candy-cane.com
Issued by R3
About this certificate
This digital certificate with serial number 04:4d:98:45:dd:bb:bf:8e:2b:e5:89:9d:3e:9e:74:4f:28:bd was issued on by Let's Encrypt.
With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
- Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
- Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)
Certificate Subject
CN=candy-cane.com
Let's Encrypt
Organization:
Let's Encrypt
Country:
US
This certificate has expire since
Certificate Details
Serial Number (hex): 04:4d:98:45:dd:bb:bf:8e:2b:e5:89:9d:3e:9e:74:4f:28:bdSerial Number (int): 374853291401083266697788026374669672065213
Serial Number lenght: 139 bits, 18 octets
SubjectKeyId: a0:b5:4d:42:35:88:50:09:65:74:08:46:f4:bc:b4:36:e4:4d:63:3f
AuthorityKeyId: 14:2e:b3:17:b7:58:56:cb:ae:50:09:40:e6:1f:af:9d:8b:14:c2:c6
Fingerprint (sha1): c6:43:a1:14:95:1e:15:20:a0:65:20:91:d4:a8:d9:28:e6:60:5a:4f
Fingerprint (sha256): 0f:d3:3b:ef:d4:3a:2d:ef:0e:4e:bf:8f:09:9f:ea:da:c3:b0:f9:0d:ae:e0:a8:96:15:8c:8c:4a:35:7f:03:7b
Issuing Certificate URL: http://r3.i.lencr.org/
Revocation information
OCSP Server: http://r3.o.lencr.orgCheck the revocation status for certificate candy-cane.com
2
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for candy-cane.com
Public Key Algorithm
RSA
Key Size
4096
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
9 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
candy-cane.com
www.candy-cane.com
www.candy-cane.com
Other certificates including the domain name candy-cane.com
(limited to 100 certificates)
www.assaultcases.com
candy-cane.com
slapcard.com
candy-cane.com
candy-cane.com
www.lejlasudar.com
www.beauty-mask.com
vpofspite.com
635217.com
www.2wheelerinsurance.com
lodovico.com
www.mindfulmarraige.org
atlantajointpain.com
houstonprp.org
www.hotelyg.com
www.trombano.com
963uni.com
www.panearn.com
afro7.com
armyair.com
duratravel.com
www.staake.com
www.zeemcar.com
www.treffit.one
www.grasssolution.com
candy-cane.com
slapcard.com
candy-cane.com
candy-cane.com
www.lejlasudar.com
www.beauty-mask.com
vpofspite.com
635217.com
www.2wheelerinsurance.com
lodovico.com
www.mindfulmarraige.org
atlantajointpain.com
houstonprp.org
www.hotelyg.com
www.trombano.com
963uni.com
www.panearn.com
afro7.com
armyair.com
duratravel.com
www.staake.com
www.zeemcar.com
www.treffit.one
www.grasssolution.com
Certificate
The complete raw certificate details for candy-cane.com in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIF/jCCBOagAwIBAgISBE2YRd27v44r5YmdPp50Tyi9MA0GCSqGSIb3DQEBCwUA MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD EwJSMzAeFw0yNDAzMjYyMTA2NDJaFw0yNDA2MjQyMTA2NDFaMBkxFzAVBgNVBAMT DmNhbmR5LWNhbmUuY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA mfXwtl/08bbYdcs2b7x5I1in+cShYfKGmiyz6j0t950c64KOvHr9kD/tfrA7/9i1 8PbI5mKRLPTiIydLQQzGMQI2o3cm6Z7HzMaYwty2N6GSHQTtwfXIhJK7jOTas8v+ cUjbdOfdRz86XpM8CRpELBsl0D+OeZJ4gLpfAL2l0YDnBrjziJGyMGUEwuI8Y0XX 3BiZSzNXf3cN0s248diRLVs5cwpaUgzVFnQrGsaYYrm9WdGrfVuKLRBxi1UNyWB/ GM9ii4d//IKgXsiWhhiz5AZ9bhRDcUdUP7DcLsfp+7SuqR3XFVrYq4GCQCxh4oX3 8p8/Cs8QQ+PQ4aqTqA4CN8z+gtWjJf+0/7ndnxLNBrbjiHjKB5JzhKpCdtWOkQgY iF9JDXkexaTdF8QIPGUy67s6hO4/UfTBOkh3q5HaZxBGX20HHeerReXk5JRwd4Qt wvnwiE3/2HhLfVvjmb/GjkrH7IFjrnf+lBZ2+i00R/GNuOn5nrb/lqqCpq8QN5rH 4An+MjJFOqHiGldzWyxQADX7WSOVoOkc606irZ6xDGG/9ySL64EH2V1JxMUzr3zQ lhodWMJ468dDKLBUI1CxYUV33Fc3tNuG7573cEY7+RekwJxvb8H356weFRWY5Vnu i8TCDmZslnWh+dHbZ5gHgfD4IoTGodohBCMHzarI2vMCAwEAAaOCAiUwggIhMA4G A1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYD VR0TAQH/BAIwADAdBgNVHQ4EFgQUoLVNQjWIUAlldAhG9Ly0NuRNYz8wHwYDVR0j BBgwFoAUFC6zF7dYVsuuUAlA5h+vnYsUwsYwVQYIKwYBBQUHAQEESTBHMCEGCCsG AQUFBzABhhVodHRwOi8vcjMuby5sZW5jci5vcmcwIgYIKwYBBQUHMAKGFmh0dHA6 Ly9yMy5pLmxlbmNyLm9yZy8wLQYDVR0RBCYwJIIOY2FuZHktY2FuZS5jb22CEnd3 dy5jYW5keS1jYW5lLmNvbTATBgNVHSAEDDAKMAgGBmeBDAECATCCAQUGCisGAQQB 1nkCBAIEgfYEgfMA8QB3AD8XS0/XIkdYlB1lHIS+DRLtkDd/H4Vq68G/KIXs+GRu AAABjnzNJVkAAAQDAEgwRgIhAI52QapqXJ4XMSREL792R7L96gElcHQgHRcAA0Vt TxoIAiEAgrLwOfmcsnuLZDqfT8FeRlPT5WqtR5tPxPVPfMoNCiUAdgCi4r/WHt4v Lweg1k5tN6fcZUOwxrUuotq3iviabfUX2AAAAY58zSV/AAAEAwBHMEUCIDtvDRVa LoHtLr1yjIGR+jKjzk61kxsz1xReLbvn0VXKAiEA9C+APoib1s+tRl+gIkVhytft wviK40aQCgXkeG7J/l0wDQYJKoZIhvcNAQELBQADggEBAGcjxfINVAlx0qAmci/m pF/xyO6+zr9q1bi95ZT53Trb2SgIaJrZHbEACkY6QBkVtFTmNs0itd0c1HaDTM5B aKHhkYxae6wyhjerVnnVL1TShKFGHYlzZPy6yfBJfU3PxE9pD2XN12h6tAHamAUf A5LXOO8CL26ht/6aECGE9PP+KhUtTG4Ra9TQm1EsDIQ1ILeM1+7c63iv/84fDFCU GEsh1N/f4K7PIQt9wfKQcx/MlYQfXhMUsukwtdFhvh/PpyvqM40Nx8hOz4bkaKJa J0pn9mGfRqCjeI31jPkOfd0v6DvVNpS0Bqs0RLefMO8K5BrUQmhzI1giOzLQU/gL cJE= -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAmfXwtl/08bbYdcs2b7x5 I1in+cShYfKGmiyz6j0t950c64KOvHr9kD/tfrA7/9i18PbI5mKRLPTiIydLQQzG MQI2o3cm6Z7HzMaYwty2N6GSHQTtwfXIhJK7jOTas8v+cUjbdOfdRz86XpM8CRpE LBsl0D+OeZJ4gLpfAL2l0YDnBrjziJGyMGUEwuI8Y0XX3BiZSzNXf3cN0s248diR LVs5cwpaUgzVFnQrGsaYYrm9WdGrfVuKLRBxi1UNyWB/GM9ii4d//IKgXsiWhhiz 5AZ9bhRDcUdUP7DcLsfp+7SuqR3XFVrYq4GCQCxh4oX38p8/Cs8QQ+PQ4aqTqA4C N8z+gtWjJf+0/7ndnxLNBrbjiHjKB5JzhKpCdtWOkQgYiF9JDXkexaTdF8QIPGUy 67s6hO4/UfTBOkh3q5HaZxBGX20HHeerReXk5JRwd4QtwvnwiE3/2HhLfVvjmb/G jkrH7IFjrnf+lBZ2+i00R/GNuOn5nrb/lqqCpq8QN5rH4An+MjJFOqHiGldzWyxQ ADX7WSOVoOkc606irZ6xDGG/9ySL64EH2V1JxMUzr3zQlhodWMJ468dDKLBUI1Cx YUV33Fc3tNuG7573cEY7+RekwJxvb8H356weFRWY5Vnui8TCDmZslnWh+dHbZ5gH gfD4IoTGodohBCMHzarI2vMCAwEAAQ== -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 374853291401083266697788026374669672065213 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'R3' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-03-26 21:06:42 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-06-24 21:06:41 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'candy-cane.com' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 628104873719149961965791537068212569939084793735468916755596762780001198010236524875559430000828989325126240932079424442853842296658199438053606741782364944312513218172353545531403081234873986898954932174990451968431176519979105727121674354374431413987322978098992662123788247961904676175236415750098513487918608223487164333975058884416775512873019977899524269444860211014945251775576530373584657245851163689132047428427733274127984531859312340468237761143460710553012616151789236000158740905856024760393718760014039043303699536177911163863313960299838111203277338199728774343953067310691183373447817491488730324530493995930956761953039891997437414020302836021389941281380566081270076850285689774071807616905821191049089521239215852367689364410588751490050949711940113659475160225424906223151976707535808423520627577005606004948911204138904255769845938716234462090867260551388918557810759768794808407793681883592828035778820440926650377315704462275806005197265192309409786855374432320696588799094788253321091581708322870201659087868983468423986861933757451351940457402896914793500032839807227267233193069437980206739455257497318651760183773629039074356587667520536804456616939031243794027586480908611910710535006780860530525039287027 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) a0b54d423588500965740846f4bcb436e44d633f . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 142eb317b75856cbae500940e61faf9d8b14c2c6 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (73 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.o.lencr.org' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.i.lencr.org/' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (38 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'candy-cane.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.candy-cane.com' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (246 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (243 bytes) 00f10077003f174b4fd7224758941d651c84be0d12ed90377f1f856aebc1bf2885ecf8646e0000018e7ccd255900000403004830460221008e7641aa6a5c9e173124442fbf7647b2fdea01257074201d170003456d4f1a0802210082b2f039f99cb27b8b643a9f4fc15e4653d3e56aad479b4fc4f54f7cca0d0a25007600a2e2bfd61ede2f2f07a0d64e6d37a7dc6543b0c6b52ea2dab78af89a6df517d80000018e7ccd257f000004030047304502203b6f0d155a2e81ed2ebd728c8191fa32a3ce4eb5931b33d7145e2dbbe7d155ca022100f42f803e889bd6cfad465fa0224561cad7edc2f88ae346900a05e4786ec9fe5d . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 006723c5f20d540971d2a026722fe6a45ff1c8eebecebf6ad5b8bde594f9dd3adbd92808689ad91db1000a463a401915b454e636cd22b5dd1cd476834cce4168a1e1918c5a7bac328637ab5679d52f54d284a1461d897364fcbac9f0497d4dcfc44f690f65cdd7687ab401da98051f0392d738ef022f6ea1b7fe9a102184f4f3fe2a152d4c6e116bd4d09b512c0c843520b78cd7eedceb78afffce1f0c5094184b21d4dfdfe0aecf210b7dc1f290731fcc95841f5e1314b2e930b5d161be1fcfa72bea338d0dc7c84ecf86e468a25a274a67f6619f46a0a3788df58cf90e7ddd2fe83bd53694b406ab3444b79f30ef0ae41ad44268732358223b32d053f80b7091