rfl.is
Issued by R3
About this certificate
This digital certificate with serial number 03:e3:91:53:ad:6c:bc:00:84:97:ad:6f:f2:56:f7:a3:69:44 was issued on by Let's Encrypt.
With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)
Certificate Subject
CN=rfl.is
Let's Encrypt
Organization:
Let's Encrypt
Country:
US
This certificate has expire since
Certificate Details
Serial Number (hex): 03:e3:91:53:ad:6c:bc:00:84:97:ad:6f:f2:56:f7:a3:69:44Serial Number (int): 338774127623833529129598230693312446294340
Serial Number lenght: 138 bits, 18 octets
SubjectKeyId: 9f:8c:e2:c0:86:e0:17:13:96:14:cb:75:29:93:43:bd:0c:e4:a2:a5
AuthorityKeyId: 14:2e:b3:17:b7:58:56:cb:ae:50:09:40:e6:1f:af:9d:8b:14:c2:c6
Fingerprint (sha1): 21:7b:c3:59:0c:54:7a:67:8c:1d:8b:e8:11:49:9a:fb:12:7d:43:e4
Fingerprint (sha256): 06:34:c7:b4:ee:19:4c:be:e0:a6:47:7c:4e:a7:bc:cf:36:e2:3c:8a:45:dc:72:8d:d6:b5:90:bf:42:4f:b4:ee
Issuing Certificate URL: http://r3.i.lencr.org/
Revocation information
OCSP Server: http://r3.o.lencr.orgCheck the revocation status for certificate rfl.is
2
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for rfl.is
Public Key Algorithm
RSA
Key Size
3072
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
9 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
rfl.is
www.rfl.is
www.rfl.is
Other certificates including the domain name rfl.is
(limited to 100 certificates)
Certificate
The complete raw certificate details for rfl.is in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIFZjCCBE6gAwIBAgISA+ORU61svACEl61v8lb3o2lEMA0GCSqGSIb3DQEBCwUA MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD EwJSMzAeFw0yMzA5MDgwODAyMDFaFw0yMzEyMDcwODAyMDBaMBExDzANBgNVBAMT BnJmbC5pczCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAI+VtBJyeJAY s8UjoLlPclQWAvxXxca8TiJLAFv9VeVjd2/Pl2ovNtfd/xDW3lo7O9EpUqIhIBeg 8nAwHnMoGYGFi942Jpk7CjvhwuGOm6/MSMYM+G7l5ZdomV9WgIDwx0OH4I5iyqA1 06Ozrixzf1HZVqmHewPmzKXZZ0VAWsrlh/p/U9brVZNqsMGi8GPWWLxCWn/QiN0F 2HoCDMEuLMznYKuaNJelqShLnlRG2J4ZllycCmp58vc6GcVzzg0hhDmXx6TsKrB1 lbVOuiNMtMCh7qOt6k5GOAtKl6PSiYJhzr2TYfWlm3M1y40TFECvLjXatNXZhIkQ iIN+B4rtH3ewruAEFEwEZ8teGLRwin3D2E+5V+yA2PRID/PPCaDlALv2wJ0A22lD o1sHwSrlohEh5yc5E0bp/b5uqpJDE7YWrqckk7w0Zn/z4MY686dacgO7Wu5ywAsD yzXYsh+1LnGy9mNy2iAjvgxRRMLZKIIw5TKhTmqaCalHjOvfYH7PbwIDAQABo4IC FTCCAhEwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF BQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSfjOLAhuAXE5YUy3Upk0O9DOSi pTAfBgNVHSMEGDAWgBQULrMXt1hWy65QCUDmH6+dixTCxjBVBggrBgEFBQcBAQRJ MEcwIQYIKwYBBQUHMAGGFWh0dHA6Ly9yMy5vLmxlbmNyLm9yZzAiBggrBgEFBQcw AoYWaHR0cDovL3IzLmkubGVuY3Iub3JnLzAdBgNVHREEFjAUggZyZmwuaXOCCnd3 dy5yZmwuaXMwEwYDVR0gBAwwCjAIBgZngQwBAgEwggEFBgorBgEEAdZ5AgQCBIH2 BIHzAPEAdwC3Pvsk35xNunXyOcW6WPRsXfxCz3qfNcSeHQmBJe20mQAAAYp0Btw8 AAAEAwBIMEYCIQD5KPGyHj4jiXZgHqw/D1iuEmDFS7h6/UfU18K60XKZCQIhAKU3 gH8CUBEuK6DxhjwsNEMVdiGgpDIsL+w6gstte7CjAHYA6D7Q2j71BjUy51covIlr yQPTy9ERa+zraeF3fW0GvW4AAAGKdAbcMwAABAMARzBFAiA6WssauXgjXJ/DaXvJ UyT8XiyO+GAFwXguc7bE9A7CoAIhAOKn5TttwD6/3yjOUYX2p7MnU/nVeE6F+SHh jSRIclCrMA0GCSqGSIb3DQEBCwUAA4IBAQAdu8qY3DKfn0jPw+ZGzTY0dKyyZDl/ gvdJDy5IhMCPMnAQv2fI65Pou2+aZfOxw2dR4jxt4JEvEoFw653Ywn4BY54h1zU1 FWlkGHDxoRs3XXuxrcw4TmH97VvBMmRjdKk6NU1kFVhFyHQbm3ENGNhWHTn84U0F gIvBq1qQEHYpnvcB7ebDQgYO5Pz0GVp746jU2rLuRM0g7KS3PnScq+A3fWg/wJpL 0iwoHjpKjS8/fY+QKf9PwkRLhpeSMPvyM2oNPMZoy1xFtSpiwgIz24EGst2wEEq1 XhVsWejVdf4OMAd5tLB5zhVB4Gm2YfRobrlPrJnSzfCuANd6ni/7T+dR -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAj5W0EnJ4kBizxSOguU9y VBYC/FfFxrxOIksAW/1V5WN3b8+Xai82193/ENbeWjs70SlSoiEgF6DycDAecygZ gYWL3jYmmTsKO+HC4Y6br8xIxgz4buXll2iZX1aAgPDHQ4fgjmLKoDXTo7OuLHN/ UdlWqYd7A+bMpdlnRUBayuWH+n9T1utVk2qwwaLwY9ZYvEJaf9CI3QXYegIMwS4s zOdgq5o0l6WpKEueVEbYnhmWXJwKanny9zoZxXPODSGEOZfHpOwqsHWVtU66I0y0 wKHuo63qTkY4C0qXo9KJgmHOvZNh9aWbczXLjRMUQK8uNdq01dmEiRCIg34Hiu0f d7Cu4AQUTARny14YtHCKfcPYT7lX7IDY9EgP888JoOUAu/bAnQDbaUOjWwfBKuWi ESHnJzkTRun9vm6qkkMTthaupySTvDRmf/Pgxjrzp1pyA7ta7nLACwPLNdiyH7Uu cbL2Y3LaICO+DFFEwtkogjDlMqFOapoJqUeM699gfs9vAgMBAAE= -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 338774127623833529129598230693312446294340 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'R3' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-09-08 08:02:01 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-12-07 08:02:00 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'rfl.is' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3184 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 3258480439549620508605433154133487374536181187920350896141360406047023152939619973044335948151233091556152587149502890922126990714060033873823279942919967045216772908066674309136866709207712039778180376307227194760747403381494131586025449070746565861484159318881573582834489918411357013822945330157265228261381677940558718094914745509990593465024168524364762240137011607103264422052274144301654941412793718735860547549641957352670181122849658948930347596274434404813227560346101932741036780731654799496401218312380479206340600897260271408264834865721099091280167476122150979110711457807720830093662363488219339466152098818281615477589892676115565164826648005969338316980863000148790454769450030118748489761151555292925509329912796148281009049935257051049091571754633868630478501426427799418069801565627076476436477363757100844783799925111359128716398667139368626465869126531422530613856251304764042359312926421458194632986479 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) 9f8ce2c086e017139614cb75299343bd0ce4a2a5 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 142eb317b75856cbae500940e61faf9d8b14c2c6 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (73 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.o.lencr.org' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.i.lencr.org/' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'rfl.is' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.rfl.is' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (246 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (243 bytes) 00f1007700b73efb24df9c4dba75f239c5ba58f46c5dfc42cf7a9f35c49e1d098125edb4990000018a7406dc3c0000040300483046022100f928f1b21e3e238976601eac3f0f58ae1260c54bb87afd47d4d7c2bad1729909022100a537807f0250112e2ba0f1863c2c3443157621a0a4322c2fec3a82cb6d7bb0a3007600e83ed0da3ef5063532e75728bc896bc903d3cbd1116beceb69e1777d6d06bd6e0000018a7406dc33000004030047304502203a5acb1ab978235c9fc3697bc95324fc5e2c8ef86005c1782e73b6c4f40ec2a0022100e2a7e53b6dc03ebfdf28ce5185f6a7b32753f9d5784e85f921e18d24487250ab . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 001dbbca98dc329f9f48cfc3e646cd363474acb264397f82f7490f2e4884c08f327010bf67c8eb93e8bb6f9a65f3b1c36751e23c6de0912f128170eb9dd8c27e01639e21d735351569641870f1a11b375d7bb1adcc384e61fded5bc132646374a93a354d64155845c8741b9b710d18d8561d39fce14d05808bc1ab5a901076299ef701ede6c342060ee4fcf4195a7be3a8d4dab2ee44cd20eca4b73e749cabe0377d683fc09a4bd22c281e3a4a8d2f3f7d8f9029ff4fc2444b86979230fbf2336a0d3cc668cb5c45b52a62c20233db8106b2ddb0104ab55e156c59e8d575fe0e300779b4b079ce1541e069b661f4686eb94fac99d2cdf0ae00d77a9e2ffb4fe751