CRL & OCSP report for *.more-rubin1.de

*.more-rubin1.de

Certificate details for *.more-rubin1.de (At position 0 in certificate chain)
Serial number:
hex: 1121160aa9ae90ee2dbf572e5e95676af152
int: 1492167477328748792860787562918333695848786
Issued by: GlobalSign Domain Validation CA - SHA256 - G2
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization unit: Domain Control Validated
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

Check certificate compliance for *.more-rubin1.de.

Certificate Revocation List (CRL)

This CRL was cached at
http://crl.globalsign.com/gs/gsdomainvalsha2g2.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://crl.globalsign.com/gs/gsdomainvalsha2g2.crl
Size: 111390 bytes (DER data)
Response time: 17.04036ms
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 3484

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: cloudflare-nginx
Content Delivery Network (CDN): CloudFlare, CloudFront
Cache Information: HIT, Hit from cloudfront

Raw CRL response headers

Accept-Ranges: [bytes]
Cache-Control: [public, no-transform, must-revalidate]
Cf-Cache-Status: [HIT]
Cf-Ray: [3761c2ee347021da-EWR]
Content-Length: [111390]
Content-Type: [application/pkix-crl]
Date: [Wed, 28 Jun 2017 15:43:23 GMT]
Etag: [E4A9]
Expires: [Wed, 05 Jul 2017 15:05:33 GMT]
Last-Modified: [Wed, 28 Jun 2017 15:05:33 GMT]
Server: [cloudflare-nginx]
Set-Cookie: [__cfduid=dc74dc8ad82bc7bf5cf427f476f3e198c1498664603; expires=Thu, 28-Jun-18 15:43:23 GMT; path=/; domain=.globalsign.com; HttpOnly]
Vary: [Accept-Encoding]
Via: [1.1 a6e6de55f7ddbeeba09f3954e960354f.cloudfront.net (CloudFront)]
X-Amz-Cf-Id: [XKCGL2fkhFlCPrSoFM4z_JzF2GwSqK8J7bvPkZhZXNGn-VxHRuMcqQ==]
X-Cache: [Hit from cloudfront]
  • Content-Type in response is set to 'application/pkix-crl (RFC 5280, section 4.2.1.13)'
  • This CRL file is DER encoded
  • Issuer field is byte-for-byte equivalent with issuers subject
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than seven days old, CRLs must be updated and reissued at least every seven days (Mozilla Maintenance Policy section 3)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://ocsp2.globalsign.com/gsdomainvalsha2g2 (GET)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp2.globalsign.com/gsdomainvalsha2g2 (GET)
Size: 1564 bytes (DER data)
Response time: 8.961324ms
Signature algorithm: SHA256WithRSA
Signature type: CA Delegated
Signed by: GlobalSign Domain Validation CA - SHA256 - G2 - OCSP Responder
Issued by: GlobalSign Domain Validation CA - SHA256 - G2
Signing certificate validity: 2017-05-04 - 2017-08-04
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: cloudflare-nginx
Content Delivery Network (CDN): CloudFlare
Cache Information: UPDATING

URL used for GET request

http://ocsp2.globalsign.com/gsdomainvalsha2g2/MFMwUTBPME0wSzAJBgUrDgMCGgUABBTR8bV2%2Be7AwQ96%2FHwxJKnDYl18YQQU6k581IAt5RWBhiaMgm3AmKTPlw8CEhEhFgqprpDuLb9XLl6VZ2rxUg%3D%3D

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFMwUTBPME0wSzAJBgUrDgMCGgUABBTR8bV2+e7AwQ96/HwxJKnDYl18YQQU6k58
1IAt5RWBhiaMgm3AmKTPlw8CEhEhFgqprpDuLb9XLl6VZ2rxUg==
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIGGAoBAKCCBhEwggYNBgkrBgEFBQcwAQEEggX+MIIF+jCBoKIWBBQysc4UiMQc
d8Z9Cy2u/ladOl9OaRgPMjAxNzA2MjcxNDM5NDJaMHUwczBLMAkGBSsOAwIaBQAE
FNHxtXb57sDBD3r8fDEkqcNiXXxhBBTqTnzUgC3lFYGGJoyCbcCYpM+XDwISESEW
CqmukO4tv1cuXpVnavFSgAAYDzIwMTcwNjI3MTQzOTQyWqARGA8yMDE3MDcwMTE0
Mzk0MlowDQYJKoZIhvcNAQELBQADggEBAAwlA49dhoDdGiJhyz8IlhtwNuy8WrX2
4M6eaZa1VIWYzwRbp+ORmZipueDSPP1eelEpUi5uwRnbMN5OebsMu6bz2hS/eMHV
yoUm2arrNOSMS4dEo1rMhEs9ZuohAic9cj3Qt5a2WahPmUoPcRY76bVmYs/fSPq7
zJCbAOSjn59my3iF+CVvISkE4N5xxXW6E3f+NqyWgzr/O4bJk1Q3Gi96t2YmZ7xM
3h//Qgi28BqkHgge4PjgDbnGzB0n9oOQB6ANTEpIp8NrZ0XPI0CL7wcImox+MecV
H7q7EzbTS6zcqKUnE8oagc9xND+xbs9JAaXm8WYHJ4CbVhsU6jZXa0+gggQ/MIIE
OzCCBDcwggMfoAMCAQICDE+vTjq0pLorUqAiaTANBgkqhkiG9w0BAQsFADBgMQsw
CQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTE2MDQGA1UEAxMt
R2xvYmFsU2lnbiBEb21haW4gVmFsaWRhdGlvbiBDQSAtIFNIQTI1NiAtIEcyMB4X
DTE3MDUwNDA4MTIxMloXDTE3MDgwNDA4MTIxMlowgYgxCzAJBgNVBAYTAkJFMRkw
FwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRUwEwYDVQQFEwwyMDE3MDUwNDAwMTkx
RzBFBgNVBAMTPkdsb2JhbFNpZ24gRG9tYWluIFZhbGlkYXRpb24gQ0EgLSBTSEEy
NTYgLSBHMiAtIE9DU1AgUmVzcG9uZGVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAm7od9OBGtBk6OnsXgrBwTJviymFfJzPU5icFgaXkfAPK49vq8upV
+ICw4N3N/7Pfz4YD0acIKcjzm8wfMlnPX5r+0wAm56hY40qiGO928e63OCI6a7w2
fxs9qaGldIf3gH7P8qdRp9v2DcKLgIOI57XejG56092+bInYbkAffQQ3088ZGN00
7SXhHoCRbY1lVVIQnYrAp8oFzrXcdJ6ePorMtNSB+E850pCAQL+Y0np5F4quhVp1
8/wBKKmkfhIowo9OS8YL+OH3BQdnVyAATBvCKq3Novm4NpEoiJc9kqsFHV6CuMis
muPTV1gjPnkkbxqGg8AhAl4B4mw06IdmaQIDAQABo4HHMIHEMB0GA1UdDgQWBBQy
sc4UiMQcd8Z9Cy2u/ladOl9OaTAfBgNVHSMEGDAWgBTqTnzUgC3lFYGGJoyCbcCY
pM+XDzAPBgkrBgEFBQcwAQUEAgUAMEwGA1UdIARFMEMwQQYJKwYBBAGgMgFfMDQw
MgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRv
cnkvMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDCTANBgkqhkiG
9w0BAQsFAAOCAQEAOSJLtLXfFT76orTSbuzpYmuGKbd1UGMv3el8c0dXBTfCWUGb
CDZUqbCA4YpoZPpGyTphMPx9wyd8O7UwCDFUyu2LE7uAuS1BAb3FZcb3Cv3o440l
o0vqyQKSC4wlHt+Wu6RDlA/V69/G/FmYAGw2n55V6+57Lxx2hESltMW2K9APw6kr
qiK5u+ESekBbQwC91WNrAF4evYRSeOYVb1safELcun19RD6reb10QVz1bdAmFh4S
pjkwNCGMku32oCtLayuTt0YcIMwAtYWp5jBwAxAkhrlnXF6Vu0mtKzgfesgoxc6x
03j6AQGahd2p4I4XEIHOwU7ed+IqlWcGoym8Vg==
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIENzCCAx+gAwIBAgIMT69OOrSkuitSoCJpMA0GCSqGSIb3DQEBCwUAMGAxCzAJ
BgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTYwNAYDVQQDEy1H
bG9iYWxTaWduIERvbWFpbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0gRzIwHhcN
MTcwNTA0MDgxMjEyWhcNMTcwODA0MDgxMjEyWjCBiDELMAkGA1UEBhMCQkUxGTAX
BgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExFTATBgNVBAUTDDIwMTcwNTA0MDAxOTFH
MEUGA1UEAxM+R2xvYmFsU2lnbiBEb21haW4gVmFsaWRhdGlvbiBDQSAtIFNIQTI1
NiAtIEcyIC0gT0NTUCBSZXNwb25kZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQCbuh304Ea0GTo6exeCsHBMm+LKYV8nM9TmJwWBpeR8A8rj2+ry6lX4
gLDg3c3/s9/PhgPRpwgpyPObzB8yWc9fmv7TACbnqFjjSqIY73bx7rc4IjprvDZ/
Gz2poaV0h/eAfs/yp1Gn2/YNwouAg4jntd6MbnrT3b5sidhuQB99BDfTzxkY3TTt
JeEegJFtjWVVUhCdisCnygXOtdx0np4+isy01IH4TznSkIBAv5jSenkXiq6FWnXz
/AEoqaR+EijCj05Lxgv44fcFB2dXIABMG8Iqrc2i+bg2kSiIlz2SqwUdXoK4yKya
49NXWCM+eSRvGoaDwCECXgHibDToh2ZpAgMBAAGjgccwgcQwHQYDVR0OBBYEFDKx
zhSIxBx3xn0LLa7+Vp06X05pMB8GA1UdIwQYMBaAFOpOfNSALeUVgYYmjIJtwJik
z5cPMA8GCSsGAQUFBzABBQQCBQAwTAYDVR0gBEUwQzBBBgkrBgEEAaAyAV8wNDAy
BggrBgEFBQcCARYmaHR0cHM6Ly93d3cuZ2xvYmFsc2lnbi5jb20vcmVwb3NpdG9y
eS8wDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA0GCSqGSIb3
DQEBCwUAA4IBAQA5Iku0td8VPvqitNJu7Olia4Ypt3VQYy/d6XxzR1cFN8JZQZsI
NlSpsIDhimhk+kbJOmEw/H3DJ3w7tTAIMVTK7YsTu4C5LUEBvcVlxvcK/ejjjSWj
S+rJApILjCUe35a7pEOUD9Xr38b8WZgAbDafnlXr7nsvHHaERKW0xbYr0A/DqSuq
Irm74RJ6QFtDAL3VY2sAXh69hFJ45hVvWxp8Qty6fX1EPqt5vXRBXPVt0CYWHhKm
OTA0IYyS7fagK0trK5O3RhwgzAC1hanmMHADECSGuWdcXpW7Sa0rOB96yCjFzrHT
ePoBAZqF3angjhcQgc7BTt534iqVZwajKbxW
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [public, no-transform, must-revalidate]
Cf-Cache-Status: [UPDATING]
Cf-Ray: [3761c2ee36a70697-EWR]
Content-Length: [1564]
Content-Type: [application/ocsp-response]
Date: [Wed, 28 Jun 2017 15:43:23 GMT]
Etag: ["16a8919b8eeb6092af7aacec4c8d36ab2ac85e25"]
Expires: [Sat, 01 Jul 2017 14:39:42 GMT]
Last-Modified: [Tue, 27 Jun 2017 14:39:42 GMT]
Server: [cloudflare-nginx]
Set-Cookie: [__cfduid=d7672deeb50857ce035dfbf41dd1b40e61498664603; expires=Thu, 28-Jun-18 15:43:23 GMT; path=/; domain=.globalsign.com; HttpOnly]
Vary: [Accept-Encoding]
  • OCSP requests is smaller than 255 bytes
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • OCSP response is valid for at least 8 hours (Microsoft)
  • OCSP response is available at least 8 hours before the current period expires or at ½ the validity if valid for more than 16 hours (Microsoft)
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)
This OCSP response was cached at
http://ocsp2.globalsign.com/gsdomainvalsha2g2 (POST)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp2.globalsign.com/gsdomainvalsha2g2 (POST)
Size: 1564 bytes (DER data)
Response time: 311.667055ms
Signature algorithm: SHA256WithRSA
Signature type: CA Delegated
Signed by: GlobalSign Domain Validation CA - SHA256 - G2 - OCSP Responder
Issued by: GlobalSign Domain Validation CA - SHA256 - G2
Signing certificate validity: 2017-05-04 - 2017-08-04
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: cloudflare-nginx
Content Delivery Network (CDN): CloudFlare
Cache Information: EXPIRED

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFMwUTBPME0wSzAJBgUrDgMCGgUABBTR8bV2+e7AwQ96/HwxJKnDYl18YQQU6k58
1IAt5RWBhiaMgm3AmKTPlw8CEhEhFgqprpDuLb9XLl6VZ2rxUg==
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIGGAoBAKCCBhEwggYNBgkrBgEFBQcwAQEEggX+MIIF+jCBoKIWBBQysc4UiMQc
d8Z9Cy2u/ladOl9OaRgPMjAxNzA2MjgxMjQ3MTFaMHUwczBLMAkGBSsOAwIaBQAE
FNHxtXb57sDBD3r8fDEkqcNiXXxhBBTqTnzUgC3lFYGGJoyCbcCYpM+XDwISESEW
CqmukO4tv1cuXpVnavFSgAAYDzIwMTcwNjI4MTI0NzExWqARGA8yMDE3MDcwMjEy
NDcxMVowDQYJKoZIhvcNAQELBQADggEBAGMrCPh/Qgu4a1wp9pAQCIXYquPA5+ME
jrGQqhTJGY1sq6SLj6WsOeTIeZ4/BWDHOsakY1zvDlazCM/u7SVB/A7CKuEUPX9t
X+HLa59XCMaLKWojJ2lz7FrGlcqN3EN/ON/niSycFwt8R8r/JLdKKpkYwJjs8rst
kolqYVLrL1H3igAWi9iRMibUed3dMCqUSpwbAanpZhKUdnDpnD1Uco2/gwamoaZG
Q0Hbp3Wysou2LuncLEYnqSp/WTdh9LDV0jMqVu26GyHncBu4Fyz4DA1G15f5x8dt
ntOq8gfqYYE0vKKK9ZAheDMVbUSGguog10Wv9lESqYFgceDl98gWaC+gggQ/MIIE
OzCCBDcwggMfoAMCAQICDE+vTjq0pLorUqAiaTANBgkqhkiG9w0BAQsFADBgMQsw
CQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTE2MDQGA1UEAxMt
R2xvYmFsU2lnbiBEb21haW4gVmFsaWRhdGlvbiBDQSAtIFNIQTI1NiAtIEcyMB4X
DTE3MDUwNDA4MTIxMloXDTE3MDgwNDA4MTIxMlowgYgxCzAJBgNVBAYTAkJFMRkw
FwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRUwEwYDVQQFEwwyMDE3MDUwNDAwMTkx
RzBFBgNVBAMTPkdsb2JhbFNpZ24gRG9tYWluIFZhbGlkYXRpb24gQ0EgLSBTSEEy
NTYgLSBHMiAtIE9DU1AgUmVzcG9uZGVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAm7od9OBGtBk6OnsXgrBwTJviymFfJzPU5icFgaXkfAPK49vq8upV
+ICw4N3N/7Pfz4YD0acIKcjzm8wfMlnPX5r+0wAm56hY40qiGO928e63OCI6a7w2
fxs9qaGldIf3gH7P8qdRp9v2DcKLgIOI57XejG56092+bInYbkAffQQ3088ZGN00
7SXhHoCRbY1lVVIQnYrAp8oFzrXcdJ6ePorMtNSB+E850pCAQL+Y0np5F4quhVp1
8/wBKKmkfhIowo9OS8YL+OH3BQdnVyAATBvCKq3Novm4NpEoiJc9kqsFHV6CuMis
muPTV1gjPnkkbxqGg8AhAl4B4mw06IdmaQIDAQABo4HHMIHEMB0GA1UdDgQWBBQy
sc4UiMQcd8Z9Cy2u/ladOl9OaTAfBgNVHSMEGDAWgBTqTnzUgC3lFYGGJoyCbcCY
pM+XDzAPBgkrBgEFBQcwAQUEAgUAMEwGA1UdIARFMEMwQQYJKwYBBAGgMgFfMDQw
MgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRv
cnkvMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDCTANBgkqhkiG
9w0BAQsFAAOCAQEAOSJLtLXfFT76orTSbuzpYmuGKbd1UGMv3el8c0dXBTfCWUGb
CDZUqbCA4YpoZPpGyTphMPx9wyd8O7UwCDFUyu2LE7uAuS1BAb3FZcb3Cv3o440l
o0vqyQKSC4wlHt+Wu6RDlA/V69/G/FmYAGw2n55V6+57Lxx2hESltMW2K9APw6kr
qiK5u+ESekBbQwC91WNrAF4evYRSeOYVb1safELcun19RD6reb10QVz1bdAmFh4S
pjkwNCGMku32oCtLayuTt0YcIMwAtYWp5jBwAxAkhrlnXF6Vu0mtKzgfesgoxc6x
03j6AQGahd2p4I4XEIHOwU7ed+IqlWcGoym8Vg==
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIENzCCAx+gAwIBAgIMT69OOrSkuitSoCJpMA0GCSqGSIb3DQEBCwUAMGAxCzAJ
BgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTYwNAYDVQQDEy1H
bG9iYWxTaWduIERvbWFpbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0gRzIwHhcN
MTcwNTA0MDgxMjEyWhcNMTcwODA0MDgxMjEyWjCBiDELMAkGA1UEBhMCQkUxGTAX
BgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExFTATBgNVBAUTDDIwMTcwNTA0MDAxOTFH
MEUGA1UEAxM+R2xvYmFsU2lnbiBEb21haW4gVmFsaWRhdGlvbiBDQSAtIFNIQTI1
NiAtIEcyIC0gT0NTUCBSZXNwb25kZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQCbuh304Ea0GTo6exeCsHBMm+LKYV8nM9TmJwWBpeR8A8rj2+ry6lX4
gLDg3c3/s9/PhgPRpwgpyPObzB8yWc9fmv7TACbnqFjjSqIY73bx7rc4IjprvDZ/
Gz2poaV0h/eAfs/yp1Gn2/YNwouAg4jntd6MbnrT3b5sidhuQB99BDfTzxkY3TTt
JeEegJFtjWVVUhCdisCnygXOtdx0np4+isy01IH4TznSkIBAv5jSenkXiq6FWnXz
/AEoqaR+EijCj05Lxgv44fcFB2dXIABMG8Iqrc2i+bg2kSiIlz2SqwUdXoK4yKya
49NXWCM+eSRvGoaDwCECXgHibDToh2ZpAgMBAAGjgccwgcQwHQYDVR0OBBYEFDKx
zhSIxBx3xn0LLa7+Vp06X05pMB8GA1UdIwQYMBaAFOpOfNSALeUVgYYmjIJtwJik
z5cPMA8GCSsGAQUFBzABBQQCBQAwTAYDVR0gBEUwQzBBBgkrBgEEAaAyAV8wNDAy
BggrBgEFBQcCARYmaHR0cHM6Ly93d3cuZ2xvYmFsc2lnbi5jb20vcmVwb3NpdG9y
eS8wDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA0GCSqGSIb3
DQEBCwUAA4IBAQA5Iku0td8VPvqitNJu7Olia4Ypt3VQYy/d6XxzR1cFN8JZQZsI
NlSpsIDhimhk+kbJOmEw/H3DJ3w7tTAIMVTK7YsTu4C5LUEBvcVlxvcK/ejjjSWj
S+rJApILjCUe35a7pEOUD9Xr38b8WZgAbDafnlXr7nsvHHaERKW0xbYr0A/DqSuq
Irm74RJ6QFtDAL3VY2sAXh69hFJ45hVvWxp8Qty6fX1EPqt5vXRBXPVt0CYWHhKm
OTA0IYyS7fagK0trK5O3RhwgzAC1hanmMHADECSGuWdcXpW7Sa0rOB96yCjFzrHT
ePoBAZqF3angjhcQgc7BTt534iqVZwajKbxW
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [public, no-transform, must-revalidate]
Cf-Cache-Status: [EXPIRED]
Cf-Ray: [3761c2ee36041864-EWR]
Content-Length: [1564]
Content-Type: [application/ocsp-response]
Date: [Wed, 28 Jun 2017 15:43:24 GMT]
Etag: ["02a59b56ad8420736090216a6ee73eadca892b21"]
Expires: [Sun, 02 Jul 2017 12:47:11 GMT]
Last-Modified: [Wed, 28 Jun 2017 12:47:11 GMT]
Server: [cloudflare-nginx]
Set-Cookie: [__cfduid=d270ea95bfa0c537493f990338127a47f1498664603; expires=Thu, 28-Jun-18 15:43:23 GMT; path=/; domain=.globalsign.com; HttpOnly]
Vary: [Accept-Encoding]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • OCSP response is valid for at least 8 hours (Microsoft)
  • OCSP response is available at least 8 hours before the current period expires or at ½ the validity if valid for more than 16 hours (Microsoft)
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

GlobalSign Domain Validation CA - SHA256 - G2 (CA Certificate)

Certificate details for GlobalSign Domain Validation CA - SHA256 - G2 (At position 1 in certificate chain)
Serial number:
hex: 40000000001444ef03e20
int: 4835703278459909592596000
Issued by: GlobalSign Root CA
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: GlobalSign nv-sa
Country: BE
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

Certificate Revocation List (CRL)

This CRL was cached at
http://crl.globalsign.net/root.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://crl.globalsign.net/root.crl
Size: 782 bytes (DER data)
Response time: 12.624023ms
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 7

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: cloudflare-nginx
Content Delivery Network (CDN): CloudFlare
Cache Information: HIT

Raw CRL response headers

Accept-Ranges: [bytes]
Cache-Control: [public, max-age=1412197]
Cf-Cache-Status: [HIT]
Cf-Ray: [3761c2ee3100218c-EWR]
Content-Length: [782]
Content-Type: [application/pkix-crl]
Date: [Wed, 28 Jun 2017 15:43:23 GMT]
Etag: [39]
Expires: [Sat, 15 Jul 2017 00:00:00 GMT]
Last-Modified: [Wed, 19 Apr 2017 00:00:00 GMT]
Server: [cloudflare-nginx]
Set-Cookie: [__cfduid=d67200082f496041a1ff8ac01807fd0331498664603; expires=Thu, 28-Jun-18 15:43:23 GMT; path=/; domain=.globalsign.net; HttpOnly]
Vary: [Accept-Encoding]
  • Content-Type in response is set to 'application/pkix-crl (RFC 5280, section 4.2.1.13)'
  • This CRL file is DER encoded
  • Issuer field is byte-for-byte equivalent with issuers subject
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://ocsp.globalsign.com/rootr1 (GET)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp.globalsign.com/rootr1 (GET)
Size: 1518 bytes (DER data)
Response time: 6.080254ms
Signature algorithm: SHA256WithRSA
Signature type: CA Delegated
Signed by: GlobalSign OCSP for Root R1 - Signer 1.2
Issued by: GlobalSign Root CA
Signing certificate validity: 2017-05-07 - 2017-08-15
Signing certificate algorithm: SHA1-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: cloudflare-nginx
Content Delivery Network (CDN): CloudFlare
Cache Information: HIT

URL used for GET request

http://ocsp.globalsign.com/rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCCwQAAAAAAURO8D4g

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6+MgGqMQQUYHtm
GkUNl8qJUC99BM00qP/8/UsCCwQAAAAAAURO8D4g
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIF6goBAKCCBeMwggXfBgkrBgEFBQcwAQEEggXQMIIFzDCBmaIWBBSvbfAxCEv8
w30kGCve74S5P2+ighgPMjAxNzA2MjgxNDQ0MTlaMG4wbDBEMAkGBSsOAwIaBQAE
FLdXtbacB/gWIxOOkMkqDr4yAaoxBBRge2YaRQ2XyolQL30EzTSo//z9SwILBAAA
AAABRE7wPiCAABgPMjAxNzA2MjgxNDQ0MTlaoBEYDzIwMTcwNzAyMTQ0NDE5WjAN
BgkqhkiG9w0BAQsFAAOCAQEAni2Ka792/VB5N7RYIQpPwQdZ16Kg5C7o3egxcal6
lmjT2yKXYh8CjNi3sDQDIV/XW6oVPlEo11Ye5ohxsZtwf36+wMHV5NJ9N67zNwib
lZKfL/QJtP8hYPkbbPwKrflFxOgFTUE3IJ114BsOQyGdvhlkpko4oB/PDby+yrht
RjkZ0J2py9r0QtV+uAQA+TtAkOCodTphxCTYn18dJJ+X8vt/bb3jvKyALF34EK+5
exk40Gn9dNvIRx5EX2zMz1HF+zO502rkO9YK6s1ci6za5pVSQ0kY5GJiL0ijEAGq
RmSwycNRyZNxzFwGNy7cpCuxN1ABkOZ8sJAXHyupD94uQaCCBBgwggQUMIIEEDCC
AvigAwIBAgIOSPWzFgaTeJq7B6uGVtEwDQYJKoZIhvcNAQEFBQAwVzELMAkGA1UE
BhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jvb3Qg
Q0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xNzA1MDcwMDAwMDBa
Fw0xNzA4MTUwMDAwMDBaMFsxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxT
aWduIG52LXNhMTEwLwYDVQQDEyhHbG9iYWxTaWduIE9DU1AgZm9yIFJvb3QgUjEg
LSBTaWduZXIgMS4yMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1F7u
rTk5j7FgaI3ddIftk/QXhnH8pQzcsq8wk+wJKGeocjWxDmQAKedLAkDUXOMun0QA
lHi1mu2WdI18ZyZ7eAJGwa1R7iiy9Txfz88htJr5x6ArxpbsRbeXHsw/TCWMf+d3
RP9vfXFIe0Li1wYxoD9pcwi0M9O7KrDihY9zVplEtPgb3ic1AGUQFjmE4pNvBJpp
Eg95H2hWHjaQI5pjhXF8HTDejho6dJsKJ4fe7CZC4JlCYCCYgUQxczvoxyGmDVDt
euP8fMVmnSoEzq9qA8kPJql2d8iho4mhREqTj8MYYyU9Kl4Nuz+3KQ9t97AwUys2
pt3qELes6+MK9POWFwIDAQABo4HVMIHSMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUE
DDAKBggrBgEFBQcDCTAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSvbfAxCEv8w30k
GCve74S5P2+igjAfBgNVHSMEGDAWgBRge2YaRQ2XyolQL30EzTSo//z9SzAPBgkr
BgEFBQcwAQUEAgUAMEwGA1UdIARFMEMwQQYJKwYBBAGgMgFfMDQwMgYIKwYBBQUH
AgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMA0GCSqG
SIb3DQEBBQUAA4IBAQASHek+/Wbc9Xd0BWIaSS82VRB37lM6T+ZOz/522ZqHLXcR
jBwesOKcmeVyDNiHUqj9C3+cnwKNourW1R9h4FrW+wD5eDkJ3j3nO+kiczxCe7FV
KCWeTcPySiFPKoIH0fOpx2MdMc7XGRRHSP9cW2Rwo5yeglK5n7Ps4QGaKAuSiKNv
VNBW50fkwXNsOOBG+BbEOYcuNrnHSdGBbzlNvDo7FA9gpIaDKj0pLOALqchqZBrO
3HG1Z7c5n63+ef0dxBCbZ5yGLvNCzIv68hKcVibxYheGa/io1k8yrr8dDT2I7i3+
qiHCfDB4pKcihxppwAn/mJXwLE7BKS+FkpjswPEb
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIEEDCCAvigAwIBAgIOSPWzFgaTeJq7B6uGVtEwDQYJKoZIhvcNAQEFBQAwVzEL
MAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsT
B1Jvb3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xNzA1MDcw
MDAwMDBaFw0xNzA4MTUwMDAwMDBaMFsxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBH
bG9iYWxTaWduIG52LXNhMTEwLwYDVQQDEyhHbG9iYWxTaWduIE9DU1AgZm9yIFJv
b3QgUjEgLSBTaWduZXIgMS4yMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA1F7urTk5j7FgaI3ddIftk/QXhnH8pQzcsq8wk+wJKGeocjWxDmQAKedLAkDU
XOMun0QAlHi1mu2WdI18ZyZ7eAJGwa1R7iiy9Txfz88htJr5x6ArxpbsRbeXHsw/
TCWMf+d3RP9vfXFIe0Li1wYxoD9pcwi0M9O7KrDihY9zVplEtPgb3ic1AGUQFjmE
4pNvBJppEg95H2hWHjaQI5pjhXF8HTDejho6dJsKJ4fe7CZC4JlCYCCYgUQxczvo
xyGmDVDteuP8fMVmnSoEzq9qA8kPJql2d8iho4mhREqTj8MYYyU9Kl4Nuz+3KQ9t
97AwUys2pt3qELes6+MK9POWFwIDAQABo4HVMIHSMA4GA1UdDwEB/wQEAwIHgDAT
BgNVHSUEDDAKBggrBgEFBQcDCTAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSvbfAx
CEv8w30kGCve74S5P2+igjAfBgNVHSMEGDAWgBRge2YaRQ2XyolQL30EzTSo//z9
SzAPBgkrBgEFBQcwAQUEAgUAMEwGA1UdIARFMEMwQQYJKwYBBAGgMgFfMDQwMgYI
KwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkv
MA0GCSqGSIb3DQEBBQUAA4IBAQASHek+/Wbc9Xd0BWIaSS82VRB37lM6T+ZOz/52
2ZqHLXcRjBwesOKcmeVyDNiHUqj9C3+cnwKNourW1R9h4FrW+wD5eDkJ3j3nO+ki
czxCe7FVKCWeTcPySiFPKoIH0fOpx2MdMc7XGRRHSP9cW2Rwo5yeglK5n7Ps4QGa
KAuSiKNvVNBW50fkwXNsOOBG+BbEOYcuNrnHSdGBbzlNvDo7FA9gpIaDKj0pLOAL
qchqZBrO3HG1Z7c5n63+ef0dxBCbZ5yGLvNCzIv68hKcVibxYheGa/io1k8yrr8d
DT2I7i3+qiHCfDB4pKcihxppwAn/mJXwLE7BKS+FkpjswPEb
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [public, no-transform, must-revalidate]
Cf-Cache-Status: [HIT]
Cf-Ray: [3761c2ee35274704-EWR]
Content-Length: [1518]
Content-Type: [application/ocsp-response]
Date: [Wed, 28 Jun 2017 15:43:23 GMT]
Etag: ["2f563164e194f24ad9d23b680b3b1c5e09eff04e"]
Expires: [Sun, 02 Jul 2017 14:44:19 GMT]
Last-Modified: [Wed, 28 Jun 2017 14:44:19 GMT]
Server: [cloudflare-nginx]
Set-Cookie: [__cfduid=d9fcaffd500ee6ee0be7f024247e8af771498664603; expires=Thu, 28-Jun-18 15:43:23 GMT; path=/; domain=.globalsign.com; HttpOnly]
Vary: [Accept-Encoding]
  • OCSP requests is smaller than 255 bytes
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)
This OCSP response was cached at
http://ocsp.globalsign.com/rootr1 (POST)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp.globalsign.com/rootr1 (POST)
Size: 1518 bytes (DER data)
Response time: 7.098347ms
Signature algorithm: SHA256WithRSA
Signature type: CA Delegated
Signed by: GlobalSign OCSP for Root R1 - Signer 1.2
Issued by: GlobalSign Root CA
Signing certificate validity: 2017-05-07 - 2017-08-15
Signing certificate algorithm: SHA1-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: cloudflare-nginx
Content Delivery Network (CDN): CloudFlare
Cache Information: HIT

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6+MgGqMQQUYHtm
GkUNl8qJUC99BM00qP/8/UsCCwQAAAAAAURO8D4g
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIF6goBAKCCBeMwggXfBgkrBgEFBQcwAQEEggXQMIIFzDCBmaIWBBSvbfAxCEv8
w30kGCve74S5P2+ighgPMjAxNzA2MjgxNDQ0MTlaMG4wbDBEMAkGBSsOAwIaBQAE
FLdXtbacB/gWIxOOkMkqDr4yAaoxBBRge2YaRQ2XyolQL30EzTSo//z9SwILBAAA
AAABRE7wPiCAABgPMjAxNzA2MjgxNDQ0MTlaoBEYDzIwMTcwNzAyMTQ0NDE5WjAN
BgkqhkiG9w0BAQsFAAOCAQEAni2Ka792/VB5N7RYIQpPwQdZ16Kg5C7o3egxcal6
lmjT2yKXYh8CjNi3sDQDIV/XW6oVPlEo11Ye5ohxsZtwf36+wMHV5NJ9N67zNwib
lZKfL/QJtP8hYPkbbPwKrflFxOgFTUE3IJ114BsOQyGdvhlkpko4oB/PDby+yrht
RjkZ0J2py9r0QtV+uAQA+TtAkOCodTphxCTYn18dJJ+X8vt/bb3jvKyALF34EK+5
exk40Gn9dNvIRx5EX2zMz1HF+zO502rkO9YK6s1ci6za5pVSQ0kY5GJiL0ijEAGq
RmSwycNRyZNxzFwGNy7cpCuxN1ABkOZ8sJAXHyupD94uQaCCBBgwggQUMIIEEDCC
AvigAwIBAgIOSPWzFgaTeJq7B6uGVtEwDQYJKoZIhvcNAQEFBQAwVzELMAkGA1UE
BhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jvb3Qg
Q0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xNzA1MDcwMDAwMDBa
Fw0xNzA4MTUwMDAwMDBaMFsxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxT
aWduIG52LXNhMTEwLwYDVQQDEyhHbG9iYWxTaWduIE9DU1AgZm9yIFJvb3QgUjEg
LSBTaWduZXIgMS4yMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1F7u
rTk5j7FgaI3ddIftk/QXhnH8pQzcsq8wk+wJKGeocjWxDmQAKedLAkDUXOMun0QA
lHi1mu2WdI18ZyZ7eAJGwa1R7iiy9Txfz88htJr5x6ArxpbsRbeXHsw/TCWMf+d3
RP9vfXFIe0Li1wYxoD9pcwi0M9O7KrDihY9zVplEtPgb3ic1AGUQFjmE4pNvBJpp
Eg95H2hWHjaQI5pjhXF8HTDejho6dJsKJ4fe7CZC4JlCYCCYgUQxczvoxyGmDVDt
euP8fMVmnSoEzq9qA8kPJql2d8iho4mhREqTj8MYYyU9Kl4Nuz+3KQ9t97AwUys2
pt3qELes6+MK9POWFwIDAQABo4HVMIHSMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUE
DDAKBggrBgEFBQcDCTAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSvbfAxCEv8w30k
GCve74S5P2+igjAfBgNVHSMEGDAWgBRge2YaRQ2XyolQL30EzTSo//z9SzAPBgkr
BgEFBQcwAQUEAgUAMEwGA1UdIARFMEMwQQYJKwYBBAGgMgFfMDQwMgYIKwYBBQUH
AgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMA0GCSqG
SIb3DQEBBQUAA4IBAQASHek+/Wbc9Xd0BWIaSS82VRB37lM6T+ZOz/522ZqHLXcR
jBwesOKcmeVyDNiHUqj9C3+cnwKNourW1R9h4FrW+wD5eDkJ3j3nO+kiczxCe7FV
KCWeTcPySiFPKoIH0fOpx2MdMc7XGRRHSP9cW2Rwo5yeglK5n7Ps4QGaKAuSiKNv
VNBW50fkwXNsOOBG+BbEOYcuNrnHSdGBbzlNvDo7FA9gpIaDKj0pLOALqchqZBrO
3HG1Z7c5n63+ef0dxBCbZ5yGLvNCzIv68hKcVibxYheGa/io1k8yrr8dDT2I7i3+
qiHCfDB4pKcihxppwAn/mJXwLE7BKS+FkpjswPEb
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIEEDCCAvigAwIBAgIOSPWzFgaTeJq7B6uGVtEwDQYJKoZIhvcNAQEFBQAwVzEL
MAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsT
B1Jvb3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xNzA1MDcw
MDAwMDBaFw0xNzA4MTUwMDAwMDBaMFsxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBH
bG9iYWxTaWduIG52LXNhMTEwLwYDVQQDEyhHbG9iYWxTaWduIE9DU1AgZm9yIFJv
b3QgUjEgLSBTaWduZXIgMS4yMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA1F7urTk5j7FgaI3ddIftk/QXhnH8pQzcsq8wk+wJKGeocjWxDmQAKedLAkDU
XOMun0QAlHi1mu2WdI18ZyZ7eAJGwa1R7iiy9Txfz88htJr5x6ArxpbsRbeXHsw/
TCWMf+d3RP9vfXFIe0Li1wYxoD9pcwi0M9O7KrDihY9zVplEtPgb3ic1AGUQFjmE
4pNvBJppEg95H2hWHjaQI5pjhXF8HTDejho6dJsKJ4fe7CZC4JlCYCCYgUQxczvo
xyGmDVDteuP8fMVmnSoEzq9qA8kPJql2d8iho4mhREqTj8MYYyU9Kl4Nuz+3KQ9t
97AwUys2pt3qELes6+MK9POWFwIDAQABo4HVMIHSMA4GA1UdDwEB/wQEAwIHgDAT
BgNVHSUEDDAKBggrBgEFBQcDCTAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSvbfAx
CEv8w30kGCve74S5P2+igjAfBgNVHSMEGDAWgBRge2YaRQ2XyolQL30EzTSo//z9
SzAPBgkrBgEFBQcwAQUEAgUAMEwGA1UdIARFMEMwQQYJKwYBBAGgMgFfMDQwMgYI
KwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkv
MA0GCSqGSIb3DQEBBQUAA4IBAQASHek+/Wbc9Xd0BWIaSS82VRB37lM6T+ZOz/52
2ZqHLXcRjBwesOKcmeVyDNiHUqj9C3+cnwKNourW1R9h4FrW+wD5eDkJ3j3nO+ki
czxCe7FVKCWeTcPySiFPKoIH0fOpx2MdMc7XGRRHSP9cW2Rwo5yeglK5n7Ps4QGa
KAuSiKNvVNBW50fkwXNsOOBG+BbEOYcuNrnHSdGBbzlNvDo7FA9gpIaDKj0pLOAL
qchqZBrO3HG1Z7c5n63+ef0dxBCbZ5yGLvNCzIv68hKcVibxYheGa/io1k8yrr8d
DT2I7i3+qiHCfDB4pKcihxppwAn/mJXwLE7BKS+FkpjswPEb
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [public, no-transform, must-revalidate]
Cf-Cache-Status: [HIT]
Cf-Ray: [3761c2ee304121a4-EWR]
Content-Length: [1518]
Content-Type: [application/ocsp-response]
Date: [Wed, 28 Jun 2017 15:43:23 GMT]
Etag: ["2f563164e194f24ad9d23b680b3b1c5e09eff04e"]
Expires: [Sun, 02 Jul 2017 14:44:19 GMT]
Last-Modified: [Wed, 28 Jun 2017 14:44:19 GMT]
Server: [cloudflare-nginx]
Set-Cookie: [__cfduid=dd0760f70bd3d79e2f3ef1efa91c541851498664603; expires=Thu, 28-Jun-18 15:43:23 GMT; path=/; domain=.globalsign.com; HttpOnly]
Vary: [Accept-Encoding]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

GlobalSign Root CA (CA Certificate)

Certificate details for GlobalSign Root CA (At position 2 in certificate chain)
Serial number:
hex: 40000000001154b5ac394
int: 4835703278459707669005204
Issued by: GlobalSign Root CA
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: GlobalSign nv-sa
Organization unit: Root CA
Country: BE
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

This is a self signed certificate

Check the revocation status for another website

Created by Paul van Brouwershaven
© 2015 - 2017 Digitorus B.V.
Revoked certificates can't and should not be trusted, these certificate will cause errors like "NET::ERR_CERT_REVOKED" in browsers.