CRL & OCSP report for www.tesorobydesign.com

www.tesorobydesign.com

Certificate details for www.tesorobydesign.com (At position 0 in certificate chain)
Serial number:
hex: 11216024b4339be0d56cc04e8ee796aafce8
int: 1492265975413520028393795272235745664498920
Issued by: AlphaSSL CA - SHA256 - G2
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization unit: Domain Control Validated
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

Check certificate compliance for www.tesorobydesign.com.

Certificate Revocation List (CRL)

This CRL was cached at
http://crl2.alphassl.com/gs/gsalphasha2g2.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://crl2.alphassl.com/gs/gsalphasha2g2.crl
Size: 92452 bytes (DER data)
Response time: 19.330946ms
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 2812

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: cloudflare-nginx
Content Delivery Network (CDN): CloudFlare
Cache Information: HIT

Raw CRL response headers

Accept-Ranges: [bytes]
Cache-Control: [public, no-transform, must-revalidate]
Cf-Cache-Status: [HIT]
Cf-Ray: [3647d77b33f80ec1-EWR]
Content-Length: [92452]
Content-Type: [application/pkix-crl]
Date: [Thu, 25 May 2017 10:34:21 GMT]
Etag: [E46F]
Expires: [Thu, 01 Jun 2017 05:43:55 GMT]
Last-Modified: [Thu, 25 May 2017 05:43:55 GMT]
Server: [cloudflare-nginx]
Set-Cookie: [__cfduid=ded6b46434b9e1ad0d6e8e05054a4fd5d1495708461; expires=Fri, 25-May-18 10:34:21 GMT; path=/; domain=.alphassl.com; HttpOnly]
Vary: [Accept-Encoding]
  • Content-Type in response is set to 'application/pkix-crl (RFC 5280, section 4.2.1.13)'
  • This CRL file is DER encoded
  • Issuer field is byte-for-byte equivalent with issuers subject
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than seven days old, CRLs must be updated and reissued at least every seven days (Mozilla Maintenance Policy section 3)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://ocsp2.globalsign.com/gsalphasha2g2 (GET)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp2.globalsign.com/gsalphasha2g2 (GET)
Size: 1561 bytes (DER data)
Response time: 528.935171ms
Signature algorithm: SHA256WithRSA
Signature type: CA Deligated
Signed by: AlphaSSL CA - SHA256 - G2 - OCSP Responder
Issued by: AlphaSSL CA - SHA256 - G2
Signing certificate validity: 2017-05-04 - 2017-08-04
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: cloudflare-nginx
Content Delivery Network (CDN): CloudFlare
Cache Information: MISS

URL used for GET request

http://ocsp2.globalsign.com/gsalphasha2g2/MFMwUTBPME0wSzAJBgUrDgMCGgUABBSE1Wv4CYvTB7dm2OHrrWWWqmtnYQQU9c3VPAhQ%2BWpPOreX2laD5mnSaPcCEhEhYCS0M5vg1WzATo7nlqr86A%3D%3D

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFMwUTBPME0wSzAJBgUrDgMCGgUABBSE1Wv4CYvTB7dm2OHrrWWWqmtnYQQU9c3V
PAhQ+WpPOreX2laD5mnSaPcCEhEhYCS0M5vg1WzATo7nlqr86A==
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIGFQoBAKCCBg4wggYKBgkrBgEFBQcwAQEEggX7MIIF9zCBxqIWBBTuXv/+hdsm
xib702mEEK0dDdPvWBgPMjAxNzA1MjUxMDM0MjFaMIGaMIGXMEswCQYFKw4DAhoF
AAQUhNVr+AmL0we3Ztjh661llqprZ2EEFPXN1TwIUPlqTzq3l9pWg+Zp0mj3AhIR
IWAktDOb4NVswE6O55aq/OiAABgPMjAxNzA1MjUxMDM0MjFaoBEYDzIwMTcwNTI5
MTAzNDIxWqEiMCAwHgYJKwYBBQUHMAEGBBEYDzIwMTYwNTI1MTAzNDIxWjANBgkq
hkiG9w0BAQsFAAOCAQEAZ9NGAk0prspheL6keNWNsNohrFAesMlvCM2nSZx+FUVV
xmvCtwcrw2rVqDDv6QoGZciSmDQcc3Uh3ZVg4yUwKRjHtubf9NUy2HWLXS12LzFX
BWL/wTl66s4h39o8CA9ov4ACA0oBGDwICUTiej2ylcFt3SgFW90GtWjCteFQQhaJ
1gKd49xG8NyohI38Y+DxlhtxGC/k+CKtTh5Z5DrhfZouP/SzpnvwLJcNspRCHcVH
xtsPJdsWJQa/JlVrZ7CHZJAS2L8N8Sp+tSKvaCrlvQiE+5XyHIHo0Odnj0mFBrgj
pYvHs+DJji/TB1jTUJqzCi4O0EF+MB9+Ooy3UuagPKCCBBYwggQSMIIEDjCCAvag
AwIBAgIMXtSB9stzQKEQKXPgMA0GCSqGSIb3DQEBCwUAMEwxCzAJBgNVBAYTAkJF
MRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMSIwIAYDVQQDExlBbHBoYVNTTCBD
QSAtIFNIQTI1NiAtIEcyMB4XDTE3MDUwNDA4MTMzOVoXDTE3MDgwNDA4MTMzOVow
dDELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExFTATBgNV
BAUTDDIwMTcwNTA0MDAyMDEzMDEGA1UEAxMqQWxwaGFTU0wgQ0EgLSBTSEEyNTYg
LSBHMiAtIE9DU1AgUmVzcG9uZGVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAwG4UX1bZE3hMp15gSSBzEIRgOnv5/goZKSwSEwQVA8YCBB3uHBsJdHNa
aQKPVJJ/UQgb/rFd/b6eMUZ8DGBA0cwSU45+Hu2WP5fjBfAwZwg9qXvGiqh1Bmus
wKrQ8Ow9Ar6hFTKpP0xdhsBzYFP4fVdmIAeJnZ+HiPNFf4z0x/KA6Xd45iRYK5VG
GprEG8GMbEtja9Q2Qq2c2kx3bSxCW5mCwcUizu48r2sNN8u9ryROc7XauXZfDHb6
mcInhTiTqipbXHYZ0aXR/qzQcvYGaVUYdMWVjGCI6VpdeqMUDfXqPO9qO1Mj3mXt
7/dFuOq325S6zYJDwLCO79BF+R2otwIDAQABo4HHMIHEMB0GA1UdDgQWBBTuXv/+
hdsmxib702mEEK0dDdPvWDAfBgNVHSMEGDAWgBT1zdU8CFD5ak86t5faVoPmadJo
9zAPBgkrBgEFBQcwAQUEAgUAMEwGA1UdIARFMEMwQQYJKwYBBAGgMgFfMDQwMgYI
KwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkv
MA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDCTANBgkqhkiG9w0B
AQsFAAOCAQEArhU70uE0eddxr/3MudBb4hJcs/DfUX1916IKqSdy34TIQDJnHA4d
L0kkKKXgFMhCyO5qUjehCXoZqd+vM3woJhKQZjgfqNvBagLy/mc7Inm7ocUIoDte
1Gfv0cgIi3/lOE+u9OI3ROU6Wt75G/UbdD6JVzJLL7N6kAVYt6HrMO1HOd8PHuVV
XsEn1BqprUOFFYbLuUk/96+QdtTH5kcPWj8no2YGD/mwItrQ4g0MCvvkQy6MGjdn
yXuMuc+ohtrnqag/wFhKGUj9KgRs9UOfeHvk/9E9M8siI96Aph0JOuo/r/2QyP+w
wHQRuo8eou38UCebWy0VRlfaqUuD2Euyuw==
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIEDjCCAvagAwIBAgIMXtSB9stzQKEQKXPgMA0GCSqGSIb3DQEBCwUAMEwxCzAJ
BgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMSIwIAYDVQQDExlB
bHBoYVNTTCBDQSAtIFNIQTI1NiAtIEcyMB4XDTE3MDUwNDA4MTMzOVoXDTE3MDgw
NDA4MTMzOVowdDELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYt
c2ExFTATBgNVBAUTDDIwMTcwNTA0MDAyMDEzMDEGA1UEAxMqQWxwaGFTU0wgQ0Eg
LSBTSEEyNTYgLSBHMiAtIE9DU1AgUmVzcG9uZGVyMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAwG4UX1bZE3hMp15gSSBzEIRgOnv5/goZKSwSEwQVA8YC
BB3uHBsJdHNaaQKPVJJ/UQgb/rFd/b6eMUZ8DGBA0cwSU45+Hu2WP5fjBfAwZwg9
qXvGiqh1BmuswKrQ8Ow9Ar6hFTKpP0xdhsBzYFP4fVdmIAeJnZ+HiPNFf4z0x/KA
6Xd45iRYK5VGGprEG8GMbEtja9Q2Qq2c2kx3bSxCW5mCwcUizu48r2sNN8u9ryRO
c7XauXZfDHb6mcInhTiTqipbXHYZ0aXR/qzQcvYGaVUYdMWVjGCI6VpdeqMUDfXq
PO9qO1Mj3mXt7/dFuOq325S6zYJDwLCO79BF+R2otwIDAQABo4HHMIHEMB0GA1Ud
DgQWBBTuXv/+hdsmxib702mEEK0dDdPvWDAfBgNVHSMEGDAWgBT1zdU8CFD5ak86
t5faVoPmadJo9zAPBgkrBgEFBQcwAQUEAgUAMEwGA1UdIARFMEMwQQYJKwYBBAGg
MgFfMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3Jl
cG9zaXRvcnkvMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDCTAN
BgkqhkiG9w0BAQsFAAOCAQEArhU70uE0eddxr/3MudBb4hJcs/DfUX1916IKqSdy
34TIQDJnHA4dL0kkKKXgFMhCyO5qUjehCXoZqd+vM3woJhKQZjgfqNvBagLy/mc7
Inm7ocUIoDte1Gfv0cgIi3/lOE+u9OI3ROU6Wt75G/UbdD6JVzJLL7N6kAVYt6Hr
MO1HOd8PHuVVXsEn1BqprUOFFYbLuUk/96+QdtTH5kcPWj8no2YGD/mwItrQ4g0M
CvvkQy6MGjdnyXuMuc+ohtrnqag/wFhKGUj9KgRs9UOfeHvk/9E9M8siI96Aph0J
Ouo/r/2QyP+wwHQRuo8eou38UCebWy0VRlfaqUuD2Euyuw==
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [public, no-transform, must-revalidate]
Cf-Cache-Status: [MISS]
Cf-Ray: [3647d77b332c0efd-EWR]
Content-Length: [1561]
Content-Type: [application/ocsp-response]
Date: [Thu, 25 May 2017 10:34:21 GMT]
Etag: ["dd101db446c7cbef4b3523a0c1504fd5752a51d3"]
Expires: [Mon, 29 May 2017 10:34:21 GMT]
Last-Modified: [Thu, 25 May 2017 10:34:21 GMT]
Server: [cloudflare-nginx]
Set-Cookie: [__cfduid=d5dc0343c83b4fd9dd7aa62db028453b51495708461; expires=Fri, 25-May-18 10:34:21 GMT; path=/; domain=.globalsign.com; HttpOnly]
Vary: [Accept-Encoding]
  • OCSP requests is smaller than 255 bytes
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • OCSP response is valid for at least 8 hours (Microsoft)
  • OCSP response is available at least 8 hours before the current period expires or at ½ the validity if valid for more than 16 hours (Microsoft)
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)
This OCSP response was cached at
http://ocsp2.globalsign.com/gsalphasha2g2 (POST)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp2.globalsign.com/gsalphasha2g2 (POST)
Size: 1561 bytes (DER data)
Response time: 1.029748842s
Signature algorithm: SHA256WithRSA
Signature type: CA Deligated
Signed by: AlphaSSL CA - SHA256 - G2 - OCSP Responder
Issued by: AlphaSSL CA - SHA256 - G2
Signing certificate validity: 2017-05-04 - 2017-08-04
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: cloudflare-nginx
Content Delivery Network (CDN): CloudFlare
Cache Information: HIT

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFMwUTBPME0wSzAJBgUrDgMCGgUABBSE1Wv4CYvTB7dm2OHrrWWWqmtnYQQU9c3V
PAhQ+WpPOreX2laD5mnSaPcCEhEhYCS0M5vg1WzATo7nlqr86A==
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIGFQoBAKCCBg4wggYKBgkrBgEFBQcwAQEEggX7MIIF9zCBxqIWBBTuXv/+hdsm
xib702mEEK0dDdPvWBgPMjAxNzA1MjUxMDM0MjFaMIGaMIGXMEswCQYFKw4DAhoF
AAQUhNVr+AmL0we3Ztjh661llqprZ2EEFPXN1TwIUPlqTzq3l9pWg+Zp0mj3AhIR
IWAktDOb4NVswE6O55aq/OiAABgPMjAxNzA1MjUxMDM0MjFaoBEYDzIwMTcwNTI5
MTAzNDIxWqEiMCAwHgYJKwYBBQUHMAEGBBEYDzIwMTYwNTI1MTAzNDIxWjANBgkq
hkiG9w0BAQsFAAOCAQEAZ9NGAk0prspheL6keNWNsNohrFAesMlvCM2nSZx+FUVV
xmvCtwcrw2rVqDDv6QoGZciSmDQcc3Uh3ZVg4yUwKRjHtubf9NUy2HWLXS12LzFX
BWL/wTl66s4h39o8CA9ov4ACA0oBGDwICUTiej2ylcFt3SgFW90GtWjCteFQQhaJ
1gKd49xG8NyohI38Y+DxlhtxGC/k+CKtTh5Z5DrhfZouP/SzpnvwLJcNspRCHcVH
xtsPJdsWJQa/JlVrZ7CHZJAS2L8N8Sp+tSKvaCrlvQiE+5XyHIHo0Odnj0mFBrgj
pYvHs+DJji/TB1jTUJqzCi4O0EF+MB9+Ooy3UuagPKCCBBYwggQSMIIEDjCCAvag
AwIBAgIMXtSB9stzQKEQKXPgMA0GCSqGSIb3DQEBCwUAMEwxCzAJBgNVBAYTAkJF
MRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMSIwIAYDVQQDExlBbHBoYVNTTCBD
QSAtIFNIQTI1NiAtIEcyMB4XDTE3MDUwNDA4MTMzOVoXDTE3MDgwNDA4MTMzOVow
dDELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExFTATBgNV
BAUTDDIwMTcwNTA0MDAyMDEzMDEGA1UEAxMqQWxwaGFTU0wgQ0EgLSBTSEEyNTYg
LSBHMiAtIE9DU1AgUmVzcG9uZGVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAwG4UX1bZE3hMp15gSSBzEIRgOnv5/goZKSwSEwQVA8YCBB3uHBsJdHNa
aQKPVJJ/UQgb/rFd/b6eMUZ8DGBA0cwSU45+Hu2WP5fjBfAwZwg9qXvGiqh1Bmus
wKrQ8Ow9Ar6hFTKpP0xdhsBzYFP4fVdmIAeJnZ+HiPNFf4z0x/KA6Xd45iRYK5VG
GprEG8GMbEtja9Q2Qq2c2kx3bSxCW5mCwcUizu48r2sNN8u9ryROc7XauXZfDHb6
mcInhTiTqipbXHYZ0aXR/qzQcvYGaVUYdMWVjGCI6VpdeqMUDfXqPO9qO1Mj3mXt
7/dFuOq325S6zYJDwLCO79BF+R2otwIDAQABo4HHMIHEMB0GA1UdDgQWBBTuXv/+
hdsmxib702mEEK0dDdPvWDAfBgNVHSMEGDAWgBT1zdU8CFD5ak86t5faVoPmadJo
9zAPBgkrBgEFBQcwAQUEAgUAMEwGA1UdIARFMEMwQQYJKwYBBAGgMgFfMDQwMgYI
KwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkv
MA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDCTANBgkqhkiG9w0B
AQsFAAOCAQEArhU70uE0eddxr/3MudBb4hJcs/DfUX1916IKqSdy34TIQDJnHA4d
L0kkKKXgFMhCyO5qUjehCXoZqd+vM3woJhKQZjgfqNvBagLy/mc7Inm7ocUIoDte
1Gfv0cgIi3/lOE+u9OI3ROU6Wt75G/UbdD6JVzJLL7N6kAVYt6HrMO1HOd8PHuVV
XsEn1BqprUOFFYbLuUk/96+QdtTH5kcPWj8no2YGD/mwItrQ4g0MCvvkQy6MGjdn
yXuMuc+ohtrnqag/wFhKGUj9KgRs9UOfeHvk/9E9M8siI96Aph0JOuo/r/2QyP+w
wHQRuo8eou38UCebWy0VRlfaqUuD2Euyuw==
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIEDjCCAvagAwIBAgIMXtSB9stzQKEQKXPgMA0GCSqGSIb3DQEBCwUAMEwxCzAJ
BgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMSIwIAYDVQQDExlB
bHBoYVNTTCBDQSAtIFNIQTI1NiAtIEcyMB4XDTE3MDUwNDA4MTMzOVoXDTE3MDgw
NDA4MTMzOVowdDELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYt
c2ExFTATBgNVBAUTDDIwMTcwNTA0MDAyMDEzMDEGA1UEAxMqQWxwaGFTU0wgQ0Eg
LSBTSEEyNTYgLSBHMiAtIE9DU1AgUmVzcG9uZGVyMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAwG4UX1bZE3hMp15gSSBzEIRgOnv5/goZKSwSEwQVA8YC
BB3uHBsJdHNaaQKPVJJ/UQgb/rFd/b6eMUZ8DGBA0cwSU45+Hu2WP5fjBfAwZwg9
qXvGiqh1BmuswKrQ8Ow9Ar6hFTKpP0xdhsBzYFP4fVdmIAeJnZ+HiPNFf4z0x/KA
6Xd45iRYK5VGGprEG8GMbEtja9Q2Qq2c2kx3bSxCW5mCwcUizu48r2sNN8u9ryRO
c7XauXZfDHb6mcInhTiTqipbXHYZ0aXR/qzQcvYGaVUYdMWVjGCI6VpdeqMUDfXq
PO9qO1Mj3mXt7/dFuOq325S6zYJDwLCO79BF+R2otwIDAQABo4HHMIHEMB0GA1Ud
DgQWBBTuXv/+hdsmxib702mEEK0dDdPvWDAfBgNVHSMEGDAWgBT1zdU8CFD5ak86
t5faVoPmadJo9zAPBgkrBgEFBQcwAQUEAgUAMEwGA1UdIARFMEMwQQYJKwYBBAGg
MgFfMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3Jl
cG9zaXRvcnkvMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDCTAN
BgkqhkiG9w0BAQsFAAOCAQEArhU70uE0eddxr/3MudBb4hJcs/DfUX1916IKqSdy
34TIQDJnHA4dL0kkKKXgFMhCyO5qUjehCXoZqd+vM3woJhKQZjgfqNvBagLy/mc7
Inm7ocUIoDte1Gfv0cgIi3/lOE+u9OI3ROU6Wt75G/UbdD6JVzJLL7N6kAVYt6Hr
MO1HOd8PHuVVXsEn1BqprUOFFYbLuUk/96+QdtTH5kcPWj8no2YGD/mwItrQ4g0M
CvvkQy6MGjdnyXuMuc+ohtrnqag/wFhKGUj9KgRs9UOfeHvk/9E9M8siI96Aph0J
Ouo/r/2QyP+wwHQRuo8eou38UCebWy0VRlfaqUuD2Euyuw==
-----END CERTIFICATE-----

Raw OCSP response headers

Cache-Control: [public, no-transform, must-revalidate]
Cf-Cache-Status: [HIT]
Cf-Ray: [3647d77b325221c8-EWR]
Content-Length: [1561]
Content-Type: [application/ocsp-response]
Date: [Thu, 25 May 2017 10:34:22 GMT]
Etag: ["dd101db446c7cbef4b3523a0c1504fd5752a51d3"]
Expires: [Mon, 29 May 2017 10:34:21 GMT]
Last-Modified: [Thu, 25 May 2017 10:34:21 GMT]
Server: [cloudflare-nginx]
Set-Cookie: [__cfduid=d299ec8c99c09666a1444d3446220d31c1495708461; expires=Fri, 25-May-18 10:34:21 GMT; path=/; domain=.globalsign.com; HttpOnly]
Vary: [Accept-Encoding]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • OCSP response is valid for at least 8 hours (Microsoft)
  • OCSP response is available at least 8 hours before the current period expires or at ½ the validity if valid for more than 16 hours (Microsoft)
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

AlphaSSL CA - SHA256 - G2 (CA Certificate)

Certificate details for AlphaSSL CA - SHA256 - G2 (At position 1 in certificate chain)
Serial number:
hex: 40000000001444ef03631
int: 4835703278459909592593969
Issued by: GlobalSign Root CA
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: GlobalSign nv-sa
Country: BE
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

This certificate contains no information about authoritative CRL(s) or OCSP servers

Check the revocation status for another website

Created by Paul van Brouwershaven
Revoked certificates can't and should not be trusted, these certificate will cause errors like "NET::ERR_CERT_REVOKED" in browsers.