CRL & OCSP report for www.poradte.cz

www.poradte.cz

Certificate details for www.poradte.cz (At position 0 in certificate chain)
Serial number:
hex: 161bebc33025125dea3431405d887d48
int: 29387989753097235435719900015215803720
Issued by: SpaceSSL CA
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Country: CZ
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

Check certificate compliance for www.poradte.cz.

Certificate Revocation List (CRL)

This CRL was cached at
http://crl.spacessl.com/spacesslca.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://crl.spacessl.com/spacesslca.crl
Size: 576 bytes (DER data)
Response time: 714.53483ms
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 1

Relevant server response headers

Date:
Last Modified:

Server and network information

Server Software: Apache

Raw CRL response headers

Accept-Ranges: [bytes]
Content-Length: [576]
Content-Type: [application/x-pkcs7-crl]
Date: [Sun, 30 Apr 2017 12:43:42 GMT]
Etag: ["3001c-240-2076bcc0"]
Last-Modified: [Sun, 30 Apr 2017 12:05:47 GMT]
Server: [Apache]
  • Content-Type in response is set 'application/x-pkcs7-crl' and should be replaced with 'application/pkix-crl' (RFC 5280, section 4.2.1.13)
  • This CRL file is DER encoded
  • Issuer field should be byte-for-byte equivalent with issuers subject
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than seven days old, CRLs must be updated and reissued at least every seven days (Mozilla Maintenance Policy section 3)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is not the same as ThisUpdate (RFC 5019, section 6.2)
  • Expires cache header not set (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://ocsp.spacessl.com (GET)Unknown

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp.spacessl.com (GET)
Size: 1555 bytes (DER data)
Response time: 487.152438ms
Signature algorithm: SHA256WithRSA
Signature type: CA Deligated
Signed by: SpaceSSL CA Validation Service
Issued by: SpaceSSL CA
Signing certificate validity: 2017-03-23 - 2018-03-23
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Produced at:
Status: Unknown

Relevant server response headers

Date:

Server and network information

Server Software: NetDNA-cache/2.2
Cache Information: MISS

URL used for GET request

http:/MFEwTzBNMEswSTAJBgUrDgMCGgUABBToZZYuo6%2BR0zOUim3QMe7fFkHwZwQU76xp11xRXXt2APD4mbQrzBmEDYkCEBYb68MwJRJd6jQxQF2IfUg%3D

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFEwTzBNMEswSTAJBgUrDgMCGgUABBToZZYuo6+R0zOUim3QMe7fFkHwZwQU76xp
11xRXXt2APD4mbQrzBmEDYkCEBYb68MwJRJd6jQxQF2IfUg=
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIGDwoBAKCCBggwggYEBgkrBgEFBQcwAQEEggX1MIIF8TCB86ADAgEAoVswWTEL
MAkGA1UEBhMCUEwxITAfBgNVBAoMGEFzc2VjbyBEYXRhIFN5c3RlbXMgUy5BLjEn
MCUGA1UEAwweU3BhY2VTU0wgQ0EgVmFsaWRhdGlvbiBTZXJ2aWNlGA8yMDE3MDQz
MDEyNDM0MlowXjBcMEcwBwYFKw4DAhoEFOhlli6jr5HTM5SKbdAx7t8WQfBnBBTv
rGnXXFFde3YA8PiZtCvMGYQNiQIQFhvrwzAlEl3qNDFAXYh9SIIAGA8yMDE3MDQz
MDEyNDM0MlqhHjAcMBoGCSsGAQUFBzABBAQNMAsGCSsGAQUFBzABATALBgkqhkiG
9w0BAQsDggEBABhbKAgaK4/YSheWVU4lkq+PK3NtNn3deZZjXfGfQT+VfWBRZZHo
kyjbddBecA+IQoXX1DEqp3lxBGxf/c2PZdFF4LFpNOztujNisfNr+LnevKFobtwt
7cKb3//7IEYpoFFjjexxMOOVlEm6m36rRWlsRItGdCQmQ7JHuyIzC/WibKlJCVqG
tENZuTsrbH5bucdjo5orjb0Kz17ShacI6VvDbaOtELegUkiJVivMDByorl4SN+yh
COLugyy0QMTqsBxv7h8XnkfQieHWeH7162anBmuDtOEbdvMjwY5hcePYTx3p0C8p
YPpBRy0TIe5y5ZOcdMwHTaSPQgoBhhgM6ZegggPlMIID4TCCA90wggLFoAMCAQIC
EGUj6kv/n8KQj1Cm60nukGowDQYJKoZIhvcNAQELBQAwcjELMAkGA1UEBhMCUEwx
IjAgBgNVBAoMGVVuaXpldG8gVGVjaG5vbG9naWVzIFMuQS4xKTAnBgNVBAsMIFNw
YWNlU1NMIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRQwEgYDVQQDDAtTcGFjZVNT
TCBDQTAeFw0xNzAzMjMwODI2MTVaFw0xODAzMjMwODI2MTVaMFkxCzAJBgNVBAYT
AlBMMSEwHwYDVQQKDBhBc3NlY28gRGF0YSBTeXN0ZW1zIFMuQS4xJzAlBgNVBAMM
HlNwYWNlU1NMIENBIFZhbGlkYXRpb24gU2VydmljZTCCASIwDQYJKoZIhvcNAQEB
BQADggEPADCCAQoCggEBALUxQlLspQCA6XzoxNOtOM27Aw9IR5o1WDnF8nWeJO4H
EjwzAQNSqLHtwfaZgSpeHS+aDfcdHc3TzrdisgRordxGzr0/fsl7h2BxfNNtwVEk
0Jj3MYWo3KFJ8yDCtE9dbP0gQKVUoc75PG3UAHEPcb5iJ8KaecIfktcTNWJiJZA1
a2FiRQja9fyzbpkz2BHeeBbuq3MfA4hsLdzojzAZ2PFATXtPGsLSJ3mxRODcvAKj
TXRPOPRlkeftPL2DcgI8TMWGoA2mSYSLM1OgKjj4W1eIaWzrOqDilR7wBn4twteT
qecndsTkBIR+Q/XHqAp74RtqmBJsgREB+mSi+JOOv4kCAwEAAaOBhzCBhDAMBgNV
HRMBAf8EAjAAMB8GA1UdIwQYMBaAFO+saddcUV17dgDw+Jm0K8wZhA2JMB0GA1Ud
DgQWBBQZv77FPVD/SxHiqaZOMQ/y8OpFMzAOBgNVHQ8BAf8EBAMCBsAwEwYDVR0l
BAwwCgYIKwYBBQUHAwkwDwYJKwYBBQUHMAEFBAIFADANBgkqhkiG9w0BAQsFAAOC
AQEAhLRTcQ8+sXkCgr7dIKBP0RfzEvkNsoC/JhCsDbYMdm34H6dmrazpv2k8tZiA
xJlj4B25fbX6uOYetZRnawDvWn5QUtg13FuVhN40xwaxujsOqxichHdZ0A3qsHy8
OYsVX9hrDqu5and3wjEJUNMqPll41i+95BT75wlRNUxPRBE6gEAHzOYHznhxpy6f
/0o+8o5uGsf8vWUULw/Sl6eJT2kAZreElB7gkWuizAku05w5uv7mAzMaWPjpo6o6
t6AkAUei1cMt7reptbXV4bhxISg+8DPH7s7Gb8j5z300fagePEcONjrbutfGePnf
cqlHbGy6vJaVGeBI81fBD3nwYw==
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIID3TCCAsWgAwIBAgIQZSPqS/+fwpCPUKbrSe6QajANBgkqhkiG9w0BAQsFADBy
MQswCQYDVQQGEwJQTDEiMCAGA1UECgwZVW5pemV0byBUZWNobm9sb2dpZXMgUy5B
LjEpMCcGA1UECwwgU3BhY2VTU0wgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxFDAS
BgNVBAMMC1NwYWNlU1NMIENBMB4XDTE3MDMyMzA4MjYxNVoXDTE4MDMyMzA4MjYx
NVowWTELMAkGA1UEBhMCUEwxITAfBgNVBAoMGEFzc2VjbyBEYXRhIFN5c3RlbXMg
Uy5BLjEnMCUGA1UEAwweU3BhY2VTU0wgQ0EgVmFsaWRhdGlvbiBTZXJ2aWNlMIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtTFCUuylAIDpfOjE0604zbsD
D0hHmjVYOcXydZ4k7gcSPDMBA1Kose3B9pmBKl4dL5oN9x0dzdPOt2KyBGit3EbO
vT9+yXuHYHF8023BUSTQmPcxhajcoUnzIMK0T11s/SBApVShzvk8bdQAcQ9xvmIn
wpp5wh+S1xM1YmIlkDVrYWJFCNr1/LNumTPYEd54Fu6rcx8DiGwt3OiPMBnY8UBN
e08awtInebFE4Ny8AqNNdE849GWR5+08vYNyAjxMxYagDaZJhIszU6AqOPhbV4hp
bOs6oOKVHvAGfi3C15Op5yd2xOQEhH5D9ceoCnvhG2qYEmyBEQH6ZKL4k46/iQID
AQABo4GHMIGEMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAU76xp11xRXXt2APD4
mbQrzBmEDYkwHQYDVR0OBBYEFBm/vsU9UP9LEeKppk4xD/Lw6kUzMA4GA1UdDwEB
/wQEAwIGwDATBgNVHSUEDDAKBggrBgEFBQcDCTAPBgkrBgEFBQcwAQUEAgUAMA0G
CSqGSIb3DQEBCwUAA4IBAQCEtFNxDz6xeQKCvt0goE/RF/MS+Q2ygL8mEKwNtgx2
bfgfp2atrOm/aTy1mIDEmWPgHbl9tfq45h61lGdrAO9aflBS2DXcW5WE3jTHBrG6
Ow6rGJyEd1nQDeqwfLw5ixVf2GsOq7lqd3fCMQlQ0yo+WXjWL73kFPvnCVE1TE9E
ETqAQAfM5gfOeHGnLp//Sj7yjm4ax/y9ZRQvD9KXp4lPaQBmt4SUHuCRa6LMCS7T
nDm6/uYDMxpY+Omjqjq3oCQBR6LVwy3ut6m1tdXhuHEhKD7wM8fuzsZvyPnPfTR9
qB48Rw42Otu618Z4+d9yqUdsbLq8lpUZ4EjzV8EPefBj
-----END CERTIFICATE-----

Raw OCSP response headers

Content-Length: [1555]
Content-Transfer-Encoding: [binary]
Content-Type: [application/ocsp-response]
Date: [Sun, 30 Apr 2017 12:43:42 GMT]
Server: [NetDNA-cache/2.2]
X-Cache: [MISS]
X-Cached: [MISS]
  • OCSP requests is smaller than 255 bytes
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • OCSP response must be valid for at least 8 hours (Microsoft)
  • OCSP response must be available at least 8 hours before the current period expires or at ½ the validity if valid for more than 16 hours (Microsoft)
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • Last-Modified cache header not set (RFC 5019, section 6.2)
  • NextUpdate not set (RFC 5019, section 2.2.4)
This OCSP response was cached at
http://ocsp.spacessl.com (POST)Unknown

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp.spacessl.com (POST)
Size: 1555 bytes (DER data)
Response time: 483.428508ms
Signature algorithm: SHA256WithRSA
Signature type: CA Deligated
Signed by: SpaceSSL CA Validation Service
Issued by: SpaceSSL CA
Signing certificate validity: 2017-03-23 - 2018-03-23
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Produced at:
Status: Unknown

Relevant server response headers

Date:

Server and network information

Server Software: NetDNA-cache/2.2
Cache Information: MISS

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFEwTzBNMEswSTAJBgUrDgMCGgUABBToZZYuo6+R0zOUim3QMe7fFkHwZwQU76xp
11xRXXt2APD4mbQrzBmEDYkCEBYb68MwJRJd6jQxQF2IfUg=
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIGDwoBAKCCBggwggYEBgkrBgEFBQcwAQEEggX1MIIF8TCB86ADAgEAoVswWTEL
MAkGA1UEBhMCUEwxITAfBgNVBAoMGEFzc2VjbyBEYXRhIFN5c3RlbXMgUy5BLjEn
MCUGA1UEAwweU3BhY2VTU0wgQ0EgVmFsaWRhdGlvbiBTZXJ2aWNlGA8yMDE3MDQz
MDEyNDM0MlowXjBcMEcwBwYFKw4DAhoEFOhlli6jr5HTM5SKbdAx7t8WQfBnBBTv
rGnXXFFde3YA8PiZtCvMGYQNiQIQFhvrwzAlEl3qNDFAXYh9SIIAGA8yMDE3MDQz
MDEyNDM0MlqhHjAcMBoGCSsGAQUFBzABBAQNMAsGCSsGAQUFBzABATALBgkqhkiG
9w0BAQsDggEBABhbKAgaK4/YSheWVU4lkq+PK3NtNn3deZZjXfGfQT+VfWBRZZHo
kyjbddBecA+IQoXX1DEqp3lxBGxf/c2PZdFF4LFpNOztujNisfNr+LnevKFobtwt
7cKb3//7IEYpoFFjjexxMOOVlEm6m36rRWlsRItGdCQmQ7JHuyIzC/WibKlJCVqG
tENZuTsrbH5bucdjo5orjb0Kz17ShacI6VvDbaOtELegUkiJVivMDByorl4SN+yh
COLugyy0QMTqsBxv7h8XnkfQieHWeH7162anBmuDtOEbdvMjwY5hcePYTx3p0C8p
YPpBRy0TIe5y5ZOcdMwHTaSPQgoBhhgM6ZegggPlMIID4TCCA90wggLFoAMCAQIC
EGUj6kv/n8KQj1Cm60nukGowDQYJKoZIhvcNAQELBQAwcjELMAkGA1UEBhMCUEwx
IjAgBgNVBAoMGVVuaXpldG8gVGVjaG5vbG9naWVzIFMuQS4xKTAnBgNVBAsMIFNw
YWNlU1NMIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRQwEgYDVQQDDAtTcGFjZVNT
TCBDQTAeFw0xNzAzMjMwODI2MTVaFw0xODAzMjMwODI2MTVaMFkxCzAJBgNVBAYT
AlBMMSEwHwYDVQQKDBhBc3NlY28gRGF0YSBTeXN0ZW1zIFMuQS4xJzAlBgNVBAMM
HlNwYWNlU1NMIENBIFZhbGlkYXRpb24gU2VydmljZTCCASIwDQYJKoZIhvcNAQEB
BQADggEPADCCAQoCggEBALUxQlLspQCA6XzoxNOtOM27Aw9IR5o1WDnF8nWeJO4H
EjwzAQNSqLHtwfaZgSpeHS+aDfcdHc3TzrdisgRordxGzr0/fsl7h2BxfNNtwVEk
0Jj3MYWo3KFJ8yDCtE9dbP0gQKVUoc75PG3UAHEPcb5iJ8KaecIfktcTNWJiJZA1
a2FiRQja9fyzbpkz2BHeeBbuq3MfA4hsLdzojzAZ2PFATXtPGsLSJ3mxRODcvAKj
TXRPOPRlkeftPL2DcgI8TMWGoA2mSYSLM1OgKjj4W1eIaWzrOqDilR7wBn4twteT
qecndsTkBIR+Q/XHqAp74RtqmBJsgREB+mSi+JOOv4kCAwEAAaOBhzCBhDAMBgNV
HRMBAf8EAjAAMB8GA1UdIwQYMBaAFO+saddcUV17dgDw+Jm0K8wZhA2JMB0GA1Ud
DgQWBBQZv77FPVD/SxHiqaZOMQ/y8OpFMzAOBgNVHQ8BAf8EBAMCBsAwEwYDVR0l
BAwwCgYIKwYBBQUHAwkwDwYJKwYBBQUHMAEFBAIFADANBgkqhkiG9w0BAQsFAAOC
AQEAhLRTcQ8+sXkCgr7dIKBP0RfzEvkNsoC/JhCsDbYMdm34H6dmrazpv2k8tZiA
xJlj4B25fbX6uOYetZRnawDvWn5QUtg13FuVhN40xwaxujsOqxichHdZ0A3qsHy8
OYsVX9hrDqu5and3wjEJUNMqPll41i+95BT75wlRNUxPRBE6gEAHzOYHznhxpy6f
/0o+8o5uGsf8vWUULw/Sl6eJT2kAZreElB7gkWuizAku05w5uv7mAzMaWPjpo6o6
t6AkAUei1cMt7reptbXV4bhxISg+8DPH7s7Gb8j5z300fagePEcONjrbutfGePnf
cqlHbGy6vJaVGeBI81fBD3nwYw==
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIID3TCCAsWgAwIBAgIQZSPqS/+fwpCPUKbrSe6QajANBgkqhkiG9w0BAQsFADBy
MQswCQYDVQQGEwJQTDEiMCAGA1UECgwZVW5pemV0byBUZWNobm9sb2dpZXMgUy5B
LjEpMCcGA1UECwwgU3BhY2VTU0wgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxFDAS
BgNVBAMMC1NwYWNlU1NMIENBMB4XDTE3MDMyMzA4MjYxNVoXDTE4MDMyMzA4MjYx
NVowWTELMAkGA1UEBhMCUEwxITAfBgNVBAoMGEFzc2VjbyBEYXRhIFN5c3RlbXMg
Uy5BLjEnMCUGA1UEAwweU3BhY2VTU0wgQ0EgVmFsaWRhdGlvbiBTZXJ2aWNlMIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtTFCUuylAIDpfOjE0604zbsD
D0hHmjVYOcXydZ4k7gcSPDMBA1Kose3B9pmBKl4dL5oN9x0dzdPOt2KyBGit3EbO
vT9+yXuHYHF8023BUSTQmPcxhajcoUnzIMK0T11s/SBApVShzvk8bdQAcQ9xvmIn
wpp5wh+S1xM1YmIlkDVrYWJFCNr1/LNumTPYEd54Fu6rcx8DiGwt3OiPMBnY8UBN
e08awtInebFE4Ny8AqNNdE849GWR5+08vYNyAjxMxYagDaZJhIszU6AqOPhbV4hp
bOs6oOKVHvAGfi3C15Op5yd2xOQEhH5D9ceoCnvhG2qYEmyBEQH6ZKL4k46/iQID
AQABo4GHMIGEMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAU76xp11xRXXt2APD4
mbQrzBmEDYkwHQYDVR0OBBYEFBm/vsU9UP9LEeKppk4xD/Lw6kUzMA4GA1UdDwEB
/wQEAwIGwDATBgNVHSUEDDAKBggrBgEFBQcDCTAPBgkrBgEFBQcwAQUEAgUAMA0G
CSqGSIb3DQEBCwUAA4IBAQCEtFNxDz6xeQKCvt0goE/RF/MS+Q2ygL8mEKwNtgx2
bfgfp2atrOm/aTy1mIDEmWPgHbl9tfq45h61lGdrAO9aflBS2DXcW5WE3jTHBrG6
Ow6rGJyEd1nQDeqwfLw5ixVf2GsOq7lqd3fCMQlQ0yo+WXjWL73kFPvnCVE1TE9E
ETqAQAfM5gfOeHGnLp//Sj7yjm4ax/y9ZRQvD9KXp4lPaQBmt4SUHuCRa6LMCS7T
nDm6/uYDMxpY+Omjqjq3oCQBR6LVwy3ut6m1tdXhuHEhKD7wM8fuzsZvyPnPfTR9
qB48Rw42Otu618Z4+d9yqUdsbLq8lpUZ4EjzV8EPefBj
-----END CERTIFICATE-----

Raw OCSP response headers

Content-Length: [1555]
Content-Transfer-Encoding: [binary]
Content-Type: [application/ocsp-response]
Date: [Sun, 30 Apr 2017 12:43:42 GMT]
Server: [NetDNA-cache/2.2]
X-Cache: [MISS]
X-Cached: [MISS]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • OCSP response must be valid for at least 8 hours (Microsoft)
  • OCSP response must be available at least 8 hours before the current period expires or at ½ the validity if valid for more than 16 hours (Microsoft)
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • Last-Modified cache header not set (RFC 5019, section 6.2)
  • NextUpdate not set (RFC 5019, section 2.2.4)

SpaceSSL CA (CA Certificate)

Certificate details for SpaceSSL CA (At position 1 in certificate chain)
Serial number:
hex: 2539661f537d7b5cea2c999db63c083e
int: 49479468052669936992520155445763770430
Issued by: Certum Global Services CA
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: Unizeto Technologies S.A.
Organization unit: SpaceSSL Certification Authority
Country: PL
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

Certificate Revocation List (CRL)

This CRL was cached at
http://crl.certum.pl/gsca.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://crl.certum.pl/gsca.crl
Size: 498 bytes (DER data)
Response time: 715.152727ms
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 0

Relevant server response headers

Date:
Last Modified:

Server and network information

Server Software: nginx

Raw CRL response headers

Accept-Ranges: [bytes]
Content-Length: [498]
Content-Type: [application/x-pkcs7-crl]
Date: [Sun, 30 Apr 2017 12:43:42 GMT]
Etag: ["30017-1f2-12195e80"]
Last-Modified: [Sun, 30 Apr 2017 12:01:46 GMT]
Server: [nginx]
X-Cached: [EXPIRED]
  • Content-Type in response is set 'application/x-pkcs7-crl' and should be replaced with 'application/pkix-crl' (RFC 5280, section 4.2.1.13)
  • This CRL file is DER encoded
  • Issuer field is byte-for-byte equivalent with issuers subject
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is not the same as ThisUpdate (RFC 5019, section 6.2)
  • Expires cache header not set (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://subca.ocsp-certum.com (GET)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://subca.ocsp-certum.com (GET)
Size: 1615 bytes (DER data)
Response time: 475.989225ms
Signature algorithm: SHA256WithRSA
Signature type: CA Deligated
Signed by: Certum Global Services CA Validation Service
Issued by: Certum Global Services CA
Signing certificate validity: 2017-03-23 - 2018-03-23
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:

Server and network information

Server Software: NetDNA-cache/2.2
Cache Information: MISS

URL used for GET request

http:/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTiZ82OZ%2FUHynitdD9ez09RxIhDVQQURcWyhk7M3SmX5N0UxG6uTbjBd%2FgCECU5Zh9TfXtc6iyZnbY8CD4%3D

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFEwTzBNMEswSTAJBgUrDgMCGgUABBTiZ82OZ/UHynitdD9ez09RxIhDVQQURcWy
hk7M3SmX5N0UxG6uTbjBd/gCECU5Zh9TfXtc6iyZnbY8CD4=
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIGSwoBAKCCBkQwggZABgkrBgEFBQcwAQEEggYxMIIGLTCCARSgAwIBAKFpMGcx
CzAJBgNVBAYTAlBMMSEwHwYDVQQKDBhBc3NlY28gRGF0YSBTeXN0ZW1zIFMuQS4x
NTAzBgNVBAMMLENlcnR1bSBHbG9iYWwgU2VydmljZXMgQ0EgVmFsaWRhdGlvbiBT
ZXJ2aWNlGA8yMDE3MDQzMDEyNDM0MlowcTBvMEcwBwYFKw4DAhoEFOJnzY5n9QfK
eK10P17PT1HEiENVBBRFxbKGTszdKZfk3RTEbq5NuMF3+AIQJTlmH1N9e1zqLJmd
tjwIPoAAGA8yMDE3MDQzMDEyNDM0MlqgERgPMjAxNzA1MDcxMjQzNDJaoR4wHDAa
BgkrBgEFBQcwAQQEDTALBgkrBgEFBQcwAQEwCwYJKoZIhvcNAQELA4IBAQATFBdH
D3L4DjqId9v0BSQ9tMw9QqMKlwABiXM+g+vQ97W3Y011WDBAXTgSoOzIqtaRzCYZ
qkf5WNQTZe383r5UhO2pzW831XwGCaU0oL+lutFe21lqYkNsm8jLK7WbwSWKYTMD
haEvsFrpLRUjv2WoCn5XF3LlEz5d/MvmcmGfU0XHr9S6zO4soqgfi0gJJIz27ZZQ
nvkNndH8Yt2pu9ZhapKCzDb2JUZ5U0v92roO7YTPNiosO+HridZuGE10HPahlxdE
8uGqYLYeAiPpAHuI9GGlSKK6lsGiB/Lkbt0zDXLK8gM3UbHLGKWBnugUho7t64I1
ZjJsAcb9ND+F0qJGoIID/zCCA/swggP3MIIC36ADAgECAhBOQM7akIHwDuad3Ys9
SB1SMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlBMMSIwIAYDVQQKExlVbml6
ZXRvIFRlY2hub2xvZ2llcyBTLkEuMScwJQYDVQQLEx5DZXJ0dW0gQ2VydGlmaWNh
dGlvbiBBdXRob3JpdHkxIjAgBgNVBAMTGUNlcnR1bSBHbG9iYWwgU2VydmljZXMg
Q0EwHhcNMTcwMzIzMDgyNDIxWhcNMTgwMzIzMDgyNDIxWjBnMQswCQYDVQQGEwJQ
TDEhMB8GA1UECgwYQXNzZWNvIERhdGEgU3lzdGVtcyBTLkEuMTUwMwYDVQQDDCxD
ZXJ0dW0gR2xvYmFsIFNlcnZpY2VzIENBIFZhbGlkYXRpb24gU2VydmljZTCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL5sc8vZ76cXSx9fFYYvgZn3sELU
Yo+eApcdsGL2spRT4LS6xgHYuTgWVgN+DP5PKTmkoS8ea0+oPq8xZG6aLcJSabxY
4N8W7wclp4ptw/7GdZnwQxzzyRlLhXh10+3iHFDuzOXzaimg8G/oNe0qr7yXlNjH
I/gBHj7PxYEwjGiFthMrD6c9FV60lDOJtoGu1z3uGPEyozuXF08F5r+/CgPBqYkC
G3IO7GxfYxrhBFcrw9WArEmdRoYclfGbgIiGJJvCjCGPNmgu/+n1S5g5aFmhrBOm
r1RhIvz1ZpPtB+95ON8PwU/wXX3D5+MmbNj14iR74Y89tEe2x/53w8aTpVkCAwEA
AaOBhzCBhDAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFEXFsoZOzN0pl+TdFMRu
rk24wXf4MB0GA1UdDgQWBBSTIl6EmkPlnsrqcKK+cCuU6CkaRzAOBgNVHQ8BAf8E
BAMCBsAwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDwYJKwYBBQUHMAEFBAIFADANBgkq
hkiG9w0BAQsFAAOCAQEAZabbmp7myq4TBuVc9NUzFWwRVexT+OdgWWUGYyIHeyFL
TcOZfmf5otqrfSDJ4dSRrNu+kVhHOg0z37EeVNgncy4xlpACwL2sD+PO0iH4bi66
UfbnhTGJHiAqcm43U3BQz2cjm+wbQ1bX0deWZXP+DH49C1P+RRNZb9svNVW3fP1b
+65l9yAs3FzJ15O9w9tWqnGwAkJ+3M2mgXtynFvv8VwndDiV6S962xB2xOZIJlJz
k7ExD8k2J5LwC0xtyS6G6wN3zxQmLTEO/URrpxNbCzC1N5+hAMzJFjQFALTrWxfT
AEUVZhSl+87gqBVyC+qFaCzye1uEs/LnPNPggpLMyg==
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIID9zCCAt+gAwIBAgIQTkDO2pCB8A7mnd2LPUgdUjANBgkqhkiG9w0BAQsFADB+
MQswCQYDVQQGEwJQTDEiMCAGA1UEChMZVW5pemV0byBUZWNobm9sb2dpZXMgUy5B
LjEnMCUGA1UECxMeQ2VydHVtIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MSIwIAYD
VQQDExlDZXJ0dW0gR2xvYmFsIFNlcnZpY2VzIENBMB4XDTE3MDMyMzA4MjQyMVoX
DTE4MDMyMzA4MjQyMVowZzELMAkGA1UEBhMCUEwxITAfBgNVBAoMGEFzc2VjbyBE
YXRhIFN5c3RlbXMgUy5BLjE1MDMGA1UEAwwsQ2VydHVtIEdsb2JhbCBTZXJ2aWNl
cyBDQSBWYWxpZGF0aW9uIFNlcnZpY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQC+bHPL2e+nF0sfXxWGL4GZ97BC1GKPngKXHbBi9rKUU+C0usYB2Lk4
FlYDfgz+Tyk5pKEvHmtPqD6vMWRumi3CUmm8WODfFu8HJaeKbcP+xnWZ8EMc88kZ
S4V4ddPt4hxQ7szl82opoPBv6DXtKq+8l5TYxyP4AR4+z8WBMIxohbYTKw+nPRVe
tJQzibaBrtc97hjxMqM7lxdPBea/vwoDwamJAhtyDuxsX2Ma4QRXK8PVgKxJnUaG
HJXxm4CIhiSbwowhjzZoLv/p9UuYOWhZoawTpq9UYSL89WaT7QfveTjfD8FP8F19
w+fjJmzY9eIke+GPPbRHtsf+d8PGk6VZAgMBAAGjgYcwgYQwDAYDVR0TAQH/BAIw
ADAfBgNVHSMEGDAWgBRFxbKGTszdKZfk3RTEbq5NuMF3+DAdBgNVHQ4EFgQUkyJe
hJpD5Z7K6nCivnArlOgpGkcwDgYDVR0PAQH/BAQDAgbAMBMGA1UdJQQMMAoGCCsG
AQUFBwMJMA8GCSsGAQUFBzABBQQCBQAwDQYJKoZIhvcNAQELBQADggEBAGWm25qe
5squEwblXPTVMxVsEVXsU/jnYFllBmMiB3shS03DmX5n+aLaq30gyeHUkazbvpFY
RzoNM9+xHlTYJ3MuMZaQAsC9rA/jztIh+G4uulH254UxiR4gKnJuN1NwUM9nI5vs
G0NW19HXlmVz/gx+PQtT/kUTWW/bLzVVt3z9W/uuZfcgLNxcydeTvcPbVqpxsAJC
ftzNpoF7cpxb7/FcJ3Q4lekvetsQdsTmSCZSc5OxMQ/JNieS8AtMbckuhusDd88U
Ji0xDv1Ea6cTWwswtTefoQDMyRY0BQC061sX0wBFFWYUpfvO4KgVcgvqhWgs8ntb
hLPy5zzT4IKSzMo=
-----END CERTIFICATE-----

Raw OCSP response headers

Content-Length: [1615]
Content-Transfer-Encoding: [binary]
Content-Type: [application/ocsp-response]
Date: [Sun, 30 Apr 2017 12:43:42 GMT]
Server: [NetDNA-cache/2.2]
X-Cache: [MISS]
X-Cached: [MISS]
  • OCSP requests is smaller than 255 bytes
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified cache header not set (RFC 5019, section 6.2)
  • Expires cache header not set (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)
This OCSP response was cached at
http://subca.ocsp-certum.com (POST)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://subca.ocsp-certum.com (POST)
Size: 1615 bytes (DER data)
Response time: 484.686171ms
Signature algorithm: SHA256WithRSA
Signature type: CA Deligated
Signed by: Certum Global Services CA Validation Service
Issued by: Certum Global Services CA
Signing certificate validity: 2017-03-23 - 2018-03-23
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:

Server and network information

Server Software: NetDNA-cache/2.2
Cache Information: MISS

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFEwTzBNMEswSTAJBgUrDgMCGgUABBTiZ82OZ/UHynitdD9ez09RxIhDVQQURcWy
hk7M3SmX5N0UxG6uTbjBd/gCECU5Zh9TfXtc6iyZnbY8CD4=
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIGSwoBAKCCBkQwggZABgkrBgEFBQcwAQEEggYxMIIGLTCCARSgAwIBAKFpMGcx
CzAJBgNVBAYTAlBMMSEwHwYDVQQKDBhBc3NlY28gRGF0YSBTeXN0ZW1zIFMuQS4x
NTAzBgNVBAMMLENlcnR1bSBHbG9iYWwgU2VydmljZXMgQ0EgVmFsaWRhdGlvbiBT
ZXJ2aWNlGA8yMDE3MDQzMDEyNDM0MlowcTBvMEcwBwYFKw4DAhoEFOJnzY5n9QfK
eK10P17PT1HEiENVBBRFxbKGTszdKZfk3RTEbq5NuMF3+AIQJTlmH1N9e1zqLJmd
tjwIPoAAGA8yMDE3MDQzMDEyNDM0MlqgERgPMjAxNzA1MDcxMjQzNDJaoR4wHDAa
BgkrBgEFBQcwAQQEDTALBgkrBgEFBQcwAQEwCwYJKoZIhvcNAQELA4IBAQATFBdH
D3L4DjqId9v0BSQ9tMw9QqMKlwABiXM+g+vQ97W3Y011WDBAXTgSoOzIqtaRzCYZ
qkf5WNQTZe383r5UhO2pzW831XwGCaU0oL+lutFe21lqYkNsm8jLK7WbwSWKYTMD
haEvsFrpLRUjv2WoCn5XF3LlEz5d/MvmcmGfU0XHr9S6zO4soqgfi0gJJIz27ZZQ
nvkNndH8Yt2pu9ZhapKCzDb2JUZ5U0v92roO7YTPNiosO+HridZuGE10HPahlxdE
8uGqYLYeAiPpAHuI9GGlSKK6lsGiB/Lkbt0zDXLK8gM3UbHLGKWBnugUho7t64I1
ZjJsAcb9ND+F0qJGoIID/zCCA/swggP3MIIC36ADAgECAhBOQM7akIHwDuad3Ys9
SB1SMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlBMMSIwIAYDVQQKExlVbml6
ZXRvIFRlY2hub2xvZ2llcyBTLkEuMScwJQYDVQQLEx5DZXJ0dW0gQ2VydGlmaWNh
dGlvbiBBdXRob3JpdHkxIjAgBgNVBAMTGUNlcnR1bSBHbG9iYWwgU2VydmljZXMg
Q0EwHhcNMTcwMzIzMDgyNDIxWhcNMTgwMzIzMDgyNDIxWjBnMQswCQYDVQQGEwJQ
TDEhMB8GA1UECgwYQXNzZWNvIERhdGEgU3lzdGVtcyBTLkEuMTUwMwYDVQQDDCxD
ZXJ0dW0gR2xvYmFsIFNlcnZpY2VzIENBIFZhbGlkYXRpb24gU2VydmljZTCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL5sc8vZ76cXSx9fFYYvgZn3sELU
Yo+eApcdsGL2spRT4LS6xgHYuTgWVgN+DP5PKTmkoS8ea0+oPq8xZG6aLcJSabxY
4N8W7wclp4ptw/7GdZnwQxzzyRlLhXh10+3iHFDuzOXzaimg8G/oNe0qr7yXlNjH
I/gBHj7PxYEwjGiFthMrD6c9FV60lDOJtoGu1z3uGPEyozuXF08F5r+/CgPBqYkC
G3IO7GxfYxrhBFcrw9WArEmdRoYclfGbgIiGJJvCjCGPNmgu/+n1S5g5aFmhrBOm
r1RhIvz1ZpPtB+95ON8PwU/wXX3D5+MmbNj14iR74Y89tEe2x/53w8aTpVkCAwEA
AaOBhzCBhDAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFEXFsoZOzN0pl+TdFMRu
rk24wXf4MB0GA1UdDgQWBBSTIl6EmkPlnsrqcKK+cCuU6CkaRzAOBgNVHQ8BAf8E
BAMCBsAwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDwYJKwYBBQUHMAEFBAIFADANBgkq
hkiG9w0BAQsFAAOCAQEAZabbmp7myq4TBuVc9NUzFWwRVexT+OdgWWUGYyIHeyFL
TcOZfmf5otqrfSDJ4dSRrNu+kVhHOg0z37EeVNgncy4xlpACwL2sD+PO0iH4bi66
UfbnhTGJHiAqcm43U3BQz2cjm+wbQ1bX0deWZXP+DH49C1P+RRNZb9svNVW3fP1b
+65l9yAs3FzJ15O9w9tWqnGwAkJ+3M2mgXtynFvv8VwndDiV6S962xB2xOZIJlJz
k7ExD8k2J5LwC0xtyS6G6wN3zxQmLTEO/URrpxNbCzC1N5+hAMzJFjQFALTrWxfT
AEUVZhSl+87gqBVyC+qFaCzye1uEs/LnPNPggpLMyg==
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIID9zCCAt+gAwIBAgIQTkDO2pCB8A7mnd2LPUgdUjANBgkqhkiG9w0BAQsFADB+
MQswCQYDVQQGEwJQTDEiMCAGA1UEChMZVW5pemV0byBUZWNobm9sb2dpZXMgUy5B
LjEnMCUGA1UECxMeQ2VydHVtIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MSIwIAYD
VQQDExlDZXJ0dW0gR2xvYmFsIFNlcnZpY2VzIENBMB4XDTE3MDMyMzA4MjQyMVoX
DTE4MDMyMzA4MjQyMVowZzELMAkGA1UEBhMCUEwxITAfBgNVBAoMGEFzc2VjbyBE
YXRhIFN5c3RlbXMgUy5BLjE1MDMGA1UEAwwsQ2VydHVtIEdsb2JhbCBTZXJ2aWNl
cyBDQSBWYWxpZGF0aW9uIFNlcnZpY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQC+bHPL2e+nF0sfXxWGL4GZ97BC1GKPngKXHbBi9rKUU+C0usYB2Lk4
FlYDfgz+Tyk5pKEvHmtPqD6vMWRumi3CUmm8WODfFu8HJaeKbcP+xnWZ8EMc88kZ
S4V4ddPt4hxQ7szl82opoPBv6DXtKq+8l5TYxyP4AR4+z8WBMIxohbYTKw+nPRVe
tJQzibaBrtc97hjxMqM7lxdPBea/vwoDwamJAhtyDuxsX2Ma4QRXK8PVgKxJnUaG
HJXxm4CIhiSbwowhjzZoLv/p9UuYOWhZoawTpq9UYSL89WaT7QfveTjfD8FP8F19
w+fjJmzY9eIke+GPPbRHtsf+d8PGk6VZAgMBAAGjgYcwgYQwDAYDVR0TAQH/BAIw
ADAfBgNVHSMEGDAWgBRFxbKGTszdKZfk3RTEbq5NuMF3+DAdBgNVHQ4EFgQUkyJe
hJpD5Z7K6nCivnArlOgpGkcwDgYDVR0PAQH/BAQDAgbAMBMGA1UdJQQMMAoGCCsG
AQUFBwMJMA8GCSsGAQUFBzABBQQCBQAwDQYJKoZIhvcNAQELBQADggEBAGWm25qe
5squEwblXPTVMxVsEVXsU/jnYFllBmMiB3shS03DmX5n+aLaq30gyeHUkazbvpFY
RzoNM9+xHlTYJ3MuMZaQAsC9rA/jztIh+G4uulH254UxiR4gKnJuN1NwUM9nI5vs
G0NW19HXlmVz/gx+PQtT/kUTWW/bLzVVt3z9W/uuZfcgLNxcydeTvcPbVqpxsAJC
ftzNpoF7cpxb7/FcJ3Q4lekvetsQdsTmSCZSc5OxMQ/JNieS8AtMbckuhusDd88U
Ji0xDv1Ea6cTWwswtTefoQDMyRY0BQC061sX0wBFFWYUpfvO4KgVcgvqhWgs8ntb
hLPy5zzT4IKSzMo=
-----END CERTIFICATE-----

Raw OCSP response headers

Content-Length: [1615]
Content-Transfer-Encoding: [binary]
Content-Type: [application/ocsp-response]
Date: [Sun, 30 Apr 2017 12:43:42 GMT]
Server: [NetDNA-cache/2.2]
X-Cache: [MISS]
X-Cached: [MISS]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified cache header not set (RFC 5019, section 6.2)
  • Expires cache header not set (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

Certum Global Services CA (CA Certificate)

Certificate details for Certum Global Services CA (At position 2 in certificate chain)
Serial number:
hex: c53c18bf8f3f9cc77306a9c6a13e84e7
int: 262169954935883303583790439389206578407
Issued by: Certum CA
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: Unizeto Technologies S.A.
Organization unit: Certum Certification Authority
Country: PL
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

Certificate Revocation List (CRL)

This CRL was cached at
http://crl.certum.pl/ca.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://crl.certum.pl/ca.crl
Size: 465 bytes (DER data)
Response time: 710.893802ms
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 2

Relevant server response headers

Date:
Last Modified:

Server and network information

Server Software: nginx

Raw CRL response headers

Accept-Ranges: [bytes]
Content-Length: [465]
Content-Type: [application/x-pkcs7-crl]
Date: [Sun, 30 Apr 2017 12:43:42 GMT]
Etag: ["30009-1d1-7b2e7ac0"]
Last-Modified: [Tue, 29 Nov 2016 12:10:59 GMT]
Server: [nginx]
X-Cached: [HIT]
  • Content-Type in response is set 'application/x-pkcs7-crl' and should be replaced with 'application/pkix-crl' (RFC 5280, section 4.2.1.13)
  • This CRL file is DER encoded
  • Issuer field is byte-for-byte equivalent with issuers subject
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is not the same as ThisUpdate (RFC 5019, section 6.2)
  • Expires cache header not set (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://subca.ocsp-certum.com (POST)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://subca.ocsp-certum.com (POST)
Size: 1657 bytes (DER data)
Response time: 477.399137ms
Signature algorithm: SHA256WithRSA
Signature type: CA Deligated
Signed by: Certum CA Validation Service
Issued by: Certum CA
Signing certificate validity: 2016-12-20 - 2018-01-20
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:

Server and network information

Server Software: NetDNA-cache/2.2
Cache Information: MISS

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFIwUDBOMEwwSjAJBgUrDgMCGgUABBR5iK7tYk9tqQEoeQhZNkKcAol9bgQUjEPE
y22YwaechGnr30oNYJY6w/sCEQDFPBi/jz+cx3MGqcahPoTn
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIGdQoBAKCCBm4wggZqBgkrBgEFBQcwAQEEggZbMIIGVzCCATCgAwIBAKGBgzCB
gDELMAkGA1UEBhMCUEwxITAfBgNVBAoMGEFzc2VjbyBEYXRhIFN5c3RlbXMgUy5B
LjEnMCUGA1UECwweQ2VydHVtIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MSUwIwYD
VQQDDBxDZXJ0dW0gQ0EgVmFsaWRhdGlvbiBTZXJ2aWNlGA8yMDE3MDQzMDEyNDM0
MlowcjBwMEgwBwYFKw4DAhoEFHmIru1iT22pASh5CFk2QpwCiX1uBBSMQ8TLbZjB
p5yEaevfSg1gljrD+wIRAMU8GL+PP5zHcwapxqE+hOeAABgPMjAxNzA0MzAxMjQz
NDJaoBEYDzIwMTcwNTA3MTI0MzQyWqEeMBwwGgYJKwYBBQUHMAEEBA0wCwYJKwYB
BQUHMAEBMAsGCSqGSIb3DQEBCwOCAQEAh3Qigq8LVjYX8rqos6fNWq0l/XKIvzYS
ppUCQuk1K4YHYMETuFNysmnTZUwM/uzFwcpgN0cBrkItZL2v11W+zzoRkFxhJupt
HPxIjGRlrywIgRGVRfmU4A2YfETH8H/5b13WfZfKA6H6PuNX/ZYmNe8UYcHccqPG
X9kXNZan+l4e/oPtHzPbUI97Oym0QbVUWUJ0MZ/k+FhlOrmnD0THMTuN2JhcnGx6
hiMgQMy9/v/s20mwsolmB/kELu9g3DhHmfS6K2+zbC/+SUsLgUJOt70YxTk/xMYj
bOFX2UnuqyOfWjTnq0CmvGrPSQHYvQPcG5juIJe/iu8ryEAUjJmtC6CCBA0wggQJ
MIIEBTCCAu2gAwIBAgIRAO+Phwnd4LSd4CM9WHL2llEwDQYJKoZIhvcNAQELBQAw
PjELMAkGA1UEBhMCUEwxGzAZBgNVBAoTElVuaXpldG8gU3AuIHogby5vLjESMBAG
A1UEAxMJQ2VydHVtIENBMB4XDTE2MTIyMDEwMTgzNloXDTE4MDEyMDEwMTgzNlow
gYAxCzAJBgNVBAYTAlBMMSEwHwYDVQQKDBhBc3NlY28gRGF0YSBTeXN0ZW1zIFMu
QS4xJzAlBgNVBAsMHkNlcnR1bSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTElMCMG
A1UEAwwcQ2VydHVtIENBIFZhbGlkYXRpb24gU2VydmljZTCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBALjxMxTAPsfM5fv81V17NxECXOLchyR2bB7pnMfH
VpGl5gK5mFTSxYotizrM7MYW3HkDuieDlIJYB+p9G2ZBXIKe5ZJflFV4bDbDdGkr
JbZTU9bCI7UrWrI1G0ciBZZTl/0YqdApUb6OEiGq1VDklsTLfjDdhDMykqSnQm1k
qgaJJb8y+pb2RNkM5ci7SuG/FwOi1xK5hjav5IYETwx10Lx2bcVsG6RWoyfGTAs0
yQNfnBqT9lywZUu8sNlNSdJGqTtI0Du7vCWqzLVLWuGY5Eg7ZSClnTnIMr/DQbVi
l67+2dyHRrNUq9feX73vjxfYubKxRFkym/aaMlojTMJEMCkCAwEAAaOBujCBtzAM
BgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSRTOhvaI/2EhkbMhqTka0Dx3ypPTBSBgNV
HSMESzBJoUKkQDA+MQswCQYDVQQGEwJQTDEbMBkGA1UEChMSVW5pemV0byBTcC4g
eiBvLm8uMRIwEAYDVQQDEwlDZXJ0dW0gQ0GCAwEAIDAOBgNVHQ8BAf8EBAMCBsAw
EwYDVR0lBAwwCgYIKwYBBQUHAwkwDwYJKwYBBQUHMAEFBAIFADANBgkqhkiG9w0B
AQsFAAOCAQEALAnDB8ofRBXfrSyFY6LDHDykf4q0Hg8R8ffx8wDfGkcFjH5VdWfH
tdgC/HE2KdBnJqqYrCKlCaGdQuvxa72rF3ubKPRTysilKzXymLd47T4G5NuswLJL
E2tz56Cinn9Ty+gNXVKcsPcG1O1uodvZtXH5WbRpPqUHbcl9HQ6ox9DTG9GTkGK7
8TmAradm0E9f6LdT+O8MPjE58Htxf1j7ag/MHx/YAOKVyrkzYBt+bZp3QP7JmHPH
eZy+3lAPP3QxRRD+3vnPSvaP2Xy258KTU09AevKHtUFUClIDhX+00cVfQ+Apz/Qc
w94al365dkfS05J596wNu4Tt6Dk7n83W6w==
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIEBTCCAu2gAwIBAgIRAO+Phwnd4LSd4CM9WHL2llEwDQYJKoZIhvcNAQELBQAw
PjELMAkGA1UEBhMCUEwxGzAZBgNVBAoTElVuaXpldG8gU3AuIHogby5vLjESMBAG
A1UEAxMJQ2VydHVtIENBMB4XDTE2MTIyMDEwMTgzNloXDTE4MDEyMDEwMTgzNlow
gYAxCzAJBgNVBAYTAlBMMSEwHwYDVQQKDBhBc3NlY28gRGF0YSBTeXN0ZW1zIFMu
QS4xJzAlBgNVBAsMHkNlcnR1bSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTElMCMG
A1UEAwwcQ2VydHVtIENBIFZhbGlkYXRpb24gU2VydmljZTCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBALjxMxTAPsfM5fv81V17NxECXOLchyR2bB7pnMfH
VpGl5gK5mFTSxYotizrM7MYW3HkDuieDlIJYB+p9G2ZBXIKe5ZJflFV4bDbDdGkr
JbZTU9bCI7UrWrI1G0ciBZZTl/0YqdApUb6OEiGq1VDklsTLfjDdhDMykqSnQm1k
qgaJJb8y+pb2RNkM5ci7SuG/FwOi1xK5hjav5IYETwx10Lx2bcVsG6RWoyfGTAs0
yQNfnBqT9lywZUu8sNlNSdJGqTtI0Du7vCWqzLVLWuGY5Eg7ZSClnTnIMr/DQbVi
l67+2dyHRrNUq9feX73vjxfYubKxRFkym/aaMlojTMJEMCkCAwEAAaOBujCBtzAM
BgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSRTOhvaI/2EhkbMhqTka0Dx3ypPTBSBgNV
HSMESzBJoUKkQDA+MQswCQYDVQQGEwJQTDEbMBkGA1UEChMSVW5pemV0byBTcC4g
eiBvLm8uMRIwEAYDVQQDEwlDZXJ0dW0gQ0GCAwEAIDAOBgNVHQ8BAf8EBAMCBsAw
EwYDVR0lBAwwCgYIKwYBBQUHAwkwDwYJKwYBBQUHMAEFBAIFADANBgkqhkiG9w0B
AQsFAAOCAQEALAnDB8ofRBXfrSyFY6LDHDykf4q0Hg8R8ffx8wDfGkcFjH5VdWfH
tdgC/HE2KdBnJqqYrCKlCaGdQuvxa72rF3ubKPRTysilKzXymLd47T4G5NuswLJL
E2tz56Cinn9Ty+gNXVKcsPcG1O1uodvZtXH5WbRpPqUHbcl9HQ6ox9DTG9GTkGK7
8TmAradm0E9f6LdT+O8MPjE58Htxf1j7ag/MHx/YAOKVyrkzYBt+bZp3QP7JmHPH
eZy+3lAPP3QxRRD+3vnPSvaP2Xy258KTU09AevKHtUFUClIDhX+00cVfQ+Apz/Qc
w94al365dkfS05J596wNu4Tt6Dk7n83W6w==
-----END CERTIFICATE-----

Raw OCSP response headers

Content-Length: [1657]
Content-Transfer-Encoding: [binary]
Content-Type: [application/ocsp-response]
Date: [Sun, 30 Apr 2017 12:43:42 GMT]
Server: [NetDNA-cache/2.2]
X-Cache: [MISS]
X-Cached: [MISS]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified cache header not set (RFC 5019, section 6.2)
  • Expires cache header not set (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)
This OCSP response was cached at
http://subca.ocsp-certum.com (GET)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://subca.ocsp-certum.com (GET)
Size: 1657 bytes (DER data)
Response time: 485.725189ms
Signature algorithm: SHA256WithRSA
Signature type: CA Deligated
Signed by: Certum CA Validation Service
Issued by: Certum CA
Signing certificate validity: 2016-12-20 - 2018-01-20
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:

Server and network information

Server Software: NetDNA-cache/2.2
Cache Information: EXPIRED

URL used for GET request

http:/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBR5iK7tYk9tqQEoeQhZNkKcAol9bgQUjEPEy22YwaechGnr30oNYJY6w%2FsCEQDFPBi%2Fjz%2Bcx3MGqcahPoTn

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFIwUDBOMEwwSjAJBgUrDgMCGgUABBR5iK7tYk9tqQEoeQhZNkKcAol9bgQUjEPE
y22YwaechGnr30oNYJY6w/sCEQDFPBi/jz+cx3MGqcahPoTn
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIGdQoBAKCCBm4wggZqBgkrBgEFBQcwAQEEggZbMIIGVzCCATCgAwIBAKGBgzCB
gDELMAkGA1UEBhMCUEwxITAfBgNVBAoMGEFzc2VjbyBEYXRhIFN5c3RlbXMgUy5B
LjEnMCUGA1UECwweQ2VydHVtIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MSUwIwYD
VQQDDBxDZXJ0dW0gQ0EgVmFsaWRhdGlvbiBTZXJ2aWNlGA8yMDE3MDQzMDEyNDM0
MlowcjBwMEgwBwYFKw4DAhoEFHmIru1iT22pASh5CFk2QpwCiX1uBBSMQ8TLbZjB
p5yEaevfSg1gljrD+wIRAMU8GL+PP5zHcwapxqE+hOeAABgPMjAxNzA0MzAxMjQz
NDJaoBEYDzIwMTcwNTA3MTI0MzQyWqEeMBwwGgYJKwYBBQUHMAEEBA0wCwYJKwYB
BQUHMAEBMAsGCSqGSIb3DQEBCwOCAQEAh3Qigq8LVjYX8rqos6fNWq0l/XKIvzYS
ppUCQuk1K4YHYMETuFNysmnTZUwM/uzFwcpgN0cBrkItZL2v11W+zzoRkFxhJupt
HPxIjGRlrywIgRGVRfmU4A2YfETH8H/5b13WfZfKA6H6PuNX/ZYmNe8UYcHccqPG
X9kXNZan+l4e/oPtHzPbUI97Oym0QbVUWUJ0MZ/k+FhlOrmnD0THMTuN2JhcnGx6
hiMgQMy9/v/s20mwsolmB/kELu9g3DhHmfS6K2+zbC/+SUsLgUJOt70YxTk/xMYj
bOFX2UnuqyOfWjTnq0CmvGrPSQHYvQPcG5juIJe/iu8ryEAUjJmtC6CCBA0wggQJ
MIIEBTCCAu2gAwIBAgIRAO+Phwnd4LSd4CM9WHL2llEwDQYJKoZIhvcNAQELBQAw
PjELMAkGA1UEBhMCUEwxGzAZBgNVBAoTElVuaXpldG8gU3AuIHogby5vLjESMBAG
A1UEAxMJQ2VydHVtIENBMB4XDTE2MTIyMDEwMTgzNloXDTE4MDEyMDEwMTgzNlow
gYAxCzAJBgNVBAYTAlBMMSEwHwYDVQQKDBhBc3NlY28gRGF0YSBTeXN0ZW1zIFMu
QS4xJzAlBgNVBAsMHkNlcnR1bSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTElMCMG
A1UEAwwcQ2VydHVtIENBIFZhbGlkYXRpb24gU2VydmljZTCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBALjxMxTAPsfM5fv81V17NxECXOLchyR2bB7pnMfH
VpGl5gK5mFTSxYotizrM7MYW3HkDuieDlIJYB+p9G2ZBXIKe5ZJflFV4bDbDdGkr
JbZTU9bCI7UrWrI1G0ciBZZTl/0YqdApUb6OEiGq1VDklsTLfjDdhDMykqSnQm1k
qgaJJb8y+pb2RNkM5ci7SuG/FwOi1xK5hjav5IYETwx10Lx2bcVsG6RWoyfGTAs0
yQNfnBqT9lywZUu8sNlNSdJGqTtI0Du7vCWqzLVLWuGY5Eg7ZSClnTnIMr/DQbVi
l67+2dyHRrNUq9feX73vjxfYubKxRFkym/aaMlojTMJEMCkCAwEAAaOBujCBtzAM
BgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSRTOhvaI/2EhkbMhqTka0Dx3ypPTBSBgNV
HSMESzBJoUKkQDA+MQswCQYDVQQGEwJQTDEbMBkGA1UEChMSVW5pemV0byBTcC4g
eiBvLm8uMRIwEAYDVQQDEwlDZXJ0dW0gQ0GCAwEAIDAOBgNVHQ8BAf8EBAMCBsAw
EwYDVR0lBAwwCgYIKwYBBQUHAwkwDwYJKwYBBQUHMAEFBAIFADANBgkqhkiG9w0B
AQsFAAOCAQEALAnDB8ofRBXfrSyFY6LDHDykf4q0Hg8R8ffx8wDfGkcFjH5VdWfH
tdgC/HE2KdBnJqqYrCKlCaGdQuvxa72rF3ubKPRTysilKzXymLd47T4G5NuswLJL
E2tz56Cinn9Ty+gNXVKcsPcG1O1uodvZtXH5WbRpPqUHbcl9HQ6ox9DTG9GTkGK7
8TmAradm0E9f6LdT+O8MPjE58Htxf1j7ag/MHx/YAOKVyrkzYBt+bZp3QP7JmHPH
eZy+3lAPP3QxRRD+3vnPSvaP2Xy258KTU09AevKHtUFUClIDhX+00cVfQ+Apz/Qc
w94al365dkfS05J596wNu4Tt6Dk7n83W6w==
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIEBTCCAu2gAwIBAgIRAO+Phwnd4LSd4CM9WHL2llEwDQYJKoZIhvcNAQELBQAw
PjELMAkGA1UEBhMCUEwxGzAZBgNVBAoTElVuaXpldG8gU3AuIHogby5vLjESMBAG
A1UEAxMJQ2VydHVtIENBMB4XDTE2MTIyMDEwMTgzNloXDTE4MDEyMDEwMTgzNlow
gYAxCzAJBgNVBAYTAlBMMSEwHwYDVQQKDBhBc3NlY28gRGF0YSBTeXN0ZW1zIFMu
QS4xJzAlBgNVBAsMHkNlcnR1bSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTElMCMG
A1UEAwwcQ2VydHVtIENBIFZhbGlkYXRpb24gU2VydmljZTCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBALjxMxTAPsfM5fv81V17NxECXOLchyR2bB7pnMfH
VpGl5gK5mFTSxYotizrM7MYW3HkDuieDlIJYB+p9G2ZBXIKe5ZJflFV4bDbDdGkr
JbZTU9bCI7UrWrI1G0ciBZZTl/0YqdApUb6OEiGq1VDklsTLfjDdhDMykqSnQm1k
qgaJJb8y+pb2RNkM5ci7SuG/FwOi1xK5hjav5IYETwx10Lx2bcVsG6RWoyfGTAs0
yQNfnBqT9lywZUu8sNlNSdJGqTtI0Du7vCWqzLVLWuGY5Eg7ZSClnTnIMr/DQbVi
l67+2dyHRrNUq9feX73vjxfYubKxRFkym/aaMlojTMJEMCkCAwEAAaOBujCBtzAM
BgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSRTOhvaI/2EhkbMhqTka0Dx3ypPTBSBgNV
HSMESzBJoUKkQDA+MQswCQYDVQQGEwJQTDEbMBkGA1UEChMSVW5pemV0byBTcC4g
eiBvLm8uMRIwEAYDVQQDEwlDZXJ0dW0gQ0GCAwEAIDAOBgNVHQ8BAf8EBAMCBsAw
EwYDVR0lBAwwCgYIKwYBBQUHAwkwDwYJKwYBBQUHMAEFBAIFADANBgkqhkiG9w0B
AQsFAAOCAQEALAnDB8ofRBXfrSyFY6LDHDykf4q0Hg8R8ffx8wDfGkcFjH5VdWfH
tdgC/HE2KdBnJqqYrCKlCaGdQuvxa72rF3ubKPRTysilKzXymLd47T4G5NuswLJL
E2tz56Cinn9Ty+gNXVKcsPcG1O1uodvZtXH5WbRpPqUHbcl9HQ6ox9DTG9GTkGK7
8TmAradm0E9f6LdT+O8MPjE58Htxf1j7ag/MHx/YAOKVyrkzYBt+bZp3QP7JmHPH
eZy+3lAPP3QxRRD+3vnPSvaP2Xy258KTU09AevKHtUFUClIDhX+00cVfQ+Apz/Qc
w94al365dkfS05J596wNu4Tt6Dk7n83W6w==
-----END CERTIFICATE-----

Raw OCSP response headers

Content-Length: [1657]
Content-Transfer-Encoding: [binary]
Content-Type: [application/ocsp-response]
Date: [Sun, 30 Apr 2017 12:43:42 GMT]
Server: [NetDNA-cache/2.2]
X-Cache: [EXPIRED]
X-Cached: [MISS]
  • OCSP requests is smaller than 255 bytes
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified cache header not set (RFC 5019, section 6.2)
  • Expires cache header not set (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

Certum CA (CA Certificate)

Certificate details for Certum CA (At position 3 in certificate chain)
Serial number:
hex: 10020
int: 65568
Issued by: Certum CA
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: Unizeto Sp. z o.o.
Country: PL
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

This is a self signed certificate

Check the revocation status for another website

Created by Paul van Brouwershaven
Revoked certificates can't and should not be trusted, these certificate will cause errors like "NET::ERR_CERT_REVOKED" in browsers.