DV SSL/TLS Certificate for *.cah.gov.py

Certificate is witin its validity period

Issued by Sectigo Limited (Sectigo RSA Domain Validation Secure Server CA)

About the *.cah.gov.py DV SSL/TLS Certificate

This certificate with serial number 8d:32:72:98:d4:39:03:bf:bf:32:d0:ea:e0:ee:1c:34 for *.cah.gov.py was issued on by Sectigo Limited.

With 2 subject alternative names, this certificate can be used to secure multiple FQDNs. This DV SSL/TLS Certificate is currently within its validity period but we haven't checked the revocation status of this certificate, you can do this simply on revocationcheck.com. We have found some issues with the compliance of this certificate, they are be shown below. We hope this DV SSL/TLS Certificate review for *.cah.gov.py provides you with the detailed information you were looking for.


We have identified some issues with this certificate:
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Sectigo Limited

Organization: Sectigo Limited
State / Province: Greater Manchester
Locality: Salford
Country: GB

This X.509 certificate will expire on

Certificate Details

Serial Number (hex): 8d:32:72:98:d4:39:03:bf:bf:32:d0:ea:e0:ee:1c:34
Serial Number (int): 187683086551655146477519023558682876980
Serial Number Length: 128 bits, 16 octets

Subject Key Identifier: 83:ed:de:1e:a5:1d:2c:0d:8f:12:e4:44:f9:f8:61:08:2e:19:ea:a9
Authority Key Identifier: 8d:8c:5e:c4:54:ad:8a:e1:77:e9:9b:f9:9b:05:e1:b8:01:8d:61:e1

Fingerprint (SHA-1): 79:de:3c:2a:d4:e1:e0:82:e6:14:73:b7:77:55:16:7f:27:f4:93:3d
Fingerprint (SHA-256): 42:04:12:42:6f:7d:cb:90:70:90:5e:61:3c:61:60:cb:d3:78:c5:fe:6e:68:af:49:34:76:b4:70:b6:83:a6:61

Issuing Certificate URL: http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt

Revocation Information

OCSP Server: http://ocsp.sectigo.com

Check the revocation status for certificate *.cah.gov.py
2
DNS Names
0
Email Addresses
0
IP Addresses

Advanced Certificate Properties

Technical details of the X.509 certificate for *.cah.gov.py

Public Key Algorithm
RSA
Key Size
2048
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
9
CA Certificate
This is not a CA certificate

Subject Alternative Names

X.509 Certificate

The complete raw X.509 certificate details for *.cah.gov.py in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIGLTCCBRWgAwIBAgIRAI0ycpjUOQO/vzLQ6uDuHDQwDQYJKoZIhvcNAQELBQAw
gY8xCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO
BgNVBAcTB1NhbGZvcmQxGDAWBgNVBAoTD1NlY3RpZ28gTGltaXRlZDE3MDUGA1UE
AxMuU2VjdGlnbyBSU0EgRG9tYWluIFZhbGlkYXRpb24gU2VjdXJlIFNlcnZlciBD
QTAeFw0yNTAxMTcwMDAwMDBaFw0yNjAxMTcyMzU5NTlaMBcxFTATBgNVBAMMDCou
Y2FoLmdvdi5weTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALPZ/Idk
ptHY7WMP770B4r3tYom2Z/iphMr2rhhIrrkCKv6aaWn9M4xHKs74+eagWC/S4JP4
IrFxjsZJiH7oK45hAklDVI0uqqlSX36L3evNboiXnM95a4hAgf5UEQAXIXLLNxFc
xxRFChoM1aQATiRfFs+Zk8V6esxoXqTxzzMmjx5t9UGpMcVHcCpqav1NaCj7AxJP
pxRUNke7tldYdqq4JQyo3oXsAY5SdahyAFzFcvN8rsTSohDc2HHHrNQKFSUbN9Re
C+QFzFr37Gwq/OKqFLphGnPuMe9qgSLN1019c/NOatkj++bq5eo+DRUxFJss60ks
ych4VQ2AjGPWtmsCAwEAAaOCAvkwggL1MB8GA1UdIwQYMBaAFI2MXsRUrYrhd+mb
+ZsF4bgBjWHhMB0GA1UdDgQWBBSD7d4epR0sDY8S5ET5+GEILhnqqTAOBgNVHQ8B
Af8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYB
BQUHAwIwSQYDVR0gBEIwQDA0BgsrBgEEAbIxAQICBzAlMCMGCCsGAQUFBwIBFhdo
dHRwczovL3NlY3RpZ28uY29tL0NQUzAIBgZngQwBAgEwgYQGCCsGAQUFBwEBBHgw
djBPBggrBgEFBQcwAoZDaHR0cDovL2NydC5zZWN0aWdvLmNvbS9TZWN0aWdvUlNB
RG9tYWluVmFsaWRhdGlvblNlY3VyZVNlcnZlckNBLmNydDAjBggrBgEFBQcwAYYX
aHR0cDovL29jc3Auc2VjdGlnby5jb20wIwYDVR0RBBwwGoIMKi5jYWguZ292LnB5
ggpjYWguZ292LnB5MIIBfQYKKwYBBAHWeQIEAgSCAW0EggFpAWcAdQCWl2S/VViX
rfdDh2g3CEJ36fA61fak8zZuRqQ/D8qpxgAAAZR2et7kAAAEAwBGMEQCIAm6Zl4g
jxFqBOVyoCLGo+pk3BuzsCAaq3ED7x91gzH3AiB8KuckF9vcRlZ2w8dPwr/rlq06
mAlr3y9imoYdFawyZQB2ABmG1Mcoqm/+ugNveCpNAZGqzi1yMQ+uzl1wQS0lTMfU
AAABlHZ63r8AAAQDAEcwRQIhAP9WIdMA7mem5nckbAdYNoR3ujbnlxqABsrQDucR
3ipKAiASKFOqgIidr3WpcTZCBWTYTWEjOWuMSnhMHBVpYN/WJgB2AMs49xWJfISh
RF9bwd37yW7ymlnNRwppBYWwyxTDFFjnAAABlHZ63u8AAAQDAEcwRQIhAMmo5L5e
0IjgvI8uOllmCN7D6fph/g7iRrhhatyYR4i8AiBhmF1z60J2tKe6VrPDmlPz4qQO
R/ieM5Db7YoUs2cjDjANBgkqhkiG9w0BAQsFAAOCAQEAn8Usz6n/2z2VYbmehlcL
I2ZKHsl3C8EylePfXi50Pc26r347AHeOElrSsYZf3/Qpb2B+Aa8SgrInBqYNpPL0
xp70aJxU1tHzFXHnwcGGoec7HdAIBvq5oRPuOUGH92GxwEdHAaiHHXlLVqYh6ZbY
uiczRQaQrWQX0y1aR8bC2xkqE12z5uGZV9WSMpQWkuM31jiygZWdeadz8jpgXwoZ
L3Np1wGvp72ZT3tRT1VsP/RtJxN8r3V/WhrWVzv7B4OhW1Jbq4hTQQYTgV9VAB7z
Hz3GHnEkGC/VlLKhFKWHOyX39JTj3JlvAasR0KD+zWTdUbQDX1tZlTTBsmOVFbUj
/Q==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs9n8h2Sm0djtYw/vvQHi
ve1iibZn+KmEyvauGEiuuQIq/pppaf0zjEcqzvj55qBYL9Lgk/gisXGOxkmIfugr
jmECSUNUjS6qqVJffovd681uiJecz3lriECB/lQRABchcss3EVzHFEUKGgzVpABO
JF8Wz5mTxXp6zGhepPHPMyaPHm31QakxxUdwKmpq/U1oKPsDEk+nFFQ2R7u2V1h2
qrglDKjehewBjlJ1qHIAXMVy83yuxNKiENzYcces1AoVJRs31F4L5AXMWvfsbCr8
4qoUumEac+4x72qBIs3XTX1z805q2SP75url6j4NFTEUmyzrSSzJyHhVDYCMY9a2
awIDAQAB
-----END PUBLIC KEY-----

ASN.1 Decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 187683086551655146477519023558682876980
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11
 . . . . . . . . . . . . [c:0|t:5|false] NULL []
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GB'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Greater Manchester'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Salford'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Sectigo Limited'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Sectigo RSA Domain Validation Secure Server CA'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-01-17 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2026-01-17 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String '*.cah.gov.py'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL []
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 22704149709273410820784010021369139970806751533653164828399708887252575138188568649181505042685259866517650263374029264064494607223177457905388083785770288098677393090902091468102921331817238314821464107943784907496757287866538116721703972713584912686421462717803709026726379869649873916144410561087007304885616258869850386904692493136836147067647169730710148388962314662449341883752090847680344456978327854828952115803524462092184315659679490845863752450874488225699419934361385170199489938456783162202279858841476997915724858641986791049507301224255509394942911759715015933280738835366304067180781145366621492524651
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 8d8c5ec454ad8ae177e99bf99b05e1b8018d61e1
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							83edde1ea51d2c0d8f12e444f9f861082e19eaa9
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (66 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.6449.1.2.2.7
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://sectigo.com/CPS'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (120 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.sectigo.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (28 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.cah.gov.py'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cah.gov.py'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (365 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (361 bytes)
							0167007500969764bf555897adf743876837084277e9f03ad5f6a4f3366e46a43f0fcaa9c600000194767adee40000040300463044022009ba665e208f116a04e572a022c6a3ea64dc1bb3b0201aab7103ef1f758331f702207c2ae72417dbdc465676c3c74fc2bfeb96ad3a98096bdf2f629a861d15ac32650076001986d4c728aa6ffeba036f782a4d0191aace2d72310faece5d70412d254cc7d400000194767adebf0000040300473045022100ff5621d300ee67a6e677246c0758368477ba36e7971a8006cad00ee711de2a4a0220122853aa80889daf75a97136420564d84d6123396b8c4a784c1c156960dfd626007600cb38f715897c84a1445f5bc1ddfbc96ef29a59cd470a690585b0cb14c31458e700000194767adeef0000040300473045022100c9a8e4be5ed088e0bc8f2e3a596608dec3e9fa61fe0ee246b8616adc984788bc022061985d73eb4276b4a7ba56b3c39a53f3e2a40e47f89e3390dbed8a14b367230e
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11
 . . . . . . . . [c:0|t:5|false] NULL []
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		009fc52ccfa9ffdb3d9561b99e86570b23664a1ec9770bc13295e3df5e2e743dcdbaaf7e3b00778e125ad2b1865fdff4296f607e01af1282b22706a60da4f2f4c69ef4689c54d6d1f31571e7c1c186a1e73b1dd00806fab9a113ee394187f761b1c0474701a8871d794b56a621e996d8ba2733450690ad6417d32d5a47c6c2db192a135db3e6e19957d59232941692e337d638b281959d79a773f23a605f0a192f7369d701afa7bd994f7b514f556c3ff46d27137caf757f5a1ad6573bfb0783a15b525bab8853410613815f55001ef31f3dc61e7124182fd594b2a114a5873b25f7f494e3dc996f01ab11d0a0fecd64dd51b4035f5b599534c1b2639515b523fd