CRL & OCSP report for www.a-trust.at (A-Trust)

www.a-trust.at

Certificate details for www.a-trust.at (At position 0 in certificate chain)
Serial number:
hex: a842360d90f1552776b136dfe550022
int: 13978380700591966863305589786066354210
Issued by: DigiCert SHA2 Secure Server CA
Public Key Algorithm: RSA
Not valid before:
Not valid after:
Organization: A-Trust
State / Province: Österreich
Locality: Wien
Country: AT
  • This certificate does not contain any links to an LDAP server
  • This certificate does not contain any internal server links
  • This certificate does not contain any links with an unknown format

Check certificate compliance for www.a-trust.at.

Certificate Revocation List (CRL)

This CRL was cached at
http://crl3.digicert.com/ssca-sha2-g5.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://crl3.digicert.com/ssca-sha2-g5.crl
Size: 660104 bytes (DER data)
Response time: 29.885064ms
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 18845

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: ECS (lga/1373)
Cache Information: HIT

Raw CRL response headers

Accept-Ranges: [bytes]
Cache-Control: [max-age=172800]
Content-Length: [660104]
Content-Type: [application/x-pkcs7-crl]
Date: [Sat, 24 Jun 2017 20:51:48 GMT]
Etag: ["2585797399"]
Expires: [Mon, 26 Jun 2017 20:51:48 GMT]
Last-Modified: [Sat, 24 Jun 2017 17:15:12 GMT]
Server: [ECS (lga/1373)]
X-Cache: [HIT]
  • Content-Type in response is set 'application/x-pkcs7-crl' and should be replaced with 'application/pkix-crl' (RFC 5280, section 4.2.1.13)
  • This CRL file is DER encoded
  • Issuer field is byte-for-byte equivalent with issuers subject
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than seven days old, CRLs must be updated and reissued at least every seven days (Mozilla Maintenance Policy section 3)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is not the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is not the same as the NextUpdate field (RFC 5019 section 6.2)
This CRL was cached at
http://crl4.digicert.com/ssca-sha2-g5.crl

CRL information

Source: CRL Distribution Points in Certificate
Location: http://crl4.digicert.com/ssca-sha2-g5.crl
Size: 660104 bytes (DER data)
Response time: 35.491148ms
This update:
Next update:
Revoked: No
Revoked certificates in CRL: 18845

Relevant server response headers

Date:
Last Modified:
Expires:

Server and network information

Server Software: CFS 0215

Raw CRL response headers

Accept-Ranges: [bytes]
Cache-Control: [max-age=172800]
Cf4age: [0]
Cf4ttl: [31536000.000]
Content-Length: [660104]
Content-Type: [application/x-pkcs7-crl]
Date: [Sat, 24 Jun 2017 20:51:48 GMT]
Expires: [Mon, 26 Jun 2017 20:51:48 GMT]
Last-Modified: [Sat, 24 Jun 2017 17:15:12 GMT]
Server: [CFS 0215]
X-Cf1: [13483:fC.ewr1:cf:cacheA.ewr1-01:H]
X-Cf2: [H]
X-Cf3: [M]
X-Cff: [B]
X-Cfhash: ["0768ad51cba1eb1600ba215833e433d4"]
  • Content-Type in response is set 'application/x-pkcs7-crl' and should be replaced with 'application/pkix-crl' (RFC 5280, section 4.2.1.13)
  • This CRL file is DER encoded
  • Issuer field is byte-for-byte equivalent with issuers subject
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than seven days old, CRLs must be updated and reissued at least every seven days (Mozilla Maintenance Policy section 3)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is not the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is after the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is not the same as the NextUpdate field (RFC 5019 section 6.2)

Online Certificate Status Protocol (OCSP)

This OCSP response was cached at
http://ocsp.digicert.com (POST)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp.digicert.com (POST)
Size: 471 bytes (DER data)
Response time: 15.87786ms
Signature algorithm: SHA256WithRSA
Signature type: CA Signed
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 48h0m0s

Server and network information

Server Software: ECS (dca/2493)
Cache Information: HIT

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFEwTzBNMEswSTAJBgUrDgMCGgUABBQQX6Z6gAidtSefNc6DC0OInqPHDQQUD4Bh
HIIxYdUvKOeNRji0LOHG2eICEAqEI2DZDxVSd2sTbf5VACI=
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIB0woBAKCCAcwwggHIBgkrBgEFBQcwAQEEggG5MIIBtTCBnqIWBBQPgGEcgjFh
1S8o541GOLQs4cbZ4hgPMjAxNzA2MjIwNDIzMDBaMHMwcTBJMAkGBSsOAwIaBQAE
FBBfpnqACJ21J581zoMLQ4ieo8cNBBQPgGEcgjFh1S8o541GOLQs4cbZ4gIQCoQj
YNkPFVJ3axNt/lUAIoAAGA8yMDE3MDYyMjA0MjMwMFqgERgPMjAxNzA2MjkwMzM4
MDBaMA0GCSqGSIb3DQEBCwUAA4IBAQAl/FiTU5p13hEE4Ske29jzR26QkmKs4CoU
uu3I2rU3IDgt31vuyhSt1rxQvtAwqVCeDpY6Z/oZbupBe09Xj5wswLLUfHQlHLif
w2RcAoMvbAvRvJAeU+91Ls7emKn/ybpmv4lQ3Eh6xsCbpF/SyOxyck62y7dRsCGx
xlmskyfEwaIqOje6+2/rF7sS6/yLBHtOavtD5gOUKO5EvzmaEOsdis4j8UHXg4TI
/EY2zjW/tpDYOVZYMiBvWTD/80WYKosFbh56181VUeaflz5z2bkPAQXk9ac68SL0
+SzNhmxIePZ+VibZpP4+ODLAejILc4xDa/9Gqz2FBLiDOoVJSUsc
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)


Raw OCSP response headers

Accept-Ranges: [bytes]
Cache-Control: [public, max-age=172800]
Content-Length: [471]
Content-Type: [application/ocsp-response]
Date: [Sat, 24 Jun 2017 16:11:41 GMT]
Etag: ["594b4c81-1d7"]
Expires: [Sat, 01 Jul 2017 04:11:41 GMT]
Last-Modified: [Thu, 22 Jun 2017 04:50:09 GMT]
Server: [ECS (dca/2493)]
X-Cache: [HIT]
  • OCSP response is valid for at least 8 hours (Microsoft)
  • OCSP response is available at least 8 hours before the current period expires or at ½ the validity if valid for more than 16 hours (Microsoft)
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is not the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is 48h33m41s before the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is not the same as the NextUpdate field (RFC 5019 section 6.2)
This OCSP response was cached at
http://ocsp.digicert.com (GET)Good

OCSP response information

Source: Authority Information Access in Certificate
Location: http://ocsp.digicert.com (GET)
Size: 471 bytes (DER data)
Response time: 11.752843ms
Signature algorithm: SHA256WithRSA
Signature type: CA Signed
Reported statuses: 1
This update:
Next update:
Produced at:
Status: Good

Relevant server response headers

Date:
Last Modified:
Expires:
Cache Control Max-age: 48h0m0s

Server and network information

Server Software: ECS (lga/1394)
Cache Information: HIT

URL used for GET request

http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQQX6Z6gAidtSefNc6DC0OInqPHDQQUD4BhHIIxYdUvKOeNRji0LOHG2eICEAqEI2DZDxVSd2sTbf5VACI%3D

Raw OCSP request (PEM encoded)

-----BEGIN OCSP REQUEST-----
MFEwTzBNMEswSTAJBgUrDgMCGgUABBQQX6Z6gAidtSefNc6DC0OInqPHDQQUD4Bh
HIIxYdUvKOeNRji0LOHG2eICEAqEI2DZDxVSd2sTbf5VACI=
-----END OCSP REQUEST-----

Raw OCSP response (PEM encoded)

-----BEGIN OCSP RESPONSE-----
MIIB0woBAKCCAcwwggHIBgkrBgEFBQcwAQEEggG5MIIBtTCBnqIWBBQPgGEcgjFh
1S8o541GOLQs4cbZ4hgPMjAxNzA2MjMxMDI4MDBaMHMwcTBJMAkGBSsOAwIaBQAE
FBBfpnqACJ21J581zoMLQ4ieo8cNBBQPgGEcgjFh1S8o541GOLQs4cbZ4gIQCoQj
YNkPFVJ3axNt/lUAIoAAGA8yMDE3MDYyMzEwMjgwMFqgERgPMjAxNzA2MzAwOTQz
MDBaMA0GCSqGSIb3DQEBCwUAA4IBAQCKcNlf5nuTLb7qlwZou86uUSDx291Td6sR
poemTVBN1FhCTrjMMJ0s1LOT2L0/Y0VbiFIY9tcqZGsHZPKb+ORMGm5pBxJ/HyXG
+6f0H3K1HdogbS8UwYdSRSwEFx365cHM64NisxR3kt9XsGWYRvt+w2oQm2LHZM9i
BV/RrHEEnWBTWpdmD3ErMcdByJ6yjMwyzAuDcWOUmc93NIe61lyX2/QYRtguf/SS
jHBHsGdYqd2RGXqYusdWtP17zawoe6MY/FlLVFYcCzd4qNgqQD1qqoixgyyRTIv5
PtIsjBJHaIx5X3qWv7gmtSdZ+V+URbNz+SEwbU/MIsLE3HXqBMnI
-----END OCSP RESPONSE-----

Raw OCSP Signing Certificate (PEM encoded)


Raw OCSP response headers

Accept-Ranges: [bytes]
Cache-Control: [public, max-age=172800]
Content-Length: [471]
Content-Type: [application/ocsp-response]
Date: [Sat, 24 Jun 2017 16:11:41 GMT]
Etag: ["594cf398-1d7"]
Expires: [Sat, 01 Jul 2017 04:11:41 GMT]
Last-Modified: [Fri, 23 Jun 2017 10:55:20 GMT]
Server: [ECS (lga/1394)]
X-Cache: [HIT]
  • OCSP requests is smaller than 255 bytes
  • OCSP response is valid for at least 8 hours (Microsoft)
  • OCSP response is available at least 8 hours before the current period expires or at ½ the validity if valid for more than 16 hours (Microsoft)
  • Content-Type in response is set to 'application/ocsp-response'
  • Response is already valid
  • Response is not expired
  • ThisUpdate is less than four days old, OCSP information must be updated at least every four days (Mozilla & Baseline Requirements)
  • The NextUpdate field is not more than ten days beyond the value of the ThisUpdate field (Mozilla & Baseline Requirements)
  • Last-Modified header is not the same as ThisUpdate (RFC 5019, section 6.2)
  • NextUpdate is 18h28m41s before the date in the Expires cache header
  • The Cache-Control max-age header does not outlive NextUpdate
  • ThisUpdate has a date before NextUpdate
  • Expires cache header is not the same as the NextUpdate field (RFC 5019 section 6.2)

Check the revocation status for another website

Created by Paul van Brouwershaven
© 2015 - 2017 Digitorus B.V.
Revoked certificates can't and should not be trusted, these certificate will cause errors like "NET::ERR_CERT_REVOKED" in browsers.