DV SSL/TLS Certificate for candycard.com

Certificate is witin its validity period

Issued by Let's Encrypt (E5)

About the candycard.com DV SSL/TLS Certificate

This certificate with serial number 06:2d:44:a7:a1:e4:f4:22:23:11:13:e6:40:d8:08:1b:e5:29 for candycard.com was issued on by Let's Encrypt.

With 6 subject alternative names, this certificate can be used to secure multiple FQDNs. This DV SSL/TLS Certificate is currently within its validity period but we haven't checked the revocation status of this certificate, you can do this simply on revocationcheck.com. We have found some issues with the compliance of this certificate, they are be shown below. We hope this DV SSL/TLS Certificate review for candycard.com provides you with the detailed information you were looking for.


We have identified some issues with this certificate:
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Let's Encrypt

Organization: Let's Encrypt
Country: US

This X.509 certificate will expire on

Certificate Details

Serial Number (hex): 06:2d:44:a7:a1:e4:f4:22:23:11:13:e6:40:d8:08:1b:e5:29
Serial Number (int): 538077680002899983183810015598126451909929
Serial Number Length: 139 bits, 18 octets

Subject Key Identifier: 07:71:0a:9a:6d:ab:e3:8d:c4:d4:7b:4c:92:bc:79:51:df:70:d9:4c
Authority Key Identifier: 9f:2b:5f:cf:3c:21:4f:9d:04:b7:ed:2b:2c:c4:c6:70:8b:d2:d7:0d

Fingerprint (SHA-1): 6d:9a:d3:5e:f1:35:fb:45:8f:b2:8e:98:7d:d8:cf:eb:f1:7a:87:f1
Fingerprint (SHA-256): 8c:8d:eb:54:83:9d:c3:a3:2e:0c:d5:3d:35:ac:7d:82:a7:85:14:19:48:e8:bd:d7:bf:7f:78:36:30:6f:e1:01

Issuing Certificate URL: http://e5.i.lencr.org/

Revocation Information

CRL Distribution Point: http://e5.c.lencr.org/42.crl

Check the revocation status for certificate candycard.com
6
DNS Names
0
Email Addresses
0
IP Addresses

Advanced Certificate Properties

Technical details of the X.509 certificate for candycard.com

Public Key Algorithm
ECDSA
Key Size
384
Signature Algorithm
ECDSA with SHA384
Key Usage
Digital Signature
Extended Key Usages
Server Authentication
Client Authentication
Extensions
10
CA Certificate
This is not a CA certificate

Subject Alternative Names

candycard.be
candycard.com
candycard.nl
www.candycard.be
www.candycard.com
www.candycard.nl

X.509 Certificate

The complete raw X.509 certificate details for candycard.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIID9TCCA3ygAwIBAgISBi1Ep6Hk9CIjERPmQNgIG+UpMAoGCCqGSM49BAMDMDIx
CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJF
NTAeFw0yNTA2MjcyMDI1MzNaFw0yNTA5MjUyMDI1MzJaMBgxFjAUBgNVBAMTDWNh
bmR5Y2FyZC5jb20wdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAS9pVZ89UjNOVYVSl5b
DGK4XuXQsvEbEMJDWtw+maIqdmHKLlb5M9Ch23K+V+3b6ubbUii100Tn3SjvfqdG
D+T7k4DahF5s4uwuMD6BC2ZUcUIVjfo8gxsSouihjbmxydOjggJtMIICaTAOBgNV
HQ8BAf8EBAMCB4AwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1Ud
EwEB/wQCMAAwHQYDVR0OBBYEFAdxCpptq+ONxNR7TJK8eVHfcNlMMB8GA1UdIwQY
MBaAFJ8rX888IU+dBLftKyzExnCL0tcNMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEF
BQcwAoYWaHR0cDovL2U1LmkubGVuY3Iub3JnLzBrBgNVHREEZDBiggxjYW5keWNh
cmQuYmWCDWNhbmR5Y2FyZC5jb22CDGNhbmR5Y2FyZC5ubIIQd3d3LmNhbmR5Y2Fy
ZC5iZYIRd3d3LmNhbmR5Y2FyZC5jb22CEHd3dy5jYW5keWNhcmQubmwwEwYDVR0g
BAwwCjAIBgZngQwBAgEwLQYDVR0fBCYwJDAioCCgHoYcaHR0cDovL2U1LmMubGVu
Y3Iub3JnLzQyLmNybDCCAQMGCisGAQQB1nkCBAIEgfQEgfEA7wB1AO08S9boBsKk
ogBX28sk4jgB31Ev7cSGxXAPIN23Pj/gAAABl7NGrs8AAAQDAEYwRAIgYHWjFR0z
V/8OxXHx2RJ0GXreNZqih14QmmoWpVZkonYCIAQBm/q4goy8Z3h5Cco0FCQAqH0R
LMQiw2pZg2QTIF7ZAHYAzPsPaoVxCWX+lZtTzumyfCLphVwNl422qX5UwP5MDbAA
AAGXs0a2lwAABAMARzBFAiAUt8yA1YD492lfgPfph0YxTu4/rU0dg33YGOAFkCqm
TgIhAL5nNuUWCkBmQ4GnZX0Pd9fj0+zCCerRDkmRxtpldtaTMAoGCCqGSM49BAMD
A2cAMGQCMBLUmN/wu76qIGu34Z8kw2JyaTbvKwwqQEwz1EwEy1kVLZYciI9Lyz2B
Aw74YrzgUwIwOV4c0kM7k+5vD488fp38X6ZHCHVEoiUjwQYBFxC1TQ2ReklZ3wMU
lOOr11A+XOtg
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEvaVWfPVIzTlWFUpeWwxiuF7l0LLxGxDC
Q1rcPpmiKnZhyi5W+TPQodtyvlft2+rm21IotdNE590o736nRg/k+5OA2oRebOLs
LjA+gQtmVHFCFY36PIMbEqLooY25scnT
-----END PUBLIC KEY-----

ASN.1 Decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 538077680002899983183810015598126451909929
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.10045.4.3.3
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'E5'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-06-27 20:25:33 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-09-25 20:25:32 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'candycard.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.10045.2.1
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.132.0.34
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (776 bits)
				0004bda5567cf548cd3956154a5e5b0c62b85ee5d0b2f11b10c2435adc3e99a22a7661ca2e56f933d0a1db72be57eddbeae6db5228b5d344e7dd28ef7ea7460fe4fb9380da845e6ce2ec2e303e810b66547142158dfa3c831b12a2e8a18db9b1c9d3
 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (1 bits)
							0780
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							07710a9a6dabe38dc4d47b4c92bc7951df70d94c
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 9f2b5fcf3c214f9d04b7ed2b2cc4c6708bd2d70d
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (38 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://e5.i.lencr.org/'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (100 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'candycard.be'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'candycard.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'candycard.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.candycard.be'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.candycard.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.candycard.nl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (38 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://e5.c.lencr.org/42.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (244 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (241 bytes)
							00ef007500ed3c4bd6e806c2a4a20057dbcb24e23801df512fedc486c5700f20ddb73e3fe000000197b346aecf000004030046304402206075a3151d3357ff0ec571f1d91274197ade359aa2875e109a6a16a55664a276022004019bfab8828cbc67787909ca34142400a87d112cc422c36a59836413205ed9007600ccfb0f6a85710965fe959b53cee9b27c22e9855c0d978db6a97e54c0fe4c0db000000197b346b6970000040300473045022014b7cc80d580f8f7695f80f7e98746314eee3fad4d1d837dd818e005902aa64e022100be6736e5160a40664381a7657d0f77d7e3d3ecc209ead10e4991c6da6576d693
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.10045.4.3.3
 . . . . [c:0|t:3|false] BIT STRING (816 bits)
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2898272696636536466786519206653308750338567034287868242170583126764748696198442069148225846035563103744698206707795
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 8829685959018329197002482987118891485992318344825966049890294331988690106960785801645007110905686331947039653161824