CRL & OCSP report for www.poradte.cz

www.poradte.cz

Certificate details for www.poradte.cz (At position 0 in certificate chain)
Serial number:
hex: 161bebc33025125dea3431405d887d48
int: 29387989753097235435719900015215803720
Issued by: SpaceSSL CA
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Country: CZ
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

Check certificate compliance for www.poradte.cz.

Certificate Revocation List (CRL)

This CRL was cached at
http://crl.spacessl.com/spacesslca.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://crl.spacessl.com/spacesslca.crl
Size: 576 bytes (DER data)
Response time: 1.143248882s
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 1

Relevant server response headers

Date:
Last Modified:

Server and network information

Server Software: Apache

Raw CRL response headers

Accept-Ranges: [bytes]
Content-Length: [576]
Content-Type: [application/x-pkcs7-crl]
Date: [Sun, 25 Jun 2017 22:40:50 GMT]
Etag: ["30024-240-a9323840"]
Last-Modified: [Sun, 25 Jun 2017 18:04:09 GMT]
Server: [Apache]
  • Content-Type in response is set 'application/x-pkcs7-crl' and should be replaced with 'application/pkix-crl' (RFC 5280, section 4.2.1.13)
  • This CRL file is DER encoded
  • Issuer field should be byte-for-byte equivalent with issuers subject
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than seven days old, CRLs must be updated and reissued at least every seven days (Mozilla Maintenance Policy section 3)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is not the same as ThisUpdate (RFC 5019, section 6.2)
  • Expires cache header not set (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://ocsp.spacessl.com (GET)Unknown

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp.spacessl.com (GET)
Size: 1555 bytes (DER data)
Response time: 1.169386048s
Signature algorithm: SHA256WithRSA
Signature type: CA Delegated
Signed by: SpaceSSL CA Validation Service
Issued by: SpaceSSL CA
Signing certificate validity: 2017-03-23 - 2018-03-23
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Produced at:
Status: Unknown

Relevant server response headers

Date:

Server and network information

Server Software: NetDNA-cache/2.2
Cache Information: MISS

URL used for GET request

http://ocsp.spacessl.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBToZZYuo6%2BR0zOUim3QMe7fFkHwZwQU76xp11xRXXt2APD4mbQrzBmEDYkCEBYb68MwJRJd6jQxQF2IfUg%3D

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFEwTzBNMEswSTAJBgUrDgMCGgUABBToZZYuo6+R0zOUim3QMe7fFkHwZwQU76xp
11xRXXt2APD4mbQrzBmEDYkCEBYb68MwJRJd6jQxQF2IfUg=
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIGDwoBAKCCBggwggYEBgkrBgEFBQcwAQEEggX1MIIF8TCB86ADAgEAoVswWTEL
MAkGA1UEBhMCUEwxITAfBgNVBAoMGEFzc2VjbyBEYXRhIFN5c3RlbXMgUy5BLjEn
MCUGA1UEAwweU3BhY2VTU0wgQ0EgVmFsaWRhdGlvbiBTZXJ2aWNlGA8yMDE3MDYy
NTIyNDA1MFowXjBcMEcwBwYFKw4DAhoEFOhlli6jr5HTM5SKbdAx7t8WQfBnBBTv
rGnXXFFde3YA8PiZtCvMGYQNiQIQFhvrwzAlEl3qNDFAXYh9SIIAGA8yMDE3MDYy
NTIyNDA1MFqhHjAcMBoGCSsGAQUFBzABBAQNMAsGCSsGAQUFBzABATALBgkqhkiG
9w0BAQsDggEBAHjfHILggroDFlYe3WoEZtCVNsWoJZ9m+67pS0X1lvd0qFAJ+b4S
6WuDi43is+FMEh/eig+BzPT0TRGe04HE5bBw1iY0NNTh4/ag0Q4Irfo9DI/Mugm4
CBsrWH08KyR1gjGDqFmBmnDfgZxW0jV8AX6X9YXtsrvJR8jPRi+5DLpZNvlLuzAp
G81zyECfC3bzXEwfekWWXy5rUWShOoVYVGybF5P/R80C7HBPl1TTEY5efHrpRFgT
FLtK8wquXcTJFAa5HFAWUoF9PN0gpS929ZGK/ySRFNCd1dacoO/AXh8aVeuUxvW7
ldnFCtmG2MJcE1SkWh+X/dLjJ9eT5LT8kj+gggPlMIID4TCCA90wggLFoAMCAQIC
EGUj6kv/n8KQj1Cm60nukGowDQYJKoZIhvcNAQELBQAwcjELMAkGA1UEBhMCUEwx
IjAgBgNVBAoMGVVuaXpldG8gVGVjaG5vbG9naWVzIFMuQS4xKTAnBgNVBAsMIFNw
YWNlU1NMIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRQwEgYDVQQDDAtTcGFjZVNT
TCBDQTAeFw0xNzAzMjMwODI2MTVaFw0xODAzMjMwODI2MTVaMFkxCzAJBgNVBAYT
AlBMMSEwHwYDVQQKDBhBc3NlY28gRGF0YSBTeXN0ZW1zIFMuQS4xJzAlBgNVBAMM
HlNwYWNlU1NMIENBIFZhbGlkYXRpb24gU2VydmljZTCCASIwDQYJKoZIhvcNAQEB
BQADggEPADCCAQoCggEBALUxQlLspQCA6XzoxNOtOM27Aw9IR5o1WDnF8nWeJO4H
EjwzAQNSqLHtwfaZgSpeHS+aDfcdHc3TzrdisgRordxGzr0/fsl7h2BxfNNtwVEk
0Jj3MYWo3KFJ8yDCtE9dbP0gQKVUoc75PG3UAHEPcb5iJ8KaecIfktcTNWJiJZA1
a2FiRQja9fyzbpkz2BHeeBbuq3MfA4hsLdzojzAZ2PFATXtPGsLSJ3mxRODcvAKj
TXRPOPRlkeftPL2DcgI8TMWGoA2mSYSLM1OgKjj4W1eIaWzrOqDilR7wBn4twteT
qecndsTkBIR+Q/XHqAp74RtqmBJsgREB+mSi+JOOv4kCAwEAAaOBhzCBhDAMBgNV
HRMBAf8EAjAAMB8GA1UdIwQYMBaAFO+saddcUV17dgDw+Jm0K8wZhA2JMB0GA1Ud
DgQWBBQZv77FPVD/SxHiqaZOMQ/y8OpFMzAOBgNVHQ8BAf8EBAMCBsAwEwYDVR0l
BAwwCgYIKwYBBQUHAwkwDwYJKwYBBQUHMAEFBAIFADANBgkqhkiG9w0BAQsFAAOC
AQEAhLRTcQ8+sXkCgr7dIKBP0RfzEvkNsoC/JhCsDbYMdm34H6dmrazpv2k8tZiA
xJlj4B25fbX6uOYetZRnawDvWn5QUtg13FuVhN40xwaxujsOqxichHdZ0A3qsHy8
OYsVX9hrDqu5and3wjEJUNMqPll41i+95BT75wlRNUxPRBE6gEAHzOYHznhxpy6f
/0o+8o5uGsf8vWUULw/Sl6eJT2kAZreElB7gkWuizAku05w5uv7mAzMaWPjpo6o6
t6AkAUei1cMt7reptbXV4bhxISg+8DPH7s7Gb8j5z300fagePEcONjrbutfGePnf
cqlHbGy6vJaVGeBI81fBD3nwYw==
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIID3TCCAsWgAwIBAgIQZSPqS/+fwpCPUKbrSe6QajANBgkqhkiG9w0BAQsFADBy
MQswCQYDVQQGEwJQTDEiMCAGA1UECgwZVW5pemV0byBUZWNobm9sb2dpZXMgUy5B
LjEpMCcGA1UECwwgU3BhY2VTU0wgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxFDAS
BgNVBAMMC1NwYWNlU1NMIENBMB4XDTE3MDMyMzA4MjYxNVoXDTE4MDMyMzA4MjYx
NVowWTELMAkGA1UEBhMCUEwxITAfBgNVBAoMGEFzc2VjbyBEYXRhIFN5c3RlbXMg
Uy5BLjEnMCUGA1UEAwweU3BhY2VTU0wgQ0EgVmFsaWRhdGlvbiBTZXJ2aWNlMIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtTFCUuylAIDpfOjE0604zbsD
D0hHmjVYOcXydZ4k7gcSPDMBA1Kose3B9pmBKl4dL5oN9x0dzdPOt2KyBGit3EbO
vT9+yXuHYHF8023BUSTQmPcxhajcoUnzIMK0T11s/SBApVShzvk8bdQAcQ9xvmIn
wpp5wh+S1xM1YmIlkDVrYWJFCNr1/LNumTPYEd54Fu6rcx8DiGwt3OiPMBnY8UBN
e08awtInebFE4Ny8AqNNdE849GWR5+08vYNyAjxMxYagDaZJhIszU6AqOPhbV4hp
bOs6oOKVHvAGfi3C15Op5yd2xOQEhH5D9ceoCnvhG2qYEmyBEQH6ZKL4k46/iQID
AQABo4GHMIGEMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAU76xp11xRXXt2APD4
mbQrzBmEDYkwHQYDVR0OBBYEFBm/vsU9UP9LEeKppk4xD/Lw6kUzMA4GA1UdDwEB
/wQEAwIGwDATBgNVHSUEDDAKBggrBgEFBQcDCTAPBgkrBgEFBQcwAQUEAgUAMA0G
CSqGSIb3DQEBCwUAA4IBAQCEtFNxDz6xeQKCvt0goE/RF/MS+Q2ygL8mEKwNtgx2
bfgfp2atrOm/aTy1mIDEmWPgHbl9tfq45h61lGdrAO9aflBS2DXcW5WE3jTHBrG6
Ow6rGJyEd1nQDeqwfLw5ixVf2GsOq7lqd3fCMQlQ0yo+WXjWL73kFPvnCVE1TE9E
ETqAQAfM5gfOeHGnLp//Sj7yjm4ax/y9ZRQvD9KXp4lPaQBmt4SUHuCRa6LMCS7T
nDm6/uYDMxpY+Omjqjq3oCQBR6LVwy3ut6m1tdXhuHEhKD7wM8fuzsZvyPnPfTR9
qB48Rw42Otu618Z4+d9yqUdsbLq8lpUZ4EjzV8EPefBj
-----END CERTIFICATE-----

Raw OCSP response headers

Content-Length: [1555]
Content-Transfer-Encoding: [binary]
Content-Type: [application/ocsp-response]
Date: [Sun, 25 Jun 2017 22:40:50 GMT]
Server: [NetDNA-cache/2.2]
X-Cache: [MISS]
X-Cached: [MISS]
  • OCSP requests is smaller than 255 bytes
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • OCSP response must be valid for at least 8 hours (Microsoft)
  • OCSP response must be available at least 8 hours before the current period expires or at ½ the validity if valid for more than 16 hours (Microsoft)
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • Last-Modified cache header not set (RFC 5019, section 6.2)
  • NextUpdate not set (RFC 5019, section 2.2.4)
This OCSP response was cached at
http://ocsp.spacessl.com (POST)Unknown

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp.spacessl.com (POST)
Size: 1555 bytes (DER data)
Response time: 1.419711304s
Signature algorithm: SHA256WithRSA
Signature type: CA Delegated
Signed by: SpaceSSL CA Validation Service
Issued by: SpaceSSL CA
Signing certificate validity: 2017-03-23 - 2018-03-23
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Produced at:
Status: Unknown

Relevant server response headers

Date:

Server and network information

Server Software: NetDNA-cache/2.2
Cache Information: MISS

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFEwTzBNMEswSTAJBgUrDgMCGgUABBToZZYuo6+R0zOUim3QMe7fFkHwZwQU76xp
11xRXXt2APD4mbQrzBmEDYkCEBYb68MwJRJd6jQxQF2IfUg=
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIGDwoBAKCCBggwggYEBgkrBgEFBQcwAQEEggX1MIIF8TCB86ADAgEAoVswWTEL
MAkGA1UEBhMCUEwxITAfBgNVBAoMGEFzc2VjbyBEYXRhIFN5c3RlbXMgUy5BLjEn
MCUGA1UEAwweU3BhY2VTU0wgQ0EgVmFsaWRhdGlvbiBTZXJ2aWNlGA8yMDE3MDYy
NTIyNDA1MFowXjBcMEcwBwYFKw4DAhoEFOhlli6jr5HTM5SKbdAx7t8WQfBnBBTv
rGnXXFFde3YA8PiZtCvMGYQNiQIQFhvrwzAlEl3qNDFAXYh9SIIAGA8yMDE3MDYy
NTIyNDA1MFqhHjAcMBoGCSsGAQUFBzABBAQNMAsGCSsGAQUFBzABATALBgkqhkiG
9w0BAQsDggEBAHjfHILggroDFlYe3WoEZtCVNsWoJZ9m+67pS0X1lvd0qFAJ+b4S
6WuDi43is+FMEh/eig+BzPT0TRGe04HE5bBw1iY0NNTh4/ag0Q4Irfo9DI/Mugm4
CBsrWH08KyR1gjGDqFmBmnDfgZxW0jV8AX6X9YXtsrvJR8jPRi+5DLpZNvlLuzAp
G81zyECfC3bzXEwfekWWXy5rUWShOoVYVGybF5P/R80C7HBPl1TTEY5efHrpRFgT
FLtK8wquXcTJFAa5HFAWUoF9PN0gpS929ZGK/ySRFNCd1dacoO/AXh8aVeuUxvW7
ldnFCtmG2MJcE1SkWh+X/dLjJ9eT5LT8kj+gggPlMIID4TCCA90wggLFoAMCAQIC
EGUj6kv/n8KQj1Cm60nukGowDQYJKoZIhvcNAQELBQAwcjELMAkGA1UEBhMCUEwx
IjAgBgNVBAoMGVVuaXpldG8gVGVjaG5vbG9naWVzIFMuQS4xKTAnBgNVBAsMIFNw
YWNlU1NMIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRQwEgYDVQQDDAtTcGFjZVNT
TCBDQTAeFw0xNzAzMjMwODI2MTVaFw0xODAzMjMwODI2MTVaMFkxCzAJBgNVBAYT
AlBMMSEwHwYDVQQKDBhBc3NlY28gRGF0YSBTeXN0ZW1zIFMuQS4xJzAlBgNVBAMM
HlNwYWNlU1NMIENBIFZhbGlkYXRpb24gU2VydmljZTCCASIwDQYJKoZIhvcNAQEB
BQADggEPADCCAQoCggEBALUxQlLspQCA6XzoxNOtOM27Aw9IR5o1WDnF8nWeJO4H
EjwzAQNSqLHtwfaZgSpeHS+aDfcdHc3TzrdisgRordxGzr0/fsl7h2BxfNNtwVEk
0Jj3MYWo3KFJ8yDCtE9dbP0gQKVUoc75PG3UAHEPcb5iJ8KaecIfktcTNWJiJZA1
a2FiRQja9fyzbpkz2BHeeBbuq3MfA4hsLdzojzAZ2PFATXtPGsLSJ3mxRODcvAKj
TXRPOPRlkeftPL2DcgI8TMWGoA2mSYSLM1OgKjj4W1eIaWzrOqDilR7wBn4twteT
qecndsTkBIR+Q/XHqAp74RtqmBJsgREB+mSi+JOOv4kCAwEAAaOBhzCBhDAMBgNV
HRMBAf8EAjAAMB8GA1UdIwQYMBaAFO+saddcUV17dgDw+Jm0K8wZhA2JMB0GA1Ud
DgQWBBQZv77FPVD/SxHiqaZOMQ/y8OpFMzAOBgNVHQ8BAf8EBAMCBsAwEwYDVR0l
BAwwCgYIKwYBBQUHAwkwDwYJKwYBBQUHMAEFBAIFADANBgkqhkiG9w0BAQsFAAOC
AQEAhLRTcQ8+sXkCgr7dIKBP0RfzEvkNsoC/JhCsDbYMdm34H6dmrazpv2k8tZiA
xJlj4B25fbX6uOYetZRnawDvWn5QUtg13FuVhN40xwaxujsOqxichHdZ0A3qsHy8
OYsVX9hrDqu5and3wjEJUNMqPll41i+95BT75wlRNUxPRBE6gEAHzOYHznhxpy6f
/0o+8o5uGsf8vWUULw/Sl6eJT2kAZreElB7gkWuizAku05w5uv7mAzMaWPjpo6o6
t6AkAUei1cMt7reptbXV4bhxISg+8DPH7s7Gb8j5z300fagePEcONjrbutfGePnf
cqlHbGy6vJaVGeBI81fBD3nwYw==
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIID3TCCAsWgAwIBAgIQZSPqS/+fwpCPUKbrSe6QajANBgkqhkiG9w0BAQsFADBy
MQswCQYDVQQGEwJQTDEiMCAGA1UECgwZVW5pemV0byBUZWNobm9sb2dpZXMgUy5B
LjEpMCcGA1UECwwgU3BhY2VTU0wgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxFDAS
BgNVBAMMC1NwYWNlU1NMIENBMB4XDTE3MDMyMzA4MjYxNVoXDTE4MDMyMzA4MjYx
NVowWTELMAkGA1UEBhMCUEwxITAfBgNVBAoMGEFzc2VjbyBEYXRhIFN5c3RlbXMg
Uy5BLjEnMCUGA1UEAwweU3BhY2VTU0wgQ0EgVmFsaWRhdGlvbiBTZXJ2aWNlMIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtTFCUuylAIDpfOjE0604zbsD
D0hHmjVYOcXydZ4k7gcSPDMBA1Kose3B9pmBKl4dL5oN9x0dzdPOt2KyBGit3EbO
vT9+yXuHYHF8023BUSTQmPcxhajcoUnzIMK0T11s/SBApVShzvk8bdQAcQ9xvmIn
wpp5wh+S1xM1YmIlkDVrYWJFCNr1/LNumTPYEd54Fu6rcx8DiGwt3OiPMBnY8UBN
e08awtInebFE4Ny8AqNNdE849GWR5+08vYNyAjxMxYagDaZJhIszU6AqOPhbV4hp
bOs6oOKVHvAGfi3C15Op5yd2xOQEhH5D9ceoCnvhG2qYEmyBEQH6ZKL4k46/iQID
AQABo4GHMIGEMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAU76xp11xRXXt2APD4
mbQrzBmEDYkwHQYDVR0OBBYEFBm/vsU9UP9LEeKppk4xD/Lw6kUzMA4GA1UdDwEB
/wQEAwIGwDATBgNVHSUEDDAKBggrBgEFBQcDCTAPBgkrBgEFBQcwAQUEAgUAMA0G
CSqGSIb3DQEBCwUAA4IBAQCEtFNxDz6xeQKCvt0goE/RF/MS+Q2ygL8mEKwNtgx2
bfgfp2atrOm/aTy1mIDEmWPgHbl9tfq45h61lGdrAO9aflBS2DXcW5WE3jTHBrG6
Ow6rGJyEd1nQDeqwfLw5ixVf2GsOq7lqd3fCMQlQ0yo+WXjWL73kFPvnCVE1TE9E
ETqAQAfM5gfOeHGnLp//Sj7yjm4ax/y9ZRQvD9KXp4lPaQBmt4SUHuCRa6LMCS7T
nDm6/uYDMxpY+Omjqjq3oCQBR6LVwy3ut6m1tdXhuHEhKD7wM8fuzsZvyPnPfTR9
qB48Rw42Otu618Z4+d9yqUdsbLq8lpUZ4EjzV8EPefBj
-----END CERTIFICATE-----

Raw OCSP response headers

Content-Length: [1555]
Content-Transfer-Encoding: [binary]
Content-Type: [application/ocsp-response]
Date: [Sun, 25 Jun 2017 22:40:51 GMT]
Server: [NetDNA-cache/2.2]
X-Cache: [MISS]
X-Cached: [MISS]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • OCSP response must be valid for at least 8 hours (Microsoft)
  • OCSP response must be available at least 8 hours before the current period expires or at ½ the validity if valid for more than 16 hours (Microsoft)
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • Last-Modified cache header not set (RFC 5019, section 6.2)
  • NextUpdate not set (RFC 5019, section 2.2.4)

SpaceSSL CA (CA Certificate)

Certificate details for SpaceSSL CA (At position 1 in certificate chain)
Serial number:
hex: 2539661f537d7b5cea2c999db63c083e
int: 49479468052669936992520155445763770430
Issued by: Certum Global Services CA
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: Unizeto Technologies S.A.
Organization unit: SpaceSSL Certification Authority
Country: PL
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

Certificate Revocation List (CRL)

This CRL was cached at
http://crl.certum.pl/gsca.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://crl.certum.pl/gsca.crl
Size: 498 bytes (DER data)
Response time: 1.140030362s
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 0

Relevant server response headers

Date:
Last Modified:

Server and network information

Server Software: nginx

Raw CRL response headers

Accept-Ranges: [bytes]
Content-Length: [498]
Content-Type: [application/x-pkcs7-crl]
Date: [Sun, 25 Jun 2017 22:40:50 GMT]
Etag: ["3001c-1f2-9e686100"]
Last-Modified: [Sun, 25 Jun 2017 18:01:08 GMT]
Server: [nginx]
X-Cached: [EXPIRED]
  • Content-Type in response is set 'application/x-pkcs7-crl' and should be replaced with 'application/pkix-crl' (RFC 5280, section 4.2.1.13)
  • This CRL file is DER encoded
  • Issuer field is byte-for-byte equivalent with issuers subject
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is not the same as ThisUpdate (RFC 5019, section 6.2)
  • Expires cache header not set (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://subca.ocsp-certum.com (GET)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://subca.ocsp-certum.com (GET)
Size: 1615 bytes (DER data)
Response time: 1.133892402s
Signature algorithm: SHA256WithRSA
Signature type: CA Delegated
Signed by: Certum Global Services CA Validation Service
Issued by: Certum Global Services CA
Signing certificate validity: 2017-03-23 - 2018-03-23
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:

Server and network information

Server Software: NetDNA-cache/2.2
Cache Information: MISS

URL used for GET request

http://subca.ocsp-certum.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTiZ82OZ%2FUHynitdD9ez09RxIhDVQQURcWyhk7M3SmX5N0UxG6uTbjBd%2FgCECU5Zh9TfXtc6iyZnbY8CD4%3D

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFEwTzBNMEswSTAJBgUrDgMCGgUABBTiZ82OZ/UHynitdD9ez09RxIhDVQQURcWy
hk7M3SmX5N0UxG6uTbjBd/gCECU5Zh9TfXtc6iyZnbY8CD4=
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIGSwoBAKCCBkQwggZABgkrBgEFBQcwAQEEggYxMIIGLTCCARSgAwIBAKFpMGcx
CzAJBgNVBAYTAlBMMSEwHwYDVQQKDBhBc3NlY28gRGF0YSBTeXN0ZW1zIFMuQS4x
NTAzBgNVBAMMLENlcnR1bSBHbG9iYWwgU2VydmljZXMgQ0EgVmFsaWRhdGlvbiBT
ZXJ2aWNlGA8yMDE3MDYyNTIyNDA1MFowcTBvMEcwBwYFKw4DAhoEFOJnzY5n9QfK
eK10P17PT1HEiENVBBRFxbKGTszdKZfk3RTEbq5NuMF3+AIQJTlmH1N9e1zqLJmd
tjwIPoAAGA8yMDE3MDYyNTIyNDA1MFqgERgPMjAxNzA3MDIyMjQwNTBaoR4wHDAa
BgkrBgEFBQcwAQQEDTALBgkrBgEFBQcwAQEwCwYJKoZIhvcNAQELA4IBAQAvlL33
T2oM7w9EsVzU3fD8nrD/pnSZKVCN8LNAhl6mIMeCF1ALJzOqO60zrsNnhau3t+hT
9E2qlwyU9rprmnfT2mfI206DtrFqJMEDGg7RHpS3pIv7f4ZWFOOcDcONnBxki+3D
buVvGo8kBT+gnRliA6SAimhYPpqjPSiC1brZsUecgeaJuQeTSvbJfoPDmQXAc35u
E3hB3t2leaq1ZWVcAYWCyMPeaRgUVmwkA4tUSo8V15l/UVBDXxye0faoYQTvmyYo
CJOVhP1F0wFbxK0Xv77gs/1G8DiRRFcdXJSwSwi+xHHChDeJXh+8DxYLoaSDfc3W
a/2NU+TgqvslyApnoIID/zCCA/swggP3MIIC36ADAgECAhBOQM7akIHwDuad3Ys9
SB1SMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlBMMSIwIAYDVQQKExlVbml6
ZXRvIFRlY2hub2xvZ2llcyBTLkEuMScwJQYDVQQLEx5DZXJ0dW0gQ2VydGlmaWNh
dGlvbiBBdXRob3JpdHkxIjAgBgNVBAMTGUNlcnR1bSBHbG9iYWwgU2VydmljZXMg
Q0EwHhcNMTcwMzIzMDgyNDIxWhcNMTgwMzIzMDgyNDIxWjBnMQswCQYDVQQGEwJQ
TDEhMB8GA1UECgwYQXNzZWNvIERhdGEgU3lzdGVtcyBTLkEuMTUwMwYDVQQDDCxD
ZXJ0dW0gR2xvYmFsIFNlcnZpY2VzIENBIFZhbGlkYXRpb24gU2VydmljZTCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL5sc8vZ76cXSx9fFYYvgZn3sELU
Yo+eApcdsGL2spRT4LS6xgHYuTgWVgN+DP5PKTmkoS8ea0+oPq8xZG6aLcJSabxY
4N8W7wclp4ptw/7GdZnwQxzzyRlLhXh10+3iHFDuzOXzaimg8G/oNe0qr7yXlNjH
I/gBHj7PxYEwjGiFthMrD6c9FV60lDOJtoGu1z3uGPEyozuXF08F5r+/CgPBqYkC
G3IO7GxfYxrhBFcrw9WArEmdRoYclfGbgIiGJJvCjCGPNmgu/+n1S5g5aFmhrBOm
r1RhIvz1ZpPtB+95ON8PwU/wXX3D5+MmbNj14iR74Y89tEe2x/53w8aTpVkCAwEA
AaOBhzCBhDAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFEXFsoZOzN0pl+TdFMRu
rk24wXf4MB0GA1UdDgQWBBSTIl6EmkPlnsrqcKK+cCuU6CkaRzAOBgNVHQ8BAf8E
BAMCBsAwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDwYJKwYBBQUHMAEFBAIFADANBgkq
hkiG9w0BAQsFAAOCAQEAZabbmp7myq4TBuVc9NUzFWwRVexT+OdgWWUGYyIHeyFL
TcOZfmf5otqrfSDJ4dSRrNu+kVhHOg0z37EeVNgncy4xlpACwL2sD+PO0iH4bi66
UfbnhTGJHiAqcm43U3BQz2cjm+wbQ1bX0deWZXP+DH49C1P+RRNZb9svNVW3fP1b
+65l9yAs3FzJ15O9w9tWqnGwAkJ+3M2mgXtynFvv8VwndDiV6S962xB2xOZIJlJz
k7ExD8k2J5LwC0xtyS6G6wN3zxQmLTEO/URrpxNbCzC1N5+hAMzJFjQFALTrWxfT
AEUVZhSl+87gqBVyC+qFaCzye1uEs/LnPNPggpLMyg==
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIID9zCCAt+gAwIBAgIQTkDO2pCB8A7mnd2LPUgdUjANBgkqhkiG9w0BAQsFADB+
MQswCQYDVQQGEwJQTDEiMCAGA1UEChMZVW5pemV0byBUZWNobm9sb2dpZXMgUy5B
LjEnMCUGA1UECxMeQ2VydHVtIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MSIwIAYD
VQQDExlDZXJ0dW0gR2xvYmFsIFNlcnZpY2VzIENBMB4XDTE3MDMyMzA4MjQyMVoX
DTE4MDMyMzA4MjQyMVowZzELMAkGA1UEBhMCUEwxITAfBgNVBAoMGEFzc2VjbyBE
YXRhIFN5c3RlbXMgUy5BLjE1MDMGA1UEAwwsQ2VydHVtIEdsb2JhbCBTZXJ2aWNl
cyBDQSBWYWxpZGF0aW9uIFNlcnZpY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQC+bHPL2e+nF0sfXxWGL4GZ97BC1GKPngKXHbBi9rKUU+C0usYB2Lk4
FlYDfgz+Tyk5pKEvHmtPqD6vMWRumi3CUmm8WODfFu8HJaeKbcP+xnWZ8EMc88kZ
S4V4ddPt4hxQ7szl82opoPBv6DXtKq+8l5TYxyP4AR4+z8WBMIxohbYTKw+nPRVe
tJQzibaBrtc97hjxMqM7lxdPBea/vwoDwamJAhtyDuxsX2Ma4QRXK8PVgKxJnUaG
HJXxm4CIhiSbwowhjzZoLv/p9UuYOWhZoawTpq9UYSL89WaT7QfveTjfD8FP8F19
w+fjJmzY9eIke+GPPbRHtsf+d8PGk6VZAgMBAAGjgYcwgYQwDAYDVR0TAQH/BAIw
ADAfBgNVHSMEGDAWgBRFxbKGTszdKZfk3RTEbq5NuMF3+DAdBgNVHQ4EFgQUkyJe
hJpD5Z7K6nCivnArlOgpGkcwDgYDVR0PAQH/BAQDAgbAMBMGA1UdJQQMMAoGCCsG
AQUFBwMJMA8GCSsGAQUFBzABBQQCBQAwDQYJKoZIhvcNAQELBQADggEBAGWm25qe
5squEwblXPTVMxVsEVXsU/jnYFllBmMiB3shS03DmX5n+aLaq30gyeHUkazbvpFY
RzoNM9+xHlTYJ3MuMZaQAsC9rA/jztIh+G4uulH254UxiR4gKnJuN1NwUM9nI5vs
G0NW19HXlmVz/gx+PQtT/kUTWW/bLzVVt3z9W/uuZfcgLNxcydeTvcPbVqpxsAJC
ftzNpoF7cpxb7/FcJ3Q4lekvetsQdsTmSCZSc5OxMQ/JNieS8AtMbckuhusDd88U
Ji0xDv1Ea6cTWwswtTefoQDMyRY0BQC061sX0wBFFWYUpfvO4KgVcgvqhWgs8ntb
hLPy5zzT4IKSzMo=
-----END CERTIFICATE-----

Raw OCSP response headers

Content-Length: [1615]
Content-Transfer-Encoding: [binary]
Content-Type: [application/ocsp-response]
Date: [Sun, 25 Jun 2017 22:40:50 GMT]
Server: [NetDNA-cache/2.2]
X-Cache: [MISS]
X-Cached: [MISS]
  • OCSP requests is smaller than 255 bytes
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified cache header not set (RFC 5019, section 6.2)
  • Expires cache header not set (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)
This OCSP response was cached at
http://subca.ocsp-certum.com (POST)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://subca.ocsp-certum.com (POST)
Size: 1615 bytes (DER data)
Response time: 1.134541173s
Signature algorithm: SHA256WithRSA
Signature type: CA Delegated
Signed by: Certum Global Services CA Validation Service
Issued by: Certum Global Services CA
Signing certificate validity: 2017-03-23 - 2018-03-23
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:

Server and network information

Server Software: NetDNA-cache/2.2
Cache Information: MISS

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFEwTzBNMEswSTAJBgUrDgMCGgUABBTiZ82OZ/UHynitdD9ez09RxIhDVQQURcWy
hk7M3SmX5N0UxG6uTbjBd/gCECU5Zh9TfXtc6iyZnbY8CD4=
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIGSwoBAKCCBkQwggZABgkrBgEFBQcwAQEEggYxMIIGLTCCARSgAwIBAKFpMGcx
CzAJBgNVBAYTAlBMMSEwHwYDVQQKDBhBc3NlY28gRGF0YSBTeXN0ZW1zIFMuQS4x
NTAzBgNVBAMMLENlcnR1bSBHbG9iYWwgU2VydmljZXMgQ0EgVmFsaWRhdGlvbiBT
ZXJ2aWNlGA8yMDE3MDYyNTIyNDA1MFowcTBvMEcwBwYFKw4DAhoEFOJnzY5n9QfK
eK10P17PT1HEiENVBBRFxbKGTszdKZfk3RTEbq5NuMF3+AIQJTlmH1N9e1zqLJmd
tjwIPoAAGA8yMDE3MDYyNTIyNDA1MFqgERgPMjAxNzA3MDIyMjQwNTBaoR4wHDAa
BgkrBgEFBQcwAQQEDTALBgkrBgEFBQcwAQEwCwYJKoZIhvcNAQELA4IBAQAvlL33
T2oM7w9EsVzU3fD8nrD/pnSZKVCN8LNAhl6mIMeCF1ALJzOqO60zrsNnhau3t+hT
9E2qlwyU9rprmnfT2mfI206DtrFqJMEDGg7RHpS3pIv7f4ZWFOOcDcONnBxki+3D
buVvGo8kBT+gnRliA6SAimhYPpqjPSiC1brZsUecgeaJuQeTSvbJfoPDmQXAc35u
E3hB3t2leaq1ZWVcAYWCyMPeaRgUVmwkA4tUSo8V15l/UVBDXxye0faoYQTvmyYo
CJOVhP1F0wFbxK0Xv77gs/1G8DiRRFcdXJSwSwi+xHHChDeJXh+8DxYLoaSDfc3W
a/2NU+TgqvslyApnoIID/zCCA/swggP3MIIC36ADAgECAhBOQM7akIHwDuad3Ys9
SB1SMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlBMMSIwIAYDVQQKExlVbml6
ZXRvIFRlY2hub2xvZ2llcyBTLkEuMScwJQYDVQQLEx5DZXJ0dW0gQ2VydGlmaWNh
dGlvbiBBdXRob3JpdHkxIjAgBgNVBAMTGUNlcnR1bSBHbG9iYWwgU2VydmljZXMg
Q0EwHhcNMTcwMzIzMDgyNDIxWhcNMTgwMzIzMDgyNDIxWjBnMQswCQYDVQQGEwJQ
TDEhMB8GA1UECgwYQXNzZWNvIERhdGEgU3lzdGVtcyBTLkEuMTUwMwYDVQQDDCxD
ZXJ0dW0gR2xvYmFsIFNlcnZpY2VzIENBIFZhbGlkYXRpb24gU2VydmljZTCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL5sc8vZ76cXSx9fFYYvgZn3sELU
Yo+eApcdsGL2spRT4LS6xgHYuTgWVgN+DP5PKTmkoS8ea0+oPq8xZG6aLcJSabxY
4N8W7wclp4ptw/7GdZnwQxzzyRlLhXh10+3iHFDuzOXzaimg8G/oNe0qr7yXlNjH
I/gBHj7PxYEwjGiFthMrD6c9FV60lDOJtoGu1z3uGPEyozuXF08F5r+/CgPBqYkC
G3IO7GxfYxrhBFcrw9WArEmdRoYclfGbgIiGJJvCjCGPNmgu/+n1S5g5aFmhrBOm
r1RhIvz1ZpPtB+95ON8PwU/wXX3D5+MmbNj14iR74Y89tEe2x/53w8aTpVkCAwEA
AaOBhzCBhDAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFEXFsoZOzN0pl+TdFMRu
rk24wXf4MB0GA1UdDgQWBBSTIl6EmkPlnsrqcKK+cCuU6CkaRzAOBgNVHQ8BAf8E
BAMCBsAwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDwYJKwYBBQUHMAEFBAIFADANBgkq
hkiG9w0BAQsFAAOCAQEAZabbmp7myq4TBuVc9NUzFWwRVexT+OdgWWUGYyIHeyFL
TcOZfmf5otqrfSDJ4dSRrNu+kVhHOg0z37EeVNgncy4xlpACwL2sD+PO0iH4bi66
UfbnhTGJHiAqcm43U3BQz2cjm+wbQ1bX0deWZXP+DH49C1P+RRNZb9svNVW3fP1b
+65l9yAs3FzJ15O9w9tWqnGwAkJ+3M2mgXtynFvv8VwndDiV6S962xB2xOZIJlJz
k7ExD8k2J5LwC0xtyS6G6wN3zxQmLTEO/URrpxNbCzC1N5+hAMzJFjQFALTrWxfT
AEUVZhSl+87gqBVyC+qFaCzye1uEs/LnPNPggpLMyg==
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIID9zCCAt+gAwIBAgIQTkDO2pCB8A7mnd2LPUgdUjANBgkqhkiG9w0BAQsFADB+
MQswCQYDVQQGEwJQTDEiMCAGA1UEChMZVW5pemV0byBUZWNobm9sb2dpZXMgUy5B
LjEnMCUGA1UECxMeQ2VydHVtIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MSIwIAYD
VQQDExlDZXJ0dW0gR2xvYmFsIFNlcnZpY2VzIENBMB4XDTE3MDMyMzA4MjQyMVoX
DTE4MDMyMzA4MjQyMVowZzELMAkGA1UEBhMCUEwxITAfBgNVBAoMGEFzc2VjbyBE
YXRhIFN5c3RlbXMgUy5BLjE1MDMGA1UEAwwsQ2VydHVtIEdsb2JhbCBTZXJ2aWNl
cyBDQSBWYWxpZGF0aW9uIFNlcnZpY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQC+bHPL2e+nF0sfXxWGL4GZ97BC1GKPngKXHbBi9rKUU+C0usYB2Lk4
FlYDfgz+Tyk5pKEvHmtPqD6vMWRumi3CUmm8WODfFu8HJaeKbcP+xnWZ8EMc88kZ
S4V4ddPt4hxQ7szl82opoPBv6DXtKq+8l5TYxyP4AR4+z8WBMIxohbYTKw+nPRVe
tJQzibaBrtc97hjxMqM7lxdPBea/vwoDwamJAhtyDuxsX2Ma4QRXK8PVgKxJnUaG
HJXxm4CIhiSbwowhjzZoLv/p9UuYOWhZoawTpq9UYSL89WaT7QfveTjfD8FP8F19
w+fjJmzY9eIke+GPPbRHtsf+d8PGk6VZAgMBAAGjgYcwgYQwDAYDVR0TAQH/BAIw
ADAfBgNVHSMEGDAWgBRFxbKGTszdKZfk3RTEbq5NuMF3+DAdBgNVHQ4EFgQUkyJe
hJpD5Z7K6nCivnArlOgpGkcwDgYDVR0PAQH/BAQDAgbAMBMGA1UdJQQMMAoGCCsG
AQUFBwMJMA8GCSsGAQUFBzABBQQCBQAwDQYJKoZIhvcNAQELBQADggEBAGWm25qe
5squEwblXPTVMxVsEVXsU/jnYFllBmMiB3shS03DmX5n+aLaq30gyeHUkazbvpFY
RzoNM9+xHlTYJ3MuMZaQAsC9rA/jztIh+G4uulH254UxiR4gKnJuN1NwUM9nI5vs
G0NW19HXlmVz/gx+PQtT/kUTWW/bLzVVt3z9W/uuZfcgLNxcydeTvcPbVqpxsAJC
ftzNpoF7cpxb7/FcJ3Q4lekvetsQdsTmSCZSc5OxMQ/JNieS8AtMbckuhusDd88U
Ji0xDv1Ea6cTWwswtTefoQDMyRY0BQC061sX0wBFFWYUpfvO4KgVcgvqhWgs8ntb
hLPy5zzT4IKSzMo=
-----END CERTIFICATE-----

Raw OCSP response headers

Content-Length: [1615]
Content-Transfer-Encoding: [binary]
Content-Type: [application/ocsp-response]
Date: [Sun, 25 Jun 2017 22:40:50 GMT]
Server: [NetDNA-cache/2.2]
X-Cache: [MISS]
X-Cached: [MISS]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified cache header not set (RFC 5019, section 6.2)
  • Expires cache header not set (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

Certum Global Services CA (CA Certificate)

Certificate details for Certum Global Services CA (At position 2 in certificate chain)
Serial number:
hex: c53c18bf8f3f9cc77306a9c6a13e84e7
int: 262169954935883303583790439389206578407
Issued by: Certum CA
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: Unizeto Technologies S.A.
Organization unit: Certum Certification Authority
Country: PL
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

Certificate Revocation List (CRL)

This CRL was cached at
http://crl.certum.pl/ca.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://crl.certum.pl/ca.crl
Size: 465 bytes (DER data)
Response time: 1.140373994s
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 2

Relevant server response headers

Date:
Last Modified:

Server and network information

Server Software: nginx

Raw CRL response headers

Accept-Ranges: [bytes]
Content-Length: [465]
Content-Type: [application/x-pkcs7-crl]
Date: [Sun, 25 Jun 2017 22:40:50 GMT]
Etag: ["30018-1d1-262c9f80"]
Last-Modified: [Thu, 18 May 2017 10:48:46 GMT]
Server: [nginx]
X-Cached: [HIT]
  • Content-Type in response is set 'application/x-pkcs7-crl' and should be replaced with 'application/pkix-crl' (RFC 5280, section 4.2.1.13)
  • This CRL file is DER encoded
  • Issuer field is byte-for-byte equivalent with issuers subject
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is not the same as ThisUpdate (RFC 5019, section 6.2)
  • Expires cache header not set (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://subca.ocsp-certum.com (GET)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://subca.ocsp-certum.com (GET)
Size: 1657 bytes (DER data)
Response time: 1.129868858s
Signature algorithm: SHA256WithRSA
Signature type: CA Delegated
Signed by: Certum CA Validation Service
Issued by: Certum CA
Signing certificate validity: 2016-12-20 - 2018-01-20
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:

Server and network information

Server Software: NetDNA-cache/2.2
Cache Information: EXPIRED

URL used for GET request

http://subca.ocsp-certum.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBR5iK7tYk9tqQEoeQhZNkKcAol9bgQUjEPEy22YwaechGnr30oNYJY6w%2FsCEQDFPBi%2Fjz%2Bcx3MGqcahPoTn

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFIwUDBOMEwwSjAJBgUrDgMCGgUABBR5iK7tYk9tqQEoeQhZNkKcAol9bgQUjEPE
y22YwaechGnr30oNYJY6w/sCEQDFPBi/jz+cx3MGqcahPoTn
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIGdQoBAKCCBm4wggZqBgkrBgEFBQcwAQEEggZbMIIGVzCCATCgAwIBAKGBgzCB
gDELMAkGA1UEBhMCUEwxITAfBgNVBAoMGEFzc2VjbyBEYXRhIFN5c3RlbXMgUy5B
LjEnMCUGA1UECwweQ2VydHVtIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MSUwIwYD
VQQDDBxDZXJ0dW0gQ0EgVmFsaWRhdGlvbiBTZXJ2aWNlGA8yMDE3MDYyNTIyNDA1
MFowcjBwMEgwBwYFKw4DAhoEFHmIru1iT22pASh5CFk2QpwCiX1uBBSMQ8TLbZjB
p5yEaevfSg1gljrD+wIRAMU8GL+PP5zHcwapxqE+hOeAABgPMjAxNzA2MjUyMjQw
NTBaoBEYDzIwMTcwNzAyMjI0MDUwWqEeMBwwGgYJKwYBBQUHMAEEBA0wCwYJKwYB
BQUHMAEBMAsGCSqGSIb3DQEBCwOCAQEATqvu/XvvFgtKjGJ9E6exxEj6WS3iY1Ci
L9iQG7WTo10hB51LUYX1LCY+f4EOpHZUz+mRwlPkTMyMU5B2P+0mBOCLZepklmr4
ar6SPS/NZoD85YmmI2nm1F4gqR9WcQCidljzf7EXNRYQdTKszgRIXpatZnzpeFWp
sDk8yOjBFGut3EYVT3yYZtOyNazXFy/LvMwOtbFNyZZIgEd/8/z4gdS3s3WdM1oK
SBhDE8BeoUzfa6c4EBO/gULyRTDFkRYvQXrMCRPfUTT6nd4UUaSHU0vPT/+p1kQv
oqe+6RMBqM4FHu/6F/GkfwV7jsiMakiqTFFPWBq230tr/qLG1Q4GaKCCBA0wggQJ
MIIEBTCCAu2gAwIBAgIRAO+Phwnd4LSd4CM9WHL2llEwDQYJKoZIhvcNAQELBQAw
PjELMAkGA1UEBhMCUEwxGzAZBgNVBAoTElVuaXpldG8gU3AuIHogby5vLjESMBAG
A1UEAxMJQ2VydHVtIENBMB4XDTE2MTIyMDEwMTgzNloXDTE4MDEyMDEwMTgzNlow
gYAxCzAJBgNVBAYTAlBMMSEwHwYDVQQKDBhBc3NlY28gRGF0YSBTeXN0ZW1zIFMu
QS4xJzAlBgNVBAsMHkNlcnR1bSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTElMCMG
A1UEAwwcQ2VydHVtIENBIFZhbGlkYXRpb24gU2VydmljZTCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBALjxMxTAPsfM5fv81V17NxECXOLchyR2bB7pnMfH
VpGl5gK5mFTSxYotizrM7MYW3HkDuieDlIJYB+p9G2ZBXIKe5ZJflFV4bDbDdGkr
JbZTU9bCI7UrWrI1G0ciBZZTl/0YqdApUb6OEiGq1VDklsTLfjDdhDMykqSnQm1k
qgaJJb8y+pb2RNkM5ci7SuG/FwOi1xK5hjav5IYETwx10Lx2bcVsG6RWoyfGTAs0
yQNfnBqT9lywZUu8sNlNSdJGqTtI0Du7vCWqzLVLWuGY5Eg7ZSClnTnIMr/DQbVi
l67+2dyHRrNUq9feX73vjxfYubKxRFkym/aaMlojTMJEMCkCAwEAAaOBujCBtzAM
BgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSRTOhvaI/2EhkbMhqTka0Dx3ypPTBSBgNV
HSMESzBJoUKkQDA+MQswCQYDVQQGEwJQTDEbMBkGA1UEChMSVW5pemV0byBTcC4g
eiBvLm8uMRIwEAYDVQQDEwlDZXJ0dW0gQ0GCAwEAIDAOBgNVHQ8BAf8EBAMCBsAw
EwYDVR0lBAwwCgYIKwYBBQUHAwkwDwYJKwYBBQUHMAEFBAIFADANBgkqhkiG9w0B
AQsFAAOCAQEALAnDB8ofRBXfrSyFY6LDHDykf4q0Hg8R8ffx8wDfGkcFjH5VdWfH
tdgC/HE2KdBnJqqYrCKlCaGdQuvxa72rF3ubKPRTysilKzXymLd47T4G5NuswLJL
E2tz56Cinn9Ty+gNXVKcsPcG1O1uodvZtXH5WbRpPqUHbcl9HQ6ox9DTG9GTkGK7
8TmAradm0E9f6LdT+O8MPjE58Htxf1j7ag/MHx/YAOKVyrkzYBt+bZp3QP7JmHPH
eZy+3lAPP3QxRRD+3vnPSvaP2Xy258KTU09AevKHtUFUClIDhX+00cVfQ+Apz/Qc
w94al365dkfS05J596wNu4Tt6Dk7n83W6w==
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIEBTCCAu2gAwIBAgIRAO+Phwnd4LSd4CM9WHL2llEwDQYJKoZIhvcNAQELBQAw
PjELMAkGA1UEBhMCUEwxGzAZBgNVBAoTElVuaXpldG8gU3AuIHogby5vLjESMBAG
A1UEAxMJQ2VydHVtIENBMB4XDTE2MTIyMDEwMTgzNloXDTE4MDEyMDEwMTgzNlow
gYAxCzAJBgNVBAYTAlBMMSEwHwYDVQQKDBhBc3NlY28gRGF0YSBTeXN0ZW1zIFMu
QS4xJzAlBgNVBAsMHkNlcnR1bSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTElMCMG
A1UEAwwcQ2VydHVtIENBIFZhbGlkYXRpb24gU2VydmljZTCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBALjxMxTAPsfM5fv81V17NxECXOLchyR2bB7pnMfH
VpGl5gK5mFTSxYotizrM7MYW3HkDuieDlIJYB+p9G2ZBXIKe5ZJflFV4bDbDdGkr
JbZTU9bCI7UrWrI1G0ciBZZTl/0YqdApUb6OEiGq1VDklsTLfjDdhDMykqSnQm1k
qgaJJb8y+pb2RNkM5ci7SuG/FwOi1xK5hjav5IYETwx10Lx2bcVsG6RWoyfGTAs0
yQNfnBqT9lywZUu8sNlNSdJGqTtI0Du7vCWqzLVLWuGY5Eg7ZSClnTnIMr/DQbVi
l67+2dyHRrNUq9feX73vjxfYubKxRFkym/aaMlojTMJEMCkCAwEAAaOBujCBtzAM
BgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSRTOhvaI/2EhkbMhqTka0Dx3ypPTBSBgNV
HSMESzBJoUKkQDA+MQswCQYDVQQGEwJQTDEbMBkGA1UEChMSVW5pemV0byBTcC4g
eiBvLm8uMRIwEAYDVQQDEwlDZXJ0dW0gQ0GCAwEAIDAOBgNVHQ8BAf8EBAMCBsAw
EwYDVR0lBAwwCgYIKwYBBQUHAwkwDwYJKwYBBQUHMAEFBAIFADANBgkqhkiG9w0B
AQsFAAOCAQEALAnDB8ofRBXfrSyFY6LDHDykf4q0Hg8R8ffx8wDfGkcFjH5VdWfH
tdgC/HE2KdBnJqqYrCKlCaGdQuvxa72rF3ubKPRTysilKzXymLd47T4G5NuswLJL
E2tz56Cinn9Ty+gNXVKcsPcG1O1uodvZtXH5WbRpPqUHbcl9HQ6ox9DTG9GTkGK7
8TmAradm0E9f6LdT+O8MPjE58Htxf1j7ag/MHx/YAOKVyrkzYBt+bZp3QP7JmHPH
eZy+3lAPP3QxRRD+3vnPSvaP2Xy258KTU09AevKHtUFUClIDhX+00cVfQ+Apz/Qc
w94al365dkfS05J596wNu4Tt6Dk7n83W6w==
-----END CERTIFICATE-----

Raw OCSP response headers

Content-Length: [1657]
Content-Transfer-Encoding: [binary]
Content-Type: [application/ocsp-response]
Date: [Sun, 25 Jun 2017 22:40:50 GMT]
Server: [NetDNA-cache/2.2]
X-Cache: [EXPIRED]
X-Cached: [MISS]
  • OCSP requests is smaller than 255 bytes
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified cache header not set (RFC 5019, section 6.2)
  • Expires cache header not set (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)
This OCSP response was cached at
http://subca.ocsp-certum.com (POST)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://subca.ocsp-certum.com (POST)
Size: 1657 bytes (DER data)
Response time: 1.130874734s
Signature algorithm: SHA256WithRSA
Signature type: CA Delegated
Signed by: Certum CA Validation Service
Issued by: Certum CA
Signing certificate validity: 2016-12-20 - 2018-01-20
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:

Server and network information

Server Software: NetDNA-cache/2.2
Cache Information: EXPIRED

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFIwUDBOMEwwSjAJBgUrDgMCGgUABBR5iK7tYk9tqQEoeQhZNkKcAol9bgQUjEPE
y22YwaechGnr30oNYJY6w/sCEQDFPBi/jz+cx3MGqcahPoTn
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIGdQoBAKCCBm4wggZqBgkrBgEFBQcwAQEEggZbMIIGVzCCATCgAwIBAKGBgzCB
gDELMAkGA1UEBhMCUEwxITAfBgNVBAoMGEFzc2VjbyBEYXRhIFN5c3RlbXMgUy5B
LjEnMCUGA1UECwweQ2VydHVtIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MSUwIwYD
VQQDDBxDZXJ0dW0gQ0EgVmFsaWRhdGlvbiBTZXJ2aWNlGA8yMDE3MDYyNTIyNDA1
MFowcjBwMEgwBwYFKw4DAhoEFHmIru1iT22pASh5CFk2QpwCiX1uBBSMQ8TLbZjB
p5yEaevfSg1gljrD+wIRAMU8GL+PP5zHcwapxqE+hOeAABgPMjAxNzA2MjUyMjQw
NTBaoBEYDzIwMTcwNzAyMjI0MDUwWqEeMBwwGgYJKwYBBQUHMAEEBA0wCwYJKwYB
BQUHMAEBMAsGCSqGSIb3DQEBCwOCAQEATqvu/XvvFgtKjGJ9E6exxEj6WS3iY1Ci
L9iQG7WTo10hB51LUYX1LCY+f4EOpHZUz+mRwlPkTMyMU5B2P+0mBOCLZepklmr4
ar6SPS/NZoD85YmmI2nm1F4gqR9WcQCidljzf7EXNRYQdTKszgRIXpatZnzpeFWp
sDk8yOjBFGut3EYVT3yYZtOyNazXFy/LvMwOtbFNyZZIgEd/8/z4gdS3s3WdM1oK
SBhDE8BeoUzfa6c4EBO/gULyRTDFkRYvQXrMCRPfUTT6nd4UUaSHU0vPT/+p1kQv
oqe+6RMBqM4FHu/6F/GkfwV7jsiMakiqTFFPWBq230tr/qLG1Q4GaKCCBA0wggQJ
MIIEBTCCAu2gAwIBAgIRAO+Phwnd4LSd4CM9WHL2llEwDQYJKoZIhvcNAQELBQAw
PjELMAkGA1UEBhMCUEwxGzAZBgNVBAoTElVuaXpldG8gU3AuIHogby5vLjESMBAG
A1UEAxMJQ2VydHVtIENBMB4XDTE2MTIyMDEwMTgzNloXDTE4MDEyMDEwMTgzNlow
gYAxCzAJBgNVBAYTAlBMMSEwHwYDVQQKDBhBc3NlY28gRGF0YSBTeXN0ZW1zIFMu
QS4xJzAlBgNVBAsMHkNlcnR1bSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTElMCMG
A1UEAwwcQ2VydHVtIENBIFZhbGlkYXRpb24gU2VydmljZTCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBALjxMxTAPsfM5fv81V17NxECXOLchyR2bB7pnMfH
VpGl5gK5mFTSxYotizrM7MYW3HkDuieDlIJYB+p9G2ZBXIKe5ZJflFV4bDbDdGkr
JbZTU9bCI7UrWrI1G0ciBZZTl/0YqdApUb6OEiGq1VDklsTLfjDdhDMykqSnQm1k
qgaJJb8y+pb2RNkM5ci7SuG/FwOi1xK5hjav5IYETwx10Lx2bcVsG6RWoyfGTAs0
yQNfnBqT9lywZUu8sNlNSdJGqTtI0Du7vCWqzLVLWuGY5Eg7ZSClnTnIMr/DQbVi
l67+2dyHRrNUq9feX73vjxfYubKxRFkym/aaMlojTMJEMCkCAwEAAaOBujCBtzAM
BgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSRTOhvaI/2EhkbMhqTka0Dx3ypPTBSBgNV
HSMESzBJoUKkQDA+MQswCQYDVQQGEwJQTDEbMBkGA1UEChMSVW5pemV0byBTcC4g
eiBvLm8uMRIwEAYDVQQDEwlDZXJ0dW0gQ0GCAwEAIDAOBgNVHQ8BAf8EBAMCBsAw
EwYDVR0lBAwwCgYIKwYBBQUHAwkwDwYJKwYBBQUHMAEFBAIFADANBgkqhkiG9w0B
AQsFAAOCAQEALAnDB8ofRBXfrSyFY6LDHDykf4q0Hg8R8ffx8wDfGkcFjH5VdWfH
tdgC/HE2KdBnJqqYrCKlCaGdQuvxa72rF3ubKPRTysilKzXymLd47T4G5NuswLJL
E2tz56Cinn9Ty+gNXVKcsPcG1O1uodvZtXH5WbRpPqUHbcl9HQ6ox9DTG9GTkGK7
8TmAradm0E9f6LdT+O8MPjE58Htxf1j7ag/MHx/YAOKVyrkzYBt+bZp3QP7JmHPH
eZy+3lAPP3QxRRD+3vnPSvaP2Xy258KTU09AevKHtUFUClIDhX+00cVfQ+Apz/Qc
w94al365dkfS05J596wNu4Tt6Dk7n83W6w==
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIEBTCCAu2gAwIBAgIRAO+Phwnd4LSd4CM9WHL2llEwDQYJKoZIhvcNAQELBQAw
PjELMAkGA1UEBhMCUEwxGzAZBgNVBAoTElVuaXpldG8gU3AuIHogby5vLjESMBAG
A1UEAxMJQ2VydHVtIENBMB4XDTE2MTIyMDEwMTgzNloXDTE4MDEyMDEwMTgzNlow
gYAxCzAJBgNVBAYTAlBMMSEwHwYDVQQKDBhBc3NlY28gRGF0YSBTeXN0ZW1zIFMu
QS4xJzAlBgNVBAsMHkNlcnR1bSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTElMCMG
A1UEAwwcQ2VydHVtIENBIFZhbGlkYXRpb24gU2VydmljZTCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBALjxMxTAPsfM5fv81V17NxECXOLchyR2bB7pnMfH
VpGl5gK5mFTSxYotizrM7MYW3HkDuieDlIJYB+p9G2ZBXIKe5ZJflFV4bDbDdGkr
JbZTU9bCI7UrWrI1G0ciBZZTl/0YqdApUb6OEiGq1VDklsTLfjDdhDMykqSnQm1k
qgaJJb8y+pb2RNkM5ci7SuG/FwOi1xK5hjav5IYETwx10Lx2bcVsG6RWoyfGTAs0
yQNfnBqT9lywZUu8sNlNSdJGqTtI0Du7vCWqzLVLWuGY5Eg7ZSClnTnIMr/DQbVi
l67+2dyHRrNUq9feX73vjxfYubKxRFkym/aaMlojTMJEMCkCAwEAAaOBujCBtzAM
BgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSRTOhvaI/2EhkbMhqTka0Dx3ypPTBSBgNV
HSMESzBJoUKkQDA+MQswCQYDVQQGEwJQTDEbMBkGA1UEChMSVW5pemV0byBTcC4g
eiBvLm8uMRIwEAYDVQQDEwlDZXJ0dW0gQ0GCAwEAIDAOBgNVHQ8BAf8EBAMCBsAw
EwYDVR0lBAwwCgYIKwYBBQUHAwkwDwYJKwYBBQUHMAEFBAIFADANBgkqhkiG9w0B
AQsFAAOCAQEALAnDB8ofRBXfrSyFY6LDHDykf4q0Hg8R8ffx8wDfGkcFjH5VdWfH
tdgC/HE2KdBnJqqYrCKlCaGdQuvxa72rF3ubKPRTysilKzXymLd47T4G5NuswLJL
E2tz56Cinn9Ty+gNXVKcsPcG1O1uodvZtXH5WbRpPqUHbcl9HQ6ox9DTG9GTkGK7
8TmAradm0E9f6LdT+O8MPjE58Htxf1j7ag/MHx/YAOKVyrkzYBt+bZp3QP7JmHPH
eZy+3lAPP3QxRRD+3vnPSvaP2Xy258KTU09AevKHtUFUClIDhX+00cVfQ+Apz/Qc
w94al365dkfS05J596wNu4Tt6Dk7n83W6w==
-----END CERTIFICATE-----

Raw OCSP response headers

Content-Length: [1657]
Content-Transfer-Encoding: [binary]
Content-Type: [application/ocsp-response]
Date: [Sun, 25 Jun 2017 22:40:50 GMT]
Server: [NetDNA-cache/2.2]
X-Cache: [EXPIRED]
X-Cached: [MISS]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified cache header not set (RFC 5019, section 6.2)
  • Expires cache header not set (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

Certum CA (CA Certificate)

Certificate details for Certum CA (At position 3 in certificate chain)
Serial number:
hex: 10020
int: 65568
Issued by: Certum CA
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: Unizeto Sp. z o.o.
Country: PL
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

This is a self signed certificate

Check the revocation status for another website

Created by Paul van Brouwershaven
© 2015 - 2017 Digitorus B.V.
Revoked certificates can't and should not be trusted, these certificate will cause errors like "NET::ERR_CERT_REVOKED" in browsers.