU15FO
AcSwv/jIZ5NEnOcz+q2TDK8CECLLoY/gwijujh1q87y2X7yAABgPMjAxNzA0MzAx
MjUyMDdaoBEYDzIwMTcwNTA0MTMwMjA3WjANBgkqhkiG9w0BAQsFAAOCAQEAbN3B
lmzCCAGq9i1WTdqPgAAXN188biAPGBSiKU66LRpTq7+iUqe6O5TWXP4C+0P6Kosg
/Y6n1dvhA2hDt39JoRcZaZvJsM6quON7W8d+4fwJitU8IILdO0zDNcdy6Jua+jA7
LlFN31aRrV883XF3zc0GIn6SEhv6V5WpCVjM6olc8nUIANFToRWgElbItS1p78hQ
OCizDkx3fchM/D70X595okH+P1FZqLbCVuAKi/ypnQgpbgsvLk5ITu0Fc8gvyxsx
vvkC9L84tJjx7sIjM+ZemzUvQOLzm5JiXTngtiTEXpXjFqRWYRhBII8r4YfreC1R
1zMlgs6MwOfRGjm2j6CCBMcwggTDMIIEvzCCA6egAwIBAgIQMGBQDQIx4jdRjIO/
pRREsTANBgkqhkiG9w0BAQsFADB4MQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3Rh
cnRDb20gTHRkLjEpMCcGA1UECxMgU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRo
b3JpdHkxJjAkBgNVBAMTHVN0YXJ0Q29tIENsYXNzIDEgRFYgU2VydmVyIENBMB4X
DTE3MDMwMzAxNTgwMVoXDTE3MDYyMTAxNTgwMVowgYcxCzAJBgNVBAYTAklMMRYw
FAYDVQQKDA1TdGFydENvbSBMdGQuMSkwJwYDVQQLDCBTdGFydENvbSBDZXJ0aWZp
Y2F0aW9uIEF1dGhvcml0eTE1MDMGA1UEAwwsU3RhcnRDb20gQ2xhc3MgMSBEViBT
ZXJ2ZXIgQ0EgT0NTUCBSZXNwb25kZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQDAyCzCFFV57vdtfe3XGObqdca/HRpkrmNYlO9FQLbRCXjRe75e336f
XEd0zsq6pTbQk4VVsCSZxdLhPl6hrbG6lZyx0w2fQFag7cItNiyN1+jAgktez3PY
GKrFN9qRFsjJR87Kghm4ExLSDW5aN3xmlaormFWlh/b1Fc3oqvXBLXxbFPva2fay
KQKzx87bD7eT20YbCuwYiqPHtfqWH6J/ZsByczDi/vXn25WvqpUNp1Jfr7gBq7U8
oL7a2uZP/Gee0whX4ThQgrWRXJLRfYSftO9h4L751DASdmJyJ4veDMpnEApIlPK2
Xerga0h+1nAwBTTgAcKJyt+uInc4Ig19AgMBAAGjggEzMIIBLzAOBgNVHQ8BAf8E
BAMCA6gwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDwYJKwYBBQUHMAEFBAIFADAMBgNV
HRMBAf8EAjAAMB0GA1UdDgQWBBRNksOG1b3vBzS4jdnqybG4AlK13jAfBgNVHSME
GDAWgBTXkU4BxLC/+Mhnk0Sc5zP6rZMMrzBvBggrBgEFBQcBAQRjMGEwJAYIKwYB
BQUHMAGGGGh0dHA6Ly9vY3NwLnN0YXJ0c3NsLmNvbTA5BggrBgEFBQcwAoYtaHR0
cDovL2FpYS5zdGFydHNzbC5jb20vY2VydHMvc2NhLnNlcnZlcjEuY3J0MDgGA1Ud
HwQxMC8wLaAroCmGJ2h0dHA6Ly9jcmwuc3RhcnRzc2wuY29tL3NjYS1zZXJ2ZXIx
LmNybDANBgkqhkiG9w0BAQsFAAOCAQEAXj959PywBUa4gWwMGVGf+0I1ALanSGhb
3mEISViYq3lC4Q944+VFvfbEtgFAZ/Y2z4P0AezvZNH4ypiaUI+wO3edDILziaSN
tpzDzo3ad3MLKGsmprcW1fDeEIePT7H5P+eA3A0/XGtwLo+qvA344bnoFf4vW0nD
qRQJhPYob4WP93gXQCvUxvD1wbA6iVV5vgR9FMKmEj4UXhl9cQUgeFQd+oFIwqRC
GC/CY1V9HcCQ9n4ZQn0befiUewsEr8L/4EzYNhcgrwdHXDtIDQmvemgyVwZCm3vI
E8CP4zQ37ju/GewIh5ihN1qvGEuxdOGChox0jUTbmJWs6KFG5AAoYw==
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIEvzCCA6egAwIBAgIQMGBQDQIx4jdRjIO/pRREsTANBgkqhkiG9w0BAQsFADB4
MQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjEpMCcGA1UECxMg
U3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxJjAkBgNVBAMTHVN0YXJ0
Q29tIENsYXNzIDEgRFYgU2VydmVyIENBMB4XDTE3MDMwMzAxNTgwMVoXDTE3MDYy
MTAxNTgwMVowgYcxCzAJBgNVBAYTAklMMRYwFAYDVQQKDA1TdGFydENvbSBMdGQu
MSkwJwYDVQQLDCBTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTE1MDMG
A1UEAwwsU3RhcnRDb20gQ2xhc3MgMSBEViBTZXJ2ZXIgQ0EgT0NTUCBSZXNwb25k
ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAyCzCFFV57vdtfe3X
GObqdca/HRpkrmNYlO9FQLbRCXjRe75e336fXEd0zsq6pTbQk4VVsCSZxdLhPl6h
rbG6lZyx0w2fQFag7cItNiyN1+jAgktez3PYGKrFN9qRFsjJR87Kghm4ExLSDW5a
N3xmlaormFWlh/b1Fc3oqvXBLXxbFPva2fayKQKzx87bD7eT20YbCuwYiqPHtfqW
H6J/ZsByczDi/vXn25WvqpUNp1Jfr7gBq7U8oL7a2uZP/Gee0whX4ThQgrWRXJLR
fYSftO9h4L751DASdmJyJ4veDMpnEApIlPK2Xerga0h+1nAwBTTgAcKJyt+uInc4
Ig19AgMBAAGjggEzMIIBLzAOBgNVHQ8BAf8EBAMCA6gwEwYDVR0lBAwwCgYIKwYB
BQUHAwkwDwYJKwYBBQUHMAEFBAIFADAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRN
ksOG1b3vBzS4jdnqybG4AlK13jAfBgNVHSMEGDAWgBTXkU4BxLC/+Mhnk0Sc5zP6
rZMMrzBvBggrBgEFBQcBAQRjMGEwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLnN0
YXJ0c3NsLmNvbTA5BggrBgEFBQcwAoYtaHR0cDovL2FpYS5zdGFydHNzbC5jb20v
Y2VydHMvc2NhLnNlcnZlcjEuY3J0MDgGA1UdHwQxMC8wLaAroCmGJ2h0dHA6Ly9j
cmwuc3RhcnRzc2wuY29tL3NjYS1zZXJ2ZXIxLmNybDANBgkqhkiG9w0BAQsFAAOC
AQEAXj959PywBUa4gWwMGVGf+0I1ALanSGhb3mEISViYq3lC4Q944+VFvfbEtgFA
Z/Y2z4P0AezvZNH4ypiaUI+wO3edDILziaSNtpzDzo3ad3MLKGsmprcW1fDeEIeP
T7H5P+eA3A0/XGtwLo+qvA344bnoFf4vW0nDqRQJhPYob4WP93gXQCvUxvD1wbA6
iVV5vgR9FMKmEj4UXhl9cQUgeFQd+oFIwqRCGC/CY1V9HcCQ9n4ZQn0befiUewsE
r8L/4EzYNhcgrwdHXDtIDQmvemgyVwZCm3vIE8CP4zQ37ju/GewIh5ihN1qvGEux
dOGChox0jUTbmJWs6KFG5AAoYw==
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [max-age=0, no-cache, no-store]
Content-Length: [1816]
Content-Transfer-Encoding: [Binary]
Content-Type: [application/ocsp-response]
Date: [Sun, 30 Apr 2017 12:51:43 GMT]
Etag: ["F0D279FC38D71905045ABDE772E9012D235714A0"]
Expires: [Sun, 30 Apr 2017 12:51:43 GMT]
Last-Modified: [Sun, 30 Apr 2017 12:52:07 GMT]
Pragma: [no-cache]
Server: [nginx/1.7.2]
X-Cache: [TCP_MISS from a23-219-92-86.deploy.akamaitechnologies.com (AkamaiGHost/8.3.2-19674918) (-)]
  • OCSP requests is smaller than 255 bytes
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • OCSP response is valid for at least 8 hours (Microsoft)
  • OCSP response is available at least 8 hours before the current period expires or at ½ the validity if valid for more than 16 hours (Microsoft)
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is not yet valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is not the same as the NextUpdate field (RFC 5019 section 6.2)
This OCSP response was cached at
http://ocsp.startssl.com (POST)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp.startssl.com (POST)
Size: 1816 bytes (DER data)
Response time: 536.695804ms
Signature algorithm: SHA256WithRSA
Signature type: CA Deligated
Signed by: StartCom Class 1 DV Server CA OCSP Responder
Issued by: StartCom Class 1 DV Server CA
Signing certificate validity: 2017-03-03 - 2017-06-21
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: nginx/1.7.2
Content Delivery Network (CDN): Akamai
Cache Information: TCP_MISS from a23-219-92-86.deploy.akamaitechnologies.com (AkamaiGHost/8.3.2-19674918) (-)

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFEwTzBNMEswSTAJBgUrDgMCGgUABBRRaBWasZmbOlXoYMAiydUZ4DA9KQQU15FO
AcSwv/jIZ5NEnOcz+q2TDK8CECLLoY/gwijujh1q87y2X7w=
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIHFAoBAKCCBw0wggcJBgkrBgEFBQcwAQEEggb6MIIG9jCCAROhgYowgYcxCzAJ
BgNVBAYTAklMMRYwFAYDVQQKDA1TdGFydENvbSBMdGQuMSkwJwYDVQQLDCBTdGFy
dENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTE1MDMGA1UEAwwsU3RhcnRDb20g
Q2xhc3MgMSBEViBTZXJ2ZXIgQ0EgT0NTUCBSZXNwb25kZXIYDzIwMTcwNDMwMTI1
MjA3WjBzMHEwSTAJBgUrDgMCGgUABBRRaBWasZmbOlXoYMAiydUZ4DA9KQQU15FO
AcSwv/jIZ5NEnOcz+q2TDK8CECLLoY/gwijujh1q87y2X7yAABgPMjAxNzA0MzAx
MjUyMDdaoBEYDzIwMTcwNTA0MTMwMjA3WjANBgkqhkiG9w0BAQsFAAOCAQEAbN3B
lmzCCAGq9i1WTdqPgAAXN188biAPGBSiKU66LRpTq7+iUqe6O5TWXP4C+0P6Kosg
/Y6n1dvhA2hDt39JoRcZaZvJsM6quON7W8d+4fwJitU8IILdO0zDNcdy6Jua+jA7
LlFN31aRrV883XF3zc0GIn6SEhv6V5WpCVjM6olc8nUIANFToRWgElbItS1p78hQ
OCizDkx3fchM/D70X595okH+P1FZqLbCVuAKi/ypnQgpbgsvLk5ITu0Fc8gvyxsx
vvkC9L84tJjx7sIjM+ZemzUvQOLzm5JiXTngtiTEXpXjFqRWYRhBII8r4YfreC1R
1zMlgs6MwOfRGjm2j6CCBMcwggTDMIIEvzCCA6egAwIBAgIQMGBQDQIx4jdRjIO/
pRREsTANBgkqhkiG9w0BAQsFADB4MQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3Rh
cnRDb20gTHRkLjEpMCcGA1UECxMgU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRo
b3JpdHkxJjAkBgNVBAMTHVN0YXJ0Q29tIENsYXNzIDEgRFYgU2VydmVyIENBMB4X
DTE3MDMwMzAxNTgwMVoXDTE3MDYyMTAxNTgwMVowgYcxCzAJBgNVBAYTAklMMRYw
FAYDVQQKDA1TdGFydENvbSBMdGQuMSkwJwYDVQQLDCBTdGFydENvbSBDZXJ0aWZp
Y2F0aW9uIEF1dGhvcml0eTE1MDMGA1UEAwwsU3RhcnRDb20gQ2xhc3MgMSBEViBT
ZXJ2ZXIgQ0EgT0NTUCBSZXNwb25kZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQDAyCzCFFV57vdtfe3XGObqdca/HRpkrmNYlO9FQLbRCXjRe75e336f
XEd0zsq6pTbQk4VVsCSZxdLhPl6hrbG6lZyx0w2fQFag7cItNiyN1+jAgktez3PY
GKrFN9qRFsjJR87Kghm4ExLSDW5aN3xmlaormFWlh/b1Fc3oqvXBLXxbFPva2fay
KQKzx87bD7eT20YbCuwYiqPHtfqWH6J/ZsByczDi/vXn25WvqpUNp1Jfr7gBq7U8
oL7a2uZP/Gee0whX4ThQgrWRXJLRfYSftO9h4L751DASdmJyJ4veDMpnEApIlPK2
Xerga0h+1nAwBTTgAcKJyt+uInc4Ig19AgMBAAGjggEzMIIBLzAOBgNVHQ8BAf8E
BAMCA6gwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDwYJKwYBBQUHMAEFBAIFADAMBgNV
HRMBAf8EAjAAMB0GA1UdDgQWBBRNksOG1b3vBzS4jdnqybG4AlK13jAfBgNVHSME
GDAWgBTXkU4BxLC/+Mhnk0Sc5zP6rZMMrzBvBggrBgEFBQcBAQRjMGEwJAYIKwYB
BQUHMAGGGGh0dHA6Ly9vY3NwLnN0YXJ0c3NsLmNvbTA5BggrBgEFBQcwAoYtaHR0
cDovL2FpYS5zdGFydHNzbC5jb20vY2VydHMvc2NhLnNlcnZlcjEuY3J0MDgGA1Ud
HwQxMC8wLaAroCmGJ2h0dHA6Ly9jcmwuc3RhcnRzc2wuY29tL3NjYS1zZXJ2ZXIx
LmNybDANBgkqhkiG9w0BAQsFAAOCAQEAXj959PywBUa4gWwMGVGf+0I1ALanSGhb
3mEISViYq3lC4Q944+VFvfbEtgFAZ/Y2z4P0AezvZNH4ypiaUI+wO3edDILziaSN
tpzDzo3ad3MLKGsmprcW1fDeEIePT7H5P+eA3A0/XGtwLo+qvA344bnoFf4vW0nD
qRQJhPYob4WP93gXQCvUxvD1wbA6iVV5vgR9FMKmEj4UXhl9cQUgeFQd+oFIwqRC
GC/CY1V9HcCQ9n4ZQn0befiUewsEr8L/4EzYNhcgrwdHXDtIDQmvemgyVwZCm3vI
E8CP4zQ37ju/GewIh5ihN1qvGEuxdOGChox0jUTbmJWs6KFG5AAoYw==
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIEvzCCA6egAwIBAgIQMGBQDQIx4jdRjIO/pRREsTANBgkqhkiG9w0BAQsFADB4
MQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjEpMCcGA1UECxMg
U3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxJjAkBgNVBAMTHVN0YXJ0
Q29tIENsYXNzIDEgRFYgU2VydmVyIENBMB4XDTE3MDMwMzAxNTgwMVoXDTE3MDYy
MTAxNTgwMVowgYcxCzAJBgNVBAYTAklMMRYwFAYDVQQKDA1TdGFydENvbSBMdGQu
MSkwJwYDVQQLDCBTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTE1MDMG
A1UEAwwsU3RhcnRDb20gQ2xhc3MgMSBEViBTZXJ2ZXIgQ0EgT0NTUCBSZXNwb25k
ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAyCzCFFV57vdtfe3X
GObqdca/HRpkrmNYlO9FQLbRCXjRe75e336fXEd0zsq6pTbQk4VVsCSZxdLhPl6h
rbG6lZyx0w2fQFag7cItNiyN1+jAgktez3PYGKrFN9qRFsjJR87Kghm4ExLSDW5a
N3xmlaormFWlh/b1Fc3oqvXBLXxbFPva2fayKQKzx87bD7eT20YbCuwYiqPHtfqW
H6J/ZsByczDi/vXn25WvqpUNp1Jfr7gBq7U8oL7a2uZP/Gee0whX4ThQgrWRXJLR
fYSftO9h4L751DASdmJyJ4veDMpnEApIlPK2Xerga0h+1nAwBTTgAcKJyt+uInc4
Ig19AgMBAAGjggEzMIIBLzAOBgNVHQ8BAf8EBAMCA6gwEwYDVR0lBAwwCgYIKwYB
BQUHAwkwDwYJKwYBBQUHMAEFBAIFADAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRN
ksOG1b3vBzS4jdnqybG4AlK13jAfBgNVHSMEGDAWgBTXkU4BxLC/+Mhnk0Sc5zP6
rZMMrzBvBggrBgEFBQcBAQRjMGEwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLnN0
YXJ0c3NsLmNvbTA5BggrBgEFBQcwAoYtaHR0cDovL2FpYS5zdGFydHNzbC5jb20v
Y2VydHMvc2NhLnNlcnZlcjEuY3J0MDgGA1UdHwQxMC8wLaAroCmGJ2h0dHA6Ly9j
cmwuc3RhcnRzc2wuY29tL3NjYS1zZXJ2ZXIxLmNybDANBgkqhkiG9w0BAQsFAAOC
AQEAXj959PywBUa4gWwMGVGf+0I1ALanSGhb3mEISViYq3lC4Q944+VFvfbEtgFA
Z/Y2z4P0AezvZNH4ypiaUI+wO3edDILziaSNtpzDzo3ad3MLKGsmprcW1fDeEIeP
T7H5P+eA3A0/XGtwLo+qvA344bnoFf4vW0nDqRQJhPYob4WP93gXQCvUxvD1wbA6
iVV5vgR9FMKmEj4UXhl9cQUgeFQd+oFIwqRCGC/CY1V9HcCQ9n4ZQn0befiUewsE
r8L/4EzYNhcgrwdHXDtIDQmvemgyVwZCm3vIE8CP4zQ37ju/GewIh5ihN1qvGEux
dOGChox0jUTbmJWs6KFG5AAoYw==
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [max-age=0, no-cache, no-store]
Content-Length: [1816]
Content-Transfer-Encoding: [Binary]
Content-Type: [application/ocsp-response]
Date: [Sun, 30 Apr 2017 12:51:43 GMT]
Etag: ["F0D279FC38D71905045ABDE772E9012D235714A0"]
Expires: [Sun, 30 Apr 2017 12:51:43 GMT]
Last-Modified: [Sun, 30 Apr 2017 12:52:07 GMT]
Pragma: [no-cache]
Server: [nginx/1.7.2]
X-Cache: [TCP_MISS from a23-219-92-86.deploy.akamaitechnologies.com (AkamaiGHost/8.3.2-19674918) (-)]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • OCSP response is valid for at least 8 hours (Microsoft)
  • OCSP response is available at least 8 hours before the current period expires or at ½ the validity if valid for more than 16 hours (Microsoft)
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is not yet valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is not the same as the NextUpdate field (RFC 5019 section 6.2)

StartCom Class 1 DV Server CA (CA Certificate)

Certificate details for StartCom Class 1 DV Server CA (At position 1 in certificate chain)
Serial number:
hex: 6a5dc3e53b4e4fd07b691ea5fcec646b
int: 141385024392521038045679749985328718955
Issued by: StartCom Certification Authority
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: StartCom Ltd.
Organization unit: StartCom Certification Authority
Country: IL
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

Certificate Revocation List (CRL)

This CRL was cached at
http://crl.startssl.com/sfsca.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://crl.startssl.com/sfsca.crl
Size: 952 bytes (DER data)
Response time: 236.623101ms
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 7

Relevant server response headers

Date:
Last Modified:

Server and network information

Server Software: nginx/1.0.12
Content Delivery Network (CDN): Akamai
Cache Information: TCP_MEM_HIT from a23-219-92-108.deploy.akamaitechnologies.com (AkamaiGHost/8.3.2-19674918) (-)

Raw CRL response headers

Accept-Ranges: [bytes]
Content-Length: [952]
Content-Type: [application/pkix-crl]
Date: [Sun, 30 Apr 2017 12:51:43 GMT]
Last-Modified: [Wed, 12 Apr 2017 08:39:01 GMT]
Server: [nginx/1.0.12]
X-Cache: [TCP_MEM_HIT from a23-219-92-108.deploy.akamaitechnologies.com (AkamaiGHost/8.3.2-19674918) (-)]
  • Content-Type in response is set to 'application/pkix-crl (RFC 5280, section 4.2.1.13)'
  • This CRL file is DER encoded
  • Issuer field is byte-for-byte equivalent with issuers subject
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is not the same as ThisUpdate (RFC 5019, section 6.2)
  • Expires cache header not set (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://ocsp.startssl.com (GET)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp.startssl.com (GET)
Size: 1769 bytes (DER data)
Response time: 242.253498ms
Signature algorithm: SHA1WithRSA
Signature type: CA Deligated
Signed by: StartCom OCSP Responder
Issued by: StartCom Certification Authority
Signing certificate validity: 2016-09-20 - 2017-09-20
Signing certificate algorithm: SHA1-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: nginx/1.7.2
Content Delivery Network (CDN): Akamai
Cache Information: TCP_MEM_HIT from a23-219-92-86.deploy.akamaitechnologies.com (AkamaiGHost/8.3.2-19674918) (-)

URL used for GET request

http:/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRBc6bT2N9qzRkeiWvn5WI5MHBpNQQUTgvvGqRAW6UXaYcwyjRoQ9BBrvICEGpdw%2BU7Tk%2FQe2kepfzsZGs%3D

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFEwTzBNMEswSTAJBgUrDgMCGgUABBRBc6bT2N9qzRkeiWvn5WI5MHBpNQQUTgvv
GqRAW6UXaYcwyjRoQ9BBrvICEGpdw+U7Tk/Qe2kepfzsZGs=
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIG5QoBAKCCBt4wggbaBgkrBgEFBQcwAQEEggbLMIIGxzCB0aFJMEcxCzAJBgNV
BAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSAwHgYDVQQDExdTdGFydENv
bSBPQ1NQIFJlc3BvbmRlchgPMjAxNzA0MzAxMDEyMjVaMHMwcTBJMAkGBSsOAwIa
BQAEFEFzptPY32rNGR6Ja+flYjkwcGk1BBROC+8apEBbpRdphzDKNGhD0EGu8gIQ
al3D5TtOT9B7aR6l/Oxka4AAGA8yMDE3MDQzMDEwMTIyNVqgERgPMjAxNzA1MDQx
MDIyMjVaMA0GCSqGSIb3DQEBBQUAA4IBAQCQCD6g9du3sh4V44wXUjur2DALGKDv
DZRBHEB+pBK7QaHvZLDRzU2QgHjObMLx1GBL8UIPzYd7bzWFky4NodvZV/BxzrIA
LiqYiF3ZpMJ77a4o9lyLWyOGDxJ4rrg0nXZ7ys0tkJTElKHZYBfEv7cqFhHjoqtw
QpaY7Ck89VYclRz700Dpns9CaRsWutFvs+rbwIE0UN2j9UWs5AlSctCHxp+cEH25
vPmuKYUSP+/05iyPlbZcepWPGoIEXP28aLnU7fx+0ra3vmV1JTXya/7Rc+ijI+d5
tWWgWOD9M+typhIo7C0ExG0upzwAnuCOF0cRI0bSl0R6kSidsPUOtTENoIIE2zCC
BNcwggTTMIICu6ADAgECAhB0G1CHgU03TwwiPka2dpOyMA0GCSqGSIb3DQEBBQUA
MH0xCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQL
EyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMSkwJwYDVQQDEyBT
dGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xNjA5MjAwMDAxMDFa
Fw0xNzA5MjAwMDAxMDFaMEcxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENv
bSBMdGQuMSAwHgYDVQQDExdTdGFydENvbSBPQ1NQIFJlc3BvbmRlcjCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBAL67V5Yt7+ta/FzjtC7S1XWouzbVRn73
/KGBfj5JWHFXjL1oKcHHeyuiQ46IawZ3TKMIZafle69rt2/J+q+K1AcF+yWfnYls
XO4fPd2zuNXq9mLqlxwsYYLGwYo51ZY09YMenMo2hqcnE2jN4GNhW8HA7M5b1D7f
rPplzXZkcG2l9imHwapl+RItDefLqTYvoGXZE8JhefiFx1SkYwZ9Da9hMjWavMIn
QQwS6HgUU63ePBAj6oS9IBvEeGzFGeXeRKPOAtlwhsA1787V5OeamA5Ms2/8IEch
2fITwUxkXLshEuQpb9HqR0vPpWnCd5/SCWIRtNQV5XCTU6VyFcru1f8CAwEAAaOB
hDCBgTALBgNVHQ8EBAMCA6gwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDAYDVR0TAQH/
BAIwADAPBgkrBgEFBQcwAQUEAgUAMB0GA1UdDgQWBBRfdFkMIvy5C8QhXMZu/hEm
n9cqHTAfBgNVHSMEGDAWgBROC+8apEBbpRdphzDKNGhD0EGu8jANBgkqhkiG9w0B
AQUFAAOCAgEALbOpeDVprhn5SMPJuyRZGpe0vRR5FhCPmjJyCiGwi1ddVI++Eg56
nTWABnde9aW5W64x0MWuoEhg1+FOh5D2fIEztbKQKGQ8hDiQGTSz9Gy9KrZAzaEK
OvpHVriq2Znesu8W2w2cPahu09mY6ivtwJF5jVdLA3iG1X4xtiXUzdBqG+cQiWQB
wbK/L1KepHA83G1S8xvOSWkBJQwZ/plkrTXNUARa3nOhGvsQKw6OcAo3+FdfrTn5
KvVUFxjQ6xXVvJcSK46LbD5NAD3hp8N3OJVLfvIpHnVVBcIBbhNR4kBe+GNSnGHu
wbM1WAPq2V0npFD1WWYWHdYwVu4z9yAa2vhoYd7S/6eUhVH8FgCafBcQVoTuH2lX
ITW2aB23z5+1YOedwbnb2B2j7T8iIgYG8zNJFoOa0Ue4mXRR7KH0kyanxVSPjtn6
ZgM+xBu7yP5L+W2rWCjPPRwbLxdWaCuPvJ3EsUONbcI0OtY8FbKr01Qurk7i3Qme
1iPneOUenpndLn4cNb6gKZ8b1rRB+AlJCm7DnEDyarEEd62wzRFMb+djTU5SPZ0b
ococQpeHZ35UHuvFisJndbw17UkiLu8Dhivq6BaskcehToq0bhyewa8Pr1s+zcMU
mSEqfLIBZONzHxtCF0DFldDA5OJB8Y4iOMGSMxKxsKhAaBWolVceORM=
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIE0zCCArugAwIBAgIQdBtQh4FNN08MIj5GtnaTsjANBgkqhkiG9w0BAQUFADB9
MQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMi
U2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3Rh
cnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTYwOTIwMDAwMTAxWhcN
MTcwOTIwMDAwMTAxWjBHMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20g
THRkLjEgMB4GA1UEAxMXU3RhcnRDb20gT0NTUCBSZXNwb25kZXIwggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+u1eWLe/rWvxc47Qu0tV1qLs21UZ+9/yh
gX4+SVhxV4y9aCnBx3srokOOiGsGd0yjCGWn5Xuva7dvyfqvitQHBfsln52JbFzu
Hz3ds7jV6vZi6pccLGGCxsGKOdWWNPWDHpzKNoanJxNozeBjYVvBwOzOW9Q+36z6
Zc12ZHBtpfYph8GqZfkSLQ3ny6k2L6Bl2RPCYXn4hcdUpGMGfQ2vYTI1mrzCJ0EM
Euh4FFOt3jwQI+qEvSAbxHhsxRnl3kSjzgLZcIbANe/O1eTnmpgOTLNv/CBHIdny
E8FMZFy7IRLkKW/R6kdLz6Vpwnef0gliEbTUFeVwk1OlchXK7tX/AgMBAAGjgYQw
gYEwCwYDVR0PBAQDAgOoMBMGA1UdJQQMMAoGCCsGAQUFBwMJMAwGA1UdEwEB/wQC
MAAwDwYJKwYBBQUHMAEFBAIFADAdBgNVHQ4EFgQUX3RZDCL8uQvEIVzGbv4RJp/X
Kh0wHwYDVR0jBBgwFoAUTgvvGqRAW6UXaYcwyjRoQ9BBrvIwDQYJKoZIhvcNAQEF
BQADggIBAC2zqXg1aa4Z+UjDybskWRqXtL0UeRYQj5oycgohsItXXVSPvhIOep01
gAZ3XvWluVuuMdDFrqBIYNfhToeQ9nyBM7WykChkPIQ4kBk0s/RsvSq2QM2hCjr6
R1a4qtmZ3rLvFtsNnD2obtPZmOor7cCReY1XSwN4htV+MbYl1M3QahvnEIlkAcGy
vy9SnqRwPNxtUvMbzklpASUMGf6ZZK01zVAEWt5zoRr7ECsOjnAKN/hXX605+Sr1
VBcY0OsV1byXEiuOi2w+TQA94afDdziVS37yKR51VQXCAW4TUeJAXvhjUpxh7sGz
NVgD6tldJ6RQ9VlmFh3WMFbuM/cgGtr4aGHe0v+nlIVR/BYAmnwXEFaE7h9pVyE1
tmgdt8+ftWDnncG529gdo+0/IiIGBvMzSRaDmtFHuJl0Ueyh9JMmp8VUj47Z+mYD
PsQbu8j+S/ltq1gozz0cGy8XVmgrj7ydxLFDjW3CNDrWPBWyq9NULq5O4t0JntYj
53jlHp6Z3S5+HDW+oCmfG9a0QfgJSQpuw5xA8mqxBHetsM0RTG/nY01OUj2dG6HK
HEKXh2d+VB7rxYrCZ3W8Ne1JIi7vA4Yr6ugWrJHHoU6KtG4cnsGvD69bPs3DFJkh
KnyyAWTjcx8bQhdAxZXQwOTiQfGOIjjBkjMSsbCoQGgVqJVXHjkT
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [max-age=0, no-cache, no-store]
Content-Length: [1769]
Content-Transfer-Encoding: [Binary]
Content-Type: [application/ocsp-response]
Date: [Sun, 30 Apr 2017 12:51:43 GMT]
Etag: ["BC6FBDFC81644690C229A196681A0B86F1250CC6"]
Expires: [Sun, 30 Apr 2017 12:51:43 GMT]
Last-Modified: [Sun, 30 Apr 2017 10:12:25 GMT]
Pragma: [no-cache]
Server: [nginx/1.7.2]
X-Cache: [TCP_MEM_HIT from a23-219-92-86.deploy.akamaitechnologies.com (AkamaiGHost/8.3.2-19674918) (-)]
  • OCSP requests is smaller than 255 bytes
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • OCSP response is valid for at least 8 hours (Microsoft)
  • OCSP response is available at least 8 hours before the current period expires or at ½ the validity if valid for more than 16 hours (Microsoft)
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is not the same as the NextUpdate field (RFC 5019 section 6.2)
This OCSP response was cached at
http://ocsp.startssl.com (POST)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp.startssl.com (POST)
Size: 1769 bytes (DER data)
Response time: 531.237545ms
Signature algorithm: SHA1WithRSA
Signature type: CA Deligated
Signed by: StartCom OCSP Responder
Issued by: StartCom Certification Authority
Signing certificate validity: 2016-09-20 - 2017-09-20
Signing certificate algorithm: SHA1-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: nginx/1.7.2
Content Delivery Network (CDN): Akamai
Cache Information: TCP_MISS from a23-219-92-86.deploy.akamaitechnologies.com (AkamaiGHost/8.3.2-19674918) (-)

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFEwTzBNMEswSTAJBgUrDgMCGgUABBRBc6bT2N9qzRkeiWvn5WI5MHBpNQQUTgvv
GqRAW6UXaYcwyjRoQ9BBrvICEGpdw+U7Tk/Qe2kepfzsZGs=
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIG5QoBAKCCBt4wggbaBgkrBgEFBQcwAQEEggbLMIIGxzCB0aFJMEcxCzAJBgNV
BAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSAwHgYDVQQDExdTdGFydENv
bSBPQ1NQIFJlc3BvbmRlchgPMjAxNzA0MzAxMDEyMjVaMHMwcTBJMAkGBSsOAwIa
BQAEFEFzptPY32rNGR6Ja+flYjkwcGk1BBROC+8apEBbpRdphzDKNGhD0EGu8gIQ
al3D5TtOT9B7aR6l/Oxka4AAGA8yMDE3MDQzMDEwMTIyNVqgERgPMjAxNzA1MDQx
MDIyMjVaMA0GCSqGSIb3DQEBBQUAA4IBAQCQCD6g9du3sh4V44wXUjur2DALGKDv
DZRBHEB+pBK7QaHvZLDRzU2QgHjObMLx1GBL8UIPzYd7bzWFky4NodvZV/BxzrIA
LiqYiF3ZpMJ77a4o9lyLWyOGDxJ4rrg0nXZ7ys0tkJTElKHZYBfEv7cqFhHjoqtw
QpaY7Ck89VYclRz700Dpns9CaRsWutFvs+rbwIE0UN2j9UWs5AlSctCHxp+cEH25
vPmuKYUSP+/05iyPlbZcepWPGoIEXP28aLnU7fx+0ra3vmV1JTXya/7Rc+ijI+d5
tWWgWOD9M+typhIo7C0ExG0upzwAnuCOF0cRI0bSl0R6kSidsPUOtTENoIIE2zCC
BNcwggTTMIICu6ADAgECAhB0G1CHgU03TwwiPka2dpOyMA0GCSqGSIb3DQEBBQUA
MH0xCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQL
EyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMSkwJwYDVQQDEyBT
dGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xNjA5MjAwMDAxMDFa
Fw0xNzA5MjAwMDAxMDFaMEcxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENv
bSBMdGQuMSAwHgYDVQQDExdTdGFydENvbSBPQ1NQIFJlc3BvbmRlcjCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBAL67V5Yt7+ta/FzjtC7S1XWouzbVRn73
/KGBfj5JWHFXjL1oKcHHeyuiQ46IawZ3TKMIZafle69rt2/J+q+K1AcF+yWfnYls
XO4fPd2zuNXq9mLqlxwsYYLGwYo51ZY09YMenMo2hqcnE2jN4GNhW8HA7M5b1D7f
rPplzXZkcG2l9imHwapl+RItDefLqTYvoGXZE8JhefiFx1SkYwZ9Da9hMjWavMIn
QQwS6HgUU63ePBAj6oS9IBvEeGzFGeXeRKPOAtlwhsA1787V5OeamA5Ms2/8IEch
2fITwUxkXLshEuQpb9HqR0vPpWnCd5/SCWIRtNQV5XCTU6VyFcru1f8CAwEAAaOB
hDCBgTALBgNVHQ8EBAMCA6gwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDAYDVR0TAQH/
BAIwADAPBgkrBgEFBQcwAQUEAgUAMB0GA1UdDgQWBBRfdFkMIvy5C8QhXMZu/hEm
n9cqHTAfBgNVHSMEGDAWgBROC+8apEBbpRdphzDKNGhD0EGu8jANBgkqhkiG9w0B
AQUFAAOCAgEALbOpeDVprhn5SMPJuyRZGpe0vRR5FhCPmjJyCiGwi1ddVI++Eg56
nTWABnde9aW5W64x0MWuoEhg1+FOh5D2fIEztbKQKGQ8hDiQGTSz9Gy9KrZAzaEK
OvpHVriq2Znesu8W2w2cPahu09mY6ivtwJF5jVdLA3iG1X4xtiXUzdBqG+cQiWQB
wbK/L1KepHA83G1S8xvOSWkBJQwZ/plkrTXNUARa3nOhGvsQKw6OcAo3+FdfrTn5
KvVUFxjQ6xXVvJcSK46LbD5NAD3hp8N3OJVLfvIpHnVVBcIBbhNR4kBe+GNSnGHu
wbM1WAPq2V0npFD1WWYWHdYwVu4z9yAa2vhoYd7S/6eUhVH8FgCafBcQVoTuH2lX
ITW2aB23z5+1YOedwbnb2B2j7T8iIgYG8zNJFoOa0Ue4mXRR7KH0kyanxVSPjtn6
ZgM+xBu7yP5L+W2rWCjPPRwbLxdWaCuPvJ3EsUONbcI0OtY8FbKr01Qurk7i3Qme
1iPneOUenpndLn4cNb6gKZ8b1rRB+AlJCm7DnEDyarEEd62wzRFMb+djTU5SPZ0b
ococQpeHZ35UHuvFisJndbw17UkiLu8Dhivq6BaskcehToq0bhyewa8Pr1s+zcMU
mSEqfLIBZONzHxtCF0DFldDA5OJB8Y4iOMGSMxKxsKhAaBWolVceORM=
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIE0zCCArugAwIBAgIQdBtQh4FNN08MIj5GtnaTsjANBgkqhkiG9w0BAQUFADB9
MQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMi
U2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3Rh
cnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTYwOTIwMDAwMTAxWhcN
MTcwOTIwMDAwMTAxWjBHMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20g
THRkLjEgMB4GA1UEAxMXU3RhcnRDb20gT0NTUCBSZXNwb25kZXIwggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+u1eWLe/rWvxc47Qu0tV1qLs21UZ+9/yh
gX4+SVhxV4y9aCnBx3srokOOiGsGd0yjCGWn5Xuva7dvyfqvitQHBfsln52JbFzu
Hz3ds7jV6vZi6pccLGGCxsGKOdWWNPWDHpzKNoanJxNozeBjYVvBwOzOW9Q+36z6
Zc12ZHBtpfYph8GqZfkSLQ3ny6k2L6Bl2RPCYXn4hcdUpGMGfQ2vYTI1mrzCJ0EM
Euh4FFOt3jwQI+qEvSAbxHhsxRnl3kSjzgLZcIbANe/O1eTnmpgOTLNv/CBHIdny
E8FMZFy7IRLkKW/R6kdLz6Vpwnef0gliEbTUFeVwk1OlchXK7tX/AgMBAAGjgYQw
gYEwCwYDVR0PBAQDAgOoMBMGA1UdJQQMMAoGCCsGAQUFBwMJMAwGA1UdEwEB/wQC
MAAwDwYJKwYBBQUHMAEFBAIFADAdBgNVHQ4EFgQUX3RZDCL8uQvEIVzGbv4RJp/X
Kh0wHwYDVR0jBBgwFoAUTgvvGqRAW6UXaYcwyjRoQ9BBrvIwDQYJKoZIhvcNAQEF
BQADggIBAC2zqXg1aa4Z+UjDybskWRqXtL0UeRYQj5oycgohsItXXVSPvhIOep01
gAZ3XvWluVuuMdDFrqBIYNfhToeQ9nyBM7WykChkPIQ4kBk0s/RsvSq2QM2hCjr6
R1a4qtmZ3rLvFtsNnD2obtPZmOor7cCReY1XSwN4htV+MbYl1M3QahvnEIlkAcGy
vy9SnqRwPNxtUvMbzklpASUMGf6ZZK01zVAEWt5zoRr7ECsOjnAKN/hXX605+Sr1
VBcY0OsV1byXEiuOi2w+TQA94afDdziVS37yKR51VQXCAW4TUeJAXvhjUpxh7sGz
NVgD6tldJ6RQ9VlmFh3WMFbuM/cgGtr4aGHe0v+nlIVR/BYAmnwXEFaE7h9pVyE1
tmgdt8+ftWDnncG529gdo+0/IiIGBvMzSRaDmtFHuJl0Ueyh9JMmp8VUj47Z+mYD
PsQbu8j+S/ltq1gozz0cGy8XVmgrj7ydxLFDjW3CNDrWPBWyq9NULq5O4t0JntYj
53jlHp6Z3S5+HDW+oCmfG9a0QfgJSQpuw5xA8mqxBHetsM0RTG/nY01OUj2dG6HK
HEKXh2d+VB7rxYrCZ3W8Ne1JIi7vA4Yr6ugWrJHHoU6KtG4cnsGvD69bPs3DFJkh
KnyyAWTjcx8bQhdAxZXQwOTiQfGOIjjBkjMSsbCoQGgVqJVXHjkT
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [max-age=0, no-cache, no-store]
Content-Length: [1769]
Content-Transfer-Encoding: [Binary]
Content-Type: [application/ocsp-response]
Date: [Sun, 30 Apr 2017 12:51:43 GMT]
Etag: ["BC6FBDFC81644690C229A196681A0B86F1250CC6"]
Expires: [Sun, 30 Apr 2017 12:51:43 GMT]
Last-Modified: [Sun, 30 Apr 2017 10:12:25 GMT]
Pragma: [no-cache]
Server: [nginx/1.7.2]
X-Cache: [TCP_MISS from a23-219-92-86.deploy.akamaitechnologies.com (AkamaiGHost/8.3.2-19674918) (-)]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • OCSP response is valid for at least 8 hours (Microsoft)
  • OCSP response is available at least 8 hours before the current period expires or at ½ the validity if valid for more than 16 hours (Microsoft)
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is not the same as the NextUpdate field (RFC 5019 section 6.2)

StartCom Certification Authority (CA Certificate)

Certificate details for StartCom Certification Authority (At position 2 in certificate chain)
Serial number:
hex: 1
int: 1
Issued by: StartCom Certification Authority
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: StartCom Ltd.
Organization unit: Secure Digital Certificate Signing
Country: IL
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

This is a self signed certificate

Certificate Revocation List (CRL)

This CRL was cached at
http://cert.startcom.org/sfsca-crl.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://cert.startcom.org/sfsca-crl.crl
Size: 952 bytes (DER data)
Response time: 1.080140716s
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 7

Relevant server response headers

Date:
Last Modified:

Server and network information

Server Software: nginx/1.9.14

Raw CRL response headers

Accept-Ranges: [bytes]
Connection: [keep-alive]
Content-Length: [952]
Content-Type: [application/pkix-crl]
Date: [Sun, 30 Apr 2017 12:51:43 GMT]
Etag: ["58ede862-3b8"]
Last-Modified: [Wed, 12 Apr 2017 08:42:10 GMT]
Server: [nginx/1.9.14]
  • Content-Type in response is set to 'application/pkix-crl (RFC 5280, section 4.2.1.13)'
  • This CRL file is DER encoded
  • Issuer field is byte-for-byte equivalent with issuers subject
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is not the same as ThisUpdate (RFC 5019, section 6.2)
  • Expires cache header not set (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)
This CRL was cached at
http://crl.startcom.org/sfsca-crl.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://crl.startcom.org/sfsca-crl.crl
Size: 0 bytes (DER data)
Response time: 0s

Raw CRL response headers

Check the revocation status for another website

Created by Paul van Brouwershaven
Revoked certificates can't and should not be trusted, these certificate will cause errors like "NET::ERR_CERT_REVOKED" in browsers.