DV SSL/TLS Certificate for canafoundation.org

Certificate is witin its validity period

Issued by Let's Encrypt (R10)

About the canafoundation.org DV SSL/TLS Certificate

This certificate with serial number 06:1b:d7:97:c5:1a:52:d7:b1:51:47:e1:22:84:27:17:74:a6 for canafoundation.org was issued on by Let's Encrypt.

With 2 subject alternative names, this certificate can be used to secure multiple FQDNs. This DV SSL/TLS Certificate is currently within its validity period but we haven't checked the revocation status of this certificate, you can do this simply on revocationcheck.com. We have found some issues with the compliance of this certificate, they are be shown below. We hope this DV SSL/TLS Certificate review for canafoundation.org provides you with the detailed information you were looking for.


We have identified some issues with this certificate:
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Let's Encrypt

Organization: Let's Encrypt
Country: US

This X.509 certificate will expire on

Certificate Details

Serial Number (hex): 06:1b:d7:97:c5:1a:52:d7:b1:51:47:e1:22:84:27:17:74:a6
Serial Number (int): 532147911551066476736865484971603456914598
Serial Number Length: 139 bits, 18 octets

Subject Key Identifier: 66:4d:ff:9b:c9:68:1c:88:3e:62:7c:7e:6c:9d:da:be:cf:ad:33:59
Authority Key Identifier: bb:bc:c3:47:a5:e4:bc:a9:c6:c3:a4:72:0c:10:8d:a2:35:e1:c8:e8

Fingerprint (SHA-1): fe:1a:c3:5b:c8:6e:49:8c:eb:2a:1d:d1:58:17:1f:18:51:3a:55:93
Fingerprint (SHA-256): 05:37:b4:e8:ee:32:2f:60:b1:5e:95:cf:e5:92:de:9d:33:54:57:86:cb:7c:07:60:20:1c:25:77:38:3e:b6:7c

Issuing Certificate URL: http://r10.i.lencr.org/

Revocation Information

CRL Distribution Point: http://r10.c.lencr.org/39.crl

Check the revocation status for certificate canafoundation.org
2
DNS Names
0
Email Addresses
0
IP Addresses

Advanced Certificate Properties

Technical details of the X.509 certificate for canafoundation.org

Public Key Algorithm
RSA
Key Size
2048
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
10
CA Certificate
This is not a CA certificate

Subject Alternative Names

X.509 Certificate

The complete raw X.509 certificate details for canafoundation.org in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISBhvXl8UaUtexUUfhIoQnF3SmMA0GCSqGSIb3DQEBCwUA
MDMxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQwwCgYDVQQD
EwNSMTAwHhcNMjUwNTI1MTAxODUyWhcNMjUwODIzMTAxODUxWjAdMRswGQYDVQQD
ExJjYW5hZm91bmRhdGlvbi5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQCv8Ej2HSBI+A6Vq1u5pR/1/koTj/7vDajPM/x3qOev+RStPOeFddY/321D
cjjkihJ0wfQiCjROx860wEwViFS6YC4DKXmYJyVclO9BBEcDfMTJUUrtRz94x56z
tJ+sE1FmYFF5M14/4bCLO4ySPbe6euNLEFB4ig7+PERrX/3b7gnKqxf/a01gjudl
eyurABNyp5tCuKoFLBG2WFrcMxSvVmPziOpj+HIe7CPP7E7Nr0rIRpuRBfh4hc9b
yB42VN7D+aEKspA0CdNUldkdePYBgghR30f6BH3KADtlTkcQMoxbiej/Ht9p0JGN
2002poLpyniSmfCEl/Jsd3DQNGNzAgMBAAGjggI7MIICNzAOBgNVHQ8BAf8EBAMC
BaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAw
HQYDVR0OBBYEFGZN/5vJaByIPmJ8fmyd2r7PrTNZMB8GA1UdIwQYMBaAFLu8w0el
5LypxsOkcgwQjaI14cjoMDMGCCsGAQUFBwEBBCcwJTAjBggrBgEFBQcwAoYXaHR0
cDovL3IxMC5pLmxlbmNyLm9yZy8wNQYDVR0RBC4wLIISY2FuYWZvdW5kYXRpb24u
b3JnghZ3d3cuY2FuYWZvdW5kYXRpb24ub3JnMBMGA1UdIAQMMAowCAYGZ4EMAQIB
MC4GA1UdHwQnMCUwI6AhoB+GHWh0dHA6Ly9yMTAuYy5sZW5jci5vcmcvMzkuY3Js
MIIBBQYKKwYBBAHWeQIEAgSB9gSB8wDxAHcA3dzKNJXX4RYF55Uy+sef+D0cUN/b
ADoUEnYKLKy7yCoAAAGXBylkzwAABAMASDBGAiEA5OqNq8rJpOhIrD3yIQal27cO
caSZ+fLScMytACtUl0oCIQCeSmGEobQqEGPsyyPTpT1hc5FuvbTE6zAdgETbo5ug
+QB2AK8YGijWjKPgqYpMnGerCfi7vCK6rryxOKOhndP5tgMNAAABlwcpZzcAAAQD
AEcwRQIgPCRVUU21b0GKp0/cfbnkdjPPVvnUHivZP8Keg+8isXgCIQCKukpTjEl/
4LG41u1Gv1i43H5PwqyfDiZv5AKhg0v8qDANBgkqhkiG9w0BAQsFAAOCAQEAtRDc
NiCTyzDFq2GK2L3ip+lea/iAUNS5ehI26u6jIKX4wVhOpxf89jWeBtphBM0HZ/WD
3ArzqDAN2lh6hyjYohjo9cdkz9TrUx+Y2PtHLkKlL0TAIUaUdidCJ6REywmcF/9Y
+PEdUMDNBfvLATMToeRQTSh/xqYV9Ur9hjZWioytHzKRwz5l2BsKNDR6veHgkEJl
5HPapzGX3pM8DFmo001T2ikpyasCj22KrEmkZOPs9MV19OxsAfmQ396Q/RRbxWQD
gDuJfHo1Yf11AfBm9QrAOnqWv24+UXbwW5Ls815rNHA2s1AnlVvZhH9Kam/BOwf5
bOU+eb2j4SlBFtTn+Q==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr/BI9h0gSPgOlatbuaUf
9f5KE4/+7w2ozzP8d6jnr/kUrTznhXXWP99tQ3I45IoSdMH0Igo0TsfOtMBMFYhU
umAuAyl5mCclXJTvQQRHA3zEyVFK7Uc/eMees7SfrBNRZmBReTNeP+GwizuMkj23
unrjSxBQeIoO/jxEa1/92+4JyqsX/2tNYI7nZXsrqwATcqebQriqBSwRtlha3DMU
r1Zj84jqY/hyHuwjz+xOza9KyEabkQX4eIXPW8geNlTew/mhCrKQNAnTVJXZHXj2
AYIIUd9H+gR9ygA7ZU5HEDKMW4no/x7fadCRjdtNNqaC6cp4kpnwhJfybHdw0DRj
cwIDAQAB
-----END PUBLIC KEY-----

ASN.1 Decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 532147911551066476736865484971603456914598
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11
 . . . . . . . . . . . . [c:0|t:5|false] NULL []
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'R10'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-05-25 10:18:52 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-08-23 10:18:51 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'canafoundation.org'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL []
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 22210192321365821760337501739895710316639744157473274777448359226130683853950907054887710052572447336136798728762422583924057656771937975825723639772246420671698423877871517747938044000076713815762550290815848635164218441052433590816330547608724314036909074557857020373929114248410963246262833151149854740786502750662485037654666847851796753493314106617489669930681308543781627201545647981561283683727699871784570201579237357357528462321486776714895655431166422597209987228205892686333427158046040860116084907940521445687502242777297347096126899732366253452770459419921136280344341082057129172043340662226596790559603
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							664dff9bc9681c883e627c7e6c9ddabecfad3359
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName bbbcc347a5e4bca9c6c3a4720c108da235e1c8e8
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (39 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r10.i.lencr.org/'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (46 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'canafoundation.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.canafoundation.org'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (39 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r10.c.lencr.org/39.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (246 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (243 bytes)
							00f1007700dddcca3495d7e11605e79532fac79ff83d1c50dfdb003a1412760a2cacbbc82a00000197072964cf0000040300483046022100e4ea8dabcac9a4e848ac3df22106a5dbb70e71a499f9f2d270ccad002b54974a0221009e4a6184a1b42a1063eccb23d3a53d6173916ebdb4c4eb301d8044dba39ba0f9007600af181a28d68ca3e0a98a4c9c67ab09f8bbbc22baaebcb138a3a19dd3f9b6030d0000019707296737000004030047304502203c2455514db56f418aa74fdc7db9e47633cf56f9d41e2bd93fc29e83ef22b1780221008aba4a538c497fe0b1b8d6ed46bf58b8dc7e4fc2ac9f0e266fe402a1834bfca8
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11
 . . . . . . . . [c:0|t:5|false] NULL []
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00b510dc362093cb30c5ab618ad8bde2a7e95e6bf88050d4b97a1236eaeea320a5f8c1584ea717fcf6359e06da6104cd0767f583dc0af3a8300dda587a8728d8a218e8f5c764cfd4eb531f98d8fb472e42a52f44c021469476274227a444cb099c17ff58f8f11d50c0cd05fbcb013313a1e4504d287fc6a615f54afd8636568a8cad1f3291c33e65d81b0a34347abde1e0904265e473daa73197de933c0c59a8d34d53da2929c9ab028f6d8aac49a464e3ecf4c575f4ec6c01f990dfde90fd145bc56403803b897c7a3561fd7501f066f50ac03a7a96bf6e3e5176f05b92ecf35e6b347036b35027955bd9847f4a6a6fc13b07f96ce53e79bda3e1294116d4e7f9