one.afrl.af.mil

Issued by DOD CA-21

About this certificate


This digital certificate with serial number 01:a1:70 was issued on by U.S. Government .

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. While the certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates.

Cerificate errors/warnings *beta

  • ERROR: Certificate contains a CRL with an non-preferred scheme ([ldap])
  • ERROR: localityName or stateOrProvinceName is required if organizationName is set
  • ERROR: stateOrProvinceName is required if organizationName is set

U.S. Government

Organization: U.S. Government
Organization unit: DoD
Organization unit: PKI
Organization unit: USAF
Country: US

U.S. Government

Organization: U.S. Government
Organization unit: DoD
Organization unit: PKI
Country: US

Time since certificate expired

This certificate has expire since

Certificate Details

Serial Number (hex): 01:a1:70
Serial Number (int): 106864
Serial Number lenght: 17 bits, 3 octets

SubjectKeyId: f6:b9:1d:4f:25:57:5b:27:8d:74:83:07:24:e3:df:0c:d0:e5:50:00
AuthorityKeyId: 09:99:13:e2:a3:d5:e7:74:d8:f6:3f:b5:dc:fb:d4:b5:16:ed:4c:d3

Fingerprint (sha1): f5:30:de:a8:e3:9a:18:f6:44:10:55:4f:63:49:de:70:32:b0:b1:7d
Fingerprint (sha256): 1d:73:5a:a1:7f:36:cf:61:e6:6e:2d:37:61:dd:9d:0e:ea:4f:97:1f:31:42:e3:e6:44:49:a0:52:98:4d:ce:44

Issuing Certificate URL: http://crl.disa.mil/sign/DODCA_21.cer

Revocation information

OCSP Server: http://ocsp.disa.mil
CRL Distribution Point: http://crl.disa.mil/crl/DODCA_21.crl
CRL Distribution Point: ldap://crl.gds.disa.mil/cn%3dDOD%20CA-21%2cou%3dPKI%2cou%3dDoD%2co%3dU.S.%20Government%2cc%3dUS?certificaterevocationlist;binary

Check the revocation status for the current certificate on one.afrl.af.mil
2
DNS Names
0
Email Addresses
0
IP Addresses

Advanced Certificate Properties

Technical details about this certificate


Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA1 with RSA



Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Extensions

7 extensions
No unhandled critical extensions



CA Certificate

This is not a CA certificate

Subject Alternative Names

one.afrl.af.mil
*.one.afrl.af.mil

Certificate

The complete raw certificate details in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE----- MIIFFTCCA/2gAwIBAgIDAaFwMA0GCSqGSIb3DQEBBQUAMFcxCzAJBgNVBAYTAlVT MRgwFgYDVQQKEw9VLlMuIEdvdmVybm1lbnQxDDAKBgNVBAsTA0RvRDEMMAoGA1UE CxMDUEtJMRIwEAYDVQQDEwlET0QgQ0EtMjEwHhcNMTExMDA0MTI1NzE1WhcNMTQx MDA0MTI1NzE1WjBsMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zlcm5t ZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsTA1BLSTENMAsGA1UECxMEVVNBRjEY MBYGA1UEAxMPb25lLmFmcmwuYWYubWlsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A MIIBCgKCAQEAwd0wJNTN+ycMoZ1g/o9VvpfCof0PTinVhosEqc58ZGK50vYqeVT/ 4SU5xe3kPaZOLPV9AFLGOjJriRI1woAMxVEhwxOOSgDMcmPgzPnLzxIqcP1rEfrF eFBqqYHHa9VMGtE/qXBuEoQj7ATCmD4FvVKQTyA9HZkMg2HyCtplUDNS2dA7qFXT rNHBxh5HGiHBYy4lqciIxAypBgirKPtgzGD8R6us66Wu/K/VA8/0kYxeC8i/7ObA k4zdvRCRT/lqIdTb6Hh7xngGaMYQIuP90DBLgpWn+QU+Szupyh6qWgSjsJGixVS5 GOGIs4RGcuRk/euej8blwHMeQR1oOOCKvwIDAQABo4IB0zCCAc8wHwYDVR0jBBgw FoAUCZkT4qPV53TY9j+13PvUtRbtTNMwHQYDVR0OBBYEFPa5HU8lV1snjXSDByTj 3wzQ5VAAMGMGCCsGAQUFBwEBBFcwVTAxBggrBgEFBQcwAoYlaHR0cDovL2NybC5k aXNhLm1pbC9zaWduL0RPRENBXzIxLmNlcjAgBggrBgEFBQcwAYYUaHR0cDovL29j c3AuZGlzYS5taWwwDgYDVR0PAQH/BAQDAgWgMIHDBgNVHR8EgbswgbgwKqAooCaG JGh0dHA6Ly9jcmwuZGlzYS5taWwvY3JsL0RPRENBXzIxLmNybDCBiaCBhqCBg4aB gGxkYXA6Ly9jcmwuZ2RzLmRpc2EubWlsL2NuJTNkRE9EJTIwQ0EtMjElMmNvdSUz ZFBLSSUyY291JTNkRG9EJTJjbyUzZFUuUy4lMjBHb3Zlcm5tZW50JTJjYyUzZFVT P2NlcnRpZmljYXRlcmV2b2NhdGlvbmxpc3Q7YmluYXJ5MC0GA1UdEQQmMCSCD29u ZS5hZnJsLmFmLm1pbIIRKi5vbmUuYWZybC5hZi5taWwwIwYDVR0gBBwwGjALBglg hkgBZQIBCwUwCwYJYIZIAWUCAQsSMA0GCSqGSIb3DQEBBQUAA4IBAQAw5AOvHOK7 Q7j4mD2eE8cjree7PaEKWKPVf920Wxki6ocCyRq9Hlo1Bkk+5HEBbXGjyI921I6E +5ClCQtI0J1wbxK3cRY/ZmtR8SSXQkR9wUGXwtTRLMmQ2NGVSXqbF9sZO9e8f2Il QwVG3hzQZ+bHGM3MgvZpwkJIRJUMhhDPniK3p0YkxDdblwEwi4V6Dm/f9RhZvwxi bnlSJPBe7XPFSWpyXpOMLsdyIDhdPcNPaZbzWA1RX3O39C/hiYhJK1DJInM8wLhA EaVougdF+J5SKKmkXXUqVZTNcRqOyMhCyVLH0nzCGrj2ezmUhoRzlQmUS74tHwcv 0zM2WgfS+IPe -----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwd0wJNTN+ycMoZ1g/o9V vpfCof0PTinVhosEqc58ZGK50vYqeVT/4SU5xe3kPaZOLPV9AFLGOjJriRI1woAM xVEhwxOOSgDMcmPgzPnLzxIqcP1rEfrFeFBqqYHHa9VMGtE/qXBuEoQj7ATCmD4F vVKQTyA9HZkMg2HyCtplUDNS2dA7qFXTrNHBxh5HGiHBYy4lqciIxAypBgirKPtg zGD8R6us66Wu/K/VA8/0kYxeC8i/7ObAk4zdvRCRT/lqIdTb6Hh7xngGaMYQIuP9 0DBLgpWn+QU+Szupyh6qWgSjsJGixVS5GOGIs4RGcuRk/euej8blwHMeQR1oOOCK vwIDAQAB -----END PUBLIC KEY-----

ASN1 Decoded

[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 106864 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.5 (sha1WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'U.S. Government' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DoD' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'PKI' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DOD CA-21' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2011-10-04 12:57:15 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2014-10-04 12:57:15 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'U.S. Government' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DoD' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'PKI' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'USAF' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'one.afrl.af.mil' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 24473064756987114366737162793027331790095599201820011960415029354204160037350268575905190112075782183288188154823704583001797241364724376476345372410343713644288093510383799788578721067290522035511489307690621747314997237432130890475552954705986051936684637895272367116594317149493024022510244013468750494164717675139086377832200672857125748464280138175588946799249100028258344279271258603092304420857095457262875538716131073694717382282753963144491438644743280433195290140556503444153519931624888511073534173295883960673305701256688466720955756716113747049889540905436242940751038875629543300903956991126482368629439 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 099913e2a3d5e774d8f63fb5dcfbd4b516ed4cd3 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) f6b91d4f25575b278d74830724e3df0cd0e55000 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (87 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.disa.mil/sign/DODCA_21.cer' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.disa.mil' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (187 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.disa.mil/crl/DODCA_21.crl' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'ldap://crl.gds.disa.mil/cn%3dDOD%20CA-21%2cou%3dPKI%2cou%3dDoD%2co%3dU.S.%20Government%2cc%3dUS?certificaterevocationlist;binary' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (38 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'one.afrl.af.mil' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.one.afrl.af.mil' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (28 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.101.2.1.11.5 (usDODClass3) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.101.2.1.11.18 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.5 (sha1WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 0030e403af1ce2bb43b8f8983d9e13c723ade7bb3da10a58a3d57fddb45b1922ea8702c91abd1e5a3506493ee471016d71a3c88f76d48e84fb90a5090b48d09d706f12b771163f666b51f1249742447dc14197c2d4d12cc990d8d195497a9b17db193bd7bc7f6225430546de1cd067e6c718cdcc82f669c2424844950c8610cf9e22b7a74624c4375b9701308b857a0e6fdff51859bf0c626e795224f05eed73c5496a725e938c2ec77220385d3dc34f6996f3580d515f73b7f42fe18988492b50c922733cc0b84011a568ba0745f89e5228a9a45d752a5594cd711a8ec8c842c952c7d27cc21ab8f67b39948684739509944bbe2d1f072fd333365a07d2f883de