DV SSL/TLS Certificate for nestoria.com.br

Certificate is witin its validity period

Issued by Let's Encrypt (R11)

About the nestoria.com.br DV SSL/TLS Certificate

This certificate with serial number 05:2a:bf:be:7d:d6:be:bc:72:84:31:43:42:3b:2d:96:14:f8 for nestoria.com.br was issued on by Let's Encrypt.

With 5 subject alternative names, this certificate can be used to secure multiple FQDNs. This DV SSL/TLS Certificate is currently within its validity period but we haven't checked the revocation status of this certificate, you can do this simply on revocationcheck.com. We have found some issues with the compliance of this certificate, they are be shown below. We hope this DV SSL/TLS Certificate review for nestoria.com.br provides you with the detailed information you were looking for.


We have identified some issues with this certificate:
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Let's Encrypt

Organization: Let's Encrypt
Country: US

This X.509 certificate will expire on

Certificate Details

Serial Number (hex): 05:2a:bf:be:7d:d6:be:bc:72:84:31:43:42:3b:2d:96:14:f8
Serial Number (int): 450108160705393746452775092338003491034360
Serial Number Length: 139 bits, 18 octets

Subject Key Identifier: 14:e1:55:af:64:85:a4:cb:ad:0c:8e:cb:2f:ac:17:51:b4:2e:d9:38
Authority Key Identifier: c5:cf:46:a4:ea:f4:c3:c0:7a:6c:95:c4:2d:b0:5e:92:2f:26:e3:b9

Fingerprint (SHA-1): 63:36:43:57:3b:83:7f:ee:9f:44:64:39:6c:a8:1b:4e:b1:06:03:17
Fingerprint (SHA-256): c7:61:66:f7:6d:4f:bd:91:90:b4:01:e0:10:92:96:5f:10:aa:a2:3a:dc:ee:62:80:2d:93:87:5d:cf:03:9c:18

Issuing Certificate URL: http://r11.i.lencr.org/

Revocation Information

CRL Distribution Point: http://r11.c.lencr.org/121.crl

Check the revocation status for certificate nestoria.com.br
5
DNS Names
0
Email Addresses
0
IP Addresses

Advanced Certificate Properties

Technical details of the X.509 certificate for nestoria.com.br

Public Key Algorithm
RSA
Key Size
2048
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
10
CA Certificate
This is not a CA certificate

Subject Alternative Names

X.509 Certificate

The complete raw X.509 certificate details for nestoria.com.br in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIFUzCCBDugAwIBAgISBSq/vn3WvrxyhDFDQjstlhT4MA0GCSqGSIb3DQEBCwUA
MDMxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQwwCgYDVQQD
EwNSMTEwHhcNMjUwNTI3MDc0NTI4WhcNMjUwODI1MDc0NTI3WjAaMRgwFgYDVQQD
Ew9uZXN0b3JpYS5jb20uYnIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQCezmAgY0gTG/ujlvt+8FZFzXDnrYArBCeQWYIMA1G3t5Xi5LeKCyrf8vKcXASx
3HnQzIGQpBGsxnLcJa5/10Jg+7z4iRgaoIow9aDEe59Jo/Wkpeug/SW1R0fgV7Zp
2iC5FU49fFpYolVhl1xvNMoeDdYgZTicssy/yrporPj6Id6gU4QmRO3JUNGrNwzZ
fpVbd04xTdnqZLIZM/DMFW+vhYcEyqeq4wwsSngfNvI8DtUbwAYj06aDigvhRHtN
H4k61BM5rl0gVYpr5vGBCn4S7V5wzAKqLffxQb11UC7LChW9e9uCfQcOzb4v4fIZ
R3qAswPX14r5RhLwQoObHrd5AgMBAAGjggJ4MIICdDAOBgNVHQ8BAf8EBAMCBaAw
HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYD
VR0OBBYEFBThVa9khaTLrQyOyy+sF1G0Ltk4MB8GA1UdIwQYMBaAFMXPRqTq9MPA
emyVxC2wXpIvJuO5MDMGCCsGAQUFBwEBBCcwJTAjBggrBgEFBQcwAoYXaHR0cDov
L3IxMS5pLmxlbmNyLm9yZy8wcAYDVR0RBGkwZ4ITYXBpLm5lc3RvcmlhLmNvbS5i
coIPbmVzdG9yaWEuY29tLmJyghNyc3MubmVzdG9yaWEuY29tLmJyghVzaGFyZS5u
ZXN0b3JpYS5jb20uYnKCE3d3dy5uZXN0b3JpYS5jb20uYnIwEwYDVR0gBAwwCjAI
BgZngQwBAgEwLwYDVR0fBCgwJjAkoCKgIIYeaHR0cDovL3IxMS5jLmxlbmNyLm9y
Zy8xMjEuY3JsMIIBBgYKKwYBBAHWeQIEAgSB9wSB9ADyAHcApELFBklgYVSPD9Tq
nPt6LSZFTYepfy/fRVn2J086hFQAAAGXEOmrvQAABAMASDBGAiEAyFVLBj+vzNC8
SBQk+0AWkQ9edPVxxiflere3sU4+xQUCIQCPAiVrvn0/3B+oKxA1ruEzndSLImvB
TyyDuyPIGY1pIwB3AA3h8jAr0w3BQGISCepVLvxHdHyx1+kw7w5CHrR+Tqo0AAAB
lxDpq70AAAQDAEgwRgIhAOL2mtxzIZ2TWrM4wS/HbDCzhAXjpQTwoesuUclA9SzO
AiEAskL5CS2grMKgYsVx7kWMrr9gAhOG1BCbMVM2ARZf5ckwDQYJKoZIhvcNAQEL
BQADggEBABRy5UYB8TNAbd8IwEnEr41SpGJv2aZfZfpgpfgC8/OThgb6sG8Eg8xI
M2npj+AAj0FCcKCwLUqQRQVIjLaSzBRPWP/k1sH0UqUdz4p9So+huPYngyS/z7mq
H/W0eaatpwWk/nlq1fGy0jzPF5Qd/90xzVyn1m4wRI4v+xGNwmIo6tPMGwFU6HbY
b1lTZwwNhwvWovHkfIQ3uXZJSzUZqgbu/xo+a8W71A7Tobj3AtMKxIjle8tzaYrJ
kLBRDsJ6FBjf13SP5zRC3qn3QOHggGepZ7+4mFJjww9px6FS1PjR/FQ8m2jRuPAb
BfuWU7oyYG0n3++jM5bbxd2hpcrc2cM=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAns5gIGNIExv7o5b7fvBW
Rc1w562AKwQnkFmCDANRt7eV4uS3igsq3/LynFwEsdx50MyBkKQRrMZy3CWuf9dC
YPu8+IkYGqCKMPWgxHufSaP1pKXroP0ltUdH4Fe2adoguRVOPXxaWKJVYZdcbzTK
Hg3WIGU4nLLMv8q6aKz4+iHeoFOEJkTtyVDRqzcM2X6VW3dOMU3Z6mSyGTPwzBVv
r4WHBMqnquMMLEp4HzbyPA7VG8AGI9Omg4oL4UR7TR+JOtQTOa5dIFWKa+bxgQp+
Eu1ecMwCqi338UG9dVAuywoVvXvbgn0HDs2+L+HyGUd6gLMD19eK+UYS8EKDmx63
eQIDAQAB
-----END PUBLIC KEY-----

ASN.1 Decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 450108160705393746452775092338003491034360
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11
 . . . . . . . . . . . . [c:0|t:5|false] NULL []
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'R11'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-05-27 07:45:28 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-08-25 07:45:27 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'nestoria.com.br'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL []
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 20047419733755233671946026930806370086799103082430864003551120161440944856312981995221943021133338214046921154618806442030316593665743145696488286995606788728321385284922981966637360792507294569954174344249607999989835805838154965708138369710934139668654220573941311198948120165654069357804365252005887152730669110439728698353457552440702354502453572300672208669083873860086607842754117563988135040368630142280328998620520136214417473085282018062326947295522583740516688901011501589975098901319395631789885085246433853996357693532166192830314993526723525722139822526171277742209679476405039392879196544439996940990329
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							14e155af6485a4cbad0c8ecb2fac1751b42ed938
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName c5cf46a4eaf4c3c07a6c95c42db05e922f26e3b9
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (39 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r11.i.lencr.org/'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (105 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'api.nestoria.com.br'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'nestoria.com.br'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'rss.nestoria.com.br'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'share.nestoria.com.br'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.nestoria.com.br'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (40 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r11.c.lencr.org/121.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (247 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (244 bytes)
							00f2007700a442c506496061548f0fd4ea9cfb7a2d26454d87a97f2fdf4559f6274f3a84540000019710e9abbd0000040300483046022100c8554b063fafccd0bc481424fb4016910f5e74f571c627e57ab7b7b14e3ec5050221008f02256bbe7d3fdc1fa82b1035aee1339dd48b226bc14f2c83bb23c8198d69230077000de1f2302bd30dc140621209ea552efc47747cb1d7e930ef0e421eb47e4eaa340000019710e9abbd0000040300483046022100e2f69adc73219d935ab338c12fc76c30b38405e3a504f0a1eb2e51c940f52cce022100b242f9092da0acc2a062c571ee458caebf60021386d4109b31533601165fe5c9
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11
 . . . . . . . . [c:0|t:5|false] NULL []
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		001472e54601f133406ddf08c049c4af8d52a4626fd9a65f65fa60a5f802f3f3938606fab06f0483cc483369e98fe0008f414270a0b02d4a904505488cb692cc144f58ffe4d6c1f452a51dcf8a7d4a8fa1b8f6278324bfcfb9aa1ff5b479a6ada705a4fe796ad5f1b2d23ccf17941dffdd31cd5ca7d66e30448e2ffb118dc26228ead3cc1b0154e876d86f5953670c0d870bd6a2f1e47c8437b976494b3519aa06eeff1a3e6bc5bbd40ed3a1b8f702d30ac488e57bcb73698ac990b0510ec27a1418dfd7748fe73442dea9f740e1e08067a967bfb8985263c30f69c7a152d4f8d1fc543c9b68d1b8f01b05fb9653ba32606d27dfefa33396dbc5dda1a5cadcd9c3