srv-fw-master.zeit.de

Issued by R3

About this certificate

This digital certificate with serial number 03:84:1c:02:d8:4d:b2:50:00:ef:c7:84:87:bf:65:51:f0:a6 was issued on by Let's Encrypt.

This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Certificate Subject

CN=srv-fw-master.zeit.de

Let's Encrypt

Organization: Let's Encrypt
Country: US

This certificate will expire on

Certificate Details

Serial Number (hex): 03:84:1c:02:d8:4d:b2:50:00:ef:c7:84:87:bf:65:51:f0:a6
Serial Number (int): 306291363384476539783729793105931212550310
Serial Number lenght: 138 bits, 18 octets

SubjectKeyId: 99:1b:74:39:48:b2:16:60:3c:5f:80:f2:62:22:ed:2f:44:d0:6f:1c
AuthorityKeyId: 14:2e:b3:17:b7:58:56:cb:ae:50:09:40:e6:1f:af:9d:8b:14:c2:c6

Fingerprint (sha1): 24:70:f2:c6:45:54:a6:91:2d:c4:a0:7f:be:ba:bc:28:55:05:86:b3
Fingerprint (sha256): 0d:26:9a:4a:b3:49:80:f7:53:7d:11:33:f1:fd:16:3f:7d:e8:d3:ea:17:c7:d6:90:32:54:64:e9:71:48:5e:f0

Issuing Certificate URL: http://r3.i.lencr.org/

Revocation information

OCSP Server: http://r3.o.lencr.org

Check the revocation status for certificate srv-fw-master.zeit.de

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for srv-fw-master.zeit.de

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

srv-fw-master.zeit.de

Other certificates including the domain name zeit.de

(limited to 100 certificates)
dns-vetting1c.map.fastly.net
zeit.de
timetac.zeit.de
dns-vetting1-jeffg-noah.map.fastly.net
dev.academics.de
cmp.channelpartner.de
epaper.zeit.de
dns-vetting1j.map.fastly.net
inserieren-adpoint.zeit.de
g2.shared.global.fastly.net
newsletterversand.zeit.de
g2.shared.global.fastly.net
zeit.de
leserservice.zeit.de
g2.shared.global.fastly.net
dns-vetting1-jeffg-noah.map.fastly.net
timetacstatic.zeit.de
mailserverbdcas.zeit.de
dns-vetting1-jeffg-noah.map.fastly.net
timetac.zeit.de
boa.zeit.de
dns-vetting1j.map.fastly.net
ssl-proxy02.acme.zeit.de
verlag.zeit.de
g2.shared.global.fastly.net
dns-vetting1j.map.fastly.net
dns-vetting1-jeffg-noah.map.fastly.net
shop.zeit.de
g2.shared.global.fastly.net
community-api.zeit.de
inserieren4.zeit.de
dns-vetting1c.map.fastly.net
srv-ts.zeit.de
g2.shared.global.fastly.net
b2.shared.global.fastly.net
dns-vetting1-jeffg-noah.map.fastly.net
dns-vetting1j.map.fastly.net
avatars.zeit.de
www2.zeit.de
b2.shared.global.fastly.net
dns-vetting1-jeffg-noah.map.fastly.net
g2.shared.global.fastly.net
dns-vetting1j.map.fastly.net
dns-vetting1-jeffg-noah.map.fastly.net
g2.shared.global.fastly.net
g2.shared.global.fastly.net
k8s-ext.zeit.de
verlag.zeit.de
dns-vetting1-jeffg-noah.map.fastly.net
spiele.zeit.de
dns-vetting1c.map.fastly.net
www.academics.de
b2.shared.global.fastly.net
dns-vetting1-jeffg-noah.map.fastly.net
dns-vetting1j.map.fastly.net
b2.shared.global.fastly.net
b2.shared.global.fastly.net
dns-vetting1-jeffg-noah.map.fastly.net
g2.shared.global.fastly.net
dns-vetting1-jeffg-noah.map.fastly.net
z2x.zeit.de
b2.shared.global.fastly.net
prod.academics.de
b2.shared.global.fastly.net
verlag.zeit.de
dns-vetting1j.map.fastly.net
zeit.de
b2.shared.global.fastly.net
inserieren.zeit.de
g2.shared.global.fastly.net
b2.shared.global.fastly.net
dns-vetting1j.map.fastly.net
chancenundkarriere.de
b2.shared.global.fastly.net
dns-vetting1j.map.fastly.net
www2.zeit.de
b2.shared.global.fastly.net
dns-vetting1-jeffg-noah.map.fastly.net
g2.shared.global.fastly.net
inserieren4.zeit.de
verlag.zeit.de
dns-vetting1-jeffg-noah.map.fastly.net
community-admin.zeit.de
g2.shared.global.fastly.net
g2.shared.global.fastly.net
mailserverbdcas.zeit.de
herstellung.zeit.de
g2.shared.global.fastly.net
k8s-ext.zeit.de
g2.shared.global.fastly.net
dns-vetting1-jeffg-noah.map.fastly.net
openvpnas.zeit.de
dns-vetting1-jeffg-noah.map.fastly.net
timetacstatic.zeit.de
1pw-scim.zeit.de
inserieren4.zeit.de
g2.shared.global.fastly.net
parlamentsreden-backend.zeit.de
srv-fw-master.zeit.de
data-af9f3dfb33.zeit.de

Certificate

The complete raw certificate details for srv-fw-master.zeit.de in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIEBDCCAuygAwIBAgISA4QcAthNslAA78eEh79lUfCmMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yNDA0MDIwNzA4MDVaFw0yNDA3MDEwNzA4MDRaMCAxHjAcBgNVBAMT
FXNydi1mdy1tYXN0ZXIuemVpdC5kZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
AQoCggEBAPAQx3G35QUjNLycv5XoKKW0JMe3Qlt5S6gfZz20PMnVXhdEDFEpAEr9
RcsRE1yW8y4eYBYZCau7gqR9sKnm5tzgLsu0anba3opedA5dCfPfpS8Kk4nqXrWi
HYOTNBMcKpRyXjwF2GUmNudt0R7GGQSbbxVTztFjGbU9l5keVoEaWgpN6udvXI0K
YJ9wv6OZH825xnJ8txxXYRblexHS3GIDAJZPIZKBk5VQTimtt4FFJJ1n7IBylrJ8
K7axfyEcMrTqv9RdArDD4tbkNIdnKf8Nfff0nVpcxYuC9Int6AgHxMrrcYOguYGz
H9YdHB3eytb6LlyPUehZpqpn7ziUFaUCAwEAAaOCASQwggEgMA4GA1UdDwEB/wQE
AwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIw
ADAdBgNVHQ4EFgQUmRt0OUiyFmA8X4DyYiLtL0TQbxwwHwYDVR0jBBgwFoAUFC6z
F7dYVsuuUAlA5h+vnYsUwsYwVQYIKwYBBQUHAQEESTBHMCEGCCsGAQUFBzABhhVo
dHRwOi8vcjMuby5sZW5jci5vcmcwIgYIKwYBBQUHMAKGFmh0dHA6Ly9yMy5pLmxl
bmNyLm9yZy8wIAYDVR0RBBkwF4IVc3J2LWZ3LW1hc3Rlci56ZWl0LmRlMBMGA1Ud
IAQMMAowCAYGZ4EMAQIBMBMGCisGAQQB1nkCBAMBAf8EAgUAMA0GCSqGSIb3DQEB
CwUAA4IBAQABu1uiqKXquMk5nOf8UNzqJAyGTJSHLx7G/b0Oqb5b1hhvh6cqXqzo
PIiKrAc79fEE2DHVsu2aLjuz+rDBPyYHqoRWBvSeH4bkpnA/W2uf3Q7h3VcoCWgE
hqSs3VnWY8M6+CE9KjZdcuFuoqbYxDqrQ9Lo3HlqZubnsgOvqqq/PK0Er6evlDjT
5ysBN55gw3ez1HjZS0/PTY20t9SKlj/liRyWV0dsAWQeaa/KjOAkdWmqS7eByccU
5ZV7uBwDZ5q3e+8Sylwxw5lnJldC17IlI/sm+bNxUUYMZHb5jdobCmOj+FBtcX9a
08nR3RfvamUTz4isw7AGX98VQg8RTPg3
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8BDHcbflBSM0vJy/lego
pbQkx7dCW3lLqB9nPbQ8ydVeF0QMUSkASv1FyxETXJbzLh5gFhkJq7uCpH2wqebm
3OAuy7Rqdtreil50Dl0J89+lLwqTiepetaIdg5M0ExwqlHJePAXYZSY2523RHsYZ
BJtvFVPO0WMZtT2XmR5WgRpaCk3q529cjQpgn3C/o5kfzbnGcny3HFdhFuV7EdLc
YgMAlk8hkoGTlVBOKa23gUUknWfsgHKWsnwrtrF/IRwytOq/1F0CsMPi1uQ0h2cp
/w199/SdWlzFi4L0ie3oCAfEyutxg6C5gbMf1h0cHd7K1vouXI9R6FmmqmfvOJQV
pQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 306291363384476539783729793105931212550310
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'R3'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-04-02 07:08:05 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-07-01 07:08:04 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'srv-fw-master.zeit.de'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 30305467264065248702965192211221096308190164770779294589717485763223526503319609901066145777218462873389971047999741222517997622591110414392015372923163081134370353617802413296715682415190001238232989889259715174315878898721485806186915304745409933296521253666107065985716409657878777834228424112257656072196194653005271874655671472448151211319407900947346833339733601418689935069589970850807228749695756440636586379810480143057558338247309785909444636451599769642930695517168681519446488889964401961447482929404768150058552927518605326024200641043361212365771687036319638452880025134006798931885143061976399113098661
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							991b743948b216603c5f80f26222ed2f44d06f1c
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 142eb317b75856cbae500940e61faf9d8b14c2c6
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (73 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.o.lencr.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.i.lencr.org/'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (25 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'srv-fw-master.zeit.de'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		0001bb5ba2a8a5eab8c9399ce7fc50dcea240c864c94872f1ec6fdbd0ea9be5bd6186f87a72a5eace83c888aac073bf5f104d831d5b2ed9a2e3bb3fab0c13f2607aa845606f49e1f86e4a6703f5b6b9fdd0ee1dd572809680486a4acdd59d663c33af8213d2a365d72e16ea2a6d8c43aab43d2e8dc796a66e6e7b203afaaaabf3cad04afa7af9438d3e72b01379e60c377b3d478d94b4fcf4d8db4b7d48a963fe5891c9657476c01641e69afca8ce0247569aa4bb781c9c714e5957bb81c03679ab77bef12ca5c31c39967265742d7b22523fb26f9b37151460c6476f98dda1b0a63a3f8506d717f5ad3c9d1dd17ef6a6513cf88acc3b0065fdf15420f114cf837