CRL & OCSP report for www.tradesmansaver.co.uk

www.tradesmansaver.co.uk

Certificate details for www.tradesmansaver.co.uk (At position 0 in certificate chain)
Serial number:
hex: 11219f8ff1dd308a1a7e9c99264336977488
int: 1492350273603680895024096863333758585500808
Issued by: GlobalSign Domain Validation CA - SHA256 - G2
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization unit: Domain Control Validated
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

Check certificate compliance for www.tradesmansaver.co.uk.

Certificate Revocation List (CRL)

This CRL was cached at
http://crl.globalsign.com/gs/gsdomainvalsha2g2.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://crl.globalsign.com/gs/gsdomainvalsha2g2.crl
Size: 111390 bytes (DER data)
Response time: 65.574671ms
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 3484

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: cloudflare-nginx
Content Delivery Network (CDN): CloudFlare, CloudFront
Cache Information: HIT, Hit from cloudfront

Raw CRL response headers

Accept-Ranges: [bytes]
Cache-Control: [public, no-transform, must-revalidate]
Cf-Cache-Status: [HIT]
Cf-Ray: [3761bfe5422b0ed9-EWR]
Content-Length: [111390]
Content-Type: [application/pkix-crl]
Date: [Wed, 28 Jun 2017 15:41:19 GMT]
Etag: [E4A9]
Expires: [Wed, 05 Jul 2017 15:05:33 GMT]
Last-Modified: [Wed, 28 Jun 2017 15:05:33 GMT]
Server: [cloudflare-nginx]
Set-Cookie: [__cfduid=d80e1a12a44a02f542f8d9f11ab0533d51498664479; expires=Thu, 28-Jun-18 15:41:19 GMT; path=/; domain=.globalsign.com; HttpOnly]
Vary: [Accept-Encoding]
Via: [1.1 a6e6de55f7ddbeeba09f3954e960354f.cloudfront.net (CloudFront)]
X-Amz-Cf-Id: [XKCGL2fkhFlCPrSoFM4z_JzF2GwSqK8J7bvPkZhZXNGn-VxHRuMcqQ==]
X-Cache: [Hit from cloudfront]
  • Content-Type in response is set to 'application/pkix-crl (RFC 5280, section 4.2.1.13)'
  • This CRL file is DER encoded
  • Issuer field is byte-for-byte equivalent with issuers subject
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than seven days old, CRLs must be updated and reissued at least every seven days (Mozilla Maintenance Policy section 3)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://ocsp2.globalsign.com/gsdomainvalsha2g2 (GET)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp2.globalsign.com/gsdomainvalsha2g2 (GET)
Size: 1564 bytes (DER data)
Response time: 361.497149ms
Signature algorithm: SHA256WithRSA
Signature type: CA Delegated
Signed by: GlobalSign Domain Validation CA - SHA256 - G2 - OCSP Responder
Issued by: GlobalSign Domain Validation CA - SHA256 - G2
Signing certificate validity: 2017-05-04 - 2017-08-04
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: cloudflare-nginx
Content Delivery Network (CDN): CloudFlare
Cache Information: MISS

URL used for GET request

http://ocsp2.globalsign.com/gsdomainvalsha2g2/MFMwUTBPME0wSzAJBgUrDgMCGgUABBTR8bV2%2Be7AwQ96%2FHwxJKnDYl18YQQU6k581IAt5RWBhiaMgm3AmKTPlw8CEhEhn4%2Fx3TCKGn6cmSZDNpd0iA%3D%3D

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFMwUTBPME0wSzAJBgUrDgMCGgUABBTR8bV2+e7AwQ96/HwxJKnDYl18YQQU6k58
1IAt5RWBhiaMgm3AmKTPlw8CEhEhn4/x3TCKGn6cmSZDNpd0iA==
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIGGAoBAKCCBhEwggYNBgkrBgEFBQcwAQEEggX+MIIF+jCBoKIWBBQysc4UiMQc
d8Z9Cy2u/ladOl9OaRgPMjAxNzA2MjgxMzM3MjRaMHUwczBLMAkGBSsOAwIaBQAE
FNHxtXb57sDBD3r8fDEkqcNiXXxhBBTqTnzUgC3lFYGGJoyCbcCYpM+XDwISESGf
j/HdMIoafpyZJkM2l3SIgAAYDzIwMTcwNjI4MTMzNzI0WqARGA8yMDE3MDcwMjEz
MzcyNFowDQYJKoZIhvcNAQELBQADggEBAHDbayQghX6OFz79GfhHPynTsBHxoUPi
8Ff3T1xiYC2ZPgQsJc0VTqtm6c4Bc1QA5u/4Jvce6OTVAKM333b8oBtd1px+Tkp5
nSbl4w/sobGKRk29MzWvn9GWPiNykmhMjYZzz1jZKDLnF48QEYFwDxHkncZeZzws
25uOL4fhovf0cjYgaG5k9X4LFM4s/5YjQYLFUQ8Nm55Ii/QYi5yhrtbRbjlvnNoW
fzJX/7/S5uj2Ik8UfQqvE5vKb9eB+8S8VEhHKx/UPmngOzU6aCs3MQjUfloySNA9
vx098mB9Y8epXCVmOxcEuPvadg5STBM9jtF3YI/dbutX3JvDjNvMRhygggQ/MIIE
OzCCBDcwggMfoAMCAQICDE+vTjq0pLorUqAiaTANBgkqhkiG9w0BAQsFADBgMQsw
CQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTE2MDQGA1UEAxMt
R2xvYmFsU2lnbiBEb21haW4gVmFsaWRhdGlvbiBDQSAtIFNIQTI1NiAtIEcyMB4X
DTE3MDUwNDA4MTIxMloXDTE3MDgwNDA4MTIxMlowgYgxCzAJBgNVBAYTAkJFMRkw
FwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRUwEwYDVQQFEwwyMDE3MDUwNDAwMTkx
RzBFBgNVBAMTPkdsb2JhbFNpZ24gRG9tYWluIFZhbGlkYXRpb24gQ0EgLSBTSEEy
NTYgLSBHMiAtIE9DU1AgUmVzcG9uZGVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAm7od9OBGtBk6OnsXgrBwTJviymFfJzPU5icFgaXkfAPK49vq8upV
+ICw4N3N/7Pfz4YD0acIKcjzm8wfMlnPX5r+0wAm56hY40qiGO928e63OCI6a7w2
fxs9qaGldIf3gH7P8qdRp9v2DcKLgIOI57XejG56092+bInYbkAffQQ3088ZGN00
7SXhHoCRbY1lVVIQnYrAp8oFzrXcdJ6ePorMtNSB+E850pCAQL+Y0np5F4quhVp1
8/wBKKmkfhIowo9OS8YL+OH3BQdnVyAATBvCKq3Novm4NpEoiJc9kqsFHV6CuMis
muPTV1gjPnkkbxqGg8AhAl4B4mw06IdmaQIDAQABo4HHMIHEMB0GA1UdDgQWBBQy
sc4UiMQcd8Z9Cy2u/ladOl9OaTAfBgNVHSMEGDAWgBTqTnzUgC3lFYGGJoyCbcCY
pM+XDzAPBgkrBgEFBQcwAQUEAgUAMEwGA1UdIARFMEMwQQYJKwYBBAGgMgFfMDQw
MgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRv
cnkvMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDCTANBgkqhkiG
9w0BAQsFAAOCAQEAOSJLtLXfFT76orTSbuzpYmuGKbd1UGMv3el8c0dXBTfCWUGb
CDZUqbCA4YpoZPpGyTphMPx9wyd8O7UwCDFUyu2LE7uAuS1BAb3FZcb3Cv3o440l
o0vqyQKSC4wlHt+Wu6RDlA/V69/G/FmYAGw2n55V6+57Lxx2hESltMW2K9APw6kr
qiK5u+ESekBbQwC91WNrAF4evYRSeOYVb1safELcun19RD6reb10QVz1bdAmFh4S
pjkwNCGMku32oCtLayuTt0YcIMwAtYWp5jBwAxAkhrlnXF6Vu0mtKzgfesgoxc6x
03j6AQGahd2p4I4XEIHOwU7ed+IqlWcGoym8Vg==
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIENzCCAx+gAwIBAgIMT69OOrSkuitSoCJpMA0GCSqGSIb3DQEBCwUAMGAxCzAJ
BgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTYwNAYDVQQDEy1H
bG9iYWxTaWduIERvbWFpbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0gRzIwHhcN
MTcwNTA0MDgxMjEyWhcNMTcwODA0MDgxMjEyWjCBiDELMAkGA1UEBhMCQkUxGTAX
BgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExFTATBgNVBAUTDDIwMTcwNTA0MDAxOTFH
MEUGA1UEAxM+R2xvYmFsU2lnbiBEb21haW4gVmFsaWRhdGlvbiBDQSAtIFNIQTI1
NiAtIEcyIC0gT0NTUCBSZXNwb25kZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQCbuh304Ea0GTo6exeCsHBMm+LKYV8nM9TmJwWBpeR8A8rj2+ry6lX4
gLDg3c3/s9/PhgPRpwgpyPObzB8yWc9fmv7TACbnqFjjSqIY73bx7rc4IjprvDZ/
Gz2poaV0h/eAfs/yp1Gn2/YNwouAg4jntd6MbnrT3b5sidhuQB99BDfTzxkY3TTt
JeEegJFtjWVVUhCdisCnygXOtdx0np4+isy01IH4TznSkIBAv5jSenkXiq6FWnXz
/AEoqaR+EijCj05Lxgv44fcFB2dXIABMG8Iqrc2i+bg2kSiIlz2SqwUdXoK4yKya
49NXWCM+eSRvGoaDwCECXgHibDToh2ZpAgMBAAGjgccwgcQwHQYDVR0OBBYEFDKx
zhSIxBx3xn0LLa7+Vp06X05pMB8GA1UdIwQYMBaAFOpOfNSALeUVgYYmjIJtwJik
z5cPMA8GCSsGAQUFBzABBQQCBQAwTAYDVR0gBEUwQzBBBgkrBgEEAaAyAV8wNDAy
BggrBgEFBQcCARYmaHR0cHM6Ly93d3cuZ2xvYmFsc2lnbi5jb20vcmVwb3NpdG9y
eS8wDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA0GCSqGSIb3
DQEBCwUAA4IBAQA5Iku0td8VPvqitNJu7Olia4Ypt3VQYy/d6XxzR1cFN8JZQZsI
NlSpsIDhimhk+kbJOmEw/H3DJ3w7tTAIMVTK7YsTu4C5LUEBvcVlxvcK/ejjjSWj
S+rJApILjCUe35a7pEOUD9Xr38b8WZgAbDafnlXr7nsvHHaERKW0xbYr0A/DqSuq
Irm74RJ6QFtDAL3VY2sAXh69hFJ45hVvWxp8Qty6fX1EPqt5vXRBXPVt0CYWHhKm
OTA0IYyS7fagK0trK5O3RhwgzAC1hanmMHADECSGuWdcXpW7Sa0rOB96yCjFzrHT
ePoBAZqF3angjhcQgc7BTt534iqVZwajKbxW
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [public, no-transform, must-revalidate]
Cf-Cache-Status: [MISS]
Cf-Ray: [3761bfe540552150-EWR]
Content-Length: [1564]
Content-Type: [application/ocsp-response]
Date: [Wed, 28 Jun 2017 15:41:19 GMT]
Etag: ["c58b15e47cbe1b5c29c80a8573c6b63d26c6afae"]
Expires: [Sun, 02 Jul 2017 13:37:24 GMT]
Last-Modified: [Wed, 28 Jun 2017 13:37:24 GMT]
Server: [cloudflare-nginx]
Set-Cookie: [__cfduid=dc4fe4cfba9fb2ae97a0c8e0f041ec3471498664479; expires=Thu, 28-Jun-18 15:41:19 GMT; path=/; domain=.globalsign.com; HttpOnly]
Vary: [Accept-Encoding]
  • OCSP requests is smaller than 255 bytes
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • OCSP response is valid for at least 8 hours (Microsoft)
  • OCSP response is available at least 8 hours before the current period expires or at ½ the validity if valid for more than 16 hours (Microsoft)
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)
This OCSP response was cached at
http://ocsp2.globalsign.com/gsdomainvalsha2g2 (POST)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp2.globalsign.com/gsdomainvalsha2g2 (POST)
Size: 1564 bytes (DER data)
Response time: 529.020851ms
Signature algorithm: SHA256WithRSA
Signature type: CA Delegated
Signed by: GlobalSign Domain Validation CA - SHA256 - G2 - OCSP Responder
Issued by: GlobalSign Domain Validation CA - SHA256 - G2
Signing certificate validity: 2017-05-04 - 2017-08-04
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: cloudflare-nginx
Content Delivery Network (CDN): CloudFlare
Cache Information: HIT

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFMwUTBPME0wSzAJBgUrDgMCGgUABBTR8bV2+e7AwQ96/HwxJKnDYl18YQQU6k58
1IAt5RWBhiaMgm3AmKTPlw8CEhEhn4/x3TCKGn6cmSZDNpd0iA==
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIGGAoBAKCCBhEwggYNBgkrBgEFBQcwAQEEggX+MIIF+jCBoKIWBBQysc4UiMQc
d8Z9Cy2u/ladOl9OaRgPMjAxNzA2MjgxMzM3MjRaMHUwczBLMAkGBSsOAwIaBQAE
FNHxtXb57sDBD3r8fDEkqcNiXXxhBBTqTnzUgC3lFYGGJoyCbcCYpM+XDwISESGf
j/HdMIoafpyZJkM2l3SIgAAYDzIwMTcwNjI4MTMzNzI0WqARGA8yMDE3MDcwMjEz
MzcyNFowDQYJKoZIhvcNAQELBQADggEBAHDbayQghX6OFz79GfhHPynTsBHxoUPi
8Ff3T1xiYC2ZPgQsJc0VTqtm6c4Bc1QA5u/4Jvce6OTVAKM333b8oBtd1px+Tkp5
nSbl4w/sobGKRk29MzWvn9GWPiNykmhMjYZzz1jZKDLnF48QEYFwDxHkncZeZzws
25uOL4fhovf0cjYgaG5k9X4LFM4s/5YjQYLFUQ8Nm55Ii/QYi5yhrtbRbjlvnNoW
fzJX/7/S5uj2Ik8UfQqvE5vKb9eB+8S8VEhHKx/UPmngOzU6aCs3MQjUfloySNA9
vx098mB9Y8epXCVmOxcEuPvadg5STBM9jtF3YI/dbutX3JvDjNvMRhygggQ/MIIE
OzCCBDcwggMfoAMCAQICDE+vTjq0pLorUqAiaTANBgkqhkiG9w0BAQsFADBgMQsw
CQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTE2MDQGA1UEAxMt
R2xvYmFsU2lnbiBEb21haW4gVmFsaWRhdGlvbiBDQSAtIFNIQTI1NiAtIEcyMB4X
DTE3MDUwNDA4MTIxMloXDTE3MDgwNDA4MTIxMlowgYgxCzAJBgNVBAYTAkJFMRkw
FwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRUwEwYDVQQFEwwyMDE3MDUwNDAwMTkx
RzBFBgNVBAMTPkdsb2JhbFNpZ24gRG9tYWluIFZhbGlkYXRpb24gQ0EgLSBTSEEy
NTYgLSBHMiAtIE9DU1AgUmVzcG9uZGVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAm7od9OBGtBk6OnsXgrBwTJviymFfJzPU5icFgaXkfAPK49vq8upV
+ICw4N3N/7Pfz4YD0acIKcjzm8wfMlnPX5r+0wAm56hY40qiGO928e63OCI6a7w2
fxs9qaGldIf3gH7P8qdRp9v2DcKLgIOI57XejG56092+bInYbkAffQQ3088ZGN00
7SXhHoCRbY1lVVIQnYrAp8oFzrXcdJ6ePorMtNSB+E850pCAQL+Y0np5F4quhVp1
8/wBKKmkfhIowo9OS8YL+OH3BQdnVyAATBvCKq3Novm4NpEoiJc9kqsFHV6CuMis
muPTV1gjPnkkbxqGg8AhAl4B4mw06IdmaQIDAQABo4HHMIHEMB0GA1UdDgQWBBQy
sc4UiMQcd8Z9Cy2u/ladOl9OaTAfBgNVHSMEGDAWgBTqTnzUgC3lFYGGJoyCbcCY
pM+XDzAPBgkrBgEFBQcwAQUEAgUAMEwGA1UdIARFMEMwQQYJKwYBBAGgMgFfMDQw
MgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRv
cnkvMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDCTANBgkqhkiG
9w0BAQsFAAOCAQEAOSJLtLXfFT76orTSbuzpYmuGKbd1UGMv3el8c0dXBTfCWUGb
CDZUqbCA4YpoZPpGyTphMPx9wyd8O7UwCDFUyu2LE7uAuS1BAb3FZcb3Cv3o440l
o0vqyQKSC4wlHt+Wu6RDlA/V69/G/FmYAGw2n55V6+57Lxx2hESltMW2K9APw6kr
qiK5u+ESekBbQwC91WNrAF4evYRSeOYVb1safELcun19RD6reb10QVz1bdAmFh4S
pjkwNCGMku32oCtLayuTt0YcIMwAtYWp5jBwAxAkhrlnXF6Vu0mtKzgfesgoxc6x
03j6AQGahd2p4I4XEIHOwU7ed+IqlWcGoym8Vg==
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIENzCCAx+gAwIBAgIMT69OOrSkuitSoCJpMA0GCSqGSIb3DQEBCwUAMGAxCzAJ
BgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTYwNAYDVQQDEy1H
bG9iYWxTaWduIERvbWFpbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0gRzIwHhcN
MTcwNTA0MDgxMjEyWhcNMTcwODA0MDgxMjEyWjCBiDELMAkGA1UEBhMCQkUxGTAX
BgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExFTATBgNVBAUTDDIwMTcwNTA0MDAxOTFH
MEUGA1UEAxM+R2xvYmFsU2lnbiBEb21haW4gVmFsaWRhdGlvbiBDQSAtIFNIQTI1
NiAtIEcyIC0gT0NTUCBSZXNwb25kZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQCbuh304Ea0GTo6exeCsHBMm+LKYV8nM9TmJwWBpeR8A8rj2+ry6lX4
gLDg3c3/s9/PhgPRpwgpyPObzB8yWc9fmv7TACbnqFjjSqIY73bx7rc4IjprvDZ/
Gz2poaV0h/eAfs/yp1Gn2/YNwouAg4jntd6MbnrT3b5sidhuQB99BDfTzxkY3TTt
JeEegJFtjWVVUhCdisCnygXOtdx0np4+isy01IH4TznSkIBAv5jSenkXiq6FWnXz
/AEoqaR+EijCj05Lxgv44fcFB2dXIABMG8Iqrc2i+bg2kSiIlz2SqwUdXoK4yKya
49NXWCM+eSRvGoaDwCECXgHibDToh2ZpAgMBAAGjgccwgcQwHQYDVR0OBBYEFDKx
zhSIxBx3xn0LLa7+Vp06X05pMB8GA1UdIwQYMBaAFOpOfNSALeUVgYYmjIJtwJik
z5cPMA8GCSsGAQUFBzABBQQCBQAwTAYDVR0gBEUwQzBBBgkrBgEEAaAyAV8wNDAy
BggrBgEFBQcCARYmaHR0cHM6Ly93d3cuZ2xvYmFsc2lnbi5jb20vcmVwb3NpdG9y
eS8wDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA0GCSqGSIb3
DQEBCwUAA4IBAQA5Iku0td8VPvqitNJu7Olia4Ypt3VQYy/d6XxzR1cFN8JZQZsI
NlSpsIDhimhk+kbJOmEw/H3DJ3w7tTAIMVTK7YsTu4C5LUEBvcVlxvcK/ejjjSWj
S+rJApILjCUe35a7pEOUD9Xr38b8WZgAbDafnlXr7nsvHHaERKW0xbYr0A/DqSuq
Irm74RJ6QFtDAL3VY2sAXh69hFJ45hVvWxp8Qty6fX1EPqt5vXRBXPVt0CYWHhKm
OTA0IYyS7fagK0trK5O3RhwgzAC1hanmMHADECSGuWdcXpW7Sa0rOB96yCjFzrHT
ePoBAZqF3angjhcQgc7BTt534iqVZwajKbxW
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [public, no-transform, must-revalidate]
Cf-Cache-Status: [HIT]
Cf-Ray: [3761bfe541c921b0-EWR]
Content-Length: [1564]
Content-Type: [application/ocsp-response]
Date: [Wed, 28 Jun 2017 15:41:20 GMT]
Etag: ["c58b15e47cbe1b5c29c80a8573c6b63d26c6afae"]
Expires: [Sun, 02 Jul 2017 13:37:24 GMT]
Last-Modified: [Wed, 28 Jun 2017 13:37:24 GMT]
Server: [cloudflare-nginx]
Set-Cookie: [__cfduid=d219fd94503d7e5a47f0f49a52bcd1ea61498664479; expires=Thu, 28-Jun-18 15:41:19 GMT; path=/; domain=.globalsign.com; HttpOnly]
Vary: [Accept-Encoding]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • OCSP response is valid for at least 8 hours (Microsoft)
  • OCSP response is available at least 8 hours before the current period expires or at ½ the validity if valid for more than 16 hours (Microsoft)
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

GlobalSign Domain Validation CA - SHA256 - G2 (CA Certificate)

Certificate details for GlobalSign Domain Validation CA - SHA256 - G2 (At position 1 in certificate chain)
Serial number:
hex: 40000000001444ef03e20
int: 4835703278459909592596000
Issued by: GlobalSign Root CA
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: GlobalSign nv-sa
Country: BE
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

Certificate Revocation List (CRL)

This CRL was cached at
http://crl.globalsign.net/root.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://crl.globalsign.net/root.crl
Size: 782 bytes (DER data)
Response time: 9.256664ms
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 7

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: cloudflare-nginx
Content Delivery Network (CDN): CloudFlare
Cache Information: HIT

Raw CRL response headers

Accept-Ranges: [bytes]
Cache-Control: [public, max-age=1412321]
Cf-Cache-Status: [HIT]
Cf-Ray: [3761bfe541e5473a-EWR]
Content-Length: [782]
Content-Type: [application/pkix-crl]
Date: [Wed, 28 Jun 2017 15:41:19 GMT]
Etag: [39]
Expires: [Sat, 15 Jul 2017 00:00:00 GMT]
Last-Modified: [Wed, 19 Apr 2017 00:00:00 GMT]
Server: [cloudflare-nginx]
Set-Cookie: [__cfduid=db7d955f81b9d4be71bcec9886d33ae9a1498664479; expires=Thu, 28-Jun-18 15:41:19 GMT; path=/; domain=.globalsign.net; HttpOnly]
Vary: [Accept-Encoding]
  • Content-Type in response is set to 'application/pkix-crl (RFC 5280, section 4.2.1.13)'
  • This CRL file is DER encoded
  • Issuer field is byte-for-byte equivalent with issuers subject
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://ocsp.globalsign.com/rootr1 (POST)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp.globalsign.com/rootr1 (POST)
Size: 1518 bytes (DER data)
Response time: 9.84789ms
Signature algorithm: SHA256WithRSA
Signature type: CA Delegated
Signed by: GlobalSign OCSP for Root R1 - Signer 1.2
Issued by: GlobalSign Root CA
Signing certificate validity: 2017-05-07 - 2017-08-15
Signing certificate algorithm: SHA1-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: cloudflare-nginx
Content Delivery Network (CDN): CloudFlare
Cache Information: HIT

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6+MgGqMQQUYHtm
GkUNl8qJUC99BM00qP/8/UsCCwQAAAAAAURO8D4g
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIF6goBAKCCBeMwggXfBgkrBgEFBQcwAQEEggXQMIIFzDCBmaIWBBSvbfAxCEv8
w30kGCve74S5P2+ighgPMjAxNzA2MjgxNDQ0MTlaMG4wbDBEMAkGBSsOAwIaBQAE
FLdXtbacB/gWIxOOkMkqDr4yAaoxBBRge2YaRQ2XyolQL30EzTSo//z9SwILBAAA
AAABRE7wPiCAABgPMjAxNzA2MjgxNDQ0MTlaoBEYDzIwMTcwNzAyMTQ0NDE5WjAN
BgkqhkiG9w0BAQsFAAOCAQEAni2Ka792/VB5N7RYIQpPwQdZ16Kg5C7o3egxcal6
lmjT2yKXYh8CjNi3sDQDIV/XW6oVPlEo11Ye5ohxsZtwf36+wMHV5NJ9N67zNwib
lZKfL/QJtP8hYPkbbPwKrflFxOgFTUE3IJ114BsOQyGdvhlkpko4oB/PDby+yrht
RjkZ0J2py9r0QtV+uAQA+TtAkOCodTphxCTYn18dJJ+X8vt/bb3jvKyALF34EK+5
exk40Gn9dNvIRx5EX2zMz1HF+zO502rkO9YK6s1ci6za5pVSQ0kY5GJiL0ijEAGq
RmSwycNRyZNxzFwGNy7cpCuxN1ABkOZ8sJAXHyupD94uQaCCBBgwggQUMIIEEDCC
AvigAwIBAgIOSPWzFgaTeJq7B6uGVtEwDQYJKoZIhvcNAQEFBQAwVzELMAkGA1UE
BhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jvb3Qg
Q0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xNzA1MDcwMDAwMDBa
Fw0xNzA4MTUwMDAwMDBaMFsxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxT
aWduIG52LXNhMTEwLwYDVQQDEyhHbG9iYWxTaWduIE9DU1AgZm9yIFJvb3QgUjEg
LSBTaWduZXIgMS4yMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1F7u
rTk5j7FgaI3ddIftk/QXhnH8pQzcsq8wk+wJKGeocjWxDmQAKedLAkDUXOMun0QA
lHi1mu2WdI18ZyZ7eAJGwa1R7iiy9Txfz88htJr5x6ArxpbsRbeXHsw/TCWMf+d3
RP9vfXFIe0Li1wYxoD9pcwi0M9O7KrDihY9zVplEtPgb3ic1AGUQFjmE4pNvBJpp
Eg95H2hWHjaQI5pjhXF8HTDejho6dJsKJ4fe7CZC4JlCYCCYgUQxczvoxyGmDVDt
euP8fMVmnSoEzq9qA8kPJql2d8iho4mhREqTj8MYYyU9Kl4Nuz+3KQ9t97AwUys2
pt3qELes6+MK9POWFwIDAQABo4HVMIHSMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUE
DDAKBggrBgEFBQcDCTAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSvbfAxCEv8w30k
GCve74S5P2+igjAfBgNVHSMEGDAWgBRge2YaRQ2XyolQL30EzTSo//z9SzAPBgkr
BgEFBQcwAQUEAgUAMEwGA1UdIARFMEMwQQYJKwYBBAGgMgFfMDQwMgYIKwYBBQUH
AgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMA0GCSqG
SIb3DQEBBQUAA4IBAQASHek+/Wbc9Xd0BWIaSS82VRB37lM6T+ZOz/522ZqHLXcR
jBwesOKcmeVyDNiHUqj9C3+cnwKNourW1R9h4FrW+wD5eDkJ3j3nO+kiczxCe7FV
KCWeTcPySiFPKoIH0fOpx2MdMc7XGRRHSP9cW2Rwo5yeglK5n7Ps4QGaKAuSiKNv
VNBW50fkwXNsOOBG+BbEOYcuNrnHSdGBbzlNvDo7FA9gpIaDKj0pLOALqchqZBrO
3HG1Z7c5n63+ef0dxBCbZ5yGLvNCzIv68hKcVibxYheGa/io1k8yrr8dDT2I7i3+
qiHCfDB4pKcihxppwAn/mJXwLE7BKS+FkpjswPEb
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIEEDCCAvigAwIBAgIOSPWzFgaTeJq7B6uGVtEwDQYJKoZIhvcNAQEFBQAwVzEL
MAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsT
B1Jvb3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xNzA1MDcw
MDAwMDBaFw0xNzA4MTUwMDAwMDBaMFsxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBH
bG9iYWxTaWduIG52LXNhMTEwLwYDVQQDEyhHbG9iYWxTaWduIE9DU1AgZm9yIFJv
b3QgUjEgLSBTaWduZXIgMS4yMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA1F7urTk5j7FgaI3ddIftk/QXhnH8pQzcsq8wk+wJKGeocjWxDmQAKedLAkDU
XOMun0QAlHi1mu2WdI18ZyZ7eAJGwa1R7iiy9Txfz88htJr5x6ArxpbsRbeXHsw/
TCWMf+d3RP9vfXFIe0Li1wYxoD9pcwi0M9O7KrDihY9zVplEtPgb3ic1AGUQFjmE
4pNvBJppEg95H2hWHjaQI5pjhXF8HTDejho6dJsKJ4fe7CZC4JlCYCCYgUQxczvo
xyGmDVDteuP8fMVmnSoEzq9qA8kPJql2d8iho4mhREqTj8MYYyU9Kl4Nuz+3KQ9t
97AwUys2pt3qELes6+MK9POWFwIDAQABo4HVMIHSMA4GA1UdDwEB/wQEAwIHgDAT
BgNVHSUEDDAKBggrBgEFBQcDCTAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSvbfAx
CEv8w30kGCve74S5P2+igjAfBgNVHSMEGDAWgBRge2YaRQ2XyolQL30EzTSo//z9
SzAPBgkrBgEFBQcwAQUEAgUAMEwGA1UdIARFMEMwQQYJKwYBBAGgMgFfMDQwMgYI
KwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkv
MA0GCSqGSIb3DQEBBQUAA4IBAQASHek+/Wbc9Xd0BWIaSS82VRB37lM6T+ZOz/52
2ZqHLXcRjBwesOKcmeVyDNiHUqj9C3+cnwKNourW1R9h4FrW+wD5eDkJ3j3nO+ki
czxCe7FVKCWeTcPySiFPKoIH0fOpx2MdMc7XGRRHSP9cW2Rwo5yeglK5n7Ps4QGa
KAuSiKNvVNBW50fkwXNsOOBG+BbEOYcuNrnHSdGBbzlNvDo7FA9gpIaDKj0pLOAL
qchqZBrO3HG1Z7c5n63+ef0dxBCbZ5yGLvNCzIv68hKcVibxYheGa/io1k8yrr8d
DT2I7i3+qiHCfDB4pKcihxppwAn/mJXwLE7BKS+FkpjswPEb
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [public, no-transform, must-revalidate]
Cf-Cache-Status: [HIT]
Cf-Ray: [3761bfe5406706a9-EWR]
Content-Length: [1518]
Content-Type: [application/ocsp-response]
Date: [Wed, 28 Jun 2017 15:41:19 GMT]
Etag: ["2f563164e194f24ad9d23b680b3b1c5e09eff04e"]
Expires: [Sun, 02 Jul 2017 14:44:19 GMT]
Last-Modified: [Wed, 28 Jun 2017 14:44:19 GMT]
Server: [cloudflare-nginx]
Set-Cookie: [__cfduid=de06581f672ab74d10065fe142e9e472d1498664479; expires=Thu, 28-Jun-18 15:41:19 GMT; path=/; domain=.globalsign.com; HttpOnly]
Vary: [Accept-Encoding]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)
This OCSP response was cached at
http://ocsp.globalsign.com/rootr1 (GET)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp.globalsign.com/rootr1 (GET)
Size: 1518 bytes (DER data)
Response time: 10.792603ms
Signature algorithm: SHA256WithRSA
Signature type: CA Delegated
Signed by: GlobalSign OCSP for Root R1 - Signer 1.2
Issued by: GlobalSign Root CA
Signing certificate validity: 2017-05-07 - 2017-08-15
Signing certificate algorithm: SHA1-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: cloudflare-nginx
Content Delivery Network (CDN): CloudFlare
Cache Information: HIT

URL used for GET request

http://ocsp.globalsign.com/rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCCwQAAAAAAURO8D4g

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6+MgGqMQQUYHtm
GkUNl8qJUC99BM00qP/8/UsCCwQAAAAAAURO8D4g
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIF6goBAKCCBeMwggXfBgkrBgEFBQcwAQEEggXQMIIFzDCBmaIWBBSvbfAxCEv8
w30kGCve74S5P2+ighgPMjAxNzA2MjgxNDQ0MTlaMG4wbDBEMAkGBSsOAwIaBQAE
FLdXtbacB/gWIxOOkMkqDr4yAaoxBBRge2YaRQ2XyolQL30EzTSo//z9SwILBAAA
AAABRE7wPiCAABgPMjAxNzA2MjgxNDQ0MTlaoBEYDzIwMTcwNzAyMTQ0NDE5WjAN
BgkqhkiG9w0BAQsFAAOCAQEAni2Ka792/VB5N7RYIQpPwQdZ16Kg5C7o3egxcal6
lmjT2yKXYh8CjNi3sDQDIV/XW6oVPlEo11Ye5ohxsZtwf36+wMHV5NJ9N67zNwib
lZKfL/QJtP8hYPkbbPwKrflFxOgFTUE3IJ114BsOQyGdvhlkpko4oB/PDby+yrht
RjkZ0J2py9r0QtV+uAQA+TtAkOCodTphxCTYn18dJJ+X8vt/bb3jvKyALF34EK+5
exk40Gn9dNvIRx5EX2zMz1HF+zO502rkO9YK6s1ci6za5pVSQ0kY5GJiL0ijEAGq
RmSwycNRyZNxzFwGNy7cpCuxN1ABkOZ8sJAXHyupD94uQaCCBBgwggQUMIIEEDCC
AvigAwIBAgIOSPWzFgaTeJq7B6uGVtEwDQYJKoZIhvcNAQEFBQAwVzELMAkGA1UE
BhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jvb3Qg
Q0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xNzA1MDcwMDAwMDBa
Fw0xNzA4MTUwMDAwMDBaMFsxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxT
aWduIG52LXNhMTEwLwYDVQQDEyhHbG9iYWxTaWduIE9DU1AgZm9yIFJvb3QgUjEg
LSBTaWduZXIgMS4yMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1F7u
rTk5j7FgaI3ddIftk/QXhnH8pQzcsq8wk+wJKGeocjWxDmQAKedLAkDUXOMun0QA
lHi1mu2WdI18ZyZ7eAJGwa1R7iiy9Txfz88htJr5x6ArxpbsRbeXHsw/TCWMf+d3
RP9vfXFIe0Li1wYxoD9pcwi0M9O7KrDihY9zVplEtPgb3ic1AGUQFjmE4pNvBJpp
Eg95H2hWHjaQI5pjhXF8HTDejho6dJsKJ4fe7CZC4JlCYCCYgUQxczvoxyGmDVDt
euP8fMVmnSoEzq9qA8kPJql2d8iho4mhREqTj8MYYyU9Kl4Nuz+3KQ9t97AwUys2
pt3qELes6+MK9POWFwIDAQABo4HVMIHSMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUE
DDAKBggrBgEFBQcDCTAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSvbfAxCEv8w30k
GCve74S5P2+igjAfBgNVHSMEGDAWgBRge2YaRQ2XyolQL30EzTSo//z9SzAPBgkr
BgEFBQcwAQUEAgUAMEwGA1UdIARFMEMwQQYJKwYBBAGgMgFfMDQwMgYIKwYBBQUH
AgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMA0GCSqG
SIb3DQEBBQUAA4IBAQASHek+/Wbc9Xd0BWIaSS82VRB37lM6T+ZOz/522ZqHLXcR
jBwesOKcmeVyDNiHUqj9C3+cnwKNourW1R9h4FrW+wD5eDkJ3j3nO+kiczxCe7FV
KCWeTcPySiFPKoIH0fOpx2MdMc7XGRRHSP9cW2Rwo5yeglK5n7Ps4QGaKAuSiKNv
VNBW50fkwXNsOOBG+BbEOYcuNrnHSdGBbzlNvDo7FA9gpIaDKj0pLOALqchqZBrO
3HG1Z7c5n63+ef0dxBCbZ5yGLvNCzIv68hKcVibxYheGa/io1k8yrr8dDT2I7i3+
qiHCfDB4pKcihxppwAn/mJXwLE7BKS+FkpjswPEb
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIEEDCCAvigAwIBAgIOSPWzFgaTeJq7B6uGVtEwDQYJKoZIhvcNAQEFBQAwVzEL
MAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsT
B1Jvb3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xNzA1MDcw
MDAwMDBaFw0xNzA4MTUwMDAwMDBaMFsxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBH
bG9iYWxTaWduIG52LXNhMTEwLwYDVQQDEyhHbG9iYWxTaWduIE9DU1AgZm9yIFJv
b3QgUjEgLSBTaWduZXIgMS4yMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA1F7urTk5j7FgaI3ddIftk/QXhnH8pQzcsq8wk+wJKGeocjWxDmQAKedLAkDU
XOMun0QAlHi1mu2WdI18ZyZ7eAJGwa1R7iiy9Txfz88htJr5x6ArxpbsRbeXHsw/
TCWMf+d3RP9vfXFIe0Li1wYxoD9pcwi0M9O7KrDihY9zVplEtPgb3ic1AGUQFjmE
4pNvBJppEg95H2hWHjaQI5pjhXF8HTDejho6dJsKJ4fe7CZC4JlCYCCYgUQxczvo
xyGmDVDteuP8fMVmnSoEzq9qA8kPJql2d8iho4mhREqTj8MYYyU9Kl4Nuz+3KQ9t
97AwUys2pt3qELes6+MK9POWFwIDAQABo4HVMIHSMA4GA1UdDwEB/wQEAwIHgDAT
BgNVHSUEDDAKBggrBgEFBQcDCTAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSvbfAx
CEv8w30kGCve74S5P2+igjAfBgNVHSMEGDAWgBRge2YaRQ2XyolQL30EzTSo//z9
SzAPBgkrBgEFBQcwAQUEAgUAMEwGA1UdIARFMEMwQQYJKwYBBAGgMgFfMDQwMgYI
KwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkv
MA0GCSqGSIb3DQEBBQUAA4IBAQASHek+/Wbc9Xd0BWIaSS82VRB37lM6T+ZOz/52
2ZqHLXcRjBwesOKcmeVyDNiHUqj9C3+cnwKNourW1R9h4FrW+wD5eDkJ3j3nO+ki
czxCe7FVKCWeTcPySiFPKoIH0fOpx2MdMc7XGRRHSP9cW2Rwo5yeglK5n7Ps4QGa
KAuSiKNvVNBW50fkwXNsOOBG+BbEOYcuNrnHSdGBbzlNvDo7FA9gpIaDKj0pLOAL
qchqZBrO3HG1Z7c5n63+ef0dxBCbZ5yGLvNCzIv68hKcVibxYheGa/io1k8yrr8d
DT2I7i3+qiHCfDB4pKcihxppwAn/mJXwLE7BKS+FkpjswPEb
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [public, no-transform, must-revalidate]
Cf-Cache-Status: [HIT]
Cf-Ray: [3761bfe547561852-EWR]
Content-Length: [1518]
Content-Type: [application/ocsp-response]
Date: [Wed, 28 Jun 2017 15:41:19 GMT]
Etag: ["2f563164e194f24ad9d23b680b3b1c5e09eff04e"]
Expires: [Sun, 02 Jul 2017 14:44:19 GMT]
Last-Modified: [Wed, 28 Jun 2017 14:44:19 GMT]
Server: [cloudflare-nginx]
Set-Cookie: [__cfduid=d0ed38f7209f6782dfeceb412df10003d1498664479; expires=Thu, 28-Jun-18 15:41:19 GMT; path=/; domain=.globalsign.com; HttpOnly]
Vary: [Accept-Encoding]
  • OCSP requests is smaller than 255 bytes
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

GlobalSign Root CA (CA Certificate)

Certificate details for GlobalSign Root CA (At position 2 in certificate chain)
Serial number:
hex: 40000000001154b5ac394
int: 4835703278459707669005204
Issued by: GlobalSign Root CA
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: GlobalSign nv-sa
Organization unit: Root CA
Country: BE
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

This is a self signed certificate

Check the revocation status for another website

Created by Paul van Brouwershaven
© 2015 - 2017 Digitorus B.V.
Revoked certificates can't and should not be trusted, these certificate will cause errors like "NET::ERR_CERT_REVOKED" in browsers.