DV SSL/TLS Certificate for *.crosswatergardens.org

Certificate is witin its validity period

Issued by Let's Encrypt (R11)

About the *.crosswatergardens.org DV SSL/TLS Certificate

This certificate with serial number 05:5d:a0:06:03:d3:f3:2c:4c:96:b8:57:19:bf:83:0c:17:b4 for *.crosswatergardens.org was issued on by Let's Encrypt.

With 2 subject alternative names, this certificate can be used to secure multiple FQDNs. This DV SSL/TLS Certificate is currently within its validity period but we haven't checked the revocation status of this certificate, you can do this simply on revocationcheck.com. We have found some issues with the compliance of this certificate, they are be shown below. We hope this DV SSL/TLS Certificate review for *.crosswatergardens.org provides you with the detailed information you were looking for.


We have identified some issues with this certificate:
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Let's Encrypt

Organization: Let's Encrypt
Country: US

This X.509 certificate will expire on

Certificate Details

Serial Number (hex): 05:5d:a0:06:03:d3:f3:2c:4c:96:b8:57:19:bf:83:0c:17:b4
Serial Number (int): 467420397493194877597111300138989670635444
Serial Number Length: 139 bits, 18 octets

Subject Key Identifier: 74:81:2b:4b:3e:33:6c:23:89:66:1c:cb:dc:46:2c:86:4f:0d:f1:91
Authority Key Identifier: c5:cf:46:a4:ea:f4:c3:c0:7a:6c:95:c4:2d:b0:5e:92:2f:26:e3:b9

Fingerprint (SHA-1): 52:8f:72:2f:3f:17:f7:9b:3c:a8:f8:67:78:c3:47:bb:13:94:0b:16
Fingerprint (SHA-256): bd:07:a7:98:18:f8:3f:e5:a1:c4:53:1a:50:c4:e5:9c:c1:e4:d8:54:13:6a:c9:08:22:26:dc:67:fe:32:9c:1f

Issuing Certificate URL: http://r11.i.lencr.org/

Revocation Information

CRL Distribution Point: http://r11.c.lencr.org/53.crl

Check the revocation status for certificate *.crosswatergardens.org
2
DNS Names
0
Email Addresses
0
IP Addresses

Advanced Certificate Properties

Technical details of the X.509 certificate for *.crosswatergardens.org

Public Key Algorithm
RSA
Key Size
2048
Signature Algorithm
SHA256 with RSA
Key Usage
Key Encipherment
Digital Signature
Extended Key Usages
Server Authentication
Client Authentication
Extensions
10
CA Certificate
This is not a CA certificate

Subject Alternative Names

X.509 Certificate

The complete raw X.509 certificate details for *.crosswatergardens.org in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIFIDCCBAigAwIBAgISBV2gBgPT8yxMlrhXGb+DDBe0MA0GCSqGSIb3DQEBCwUA
MDMxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQwwCgYDVQQD
EwNSMTEwHhcNMjUwNTI4MDE1MTU0WhcNMjUwODI2MDE1MTUzWjAiMSAwHgYDVQQD
DBcqLmNyb3Nzd2F0ZXJnYXJkZW5zLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAIkLO8bLPVxe+TPZp+DCYvadihPa584bWTSCxtP5hN+6/L8XHiPz
f6n2yi1U/alZQ186JAvqqZfgRfiwvPIZjm26yLPVz3O5M4oOFYeqAtIMjW+pLg/a
QO9OjAlrSap9AWMJ+c9jxNAGEs7ezzTVpC4LI2I/Y/cDUAXCYzzPhS59P7VGGQi5
SwNuIE4YJjmDD0CnfdNMTDhmhU7lvJmTLsspLLkBQ+vpgg9I06G11muTHh+bZqrb
Uehj0861v6GsEWfGwvnSn9w5Dn3BZ2tq4R6IHW0hQb84omeTyt83VaBfh/ES8pc4
DpHHABQehbWHox1mLqErccMXt0+5aI0dg98CAwEAAaOCAj0wggI5MA4GA1UdDwEB
/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/
BAIwADAdBgNVHQ4EFgQUdIErSz4zbCOJZhzL3EYshk8N8ZEwHwYDVR0jBBgwFoAU
xc9GpOr0w8B6bJXELbBeki8m47kwMwYIKwYBBQUHAQEEJzAlMCMGCCsGAQUFBzAC
hhdodHRwOi8vcjExLmkubGVuY3Iub3JnLzA5BgNVHREEMjAwghcqLmNyb3Nzd2F0
ZXJnYXJkZW5zLm9yZ4IVY3Jvc3N3YXRlcmdhcmRlbnMub3JnMBMGA1UdIAQMMAow
CAYGZ4EMAQIBMC4GA1UdHwQnMCUwI6AhoB+GHWh0dHA6Ly9yMTEuYy5sZW5jci5v
cmcvNTMuY3JsMIIBAwYKKwYBBAHWeQIEAgSB9ASB8QDvAHUA7TxL1ugGwqSiAFfb
yyTiOAHfUS/txIbFcA8g3bc+P+AAAAGXFMxTDAAABAMARjBEAiAl6BIRyWYSVpXq
e23PIiNHxqbCgVKotZnhyxOfqS7kgAIgJ7EvPCZjlXV9TF0qwOzveRKxnrqjTBYv
64ia62OErDQAdgAN4fIwK9MNwUBiEgnqVS78R3R8sdfpMO8OQh60fk6qNAAAAZcU
zFMaAAAEAwBHMEUCIQClPzKoEfoeacJshVl2Tfw+U9mNqpF07yjKSCSF4mroywIg
cmqm0IoVcQXNhtbf455LcbyVGmJT6jrhCUvITeWtA4MwDQYJKoZIhvcNAQELBQAD
ggEBAAbQ6KNgKXA4V3J+s7g1plIsJDvqWmm0Jl3uUujNIZAzk6isOFMPapeQBmbu
vkDuQ8AcECuiyegCtUGShdiiIDrakM8i1CbS+fPRYZwhf7DpnqJek+R2fnxpQX0H
KZqkSl+LeO7ydLCo9B4bEHzkRVwOZDp2ocShdrVDwVswautqqrKpuhEPSRD0vwRt
Nyi/JpZlpEy6GjBlhiU7c3E1C1AO73FXC9nYOMsdZGiHaYfUpF/OpKnRJ6gqSnoB
cSivr5FV7bkIF85f2jYCfEd1hg2zNcl/EI6LAyC5Rfe1AQI4H5aNpM0ZrDAES/Od
CwRd3o8scwN4dF5U+GrZWSHorRs=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiQs7xss9XF75M9mn4MJi
9p2KE9rnzhtZNILG0/mE37r8vxceI/N/qfbKLVT9qVlDXzokC+qpl+BF+LC88hmO
bbrIs9XPc7kzig4Vh6oC0gyNb6kuD9pA706MCWtJqn0BYwn5z2PE0AYSzt7PNNWk
LgsjYj9j9wNQBcJjPM+FLn0/tUYZCLlLA24gThgmOYMPQKd900xMOGaFTuW8mZMu
yyksuQFD6+mCD0jTobXWa5MeH5tmqttR6GPTzrW/oawRZ8bC+dKf3DkOfcFna2rh
HogdbSFBvziiZ5PK3zdVoF+H8RLylzgOkccAFB6FtYejHWYuoStxwxe3T7lojR2D
3wIDAQAB
-----END PUBLIC KEY-----

ASN.1 Decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 467420397493194877597111300138989670635444
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11
 . . . . . . . . . . . . [c:0|t:5|false] NULL []
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'R11'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-05-28 01:51:54 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-08-26 01:51:53 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String '*.crosswatergardens.org'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL []
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 17300187226695636458194647383143320710531716067426145510789217255242453671749441849822141363937803886228731641102839801371279325411438650001964898583389254237494044103207419193775692963314794149482391781449212678423168342241492359717315008759277458524221189484901341855137062519024935536859706288546762115959592637547753743157219043714987013440386078184962962160373869929846093671886771852691430143269033202490563817653080747547261962732762520735641100860341025600484833979098613451458712895620901136080196184929991036595939865075696157083987883546472291026680728935881163193115431913289237097455789801562728182940639
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							74812b4b3e336c2389661ccbdc462c864f0df191
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName c5cf46a4eaf4c3c07a6c95c42db05e922f26e3b9
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (39 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r11.i.lencr.org/'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (50 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.crosswatergardens.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'crosswatergardens.org'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (39 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r11.c.lencr.org/53.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (244 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (241 bytes)
							00ef007500ed3c4bd6e806c2a4a20057dbcb24e23801df512fedc486c5700f20ddb73e3fe00000019714cc530c0000040300463044022025e81211c966125695ea7b6dcf222347c6a6c28152a8b599e1cb139fa92ee480022027b12f3c266395757d4c5d2ac0ecef7912b19ebaa34c162feb889aeb6384ac340076000de1f2302bd30dc140621209ea552efc47747cb1d7e930ef0e421eb47e4eaa340000019714cc531a0000040300473045022100a53f32a811fa1e69c26c8559764dfc3e53d98daa9174ef28ca482485e26ae8cb0220726aa6d08a157105cd86d6dfe39e4b71bc951a6253ea3ae1094bc84de5ad0383
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11
 . . . . . . . . [c:0|t:5|false] NULL []
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		0006d0e8a36029703857727eb3b835a6522c243bea5a69b4265dee52e8cd21903393a8ac38530f6a97900666eebe40ee43c01c102ba2c9e802b5419285d8a2203ada90cf22d426d2f9f3d1619c217fb0e99ea25e93e4767e7c69417d07299aa44a5f8b78eef274b0a8f41e1b107ce4455c0e643a76a1c4a176b543c15b306aeb6aaab2a9ba110f4910f4bf046d3728bf269665a44cba1a306586253b7371350b500eef71570bd9d838cb1d6468876987d4a45fcea4a9d127a82a4a7a017128afaf9155edb90817ce5fda36027c4775860db335c97f108e8b0320b945f7b50102381f968da4cd19ac30044bf39d0b045dde8f2c730378745e54f86ad95921e8ad1b