store.nba.com

Issued by R3

About this certificate

This digital certificate with serial number 04:42:d5:d8:db:cb:d9:9e:29:92:79:ca:0e:fd:69:0a:35:59 was issued on by Let's Encrypt.

This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Certificate Subject

CN=store.nba.com

Let's Encrypt

Organization: Let's Encrypt
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 04:42:d5:d8:db:cb:d9:9e:29:92:79:ca:0e:fd:69:0a:35:59
Serial Number (int): 371192031501044925422615836234656994964825
Serial Number lenght: 139 bits, 18 octets

SubjectKeyId: ee:c7:07:fe:53:f9:b8:3b:f3:73:4d:2f:7f:58:86:fe:8e:98:02:e6
AuthorityKeyId: 14:2e:b3:17:b7:58:56:cb:ae:50:09:40:e6:1f:af:9d:8b:14:c2:c6

Fingerprint (sha1): a8:04:b8:c2:fd:78:2a:0e:f9:e1:45:3d:1b:8b:80:10:2f:26:3b:26
Fingerprint (sha256): 03:91:28:ad:2f:25:99:72:23:36:a7:81:0d:30:2d:48:b6:81:fd:ce:a0:6e:13:9d:42:eb:7d:82:31:1f:ab:2f

Issuing Certificate URL: http://r3.i.lencr.org/

Revocation information

OCSP Server: http://r3.o.lencr.org

Check the revocation status for certificate store.nba.com

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for store.nba.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

store.nba.com

Other certificates including the domain name nba.com

(limited to 100 certificates)
sp.gosanangelo.com
www-all.nba.com
secure.nba.com
global.nba.com
classroom.nba.com
allball.blogs.nba.com
takrun.org
stage.nba.com
hk.nba.com
cmp.channelpartner.de
store.nba.com
google-videos-qa.nba.com
nbaevents.nba.com
ct-sand.nba.com
r2.shared.global.fastly.net
audience.nba.com
webmail.hk.nba.com
google-videos-dev.nba.com
sdc.turner.com
www-all.nba.com
fidelity.nba.com
on.nba.com
ca.nba.com
nbafantasy.nba.com
fantasy.india.nba.com
nba.com
mvpvote.nba.com
sni330fgl.wpc.edgecastcdn.net
a.data.nba.com
techtips.nba.com
audience.nba.com
madants.gleague.nba.com
r2.shared.global.fastly.net
esinniobiwaquareeb.live
nba.com
store.nba.com
account-staging.nba.com
account.nba.com
play.nba.com
sdc.turner.com
www-all.nba.com
hk.nba.com
store.nba.com
*.nba.com
nba.com
nbae-support.nba.com
*.global.nba.com
*.nba.com
sni330fgl.wpc.edgecastcdn.net
google-videos-qa.nba.com
polls.turner.com
hk.nba.com
aspera.nba.com
exec.nba.com
webmail.sh.nba.com
returns.store.nba.com
www.turner.com
teamvideo.nba.com
ik.imagekit.io
dleaguestore.nba.com
akamai-san88.exacttarget.com
www-all.nba.com
dev.turner.com
vpnsh.nba.com
lrmedia.nba.com
vegasexpo.nba.com
www.sidekick.management
ik.imagekit.io
assets.nba.com
r2.shared.global.fastly.net
nbafantasy.nba.com
www.vegasexpo.nba.com
checkin.nba.com
*.internal.nba.com
sa1gl.wpc.edgecastcdn.net
www.turner.com
picks.nba.com
ct.nba.com
ik.imagekit.io
centercourtlive.nba.com
sdc.turner.com
audience.lab.nba.com
*.nba.com
*.nba.com
stage.nba.com
vpnhk.nba.com
consent.planetradio.co.uk
emediate.com.br
google-videos-qa.nba.com
global.nba.com
content.nba.com
gr.leaguepass.nba.com
stage.nba.com
smetrics.global.nba.com
nbaevents.nba.com
www.docsupport.nba.com
mydepartment.nba.com
audience.lab.nba.com
exec.nba.com
photostore.nba.com

Certificate

The complete raw certificate details for store.nba.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIE5zCCA8+gAwIBAgISBELV2NvL2Z4pknnKDv1pCjVZMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yNDAyMDMwMzU3MzdaFw0yNDA1MDMwMzU3MzZaMBgxFjAUBgNVBAMT
DXN0b3JlLm5iYS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCx
xw3AJR11xoBXxPl/mVhrpt10z9j1GF2Zklq+h5vz+NxaNmLUpir4ucd0l7Y+7XMq
XErv0/3BeXB9HunbG1YgbntuQzuChsCTAoakNMuQEsYRRzf4rSS1crkgUsys4VTO
85b3VF3CsNlMtuWSEEfD0tMx+QOaM2CNR9Ki46x8dKv7S1jQ3La66Ou3uOl3blxb
2r5kO35O+HmI4ANTSwecHCSLjJkKe5r4GnI+OtuFDC1Izb377Koh8lWKWwr9rbMt
ewuDifXUOZDUWPpuFvESmKcuanyhlxcJo/fsSv33kYOjfoQSaKUoeioIWDKc1+cx
5q3s3IgNYCXP6JVvTsm/AgMBAAGjggIPMIICCzAOBgNVHQ8BAf8EBAMCBaAwHQYD
VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0O
BBYEFO7HB/5T+bg783NNL39Yhv6OmALmMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJ
QOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3Iz
Lm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcv
MBgGA1UdEQQRMA+CDXN0b3JlLm5iYS5jb20wEwYDVR0gBAwwCjAIBgZngQwBAgEw
ggEEBgorBgEEAdZ5AgQCBIH1BIHyAPAAdwA7U3d1Pi25gE6LMFsG/kA7Z9hPw/TH
vQANLXJv4frUFwAAAY1tVE0iAAAEAwBIMEYCIQDbBuLdCLlRCA2QyBRUBuaQxa9B
04fyhFwhGjlD4cIWmwIhAOI8DglhKHiFTbFXUac+9TBSw/W306RGDH2IxrVef296
AHUAdv+IPwq2+5VRwmHM9Ye6NLSkzbsp3GhCCp/mZ0xaOnQAAAGNbVRNgAAABAMA
RjBEAiBWpU7fwAsTcoi1KcvHoa2ZyW4fGYUmjFjUNTicYw9EAAIgZTy1mc+fC2SK
Rh60fFvSJD6lJkMb/5oPZJoWwRmCpOMwDQYJKoZIhvcNAQELBQADggEBAJLF68EE
y9eIAMad1sVcJtJ87cwACOJSXzHMSswUrhXHMRhEU32umJaGaw6pg2Vd80P0YffV
V9ILjzKPdXkiKKMxgm93okpwgCglcFD0y7S7iAQYhGF1LLPuJQmtK2XNE++dFR91
Fx+AZD8AWncAojNY8gaqTh7cU1G9P8B9C02V98MBIXEf+OGhnMDW5iXGFePN5opB
vkCUn8T7BcAMLpycH+8Z3XevNb7X/yT0qBYsVGbG4xeg9jRaktrjPx9E/Au0UY2u
0/yZ0CRg4C11HHOjZO5z/EspuSDIJJ5Pt4voj+riS6Iv4jIO7CSGKfqzHpNjtB78
V1/aZndI67xoe2Q=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsccNwCUddcaAV8T5f5lY
a6bddM/Y9RhdmZJavoeb8/jcWjZi1KYq+LnHdJe2Pu1zKlxK79P9wXlwfR7p2xtW
IG57bkM7gobAkwKGpDTLkBLGEUc3+K0ktXK5IFLMrOFUzvOW91RdwrDZTLblkhBH
w9LTMfkDmjNgjUfSouOsfHSr+0tY0Ny2uujrt7jpd25cW9q+ZDt+Tvh5iOADU0sH
nBwki4yZCnua+BpyPjrbhQwtSM29++yqIfJVilsK/a2zLXsLg4n11DmQ1Fj6bhbx
EpinLmp8oZcXCaP37Er995GDo36EEmilKHoqCFgynNfnMeat7NyIDWAlz+iVb07J
vwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 371192031501044925422615836234656994964825
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'R3'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-02-03 03:57:37 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-05-03 03:57:36 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'store.nba.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 22442337023309649981888441635059716295186324636965703680542177387346519006585923544648872924031125717132317190901526764699166983817179067681819051843099158279503049459426388240819737503557100511116925367963631782431255558764237199539681827293807938371720041937231136163719765436004829180648972101673274874418042845443632088079693357842993918920295085439542138653771783885563201447742573972872852961913121587792150440085611788819102398953326624813945043393272315712049520410862200449290300212442277974119188795767335188768681811527759071610217929821334080136526457157450012431311273714727945330770054880038879765645759
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							eec707fe53f9b83bf3734d2f7f5886fe8e9802e6
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 142eb317b75856cbae500940e61faf9d8b14c2c6
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (73 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.o.lencr.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.i.lencr.org/'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (17 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'store.nba.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (245 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (242 bytes)
							00f00077003b5377753e2db9804e8b305b06fe403b67d84fc3f4c7bd000d2d726fe1fad4170000018d6d544d220000040300483046022100db06e2dd08b951080d90c8145406e690c5af41d387f2845c211a3943e1c2169b022100e23c0e09612878854db15751a73ef53052c3f5b7d3a4460c7d88c6b55e7f6f7a00750076ff883f0ab6fb9551c261ccf587ba34b4a4cdbb29dc68420a9fe6674c5a3a740000018d6d544d800000040300463044022056a54edfc00b137288b529cbc7a1ad99c96e1f1985268c58d435389c630f44000220653cb599cf9f0b648a461eb47c5bd2243ea526431bff9a0f649a16c11982a4e3
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		0092c5ebc104cbd78800c69dd6c55c26d27cedcc0008e2525f31cc4acc14ae15c7311844537dae9896866b0ea983655df343f461f7d557d20b8f328f75792228a331826f77a24a708028257050f4cbb4bb8804188461752cb3ee2509ad2b65cd13ef9d151f75171f80643f005a7700a23358f206aa4e1edc5351bd3fc07d0b4d95f7c30121711ff8e1a19cc0d6e625c615e3cde68a41be40949fc4fb05c00c2e9c9c1fef19dd77af35bed7ff24f4a8162c5466c6e317a0f6345a92dae33f1f44fc0bb4518daed3fc99d02460e02d751c73a364ee73fc4b29b920c8249e4fb78be88feae24ba22fe2320eec248629fab31e9363b41efc575fda667748ebbc687b64