DV SSL/TLS Certificate for conservationontario.ca

Certificate is witin its validity period

Issued by Let's Encrypt (R11)

About the conservationontario.ca DV SSL/TLS Certificate

This certificate with serial number 05:e7:71:a3:69:20:bc:34:61:d4:a3:f6:02:42:e0:a5:2f:45 for conservationontario.ca was issued on by Let's Encrypt.

With 4 subject alternative names, this certificate can be used to secure multiple FQDNs. This DV SSL/TLS Certificate is currently within its validity period but we haven't checked the revocation status of this certificate, you can do this simply on revocationcheck.com. We have found some issues with the compliance of this certificate, they are be shown below. We hope this DV SSL/TLS Certificate review for conservationontario.ca provides you with the detailed information you were looking for.


We have identified some issues with this certificate:
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Let's Encrypt

Organization: Let's Encrypt
Country: US

This X.509 certificate will expire on

Certificate Details

Serial Number (hex): 05:e7:71:a3:69:20:bc:34:61:d4:a3:f6:02:42:e0:a5:2f:45
Serial Number (int): 514317707657696211055563571864347968089925
Serial Number Length: 139 bits, 18 octets

Subject Key Identifier: 5f:80:c0:14:a8:02:10:c1:6e:ff:9e:90:62:cb:cb:61:92:94:05:9f
Authority Key Identifier: c5:cf:46:a4:ea:f4:c3:c0:7a:6c:95:c4:2d:b0:5e:92:2f:26:e3:b9

Fingerprint (SHA-1): fd:f4:fa:f3:ec:70:f0:43:3b:0b:b8:66:37:b1:a2:f0:42:24:c5:5f
Fingerprint (SHA-256): c1:a9:28:60:63:cc:f5:2d:02:4f:64:b1:e3:f6:0e:cc:85:0f:5a:03:af:25:a3:d5:08:9b:3e:bd:37:78:80:3d

Issuing Certificate URL: http://r11.i.lencr.org/

Revocation Information

OCSP Server: http://r11.o.lencr.org
CRL Distribution Point: http://r11.c.lencr.org/70.crl

Check the revocation status for certificate conservationontario.ca
4
DNS Names
0
Email Addresses
0
IP Addresses

Advanced Certificate Properties

Technical details of the X.509 certificate for conservationontario.ca

Public Key Algorithm
RSA
Key Size
2048
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
10
CA Certificate
This is not a CA certificate

Subject Alternative Names

X.509 Certificate

The complete raw X.509 certificate details for conservationontario.ca in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIFfjCCBGagAwIBAgISBedxo2kgvDRh1KP2AkLgpS9FMA0GCSqGSIb3DQEBCwUA
MDMxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQwwCgYDVQQD
EwNSMTEwHhcNMjUwNTA2MDY0NDI5WhcNMjUwODA0MDY0NDI4WjAhMR8wHQYDVQQD
ExZjb25zZXJ2YXRpb25vbnRhcmlvLmNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAvY/yGfF2JUZ59JYJyklyc33y+63zZlVkb9ioZEjUX9toZ451ko40
BQ5ufUA0pbx+VJoswYyvEgh+Pq20xzjcXxa26+12f1zZ58MYV3N2NfYKjsv5vQyz
1mY0mHDWGKCcHyXpbfEOpQCk7L3unJ3E9xGY4xrad2EftGwGwfVobvxVm6XMIfDd
rq0GQ4Bx69BExUETB9pkGAKPrcDx7elUWJQKzABLAjvciB86aoFan09v6z1c9HX0
7faCYpcX0RKrpIy2gdH5iTAy91ovGrFsw3k+tcpcInEt+Le3F4+wVFBDN22YrQK1
aDoeyIOpXqkTrKK9X8f9wLqqQu/hmxkPtwIDAQABo4ICnDCCApgwDgYDVR0PAQH/
BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8E
AjAAMB0GA1UdDgQWBBRfgMAUqAIQwW7/npBiy8thkpQFnzAfBgNVHSMEGDAWgBTF
z0ak6vTDwHpslcQtsF6SLybjuTBXBggrBgEFBQcBAQRLMEkwIgYIKwYBBQUHMAGG
Fmh0dHA6Ly9yMTEuby5sZW5jci5vcmcwIwYIKwYBBQUHMAKGF2h0dHA6Ly9yMTEu
aS5sZW5jci5vcmcvMHMGA1UdEQRsMGqCGCouY29uc2VydmF0aW9ub250YXJpby5j
YYIbKi5wcm90ZWN0aW5nd2F0ZXJtYXR0ZXJzLmNhghZjb25zZXJ2YXRpb25vbnRh
cmlvLmNhghlwcm90ZWN0aW5nd2F0ZXJtYXR0ZXJzLmNhMBMGA1UdIAQMMAowCAYG
Z4EMAQIBMC4GA1UdHwQnMCUwI6AhoB+GHWh0dHA6Ly9yMTEuYy5sZW5jci5vcmcv
NzAuY3JsMIIBBAYKKwYBBAHWeQIEAgSB9QSB8gDwAHUAzPsPaoVxCWX+lZtTzumy
fCLphVwNl422qX5UwP5MDbAAAAGWpIxJ/QAABAMARjBEAiBuX9OGpxAGITnru9aZ
rDKhBUkMRLZsENWiBi6vMfQIZAIgI73lG9ZVTe6hjE5GtfcbizUb0smmNsnbROK5
hODVYGsAdwDd3Mo0ldfhFgXnlTL6x5/4PRxQ39sAOhQSdgosrLvIKgAAAZakjEoq
AAAEAwBIMEYCIQCT8aIyWSOSDyFsScw99YSQVZ1T3s78P6nLuo+6i4i+FgIhAM/W
1YR5BAKLsZq8uwWRAIACywoNVDsqxzN7Gzyh9rfgMA0GCSqGSIb3DQEBCwUAA4IB
AQAdfWlav/MuP1T4mmtJUr7K5dI9fum8vv1j7noZn2AVL5BlkGHz2k0ygY3t7yQ8
XMFFbMt9fuM1TerhB1i3wt9DWNhLq9PPggttVLTmYqGaG7o4BQROt/We54c1UFOh
RxPmiFSO4lUlpKuUJnpcGiaXOhCd60bnHkqt+cmAtcP/eDKYXdviwF+vWj3P36zt
t26/ayhFsUc5jvMgHMpAUAg3gsMxmyZ/9kgWp7WtsdFm3g7bT1T5HG1u+P+BhVfs
+RgK5tDcRkEx/OfqPsVwt3/FHq1H6vBiTiFEQHEyxubTg2wGH5lEyVmZmHdDVU3F
2CXBuRLY0nzRxKHz7Tm8Sn9l
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvY/yGfF2JUZ59JYJykly
c33y+63zZlVkb9ioZEjUX9toZ451ko40BQ5ufUA0pbx+VJoswYyvEgh+Pq20xzjc
Xxa26+12f1zZ58MYV3N2NfYKjsv5vQyz1mY0mHDWGKCcHyXpbfEOpQCk7L3unJ3E
9xGY4xrad2EftGwGwfVobvxVm6XMIfDdrq0GQ4Bx69BExUETB9pkGAKPrcDx7elU
WJQKzABLAjvciB86aoFan09v6z1c9HX07faCYpcX0RKrpIy2gdH5iTAy91ovGrFs
w3k+tcpcInEt+Le3F4+wVFBDN22YrQK1aDoeyIOpXqkTrKK9X8f9wLqqQu/hmxkP
twIDAQAB
-----END PUBLIC KEY-----

ASN.1 Decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 514317707657696211055563571864347968089925
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11
 . . . . . . . . . . . . [c:0|t:5|false] NULL []
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'R11'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-05-06 06:44:29 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-08-04 06:44:28 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'conservationontario.ca'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL []
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 23930021912923953309917311752107588984021442552668300231304945448663938665425423393797013551415091978316673561126515068414312099721454194105096664611626237099962240742261903838492773507119357786303470116066494375947575110699874163676783554848893217153926373559934395003028286241201414712348063752247035395648571843741419130975645418424799899385238640199439108298847709682362760327027241447009917878721407798288176316150390897402477812971401945040323161463039354467223680994347598419885149180004908101034553008170618429965093767937005119193789713217839510069106612090308115241024693479304683377183997635901594248220599
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							5f80c014a80210c16eff9e9062cbcb619294059f
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName c5cf46a4eaf4c3c07a6c95c42db05e922f26e3b9
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (75 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r11.o.lencr.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r11.i.lencr.org/'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (108 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.conservationontario.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.protectingwatermatters.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'conservationontario.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'protectingwatermatters.ca'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (39 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r11.c.lencr.org/70.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (245 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (242 bytes)
							00f0007500ccfb0f6a85710965fe959b53cee9b27c22e9855c0d978db6a97e54c0fe4c0db000000196a48c49fd000004030046304402206e5fd386a710062139ebbbd699ac32a105490c44b66c10d5a2062eaf31f40864022023bde51bd6554deea18c4e46b5f71b8b351bd2c9a636c9db44e2b984e0d5606b007700dddcca3495d7e11605e79532fac79ff83d1c50dfdb003a1412760a2cacbbc82a00000196a48c4a2a000004030048304602210093f1a2325923920f216c49cc3df58490559d53decefc3fa9cbba8fba8b88be16022100cfd6d5847904028bb19abcbb0591008002cb0a0d543b2ac7337b1b3ca1f6b7e0
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11
 . . . . . . . . [c:0|t:5|false] NULL []
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		001d7d695abff32e3f54f89a6b4952becae5d23d7ee9bcbefd63ee7a199f60152f90659061f3da4d32818dedef243c5cc1456ccb7d7ee3354deae10758b7c2df4358d84babd3cf820b6d54b4e662a19a1bba3805044eb7f59ee787355053a14713e688548ee25525a4ab94267a5c1a26973a109deb46e71e4aadf9c980b5c3ff7832985ddbe2c05faf5a3dcfdfacedb76ebf6b2845b147398ef3201cca4050083782c3319b267ff64816a7b5adb1d166de0edb4f54f91c6d6ef8ff818557ecf9180ae6d0dc464131fce7ea3ec570b77fc51ead47eaf0624e2144407132c6e6d3836c061f9944c95999987743554dc5d825c1b912d8d27cd1c4a1f3ed39bc4a7f65