DV SSL/TLS Certificate for jorn-metaal.nl

Certificate is witin its validity period

Issued by Let's Encrypt (R11)

About the jorn-metaal.nl DV SSL/TLS Certificate

This certificate with serial number 05:85:26:bc:f7:cb:37:7d:25:cb:f5:b8:d0:3a:47:79:d8:d3 for jorn-metaal.nl was issued on by Let's Encrypt.

With 3 subject alternative names, this certificate can be used to secure multiple FQDNs. This DV SSL/TLS Certificate is currently within its validity period but we haven't checked the revocation status of this certificate, you can do this simply on revocationcheck.com. We have found some issues with the compliance of this certificate, they are be shown below. We hope this DV SSL/TLS Certificate review for jorn-metaal.nl provides you with the detailed information you were looking for.


We have identified some issues with this certificate:
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Let's Encrypt

Organization: Let's Encrypt
Country: US

This X.509 certificate will expire on

Certificate Details

Serial Number (hex): 05:85:26:bc:f7:cb:37:7d:25:cb:f5:b8:d0:3a:47:79:d8:d3
Serial Number (int): 480870476300790942286628664800599864891603
Serial Number Length: 139 bits, 18 octets

Subject Key Identifier: a8:59:9c:68:e5:b6:21:c5:ad:00:a2:91:e6:79:c4:b9:a2:4f:ed:13
Authority Key Identifier: c5:cf:46:a4:ea:f4:c3:c0:7a:6c:95:c4:2d:b0:5e:92:2f:26:e3:b9

Fingerprint (SHA-1): 8f:2b:83:f7:66:28:8a:32:43:a0:0f:32:5b:a1:65:d0:6f:83:7e:bf
Fingerprint (SHA-256): 59:99:1a:63:eb:77:c9:9d:be:33:05:08:39:e3:1d:90:ca:fc:18:92:d9:2e:08:b0:93:f9:de:34:f2:4f:2f:a5

Issuing Certificate URL: http://r11.i.lencr.org/

Revocation Information

CRL Distribution Point: http://r11.c.lencr.org/84.crl

Check the revocation status for certificate jorn-metaal.nl
3
DNS Names
0
Email Addresses
0
IP Addresses

Advanced Certificate Properties

Technical details of the X.509 certificate for jorn-metaal.nl

Public Key Algorithm
RSA
Key Size
4096
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
10
CA Certificate
This is not a CA certificate

Subject Alternative Names

X.509 Certificate

The complete raw X.509 certificate details for jorn-metaal.nl in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIGITCCBQmgAwIBAgISBYUmvPfLN30ly/W40DpHedjTMA0GCSqGSIb3DQEBCwUA
MDMxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQwwCgYDVQQD
EwNSMTEwHhcNMjUwNjEzMDUzMjAxWhcNMjUwOTExMDUzMjAwWjAZMRcwFQYDVQQD
Ew5qb3JuLW1ldGFhbC5ubDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB
ALu8nOrUKEANogBf88Mwsdq4UZumz5qWxAirzmbr4kBeH/INVymqv/zEkodUiQ3e
LUTlTtFfKI/in3barPFlJStXYFeSsXdAl8d8XpZkFh3wVlwLkF+V9uFSaBHpjcVi
6X6DvozCIclWmQuPjSa7TVZRaEZGl9EKNfiIc8dUdc6iAnaLuUIEul0o5hENEDbi
6HpYoS4MwjlLCPWVUCs7H4w2uTStnhFXU42pssYWR2qDBm8ZsW4EGFXf8rkHjt11
EZ0ooVqOVW95OTUdBWrfeE3TCc5R5T15AxYZQCWVFupK0SWT5XoYnRnSRDBPx+y9
UeuBSu92Bx5WUw4L5zf2PH0kgiGx2fvcPcmC/j496l7TJs1PiqjCiVGwVNminVY0
FB0IqZ11catff78Uqy8skNgBS6CXLQ+PSx+XF9jnIr1Q8q+O9pewIWKzW9Yydrn8
UbvF5u3Ue1GHRf5loWQZg/hp4BhNeVhnCZwp0aFTzM7v2mPXOnwLPeoqShpsDQdl
hnr3YSe3KZVaqBfnC2n3f46Oc3Y+Iq7CBvnBz6VPJyWu+gRl3Jh1x3FcqwzVPEMe
ackAHgqZrxrnINyPVvxEPVnEcbDoV5VpeUSXIoakxf2/COUQIOBZb1a+1QeXSzCN
gaLyMV5gOjjREP7xqsq86ZT7RbLSdbQi/Q2yOHNABXWrAgMBAAGjggJHMIICQzAO
BgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwG
A1UdEwEB/wQCMAAwHQYDVR0OBBYEFKhZnGjltiHFrQCikeZ5xLmiT+0TMB8GA1Ud
IwQYMBaAFMXPRqTq9MPAemyVxC2wXpIvJuO5MDMGCCsGAQUFBwEBBCcwJTAjBggr
BgEFBQcwAoYXaHR0cDovL3IxMS5pLmxlbmNyLm9yZy8wQgYDVR0RBDswOYIOam9y
bi1tZXRhYWwubmyCE21haWwuam9ybi1tZXRhYWwubmyCEnd3dy5qb3JuLW1ldGFh
bC5ubDATBgNVHSAEDDAKMAgGBmeBDAECATAuBgNVHR8EJzAlMCOgIaAfhh1odHRw
Oi8vcjExLmMubGVuY3Iub3JnLzg0LmNybDCCAQQGCisGAQQB1nkCBAIEgfUEgfIA
8AB2AMz7D2qFcQll/pWbU87psnwi6YVcDZeNtql+VMD+TA2wAAABl2f7mNIAAAQD
AEcwRQIgNxzwqjKQ9UPIfD/HfCV2fxdgXyUxVqfjjjbgwz3M880CIQDCgV3teiU5
tUgs5YGNw3JrZxkBpdk5zeNJvfZq0trqGgB2AN3cyjSV1+EWBeeVMvrHn/g9HFDf
2wA6FBJ2Ciysu8gqAAABl2f7mNkAAAQDAEcwRQIhAPfP7q4PrIMy89Ez8bkevhHR
idOdqDE5GrR044rqQ+oPAiAag2y90o8Dl+lN4W0ZLx1HY3wr0M5K4q8kbZ59nyOJ
4zANBgkqhkiG9w0BAQsFAAOCAQEAcoqE5xDHnmvtfJKVIjs/J+KwURMbUXBlrp17
Msza+y7LYQdSZpkjVnhgxsT1Np8e+cPEmwI7EurqMHo3OgFFZfYnJrJ3JqdT97a1
4gXjla0M6I0+LZEovQhHTiaA7Kj24Mf+NpyUDP0uHFFfP24+nytnwnJq9lxDDbds
SIWA/g/7WCKjqnNXetDowsPL52rzpsabUWBYSS+MfAwVrFHqFwdSZYKGlpLKJbck
CMGl/hAQ9i6km+02UhwqgjHhOBbd8nle1tuk24WzttadEqz0+U3l+pvkDJzkE6Qx
kfJRgy86C6E403NDgXHa9u0RdiJ24Xknx0tsn2CnvgPpce33YA==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAu7yc6tQoQA2iAF/zwzCx
2rhRm6bPmpbECKvOZuviQF4f8g1XKaq//MSSh1SJDd4tROVO0V8oj+Kfdtqs8WUl
K1dgV5Kxd0CXx3xelmQWHfBWXAuQX5X24VJoEemNxWLpfoO+jMIhyVaZC4+NJrtN
VlFoRkaX0Qo1+Ihzx1R1zqICdou5QgS6XSjmEQ0QNuLoelihLgzCOUsI9ZVQKzsf
jDa5NK2eEVdTjamyxhZHaoMGbxmxbgQYVd/yuQeO3XURnSihWo5Vb3k5NR0Fat94
TdMJzlHlPXkDFhlAJZUW6krRJZPlehidGdJEME/H7L1R64FK73YHHlZTDgvnN/Y8
fSSCIbHZ+9w9yYL+Pj3qXtMmzU+KqMKJUbBU2aKdVjQUHQipnXVxq19/vxSrLyyQ
2AFLoJctD49LH5cX2OcivVDyr472l7AhYrNb1jJ2ufxRu8Xm7dR7UYdF/mWhZBmD
+GngGE15WGcJnCnRoVPMzu/aY9c6fAs96ipKGmwNB2WGevdhJ7cplVqoF+cLafd/
jo5zdj4irsIG+cHPpU8nJa76BGXcmHXHcVyrDNU8Qx5pyQAeCpmvGucg3I9W/EQ9
WcRxsOhXlWl5RJcihqTF/b8I5RAg4FlvVr7VB5dLMI2BovIxXmA6ONEQ/vGqyrzp
lPtFstJ1tCL9DbI4c0AFdasCAwEAAQ==
-----END PUBLIC KEY-----

ASN.1 Decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 480870476300790942286628664800599864891603
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11
 . . . . . . . . . . . . [c:0|t:5|false] NULL []
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'R11'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-06-13 05:32:01 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-09-11 05:32:00 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'jorn-metaal.nl'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL []
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 765899197501331402644440585413964735696110450713381184116764922364847311359696792061028694935609178535106815358537706309232223378182374334798186288226976215246612731748315924533713852577520007668323637979876124667886246660031836240618026447997215985292045151491884272708222355004369352325682920471077446134481848817200818339252587567983337902410587729536676897840890620094276855565026424227177793215656218341345190332281842355974216554429402947159604870504459142113284750374557810563068664411460080337359985877886044346562836137482179782807462792604186141437131819071968421576577400188998928754463231806136675165601192426151498307409502742615170620522605470197468407469559469935729149117692679150553168394157301654882930019852904465918973666415477717591404062181006417654350147081695189307088500212062470011693707972571564227814866915256195312217132807537068696562115079673077660889868423450178997744820802727775640463264736461553015925927593625836072104527298441197500070784651086813769570419656171319314280945441690126609121102247440605148516306052096348776725855974079422564100073538742551351118689632214070509417222067835387644080668746325189412677436532254959865346768733235610511777364192521597330922773154782346930994677118379
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							a8599c68e5b621c5ad00a291e679c4b9a24fed13
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName c5cf46a4eaf4c3c07a6c95c42db05e922f26e3b9
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (39 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r11.i.lencr.org/'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (59 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'jorn-metaal.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mail.jorn-metaal.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.jorn-metaal.nl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (39 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r11.c.lencr.org/84.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (245 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (242 bytes)
							00f0007600ccfb0f6a85710965fe959b53cee9b27c22e9855c0d978db6a97e54c0fe4c0db00000019767fb98d200000403004730450220371cf0aa3290f543c87c3fc77c25767f17605f253156a7e38e36e0c33dccf3cd022100c2815ded7a2539b5482ce5818dc3726b671901a5d939cde349bdf66ad2daea1a007600dddcca3495d7e11605e79532fac79ff83d1c50dfdb003a1412760a2cacbbc82a0000019767fb98d90000040300473045022100f7cfeeae0fac8332f3d133f1b91ebe11d189d39da831391ab474e38aea43ea0f02201a836cbdd28f0397e94de16d192f1d47637c2bd0ce4ae2af246d9e7d9f2389e3
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11
 . . . . . . . . [c:0|t:5|false] NULL []
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00728a84e710c79e6bed7c9295223b3f27e2b051131b517065ae9d7b32ccdafb2ecb610752669923567860c6c4f5369f1ef9c3c49b023b12eaea307a373a014565f62726b27726a753f7b6b5e205e395ad0ce88d3e2d9128bd08474e2680eca8f6e0c7fe369c940cfd2e1c515f3f6e3e9f2b67c2726af65c430db76c488580fe0ffb5822a3aa73577ad0e8c2c3cbe76af3a6c69b516058492f8c7c0c15ac51ea1707526582869692ca25b72408c1a5fe1010f62ea49bed36521c2a8231e13816ddf2795ed6dba4db85b3b6d69d12acf4f94de5fa9be40c9ce413a43191f251832f3a0ba138d373438171daf6ed11762276e17927c74b6c9f60a7be03e971edf760