www.iawa.org

Issued by RapidSSL SHA256 CA

About this certificate

This digital certificate with serial number 20:42:36:c6:a3:9b:82:00:df:1c:c0:85:5d:45:c5:e3 was issued on by GeoTrust Inc..

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:

  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)
  • Sub certificates SHOULD include Subject Key Identifier in end entity certs (RFC 5280: 4.2 & 4.2.1.2)

www.iawa.org

GeoTrust Inc.

Organization: GeoTrust Inc.
Country: US

Time since certificate expired

This certificate has expire since

Certificate Details

Serial Number (hex): 20:42:36:c6:a3:9b:82:00:df:1c:c0:85:5d:45:c5:e3
Serial Number (int): 42879098445709435597585798586901579235
Serial Number lenght: 126 bits, 16 octets

SubjectKeyId:
AuthorityKeyId: 97:c2:27:50:9e:c2:c9:ec:0c:88:32:c8:7c:ad:e2:a6:01:4f:da:6f

Fingerprint (sha1): ad:e1:e3:4f:74:b7:57:a2:9a:ac:6e:d3:2f:80:3a:22:df:76:1c:1c
Fingerprint (sha256): 00:0c:a8:1d:6a:9e:52:b1:d9:08:6c:f8:25:07:fc:44:ef:5a:c2:17:8a:b8:0a:a7:c1:50:55:43:6a:51:e4:7f

Issuing Certificate URL: http://gp.symcb.com/gp.crt

Revocation information

OCSP Server: http://gp.symcd.com
CRL Distribution Point: http://gp.symcb.com/gp.crl

Check the revocation status for certificate www.iawa.org

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for www.iawa.org


Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

www.iawa.org
iawa.org

Certificate

The complete raw certificate details for www.iawa.org in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIFZjCCBE6gAwIBAgIQIEI2xqObggDfHMCFXUXF4zANBgkqhkiG9w0BAQsFADBC
MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMS
UmFwaWRTU0wgU0hBMjU2IENBMB4XDTE3MDgwMzAwMDAwMFoXDTE4MDgwMzIzNTk1
OVowFzEVMBMGA1UEAwwMd3d3Lmlhd2Eub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEA73i8LFsUhbOX22np8hYiP1jyQBHekvIKFp5AiEsxA/hzma2v
iDTEZPs4+ED7OE7NYTzKY7QdVuOEKTJ2C8t9GOApQxCdR0LoU4hJmVAScFiVekuA
UP1CdMvt7By3GuMtYB5jpN9F8nym81xxHxuXGi8ZI5JnBVKiWMuu3wsT4Cv8plCu
dsezK/3lGex+s2Ew+MacIApb73vQ0jXeaouPWijeYtaVFnYVazTZiWqy8f0L4G4s
GKuqTpfemNBj7jJXFACwDp21WRA8KMqW2SndNbK1MuJDvfo/G+paFlasdFrhq5nF
yd1tl88kBw8nrCog84ZMuJIg2sNkbBOUr3uQIQIDAQABo4ICgTCCAn0wIQYDVR0R
BBowGIIMd3d3Lmlhd2Eub3JngghpYXdhLm9yZzAJBgNVHRMEAjAAMCsGA1UdHwQk
MCIwIKAeoByGGmh0dHA6Ly9ncC5zeW1jYi5jb20vZ3AuY3JsMG8GA1UdIARoMGYw
ZAYGZ4EMAQIBMFowKgYIKwYBBQUHAgEWHmh0dHBzOi8vd3d3LnJhcGlkc3NsLmNv
bS9sZWdhbDAsBggrBgEFBQcCAjAgDB5odHRwczovL3d3dy5yYXBpZHNzbC5jb20v
bGVnYWwwHwYDVR0jBBgwFoAUl8InUJ7CyewMiDLIfK3ipgFP2m8wDgYDVR0PAQH/
BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBXBggrBgEFBQcB
AQRLMEkwHwYIKwYBBQUHMAGGE2h0dHA6Ly9ncC5zeW1jZC5jb20wJgYIKwYBBQUH
MAKGGmh0dHA6Ly9ncC5zeW1jYi5jb20vZ3AuY3J0MIIBBAYKKwYBBAHWeQIEAgSB
9QSB8gDwAHYA3esdK3oNT6Ygi4GtgWhwfi6OnQHVXIiNPRHEzbbsvswAAAFdqchC
rAAABAMARzBFAiEAh6mepO5WLVb0Z9O3OXb7EL3U7WZNQSJ2QTtsvgYgYb4CIGVb
cw34zWL1v/PphvnziDT0NPXIRUY19QvRizAhlQWpAHYApLkJkLQYWBSHuxOizGdw
Cjw1mAT5G9+443fNDsgN3BAAAAFdqchCxwAABAMARzBFAiEAtlUYJoMAuAtr2rVY
wndq5Ed8SQoAv3FRQX93k/Tp6RQCIHkKLEF1CfB976aYuMK+YG77pJtgeUs76RDz
q6Hz8idEMA0GCSqGSIb3DQEBCwUAA4IBAQC3hWWKCcOpTZbQeWbH9/4gVSb7NJLd
zhC6ny1rpLWjso98y7yTUsfTXbuH7sSZSCIfLtXzRuamvzuFNU0UfrCny7lUA45I
Xch/yMq6ZpQ4SInHv1g1HdaagqDN3dY3ABCK8/0rTM/ZSJ1d54jrumdZMrZLuHiD
LQSss/eP8liGSomgqNt5XmeIKWVzmtAZlbcqZNHb5/uVESlY0tDBFoubU0qHKwiP
tknGPHTq70riUdDt8HM6AlsgKXDoT03gJJ59UA8U7mRWffKa3g1ivYTHpecdTCGY
gf76Uvgo25qEBcTkkf4fmmCPO+B7kt5qOkk9JAq8WmPB87QhYlKW3OMe
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA73i8LFsUhbOX22np8hYi
P1jyQBHekvIKFp5AiEsxA/hzma2viDTEZPs4+ED7OE7NYTzKY7QdVuOEKTJ2C8t9
GOApQxCdR0LoU4hJmVAScFiVekuAUP1CdMvt7By3GuMtYB5jpN9F8nym81xxHxuX
Gi8ZI5JnBVKiWMuu3wsT4Cv8plCudsezK/3lGex+s2Ew+MacIApb73vQ0jXeaouP
WijeYtaVFnYVazTZiWqy8f0L4G4sGKuqTpfemNBj7jJXFACwDp21WRA8KMqW2Snd
NbK1MuJDvfo/G+paFlasdFrhq5nFyd1tl88kBw8nrCog84ZMuJIg2sNkbBOUr3uQ
IQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 42879098445709435597585798586901579235
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GeoTrust Inc.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'RapidSSL SHA256 CA'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2017-08-03 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2018-08-03 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'www.iawa.org'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 30230491559900434385552468767887394088441033154660625718449845401999473794620822916650108760115647491237778057543134774595102142841256201024121328342328416131107484058283093805012303347015170163875816492990406226687943322078231067960829323894728580455304563616793554169948217503319984183938701958057117541718576521641312040881834094377545078978949990839746148461127975131379169248017918194285179411156544349344815729833737316999589870441378675970402935714303074625946475989513630697097897464929674277120944261854063154849068009570048420659615031712990767157843474124104498597963905242428702065855358847814711599927329
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (26 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.iawa.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'iawa.org'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (36 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://gp.symcb.com/gp.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (104 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.rapidssl.com/legal'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.2 (unotice)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'https://www.rapidssl.com/legal'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 97c227509ec2c9ec0c8832c87cade2a6014fda6f
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (75 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://gp.symcd.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://gp.symcb.com/gp.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (245 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (242 bytes)
							00f0007600ddeb1d2b7a0d4fa6208b81ad8168707e2e8e9d01d55c888d3d11c4cdb6ecbecc0000015da9c842ac000004030047304502210087a99ea4ee562d56f467d3b73976fb10bdd4ed664d412276413b6cbe062061be0220655b730df8cd62f5bff3e986f9f38834f434f5c8454635f50bd18b30219505a9007600a4b90990b418581487bb13a2cc67700a3c359804f91bdfb8e377cd0ec80ddc100000015da9c842c70000040300473045022100b65518268300b80b6bdab558c2776ae4477c490a00bf7151417f7793f4e9e9140220790a2c417509f07defa698b8c2be606efba49b60794b3be910f3aba1f3f22744
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00b785658a09c3a94d96d07966c7f7fe205526fb3492ddce10ba9f2d6ba4b5a3b28f7ccbbc9352c7d35dbb87eec49948221f2ed5f346e6a6bf3b85354d147eb0a7cbb954038e485dc87fc8caba6694384889c7bf58351dd69a82a0cdddd63700108af3fd2b4ccfd9489d5de788ebba675932b64bb878832d04acb3f78ff258864a89a0a8db795e67882965739ad01995b72a64d1dbe7fb95112958d2d0c1168b9b534a872b088fb649c63c74eaef4ae251d0edf0733a025b202970e84f4de0249e7d500f14ee64567df29ade0d62bd84c7a5e71d4c219881fefa52f828db9a8405c4e491fe1f9a608f3be07b92de6a3a493d240abc5a63c1f3b421625296dce31e