DV SSL/TLS Certificate for *.openzone.org

Certificate is witin its validity period

Issued by Let's Encrypt (R10)

About the *.openzone.org DV SSL/TLS Certificate

This certificate with serial number 06:f1:67:35:ee:c7:d5:d3:14:5a:fe:31:de:ba:b4:17:41:99 for *.openzone.org was issued on by Let's Encrypt.

With 2 subject alternative names, this certificate can be used to secure multiple FQDNs. This DV SSL/TLS Certificate is currently within its validity period but we haven't checked the revocation status of this certificate, you can do this simply on revocationcheck.com. We have found some issues with the compliance of this certificate, they are be shown below. We hope this DV SSL/TLS Certificate review for *.openzone.org provides you with the detailed information you were looking for.


We have identified some issues with this certificate:
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Let's Encrypt

Organization: Let's Encrypt
Country: US

This X.509 certificate will expire on

Certificate Details

Serial Number (hex): 06:f1:67:35:ee:c7:d5:d3:14:5a:fe:31:de:ba:b4:17:41:99
Serial Number (int): 604818956536853063751191984206801452614041
Serial Number Length: 139 bits, 18 octets

Subject Key Identifier: b6:12:11:f4:fe:10:84:83:4f:66:18:a8:8b:1f:bf:5f:d3:ba:f6:a9
Authority Key Identifier: bb:bc:c3:47:a5:e4:bc:a9:c6:c3:a4:72:0c:10:8d:a2:35:e1:c8:e8

Fingerprint (SHA-1): 6a:cf:c2:36:40:33:f5:40:67:66:80:ca:a3:66:4e:50:12:2e:e7:93
Fingerprint (SHA-256): 0e:57:ae:cb:c7:b0:0d:6a:29:8a:ce:f4:a2:5d:8e:c8:c3:82:5b:ad:21:0a:51:43:0c:20:b1:f0:6e:fe:1e:28

Issuing Certificate URL: http://r10.i.lencr.org/

Revocation Information

CRL Distribution Point: http://r10.c.lencr.org/26.crl

Check the revocation status for certificate *.openzone.org
2
DNS Names
0
Email Addresses
0
IP Addresses

Advanced Certificate Properties

Technical details of the X.509 certificate for *.openzone.org

Public Key Algorithm
RSA
Key Size
2048
Signature Algorithm
SHA256 with RSA
Key Usage
Key Encipherment
Digital Signature
Extended Key Usages
Server Authentication
Client Authentication
Extensions
10
CA Certificate
This is not a CA certificate

Subject Alternative Names

X.509 Certificate

The complete raw X.509 certificate details for *.openzone.org in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISBvFnNe7H1dMUWv4x3rq0F0GZMA0GCSqGSIb3DQEBCwUA
MDMxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQwwCgYDVQQD
EwNSMTAwHhcNMjUwNjIyMTE0OTUzWhcNMjUwOTIwMTE0OTUyWjAZMRcwFQYDVQQD
DA4qLm9wZW56b25lLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AL52rBqlRbQzuYILU/Dc5/MFkVzMQOjin3dcqrQ5E4KrGPWrF5j2ew71Fo0KgR17
oMs8jf3P9wc9PvPeylm6I5bIC4NpKnpOR1Z3ynZwYAc3RH9BtW2t8GGx+/p4cPVd
+dVd8ndqfeSlyl7ye3OZnFyizn2bEMtstEriHMdhMkr/s6VGSN8Era6PhE9oI8M7
KHQYnLP5J96YKLEfwKM2/5laAy+crP6NjyaJL/t0XHltCZZFgRJt/22fZdsXj1L4
F+ChFcMajvm2+RE/E08fWdD319EVShLllfLT+EcVrUfbbX27NLh0Gg/Q1QLXOotz
1GuPPRUe2GuZLKTRu6OUmNECAwEAAaOCAiswggInMA4GA1UdDwEB/wQEAwIFoDAd
BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNV
HQ4EFgQUthIR9P4QhINPZhioix+/X9O69qkwHwYDVR0jBBgwFoAUu7zDR6XkvKnG
w6RyDBCNojXhyOgwMwYIKwYBBQUHAQEEJzAlMCMGCCsGAQUFBzAChhdodHRwOi8v
cjEwLmkubGVuY3Iub3JnLzAnBgNVHREEIDAegg4qLm9wZW56b25lLm9yZ4IMb3Bl
bnpvbmUub3JnMBMGA1UdIAQMMAowCAYGZ4EMAQIBMC4GA1UdHwQnMCUwI6AhoB+G
HWh0dHA6Ly9yMTAuYy5sZW5jci5vcmcvMjYuY3JsMIIBAwYKKwYBBAHWeQIEAgSB
9ASB8QDvAHYAzPsPaoVxCWX+lZtTzumyfCLphVwNl422qX5UwP5MDbAAAAGXl67J
rwAABAMARzBFAiEA3xxEyqX41RcTA0tJGNNLGX8RpHJmVWioZ+4k7CcfWKICICoB
7iWahU4FwONQVqg31m77TA1aJp7knNtAh/AmSgF4AHUApELFBklgYVSPD9TqnPt6
LSZFTYepfy/fRVn2J086hFQAAAGXl67ZNQAABAMARjBEAiA7v3DhiPIXc6xi2drI
tky0pNGdNk90FAggDbdYw7fBZwIgbWlwRjP7/17raWDZUiCYtA3FwVq/RRtUlPXK
S0UikWkwDQYJKoZIhvcNAQELBQADggEBAIMjEFA1nMoFwOu0zJrHEakVMhwg8iHM
sripplgn+srYzKa0umO80DF89lX5CWUm6G0NrKveGviInzE9vGmRH9aoeAoX8iH2
o9qjkCxqgIIny+qxJTFZ2ZIAEim44odWevLQ2usDWFJfhLqyWiIadcG0UX9iEhi0
xYJoMr4Zv4YRbowr0wOst21tgZdHKembbSxjQLxZ9zlsEfBJapE0mEfPwqtkQdWT
pgFJkUKzOw0vZk2YM71UEiGQ9Ht6tWtqF2yzgvzkdkp/SikiNPTBEoKNyFW0mbJU
YxHXzMC9qFBpYkbPpViuRh+P8Mq66hfnYg0LFxkNYZnuTqWRKOx2l7w=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvnasGqVFtDO5ggtT8Nzn
8wWRXMxA6OKfd1yqtDkTgqsY9asXmPZ7DvUWjQqBHXugyzyN/c/3Bz0+897KWboj
lsgLg2kqek5HVnfKdnBgBzdEf0G1ba3wYbH7+nhw9V351V3yd2p95KXKXvJ7c5mc
XKLOfZsQy2y0SuIcx2EySv+zpUZI3wStro+ET2gjwzsodBics/kn3pgosR/Aozb/
mVoDL5ys/o2PJokv+3RceW0JlkWBEm3/bZ9l2xePUvgX4KEVwxqO+bb5ET8TTx9Z
0PfX0RVKEuWV8tP4RxWtR9ttfbs0uHQaD9DVAtc6i3PUa489FR7Ya5kspNG7o5SY
0QIDAQAB
-----END PUBLIC KEY-----

ASN.1 Decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 604818956536853063751191984206801452614041
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11
 . . . . . . . . . . . . [c:0|t:5|false] NULL []
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'R10'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-06-22 11:49:53 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-09-20 11:49:52 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String '*.openzone.org'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL []
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 24043797426648998849851717598104125725596460861728619560046061639501303453839014374565138332990328403484241830772844235923500972048875013429250854869541228103434299423611799056149138683910605964497250075641009541978086354729266480014643061346099904677593002766950114961386960002332127871842477754361965505778822086216197037126691877705161370479656454358764156255097853916383455354875787643897082780769970488322828368975863126268489105671260010136527649394828798803131132830348474289167335690617694315169644905227638296564303547082918640908443044745305652879439212254598052673477482326117861292028245623945193122470097
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							b61211f4fe1084834f6618a88b1fbf5fd3baf6a9
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName bbbcc347a5e4bca9c6c3a4720c108da235e1c8e8
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (39 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r10.i.lencr.org/'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (32 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.openzone.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'openzone.org'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (39 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r10.c.lencr.org/26.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (244 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (241 bytes)
							00ef007600ccfb0f6a85710965fe959b53cee9b27c22e9855c0d978db6a97e54c0fe4c0db00000019797aec9af0000040300473045022100df1c44caa5f8d51713034b4918d34b197f11a472665568a867ee24ec271f58a202202a01ee259a854e05c0e35056a837d66efb4c0d5a269ee49cdb4087f0264a0178007500a442c506496061548f0fd4ea9cfb7a2d26454d87a97f2fdf4559f6274f3a84540000019797aed935000004030046304402203bbf70e188f21773ac62d9dac8b64cb4a4d19d364f741408200db758c3b7c16702206d69704633fbff5eeb6960d9522098b40dc5c15abf451b5494f5ca4b45229169
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11
 . . . . . . . . [c:0|t:5|false] NULL []
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		0083231050359cca05c0ebb4cc9ac711a915321c20f221ccb2b8a9a65827facad8cca6b4ba63bcd0317cf655f9096526e86d0dacabde1af8889f313dbc69911fd6a8780a17f221f6a3daa3902c6a808227cbeab1253159d992001229b8e287567af2d0daeb0358525f84bab25a221a75c1b4517f621218b4c5826832be19bf86116e8c2bd303acb76d6d81974729e99b6d2c6340bc59f7396c11f0496a91349847cfc2ab6441d593a601499142b33b0d2f664d9833bd54122190f47b7ab56b6a176cb382fce4764a7f4a292234f4c112828dc855b499b2546311d7ccc0bda850696246cfa558ae461f8ff0cabaea17e7620d0b17190d6199ee4ea59128ec7697bc