CRL & OCSP report for www.shift4.com.ar

www.shift4.com.ar

Certificate details for www.shift4.com.ar (At position 0 in certificate chain)
Serial number:
hex: f6e80
int: 1011328
Issued by: StartCom Class 1 Primary Intermediate Server CA
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Country: AR
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

Check certificate compliance for www.shift4.com.ar.

Certificate Revocation List (CRL)

This CRL was cached at
http://crl.startssl.com/crt1-crl.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://crl.startssl.com/crt1-crl.crl
Size: 41500 bytes (DER data)
Response time: 7.640182ms
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 1583

Relevant server response headers

Date:
Last Modified:

Server and network information

Server Software: nginx/1.0.12
Content Delivery Network (CDN): Akamai
Cache Information: TCP_MEM_HIT from a23-219-92-77.deploy.akamaitechnologies.com (AkamaiGHost/8.3.4.1.2-20081415) (-)

Raw CRL response headers

Accept-Ranges: [bytes]
Content-Length: [56249]
Content-Type: [application/pkix-crl]
Date: [Sat, 24 Jun 2017 20:55:25 GMT]
Last-Modified: [Sat, 24 Jun 2017 10:16:39 GMT]
Server: [nginx/1.0.12]
X-Cache: [TCP_MEM_HIT from a23-219-92-77.deploy.akamaitechnologies.com (AkamaiGHost/8.3.4.1.2-20081415) (-)]
  • Content-Type in response is set to 'application/pkix-crl (RFC 5280, section 4.2.1.13)'
  • This CRL should be in DER format but is PEM encoded
  • Issuer field is byte-for-byte equivalent with issuers subject
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than seven days old, CRLs must be updated and reissued at least every seven days (Mozilla Maintenance Policy section 3)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is not the same as ThisUpdate (RFC 5019, section 6.2)
  • Expires cache header not set (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://ocsp.startssl.com/sub/class1/server/ca (POST)Unknown

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp.startssl.com/sub/class1/server/ca (POST)
Size: 1691 bytes (DER data)
Response time: 168.86042ms
Signature algorithm: SHA256WithRSA
Signature type: CA Delegated
Signed by: StartCom Class 1 Primary Intermediate Server CA OCSP Responder
Issued by: StartCom Class 1 Primary Intermediate Server CA
Signing certificate validity: 2017-06-02 - 2017-09-20
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Unknown

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: nginx/1.7.2
Content Delivery Network (CDN): Akamai
Cache Information: TCP_MISS from a23-219-92-86.deploy.akamaitechnologies.com (AkamaiGHost/8.3.4.3-20191559) (-)

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MEQwQjBAMD4wPDAJBgUrDgMCGgUABBRlaIdPQHUPAWo0dWJeH1yT5aJtWAQU60I0
0Jiwq5/0G2sI98xkLu8OLEUCAw9ugA==
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIGlwoBAKCCBpAwggaMBgkrBgEFBQcwAQEEggZ9MIIGeTCCARqhgZ4wgZsxCzAJ
BgNVBAYTAklMMRYwFAYDVQQKDA1TdGFydENvbSBMdGQuMSswKQYDVQQLDCJTZWN1
cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMUcwRQYDVQQDDD5TdGFydENv
bSBDbGFzcyAxIFByaW1hcnkgSW50ZXJtZWRpYXRlIFNlcnZlciBDQSBPQ1NQIFJl
c3BvbmRlchgPMjAxNzA2MjQyMDU2MDZaMGYwZDA8MAkGBSsOAwIaBQAEFGVoh09A
dQ8BajR1Yl4fXJPlom1YBBTrQjTQmLCrn/Qbawj3zGQu7w4sRQIDD26AggAYDzIw
MTcwNjI0MjA1NjA2WqARGA8yMDE3MDYyODIxMDYwNlowDQYJKoZIhvcNAQELBQAD
ggEBADbIqXpXkzPZNe4Gn96vH5H5qgstx3DnT3J+rB42TcdmKr80uFUb1I+Ve0VZ
7rDZaLOYxF61jZ3zc277P3Mlf536b57SPO2VrcMOFEiM1dSpJHqjUmO+HLJaEpKF
fWGTQpJRnKE0q/mldtWvLtkT8wCYyuZ4+MXvsmnY37KVl2VTPcNRjjx4FUtlKs+b
/quYjcZixrtJBCgOh+K4aFM76tP2y6CAYAsOqgZSDdJF/4mUubZKMTeEzf18AucM
hSxTUL5XqsmVxWjWT7AbjCqOxJhMushPFVXrb228Qh+LAFxwqxBdzYDbHmdgShVp
QKVy0z/hlSHlfG9J2KQHWtcIQ1GgggRDMIIEPzCCBDswggMjoAMCAQICEFbwt6jd
ZQKaJbzhk9lzKN4wDQYJKoZIhvcNAQELBQAwgYwxCzAJBgNVBAYTAklMMRYwFAYD
VQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQLEyJTZWN1cmUgRGlnaXRhbCBDZXJ0
aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQDEy9TdGFydENvbSBDbGFzcyAxIFByaW1h
cnkgSW50ZXJtZWRpYXRlIFNlcnZlciBDQTAeFw0xNzA2MDIwMTQ2MDRaFw0xNzA5
MjAwMTQ2MDRaMIGbMQswCQYDVQQGEwJJTDEWMBQGA1UECgwNU3RhcnRDb20gTHRk
LjErMCkGA1UECwwiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzFH
MEUGA1UEAww+U3RhcnRDb20gQ2xhc3MgMSBQcmltYXJ5IEludGVybWVkaWF0ZSBT
ZXJ2ZXIgQ0EgT0NTUCBSZXNwb25kZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQCqlN821WalKSVEgPdtNDeTaUoGZmSoXd1LskLQItg9WqzZ3kqpBV1r
6W8T1GP4OGfzUoN+cmwksvT96Y1fpkYSBTrx3rwmvOxttj5Jn3FXgRRR4AiqE026
vJwJkfEowNDk9Zgi6isnxCTRqrBPkVa2/emjdqcDDsmFsvjNCABtvoixhjxOT3tP
X+yIxiRot1v1Hdw7xtLIcklylYa4vmGjFXGJaOmblucGImUfwgvQ82odBkAD197c
KQJN/xuI1iuJkVmdwqdA8VpBOYMnU3rQdcOK9+XaL5vC6IAiScc1B3IcoaT6Tpxg
+HlP3UYatEEbd4xxdlYcVZ+dUPH/aRSnAgMBAAGjgYcwgYQwDgYDVR0PAQH/BAQD
AgOoMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA8GCSsGAQUFBzABBQQCBQAwDAYDVR0T
AQH/BAIwADAdBgNVHQ4EFgQUfS/Ut7oicZ1BXIyKl53KFfddQFMwHwYDVR0jBBgw
FoAU60I00Jiwq5/0G2sI98xkLu8OLEUwDQYJKoZIhvcNAQELBQADggEBAHmT6eK6
CUDcEpINvog7YLro4QG3+/i0zFGNkOPr4xxWkDyNREXXFplVl0b8GwJTDfyA0ETX
Fk5OzrSoNION3KjHwV0e/HDT5Z0mFgOLBagc7ky3WwOHUlim/t8F+7n4fvmaMynT
KS1wII+80fKFQ9JDXd4LDWC3XPE5gk9mjJfi6L+6l+tgvThHhs76KT7QfU3JEhKf
5iBohZBEX8HtGkE4DrnNGcbu9ISdWJhOsgylE8z+qHPd3E52S0xjN5dKtFREEBly
jqKqlMCNYtkBTPRqCszcZsl0D9kNmLoEcSu6DN6hU7ui4gmWY1J9Ocu/aNmy1ClR
k9QwBL/fhvDUgGk=
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIEOzCCAyOgAwIBAgIQVvC3qN1lApolvOGT2XMo3jANBgkqhkiG9w0BAQsFADCB
jDELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsT
IlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxODA2BgNVBAMTL1N0
YXJ0Q29tIENsYXNzIDEgUHJpbWFyeSBJbnRlcm1lZGlhdGUgU2VydmVyIENBMB4X
DTE3MDYwMjAxNDYwNFoXDTE3MDkyMDAxNDYwNFowgZsxCzAJBgNVBAYTAklMMRYw
FAYDVQQKDA1TdGFydENvbSBMdGQuMSswKQYDVQQLDCJTZWN1cmUgRGlnaXRhbCBD
ZXJ0aWZpY2F0ZSBTaWduaW5nMUcwRQYDVQQDDD5TdGFydENvbSBDbGFzcyAxIFBy
aW1hcnkgSW50ZXJtZWRpYXRlIFNlcnZlciBDQSBPQ1NQIFJlc3BvbmRlcjCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKqU3zbVZqUpJUSA9200N5NpSgZm
ZKhd3UuyQtAi2D1arNneSqkFXWvpbxPUY/g4Z/NSg35ybCSy9P3pjV+mRhIFOvHe
vCa87G22PkmfcVeBFFHgCKoTTbq8nAmR8SjA0OT1mCLqKyfEJNGqsE+RVrb96aN2
pwMOyYWy+M0IAG2+iLGGPE5Pe09f7IjGJGi3W/Ud3DvG0shySXKVhri+YaMVcYlo
6ZuW5wYiZR/CC9Dzah0GQAPX3twpAk3/G4jWK4mRWZ3Cp0DxWkE5gydTetB1w4r3
5dovm8LogCJJxzUHchyhpPpOnGD4eU/dRhq0QRt3jHF2VhxVn51Q8f9pFKcCAwEA
AaOBhzCBhDAOBgNVHQ8BAf8EBAMCA6gwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDwYJ
KwYBBQUHMAEFBAIFADAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBR9L9S3uiJxnUFc
jIqXncoV911AUzAfBgNVHSMEGDAWgBTrQjTQmLCrn/Qbawj3zGQu7w4sRTANBgkq
hkiG9w0BAQsFAAOCAQEAeZPp4roJQNwSkg2+iDtguujhAbf7+LTMUY2Q4+vjHFaQ
PI1ERdcWmVWXRvwbAlMN/IDQRNcWTk7OtKg0g43cqMfBXR78cNPlnSYWA4sFqBzu
TLdbA4dSWKb+3wX7ufh++ZozKdMpLXAgj7zR8oVD0kNd3gsNYLdc8TmCT2aMl+Lo
v7qX62C9OEeGzvopPtB9TckSEp/mIGiFkERfwe0aQTgOuc0Zxu70hJ1YmE6yDKUT
zP6oc93cTnZLTGM3l0q0VEQQGXKOoqqUwI1i2QFM9GoKzNxmyXQP2Q2YugRxK7oM
3qFTu6LiCZZjUn05y79o2bLUKVGT1DAEv9+G8NSAaQ==
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [max-age=0, no-cache, no-store]
Content-Length: [1691]
Content-Transfer-Encoding: [Binary]
Content-Type: [application/ocsp-response]
Date: [Sat, 24 Jun 2017 20:55:25 GMT]
Etag: ["336E2A8D9D98044FFA4BA946A096A0A95B49115A"]
Expires: [Sat, 24 Jun 2017 20:55:25 GMT]
Last-Modified: [Sat, 24 Jun 2017 20:56:06 GMT]
Pragma: [no-cache]
Server: [nginx/1.7.2]
X-Cache: [TCP_MISS from a23-219-92-86.deploy.akamaitechnologies.com (AkamaiGHost/8.3.4.3-20191559) (-)]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • OCSP response is valid for at least 8 hours (Microsoft)
  • OCSP response is available at least 8 hours before the current period expires or at ½ the validity if valid for more than 16 hours (Microsoft)
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is not yet valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is not the same as the NextUpdate field (RFC 5019 section 6.2)
This OCSP response was cached at
http://ocsp.startssl.com/sub/class1/server/ca (GET)Unknown

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp.startssl.com/sub/class1/server/ca (GET)
Size: 1691 bytes (DER data)
Response time: 451.683939ms
Signature algorithm: SHA256WithRSA
Signature type: CA Delegated
Signed by: StartCom Class 1 Primary Intermediate Server CA OCSP Responder
Issued by: StartCom Class 1 Primary Intermediate Server CA
Signing certificate validity: 2017-06-02 - 2017-09-20
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Unknown

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: nginx/1.7.2
Content Delivery Network (CDN): Akamai
Cache Information: TCP_MISS from a23-219-92-86.deploy.akamaitechnologies.com (AkamaiGHost/8.3.4.3-20191559) (-)

URL used for GET request

http://ocsp.startssl.com/sub/class1/server/ca/MEQwQjBAMD4wPDAJBgUrDgMCGgUABBRlaIdPQHUPAWo0dWJeH1yT5aJtWAQU60I00Jiwq5%2F0G2sI98xkLu8OLEUCAw9ugA%3D%3D

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MEQwQjBAMD4wPDAJBgUrDgMCGgUABBRlaIdPQHUPAWo0dWJeH1yT5aJtWAQU60I0
0Jiwq5/0G2sI98xkLu8OLEUCAw9ugA==
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIGlwoBAKCCBpAwggaMBgkrBgEFBQcwAQEEggZ9MIIGeTCCARqhgZ4wgZsxCzAJ
BgNVBAYTAklMMRYwFAYDVQQKDA1TdGFydENvbSBMdGQuMSswKQYDVQQLDCJTZWN1
cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMUcwRQYDVQQDDD5TdGFydENv
bSBDbGFzcyAxIFByaW1hcnkgSW50ZXJtZWRpYXRlIFNlcnZlciBDQSBPQ1NQIFJl
c3BvbmRlchgPMjAxNzA2MjQyMDU2MDZaMGYwZDA8MAkGBSsOAwIaBQAEFGVoh09A
dQ8BajR1Yl4fXJPlom1YBBTrQjTQmLCrn/Qbawj3zGQu7w4sRQIDD26AggAYDzIw
MTcwNjI0MjA1NjA2WqARGA8yMDE3MDYyODIxMDYwNlowDQYJKoZIhvcNAQELBQAD
ggEBADbIqXpXkzPZNe4Gn96vH5H5qgstx3DnT3J+rB42TcdmKr80uFUb1I+Ve0VZ
7rDZaLOYxF61jZ3zc277P3Mlf536b57SPO2VrcMOFEiM1dSpJHqjUmO+HLJaEpKF
fWGTQpJRnKE0q/mldtWvLtkT8wCYyuZ4+MXvsmnY37KVl2VTPcNRjjx4FUtlKs+b
/quYjcZixrtJBCgOh+K4aFM76tP2y6CAYAsOqgZSDdJF/4mUubZKMTeEzf18AucM
hSxTUL5XqsmVxWjWT7AbjCqOxJhMushPFVXrb228Qh+LAFxwqxBdzYDbHmdgShVp
QKVy0z/hlSHlfG9J2KQHWtcIQ1GgggRDMIIEPzCCBDswggMjoAMCAQICEFbwt6jd
ZQKaJbzhk9lzKN4wDQYJKoZIhvcNAQELBQAwgYwxCzAJBgNVBAYTAklMMRYwFAYD
VQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQLEyJTZWN1cmUgRGlnaXRhbCBDZXJ0
aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQDEy9TdGFydENvbSBDbGFzcyAxIFByaW1h
cnkgSW50ZXJtZWRpYXRlIFNlcnZlciBDQTAeFw0xNzA2MDIwMTQ2MDRaFw0xNzA5
MjAwMTQ2MDRaMIGbMQswCQYDVQQGEwJJTDEWMBQGA1UECgwNU3RhcnRDb20gTHRk
LjErMCkGA1UECwwiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzFH
MEUGA1UEAww+U3RhcnRDb20gQ2xhc3MgMSBQcmltYXJ5IEludGVybWVkaWF0ZSBT
ZXJ2ZXIgQ0EgT0NTUCBSZXNwb25kZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQCqlN821WalKSVEgPdtNDeTaUoGZmSoXd1LskLQItg9WqzZ3kqpBV1r
6W8T1GP4OGfzUoN+cmwksvT96Y1fpkYSBTrx3rwmvOxttj5Jn3FXgRRR4AiqE026
vJwJkfEowNDk9Zgi6isnxCTRqrBPkVa2/emjdqcDDsmFsvjNCABtvoixhjxOT3tP
X+yIxiRot1v1Hdw7xtLIcklylYa4vmGjFXGJaOmblucGImUfwgvQ82odBkAD197c
KQJN/xuI1iuJkVmdwqdA8VpBOYMnU3rQdcOK9+XaL5vC6IAiScc1B3IcoaT6Tpxg
+HlP3UYatEEbd4xxdlYcVZ+dUPH/aRSnAgMBAAGjgYcwgYQwDgYDVR0PAQH/BAQD
AgOoMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA8GCSsGAQUFBzABBQQCBQAwDAYDVR0T
AQH/BAIwADAdBgNVHQ4EFgQUfS/Ut7oicZ1BXIyKl53KFfddQFMwHwYDVR0jBBgw
FoAU60I00Jiwq5/0G2sI98xkLu8OLEUwDQYJKoZIhvcNAQELBQADggEBAHmT6eK6
CUDcEpINvog7YLro4QG3+/i0zFGNkOPr4xxWkDyNREXXFplVl0b8GwJTDfyA0ETX
Fk5OzrSoNION3KjHwV0e/HDT5Z0mFgOLBagc7ky3WwOHUlim/t8F+7n4fvmaMynT
KS1wII+80fKFQ9JDXd4LDWC3XPE5gk9mjJfi6L+6l+tgvThHhs76KT7QfU3JEhKf
5iBohZBEX8HtGkE4DrnNGcbu9ISdWJhOsgylE8z+qHPd3E52S0xjN5dKtFREEBly
jqKqlMCNYtkBTPRqCszcZsl0D9kNmLoEcSu6DN6hU7ui4gmWY1J9Ocu/aNmy1ClR
k9QwBL/fhvDUgGk=
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIEOzCCAyOgAwIBAgIQVvC3qN1lApolvOGT2XMo3jANBgkqhkiG9w0BAQsFADCB
jDELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsT
IlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxODA2BgNVBAMTL1N0
YXJ0Q29tIENsYXNzIDEgUHJpbWFyeSBJbnRlcm1lZGlhdGUgU2VydmVyIENBMB4X
DTE3MDYwMjAxNDYwNFoXDTE3MDkyMDAxNDYwNFowgZsxCzAJBgNVBAYTAklMMRYw
FAYDVQQKDA1TdGFydENvbSBMdGQuMSswKQYDVQQLDCJTZWN1cmUgRGlnaXRhbCBD
ZXJ0aWZpY2F0ZSBTaWduaW5nMUcwRQYDVQQDDD5TdGFydENvbSBDbGFzcyAxIFBy
aW1hcnkgSW50ZXJtZWRpYXRlIFNlcnZlciBDQSBPQ1NQIFJlc3BvbmRlcjCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKqU3zbVZqUpJUSA9200N5NpSgZm
ZKhd3UuyQtAi2D1arNneSqkFXWvpbxPUY/g4Z/NSg35ybCSy9P3pjV+mRhIFOvHe
vCa87G22PkmfcVeBFFHgCKoTTbq8nAmR8SjA0OT1mCLqKyfEJNGqsE+RVrb96aN2
pwMOyYWy+M0IAG2+iLGGPE5Pe09f7IjGJGi3W/Ud3DvG0shySXKVhri+YaMVcYlo
6ZuW5wYiZR/CC9Dzah0GQAPX3twpAk3/G4jWK4mRWZ3Cp0DxWkE5gydTetB1w4r3
5dovm8LogCJJxzUHchyhpPpOnGD4eU/dRhq0QRt3jHF2VhxVn51Q8f9pFKcCAwEA
AaOBhzCBhDAOBgNVHQ8BAf8EBAMCA6gwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDwYJ
KwYBBQUHMAEFBAIFADAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBR9L9S3uiJxnUFc
jIqXncoV911AUzAfBgNVHSMEGDAWgBTrQjTQmLCrn/Qbawj3zGQu7w4sRTANBgkq
hkiG9w0BAQsFAAOCAQEAeZPp4roJQNwSkg2+iDtguujhAbf7+LTMUY2Q4+vjHFaQ
PI1ERdcWmVWXRvwbAlMN/IDQRNcWTk7OtKg0g43cqMfBXR78cNPlnSYWA4sFqBzu
TLdbA4dSWKb+3wX7ufh++ZozKdMpLXAgj7zR8oVD0kNd3gsNYLdc8TmCT2aMl+Lo
v7qX62C9OEeGzvopPtB9TckSEp/mIGiFkERfwe0aQTgOuc0Zxu70hJ1YmE6yDKUT
zP6oc93cTnZLTGM3l0q0VEQQGXKOoqqUwI1i2QFM9GoKzNxmyXQP2Q2YugRxK7oM
3qFTu6LiCZZjUn05y79o2bLUKVGT1DAEv9+G8NSAaQ==
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [max-age=0, no-cache, no-store]
Content-Length: [1691]
Content-Transfer-Encoding: [Binary]
Content-Type: [application/ocsp-response]
Date: [Sat, 24 Jun 2017 20:55:25 GMT]
Etag: ["336E2A8D9D98044FFA4BA946A096A0A95B49115A"]
Expires: [Sat, 24 Jun 2017 20:55:25 GMT]
Last-Modified: [Sat, 24 Jun 2017 20:56:06 GMT]
Pragma: [no-cache]
Server: [nginx/1.7.2]
X-Cache: [TCP_MISS from a23-219-92-86.deploy.akamaitechnologies.com (AkamaiGHost/8.3.4.3-20191559) (-)]
  • OCSP requests is smaller than 255 bytes
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • OCSP response is valid for at least 8 hours (Microsoft)
  • OCSP response is available at least 8 hours before the current period expires or at ½ the validity if valid for more than 16 hours (Microsoft)
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is not yet valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is not the same as the NextUpdate field (RFC 5019 section 6.2)

StartCom Class 1 Primary Intermediate Server CA (CA Certificate)

Certificate details for StartCom Class 1 Primary Intermediate Server CA (At position 1 in certificate chain)
Serial number:
hex: 17153d9eab3fbf
int: 6497278863556543
Issued by: StartCom Certification Authority
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: StartCom Ltd.
Organization unit: Secure Digital Certificate Signing
Country: IL
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

Certificate Revocation List (CRL)

This CRL was cached at
http://crl.startssl.com/sfsca.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://crl.startssl.com/sfsca.crl
Size: 952 bytes (DER data)
Response time: 7.025614ms
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 7

Relevant server response headers

Date:
Last Modified:

Server and network information

Server Software: nginx/1.0.12
Content Delivery Network (CDN): Akamai
Cache Information: TCP_MEM_HIT from a23-219-92-77.deploy.akamaitechnologies.com (AkamaiGHost/8.3.4.1.2-20081415) (-)

Raw CRL response headers

Accept-Ranges: [bytes]
Content-Length: [952]
Content-Type: [application/pkix-crl]
Date: [Sat, 24 Jun 2017 20:55:25 GMT]
Last-Modified: [Wed, 07 Jun 2017 01:34:33 GMT]
Server: [nginx/1.0.12]
X-Cache: [TCP_MEM_HIT from a23-219-92-77.deploy.akamaitechnologies.com (AkamaiGHost/8.3.4.1.2-20081415) (-)]
  • Content-Type in response is set to 'application/pkix-crl (RFC 5280, section 4.2.1.13)'
  • This CRL file is DER encoded
  • Issuer field is byte-for-byte equivalent with issuers subject
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is not the same as ThisUpdate (RFC 5019, section 6.2)
  • Expires cache header not set (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://ocsp.startssl.com/ca (GET)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp.startssl.com/ca (GET)
Size: 1760 bytes (DER data)
Response time: 5.534635ms
Signature algorithm: SHA1WithRSA
Signature type: CA Delegated
Signed by: StartCom OCSP Responder
Issued by: StartCom Certification Authority
Signing certificate validity: 2016-09-20 - 2017-09-20
Signing certificate algorithm: SHA1-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: nginx/1.7.2
Content Delivery Network (CDN): Akamai
Cache Information: TCP_MEM_HIT from a23-219-92-86.deploy.akamaitechnologies.com (AkamaiGHost/8.3.4.3-20191559) (-)

URL used for GET request

http://ocsp.startssl.com/ca/MEgwRjBEMEIwQDAJBgUrDgMCGgUABBRBc6bT2N9qzRkeiWvn5WI5MHBpNQQUTgvvGqRAW6UXaYcwyjRoQ9BBrvICBxcVPZ6rP78%3D

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MEgwRjBEMEIwQDAJBgUrDgMCGgUABBRBc6bT2N9qzRkeiWvn5WI5MHBpNQQUTgvv
GqRAW6UXaYcwyjRoQ9BBrvICBxcVPZ6rP78=
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIG3AoBAKCCBtUwggbRBgkrBgEFBQcwAQEEggbCMIIGvjCByKFJMEcxCzAJBgNV
BAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSAwHgYDVQQDExdTdGFydENv
bSBPQ1NQIFJlc3BvbmRlchgPMjAxNzA2MjQxMDEzMDRaMGowaDBAMAkGBSsOAwIa
BQAEFEFzptPY32rNGR6Ja+flYjkwcGk1BBROC+8apEBbpRdphzDKNGhD0EGu8gIH
FxU9nqs/v4AAGA8yMDE3MDYyNDEwMTMwNFqgERgPMjAxNzA2MjgxMDIzMDRaMA0G
CSqGSIb3DQEBBQUAA4IBAQCZ52aN+ho/AqRGT6VRi3/Hfc498SMvvsd5vO3r3HH0
jxRnC7dpSKDxUHjgvHtTZUjug+Cg1WTNTMTEZOk/swT5xzhdmC/tIKOMSqM9TkBB
vaO9tvaASLpy1f1GwzLyNRAepxIZsv8qA32now5v7VKxyYt1v9OzwgakNIE7JSMS
QiA0KbTf4yZrwZMZqLaexksEAr3WBHbM7/5ao67guAIRJUzgL/09fhjsOItF7F3j
JxVesAla/6Md9PmwGzwAX4JzBd9CnIbJlzjMt6gOcVrzipMO20SaxNJM+1Qo/zlW
hFTG4buwHLEQsLUPBV0GYdEH5J8Ol7APUIXrwsk9sKljoIIE2zCCBNcwggTTMIIC
u6ADAgECAhB0G1CHgU03TwwiPka2dpOyMA0GCSqGSIb3DQEBBQUAMH0xCzAJBgNV
BAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQLEyJTZWN1cmUg
RGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMSkwJwYDVQQDEyBTdGFydENvbSBD
ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xNjA5MjAwMDAxMDFaFw0xNzA5MjAw
MDAxMDFaMEcxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSAw
HgYDVQQDExdTdGFydENvbSBPQ1NQIFJlc3BvbmRlcjCCASIwDQYJKoZIhvcNAQEB
BQADggEPADCCAQoCggEBAL67V5Yt7+ta/FzjtC7S1XWouzbVRn73/KGBfj5JWHFX
jL1oKcHHeyuiQ46IawZ3TKMIZafle69rt2/J+q+K1AcF+yWfnYlsXO4fPd2zuNXq
9mLqlxwsYYLGwYo51ZY09YMenMo2hqcnE2jN4GNhW8HA7M5b1D7frPplzXZkcG2l
9imHwapl+RItDefLqTYvoGXZE8JhefiFx1SkYwZ9Da9hMjWavMInQQwS6HgUU63e
PBAj6oS9IBvEeGzFGeXeRKPOAtlwhsA1787V5OeamA5Ms2/8IEch2fITwUxkXLsh
EuQpb9HqR0vPpWnCd5/SCWIRtNQV5XCTU6VyFcru1f8CAwEAAaOBhDCBgTALBgNV
HQ8EBAMCA6gwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDAYDVR0TAQH/BAIwADAPBgkr
BgEFBQcwAQUEAgUAMB0GA1UdDgQWBBRfdFkMIvy5C8QhXMZu/hEmn9cqHTAfBgNV
HSMEGDAWgBROC+8apEBbpRdphzDKNGhD0EGu8jANBgkqhkiG9w0BAQUFAAOCAgEA
LbOpeDVprhn5SMPJuyRZGpe0vRR5FhCPmjJyCiGwi1ddVI++Eg56nTWABnde9aW5
W64x0MWuoEhg1+FOh5D2fIEztbKQKGQ8hDiQGTSz9Gy9KrZAzaEKOvpHVriq2Zne
su8W2w2cPahu09mY6ivtwJF5jVdLA3iG1X4xtiXUzdBqG+cQiWQBwbK/L1KepHA8
3G1S8xvOSWkBJQwZ/plkrTXNUARa3nOhGvsQKw6OcAo3+FdfrTn5KvVUFxjQ6xXV
vJcSK46LbD5NAD3hp8N3OJVLfvIpHnVVBcIBbhNR4kBe+GNSnGHuwbM1WAPq2V0n
pFD1WWYWHdYwVu4z9yAa2vhoYd7S/6eUhVH8FgCafBcQVoTuH2lXITW2aB23z5+1
YOedwbnb2B2j7T8iIgYG8zNJFoOa0Ue4mXRR7KH0kyanxVSPjtn6ZgM+xBu7yP5L
+W2rWCjPPRwbLxdWaCuPvJ3EsUONbcI0OtY8FbKr01Qurk7i3Qme1iPneOUenpnd
Ln4cNb6gKZ8b1rRB+AlJCm7DnEDyarEEd62wzRFMb+djTU5SPZ0bococQpeHZ35U
HuvFisJndbw17UkiLu8Dhivq6BaskcehToq0bhyewa8Pr1s+zcMUmSEqfLIBZONz
HxtCF0DFldDA5OJB8Y4iOMGSMxKxsKhAaBWolVceORM=
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIE0zCCArugAwIBAgIQdBtQh4FNN08MIj5GtnaTsjANBgkqhkiG9w0BAQUFADB9
MQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMi
U2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3Rh
cnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTYwOTIwMDAwMTAxWhcN
MTcwOTIwMDAwMTAxWjBHMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20g
THRkLjEgMB4GA1UEAxMXU3RhcnRDb20gT0NTUCBSZXNwb25kZXIwggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+u1eWLe/rWvxc47Qu0tV1qLs21UZ+9/yh
gX4+SVhxV4y9aCnBx3srokOOiGsGd0yjCGWn5Xuva7dvyfqvitQHBfsln52JbFzu
Hz3ds7jV6vZi6pccLGGCxsGKOdWWNPWDHpzKNoanJxNozeBjYVvBwOzOW9Q+36z6
Zc12ZHBtpfYph8GqZfkSLQ3ny6k2L6Bl2RPCYXn4hcdUpGMGfQ2vYTI1mrzCJ0EM
Euh4FFOt3jwQI+qEvSAbxHhsxRnl3kSjzgLZcIbANe/O1eTnmpgOTLNv/CBHIdny
E8FMZFy7IRLkKW/R6kdLz6Vpwnef0gliEbTUFeVwk1OlchXK7tX/AgMBAAGjgYQw
gYEwCwYDVR0PBAQDAgOoMBMGA1UdJQQMMAoGCCsGAQUFBwMJMAwGA1UdEwEB/wQC
MAAwDwYJKwYBBQUHMAEFBAIFADAdBgNVHQ4EFgQUX3RZDCL8uQvEIVzGbv4RJp/X
Kh0wHwYDVR0jBBgwFoAUTgvvGqRAW6UXaYcwyjRoQ9BBrvIwDQYJKoZIhvcNAQEF
BQADggIBAC2zqXg1aa4Z+UjDybskWRqXtL0UeRYQj5oycgohsItXXVSPvhIOep01
gAZ3XvWluVuuMdDFrqBIYNfhToeQ9nyBM7WykChkPIQ4kBk0s/RsvSq2QM2hCjr6
R1a4qtmZ3rLvFtsNnD2obtPZmOor7cCReY1XSwN4htV+MbYl1M3QahvnEIlkAcGy
vy9SnqRwPNxtUvMbzklpASUMGf6ZZK01zVAEWt5zoRr7ECsOjnAKN/hXX605+Sr1
VBcY0OsV1byXEiuOi2w+TQA94afDdziVS37yKR51VQXCAW4TUeJAXvhjUpxh7sGz
NVgD6tldJ6RQ9VlmFh3WMFbuM/cgGtr4aGHe0v+nlIVR/BYAmnwXEFaE7h9pVyE1
tmgdt8+ftWDnncG529gdo+0/IiIGBvMzSRaDmtFHuJl0Ueyh9JMmp8VUj47Z+mYD
PsQbu8j+S/ltq1gozz0cGy8XVmgrj7ydxLFDjW3CNDrWPBWyq9NULq5O4t0JntYj
53jlHp6Z3S5+HDW+oCmfG9a0QfgJSQpuw5xA8mqxBHetsM0RTG/nY01OUj2dG6HK
HEKXh2d+VB7rxYrCZ3W8Ne1JIi7vA4Yr6ugWrJHHoU6KtG4cnsGvD69bPs3DFJkh
KnyyAWTjcx8bQhdAxZXQwOTiQfGOIjjBkjMSsbCoQGgVqJVXHjkT
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [max-age=0, no-cache, no-store]
Content-Length: [1760]
Content-Transfer-Encoding: [Binary]
Content-Type: [application/ocsp-response]
Date: [Sat, 24 Jun 2017 20:55:25 GMT]
Etag: ["CDA7D908B8F8F1DCB7F11A00BF3EBCB7B4ED14A3"]
Expires: [Sat, 24 Jun 2017 20:55:25 GMT]
Last-Modified: [Sat, 24 Jun 2017 10:13:04 GMT]
Pragma: [no-cache]
Server: [nginx/1.7.2]
X-Cache: [TCP_MEM_HIT from a23-219-92-86.deploy.akamaitechnologies.com (AkamaiGHost/8.3.4.3-20191559) (-)]
  • OCSP requests is smaller than 255 bytes
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is not the same as the NextUpdate field (RFC 5019 section 6.2)
This OCSP response was cached at
http://ocsp.startssl.com/ca (POST)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp.startssl.com/ca (POST)
Size: 1760 bytes (DER data)
Response time: 170.623256ms
Signature algorithm: SHA1WithRSA
Signature type: CA Delegated
Signed by: StartCom OCSP Responder
Issued by: StartCom Certification Authority
Signing certificate validity: 2016-09-20 - 2017-09-20
Signing certificate algorithm: SHA1-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: nginx/1.7.2
Content Delivery Network (CDN): Akamai
Cache Information: TCP_MISS from a23-219-92-86.deploy.akamaitechnologies.com (AkamaiGHost/8.3.4.3-20191559) (-)

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MEgwRjBEMEIwQDAJBgUrDgMCGgUABBRBc6bT2N9qzRkeiWvn5WI5MHBpNQQUTgvv
GqRAW6UXaYcwyjRoQ9BBrvICBxcVPZ6rP78=
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIG3AoBAKCCBtUwggbRBgkrBgEFBQcwAQEEggbCMIIGvjCByKFJMEcxCzAJBgNV
BAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSAwHgYDVQQDExdTdGFydENv
bSBPQ1NQIFJlc3BvbmRlchgPMjAxNzA2MjQxMDEzMDRaMGowaDBAMAkGBSsOAwIa
BQAEFEFzptPY32rNGR6Ja+flYjkwcGk1BBROC+8apEBbpRdphzDKNGhD0EGu8gIH
FxU9nqs/v4AAGA8yMDE3MDYyNDEwMTMwNFqgERgPMjAxNzA2MjgxMDIzMDRaMA0G
CSqGSIb3DQEBBQUAA4IBAQCZ52aN+ho/AqRGT6VRi3/Hfc498SMvvsd5vO3r3HH0
jxRnC7dpSKDxUHjgvHtTZUjug+Cg1WTNTMTEZOk/swT5xzhdmC/tIKOMSqM9TkBB
vaO9tvaASLpy1f1GwzLyNRAepxIZsv8qA32now5v7VKxyYt1v9OzwgakNIE7JSMS
QiA0KbTf4yZrwZMZqLaexksEAr3WBHbM7/5ao67guAIRJUzgL/09fhjsOItF7F3j
JxVesAla/6Md9PmwGzwAX4JzBd9CnIbJlzjMt6gOcVrzipMO20SaxNJM+1Qo/zlW
hFTG4buwHLEQsLUPBV0GYdEH5J8Ol7APUIXrwsk9sKljoIIE2zCCBNcwggTTMIIC
u6ADAgECAhB0G1CHgU03TwwiPka2dpOyMA0GCSqGSIb3DQEBBQUAMH0xCzAJBgNV
BAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQLEyJTZWN1cmUg
RGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMSkwJwYDVQQDEyBTdGFydENvbSBD
ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xNjA5MjAwMDAxMDFaFw0xNzA5MjAw
MDAxMDFaMEcxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSAw
HgYDVQQDExdTdGFydENvbSBPQ1NQIFJlc3BvbmRlcjCCASIwDQYJKoZIhvcNAQEB
BQADggEPADCCAQoCggEBAL67V5Yt7+ta/FzjtC7S1XWouzbVRn73/KGBfj5JWHFX
jL1oKcHHeyuiQ46IawZ3TKMIZafle69rt2/J+q+K1AcF+yWfnYlsXO4fPd2zuNXq
9mLqlxwsYYLGwYo51ZY09YMenMo2hqcnE2jN4GNhW8HA7M5b1D7frPplzXZkcG2l
9imHwapl+RItDefLqTYvoGXZE8JhefiFx1SkYwZ9Da9hMjWavMInQQwS6HgUU63e
PBAj6oS9IBvEeGzFGeXeRKPOAtlwhsA1787V5OeamA5Ms2/8IEch2fITwUxkXLsh
EuQpb9HqR0vPpWnCd5/SCWIRtNQV5XCTU6VyFcru1f8CAwEAAaOBhDCBgTALBgNV
HQ8EBAMCA6gwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDAYDVR0TAQH/BAIwADAPBgkr
BgEFBQcwAQUEAgUAMB0GA1UdDgQWBBRfdFkMIvy5C8QhXMZu/hEmn9cqHTAfBgNV
HSMEGDAWgBROC+8apEBbpRdphzDKNGhD0EGu8jANBgkqhkiG9w0BAQUFAAOCAgEA
LbOpeDVprhn5SMPJuyRZGpe0vRR5FhCPmjJyCiGwi1ddVI++Eg56nTWABnde9aW5
W64x0MWuoEhg1+FOh5D2fIEztbKQKGQ8hDiQGTSz9Gy9KrZAzaEKOvpHVriq2Zne
su8W2w2cPahu09mY6ivtwJF5jVdLA3iG1X4xtiXUzdBqG+cQiWQBwbK/L1KepHA8
3G1S8xvOSWkBJQwZ/plkrTXNUARa3nOhGvsQKw6OcAo3+FdfrTn5KvVUFxjQ6xXV
vJcSK46LbD5NAD3hp8N3OJVLfvIpHnVVBcIBbhNR4kBe+GNSnGHuwbM1WAPq2V0n
pFD1WWYWHdYwVu4z9yAa2vhoYd7S/6eUhVH8FgCafBcQVoTuH2lXITW2aB23z5+1
YOedwbnb2B2j7T8iIgYG8zNJFoOa0Ue4mXRR7KH0kyanxVSPjtn6ZgM+xBu7yP5L
+W2rWCjPPRwbLxdWaCuPvJ3EsUONbcI0OtY8FbKr01Qurk7i3Qme1iPneOUenpnd
Ln4cNb6gKZ8b1rRB+AlJCm7DnEDyarEEd62wzRFMb+djTU5SPZ0bococQpeHZ35U
HuvFisJndbw17UkiLu8Dhivq6BaskcehToq0bhyewa8Pr1s+zcMUmSEqfLIBZONz
HxtCF0DFldDA5OJB8Y4iOMGSMxKxsKhAaBWolVceORM=
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIE0zCCArugAwIBAgIQdBtQh4FNN08MIj5GtnaTsjANBgkqhkiG9w0BAQUFADB9
MQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMi
U2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3Rh
cnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTYwOTIwMDAwMTAxWhcN
MTcwOTIwMDAwMTAxWjBHMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20g
THRkLjEgMB4GA1UEAxMXU3RhcnRDb20gT0NTUCBSZXNwb25kZXIwggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+u1eWLe/rWvxc47Qu0tV1qLs21UZ+9/yh
gX4+SVhxV4y9aCnBx3srokOOiGsGd0yjCGWn5Xuva7dvyfqvitQHBfsln52JbFzu
Hz3ds7jV6vZi6pccLGGCxsGKOdWWNPWDHpzKNoanJxNozeBjYVvBwOzOW9Q+36z6
Zc12ZHBtpfYph8GqZfkSLQ3ny6k2L6Bl2RPCYXn4hcdUpGMGfQ2vYTI1mrzCJ0EM
Euh4FFOt3jwQI+qEvSAbxHhsxRnl3kSjzgLZcIbANe/O1eTnmpgOTLNv/CBHIdny
E8FMZFy7IRLkKW/R6kdLz6Vpwnef0gliEbTUFeVwk1OlchXK7tX/AgMBAAGjgYQw
gYEwCwYDVR0PBAQDAgOoMBMGA1UdJQQMMAoGCCsGAQUFBwMJMAwGA1UdEwEB/wQC
MAAwDwYJKwYBBQUHMAEFBAIFADAdBgNVHQ4EFgQUX3RZDCL8uQvEIVzGbv4RJp/X
Kh0wHwYDVR0jBBgwFoAUTgvvGqRAW6UXaYcwyjRoQ9BBrvIwDQYJKoZIhvcNAQEF
BQADggIBAC2zqXg1aa4Z+UjDybskWRqXtL0UeRYQj5oycgohsItXXVSPvhIOep01
gAZ3XvWluVuuMdDFrqBIYNfhToeQ9nyBM7WykChkPIQ4kBk0s/RsvSq2QM2hCjr6
R1a4qtmZ3rLvFtsNnD2obtPZmOor7cCReY1XSwN4htV+MbYl1M3QahvnEIlkAcGy
vy9SnqRwPNxtUvMbzklpASUMGf6ZZK01zVAEWt5zoRr7ECsOjnAKN/hXX605+Sr1
VBcY0OsV1byXEiuOi2w+TQA94afDdziVS37yKR51VQXCAW4TUeJAXvhjUpxh7sGz
NVgD6tldJ6RQ9VlmFh3WMFbuM/cgGtr4aGHe0v+nlIVR/BYAmnwXEFaE7h9pVyE1
tmgdt8+ftWDnncG529gdo+0/IiIGBvMzSRaDmtFHuJl0Ueyh9JMmp8VUj47Z+mYD
PsQbu8j+S/ltq1gozz0cGy8XVmgrj7ydxLFDjW3CNDrWPBWyq9NULq5O4t0JntYj
53jlHp6Z3S5+HDW+oCmfG9a0QfgJSQpuw5xA8mqxBHetsM0RTG/nY01OUj2dG6HK
HEKXh2d+VB7rxYrCZ3W8Ne1JIi7vA4Yr6ugWrJHHoU6KtG4cnsGvD69bPs3DFJkh
KnyyAWTjcx8bQhdAxZXQwOTiQfGOIjjBkjMSsbCoQGgVqJVXHjkT
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [max-age=0, no-cache, no-store]
Content-Length: [1760]
Content-Transfer-Encoding: [Binary]
Content-Type: [application/ocsp-response]
Date: [Sat, 24 Jun 2017 20:55:25 GMT]
Etag: ["CDA7D908B8F8F1DCB7F11A00BF3EBCB7B4ED14A3"]
Expires: [Sat, 24 Jun 2017 20:55:25 GMT]
Last-Modified: [Sat, 24 Jun 2017 10:13:04 GMT]
Pragma: [no-cache]
Server: [nginx/1.7.2]
X-Cache: [TCP_MISS from a23-219-92-86.deploy.akamaitechnologies.com (AkamaiGHost/8.3.4.3-20191559) (-)]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is not the same as the NextUpdate field (RFC 5019 section 6.2)

StartCom Certification Authority (CA Certificate)

Certificate details for StartCom Certification Authority (At position 2 in certificate chain)
Serial number:
hex: 1
int: 1
Issued by: StartCom Certification Authority
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: StartCom Ltd.
Organization unit: Secure Digital Certificate Signing
Country: IL
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

This is a self signed certificate

Certificate Revocation List (CRL)

This CRL was cached at
http://cert.startcom.org/sfsca-crl.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://cert.startcom.org/sfsca-crl.crl
Size: 969 bytes (DER data)
Response time: 1.244649873s
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 8

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: nginx

Raw CRL response headers

Accept-Ranges: [bytes]
Access-Control-Allow-Origin: [*.startcomca.com]
Cache-Control: [max-age=315360000 public]
Connection: [keep-alive]
Content-Length: [969]
Content-Type: [application/octet-stream]
Date: [Sat, 24 Jun 2017 20:55:26 GMT]
Etag: ["59375e98-3c9"]
Expires: [Thu, 31 Dec 2037 23:55:55 GMT]
Last-Modified: [Wed, 07 Jun 2017 02:02:00 GMT]
Server: [nginx]
  • Content-Type in response is not set to 'application/pkix-crl' but to 'application/octet-stream' (RFC 5280, section 4.2.1.13)
  • This CRL file is DER encoded
  • Issuer field is byte-for-byte equivalent with issuers subject
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is not the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is 173155h41m8s before the date in the Expires cache header
  • The Cache-Control max-age header outlives NextUpdate with 80872h40m39s
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is not the same as the NextUpdate field (RFC 5019 section 6.2)
This CRL was cached at
http://crl.startcom.org/sfsca-crl.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://crl.startcom.org/sfsca-crl.crl
Size: 0 bytes (DER data)
Response time: 0s

Raw CRL response headers

Check the revocation status for another website

Created by Paul van Brouwershaven
© 2015 - 2017 Digitorus B.V.
Revoked certificates can't and should not be trusted, these certificate will cause errors like "NET::ERR_CERT_REVOKED" in browsers.