CRL & OCSP report for wwwt.ks.bfs.admin.ch (Swiss Government PKI)

wwwt.ks.bfs.admin.ch

Certificate details for wwwt.ks.bfs.admin.ch (At position 0 in certificate chain)
Serial number:
hex: 1fa72d73dc90aaa36a12785fc4de4342
int: 42074103332640155035035610084806640450
Issued by: Swiss Government SSL CA 01
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: Swiss Government PKI
Organization unit: Servers
Organization unit: SSL
Country: CH
  • This certificate contains a link that needs to be downloaded via LDAP
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

Check certificate compliance for wwwt.ks.bfs.admin.ch.

Certificate Revocation List (CRL)

This CRL was cached at
ldap://www.pki.admin.ch:389/cn=Swiss%20Government%20SSL%20CA%2001,ou=Certification%20Authorities,ou=Services,o=Admin,c=CH

CRL information

Source: CRL Distribution Points in Certificate
Location: ldap://www.pki.admin.ch:389/cn=Swiss%20Government%20SSL%20CA%2001,ou=Certification%20Authorities,ou=Services,o=Admin,c=CH
Size: 0 bytes (DER data)
Response time: 0s

Raw CRL response headers

This CRL was cached at
http://www.pki.admin.ch/crl/SSLCA01.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://www.pki.admin.ch/crl/SSLCA01.crl
Size: 20055 bytes (DER data)
Response time: 455.050668ms
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 302

Relevant server response headers

Date:
Last Modified:

Raw CRL response headers

Accept-Ranges: [bytes]
Content-Length: [20055]
Content-Type: [application/pkix-crl]
Date: [Tue, 27 Jun 2017 02:10:06 GMT]
Etag: ["6cff8-4e57-552e57830b640"]
Last-Modified: [Mon, 26 Jun 2017 23:40:01 GMT]
Set-Cookie: [TS0117337a=01bb40729348e9dca870e08d922d03672f3d0fd6a2d22c5c345e8200d27c15abc3fb450a21279f9ae977e61de1b1835144c29bab73; Path=/]
  • Content-Type in response is set to 'application/pkix-crl (RFC 5280, section 4.2.1.13)'
  • This CRL file is DER encoded
  • Issuer field is byte-for-byte equivalent with issuers subject
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than seven days old, CRLs must be updated and reissued at least every seven days (Mozilla Maintenance Policy section 3)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is not the same as ThisUpdate (RFC 5019, section 6.2)
  • Expires cache header not set (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://www.pki.admin.ch/aia/ocsp (GET)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://www.pki.admin.ch/aia/ocsp (GET)
Size: 2314 bytes (DER data)
Response time: 356.915469ms
Signature algorithm: SHA256WithRSA
Signature type: CA Delegated
Signed by: Swiss Government OCSP
Issued by: Swiss Government SSL CA 01
Signing certificate validity: 2014-11-07 - 2017-11-06
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:

URL used for GET request

http://www.pki.admin.ch/aia/ocsp/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQE1AoW2XN4rFwi8khbpCibVKVjLAQU%2FDVeWB34UuAr6KyruYKtFRHW5s0CEB%2BnLXPckKqjahJ4X8TeQ0I%3D

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFEwTzBNMEswSTAJBgUrDgMCGgUABBQE1AoW2XN4rFwi8khbpCibVKVjLAQU/DVe
WB34UuAr6KyruYKtFRHW5s0CEB+nLXPckKqjahJ4X8TeQ0I=
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIJBgoBAKCCCP8wggj7BgkrBgEFBQcwAQEEggjsMIII6DCB6aFhMF8xCzAJBgNV
BAYTAkNIMR0wGwYDVQQKDBRTd2lzcyBHb3Zlcm5tZW50IFBLSTERMA8GA1UECwwI
U2VydmljZXMxHjAcBgNVBAMMFVN3aXNzIEdvdmVybm1lbnQgT0NTUBgPMjAxNzA2
MjcwMjEwMDZaMHMwcTBJMAkGBSsOAwIaBQAEFATUChbZc3isXCLySFukKJtUpWMs
BBT8NV5YHfhS4CvorKu5gq0VEdbmzQIQH6ctc9yQqqNqEnhfxN5DQoAAGA8yMDE3
MDYyNjAyNDcyNlqgERgPMjAxNzA3MDMwMjQ3MjZaMA0GCSqGSIb3DQEBCwUAA4IB
AQBP3AJAN+74drafA9yYFvo82zQ1nrl26/GHRnEizREE1Ofj0WQSSLaJkoYbvvna
tRGBuidQV80tMMqSSG73N8Gje51I8SMjV01ilWtwliG4qoQOwEd2c7g8JQuaUCEC
ojN6mxV8hVkOwdB4eswn249m4tllI3Tx0PL19yEeLpodeL45QZyzO1E6YFIuvROq
ivP5taDe63oMT2q9uiLhLV0f5nfnDhF1xJO4a4K+Wrnbe3HhAy+QCNao3M0Au1+R
y2r+bD1pktsyFEF/VHjpcd4ZhSAQB3X2UCAoBOme8dytkT/0Nu6s+6ucJ0bR5lgP
kgLnUt2LB9ZZ+4sIfFvebtQaoIIG5DCCBuAwggbcMIIExKADAgECAhA1M52RQ2hp
2PAM7GiTwND3MA0GCSqGSIb3DQEBCwUAMIGIMQswCQYDVQQGEwJDSDEdMBsGA1UE
ChMUU3dpc3MgR292ZXJubWVudCBQS0kxETAPBgNVBAsTCFNlcnZpY2VzMSIwIAYD
VQQLExlDZXJ0aWZpY2F0aW9uIEF1dGhvcml0aWVzMSMwIQYDVQQDExpTd2lzcyBH
b3Zlcm5tZW50IFNTTCBDQSAwMTAeFw0xNDExMDcwOTAwMTJaFw0xNzExMDYwOTAw
MTJaMF8xCzAJBgNVBAYTAkNIMR0wGwYDVQQKDBRTd2lzcyBHb3Zlcm5tZW50IFBL
STERMA8GA1UECwwIU2VydmljZXMxHjAcBgNVBAMMFVN3aXNzIEdvdmVybm1lbnQg
T0NTUDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALf0Tpr8SBSJm0J0
5aYlDASkOk00OzTdDGW1n6Fd8FVwR1hT2GT3Hb8wSKJnM8cwX5OJUrhFbm61xTU2
b0s6edQLrbTROcZ4H0iOhtXCvGxqEIshvSocqGbNqiymezNNgVyXzQ2wyXYv407M
jEWC+7ArLX9/O3MIs/DsJNAbNCHER5VCKYJ+ijCVkPrVS227Ael7e6qyvmbRhJD7
BIFkm41xw1IJOicSgj3W21LCFScJdlDFpeppAEaaYIKgD5ddjUk6w465nic3+ztU
MYcO4Q+KIPyOhahry2cQJfJS9GwtVbemMga1LsNpGDwOWrw8m89H9vuJO7np+YDq
fbi8XQ8CAwEAAaOCAmgwggJkMB8GA1UdIwQYMBaAFPw1Xlgd+FLgK+isq7mCrRUR
1ubNMB0GA1UdDgQWBBQqfac9ScXWcq79UMOIh/mCVeMt+zAMBgNVHRMBAf8EAjAA
MIHBBgNVHSAEgbkwgbYwgbMGCGCFdAERAxYEMIGmMEcGCCsGAQUFBwIBFjtodHRw
Oi8vd3d3LnBraS5hZG1pbi5jaC9wb2xpY3kvQ1BTXzJfMTZfNzU2XzFfMTdfM18y
MV8xLnBkZjBbBggrBgEFBQcCAjBPGk1UaGUgcHVycG9zZSBvZiB0aGlzIGNlcnRp
ZmljYXRlIGlzIHNvbGVseSBpbnRlbmRlZCBmb3Igc2lnbmluZyBvY3NwIHJlcXVl
c3RzLjCBtwYDVR0fBIGvMIGsMC2gK6AphidodHRwOi8vd3d3LnBraS5hZG1pbi5j
aC9jcmwvU1NMQ0EwMS5jcmwwe6B5oHeGdWxkYXA6Ly93d3cucGtpLmFkbWluLmNo
L2NuPVN3aXNzJTIwR292ZXJubWVudCUyMFNTTCUyMENBJTIwMDEsb3U9Q2VydGlm
aWNhdGlvbiUyMEF1dGhvcml0aWVzLG91PVNlcnZpY2VzLG89QWRtaW4sYz1DSDAO
BgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwkwcQYIKwYBBQUHAQEE
ZTBjMDMGCCsGAQUFBzAChidodHRwOi8vd3d3LnBraS5hZG1pbi5jaC9haWEvU1NM
Q0EwMS5jcnQwLAYIKwYBBQUHMAGGIGh0dHA6Ly93d3cucGtpLmFkbWluLmNoL2Fp
YS9vY3NwMA0GCSqGSIb3DQEBCwUAA4ICAQBodvcrusC9o8jNu7JkJEx9uQmnxvbe
E5bof83fXWldELuNSDM2oR3CHt9ygN4b/iE2Xbg4lb0+YMCCJPp093dJoZeVgfCf
LV9dUdwT2m9x5O2tRjN4GpdimdUP/lKmlq+kNKsQso8Ax6neq5exAjl/GtOX2bai
GWfNIqd1Jgsq4zlyxR5csnpRTgiropDEoC3tSsnpsRNGHMqlHMNOOqK9DbWOKq5s
C96DB4AAXUT7iCQwFQr1T9cNqfoGOo6qkyRAtwpPQF8UktFBHwmoQpAB0haAN6cQ
xtCb/rLaC6yimNRvGHVPI3ql4lqQxWXnL+PQeJIXUKMwURA1mphK6iyBczm9ppkF
9XS9gW74dcldZ1USVkfu2nWoWv60uRmY972Blk3ORhV95fVeBO6nMVXVDkZXb27M
FXurXuh3kIN5xWYOFlqgdmPKHbWbjH/bsM2NLjLtHpMRZqZzN3gsGNwdx3Iwan2j
MU2f6Wp31xi/p7S8Ntv3jGkFjQAt4oSHhhzPER32UaHxdW0ssOciMqiUkPDeQdd+
PLKKZNX8b6b/YdhMzROQJ/AKH2jDHP5aOvv/Yqds47rC9+Ucu0IQJ7okaTNV3sDZ
g0RdHuY/rZz85QCAtKAeFVR6FwAMLW+We1dPI4+RlkM1eonH17yxBczfHZIQsnm+
AYl1k4FzoN8/mA==
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIG3DCCBMSgAwIBAgIQNTOdkUNoadjwDOxok8DQ9zANBgkqhkiG9w0BAQsFADCB
iDELMAkGA1UEBhMCQ0gxHTAbBgNVBAoTFFN3aXNzIEdvdmVybm1lbnQgUEtJMREw
DwYDVQQLEwhTZXJ2aWNlczEiMCAGA1UECxMZQ2VydGlmaWNhdGlvbiBBdXRob3Jp
dGllczEjMCEGA1UEAxMaU3dpc3MgR292ZXJubWVudCBTU0wgQ0EgMDEwHhcNMTQx
MTA3MDkwMDEyWhcNMTcxMTA2MDkwMDEyWjBfMQswCQYDVQQGEwJDSDEdMBsGA1UE
CgwUU3dpc3MgR292ZXJubWVudCBQS0kxETAPBgNVBAsMCFNlcnZpY2VzMR4wHAYD
VQQDDBVTd2lzcyBHb3Zlcm5tZW50IE9DU1AwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC39E6a/EgUiZtCdOWmJQwEpDpNNDs03QxltZ+hXfBVcEdYU9hk
9x2/MEiiZzPHMF+TiVK4RW5utcU1Nm9LOnnUC6200TnGeB9IjobVwrxsahCLIb0q
HKhmzaospnszTYFcl80NsMl2L+NOzIxFgvuwKy1/fztzCLPw7CTQGzQhxEeVQimC
foowlZD61UttuwHpe3uqsr5m0YSQ+wSBZJuNccNSCTonEoI91ttSwhUnCXZQxaXq
aQBGmmCCoA+XXY1JOsOOuZ4nN/s7VDGHDuEPiiD8joWoa8tnECXyUvRsLVW3pjIG
tS7DaRg8Dlq8PJvPR/b7iTu56fmA6n24vF0PAgMBAAGjggJoMIICZDAfBgNVHSME
GDAWgBT8NV5YHfhS4CvorKu5gq0VEdbmzTAdBgNVHQ4EFgQUKn2nPUnF1nKu/VDD
iIf5glXjLfswDAYDVR0TAQH/BAIwADCBwQYDVR0gBIG5MIG2MIGzBghghXQBEQMW
BDCBpjBHBggrBgEFBQcCARY7aHR0cDovL3d3dy5wa2kuYWRtaW4uY2gvcG9saWN5
L0NQU18yXzE2Xzc1Nl8xXzE3XzNfMjFfMS5wZGYwWwYIKwYBBQUHAgIwTxpNVGhl
IHB1cnBvc2Ugb2YgdGhpcyBjZXJ0aWZpY2F0ZSBpcyBzb2xlbHkgaW50ZW5kZWQg
Zm9yIHNpZ25pbmcgb2NzcCByZXF1ZXN0cy4wgbcGA1UdHwSBrzCBrDAtoCugKYYn
aHR0cDovL3d3dy5wa2kuYWRtaW4uY2gvY3JsL1NTTENBMDEuY3JsMHugeaB3hnVs
ZGFwOi8vd3d3LnBraS5hZG1pbi5jaC9jbj1Td2lzcyUyMEdvdmVybm1lbnQlMjBT
U0wlMjBDQSUyMDAxLG91PUNlcnRpZmljYXRpb24lMjBBdXRob3JpdGllcyxvdT1T
ZXJ2aWNlcyxvPUFkbWluLGM9Q0gwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoG
CCsGAQUFBwMJMHEGCCsGAQUFBwEBBGUwYzAzBggrBgEFBQcwAoYnaHR0cDovL3d3
dy5wa2kuYWRtaW4uY2gvYWlhL1NTTENBMDEuY3J0MCwGCCsGAQUFBzABhiBodHRw
Oi8vd3d3LnBraS5hZG1pbi5jaC9haWEvb2NzcDANBgkqhkiG9w0BAQsFAAOCAgEA
aHb3K7rAvaPIzbuyZCRMfbkJp8b23hOW6H/N311pXRC7jUgzNqEdwh7fcoDeG/4h
Nl24OJW9PmDAgiT6dPd3SaGXlYHwny1fXVHcE9pvceTtrUYzeBqXYpnVD/5Sppav
pDSrELKPAMep3quXsQI5fxrTl9m2ohlnzSKndSYLKuM5csUeXLJ6UU4Iq6KQxKAt
7UrJ6bETRhzKpRzDTjqivQ21jiqubAvegweAAF1E+4gkMBUK9U/XDan6BjqOqpMk
QLcKT0BfFJLRQR8JqEKQAdIWgDenEMbQm/6y2gusopjUbxh1TyN6peJakMVl5y/j
0HiSF1CjMFEQNZqYSuosgXM5vaaZBfV0vYFu+HXJXWdVElZH7tp1qFr+tLkZmPe9
gZZNzkYVfeX1XgTupzFV1Q5GV29uzBV7q17od5CDecVmDhZaoHZjyh21m4x/27DN
jS4y7R6TEWamczd4LBjcHcdyMGp9ozFNn+lqd9cYv6e0vDbb94xpBY0ALeKEh4Yc
zxEd9lGh8XVtLLDnIjKolJDw3kHXfjyyimTV/G+m/2HYTM0TkCfwCh9owxz+Wjr7
/2KnbOO6wvflHLtCECe6JGkzVd7A2YNEXR7mP62c/OUAgLSgHhVUehcADC1vlntX
TyOPkZZDNXqJx9e8sQXM3x2SELJ5vgGJdZOBc6DfP5g=
-----END CERTIFICATE-----

Raw OCSP response headers

Content-Type: [application/ocsp-response]
Date: [Tue, 27 Jun 2017 02:10:06 GMT]
Set-Cookie: [TS0117337a=01bb4072938039f2085ee04a6b80340f8f6f756ab2604318479e935b25b26b71578748734ce518af36fce401f04d4dd2e5be934e79; Path=/]
  • OCSP requests is smaller than 255 bytes
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does not contain the OCSP No Check extension
  • OCSP response is valid for at least 8 hours (Microsoft)
  • OCSP response is available at least 8 hours before the current period expires or at ½ the validity if valid for more than 16 hours (Microsoft)
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified cache header not set (RFC 5019, section 6.2)
  • Expires cache header not set (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)
This OCSP response was cached at
http://www.pki.admin.ch/aia/ocsp (POST)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://www.pki.admin.ch/aia/ocsp (POST)
Size: 2314 bytes (DER data)
Response time: 440.81441ms
Signature algorithm: SHA256WithRSA
Signature type: CA Delegated
Signed by: Swiss Government OCSP
Issued by: Swiss Government SSL CA 01
Signing certificate validity: 2014-11-07 - 2017-11-06
Signing certificate algorithm: SHA256-RSA
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFEwTzBNMEswSTAJBgUrDgMCGgUABBQE1AoW2XN4rFwi8khbpCibVKVjLAQU/DVe
WB34UuAr6KyruYKtFRHW5s0CEB+nLXPckKqjahJ4X8TeQ0I=
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIJBgoBAKCCCP8wggj7BgkrBgEFBQcwAQEEggjsMIII6DCB6aFhMF8xCzAJBgNV
BAYTAkNIMR0wGwYDVQQKDBRTd2lzcyBHb3Zlcm5tZW50IFBLSTERMA8GA1UECwwI
U2VydmljZXMxHjAcBgNVBAMMFVN3aXNzIEdvdmVybm1lbnQgT0NTUBgPMjAxNzA2
MjcwMjEwMDdaMHMwcTBJMAkGBSsOAwIaBQAEFATUChbZc3isXCLySFukKJtUpWMs
BBT8NV5YHfhS4CvorKu5gq0VEdbmzQIQH6ctc9yQqqNqEnhfxN5DQoAAGA8yMDE3
MDYyNjAyNDcyNlqgERgPMjAxNzA3MDMwMjQ3MjZaMA0GCSqGSIb3DQEBCwUAA4IB
AQAp5Dey+Gh5Q016R0hvYfMzANHNjmuoeV0jeQetE4lQ72+2r1ERlRBH65Sj4UAo
nWgz5qjMT6G2C+BG8zR4fIskHj5y+tXgiegB0LK+qcXEhq26DGO8YOyHEM9fMSTI
gVt+7vccXK+hYNNZ6qrxH8dGt1u1PDLuqjtsNFnhYK/mhuPcJvv4MRuYz3VjOyNv
ljfgp3GZkBO2ik4F8onRxRV4LVu9XqpMlnpFTgdSVg0IOU5jfSesW1X/wVmCDmAr
R6Ae44XhbPxz0TI/6EK6H1bFcY3BMw/2J08TO3TiG7XfPOjbA3atdD2JAy5fh5gA
wvainO3X1jrSkxAsHbKb1OF7oIIG5DCCBuAwggbcMIIExKADAgECAhA1M52RQ2hp
2PAM7GiTwND3MA0GCSqGSIb3DQEBCwUAMIGIMQswCQYDVQQGEwJDSDEdMBsGA1UE
ChMUU3dpc3MgR292ZXJubWVudCBQS0kxETAPBgNVBAsTCFNlcnZpY2VzMSIwIAYD
VQQLExlDZXJ0aWZpY2F0aW9uIEF1dGhvcml0aWVzMSMwIQYDVQQDExpTd2lzcyBH
b3Zlcm5tZW50IFNTTCBDQSAwMTAeFw0xNDExMDcwOTAwMTJaFw0xNzExMDYwOTAw
MTJaMF8xCzAJBgNVBAYTAkNIMR0wGwYDVQQKDBRTd2lzcyBHb3Zlcm5tZW50IFBL
STERMA8GA1UECwwIU2VydmljZXMxHjAcBgNVBAMMFVN3aXNzIEdvdmVybm1lbnQg
T0NTUDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALf0Tpr8SBSJm0J0
5aYlDASkOk00OzTdDGW1n6Fd8FVwR1hT2GT3Hb8wSKJnM8cwX5OJUrhFbm61xTU2
b0s6edQLrbTROcZ4H0iOhtXCvGxqEIshvSocqGbNqiymezNNgVyXzQ2wyXYv407M
jEWC+7ArLX9/O3MIs/DsJNAbNCHER5VCKYJ+ijCVkPrVS227Ael7e6qyvmbRhJD7
BIFkm41xw1IJOicSgj3W21LCFScJdlDFpeppAEaaYIKgD5ddjUk6w465nic3+ztU
MYcO4Q+KIPyOhahry2cQJfJS9GwtVbemMga1LsNpGDwOWrw8m89H9vuJO7np+YDq
fbi8XQ8CAwEAAaOCAmgwggJkMB8GA1UdIwQYMBaAFPw1Xlgd+FLgK+isq7mCrRUR
1ubNMB0GA1UdDgQWBBQqfac9ScXWcq79UMOIh/mCVeMt+zAMBgNVHRMBAf8EAjAA
MIHBBgNVHSAEgbkwgbYwgbMGCGCFdAERAxYEMIGmMEcGCCsGAQUFBwIBFjtodHRw
Oi8vd3d3LnBraS5hZG1pbi5jaC9wb2xpY3kvQ1BTXzJfMTZfNzU2XzFfMTdfM18y
MV8xLnBkZjBbBggrBgEFBQcCAjBPGk1UaGUgcHVycG9zZSBvZiB0aGlzIGNlcnRp
ZmljYXRlIGlzIHNvbGVseSBpbnRlbmRlZCBmb3Igc2lnbmluZyBvY3NwIHJlcXVl
c3RzLjCBtwYDVR0fBIGvMIGsMC2gK6AphidodHRwOi8vd3d3LnBraS5hZG1pbi5j
aC9jcmwvU1NMQ0EwMS5jcmwwe6B5oHeGdWxkYXA6Ly93d3cucGtpLmFkbWluLmNo
L2NuPVN3aXNzJTIwR292ZXJubWVudCUyMFNTTCUyMENBJTIwMDEsb3U9Q2VydGlm
aWNhdGlvbiUyMEF1dGhvcml0aWVzLG91PVNlcnZpY2VzLG89QWRtaW4sYz1DSDAO
BgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwkwcQYIKwYBBQUHAQEE
ZTBjMDMGCCsGAQUFBzAChidodHRwOi8vd3d3LnBraS5hZG1pbi5jaC9haWEvU1NM
Q0EwMS5jcnQwLAYIKwYBBQUHMAGGIGh0dHA6Ly93d3cucGtpLmFkbWluLmNoL2Fp
YS9vY3NwMA0GCSqGSIb3DQEBCwUAA4ICAQBodvcrusC9o8jNu7JkJEx9uQmnxvbe
E5bof83fXWldELuNSDM2oR3CHt9ygN4b/iE2Xbg4lb0+YMCCJPp093dJoZeVgfCf
LV9dUdwT2m9x5O2tRjN4GpdimdUP/lKmlq+kNKsQso8Ax6neq5exAjl/GtOX2bai
GWfNIqd1Jgsq4zlyxR5csnpRTgiropDEoC3tSsnpsRNGHMqlHMNOOqK9DbWOKq5s
C96DB4AAXUT7iCQwFQr1T9cNqfoGOo6qkyRAtwpPQF8UktFBHwmoQpAB0haAN6cQ
xtCb/rLaC6yimNRvGHVPI3ql4lqQxWXnL+PQeJIXUKMwURA1mphK6iyBczm9ppkF
9XS9gW74dcldZ1USVkfu2nWoWv60uRmY972Blk3ORhV95fVeBO6nMVXVDkZXb27M
FXurXuh3kIN5xWYOFlqgdmPKHbWbjH/bsM2NLjLtHpMRZqZzN3gsGNwdx3Iwan2j
MU2f6Wp31xi/p7S8Ntv3jGkFjQAt4oSHhhzPER32UaHxdW0ssOciMqiUkPDeQdd+
PLKKZNX8b6b/YdhMzROQJ/AKH2jDHP5aOvv/Yqds47rC9+Ucu0IQJ7okaTNV3sDZ
g0RdHuY/rZz85QCAtKAeFVR6FwAMLW+We1dPI4+RlkM1eonH17yxBczfHZIQsnm+
AYl1k4FzoN8/mA==
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIG3DCCBMSgAwIBAgIQNTOdkUNoadjwDOxok8DQ9zANBgkqhkiG9w0BAQsFADCB
iDELMAkGA1UEBhMCQ0gxHTAbBgNVBAoTFFN3aXNzIEdvdmVybm1lbnQgUEtJMREw
DwYDVQQLEwhTZXJ2aWNlczEiMCAGA1UECxMZQ2VydGlmaWNhdGlvbiBBdXRob3Jp
dGllczEjMCEGA1UEAxMaU3dpc3MgR292ZXJubWVudCBTU0wgQ0EgMDEwHhcNMTQx
MTA3MDkwMDEyWhcNMTcxMTA2MDkwMDEyWjBfMQswCQYDVQQGEwJDSDEdMBsGA1UE
CgwUU3dpc3MgR292ZXJubWVudCBQS0kxETAPBgNVBAsMCFNlcnZpY2VzMR4wHAYD
VQQDDBVTd2lzcyBHb3Zlcm5tZW50IE9DU1AwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC39E6a/EgUiZtCdOWmJQwEpDpNNDs03QxltZ+hXfBVcEdYU9hk
9x2/MEiiZzPHMF+TiVK4RW5utcU1Nm9LOnnUC6200TnGeB9IjobVwrxsahCLIb0q
HKhmzaospnszTYFcl80NsMl2L+NOzIxFgvuwKy1/fztzCLPw7CTQGzQhxEeVQimC
foowlZD61UttuwHpe3uqsr5m0YSQ+wSBZJuNccNSCTonEoI91ttSwhUnCXZQxaXq
aQBGmmCCoA+XXY1JOsOOuZ4nN/s7VDGHDuEPiiD8joWoa8tnECXyUvRsLVW3pjIG
tS7DaRg8Dlq8PJvPR/b7iTu56fmA6n24vF0PAgMBAAGjggJoMIICZDAfBgNVHSME
GDAWgBT8NV5YHfhS4CvorKu5gq0VEdbmzTAdBgNVHQ4EFgQUKn2nPUnF1nKu/VDD
iIf5glXjLfswDAYDVR0TAQH/BAIwADCBwQYDVR0gBIG5MIG2MIGzBghghXQBEQMW
BDCBpjBHBggrBgEFBQcCARY7aHR0cDovL3d3dy5wa2kuYWRtaW4uY2gvcG9saWN5
L0NQU18yXzE2Xzc1Nl8xXzE3XzNfMjFfMS5wZGYwWwYIKwYBBQUHAgIwTxpNVGhl
IHB1cnBvc2Ugb2YgdGhpcyBjZXJ0aWZpY2F0ZSBpcyBzb2xlbHkgaW50ZW5kZWQg
Zm9yIHNpZ25pbmcgb2NzcCByZXF1ZXN0cy4wgbcGA1UdHwSBrzCBrDAtoCugKYYn
aHR0cDovL3d3dy5wa2kuYWRtaW4uY2gvY3JsL1NTTENBMDEuY3JsMHugeaB3hnVs
ZGFwOi8vd3d3LnBraS5hZG1pbi5jaC9jbj1Td2lzcyUyMEdvdmVybm1lbnQlMjBT
U0wlMjBDQSUyMDAxLG91PUNlcnRpZmljYXRpb24lMjBBdXRob3JpdGllcyxvdT1T
ZXJ2aWNlcyxvPUFkbWluLGM9Q0gwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoG
CCsGAQUFBwMJMHEGCCsGAQUFBwEBBGUwYzAzBggrBgEFBQcwAoYnaHR0cDovL3d3
dy5wa2kuYWRtaW4uY2gvYWlhL1NTTENBMDEuY3J0MCwGCCsGAQUFBzABhiBodHRw
Oi8vd3d3LnBraS5hZG1pbi5jaC9haWEvb2NzcDANBgkqhkiG9w0BAQsFAAOCAgEA
aHb3K7rAvaPIzbuyZCRMfbkJp8b23hOW6H/N311pXRC7jUgzNqEdwh7fcoDeG/4h
Nl24OJW9PmDAgiT6dPd3SaGXlYHwny1fXVHcE9pvceTtrUYzeBqXYpnVD/5Sppav
pDSrELKPAMep3quXsQI5fxrTl9m2ohlnzSKndSYLKuM5csUeXLJ6UU4Iq6KQxKAt
7UrJ6bETRhzKpRzDTjqivQ21jiqubAvegweAAF1E+4gkMBUK9U/XDan6BjqOqpMk
QLcKT0BfFJLRQR8JqEKQAdIWgDenEMbQm/6y2gusopjUbxh1TyN6peJakMVl5y/j
0HiSF1CjMFEQNZqYSuosgXM5vaaZBfV0vYFu+HXJXWdVElZH7tp1qFr+tLkZmPe9
gZZNzkYVfeX1XgTupzFV1Q5GV29uzBV7q17od5CDecVmDhZaoHZjyh21m4x/27DN
jS4y7R6TEWamczd4LBjcHcdyMGp9ozFNn+lqd9cYv6e0vDbb94xpBY0ALeKEh4Yc
zxEd9lGh8XVtLLDnIjKolJDw3kHXfjyyimTV/G+m/2HYTM0TkCfwCh9owxz+Wjr7
/2KnbOO6wvflHLtCECe6JGkzVd7A2YNEXR7mP62c/OUAgLSgHhVUehcADC1vlntX
TyOPkZZDNXqJx9e8sQXM3x2SELJ5vgGJdZOBc6DfP5g=
-----END CERTIFICATE-----

Raw OCSP response headers

Content-Type: [application/ocsp-response]
Date: [Tue, 27 Jun 2017 02:10:06 GMT]
Set-Cookie: [TS0117337a=01bb407293ddee2402a1cd3ccf63ce061935962627993218d3807535c1771959ccbc244f1bc59e75993b830ba6a79cf9dbef5d2a81; Path=/]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate does not expire before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does not contain the OCSP No Check extension
  • OCSP response is valid for at least 8 hours (Microsoft)
  • OCSP response is available at least 8 hours before the current period expires or at ½ the validity if valid for more than 16 hours (Microsoft)
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified cache header not set (RFC 5019, section 6.2)
  • Expires cache header not set (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

Swiss Government SSL CA 01 (CA Certificate)

Certificate details for Swiss Government SSL CA 01 (At position 1 in certificate chain)
Serial number:
hex: 727b609
int: 120043017
Issued by: Baltimore CyberTrust Root
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: Swiss Government PKI
Organization unit: Services
Organization unit: Certification Authorities
Country: CH
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

Certificate Revocation List (CRL)

This CRL was cached at
http://cdp1.public-trust.com/CRL/Omniroot2025.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://cdp1.public-trust.com/CRL/Omniroot2025.crl
Size: 3869 bytes (DER data)
Response time: 11.04696ms
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 126

Relevant server response headers

Date:
Last Modified:

Server and network information

Server Software: ECS (lga/1390)
Cache Information: HIT

Raw CRL response headers

Accept-Ranges: [bytes]
Content-Length: [3869]
Content-Type: [application/x-pkcs7-crl]
Date: [Tue, 27 Jun 2017 02:10:06 GMT]
Etag: ["200c0-f1d-552672eafa7c0"]
Last-Modified: [Tue, 20 Jun 2017 17:00:01 GMT]
Server: [ECS (lga/1390)]
X-Cache: [HIT]
  • Content-Type in response is set 'application/x-pkcs7-crl' and should be replaced with 'application/pkix-crl' (RFC 5280, section 4.2.1.13)
  • This CRL file is DER encoded
  • Issuer field is byte-for-byte equivalent with issuers subject
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is not the same as ThisUpdate (RFC 5019, section 6.2)
  • Expires cache header not set (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://ocsp.omniroot.com/baltimoreroot (GET)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp.omniroot.com/baltimoreroot (GET)
Size: 3332 bytes (DER data)
Response time: 11.570581ms
Signature algorithm: SHA1WithRSA
Signature type: CA Delegated
Signed by: Cybertrust Validation 2015
Issued by: Baltimore CyberTrust Root
Signing certificate validity: 2015-09-09 - 2017-09-09
Signing certificate algorithm: SHA1-RSA
Reported statuses: 20
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:

Server and network information

Server Software: ECS (lga/1395)
Cache Information: HIT

URL used for GET request

http://ocsp.omniroot.com/baltimoreroot/MEUwQzBBMD8wPTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACBAcntgk%3D

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MEUwQzBBMD8wPTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom/nYB45SPUEwQU5Z1Z
MIJHWMys+ghUNoZ7OrUETfACBAcntgk=
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIINAAoBAKCCDPkwggz1BgkrBgEFBQcwAQEEggzmMIIM4jCCCDmiFgQUYDu7bOx1
Wh6ta6BG5gRefEHPVGIYDzIwMTcwNjIyMTU1NTQ1WjCCCAwwZTA9MAkGBSsOAwIa
BQAEFMEvRXbtFVnssF26ib+dgHjlI9QTBBTlnVkwgkdYzKz6CFQ2hns6tQRN8AIE
Bye19oAAGA8yMDE3MDYyMDE1NTU1MlqgERgPMjAxNzA5MTUxNTU1NTJaMGUwPTAJ
BgUrDgMCGgUABBTBL0V27RVZ7LBduom/nYB45SPUEwQU5Z1ZMIJHWMys+ghUNoZ7
OrUETfACBAcntfeAABgPMjAxNzA2MjAxNTU1NTJaoBEYDzIwMTcwOTE1MTU1NTUy
WjBlMD0wCQYFKw4DAhoFAAQUwS9Fdu0VWeywXbqJv52AeOUj1BMEFOWdWTCCR1jM
rPoIVDaGezq1BE3wAgQHJ7X4gAAYDzIwMTcwNjIwMTU1NTUyWqARGA8yMDE3MDkx
NTE1NTU1MlowZTA9MAkGBSsOAwIaBQAEFMEvRXbtFVnssF26ib+dgHjlI9QTBBTl
nVkwgkdYzKz6CFQ2hns6tQRN8AIEBye1+YAAGA8yMDE3MDYyMDE1NTU1MlqgERgP
MjAxNzA5MTUxNTU1NTJaMGUwPTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom/nYB4
5SPUEwQU5Z1ZMIJHWMys+ghUNoZ7OrUETfACBAcntfqAABgPMjAxNzA2MjAxNTU1
NTJaoBEYDzIwMTcwOTE1MTU1NTUyWjBlMD0wCQYFKw4DAhoFAAQUwS9Fdu0VWeyw
XbqJv52AeOUj1BMEFOWdWTCCR1jMrPoIVDaGezq1BE3wAgQHJ7X7gAAYDzIwMTcw
NjIwMTU1NTUyWqARGA8yMDE3MDkxNTE1NTU1MlowZTA9MAkGBSsOAwIaBQAEFMEv
RXbtFVnssF26ib+dgHjlI9QTBBTlnVkwgkdYzKz6CFQ2hns6tQRN8AIEBye1/IAA
GA8yMDE3MDYyMDE1NTU1MlqgERgPMjAxNzA5MTUxNTU1NTJaMGUwPTAJBgUrDgMC
GgUABBTBL0V27RVZ7LBduom/nYB45SPUEwQU5Z1ZMIJHWMys+ghUNoZ7OrUETfAC
BAcntf2AABgPMjAxNzA2MjAxNTU1NTJaoBEYDzIwMTcwOTE1MTU1NTUyWjBlMD0w
CQYFKw4DAhoFAAQUwS9Fdu0VWeywXbqJv52AeOUj1BMEFOWdWTCCR1jMrPoIVDaG
ezq1BE3wAgQHJ7X+gAAYDzIwMTcwNjIwMTU1NTUyWqARGA8yMDE3MDkxNTE1NTU1
MlowZTA9MAkGBSsOAwIaBQAEFMEvRXbtFVnssF26ib+dgHjlI9QTBBTlnVkwgkdY
zKz6CFQ2hns6tQRN8AIEBye1/4AAGA8yMDE3MDYyMDE1NTU1MlqgERgPMjAxNzA5
MTUxNTU1NTJaMGUwPTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom/nYB45SPUEwQU
5Z1ZMIJHWMys+ghUNoZ7OrUETfACBAcntgCAABgPMjAxNzA2MjAxNTU1NTJaoBEY
DzIwMTcwOTE1MTU1NTUyWjBlMD0wCQYFKw4DAhoFAAQUwS9Fdu0VWeywXbqJv52A
eOUj1BMEFOWdWTCCR1jMrPoIVDaGezq1BE3wAgQHJ7YBgAAYDzIwMTcwNjIwMTU1
NTUyWqARGA8yMDE3MDkxNTE1NTU1MlowZTA9MAkGBSsOAwIaBQAEFMEvRXbtFVns
sF26ib+dgHjlI9QTBBTlnVkwgkdYzKz6CFQ2hns6tQRN8AIEBye2AoAAGA8yMDE3
MDYyMDE1NTU1MlqgERgPMjAxNzA5MTUxNTU1NTJaMGUwPTAJBgUrDgMCGgUABBTB
L0V27RVZ7LBduom/nYB45SPUEwQU5Z1ZMIJHWMys+ghUNoZ7OrUETfACBAcntgOA
ABgPMjAxNzA2MjAxNTU1NTJaoBEYDzIwMTcwOTE1MTU1NTUyWjBlMD0wCQYFKw4D
AhoFAAQUwS9Fdu0VWeywXbqJv52AeOUj1BMEFOWdWTCCR1jMrPoIVDaGezq1BE3w
AgQHJ7YEgAAYDzIwMTcwNjIwMTU1NTUyWqARGA8yMDE3MDkxNTE1NTU1MlowZTA9
MAkGBSsOAwIaBQAEFMEvRXbtFVnssF26ib+dgHjlI9QTBBTlnVkwgkdYzKz6CFQ2
hns6tQRN8AIEBye2BYAAGA8yMDE3MDYyMDE1NTU1MlqgERgPMjAxNzA5MTUxNTU1
NTJaMGUwPTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom/nYB45SPUEwQU5Z1ZMIJH
WMys+ghUNoZ7OrUETfACBAcntgaAABgPMjAxNzA2MjAxNTU1NTJaoBEYDzIwMTcw
OTE1MTU1NTUyWjBlMD0wCQYFKw4DAhoFAAQUwS9Fdu0VWeywXbqJv52AeOUj1BME
FOWdWTCCR1jMrPoIVDaGezq1BE3wAgQHJ7YHgAAYDzIwMTcwNjIwMTU1NTUyWqAR
GA8yMDE3MDkxNTE1NTU1MlowZTA9MAkGBSsOAwIaBQAEFMEvRXbtFVnssF26ib+d
gHjlI9QTBBTlnVkwgkdYzKz6CFQ2hns6tQRN8AIEBye2CIAAGA8yMDE3MDYyMDE1
NTU1MlqgERgPMjAxNzA5MTUxNTU1NTJaMGUwPTAJBgUrDgMCGgUABBTBL0V27RVZ
7LBduom/nYB45SPUEwQU5Z1ZMIJHWMys+ghUNoZ7OrUETfACBAcntgmAABgPMjAx
NzA2MjAxNTU1NTJaoBEYDzIwMTcwOTE1MTU1NTUyWjANBgkqhkiG9w0BAQUFAAOC
AQEAGvTGvVG3kY4E2c3Msmt4hnJpaEixK9sVp1WeJCp3byAycGHXjEZ/dCaZDk6d
NVRrwgLIexYt8ONROLb7kQjO+L6vdzSuEX8f1IBdkXQLsaGFnI/iSrzbPJHB8hID
QZPMlGABRS9lHNSBG6HRxBmnahFdT/TOwisGsvaExDAcyWorgEUZqJLrYmMPCq+c
c/aCjoAU/Pa3sXJmrPMDR+WYvHsIy5xT6GmRYyPlwUaaFF+bbhwCLUMfHKHezJT3
8Ab70mtoG9LO5nZlg+v8g5AJhPXs7LFdcVYwpU7A0JukNYZjXLInfwexlfFsjwGJ
n2bOJL1ak5JFXSkpkTYJ3ZLCcqCCA40wggOJMIIDhTCCAm2gAwIBAgIEByfTTDAN
BgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJJRTESMBAGA1UEChMJQmFsdGltb3Jl
MRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYDVQQDExlCYWx0aW1vcmUgQ3liZXJU
cnVzdCBSb290MB4XDTE1MDkwOTE3NDYwM1oXDTE3MDkwOTE3NDUzNlowJTEjMCEG
A1UEAxMaQ3liZXJ0cnVzdCBWYWxpZGF0aW9uIDIwMTUwggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQCUPwX7srkoRmK/GLKvR5MFtSCSEj3AxShMxOZ3S9bB
sjA07JRJhO670on3Q3+7BjGJWhKF+YWiDFUVJGL1ZtAfUGGT0AaZvVMbi7Yj2alC
pO6k+vn35KuzXlTMHUlQOAG/14mLgY0SlBFoOEdN3JwqtzTPTVCptr33L0Q0bgI9
WlRlSINCPWtPVMB2HAEyQEbSMkzLi0G0p4B5brg02fAX6w6uZlCnzP9MoxT3Muh4
0Oj/ySTAvUBAoOWot3EyGKvGVWJ5ymUOBY4e7O5EDNSiF2xmhoyFQ7UZ4n9aUH1P
4tDAENvjN4Lvu21NCOJjo2e852qDXOw+4U8YneflR99BAgMBAAGjgYcwgYQwDwYJ
KwYBBQUHMAEFBAIFADAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIHgDATBgNV
HSUEDDAKBggrBgEFBQcDCTAfBgNVHSMEGDAWgBTlnVkwgkdYzKz6CFQ2hns6tQRN
8DAdBgNVHQ4EFgQUYDu7bOx1Wh6ta6BG5gRefEHPVGIwDQYJKoZIhvcNAQEFBQAD
ggEBAHxd07D/YGvcbvnKj5X0no6nMM1BDVCzw048K/FfPikXw3lTvwFSVj8Wr7xV
mML84JM0QlGspBLKTIBCQUTxYM9XSWR/C//rKhLNsTtagU2JidhLC/BTkmzRZpFx
vcGkuD4MYvDbZGz+Ly6n+cJIPLpGOYz5lPvIVpg0FMKd+k8Z7zWEpN3Luy3swPVX
lYDZgzTILNZrpc2vWQtSDw29BoHwBN+gnloX4ilqvXLrBcO+Blapcw5FUWzxPG5I
T+j9DNu6ltgDpUNJL01703KgyawUM7DS8H0UboAqgTydDfb/DhXDs2dexEKelh5Q
v1gXsOqXC7hkRbAIkQMC1xsrfbE=
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIDhTCCAm2gAwIBAgIEByfTTDANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJJ
RTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYD
VQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTE1MDkwOTE3NDYwM1oX
DTE3MDkwOTE3NDUzNlowJTEjMCEGA1UEAxMaQ3liZXJ0cnVzdCBWYWxpZGF0aW9u
IDIwMTUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCUPwX7srkoRmK/
GLKvR5MFtSCSEj3AxShMxOZ3S9bBsjA07JRJhO670on3Q3+7BjGJWhKF+YWiDFUV
JGL1ZtAfUGGT0AaZvVMbi7Yj2alCpO6k+vn35KuzXlTMHUlQOAG/14mLgY0SlBFo
OEdN3JwqtzTPTVCptr33L0Q0bgI9WlRlSINCPWtPVMB2HAEyQEbSMkzLi0G0p4B5
brg02fAX6w6uZlCnzP9MoxT3Muh40Oj/ySTAvUBAoOWot3EyGKvGVWJ5ymUOBY4e
7O5EDNSiF2xmhoyFQ7UZ4n9aUH1P4tDAENvjN4Lvu21NCOJjo2e852qDXOw+4U8Y
neflR99BAgMBAAGjgYcwgYQwDwYJKwYBBQUHMAEFBAIFADAMBgNVHRMBAf8EAjAA
MA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDCTAfBgNVHSMEGDAW
gBTlnVkwgkdYzKz6CFQ2hns6tQRN8DAdBgNVHQ4EFgQUYDu7bOx1Wh6ta6BG5gRe
fEHPVGIwDQYJKoZIhvcNAQEFBQADggEBAHxd07D/YGvcbvnKj5X0no6nMM1BDVCz
w048K/FfPikXw3lTvwFSVj8Wr7xVmML84JM0QlGspBLKTIBCQUTxYM9XSWR/C//r
KhLNsTtagU2JidhLC/BTkmzRZpFxvcGkuD4MYvDbZGz+Ly6n+cJIPLpGOYz5lPvI
Vpg0FMKd+k8Z7zWEpN3Luy3swPVXlYDZgzTILNZrpc2vWQtSDw29BoHwBN+gnloX
4ilqvXLrBcO+Blapcw5FUWzxPG5IT+j9DNu6ltgDpUNJL01703KgyawUM7DS8H0U
boAqgTydDfb/DhXDs2dexEKelh5Qv1gXsOqXC7hkRbAIkQMC1xsrfbE=
-----END CERTIFICATE-----

Raw OCSP response headers

Accept-Ranges: [bytes]
Content-Length: [3332]
Content-Type: [application/ocsp-response]
Date: [Tue, 27 Jun 2017 02:10:06 GMT]
Last-Modified: [Thu, 22 Jun 2017 16:01:11 GMT]
Server: [ECS (lga/1395)]
X-Cache: [HIT]
  • OCSP requests is smaller than 255 bytes
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate expires before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • OCSP response is valid for at least 8 hours (Microsoft)
  • OCSP response is available at least 8 hours before the current period expires or at ½ the validity if valid for more than 16 hours (Microsoft)
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified header is not the same as ThisUpdate (RFC 5019, section 6.2)
  • Expires cache header not set (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)
This OCSP response was cached at
http://ocsp.omniroot.com/baltimoreroot (POST)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp.omniroot.com/baltimoreroot (POST)
Size: 3332 bytes (DER data)
Response time: 102.833624ms
Signature algorithm: SHA1WithRSA
Signature type: CA Delegated
Signed by: Cybertrust Validation 2015
Issued by: Baltimore CyberTrust Root
Signing certificate validity: 2015-09-09 - 2017-09-09
Signing certificate algorithm: SHA1-RSA
Reported statuses: 20
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:

Server and network information

Server Software: ECS (lga/137D)

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MEUwQzBBMD8wPTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom/nYB45SPUEwQU5Z1Z
MIJHWMys+ghUNoZ7OrUETfACBAcntgk=
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIINAAoBAKCCDPkwggz1BgkrBgEFBQcwAQEEggzmMIIM4jCCCDmiFgQUYDu7bOx1
Wh6ta6BG5gRefEHPVGIYDzIwMTcwNjI3MDE1NTQ0WjCCCAwwZTA9MAkGBSsOAwIa
BQAEFMEvRXbtFVnssF26ib+dgHjlI9QTBBTlnVkwgkdYzKz6CFQ2hns6tQRN8AIE
Bye19oAAGA8yMDE3MDYyMDE1NTU1MlqgERgPMjAxNzA5MTUxNTU1NTJaMGUwPTAJ
BgUrDgMCGgUABBTBL0V27RVZ7LBduom/nYB45SPUEwQU5Z1ZMIJHWMys+ghUNoZ7
OrUETfACBAcntfeAABgPMjAxNzA2MjAxNTU1NTJaoBEYDzIwMTcwOTE1MTU1NTUy
WjBlMD0wCQYFKw4DAhoFAAQUwS9Fdu0VWeywXbqJv52AeOUj1BMEFOWdWTCCR1jM
rPoIVDaGezq1BE3wAgQHJ7X4gAAYDzIwMTcwNjIwMTU1NTUyWqARGA8yMDE3MDkx
NTE1NTU1MlowZTA9MAkGBSsOAwIaBQAEFMEvRXbtFVnssF26ib+dgHjlI9QTBBTl
nVkwgkdYzKz6CFQ2hns6tQRN8AIEBye1+YAAGA8yMDE3MDYyMDE1NTU1MlqgERgP
MjAxNzA5MTUxNTU1NTJaMGUwPTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom/nYB4
5SPUEwQU5Z1ZMIJHWMys+ghUNoZ7OrUETfACBAcntfqAABgPMjAxNzA2MjAxNTU1
NTJaoBEYDzIwMTcwOTE1MTU1NTUyWjBlMD0wCQYFKw4DAhoFAAQUwS9Fdu0VWeyw
XbqJv52AeOUj1BMEFOWdWTCCR1jMrPoIVDaGezq1BE3wAgQHJ7X7gAAYDzIwMTcw
NjIwMTU1NTUyWqARGA8yMDE3MDkxNTE1NTU1MlowZTA9MAkGBSsOAwIaBQAEFMEv
RXbtFVnssF26ib+dgHjlI9QTBBTlnVkwgkdYzKz6CFQ2hns6tQRN8AIEBye1/IAA
GA8yMDE3MDYyMDE1NTU1MlqgERgPMjAxNzA5MTUxNTU1NTJaMGUwPTAJBgUrDgMC
GgUABBTBL0V27RVZ7LBduom/nYB45SPUEwQU5Z1ZMIJHWMys+ghUNoZ7OrUETfAC
BAcntf2AABgPMjAxNzA2MjAxNTU1NTJaoBEYDzIwMTcwOTE1MTU1NTUyWjBlMD0w
CQYFKw4DAhoFAAQUwS9Fdu0VWeywXbqJv52AeOUj1BMEFOWdWTCCR1jMrPoIVDaG
ezq1BE3wAgQHJ7X+gAAYDzIwMTcwNjIwMTU1NTUyWqARGA8yMDE3MDkxNTE1NTU1
MlowZTA9MAkGBSsOAwIaBQAEFMEvRXbtFVnssF26ib+dgHjlI9QTBBTlnVkwgkdY
zKz6CFQ2hns6tQRN8AIEBye1/4AAGA8yMDE3MDYyMDE1NTU1MlqgERgPMjAxNzA5
MTUxNTU1NTJaMGUwPTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom/nYB45SPUEwQU
5Z1ZMIJHWMys+ghUNoZ7OrUETfACBAcntgCAABgPMjAxNzA2MjAxNTU1NTJaoBEY
DzIwMTcwOTE1MTU1NTUyWjBlMD0wCQYFKw4DAhoFAAQUwS9Fdu0VWeywXbqJv52A
eOUj1BMEFOWdWTCCR1jMrPoIVDaGezq1BE3wAgQHJ7YBgAAYDzIwMTcwNjIwMTU1
NTUyWqARGA8yMDE3MDkxNTE1NTU1MlowZTA9MAkGBSsOAwIaBQAEFMEvRXbtFVns
sF26ib+dgHjlI9QTBBTlnVkwgkdYzKz6CFQ2hns6tQRN8AIEBye2AoAAGA8yMDE3
MDYyMDE1NTU1MlqgERgPMjAxNzA5MTUxNTU1NTJaMGUwPTAJBgUrDgMCGgUABBTB
L0V27RVZ7LBduom/nYB45SPUEwQU5Z1ZMIJHWMys+ghUNoZ7OrUETfACBAcntgOA
ABgPMjAxNzA2MjAxNTU1NTJaoBEYDzIwMTcwOTE1MTU1NTUyWjBlMD0wCQYFKw4D
AhoFAAQUwS9Fdu0VWeywXbqJv52AeOUj1BMEFOWdWTCCR1jMrPoIVDaGezq1BE3w
AgQHJ7YEgAAYDzIwMTcwNjIwMTU1NTUyWqARGA8yMDE3MDkxNTE1NTU1MlowZTA9
MAkGBSsOAwIaBQAEFMEvRXbtFVnssF26ib+dgHjlI9QTBBTlnVkwgkdYzKz6CFQ2
hns6tQRN8AIEBye2BYAAGA8yMDE3MDYyMDE1NTU1MlqgERgPMjAxNzA5MTUxNTU1
NTJaMGUwPTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom/nYB45SPUEwQU5Z1ZMIJH
WMys+ghUNoZ7OrUETfACBAcntgaAABgPMjAxNzA2MjAxNTU1NTJaoBEYDzIwMTcw
OTE1MTU1NTUyWjBlMD0wCQYFKw4DAhoFAAQUwS9Fdu0VWeywXbqJv52AeOUj1BME
FOWdWTCCR1jMrPoIVDaGezq1BE3wAgQHJ7YHgAAYDzIwMTcwNjIwMTU1NTUyWqAR
GA8yMDE3MDkxNTE1NTU1MlowZTA9MAkGBSsOAwIaBQAEFMEvRXbtFVnssF26ib+d
gHjlI9QTBBTlnVkwgkdYzKz6CFQ2hns6tQRN8AIEBye2CIAAGA8yMDE3MDYyMDE1
NTU1MlqgERgPMjAxNzA5MTUxNTU1NTJaMGUwPTAJBgUrDgMCGgUABBTBL0V27RVZ
7LBduom/nYB45SPUEwQU5Z1ZMIJHWMys+ghUNoZ7OrUETfACBAcntgmAABgPMjAx
NzA2MjAxNTU1NTJaoBEYDzIwMTcwOTE1MTU1NTUyWjANBgkqhkiG9w0BAQUFAAOC
AQEAXPNCc7ym+Ivn/SEA4hJbVFgs8UVwqwrNWn+dIQzjEOm0by+BPv2DrAWMy/xX
4PBv4zU/yQoQSY9Tg8AayZp7yOWi+rWPLFQ34q8rvVztsn3W+SJDDSpowP+nmTeh
e9O+94uaVEQY+sV12qC5hKUpTRVtrF99qWREumCCwgeZuP9D3K9UnnL7xT20v1tO
rqf/0p9MyoOw1E5XoIKxdw6GEmLBxPkNdmpbz3jM/WuVN07tWhsjtcGzFSY+Jels
H9r+gdXbBLFouc6RDpru4WAEURtqzfR6oNDyks9c/GYEyfhvruvdo7EpJaIQxB9i
YiKefkXY76+rK8C6YElYxewCaaCCA40wggOJMIIDhTCCAm2gAwIBAgIEByfTTDAN
BgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJJRTESMBAGA1UEChMJQmFsdGltb3Jl
MRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYDVQQDExlCYWx0aW1vcmUgQ3liZXJU
cnVzdCBSb290MB4XDTE1MDkwOTE3NDYwM1oXDTE3MDkwOTE3NDUzNlowJTEjMCEG
A1UEAxMaQ3liZXJ0cnVzdCBWYWxpZGF0aW9uIDIwMTUwggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQCUPwX7srkoRmK/GLKvR5MFtSCSEj3AxShMxOZ3S9bB
sjA07JRJhO670on3Q3+7BjGJWhKF+YWiDFUVJGL1ZtAfUGGT0AaZvVMbi7Yj2alC
pO6k+vn35KuzXlTMHUlQOAG/14mLgY0SlBFoOEdN3JwqtzTPTVCptr33L0Q0bgI9
WlRlSINCPWtPVMB2HAEyQEbSMkzLi0G0p4B5brg02fAX6w6uZlCnzP9MoxT3Muh4
0Oj/ySTAvUBAoOWot3EyGKvGVWJ5ymUOBY4e7O5EDNSiF2xmhoyFQ7UZ4n9aUH1P
4tDAENvjN4Lvu21NCOJjo2e852qDXOw+4U8YneflR99BAgMBAAGjgYcwgYQwDwYJ
KwYBBQUHMAEFBAIFADAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIHgDATBgNV
HSUEDDAKBggrBgEFBQcDCTAfBgNVHSMEGDAWgBTlnVkwgkdYzKz6CFQ2hns6tQRN
8DAdBgNVHQ4EFgQUYDu7bOx1Wh6ta6BG5gRefEHPVGIwDQYJKoZIhvcNAQEFBQAD
ggEBAHxd07D/YGvcbvnKj5X0no6nMM1BDVCzw048K/FfPikXw3lTvwFSVj8Wr7xV
mML84JM0QlGspBLKTIBCQUTxYM9XSWR/C//rKhLNsTtagU2JidhLC/BTkmzRZpFx
vcGkuD4MYvDbZGz+Ly6n+cJIPLpGOYz5lPvIVpg0FMKd+k8Z7zWEpN3Luy3swPVX
lYDZgzTILNZrpc2vWQtSDw29BoHwBN+gnloX4ilqvXLrBcO+Blapcw5FUWzxPG5I
T+j9DNu6ltgDpUNJL01703KgyawUM7DS8H0UboAqgTydDfb/DhXDs2dexEKelh5Q
v1gXsOqXC7hkRbAIkQMC1xsrfbE=
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)

-----BEGIN CERTIFICATE-----
MIIDhTCCAm2gAwIBAgIEByfTTDANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJJ
RTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYD
VQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTE1MDkwOTE3NDYwM1oX
DTE3MDkwOTE3NDUzNlowJTEjMCEGA1UEAxMaQ3liZXJ0cnVzdCBWYWxpZGF0aW9u
IDIwMTUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCUPwX7srkoRmK/
GLKvR5MFtSCSEj3AxShMxOZ3S9bBsjA07JRJhO670on3Q3+7BjGJWhKF+YWiDFUV
JGL1ZtAfUGGT0AaZvVMbi7Yj2alCpO6k+vn35KuzXlTMHUlQOAG/14mLgY0SlBFo
OEdN3JwqtzTPTVCptr33L0Q0bgI9WlRlSINCPWtPVMB2HAEyQEbSMkzLi0G0p4B5
brg02fAX6w6uZlCnzP9MoxT3Muh40Oj/ySTAvUBAoOWot3EyGKvGVWJ5ymUOBY4e
7O5EDNSiF2xmhoyFQ7UZ4n9aUH1P4tDAENvjN4Lvu21NCOJjo2e852qDXOw+4U8Y
neflR99BAgMBAAGjgYcwgYQwDwYJKwYBBQUHMAEFBAIFADAMBgNVHRMBAf8EAjAA
MA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDCTAfBgNVHSMEGDAW
gBTlnVkwgkdYzKz6CFQ2hns6tQRN8DAdBgNVHQ4EFgQUYDu7bOx1Wh6ta6BG5gRe
fEHPVGIwDQYJKoZIhvcNAQEFBQADggEBAHxd07D/YGvcbvnKj5X0no6nMM1BDVCz
w048K/FfPikXw3lTvwFSVj8Wr7xVmML84JM0QlGspBLKTIBCQUTxYM9XSWR/C//r
KhLNsTtagU2JidhLC/BTkmzRZpFxvcGkuD4MYvDbZGz+Ly6n+cJIPLpGOYz5lPvI
Vpg0FMKd+k8Z7zWEpN3Luy3swPVXlYDZgzTILNZrpc2vWQtSDw29BoHwBN+gnloX
4ilqvXLrBcO+Blapcw5FUWzxPG5IT+j9DNu6ltgDpUNJL01703KgyawUM7DS8H0U
boAqgTydDfb/DhXDs2dexEKelh5Qv1gXsOqXC7hkRbAIkQMC1xsrfbE=
-----END CERTIFICATE-----

Raw OCSP response headers

Content-Length: [3332]
Content-Type: [application/ocsp-response]
Date: [Tue, 27 Jun 2017 02:10:06 GMT]
Server: [ECS (lga/137D)]
  • OCSP signing certificate is already valid
  • OCSP signing certificate is not expired
  • OCSP signing certificate expires before NextUpdate
  • OCSP signing certificate does contain the Extended Key Usage for OCSP Signing
  • OCSP signing certificate does contain the OCSP No Check extension
  • OCSP response is valid for at least 8 hours (Microsoft)
  • OCSP response is available at least 8 hours before the current period expires or at ½ the validity if valid for more than 16 hours (Microsoft)
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • Revocation information is updated at least once every twelve months
  • The value of the NextUpdate field is not more than twelve months beyond the value of the ThisUpdate field
  • Last-Modified cache header not set (RFC 5019, section 6.2)
  • Expires cache header not set (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is the same as the NextUpdate field (RFC 5019 section 6.2)

Baltimore CyberTrust Root (CA Certificate)

Certificate details for Baltimore CyberTrust Root (At position 2 in certificate chain)
Serial number:
hex: 20000b9
int: 33554617
Issued by: Baltimore CyberTrust Root
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: Baltimore
Organization unit: CyberTrust
Country: IE
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

This is a self signed certificate

Check the revocation status for another website

Created by Paul van Brouwershaven
© 2015 - 2017 Digitorus B.V.
Revoked certificates can't and should not be trusted, these certificate will cause errors like "NET::ERR_CERT_REVOKED" in browsers.