About the pndh.org Certificate
This certificate with serial number 7f:5d:70:10:22:09:ba:ff:f9:06:87:ef:f4:d0:6b:29:59:80:03:7a for pndh.org was issued on by itself (self-signed).
With 2 subject alternative names, this certificate can be used to secure multiple FQDNs. This Certificate is currently within its validity period but we haven't checked the revocation status of this certificate, you can do this simply on revocationcheck.com. We have found some issues with the compliance of this certificate, they are be shown below. We hope this Certificate review for pndh.org provides you with the detailed information you were looking for.
We have identified some issues with this certificate:
- Basic Constraints extension is marked as non-critical basicConstraints MUST appear as a critical extension (RFC 5280: 4.2.1.9)
- Root and Subordinate CA certificates MUST have a countryName present in subject information (BRs: 7.1.2.1)
- Root and Subordinate CA certificate keyUsage extension MUST be present (BRs: 7.1.2.1, RFC 5280: 4.2.1.3)
- Root and Subordinate CA certificates MUST have a organizationName present in subject information (BRs: 7.1.2.1)
- CAs MUST NOT issue certificates that have authority key IDs that include both the key ID and the issuer's issuer name and serial number (Mozilla Root Store Policy / Section 5.2)
- Root CA certificates MUST have Key Usage Extension Present (BRs: 7.1.2.1)