CRL & OCSP report for *.more-rubin1.de

*.more-rubin1.de

Certificate details for *.more-rubin1.de (At position 0 in certificate chain)
Serial number:
hex: 1121160aa9ae90ee2dbf572e5e95676af152
int: 1492167477328748792860787562918333695848786
Issued by: GlobalSign Domain Validation CA - SHA256 - G2
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization unit: Domain Control Validated
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

Check certificate compliance for *.more-rubin1.de.

Certificate Revocation List (CRL)

This CRL was cached at
http://crl.globalsign.com/gs/gsdomainvalsha2g2.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://crl.globalsign.com/gs/gsdomainvalsha2g2.crl
Size: 110718 bytes (DER data)
Response time: 263.909027ms
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 3406

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: cloudflare-nginx
Content Delivery Network (CDN): CloudFlare, CloudFront
Cache Information: HIT, Miss from cloudfront

Raw CRL response headers

Accept-Ranges: [bytes]
Cache-Control: [public, no-transform, must-revalidate]
Cf-Cache-Status: [HIT]
Cf-Ray: [357aa962713e187c-EWR]
Content-Length: [110718]
Content-Type: [application/pkix-crl]
Date: [Sun, 30 Apr 2017 12:56:32 GMT]
Etag: [E46D]
Expires: [Sat, 06 May 2017 14:56:48 GMT]
Last-Modified: [Sat, 29 Apr 2017 14:56:48 GMT]
Server: [cloudflare-nginx]
Set-Cookie: [__cfduid=dfb5dc6a202433323269c759cfdd9b2d91493556992; expires=Mon, 30-Apr-18 12:56:32 GMT; path=/; domain=.globalsign.com; HttpOnly]
Vary: [Accept-Encoding]
Via: [1.1 760c3e73b48f2af4c32619fb9e2b3dc2.cloudfront.net (CloudFront)]
X-Amz-Cf-Id: [JnK1HDquOCLjw4MOVw_mQ8A7FCA1hF4JnggFKFkeZfhR0DSixGRjag==]
X-Cache: [Miss from cloudfront]
  • Content-Type in response is set to 'application/pkix-crl (RFC 5280, section 4.2.1.13)'
  • This CRL file is DER encoded
  • Issuer field is byte-for-byte equivalent with issuers subject
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than seven days old, CRLs must be updated and reissued at least every seven days (Mozilla Maintenance Policy section 3)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://ocsp2.globalsign.com/gsdomainvalsha2g2 (POST)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp2.globalsign.com/gsdomainvalsha2g2 (POST)
Size: 1564 bytes (DER data)
Response time: 9.161016ms
Signature algorithm: SHA256WithRSA
Signature type: CA Deligated
Signed by: GlobalSign Domain Validation CA - SHA256 - G2 - OCSP Responder
Issued by: GlobalSign Domain Validation CA - SHA256 - G2
Signing certificate validity: 2017-02-13 - 2017-05-16
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: cloudflare-nginx
Content Delivery Network (CDN): CloudFlare
Cache Information: UPDATING

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFMwUTBPME0wSzAJBgUrDgMCGgUABBTR8bV2+e7AwQ96/HwxJKnDYl18YQQU6k58
1IAt5RWBhiaMgm3AmKTPlw8CEhEhFgqprpDuLb9XLl6VZ2rxUg==
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIGGAoBAKCCBhEwggYNBgkrBgEFBQcwAQEEggX+MIIF+jCBoKIWBBQysc4UiMQc
d8Z9Cy2u/ladOl9OaRgPMjAxNzA0MjkwNDE3NTlaMHUwczBLMAkGBSsOAwIaBQAE
FNHxtXb57sDBD3r8fDEkqcNiXXxhBBTqTnzUgC3lFYGGJoyCbcCYpM+XDwISESEW
CqmukO4tv1cuXpVnavFSgAAYDzIwMTcwNDI5MDQxNzU5WqARGA8yMDE3MDUwMzA0
MTc1OVowDQYJKoZIhvcNAQELBQADggEBACawd6W/maaEOIY2qopOwY0G+OMMrs5p
gJiv9NDgmabb/0BiPs7Mrc3f4Fpwrem0vrzhn499SXugI7ZHU7NXQ3ymWLii8V0Z
b2TA6f7xtKODJCrE0M4JQdnEjK/DF9qUSJzvMPY1ZqfGEvjyBROdCMnGdaOG6Snl
HrS9uZG337f0ts8/dTWVOktxqO0pL7G83lBdts7GSM0yVy/UzuKSa77mhTPQaobK
odKHBdJbatc3xVvbn+Y9VNHSbNgGN62/7SGRPqbZq6RSJku1tW5DLDbe+eb1sbqg
l9d/9IzbFpnK4Z6uV8tnVBDCB/0bfUZZjtGj7qlP14fmrRQWx/X0NHOgggQ/MIIE
OzCCBDcwggMfoAMCAQICDEGDecBvxODxAxUIkTANBgkqhkiG9w0BAQsFADBgMQsw
CQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTE2MDQGA1UEAxMt
R2xvYmFsU2lnbiBEb21haW4gVmFsaWRhdGlvbiBDQSAtIFNIQTI1NiAtIEcyMB4X
DTE3MDIxMzA3MDg1MloXDTE3MDUxNjA3MDg1MlowgYgxCzAJBgNVBAYTAkJFMRkw
FwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRUwEwYDVQQFEwwyMDE3MDIxMzE1MDQx
RzBFBgNVBAMTPkdsb2JhbFNpZ24gRG9tYWluIFZhbGlkYXRpb24gQ0EgLSBTSEEy
NTYgLSBHMiAtIE9DU1AgUmVzcG9uZGVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAm7od9OBGtBk6OnsXgrBwTJviymFfJzPU5icFgaXkfAPK49vq8upV
+ICw4N3N/7Pfz4YD0acIKcjzm8wfMlnPX5r+0wAm56hY40qiGO928e63OCI6a7w2
fxs9qaGldIf3gH7P8qdRp9v2DcKLgIOI57XejG56092+bInYbkAffQQ3088ZGN00
7SXhHoCRbY1lVVIQnYrAp8oFzrXcdJ6ePorMtNSB+E850pCAQL+Y0np5F4quhVp1
8/wBKKmkfhIowo9OS8YL+OH3BQdnVyAATBvCKq3Novm4NpEoiJc9kqsFHV6CuMis
muPTV1gjPnkkbxqGg8AhAl4B4mw06IdmaQIDAQABo4HHMIHEMB0GA1UdDgQWBBQy
sc4UiMQcd8Z9Cy2u/ladOl9OaTAfBgNVHSMEGDAWgBTqTnzUgC3lFYGGJoyCbcCY
pM+XDzAPBgkrBgEFBQcwAQUEAgUAMEwGA1UdIARFMEMwQQYJKwYBBAGgMgFfMDQw
MgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRv
cnkvMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDCTANBgkqhkiG
9w0BAQsFAAOCAQEAhtRyB4nkyPk7iRfTsz90sZongWbckvFs+6oJzXuNYpk+Rpmx
G51qMPB1XY1wscgcbJWQFf+EPP19yIgudy+J93p/0ct5JdOsgzakZEehKdOJfyTp
nLW0P72O942HQbpJukyZ3tjW0rFxwf6pWl/cFVdiyLkkeK/kIV0BZTpxbVTgxFrz
6Or1TqnR3PNUiXZgLIYyH6+BbJrLlXzcR1B90kWTZLaXuuxMRBQFX/dRL0zRcDmt
I7V9PlNUUndGQiUu0t9YCui8nOLCcnVblt7D12VLnRnSrhxGwQLEFhd2YzfQlNcu
ks1TBs0DpxiV2Fx7vIm3jjjBuhpavMyk3SBWFw==
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIENzCCAx+gAwIBAgIMQYN5wG/E4PEDFQiRMA0GCSqGSIb3DQEBCwUAMGAxCzAJ
BgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTYwNAYDVQQDEy1H
bG9iYWxTaWduIERvbWFpbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0gRzIwHhcN
MTcwMjEzMDcwODUyWhcNMTcwNTE2MDcwODUyWjCBiDELMAkGA1UEBhMCQkUxGTAX
BgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExFTATBgNVBAUTDDIwMTcwMjEzMTUwNDFH
MEUGA1UEAxM+R2xvYmFsU2lnbiBEb21haW4gVmFsaWRhdGlvbiBDQSAtIFNIQTI1
NiAtIEcyIC0gT0NTUCBSZXNwb25kZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQCbuh304Ea0GTo6exeCsHBMm+LKYV8nM9TmJwWBpeR8A8rj2+ry6lX4
gLDg3c3/s9/PhgPRpwgpyPObzB8yWc9fmv7TACbnqFjjSqIY73bx7rc4IjprvDZ/
Gz2poaV0h/eAfs/yp1Gn2/YNwouAg4jntd6MbnrT3b5sidhuQB99BDfTzxkY3TTt
JeEegJFtjWVVUhCdisCnygXOtdx0np4+isy01IH4TznSkIBAv5jSenkXiq6FWnXz
/AEoqaR+EijCj05Lxgv44fcFB2dXIABMG8Iqrc2i+bg2kSiIlz2SqwUdXoK4yKya
49NXWCM+eSRvGoaDwCECXgHibDToh2ZpAgMBAAGjgccwgcQwHQYDVR0OBBYEFDKx
zhSIxBx3xn0LLa7+Vp06X05pMB8GA1UdIwQYMBaAFOpOfNSALeUVgYYmjIJtwJik
z5cPMA8GCSsGAQUFBzABBQQCBQAwTAYDVR0gBEUwQzBBBgkrBgEEAaAyAV8wNDAy
BggrBgEFBQcCARYmaHR0cHM6Ly93d3cuZ2xvYmFsc2lnbi5jb20vcmVwb3NpdG9y
eS8wDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA0GCSqGSIb3
DQEBCwUAA4IBAQCG1HIHieTI+TuJF9OzP3SxmieBZtyS8Wz7qgnNe41imT5GmbEb
nWow8HVdjXCxyBxslZAV/4Q8/X3IiC53L4n3en/Ry3kl06yDNqRkR6Ep04l/JOmc
tbQ/vY73jYdBukm6TJne2NbSsXHB/qlaX9wVV2LIuSR4r+QhXQFlOnFtVODEWvPo
6vVOqdHc81SJdmAshjIfr4FsmsuVfNxHUH3SRZNktpe67ExEFAVf91EvTNFwOa0j
tX0+U1RSd0ZCJS7S31gK6Lyc4sJydVuW3sPXZUudGdKuHEbBAsQWF3ZjN9CU1y6S
zVMGzQOnGJXYXHu8ibeOOMG6Glq8zKTdIFYX
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [public, no-transform, must-revalidate]
Cf-Cache-Status: [UPDATING]
Cf-Ray: [357aa9627088077f-EWR]
Content-Length: [1564]
Content-Type: [application/ocsp-response]
Date: [Sun, 30 Apr 2017 12:56:32 GMT]
Etag: ["ad6540d31678d40dfa1d087400f4365107a35bb7"]
Expires: [Wed, 03 May 2017 04:17:59 GMT]
Last-Modified: [Sat, 29 Apr 2017 04:17:59 GMT]
Server: [cloudflare-nginx]
Set-Cookie: [__cfduid=d5b33b5d342303efc5caab980674006db1493556992; expires=Mon, 30-Apr-18 12:56:32 GMT; path=/; domain=.globalsign.com; HttpOnly]
Vary: [Accept-Encoding]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • OCSP response is valid for at least 8 hours (Microsoft)
  • OCSP response is available at least 8 hours before the current period expires or at ½ the validity if valid for more than 16 hours (Microsoft)
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)
This OCSP response was cached at
http://ocsp2.globalsign.com/gsdomainvalsha2g2 (GET)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp2.globalsign.com/gsdomainvalsha2g2 (GET)
Size: 1564 bytes (DER data)
Response time: 252.847683ms
Signature algorithm: SHA256WithRSA
Signature type: CA Deligated
Signed by: GlobalSign Domain Validation CA - SHA256 - G2 - OCSP Responder
Issued by: GlobalSign Domain Validation CA - SHA256 - G2
Signing certificate validity: 2017-02-13 - 2017-05-16
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: cloudflare-nginx
Content Delivery Network (CDN): CloudFlare
Cache Information: EXPIRED

URL used for GET request

http:/gsdomainvalsha2g2/MFMwUTBPME0wSzAJBgUrDgMCGgUABBTR8bV2%2Be7AwQ96%2FHwxJKnDYl18YQQU6k581IAt5RWBhiaMgm3AmKTPlw8CEhEhFgqprpDuLb9XLl6VZ2rxUg%3D%3D

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFMwUTBPME0wSzAJBgUrDgMCGgUABBTR8bV2+e7AwQ96/HwxJKnDYl18YQQU6k58
1IAt5RWBhiaMgm3AmKTPlw8CEhEhFgqprpDuLb9XLl6VZ2rxUg==
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIGGAoBAKCCBhEwggYNBgkrBgEFBQcwAQEEggX+MIIF+jCBoKIWBBQysc4UiMQc
d8Z9Cy2u/ladOl9OaRgPMjAxNzA0MzAxMTI3MzNaMHUwczBLMAkGBSsOAwIaBQAE
FNHxtXb57sDBD3r8fDEkqcNiXXxhBBTqTnzUgC3lFYGGJoyCbcCYpM+XDwISESEW
CqmukO4tv1cuXpVnavFSgAAYDzIwMTcwNDMwMTEyNzMzWqARGA8yMDE3MDUwNDEx
MjczM1owDQYJKoZIhvcNAQELBQADggEBAF5RdXgk0MY+xL8PtLEXDyVmSz/KvOJm
DyBKrVmkA0UAWgdYrMdLgeWtlSMJuZr+SGsgwmy6k4DCDv56jZUGTJAHiDPdkdVw
g2f21VKKtPiaPhF8zlZ6h+fKLw0j2XN3YjyI+RBhtcZmGR5Vfe/S9+tmI+V8Vgf2
xWbGSn761d2HGkt7vRrC8BKAoTHdtlSfiBWOCM80T7ojo0I2b9kWD+dd5OnZzRrP
UZ6VrVjxbq9Hc8kIRycPe0LavGEVj6pJCDjNu6rVaJxxsLlCL0v1k63uuyUfAWLY
MA+08b1wy/5kxJnQ/AHEr7U1QvI0tVJewyHI0nObv9JIAKNfvY5v5LigggQ/MIIE
OzCCBDcwggMfoAMCAQICDEGDecBvxODxAxUIkTANBgkqhkiG9w0BAQsFADBgMQsw
CQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTE2MDQGA1UEAxMt
R2xvYmFsU2lnbiBEb21haW4gVmFsaWRhdGlvbiBDQSAtIFNIQTI1NiAtIEcyMB4X
DTE3MDIxMzA3MDg1MloXDTE3MDUxNjA3MDg1MlowgYgxCzAJBgNVBAYTAkJFMRkw
FwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRUwEwYDVQQFEwwyMDE3MDIxMzE1MDQx
RzBFBgNVBAMTPkdsb2JhbFNpZ24gRG9tYWluIFZhbGlkYXRpb24gQ0EgLSBTSEEy
NTYgLSBHMiAtIE9DU1AgUmVzcG9uZGVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAm7od9OBGtBk6OnsXgrBwTJviymFfJzPU5icFgaXkfAPK49vq8upV
+ICw4N3N/7Pfz4YD0acIKcjzm8wfMlnPX5r+0wAm56hY40qiGO928e63OCI6a7w2
fxs9qaGldIf3gH7P8qdRp9v2DcKLgIOI57XejG56092+bInYbkAffQQ3088ZGN00
7SXhHoCRbY1lVVIQnYrAp8oFzrXcdJ6ePorMtNSB+E850pCAQL+Y0np5F4quhVp1
8/wBKKmkfhIowo9OS8YL+OH3BQdnVyAATBvCKq3Novm4NpEoiJc9kqsFHV6CuMis
muPTV1gjPnkkbxqGg8AhAl4B4mw06IdmaQIDAQABo4HHMIHEMB0GA1UdDgQWBBQy
sc4UiMQcd8Z9Cy2u/ladOl9OaTAfBgNVHSMEGDAWgBTqTnzUgC3lFYGGJoyCbcCY
pM+XDzAPBgkrBgEFBQcwAQUEAgUAMEwGA1UdIARFMEMwQQYJKwYBBAGgMgFfMDQw
MgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRv
cnkvMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDCTANBgkqhkiG
9w0BAQsFAAOCAQEAhtRyB4nkyPk7iRfTsz90sZongWbckvFs+6oJzXuNYpk+Rpmx
G51qMPB1XY1wscgcbJWQFf+EPP19yIgudy+J93p/0ct5JdOsgzakZEehKdOJfyTp
nLW0P72O942HQbpJukyZ3tjW0rFxwf6pWl/cFVdiyLkkeK/kIV0BZTpxbVTgxFrz
6Or1TqnR3PNUiXZgLIYyH6+BbJrLlXzcR1B90kWTZLaXuuxMRBQFX/dRL0zRcDmt
I7V9PlNUUndGQiUu0t9YCui8nOLCcnVblt7D12VLnRnSrhxGwQLEFhd2YzfQlNcu
ks1TBs0DpxiV2Fx7vIm3jjjBuhpavMyk3SBWFw==
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIENzCCAx+gAwIBAgIMQYN5wG/E4PEDFQiRMA0GCSqGSIb3DQEBCwUAMGAxCzAJ
BgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTYwNAYDVQQDEy1H
bG9iYWxTaWduIERvbWFpbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0gRzIwHhcN
MTcwMjEzMDcwODUyWhcNMTcwNTE2MDcwODUyWjCBiDELMAkGA1UEBhMCQkUxGTAX
BgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExFTATBgNVBAUTDDIwMTcwMjEzMTUwNDFH
MEUGA1UEAxM+R2xvYmFsU2lnbiBEb21haW4gVmFsaWRhdGlvbiBDQSAtIFNIQTI1
NiAtIEcyIC0gT0NTUCBSZXNwb25kZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQCbuh304Ea0GTo6exeCsHBMm+LKYV8nM9TmJwWBpeR8A8rj2+ry6lX4
gLDg3c3/s9/PhgPRpwgpyPObzB8yWc9fmv7TACbnqFjjSqIY73bx7rc4IjprvDZ/
Gz2poaV0h/eAfs/yp1Gn2/YNwouAg4jntd6MbnrT3b5sidhuQB99BDfTzxkY3TTt
JeEegJFtjWVVUhCdisCnygXOtdx0np4+isy01IH4TznSkIBAv5jSenkXiq6FWnXz
/AEoqaR+EijCj05Lxgv44fcFB2dXIABMG8Iqrc2i+bg2kSiIlz2SqwUdXoK4yKya
49NXWCM+eSRvGoaDwCECXgHibDToh2ZpAgMBAAGjgccwgcQwHQYDVR0OBBYEFDKx
zhSIxBx3xn0LLa7+Vp06X05pMB8GA1UdIwQYMBaAFOpOfNSALeUVgYYmjIJtwJik
z5cPMA8GCSsGAQUFBzABBQQCBQAwTAYDVR0gBEUwQzBBBgkrBgEEAaAyAV8wNDAy
BggrBgEFBQcCARYmaHR0cHM6Ly93d3cuZ2xvYmFsc2lnbi5jb20vcmVwb3NpdG9y
eS8wDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA0GCSqGSIb3
DQEBCwUAA4IBAQCG1HIHieTI+TuJF9OzP3SxmieBZtyS8Wz7qgnNe41imT5GmbEb
nWow8HVdjXCxyBxslZAV/4Q8/X3IiC53L4n3en/Ry3kl06yDNqRkR6Ep04l/JOmc
tbQ/vY73jYdBukm6TJne2NbSsXHB/qlaX9wVV2LIuSR4r+QhXQFlOnFtVODEWvPo
6vVOqdHc81SJdmAshjIfr4FsmsuVfNxHUH3SRZNktpe67ExEFAVf91EvTNFwOa0j
tX0+U1RSd0ZCJS7S31gK6Lyc4sJydVuW3sPXZUudGdKuHEbBAsQWF3ZjN9CU1y6S
zVMGzQOnGJXYXHu8ibeOOMG6Glq8zKTdIFYX
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [public, no-transform, must-revalidate]
Cf-Cache-Status: [EXPIRED]
Cf-Ray: [357aa96271730ef7-EWR]
Content-Length: [1564]
Content-Type: [application/ocsp-response]
Date: [Sun, 30 Apr 2017 12:56:32 GMT]
Etag: ["1152b56036263721c68afa0084df1b0c25e8dc7e"]
Expires: [Thu, 04 May 2017 11:27:33 GMT]
Last-Modified: [Sun, 30 Apr 2017 11:27:33 GMT]
Server: [cloudflare-nginx]
Set-Cookie: [__cfduid=db782ed7acbdd1588f884b118510f6c151493556992; expires=Mon, 30-Apr-18 12:56:32 GMT; path=/; domain=.globalsign.com; HttpOnly]
Vary: [Accept-Encoding]
  • OCSP requests is smaller than 255 bytes
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • OCSP response is valid for at least 8 hours (Microsoft)
  • OCSP response is available at least 8 hours before the current period expires or at ½ the validity if valid for more than 16 hours (Microsoft)
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

GlobalSign Domain Validation CA - SHA256 - G2 (CA Certificate)

Certificate details for GlobalSign Domain Validation CA - SHA256 - G2 (At position 1 in certificate chain)
Serial number:
hex: 40000000001444ef03e20
int: 4835703278459909592596000
Issued by: GlobalSign Root CA
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: GlobalSign nv-sa
Country: BE
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

Certificate Revocation List (CRL)

This CRL was cached at
http://crl.globalsign.net/root.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://crl.globalsign.net/root.crl
Size: 782 bytes (DER data)
Response time: 8.350291ms
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 7

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: cloudflare-nginx
Content Delivery Network (CDN): CloudFlare
Cache Information: HIT

Raw CRL response headers

Accept-Ranges: [bytes]
Cache-Control: [public, max-age=6519808]
Cf-Cache-Status: [HIT]
Cf-Ray: [357aa962706506a9-EWR]
Content-Length: [782]
Content-Type: [application/pkix-crl]
Date: [Sun, 30 Apr 2017 12:56:32 GMT]
Etag: [39]
Expires: [Sat, 15 Jul 2017 00:00:00 GMT]
Last-Modified: [Wed, 19 Apr 2017 00:00:00 GMT]
Server: [cloudflare-nginx]
Set-Cookie: [__cfduid=dbdce1a465b0d1b9afd46808da374c5d01493556992; expires=Mon, 30-Apr-18 12:56:32 GMT; path=/; domain=.globalsign.net; HttpOnly]
Vary: [Accept-Encoding]
  • Content-Type in response is set to 'application/pkix-crl (RFC 5280, section 4.2.1.13)'
  • This CRL file is DER encoded
  • Issuer field is byte-for-byte equivalent with issuers subject
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://ocsp.globalsign.com/rootr1 (GET)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp.globalsign.com/rootr1 (GET)
Size: 1518 bytes (DER data)
Response time: 7.707334ms
Signature algorithm: SHA256WithRSA
Signature type: CA Deligated
Signed by: GlobalSign OCSP for Root R1 - Signer 1.1
Issued by: GlobalSign Root CA
Signing certificate validity: 2017-04-07 - 2017-07-15
Signing certificate algorithm: SHA1-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: cloudflare-nginx
Content Delivery Network (CDN): CloudFlare
Cache Information: HIT

URL used for GET request

http:/rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCCwQAAAAAAURO8D4g

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6+MgGqMQQUYHtm
GkUNl8qJUC99BM00qP/8/UsCCwQAAAAAAURO8D4g
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIF6goBAKCCBeMwggXfBgkrBgEFBQcwAQEEggXQMIIFzDCBmaIWBBRr0IWpLGvT
FeIMvlCoqIzANZCQQRgPMjAxNzA0MzAxMDE5NTBaMG4wbDBEMAkGBSsOAwIaBQAE
FLdXtbacB/gWIxOOkMkqDr4yAaoxBBRge2YaRQ2XyolQL30EzTSo//z9SwILBAAA
AAABRE7wPiCAABgPMjAxNzA0MzAxMDE5NTBaoBEYDzIwMTcwNTA0MTAxOTUwWjAN
BgkqhkiG9w0BAQsFAAOCAQEAdYcyunEU3dwHeFZH/fi4VOfrGr1Ws7J5ddhkcU1f
IZMwuBrQWDtqZMuZLz/SX5+zKslNEKdbM08sk+JiNKAId5gbjh0dAlkoOuCG6852
tmPwJOEN/Oc6ywpug0h0kQ/FS7FDlZm9QV6eYwV6L9g9r+4x7AA5hZwGA8vO/UV1
NNM13JaBecAIPjd+EL5+U3XBpYYeA7gTJM0CAaOd9Wkpidd3Hb+36pi4nOpAN5dC
y6REDYItpSeQX7RXIQFXL8H303DzS4qazYwZZ3c9WrYtGdXF52BQXjFsivyjQSjo
3Mq/MdIzZPAUZonbT5qdLJwQrYg8PoP1HUpf6+Sf9UxsiaCCBBgwggQUMIIEEDCC
AvigAwIBAgIOSPWzESmX3xEGSFD3EkEwDQYJKoZIhvcNAQEFBQAwVzELMAkGA1UE
BhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jvb3Qg
Q0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xNzA0MDcwMDAwMDBa
Fw0xNzA3MTUwMDAwMDBaMFsxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxT
aWduIG52LXNhMTEwLwYDVQQDEyhHbG9iYWxTaWduIE9DU1AgZm9yIFJvb3QgUjEg
LSBTaWduZXIgMS4xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuhvF
lmaool/STZVnvGSHel5cQ0D+Ru/AHHAD7pxWRN/ufb2Gq+KLdhWROdAI0eLvaQAV
Om3kxM9IPc0tZMEwI618halKDO1TG5zz/GQMp1r4wuaPqGEaqi6CD+UBFyaGlhLq
nsgB74qjtB5rl6bMy5/3An87DVuKN7IdC6kBuBTuGVk7tDcrS8bPF/LA+AzAz3g7
WTpMSlZAIXrEl5bgXzQHvHfYCpMsmcZBI4NmYgmtCNgphOwkxNQENcQPGhM/4eCj
0k3DtXtPXpp0iTPxVbBi/dQ2SKi73UqPttQNb5AQf2fHjCGClSKHk3sq0NisHrCW
gbcdT4ayMqDjSjh4SwIDAQABo4HVMIHSMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUE
DDAKBggrBgEFBQcDCTAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRr0IWpLGvTFeIM
vlCoqIzANZCQQTAfBgNVHSMEGDAWgBRge2YaRQ2XyolQL30EzTSo//z9SzAPBgkr
BgEFBQcwAQUEAgUAMEwGA1UdIARFMEMwQQYJKwYBBAGgMgFfMDQwMgYIKwYBBQUH
AgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMA0GCSqG
SIb3DQEBBQUAA4IBAQAxKJcSLXgYKslSd0pla6b8U8XXV3cP6kOd4LL40UG/B8gl
qJD+YBGv7oPJDAezG1pzmoqrcBQhKbWG8whhj5fKs56iMiz82Kaovb5s4CaRfcTJ
uzLHrHoLuGbAnLR/S+p2pFVcxNLE9TmQ9X5gwwvnrf/RxWjocetUcqnt7Nvoy/Fo
At16plXiUk1PAiz60EgUvyx4Jm9uirb+G7NQpmaP1FtyAYkBOr/XtbyYd3ZToUqj
9m1iy5o5NlDsBFNR6pYowu0/KJwNs+d5kjr2HtllfMrYP4yTv8fDNed1SyRxw7XH
xwCHbgWc12rPOOt3/hetmIelMQj8esDBp0ZsH3PF
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIEEDCCAvigAwIBAgIOSPWzESmX3xEGSFD3EkEwDQYJKoZIhvcNAQEFBQAwVzEL
MAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsT
B1Jvb3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xNzA0MDcw
MDAwMDBaFw0xNzA3MTUwMDAwMDBaMFsxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBH
bG9iYWxTaWduIG52LXNhMTEwLwYDVQQDEyhHbG9iYWxTaWduIE9DU1AgZm9yIFJv
b3QgUjEgLSBTaWduZXIgMS4xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAuhvFlmaool/STZVnvGSHel5cQ0D+Ru/AHHAD7pxWRN/ufb2Gq+KLdhWROdAI
0eLvaQAVOm3kxM9IPc0tZMEwI618halKDO1TG5zz/GQMp1r4wuaPqGEaqi6CD+UB
FyaGlhLqnsgB74qjtB5rl6bMy5/3An87DVuKN7IdC6kBuBTuGVk7tDcrS8bPF/LA
+AzAz3g7WTpMSlZAIXrEl5bgXzQHvHfYCpMsmcZBI4NmYgmtCNgphOwkxNQENcQP
GhM/4eCj0k3DtXtPXpp0iTPxVbBi/dQ2SKi73UqPttQNb5AQf2fHjCGClSKHk3sq
0NisHrCWgbcdT4ayMqDjSjh4SwIDAQABo4HVMIHSMA4GA1UdDwEB/wQEAwIHgDAT
BgNVHSUEDDAKBggrBgEFBQcDCTAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRr0IWp
LGvTFeIMvlCoqIzANZCQQTAfBgNVHSMEGDAWgBRge2YaRQ2XyolQL30EzTSo//z9
SzAPBgkrBgEFBQcwAQUEAgUAMEwGA1UdIARFMEMwQQYJKwYBBAGgMgFfMDQwMgYI
KwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkv
MA0GCSqGSIb3DQEBBQUAA4IBAQAxKJcSLXgYKslSd0pla6b8U8XXV3cP6kOd4LL4
0UG/B8glqJD+YBGv7oPJDAezG1pzmoqrcBQhKbWG8whhj5fKs56iMiz82Kaovb5s
4CaRfcTJuzLHrHoLuGbAnLR/S+p2pFVcxNLE9TmQ9X5gwwvnrf/RxWjocetUcqnt
7Nvoy/FoAt16plXiUk1PAiz60EgUvyx4Jm9uirb+G7NQpmaP1FtyAYkBOr/XtbyY
d3ZToUqj9m1iy5o5NlDsBFNR6pYowu0/KJwNs+d5kjr2HtllfMrYP4yTv8fDNed1
SyRxw7XHxwCHbgWc12rPOOt3/hetmIelMQj8esDBp0ZsH3PF
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [public, no-transform, must-revalidate]
Cf-Cache-Status: [HIT]
Cf-Ray: [357aa96276304728-EWR]
Content-Length: [1518]
Content-Type: [application/ocsp-response]
Date: [Sun, 30 Apr 2017 12:56:32 GMT]
Etag: ["d5ac8b97ac9a3021c60e4279b64bcbde3ab027dc"]
Expires: [Thu, 04 May 2017 10:19:50 GMT]
Last-Modified: [Sun, 30 Apr 2017 10:19:50 GMT]
Server: [cloudflare-nginx]
Set-Cookie: [__cfduid=d41286a74b6347035b1a54b2eb1d230691493556992; expires=Mon, 30-Apr-18 12:56:32 GMT; path=/; domain=.globalsign.com; HttpOnly]
Vary: [Accept-Encoding]
  • OCSP requests is smaller than 255 bytes
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)
This OCSP response was cached at
http://ocsp.globalsign.com/rootr1 (POST)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp.globalsign.com/rootr1 (POST)
Size: 1518 bytes (DER data)
Response time: 9.744935ms
Signature algorithm: SHA256WithRSA
Signature type: CA Deligated
Signed by: GlobalSign OCSP for Root R1 - Signer 1.1
Issued by: GlobalSign Root CA
Signing certificate validity: 2017-04-07 - 2017-07-15
Signing certificate algorithm: SHA1-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: cloudflare-nginx
Content Delivery Network (CDN): CloudFlare
Cache Information: HIT

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6+MgGqMQQUYHtm
GkUNl8qJUC99BM00qP/8/UsCCwQAAAAAAURO8D4g
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIF6goBAKCCBeMwggXfBgkrBgEFBQcwAQEEggXQMIIFzDCBmaIWBBRr0IWpLGvT
FeIMvlCoqIzANZCQQRgPMjAxNzA0MzAxMDE5NTBaMG4wbDBEMAkGBSsOAwIaBQAE
FLdXtbacB/gWIxOOkMkqDr4yAaoxBBRge2YaRQ2XyolQL30EzTSo//z9SwILBAAA
AAABRE7wPiCAABgPMjAxNzA0MzAxMDE5NTBaoBEYDzIwMTcwNTA0MTAxOTUwWjAN
BgkqhkiG9w0BAQsFAAOCAQEAdYcyunEU3dwHeFZH/fi4VOfrGr1Ws7J5ddhkcU1f
IZMwuBrQWDtqZMuZLz/SX5+zKslNEKdbM08sk+JiNKAId5gbjh0dAlkoOuCG6852
tmPwJOEN/Oc6ywpug0h0kQ/FS7FDlZm9QV6eYwV6L9g9r+4x7AA5hZwGA8vO/UV1
NNM13JaBecAIPjd+EL5+U3XBpYYeA7gTJM0CAaOd9Wkpidd3Hb+36pi4nOpAN5dC
y6REDYItpSeQX7RXIQFXL8H303DzS4qazYwZZ3c9WrYtGdXF52BQXjFsivyjQSjo
3Mq/MdIzZPAUZonbT5qdLJwQrYg8PoP1HUpf6+Sf9UxsiaCCBBgwggQUMIIEEDCC
AvigAwIBAgIOSPWzESmX3xEGSFD3EkEwDQYJKoZIhvcNAQEFBQAwVzELMAkGA1UE
BhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jvb3Qg
Q0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xNzA0MDcwMDAwMDBa
Fw0xNzA3MTUwMDAwMDBaMFsxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxT
aWduIG52LXNhMTEwLwYDVQQDEyhHbG9iYWxTaWduIE9DU1AgZm9yIFJvb3QgUjEg
LSBTaWduZXIgMS4xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuhvF
lmaool/STZVnvGSHel5cQ0D+Ru/AHHAD7pxWRN/ufb2Gq+KLdhWROdAI0eLvaQAV
Om3kxM9IPc0tZMEwI618halKDO1TG5zz/GQMp1r4wuaPqGEaqi6CD+UBFyaGlhLq
nsgB74qjtB5rl6bMy5/3An87DVuKN7IdC6kBuBTuGVk7tDcrS8bPF/LA+AzAz3g7
WTpMSlZAIXrEl5bgXzQHvHfYCpMsmcZBI4NmYgmtCNgphOwkxNQENcQPGhM/4eCj
0k3DtXtPXpp0iTPxVbBi/dQ2SKi73UqPttQNb5AQf2fHjCGClSKHk3sq0NisHrCW
gbcdT4ayMqDjSjh4SwIDAQABo4HVMIHSMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUE
DDAKBggrBgEFBQcDCTAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRr0IWpLGvTFeIM
vlCoqIzANZCQQTAfBgNVHSMEGDAWgBRge2YaRQ2XyolQL30EzTSo//z9SzAPBgkr
BgEFBQcwAQUEAgUAMEwGA1UdIARFMEMwQQYJKwYBBAGgMgFfMDQwMgYIKwYBBQUH
AgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMA0GCSqG
SIb3DQEBBQUAA4IBAQAxKJcSLXgYKslSd0pla6b8U8XXV3cP6kOd4LL40UG/B8gl
qJD+YBGv7oPJDAezG1pzmoqrcBQhKbWG8whhj5fKs56iMiz82Kaovb5s4CaRfcTJ
uzLHrHoLuGbAnLR/S+p2pFVcxNLE9TmQ9X5gwwvnrf/RxWjocetUcqnt7Nvoy/Fo
At16plXiUk1PAiz60EgUvyx4Jm9uirb+G7NQpmaP1FtyAYkBOr/XtbyYd3ZToUqj
9m1iy5o5NlDsBFNR6pYowu0/KJwNs+d5kjr2HtllfMrYP4yTv8fDNed1SyRxw7XH
xwCHbgWc12rPOOt3/hetmIelMQj8esDBp0ZsH3PF
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIEEDCCAvigAwIBAgIOSPWzESmX3xEGSFD3EkEwDQYJKoZIhvcNAQEFBQAwVzEL
MAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsT
B1Jvb3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xNzA0MDcw
MDAwMDBaFw0xNzA3MTUwMDAwMDBaMFsxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBH
bG9iYWxTaWduIG52LXNhMTEwLwYDVQQDEyhHbG9iYWxTaWduIE9DU1AgZm9yIFJv
b3QgUjEgLSBTaWduZXIgMS4xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAuhvFlmaool/STZVnvGSHel5cQ0D+Ru/AHHAD7pxWRN/ufb2Gq+KLdhWROdAI
0eLvaQAVOm3kxM9IPc0tZMEwI618halKDO1TG5zz/GQMp1r4wuaPqGEaqi6CD+UB
FyaGlhLqnsgB74qjtB5rl6bMy5/3An87DVuKN7IdC6kBuBTuGVk7tDcrS8bPF/LA
+AzAz3g7WTpMSlZAIXrEl5bgXzQHvHfYCpMsmcZBI4NmYgmtCNgphOwkxNQENcQP
GhM/4eCj0k3DtXtPXpp0iTPxVbBi/dQ2SKi73UqPttQNb5AQf2fHjCGClSKHk3sq
0NisHrCWgbcdT4ayMqDjSjh4SwIDAQABo4HVMIHSMA4GA1UdDwEB/wQEAwIHgDAT
BgNVHSUEDDAKBggrBgEFBQcDCTAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRr0IWp
LGvTFeIMvlCoqIzANZCQQTAfBgNVHSMEGDAWgBRge2YaRQ2XyolQL30EzTSo//z9
SzAPBgkrBgEFBQcwAQUEAgUAMEwGA1UdIARFMEMwQQYJKwYBBAGgMgFfMDQwMgYI
KwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkv
MA0GCSqGSIb3DQEBBQUAA4IBAQAxKJcSLXgYKslSd0pla6b8U8XXV3cP6kOd4LL4
0UG/B8glqJD+YBGv7oPJDAezG1pzmoqrcBQhKbWG8whhj5fKs56iMiz82Kaovb5s
4CaRfcTJuzLHrHoLuGbAnLR/S+p2pFVcxNLE9TmQ9X5gwwvnrf/RxWjocetUcqnt
7Nvoy/FoAt16plXiUk1PAiz60EgUvyx4Jm9uirb+G7NQpmaP1FtyAYkBOr/XtbyY
d3ZToUqj9m1iy5o5NlDsBFNR6pYowu0/KJwNs+d5kjr2HtllfMrYP4yTv8fDNed1
SyRxw7XHxwCHbgWc12rPOOt3/hetmIelMQj8esDBp0ZsH3PF
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [public, no-transform, must-revalidate]
Cf-Cache-Status: [HIT]
Cf-Ray: [357aa9627025214a-EWR]
Content-Length: [1518]
Content-Type: [application/ocsp-response]
Date: [Sun, 30 Apr 2017 12:56:32 GMT]
Etag: ["d5ac8b97ac9a3021c60e4279b64bcbde3ab027dc"]
Expires: [Thu, 04 May 2017 10:19:50 GMT]
Last-Modified: [Sun, 30 Apr 2017 10:19:50 GMT]
Server: [cloudflare-nginx]
Set-Cookie: [__cfduid=d8151bfc312ecfefbe442cbbaca01bb361493556992; expires=Mon, 30-Apr-18 12:56:32 GMT; path=/; domain=.globalsign.com; HttpOnly]
Vary: [Accept-Encoding]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

GlobalSign Root CA (CA Certificate)

Certificate details for GlobalSign Root CA (At position 2 in certificate chain)
Serial number:
hex: 40000000001154b5ac394
int: 4835703278459707669005204
Issued by: GlobalSign Root CA
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: GlobalSign nv-sa
Organization unit: Root CA
Country: BE
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

This is a self signed certificate

Check the revocation status for another website

Created by Paul van Brouwershaven
Revoked certificates can't and should not be trusted, these certificate will cause errors like "NET::ERR_CERT_REVOKED" in browsers.