CRL & OCSP report for cloud.azevem.com

cloud.azevem.com

Certificate details for cloud.azevem.com (At position 0 in certificate chain)
Serial number:
hex: 22cba18fe0c228ee8e1d6af3bcb65fbc
int: 46251064986102504250271058694317170620
Issued by: StartCom Class 1 DV Server CA
Public Key Algorithm: RSA
Not valid before:
Not valid after:
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

Check certificate compliance for cloud.azevem.com.

Certificate Revocation List (CRL)

This CRL was cached at
http://crl.startssl.com/sca-server1.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://crl.startssl.com/sca-server1.crl
Size: 35998 bytes (DER data)
Response time: 1.520589244s
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 1014

Relevant server response headers

Date:
Last Modified:

Server and network information

Server Software: nginx/1.0.12
Content Delivery Network (CDN): Akamai
Cache Information: TCP_MEM_HIT from a72-246-64-151.deploy.akamaitechnologies.com (AkamaiGHost/8.3.4.1.2-20081415) (-)

Raw CRL response headers

Accept-Ranges: [bytes]
Content-Length: [48798]
Content-Type: [application/pkix-crl]
Date: [Sun, 25 Jun 2017 22:45:50 GMT]
Last-Modified: [Sun, 25 Jun 2017 10:16:41 GMT]
Server: [nginx/1.0.12]
X-Cache: [TCP_MEM_HIT from a72-246-64-151.deploy.akamaitechnologies.com (AkamaiGHost/8.3.4.1.2-20081415) (-)]
  • Content-Type in response is set to 'application/pkix-crl (RFC 5280, section 4.2.1.13)'
  • This CRL should be in DER format but is PEM encoded
  • Issuer field is byte-for-byte equivalent with issuers subject
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than seven days old, CRLs must be updated and reissued at least every seven days (Mozilla Maintenance Policy section 3)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is not the same as ThisUpdate (RFC 5019, section 6.2)
  • Expires cache header not set (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://ocsp.startssl.com (POST)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp.startssl.com (POST)
Size: 1643 bytes (DER data)
Response time: 1.511693668s
Signature algorithm: SHA256WithRSA
Signature type: CA Delegated
Signed by: StartCom Class 1 DV Server CA OCSP Responder
Issued by: StartCom Class 1 DV Server CA
Signing certificate validity: 2017-06-02 - 2017-09-20
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: nginx/1.7.2
Content Delivery Network (CDN): Akamai
Cache Information: TCP_MISS from a72-246-64-14.deploy.akamaitechnologies.com (AkamaiGHost/8.3.4.1.2-20081415) (-)

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFEwTzBNMEswSTAJBgUrDgMCGgUABBRRaBWasZmbOlXoYMAiydUZ4DA9KQQU15FO
AcSwv/jIZ5NEnOcz+q2TDK8CECLLoY/gwijujh1q87y2X7w=
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIGZwoBAKCCBmAwggZcBgkrBgEFBQcwAQEEggZNMIIGSTCCAROhgYowgYcxCzAJ
BgNVBAYTAklMMRYwFAYDVQQKDA1TdGFydENvbSBMdGQuMSkwJwYDVQQLDCBTdGFy
dENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTE1MDMGA1UEAwwsU3RhcnRDb20g
Q2xhc3MgMSBEViBTZXJ2ZXIgQ0EgT0NTUCBSZXNwb25kZXIYDzIwMTcwNjI1MjI0
NjMyWjBzMHEwSTAJBgUrDgMCGgUABBRRaBWasZmbOlXoYMAiydUZ4DA9KQQU15FO
AcSwv/jIZ5NEnOcz+q2TDK8CECLLoY/gwijujh1q87y2X7yAABgPMjAxNzA2MjUy
MjQ2MzJaoBEYDzIwMTcwNjI5MjI1NjMyWjANBgkqhkiG9w0BAQsFAAOCAQEAHDDD
Rf4ypckdDWsjHLZF8oSuesD/AlXpOJKT9+Be8jMyd9F/yryNMc5/w1iSE/xDrUKB
YqKZouFRo58klLjdx5X3MSkMNp4oqGykp4aKNJAXqlCHNYLrxsbSR7Jq2icQuRft
FSoQzrL/VrtStjx7W9UlRpv7Ex02wxjcZjvCDw2IH091YZ9P8+sG+cByQ/m5JCgK
87FGJyPDveDb4Mxqg4WunBlJ8Ifh20gk25a/4BkKa1r4tGQn7LBCKCcAdRP59unP
K2uJbFpUl8fycmF3evqvRbOVn/ZtA797bIif7Hs3CWpppHaThG48ajGwRZfhTbkc
6oAQs7gYyt2xEakKp6CCBBowggQWMIIEEjCCAvqgAwIBAgIQKV4OjBCUwLKsKTcM
1OMrtTANBgkqhkiG9w0BAQsFADB4MQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3Rh
cnRDb20gTHRkLjEpMCcGA1UECxMgU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRo
b3JpdHkxJjAkBgNVBAMTHVN0YXJ0Q29tIENsYXNzIDEgRFYgU2VydmVyIENBMB4X
DTE3MDYwMjAxNTc0MloXDTE3MDkyMDAxNTc0MlowgYcxCzAJBgNVBAYTAklMMRYw
FAYDVQQKDA1TdGFydENvbSBMdGQuMSkwJwYDVQQLDCBTdGFydENvbSBDZXJ0aWZp
Y2F0aW9uIEF1dGhvcml0eTE1MDMGA1UEAwwsU3RhcnRDb20gQ2xhc3MgMSBEViBT
ZXJ2ZXIgQ0EgT0NTUCBSZXNwb25kZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQCxztAkZzZoPrSIKeJqYXgc2Mp2+mrpa4DqE9NCvPzmcEh5Vfh/PK0O
OiYRv2J3baGLp/WDb4jlA+tgXPytOcAlYHIhEkDB0PKJchibFXQW46ywdKsKu33c
EKxQp/pFzE+8PQlpS7iB7CpchI8Jh3pBIuLbt2Sd20jMZ/t4VjyMUlLpx4wCwNdU
suPxxrm1TbHuBiRQBCnAT1QooOKghUabf6Jl5MEKYKrF/B4q61gDSn2ranq6uT4U
QEXmVp8YUb3z6K/Jw1+XlcfZSqVYezBuLj+Aa5HsZ8yIqjFlWl6Tdsz3l8JDmVDZ
ECzzCge8gOy69Lz87DnACpYfXaMm14NVAgMBAAGjgYcwgYQwDgYDVR0PAQH/BAQD
AgOoMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA8GCSsGAQUFBzABBQQCBQAwDAYDVR0T
AQH/BAIwADAdBgNVHQ4EFgQU6Qz75yLck6si1GnwmxYwuoUX3UowHwYDVR0jBBgw
FoAU15FOAcSwv/jIZ5NEnOcz+q2TDK8wDQYJKoZIhvcNAQELBQADggEBAMdcPlYg
fdi+vA3FvBHKGEA9BrUo7jNBR3SsMuZgtZTfXAp+vSHvWViVUs3MZLikHav27m7Y
I1FyaS4+gFy91EEsGcHu3OiB5PGv1rQte2skpvE5EaTbvPSFLZw2T2+pukanP0TU
9D7XuOM30htrDCK4sJCBPNiPcJ0Ng6E2sWFCPrYG2kYyCNQ7DfMKFtSiSvh3FcLs
cKKKA7Gw0wJbZvsp51B4wg7rnK7K7Uv7+854LYId92QD7hyGRSxiHE09bfKga9as
wbVM5sYgBOgfgSOGJuYyI80qORBr6L9xuF3JSjdMK246Yhp/LJFrXBExsawoyT5k
Nnn494G6dCTXDGg=
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIEEjCCAvqgAwIBAgIQKV4OjBCUwLKsKTcM1OMrtTANBgkqhkiG9w0BAQsFADB4
MQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjEpMCcGA1UECxMg
U3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxJjAkBgNVBAMTHVN0YXJ0
Q29tIENsYXNzIDEgRFYgU2VydmVyIENBMB4XDTE3MDYwMjAxNTc0MloXDTE3MDky
MDAxNTc0MlowgYcxCzAJBgNVBAYTAklMMRYwFAYDVQQKDA1TdGFydENvbSBMdGQu
MSkwJwYDVQQLDCBTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTE1MDMG
A1UEAwwsU3RhcnRDb20gQ2xhc3MgMSBEViBTZXJ2ZXIgQ0EgT0NTUCBSZXNwb25k
ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxztAkZzZoPrSIKeJq
YXgc2Mp2+mrpa4DqE9NCvPzmcEh5Vfh/PK0OOiYRv2J3baGLp/WDb4jlA+tgXPyt
OcAlYHIhEkDB0PKJchibFXQW46ywdKsKu33cEKxQp/pFzE+8PQlpS7iB7CpchI8J
h3pBIuLbt2Sd20jMZ/t4VjyMUlLpx4wCwNdUsuPxxrm1TbHuBiRQBCnAT1QooOKg
hUabf6Jl5MEKYKrF/B4q61gDSn2ranq6uT4UQEXmVp8YUb3z6K/Jw1+XlcfZSqVY
ezBuLj+Aa5HsZ8yIqjFlWl6Tdsz3l8JDmVDZECzzCge8gOy69Lz87DnACpYfXaMm
14NVAgMBAAGjgYcwgYQwDgYDVR0PAQH/BAQDAgOoMBMGA1UdJQQMMAoGCCsGAQUF
BwMJMA8GCSsGAQUFBzABBQQCBQAwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU6Qz7
5yLck6si1GnwmxYwuoUX3UowHwYDVR0jBBgwFoAU15FOAcSwv/jIZ5NEnOcz+q2T
DK8wDQYJKoZIhvcNAQELBQADggEBAMdcPlYgfdi+vA3FvBHKGEA9BrUo7jNBR3Ss
MuZgtZTfXAp+vSHvWViVUs3MZLikHav27m7YI1FyaS4+gFy91EEsGcHu3OiB5PGv
1rQte2skpvE5EaTbvPSFLZw2T2+pukanP0TU9D7XuOM30htrDCK4sJCBPNiPcJ0N
g6E2sWFCPrYG2kYyCNQ7DfMKFtSiSvh3FcLscKKKA7Gw0wJbZvsp51B4wg7rnK7K
7Uv7+854LYId92QD7hyGRSxiHE09bfKga9aswbVM5sYgBOgfgSOGJuYyI80qORBr
6L9xuF3JSjdMK246Yhp/LJFrXBExsawoyT5kNnn494G6dCTXDGg=
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [max-age=0, no-cache, no-store]
Content-Length: [1643]
Content-Transfer-Encoding: [Binary]
Content-Type: [application/ocsp-response]
Date: [Sun, 25 Jun 2017 22:45:50 GMT]
Etag: ["0162B0FD8F7B89DF542D2F6C991966B44CBA65BB"]
Expires: [Sun, 25 Jun 2017 22:45:50 GMT]
Last-Modified: [Sun, 25 Jun 2017 22:46:32 GMT]
Pragma: [no-cache]
Server: [nginx/1.7.2]
X-Cache: [TCP_MISS from a72-246-64-14.deploy.akamaitechnologies.com (AkamaiGHost/8.3.4.1.2-20081415) (-)]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • OCSP response is valid for at least 8 hours (Microsoft)
  • OCSP response is available at least 8 hours before the current period expires or at ½ the validity if valid for more than 16 hours (Microsoft)
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is not yet valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is not the same as the NextUpdate field (RFC 5019 section 6.2)
This OCSP response was cached at
http://ocsp.startssl.com (GET)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp.startssl.com (GET)
Size: 1643 bytes (DER data)
Response time: 1.513105665s
Signature algorithm: SHA256WithRSA
Signature type: CA Delegated
Signed by: StartCom Class 1 DV Server CA OCSP Responder
Issued by: StartCom Class 1 DV Server CA
Signing certificate validity: 2017-06-02 - 2017-09-20
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: nginx/1.7.2
Content Delivery Network (CDN): Akamai
Cache Information: TCP_MISS from a72-246-64-14.deploy.akamaitechnologies.com (AkamaiGHost/8.3.4.1.2-20081415) (-)

URL used for GET request

http://ocsp.startssl.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRRaBWasZmbOlXoYMAiydUZ4DA9KQQU15FOAcSwv%2FjIZ5NEnOcz%2Bq2TDK8CECLLoY%2Fgwijujh1q87y2X7w%3D

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFEwTzBNMEswSTAJBgUrDgMCGgUABBRRaBWasZmbOlXoYMAiydUZ4DA9KQQU15FO
AcSwv/jIZ5NEnOcz+q2TDK8CECLLoY/gwijujh1q87y2X7w=
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIGZwoBAKCCBmAwggZcBgkrBgEFBQcwAQEEggZNMIIGSTCCAROhgYowgYcxCzAJ
BgNVBAYTAklMMRYwFAYDVQQKDA1TdGFydENvbSBMdGQuMSkwJwYDVQQLDCBTdGFy
dENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTE1MDMGA1UEAwwsU3RhcnRDb20g
Q2xhc3MgMSBEViBTZXJ2ZXIgQ0EgT0NTUCBSZXNwb25kZXIYDzIwMTcwNjI1MjI0
NjMyWjBzMHEwSTAJBgUrDgMCGgUABBRRaBWasZmbOlXoYMAiydUZ4DA9KQQU15FO
AcSwv/jIZ5NEnOcz+q2TDK8CECLLoY/gwijujh1q87y2X7yAABgPMjAxNzA2MjUy
MjQ2MzJaoBEYDzIwMTcwNjI5MjI1NjMyWjANBgkqhkiG9w0BAQsFAAOCAQEAHDDD
Rf4ypckdDWsjHLZF8oSuesD/AlXpOJKT9+Be8jMyd9F/yryNMc5/w1iSE/xDrUKB
YqKZouFRo58klLjdx5X3MSkMNp4oqGykp4aKNJAXqlCHNYLrxsbSR7Jq2icQuRft
FSoQzrL/VrtStjx7W9UlRpv7Ex02wxjcZjvCDw2IH091YZ9P8+sG+cByQ/m5JCgK
87FGJyPDveDb4Mxqg4WunBlJ8Ifh20gk25a/4BkKa1r4tGQn7LBCKCcAdRP59unP
K2uJbFpUl8fycmF3evqvRbOVn/ZtA797bIif7Hs3CWpppHaThG48ajGwRZfhTbkc
6oAQs7gYyt2xEakKp6CCBBowggQWMIIEEjCCAvqgAwIBAgIQKV4OjBCUwLKsKTcM
1OMrtTANBgkqhkiG9w0BAQsFADB4MQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3Rh
cnRDb20gTHRkLjEpMCcGA1UECxMgU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRo
b3JpdHkxJjAkBgNVBAMTHVN0YXJ0Q29tIENsYXNzIDEgRFYgU2VydmVyIENBMB4X
DTE3MDYwMjAxNTc0MloXDTE3MDkyMDAxNTc0MlowgYcxCzAJBgNVBAYTAklMMRYw
FAYDVQQKDA1TdGFydENvbSBMdGQuMSkwJwYDVQQLDCBTdGFydENvbSBDZXJ0aWZp
Y2F0aW9uIEF1dGhvcml0eTE1MDMGA1UEAwwsU3RhcnRDb20gQ2xhc3MgMSBEViBT
ZXJ2ZXIgQ0EgT0NTUCBSZXNwb25kZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQCxztAkZzZoPrSIKeJqYXgc2Mp2+mrpa4DqE9NCvPzmcEh5Vfh/PK0O
OiYRv2J3baGLp/WDb4jlA+tgXPytOcAlYHIhEkDB0PKJchibFXQW46ywdKsKu33c
EKxQp/pFzE+8PQlpS7iB7CpchI8Jh3pBIuLbt2Sd20jMZ/t4VjyMUlLpx4wCwNdU
suPxxrm1TbHuBiRQBCnAT1QooOKghUabf6Jl5MEKYKrF/B4q61gDSn2ranq6uT4U
QEXmVp8YUb3z6K/Jw1+XlcfZSqVYezBuLj+Aa5HsZ8yIqjFlWl6Tdsz3l8JDmVDZ
ECzzCge8gOy69Lz87DnACpYfXaMm14NVAgMBAAGjgYcwgYQwDgYDVR0PAQH/BAQD
AgOoMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA8GCSsGAQUFBzABBQQCBQAwDAYDVR0T
AQH/BAIwADAdBgNVHQ4EFgQU6Qz75yLck6si1GnwmxYwuoUX3UowHwYDVR0jBBgw
FoAU15FOAcSwv/jIZ5NEnOcz+q2TDK8wDQYJKoZIhvcNAQELBQADggEBAMdcPlYg
fdi+vA3FvBHKGEA9BrUo7jNBR3SsMuZgtZTfXAp+vSHvWViVUs3MZLikHav27m7Y
I1FyaS4+gFy91EEsGcHu3OiB5PGv1rQte2skpvE5EaTbvPSFLZw2T2+pukanP0TU
9D7XuOM30htrDCK4sJCBPNiPcJ0Ng6E2sWFCPrYG2kYyCNQ7DfMKFtSiSvh3FcLs
cKKKA7Gw0wJbZvsp51B4wg7rnK7K7Uv7+854LYId92QD7hyGRSxiHE09bfKga9as
wbVM5sYgBOgfgSOGJuYyI80qORBr6L9xuF3JSjdMK246Yhp/LJFrXBExsawoyT5k
Nnn494G6dCTXDGg=
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIEEjCCAvqgAwIBAgIQKV4OjBCUwLKsKTcM1OMrtTANBgkqhkiG9w0BAQsFADB4
MQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjEpMCcGA1UECxMg
U3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxJjAkBgNVBAMTHVN0YXJ0
Q29tIENsYXNzIDEgRFYgU2VydmVyIENBMB4XDTE3MDYwMjAxNTc0MloXDTE3MDky
MDAxNTc0MlowgYcxCzAJBgNVBAYTAklMMRYwFAYDVQQKDA1TdGFydENvbSBMdGQu
MSkwJwYDVQQLDCBTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTE1MDMG
A1UEAwwsU3RhcnRDb20gQ2xhc3MgMSBEViBTZXJ2ZXIgQ0EgT0NTUCBSZXNwb25k
ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxztAkZzZoPrSIKeJq
YXgc2Mp2+mrpa4DqE9NCvPzmcEh5Vfh/PK0OOiYRv2J3baGLp/WDb4jlA+tgXPyt
OcAlYHIhEkDB0PKJchibFXQW46ywdKsKu33cEKxQp/pFzE+8PQlpS7iB7CpchI8J
h3pBIuLbt2Sd20jMZ/t4VjyMUlLpx4wCwNdUsuPxxrm1TbHuBiRQBCnAT1QooOKg
hUabf6Jl5MEKYKrF/B4q61gDSn2ranq6uT4UQEXmVp8YUb3z6K/Jw1+XlcfZSqVY
ezBuLj+Aa5HsZ8yIqjFlWl6Tdsz3l8JDmVDZECzzCge8gOy69Lz87DnACpYfXaMm
14NVAgMBAAGjgYcwgYQwDgYDVR0PAQH/BAQDAgOoMBMGA1UdJQQMMAoGCCsGAQUF
BwMJMA8GCSsGAQUFBzABBQQCBQAwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU6Qz7
5yLck6si1GnwmxYwuoUX3UowHwYDVR0jBBgwFoAU15FOAcSwv/jIZ5NEnOcz+q2T
DK8wDQYJKoZIhvcNAQELBQADggEBAMdcPlYgfdi+vA3FvBHKGEA9BrUo7jNBR3Ss
MuZgtZTfXAp+vSHvWViVUs3MZLikHav27m7YI1FyaS4+gFy91EEsGcHu3OiB5PGv
1rQte2skpvE5EaTbvPSFLZw2T2+pukanP0TU9D7XuOM30htrDCK4sJCBPNiPcJ0N
g6E2sWFCPrYG2kYyCNQ7DfMKFtSiSvh3FcLscKKKA7Gw0wJbZvsp51B4wg7rnK7K
7Uv7+854LYId92QD7hyGRSxiHE09bfKga9aswbVM5sYgBOgfgSOGJuYyI80qORBr
6L9xuF3JSjdMK246Yhp/LJFrXBExsawoyT5kNnn494G6dCTXDGg=
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [max-age=0, no-cache, no-store]
Content-Length: [1643]
Content-Transfer-Encoding: [Binary]
Content-Type: [application/ocsp-response]
Date: [Sun, 25 Jun 2017 22:45:50 GMT]
Etag: ["0162B0FD8F7B89DF542D2F6C991966B44CBA65BB"]
Expires: [Sun, 25 Jun 2017 22:45:50 GMT]
Last-Modified: [Sun, 25 Jun 2017 22:46:32 GMT]
Pragma: [no-cache]
Server: [nginx/1.7.2]
X-Cache: [TCP_MISS from a72-246-64-14.deploy.akamaitechnologies.com (AkamaiGHost/8.3.4.1.2-20081415) (-)]
  • OCSP requests is smaller than 255 bytes
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • OCSP response is valid for at least 8 hours (Microsoft)
  • OCSP response is available at least 8 hours before the current period expires or at ½ the validity if valid for more than 16 hours (Microsoft)
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is not yet valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is not the same as the NextUpdate field (RFC 5019 section 6.2)

StartCom Class 1 DV Server CA (CA Certificate)

Certificate details for StartCom Class 1 DV Server CA (At position 1 in certificate chain)
Serial number:
hex: 6a5dc3e53b4e4fd07b691ea5fcec646b
int: 141385024392521038045679749985328718955
Issued by: StartCom Certification Authority
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: StartCom Ltd.
Organization unit: StartCom Certification Authority
Country: IL
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

Certificate Revocation List (CRL)

This CRL was cached at
http://crl.startssl.com/sfsca.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://crl.startssl.com/sfsca.crl
Size: 952 bytes (DER data)
Response time: 1.537799993s
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 7

Relevant server response headers

Date:
Last Modified:

Server and network information

Server Software: nginx/1.0.12
Content Delivery Network (CDN): Akamai
Cache Information: TCP_MEM_HIT from a72-246-64-151.deploy.akamaitechnologies.com (AkamaiGHost/8.3.4.1.2-20081415) (-)

Raw CRL response headers

Accept-Ranges: [bytes]
Content-Length: [952]
Content-Type: [application/pkix-crl]
Date: [Sun, 25 Jun 2017 22:45:50 GMT]
Last-Modified: [Wed, 07 Jun 2017 01:34:33 GMT]
Server: [nginx/1.0.12]
X-Cache: [TCP_MEM_HIT from a72-246-64-151.deploy.akamaitechnologies.com (AkamaiGHost/8.3.4.1.2-20081415) (-)]
  • Content-Type in response is set to 'application/pkix-crl (RFC 5280, section 4.2.1.13)'
  • This CRL file is DER encoded
  • Issuer field is byte-for-byte equivalent with issuers subject
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is not the same as ThisUpdate (RFC 5019, section 6.2)
  • Expires cache header not set (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://ocsp.startssl.com (POST)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp.startssl.com (POST)
Size: 1769 bytes (DER data)
Response time: 1.496569327s
Signature algorithm: SHA1WithRSA
Signature type: CA Delegated
Signed by: StartCom OCSP Responder
Issued by: StartCom Certification Authority
Signing certificate validity: 2016-09-20 - 2017-09-20
Signing certificate algorithm: SHA1-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: nginx/1.7.2
Content Delivery Network (CDN): Akamai
Cache Information: TCP_MISS from a72-246-64-14.deploy.akamaitechnologies.com (AkamaiGHost/8.3.4.1.2-20081415) (-)

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFEwTzBNMEswSTAJBgUrDgMCGgUABBRBc6bT2N9qzRkeiWvn5WI5MHBpNQQUTgvv
GqRAW6UXaYcwyjRoQ9BBrvICEGpdw+U7Tk/Qe2kepfzsZGs=
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIG5QoBAKCCBt4wggbaBgkrBgEFBQcwAQEEggbLMIIGxzCB0aFJMEcxCzAJBgNV
BAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSAwHgYDVQQDExdTdGFydENv
bSBPQ1NQIFJlc3BvbmRlchgPMjAxNzA2MjUxMDEyNDBaMHMwcTBJMAkGBSsOAwIa
BQAEFEFzptPY32rNGR6Ja+flYjkwcGk1BBROC+8apEBbpRdphzDKNGhD0EGu8gIQ
al3D5TtOT9B7aR6l/Oxka4AAGA8yMDE3MDYyNTEwMTI0MFqgERgPMjAxNzA2Mjkx
MDIyNDBaMA0GCSqGSIb3DQEBBQUAA4IBAQBO37NKTXdgpeBPtsaY+n5r/o8tHIqh
RUHNKhj8U3ijRCzXXrdMzPBgdbU/t8J4mnKQCtca9n+Rn4qVkESdEUIdxGcS7w/O
XV6wbikAyIXk6whJRetY9ZcyQ/c5ZFFAuVLqLE8w6kzJEAeLBDwQ0WuBKcyDY4yD
FDtjZOVkC4pjWBGVZcWBzIOYp7JlAhI1zCOMeghn6myfmMm1HRU58po+MKX+Zoyu
hgsKomuUGmM1+c4ki0K1hT8O5EakjuVNxj7KUIjY9PhpMOygGuZrHYuWEv6ZRfxK
qjgyw0/fn9///FRESGYAN+p+TyGF9tud7Kse1mcHArc62Nljs2t676WwoIIE2zCC
BNcwggTTMIICu6ADAgECAhB0G1CHgU03TwwiPka2dpOyMA0GCSqGSIb3DQEBBQUA
MH0xCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQL
EyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMSkwJwYDVQQDEyBT
dGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xNjA5MjAwMDAxMDFa
Fw0xNzA5MjAwMDAxMDFaMEcxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENv
bSBMdGQuMSAwHgYDVQQDExdTdGFydENvbSBPQ1NQIFJlc3BvbmRlcjCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBAL67V5Yt7+ta/FzjtC7S1XWouzbVRn73
/KGBfj5JWHFXjL1oKcHHeyuiQ46IawZ3TKMIZafle69rt2/J+q+K1AcF+yWfnYls
XO4fPd2zuNXq9mLqlxwsYYLGwYo51ZY09YMenMo2hqcnE2jN4GNhW8HA7M5b1D7f
rPplzXZkcG2l9imHwapl+RItDefLqTYvoGXZE8JhefiFx1SkYwZ9Da9hMjWavMIn
QQwS6HgUU63ePBAj6oS9IBvEeGzFGeXeRKPOAtlwhsA1787V5OeamA5Ms2/8IEch
2fITwUxkXLshEuQpb9HqR0vPpWnCd5/SCWIRtNQV5XCTU6VyFcru1f8CAwEAAaOB
hDCBgTALBgNVHQ8EBAMCA6gwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDAYDVR0TAQH/
BAIwADAPBgkrBgEFBQcwAQUEAgUAMB0GA1UdDgQWBBRfdFkMIvy5C8QhXMZu/hEm
n9cqHTAfBgNVHSMEGDAWgBROC+8apEBbpRdphzDKNGhD0EGu8jANBgkqhkiG9w0B
AQUFAAOCAgEALbOpeDVprhn5SMPJuyRZGpe0vRR5FhCPmjJyCiGwi1ddVI++Eg56
nTWABnde9aW5W64x0MWuoEhg1+FOh5D2fIEztbKQKGQ8hDiQGTSz9Gy9KrZAzaEK
OvpHVriq2Znesu8W2w2cPahu09mY6ivtwJF5jVdLA3iG1X4xtiXUzdBqG+cQiWQB
wbK/L1KepHA83G1S8xvOSWkBJQwZ/plkrTXNUARa3nOhGvsQKw6OcAo3+FdfrTn5
KvVUFxjQ6xXVvJcSK46LbD5NAD3hp8N3OJVLfvIpHnVVBcIBbhNR4kBe+GNSnGHu
wbM1WAPq2V0npFD1WWYWHdYwVu4z9yAa2vhoYd7S/6eUhVH8FgCafBcQVoTuH2lX
ITW2aB23z5+1YOedwbnb2B2j7T8iIgYG8zNJFoOa0Ue4mXRR7KH0kyanxVSPjtn6
ZgM+xBu7yP5L+W2rWCjPPRwbLxdWaCuPvJ3EsUONbcI0OtY8FbKr01Qurk7i3Qme
1iPneOUenpndLn4cNb6gKZ8b1rRB+AlJCm7DnEDyarEEd62wzRFMb+djTU5SPZ0b
ococQpeHZ35UHuvFisJndbw17UkiLu8Dhivq6BaskcehToq0bhyewa8Pr1s+zcMU
mSEqfLIBZONzHxtCF0DFldDA5OJB8Y4iOMGSMxKxsKhAaBWolVceORM=
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIE0zCCArugAwIBAgIQdBtQh4FNN08MIj5GtnaTsjANBgkqhkiG9w0BAQUFADB9
MQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMi
U2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3Rh
cnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTYwOTIwMDAwMTAxWhcN
MTcwOTIwMDAwMTAxWjBHMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20g
THRkLjEgMB4GA1UEAxMXU3RhcnRDb20gT0NTUCBSZXNwb25kZXIwggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+u1eWLe/rWvxc47Qu0tV1qLs21UZ+9/yh
gX4+SVhxV4y9aCnBx3srokOOiGsGd0yjCGWn5Xuva7dvyfqvitQHBfsln52JbFzu
Hz3ds7jV6vZi6pccLGGCxsGKOdWWNPWDHpzKNoanJxNozeBjYVvBwOzOW9Q+36z6
Zc12ZHBtpfYph8GqZfkSLQ3ny6k2L6Bl2RPCYXn4hcdUpGMGfQ2vYTI1mrzCJ0EM
Euh4FFOt3jwQI+qEvSAbxHhsxRnl3kSjzgLZcIbANe/O1eTnmpgOTLNv/CBHIdny
E8FMZFy7IRLkKW/R6kdLz6Vpwnef0gliEbTUFeVwk1OlchXK7tX/AgMBAAGjgYQw
gYEwCwYDVR0PBAQDAgOoMBMGA1UdJQQMMAoGCCsGAQUFBwMJMAwGA1UdEwEB/wQC
MAAwDwYJKwYBBQUHMAEFBAIFADAdBgNVHQ4EFgQUX3RZDCL8uQvEIVzGbv4RJp/X
Kh0wHwYDVR0jBBgwFoAUTgvvGqRAW6UXaYcwyjRoQ9BBrvIwDQYJKoZIhvcNAQEF
BQADggIBAC2zqXg1aa4Z+UjDybskWRqXtL0UeRYQj5oycgohsItXXVSPvhIOep01
gAZ3XvWluVuuMdDFrqBIYNfhToeQ9nyBM7WykChkPIQ4kBk0s/RsvSq2QM2hCjr6
R1a4qtmZ3rLvFtsNnD2obtPZmOor7cCReY1XSwN4htV+MbYl1M3QahvnEIlkAcGy
vy9SnqRwPNxtUvMbzklpASUMGf6ZZK01zVAEWt5zoRr7ECsOjnAKN/hXX605+Sr1
VBcY0OsV1byXEiuOi2w+TQA94afDdziVS37yKR51VQXCAW4TUeJAXvhjUpxh7sGz
NVgD6tldJ6RQ9VlmFh3WMFbuM/cgGtr4aGHe0v+nlIVR/BYAmnwXEFaE7h9pVyE1
tmgdt8+ftWDnncG529gdo+0/IiIGBvMzSRaDmtFHuJl0Ueyh9JMmp8VUj47Z+mYD
PsQbu8j+S/ltq1gozz0cGy8XVmgrj7ydxLFDjW3CNDrWPBWyq9NULq5O4t0JntYj
53jlHp6Z3S5+HDW+oCmfG9a0QfgJSQpuw5xA8mqxBHetsM0RTG/nY01OUj2dG6HK
HEKXh2d+VB7rxYrCZ3W8Ne1JIi7vA4Yr6ugWrJHHoU6KtG4cnsGvD69bPs3DFJkh
KnyyAWTjcx8bQhdAxZXQwOTiQfGOIjjBkjMSsbCoQGgVqJVXHjkT
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [max-age=0, no-cache, no-store]
Content-Length: [1769]
Content-Transfer-Encoding: [Binary]
Content-Type: [application/ocsp-response]
Date: [Sun, 25 Jun 2017 22:45:50 GMT]
Etag: ["94D2B4D000C33423750478A26548248BB8DF4EE5"]
Expires: [Sun, 25 Jun 2017 22:45:50 GMT]
Last-Modified: [Sun, 25 Jun 2017 10:12:40 GMT]
Pragma: [no-cache]
Server: [nginx/1.7.2]
X-Cache: [TCP_MISS from a72-246-64-14.deploy.akamaitechnologies.com (AkamaiGHost/8.3.4.1.2-20081415) (-)]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • OCSP response is valid for at least 8 hours (Microsoft)
  • OCSP response is available at least 8 hours before the current period expires or at ½ the validity if valid for more than 16 hours (Microsoft)
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is not the same as the NextUpdate field (RFC 5019 section 6.2)
This OCSP response was cached at
http://ocsp.startssl.com (GET)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp.startssl.com (GET)
Size: 1769 bytes (DER data)
Response time: 1.499400578s
Signature algorithm: SHA1WithRSA
Signature type: CA Delegated
Signed by: StartCom OCSP Responder
Issued by: StartCom Certification Authority
Signing certificate validity: 2016-09-20 - 2017-09-20
Signing certificate algorithm: SHA1-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: nginx/1.7.2
Content Delivery Network (CDN): Akamai
Cache Information: TCP_MEM_HIT from a72-246-64-14.deploy.akamaitechnologies.com (AkamaiGHost/8.3.4.1.2-20081415) (-)

URL used for GET request

http://ocsp.startssl.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRBc6bT2N9qzRkeiWvn5WI5MHBpNQQUTgvvGqRAW6UXaYcwyjRoQ9BBrvICEGpdw%2BU7Tk%2FQe2kepfzsZGs%3D

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFEwTzBNMEswSTAJBgUrDgMCGgUABBRBc6bT2N9qzRkeiWvn5WI5MHBpNQQUTgvv
GqRAW6UXaYcwyjRoQ9BBrvICEGpdw+U7Tk/Qe2kepfzsZGs=
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIG5QoBAKCCBt4wggbaBgkrBgEFBQcwAQEEggbLMIIGxzCB0aFJMEcxCzAJBgNV
BAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSAwHgYDVQQDExdTdGFydENv
bSBPQ1NQIFJlc3BvbmRlchgPMjAxNzA2MjUxMDEyNDBaMHMwcTBJMAkGBSsOAwIa
BQAEFEFzptPY32rNGR6Ja+flYjkwcGk1BBROC+8apEBbpRdphzDKNGhD0EGu8gIQ
al3D5TtOT9B7aR6l/Oxka4AAGA8yMDE3MDYyNTEwMTI0MFqgERgPMjAxNzA2Mjkx
MDIyNDBaMA0GCSqGSIb3DQEBBQUAA4IBAQBO37NKTXdgpeBPtsaY+n5r/o8tHIqh
RUHNKhj8U3ijRCzXXrdMzPBgdbU/t8J4mnKQCtca9n+Rn4qVkESdEUIdxGcS7w/O
XV6wbikAyIXk6whJRetY9ZcyQ/c5ZFFAuVLqLE8w6kzJEAeLBDwQ0WuBKcyDY4yD
FDtjZOVkC4pjWBGVZcWBzIOYp7JlAhI1zCOMeghn6myfmMm1HRU58po+MKX+Zoyu
hgsKomuUGmM1+c4ki0K1hT8O5EakjuVNxj7KUIjY9PhpMOygGuZrHYuWEv6ZRfxK
qjgyw0/fn9///FRESGYAN+p+TyGF9tud7Kse1mcHArc62Nljs2t676WwoIIE2zCC
BNcwggTTMIICu6ADAgECAhB0G1CHgU03TwwiPka2dpOyMA0GCSqGSIb3DQEBBQUA
MH0xCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQL
EyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMSkwJwYDVQQDEyBT
dGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xNjA5MjAwMDAxMDFa
Fw0xNzA5MjAwMDAxMDFaMEcxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENv
bSBMdGQuMSAwHgYDVQQDExdTdGFydENvbSBPQ1NQIFJlc3BvbmRlcjCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBAL67V5Yt7+ta/FzjtC7S1XWouzbVRn73
/KGBfj5JWHFXjL1oKcHHeyuiQ46IawZ3TKMIZafle69rt2/J+q+K1AcF+yWfnYls
XO4fPd2zuNXq9mLqlxwsYYLGwYo51ZY09YMenMo2hqcnE2jN4GNhW8HA7M5b1D7f
rPplzXZkcG2l9imHwapl+RItDefLqTYvoGXZE8JhefiFx1SkYwZ9Da9hMjWavMIn
QQwS6HgUU63ePBAj6oS9IBvEeGzFGeXeRKPOAtlwhsA1787V5OeamA5Ms2/8IEch
2fITwUxkXLshEuQpb9HqR0vPpWnCd5/SCWIRtNQV5XCTU6VyFcru1f8CAwEAAaOB
hDCBgTALBgNVHQ8EBAMCA6gwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDAYDVR0TAQH/
BAIwADAPBgkrBgEFBQcwAQUEAgUAMB0GA1UdDgQWBBRfdFkMIvy5C8QhXMZu/hEm
n9cqHTAfBgNVHSMEGDAWgBROC+8apEBbpRdphzDKNGhD0EGu8jANBgkqhkiG9w0B
AQUFAAOCAgEALbOpeDVprhn5SMPJuyRZGpe0vRR5FhCPmjJyCiGwi1ddVI++Eg56
nTWABnde9aW5W64x0MWuoEhg1+FOh5D2fIEztbKQKGQ8hDiQGTSz9Gy9KrZAzaEK
OvpHVriq2Znesu8W2w2cPahu09mY6ivtwJF5jVdLA3iG1X4xtiXUzdBqG+cQiWQB
wbK/L1KepHA83G1S8xvOSWkBJQwZ/plkrTXNUARa3nOhGvsQKw6OcAo3+FdfrTn5
KvVUFxjQ6xXVvJcSK46LbD5NAD3hp8N3OJVLfvIpHnVVBcIBbhNR4kBe+GNSnGHu
wbM1WAPq2V0npFD1WWYWHdYwVu4z9yAa2vhoYd7S/6eUhVH8FgCafBcQVoTuH2lX
ITW2aB23z5+1YOedwbnb2B2j7T8iIgYG8zNJFoOa0Ue4mXRR7KH0kyanxVSPjtn6
ZgM+xBu7yP5L+W2rWCjPPRwbLxdWaCuPvJ3EsUONbcI0OtY8FbKr01Qurk7i3Qme
1iPneOUenpndLn4cNb6gKZ8b1rRB+AlJCm7DnEDyarEEd62wzRFMb+djTU5SPZ0b
ococQpeHZ35UHuvFisJndbw17UkiLu8Dhivq6BaskcehToq0bhyewa8Pr1s+zcMU
mSEqfLIBZONzHxtCF0DFldDA5OJB8Y4iOMGSMxKxsKhAaBWolVceORM=
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIE0zCCArugAwIBAgIQdBtQh4FNN08MIj5GtnaTsjANBgkqhkiG9w0BAQUFADB9
MQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMi
U2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3Rh
cnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTYwOTIwMDAwMTAxWhcN
MTcwOTIwMDAwMTAxWjBHMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20g
THRkLjEgMB4GA1UEAxMXU3RhcnRDb20gT0NTUCBSZXNwb25kZXIwggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+u1eWLe/rWvxc47Qu0tV1qLs21UZ+9/yh
gX4+SVhxV4y9aCnBx3srokOOiGsGd0yjCGWn5Xuva7dvyfqvitQHBfsln52JbFzu
Hz3ds7jV6vZi6pccLGGCxsGKOdWWNPWDHpzKNoanJxNozeBjYVvBwOzOW9Q+36z6
Zc12ZHBtpfYph8GqZfkSLQ3ny6k2L6Bl2RPCYXn4hcdUpGMGfQ2vYTI1mrzCJ0EM
Euh4FFOt3jwQI+qEvSAbxHhsxRnl3kSjzgLZcIbANe/O1eTnmpgOTLNv/CBHIdny
E8FMZFy7IRLkKW/R6kdLz6Vpwnef0gliEbTUFeVwk1OlchXK7tX/AgMBAAGjgYQw
gYEwCwYDVR0PBAQDAgOoMBMGA1UdJQQMMAoGCCsGAQUFBwMJMAwGA1UdEwEB/wQC
MAAwDwYJKwYBBQUHMAEFBAIFADAdBgNVHQ4EFgQUX3RZDCL8uQvEIVzGbv4RJp/X
Kh0wHwYDVR0jBBgwFoAUTgvvGqRAW6UXaYcwyjRoQ9BBrvIwDQYJKoZIhvcNAQEF
BQADggIBAC2zqXg1aa4Z+UjDybskWRqXtL0UeRYQj5oycgohsItXXVSPvhIOep01
gAZ3XvWluVuuMdDFrqBIYNfhToeQ9nyBM7WykChkPIQ4kBk0s/RsvSq2QM2hCjr6
R1a4qtmZ3rLvFtsNnD2obtPZmOor7cCReY1XSwN4htV+MbYl1M3QahvnEIlkAcGy
vy9SnqRwPNxtUvMbzklpASUMGf6ZZK01zVAEWt5zoRr7ECsOjnAKN/hXX605+Sr1
VBcY0OsV1byXEiuOi2w+TQA94afDdziVS37yKR51VQXCAW4TUeJAXvhjUpxh7sGz
NVgD6tldJ6RQ9VlmFh3WMFbuM/cgGtr4aGHe0v+nlIVR/BYAmnwXEFaE7h9pVyE1
tmgdt8+ftWDnncG529gdo+0/IiIGBvMzSRaDmtFHuJl0Ueyh9JMmp8VUj47Z+mYD
PsQbu8j+S/ltq1gozz0cGy8XVmgrj7ydxLFDjW3CNDrWPBWyq9NULq5O4t0JntYj
53jlHp6Z3S5+HDW+oCmfG9a0QfgJSQpuw5xA8mqxBHetsM0RTG/nY01OUj2dG6HK
HEKXh2d+VB7rxYrCZ3W8Ne1JIi7vA4Yr6ugWrJHHoU6KtG4cnsGvD69bPs3DFJkh
KnyyAWTjcx8bQhdAxZXQwOTiQfGOIjjBkjMSsbCoQGgVqJVXHjkT
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [max-age=0, no-cache, no-store]
Content-Length: [1769]
Content-Transfer-Encoding: [Binary]
Content-Type: [application/ocsp-response]
Date: [Sun, 25 Jun 2017 22:45:50 GMT]
Etag: ["94D2B4D000C33423750478A26548248BB8DF4EE5"]
Expires: [Sun, 25 Jun 2017 22:45:50 GMT]
Last-Modified: [Sun, 25 Jun 2017 10:12:40 GMT]
Pragma: [no-cache]
Server: [nginx/1.7.2]
X-Cache: [TCP_MEM_HIT from a72-246-64-14.deploy.akamaitechnologies.com (AkamaiGHost/8.3.4.1.2-20081415) (-)]
  • OCSP requests is smaller than 255 bytes
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • OCSP response is valid for at least 8 hours (Microsoft)
  • OCSP response is available at least 8 hours before the current period expires or at ½ the validity if valid for more than 16 hours (Microsoft)
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is not the same as the NextUpdate field (RFC 5019 section 6.2)

StartCom Certification Authority (CA Certificate)

Certificate details for StartCom Certification Authority (At position 2 in certificate chain)
Serial number:
hex: 1
int: 1
Issued by: StartCom Certification Authority
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: StartCom Ltd.
Organization unit: Secure Digital Certificate Signing
Country: IL
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

This is a self signed certificate

Certificate Revocation List (CRL)

This CRL was cached at
http://crl.startcom.org/sfsca-crl.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://crl.startcom.org/sfsca-crl.crl
Size: 0 bytes (DER data)
Response time: 0s

Raw CRL response headers

This CRL was cached at
http://cert.startcom.org/sfsca-crl.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://cert.startcom.org/sfsca-crl.crl
Size: 0 bytes (DER data)
Response time: 0s

Raw CRL response headers

Check the revocation status for another website

Created by Paul van Brouwershaven
© 2015 - 2017 Digitorus B.V.
Revoked certificates can't and should not be trusted, these certificate will cause errors like "NET::ERR_CERT_REVOKED" in browsers.