DV SSL/TLS Certificate for for-rest.cz

Certificate is witin its validity period

Issued by Let's Encrypt (R10)

About the for-rest.cz DV SSL/TLS Certificate

This certificate with serial number 05:96:54:d9:3f:c1:6f:0c:0e:b4:92:38:00:9a:fe:10:16:38 for for-rest.cz was issued on by Let's Encrypt.

With 2 subject alternative names, this certificate can be used to secure multiple FQDNs. This DV SSL/TLS Certificate is currently within its validity period but we haven't checked the revocation status of this certificate, you can do this simply on revocationcheck.com. We have found some issues with the compliance of this certificate, they are be shown below. We hope this DV SSL/TLS Certificate review for for-rest.cz provides you with the detailed information you were looking for.


We have identified some issues with this certificate:
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Let's Encrypt

Organization: Let's Encrypt
Country: US

This X.509 certificate will expire on

Certificate Details

Serial Number (hex): 05:96:54:d9:3f:c1:6f:0c:0e:b4:92:38:00:9a:fe:10:16:38
Serial Number (int): 486716567870123445551497338946041565681208
Serial Number Length: 139 bits, 18 octets

Subject Key Identifier: 6a:05:cd:d4:da:96:d9:b4:91:4b:33:12:99:41:b8:3b:d9:18:0c:e3
Authority Key Identifier: bb:bc:c3:47:a5:e4:bc:a9:c6:c3:a4:72:0c:10:8d:a2:35:e1:c8:e8

Fingerprint (SHA-1): f1:c7:17:c4:d4:80:86:5a:25:73:6b:e4:b4:bb:65:df:50:32:04:51
Fingerprint (SHA-256): 1b:21:13:81:4d:4d:a2:7f:8c:bb:4b:df:f8:8a:03:fd:63:36:be:35:99:28:4c:c6:c7:1f:93:81:59:15:e9:1f

Issuing Certificate URL: http://r10.i.lencr.org/

Revocation Information

CRL Distribution Point: http://r10.c.lencr.org/57.crl

Check the revocation status for certificate for-rest.cz
2
DNS Names
0
Email Addresses
0
IP Addresses

Advanced Certificate Properties

Technical details of the X.509 certificate for for-rest.cz

Public Key Algorithm
RSA
Key Size
2048
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
10
CA Certificate
This is not a CA certificate

Subject Alternative Names

X.509 Certificate

The complete raw X.509 certificate details for for-rest.cz in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgISBZZU2T/BbwwOtJI4AJr+EBY4MA0GCSqGSIb3DQEBCwUA
MDMxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQwwCgYDVQQD
EwNSMTAwHhcNMjUwNTIxMTUyMTE3WhcNMjUwODE5MTUyMTE2WjAWMRQwEgYDVQQD
Ewtmb3ItcmVzdC5jejCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL8t
j3Wy3k7IufujvfklgZvNilVRASpbmA7GnHH3WZsyT9n5Mc8QwtKGepLy7/tNxxxf
zSH7GUtzUrXnFxGDtIWhpR3Qo1X8T3PL1IO5bH0Mo/Fle2LR4qx++MyEvNcIULoq
7homV6EIwGsuj1CsXUvHsbUjOZULqfqWlhpFjiVlCmwgJv+jYkqGu0+dDjeRUe5s
3GaLzqYOKoZgyUwJTacY0HGLi/XHPH/sgX8M0hs2ukZkafSU2PQLjCUPwzunOJxG
S8bFw9/3CBMpgsy3Yz8A4ShOB3gs9jPS8Wj72Cif6GMjzwJnpetkucSU3OsmOUq9
61YWZjiaa2w5L0+dYw0CAwEAAaOCAiowggImMA4GA1UdDwEB/wQEAwIFoDAdBgNV
HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4E
FgQUagXN1NqW2bSRSzMSmUG4O9kYDOMwHwYDVR0jBBgwFoAUu7zDR6XkvKnGw6Ry
DBCNojXhyOgwMwYIKwYBBQUHAQEEJzAlMCMGCCsGAQUFBzAChhdodHRwOi8vcjEw
LmkubGVuY3Iub3JnLzAlBgNVHREEHjAcgg0qLmZvci1yZXN0LmN6ggtmb3ItcmVz
dC5jejATBgNVHSAEDDAKMAgGBmeBDAECATAuBgNVHR8EJzAlMCOgIaAfhh1odHRw
Oi8vcjEwLmMubGVuY3Iub3JnLzU3LmNybDCCAQQGCisGAQQB1nkCBAIEgfUEgfIA
8AB2AO08S9boBsKkogBX28sk4jgB31Ev7cSGxXAPIN23Pj/gAAABlvOk0V0AAAQD
AEcwRQIhAMbJ4osrOhB4J/sXybQk8zRlaJDuarYHAa1ZXv7tm2xyAiAF2sPKJLEg
WKbPwtZ2+wlwLuIiEpUJQv9e7PAxTQQYgAB2AA3h8jAr0w3BQGISCepVLvxHdHyx
1+kw7w5CHrR+Tqo0AAABlvOk0WoAAAQDAEcwRQIgDC6JS04ckL7EIKvibE7gxPMX
8ESgBBtczWZxY4O3M1ACIQDljcOKX7g5bOa4rlIEhBHP/TLfP3uEesU1r6tvgq4+
IDANBgkqhkiG9w0BAQsFAAOCAQEARWi4ggRPFFvQ7URjqaMBszInnj1DcOqRgFGV
4Vy98iHpg1ERH0ZviG48GPkJ5l17kmPZdJkqb9XHEypy2L8zq1b74FeYrHFohEWr
pvsydxelKaVjCED38y0eLw2xBvQne2sc4xowbiHBcfOpvDwC83QtuKt43dKlGGF5
44yody4eZ7EDWBiqagEJm18U8jgJ9hOFj33cmXY0lnWGfmv2nZ5PQiDKQd3VG8ZB
btaJ3jZ/zfH8428QDHGxDKAkUOrQmzsIQDuMe2a9A68221+mBwK6sCUnKIPCX0a5
8hPC9QTS8lTb8WYsyLxVsZkp1HT/f7o/eZeb00UrX0y9/2OF3Q==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvy2PdbLeTsi5+6O9+SWB
m82KVVEBKluYDsaccfdZmzJP2fkxzxDC0oZ6kvLv+03HHF/NIfsZS3NStecXEYO0
haGlHdCjVfxPc8vUg7lsfQyj8WV7YtHirH74zIS81whQuiruGiZXoQjAay6PUKxd
S8extSM5lQup+paWGkWOJWUKbCAm/6NiSoa7T50ON5FR7mzcZovOpg4qhmDJTAlN
pxjQcYuL9cc8f+yBfwzSGza6RmRp9JTY9AuMJQ/DO6c4nEZLxsXD3/cIEymCzLdj
PwDhKE4HeCz2M9LxaPvYKJ/oYyPPAmel62S5xJTc6yY5Sr3rVhZmOJprbDkvT51j
DQIDAQAB
-----END PUBLIC KEY-----

ASN.1 Decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 486716567870123445551497338946041565681208
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11
 . . . . . . . . . . . . [c:0|t:5|false] NULL []
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'R10'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-05-21 15:21:17 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-08-19 15:21:16 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'for-rest.cz'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL []
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 24133982914017281707927906395780686557370299493036396105751592954361935669032083248027846580809109653410506396514513193264275020896208311059836283712216686330477347442085779868093279807967610746087120086310145037808455472927176202711527342822613207890854768632687841620192100004077823348947232472131729388694103637351455784260753355351478728851317046320642855678658819123786705306235053642679596903121397772064032478872823259334750442682508474436538953767774004724159726521558617488889484962091243946423205349031988942842670525123173344786891788104459898381448220198245496038650212146167709755751855170684264029971213
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							6a05cdd4da96d9b4914b33129941b83bd9180ce3
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName bbbcc347a5e4bca9c6c3a4720c108da235e1c8e8
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (39 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r10.i.lencr.org/'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (30 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.for-rest.cz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'for-rest.cz'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (39 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r10.c.lencr.org/57.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (245 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (242 bytes)
							00f0007600ed3c4bd6e806c2a4a20057dbcb24e23801df512fedc486c5700f20ddb73e3fe000000196f3a4d15d0000040300473045022100c6c9e28b2b3a107827fb17c9b424f334656890ee6ab60701ad595efeed9b6c72022005dac3ca24b12058a6cfc2d676fb09702ee22212950942ff5eecf0314d0418800076000de1f2302bd30dc140621209ea552efc47747cb1d7e930ef0e421eb47e4eaa3400000196f3a4d16a000004030047304502200c2e894b4e1c90bec420abe26c4ee0c4f317f044a0041b5ccd66716383b73350022100e58dc38a5fb8396ce6b8ae52048411cffd32df3f7b847ac535afab6f82ae3e20
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11
 . . . . . . . . [c:0|t:5|false] NULL []
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		004568b882044f145bd0ed4463a9a301b332279e3d4370ea91805195e15cbdf221e98351111f466f886e3c18f909e65d7b9263d974992a6fd5c7132a72d8bf33ab56fbe05798ac71688445aba6fb327717a529a5630840f7f32d1e2f0db106f4277b6b1ce31a306e21c171f3a9bc3c02f3742db8ab78ddd2a5186179e38ca8772e1e67b1035818aa6a01099b5f14f23809f613858f7ddc9976349675867e6bf69d9e4f4220ca41ddd51bc6416ed689de367fcdf1fce36f100c71b10ca02450ead09b3b08403b8c7b66bd03af36db5fa60702bab025272883c25f46b9f213c2f504d2f254dbf1662cc8bc55b19929d474ff7fba3f79979bd3452b5f4cbdff6385dd