DV SSL/TLS Certificate for sagitalas.nl

Certificate is witin its validity period

Issued by Let's Encrypt (R10)

About the sagitalas.nl DV SSL/TLS Certificate

This certificate with serial number 05:d8:a8:f3:63:14:d8:6b:1d:6d:b5:3c:35:89:a1:90:7f:63 for sagitalas.nl was issued on by Let's Encrypt.

With 2 subject alternative names, this certificate can be used to secure multiple FQDNs. This DV SSL/TLS Certificate is currently within its validity period but we haven't checked the revocation status of this certificate, you can do this simply on revocationcheck.com. We have found some issues with the compliance of this certificate, they are be shown below. We hope this DV SSL/TLS Certificate review for sagitalas.nl provides you with the detailed information you were looking for.


We have identified some issues with this certificate:
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Let's Encrypt

Organization: Let's Encrypt
Country: US

This X.509 certificate will expire on

Certificate Details

Serial Number (hex): 05:d8:a8:f3:63:14:d8:6b:1d:6d:b5:3c:35:89:a1:90:7f:63
Serial Number (int): 509286994954762523438927135716614102613859
Serial Number Length: 139 bits, 18 octets

Subject Key Identifier: aa:5e:cb:5f:b3:02:eb:c7:f9:0f:b4:0b:78:17:ac:12:78:06:44:31
Authority Key Identifier: bb:bc:c3:47:a5:e4:bc:a9:c6:c3:a4:72:0c:10:8d:a2:35:e1:c8:e8

Fingerprint (SHA-1): d6:9f:5d:8b:8b:af:10:db:84:10:d9:d2:83:81:11:75:0c:81:3f:bb
Fingerprint (SHA-256): ce:ff:a2:55:8d:0e:8c:2b:bd:ca:d2:a2:1d:09:81:e5:31:48:56:2e:0a:de:a6:ec:2b:b6:fb:ec:94:f6:bc:12

Issuing Certificate URL: http://r10.i.lencr.org/

Revocation Information

CRL Distribution Point: http://r10.c.lencr.org/100.crl

Check the revocation status for certificate sagitalas.nl
2
DNS Names
0
Email Addresses
0
IP Addresses

Advanced Certificate Properties

Technical details of the X.509 certificate for sagitalas.nl

Public Key Algorithm
RSA
Key Size
4096
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
10
CA Certificate
This is not a CA certificate

Subject Alternative Names

X.509 Certificate

The complete raw X.509 certificate details for sagitalas.nl in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIGBzCCBO+gAwIBAgISBdio82MU2GsdbbU8NYmhkH9jMA0GCSqGSIb3DQEBCwUA
MDMxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQwwCgYDVQQD
EwNSMTAwHhcNMjUwNTEzMDAxMTUzWhcNMjUwODExMDAxMTUyWjAXMRUwEwYDVQQD
EwxzYWdpdGFsYXMubmwwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC9
lAonsipjqrA0JvzdvpnagaKbJ++MVvcQCBj5qR88GoViND0dsXifuuGSC6sJ0E3K
mnCTi8d643CD4RNpbilUbtgCJzY2L23+zIbu1u+OKRa09Qe/nqy3R9aDeNC1Nze+
EpKFABlL1HqZpXYglDiMI+ZD0SkOaA4uPX6kPgromgR7mfsMW+QZadUz+S7jESgI
rCG2e+qWOV/Eqxr0pFyHDyaRXsN4jbIsIsrRjED1s1SSfNl5NmBFoF/69KcD+Quo
OtFj/WKW/0+7J2y09QBOrITQXICoELHUfO47O/MfvA4cczva8h/+aR1NDda5Hviz
RR1d44Hv9X9Jks4gDorthx5gDaDfbgwlyhQI0ePKTjiNLJk16dFbTgO/mblFO6C3
vGZ5byDNSZV3fAuZrDUV7hJXP1OiB2lo7GNA7vBPFwrNrbAr03DHXDBpthrK0K3Z
vsHm3TFeh9cySCsPuZbkBdgg99iGLdh7lbXBbodP8+8gmID1wOucONUn91cEKpnh
GpmANF3+c5IBtMb1mdNPFmG1ruBxJd3nmgIQWTpSHdKydswmPaiJ4IWS1O2WDAjM
ZU2lw5g/fQ562ywDnu4X2Wfjhx3EfMpIjqCPbMrmWidUX0uT3yD8EywnD/Fjg0u4
SjCO+ZUnwWd6jERoFoBBYGiWTz8wl//fBInp0OI9SQIDAQABo4ICLzCCAiswDgYD
VR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNV
HRMBAf8EAjAAMB0GA1UdDgQWBBSqXstfswLrx/kPtAt4F6wSeAZEMTAfBgNVHSME
GDAWgBS7vMNHpeS8qcbDpHIMEI2iNeHI6DAzBggrBgEFBQcBAQQnMCUwIwYIKwYB
BQUHMAKGF2h0dHA6Ly9yMTAuaS5sZW5jci5vcmcvMCkGA1UdEQQiMCCCDHNhZ2l0
YWxhcy5ubIIQd3d3LnNhZ2l0YWxhcy5ubDATBgNVHSAEDDAKMAgGBmeBDAECATAv
BgNVHR8EKDAmMCSgIqAghh5odHRwOi8vcjEwLmMubGVuY3Iub3JnLzEwMC5jcmww
ggEEBgorBgEEAdZ5AgQCBIH1BIHyAPAAdgCvGBoo1oyj4KmKTJxnqwn4u7wiuq68
sTijoZ3T+bYDDQAAAZbHMWIcAAAEAwBHMEUCIQDibD13nY983s2bYdu7qSnxmje1
WESLC9DhbR1I/K2ELwIgKbQg2OpwiKQ/CKpV/Hh7Ho8B8wLIpxPIRlorbNROGaEA
dgCkQsUGSWBhVI8P1Oqc+3otJkVNh6l/L99FWfYnTzqEVAAAAZbHMWX2AAAEAwBH
MEUCIFHM9vga8yTik1T4vjWCl9OfZzV0jjlJgAYR6tZsDM3bAiEApBJ6bxIcRRtJ
kzi6rp0esNMs2zpVqbZreA6CNZS20rswDQYJKoZIhvcNAQELBQADggEBAHX1pL9H
lgMuAs7Z+dMi2W/Zb3M5pqeJDK8aTK7UP81t52ztSrdRXfHyfjUKa4+6EiwY/Yg/
6yNWy+UVm9L+wV2cxfBtnYuZnEmcF8oDLOTimp8v8ek7nMBZSwQ77SJUWs0XILCT
qpyaz7D0bv72ljI5myhrwIc/xxx5+ksctEAkeQUe80WBaExr+T7fjNBVfoxLmmXW
Col+R3BhmOizfXIJ8sZYWPWoxyIElnhVQdgn/8RRUZJT74ZJlH5FlVd3ANLSxtFX
4D+CdgZncMnoG383pGzZIUsNAaWnpWt8bWm9hcIK5CRzv9Kq+ZlienJS2i2krLQL
+7g/bCOeJAYPkAw=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvZQKJ7IqY6qwNCb83b6Z
2oGimyfvjFb3EAgY+akfPBqFYjQ9HbF4n7rhkgurCdBNyppwk4vHeuNwg+ETaW4p
VG7YAic2Ni9t/syG7tbvjikWtPUHv56st0fWg3jQtTc3vhKShQAZS9R6maV2IJQ4
jCPmQ9EpDmgOLj1+pD4K6JoEe5n7DFvkGWnVM/ku4xEoCKwhtnvqljlfxKsa9KRc
hw8mkV7DeI2yLCLK0YxA9bNUknzZeTZgRaBf+vSnA/kLqDrRY/1ilv9PuydstPUA
TqyE0FyAqBCx1HzuOzvzH7wOHHM72vIf/mkdTQ3WuR74s0UdXeOB7/V/SZLOIA6K
7YceYA2g324MJcoUCNHjyk44jSyZNenRW04Dv5m5RTugt7xmeW8gzUmVd3wLmaw1
Fe4SVz9TogdpaOxjQO7wTxcKza2wK9Nwx1wwabYaytCt2b7B5t0xXofXMkgrD7mW
5AXYIPfYhi3Ye5W1wW6HT/PvIJiA9cDrnDjVJ/dXBCqZ4RqZgDRd/nOSAbTG9ZnT
TxZhta7gcSXd55oCEFk6Uh3SsnbMJj2oieCFktTtlgwIzGVNpcOYP30OetssA57u
F9ln44cdxHzKSI6gj2zK5lonVF9Lk98g/BMsJw/xY4NLuEowjvmVJ8FneoxEaBaA
QWBolk8/MJf/3wSJ6dDiPUkCAwEAAQ==
-----END PUBLIC KEY-----

ASN.1 Decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 509286994954762523438927135716614102613859
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11
 . . . . . . . . . . . . [c:0|t:5|false] NULL []
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'R10'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-05-13 00:11:53 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-08-11 00:11:52 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'sagitalas.nl'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL []
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 773411905239608116287091977620734823658865909426681511192888934708807845221003012700221444835171173793014943193843293018767982890441736836117548556927124473699043132551105653895524777609893792141837134367318322281491064540609434175459510595305216492804504367252919221270930266867694324853081068617542759381174096553393344094807924568952803694697354293069142638287930282949802129225195616707633409716897708718759202921174270235371858927572116599401188392934232871078034367302346624907482141260200637289561108196957463081758213088315644368527464764343779435025449627023267710668973900639251918595214911255534624534370954902071164771254931862501405874806799785190100146469028635178771042660913694759339220446797786549148237138281095223226367025675734077793769853919410297661632411053000535391144230026330783523613805045170083683828410315428325188081711275542203076122448740732390064977187104919203898021412026666517950195459479853997031714730528109059317553634412816216024421212689970787098060354736077509392860031897262690920795119779349723949459036968357323156616756339628892253388539516056518780259613274714237489984204011081000055926475068957161705607932124697945447418459503768442831359442399069055322731887286424458535312952540489
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							aa5ecb5fb302ebc7f90fb40b7817ac1278064431
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName bbbcc347a5e4bca9c6c3a4720c108da235e1c8e8
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (39 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r10.i.lencr.org/'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (34 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'sagitalas.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.sagitalas.nl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (40 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r10.c.lencr.org/100.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (245 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (242 bytes)
							00f0007600af181a28d68ca3e0a98a4c9c67ab09f8bbbc22baaebcb138a3a19dd3f9b6030d00000196c731621c0000040300473045022100e26c3d779d8f7cdecd9b61dbbba929f19a37b558448b0bd0e16d1d48fcad842f022029b420d8ea7088a43f08aa55fc787b1e8f01f302c8a713c8465a2b6cd44e19a1007600a442c506496061548f0fd4ea9cfb7a2d26454d87a97f2fdf4559f6274f3a845400000196c73165f60000040300473045022051ccf6f81af324e29354f8be358297d39f6735748e3949800611ead66c0ccddb022100a4127a6f121c451b499338baae9d1eb0d32cdb3a55a9b66b780e823594b6d2bb
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11
 . . . . . . . . [c:0|t:5|false] NULL []
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		0075f5a4bf4796032e02ced9f9d322d96fd96f7339a6a7890caf1a4caed43fcd6de76ced4ab7515df1f27e350a6b8fba122c18fd883feb2356cbe5159bd2fec15d9cc5f06d9d8b999c499c17ca032ce4e29a9f2ff1e93b9cc0594b043bed22545acd1720b093aa9c9acfb0f46efef69632399b286bc0873fc71c79fa4b1cb4402479051ef34581684c6bf93edf8cd0557e8c4b9a65d60a897e47706198e8b37d7209f2c65858f5a8c7220496785541d827ffc451519253ef8649947e4595577700d2d2c6d157e03f8276066770c9e81b7f37a46cd9214b0d01a5a7a56b7c6d69bd85c20ae42473bfd2aaf999627a7252da2da4acb40bfbb83f6c239e24060f900c