candy-cane.com
Issued by R3
About this certificate
This digital certificate with serial number 04:44:56:aa:64:b5:32:24:bf:11:f0:f3:c6:4d:9e:93:4f:12 was issued on by Let's Encrypt.
With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
- Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
- Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)
Certificate Subject
CN=candy-cane.com
Let's Encrypt
Organization:
Let's Encrypt
Country:
US
This certificate has expire since
Certificate Details
Serial Number (hex): 04:44:56:aa:64:b5:32:24:bf:11:f0:f3:c6:4d:9e:93:4f:12Serial Number (int): 371703543018365032242144065102674492870418
Serial Number lenght: 139 bits, 18 octets
SubjectKeyId: e5:b3:3e:5e:fc:64:bc:4c:f1:0c:91:96:d2:8e:6a:6b:a1:52:a5:19
AuthorityKeyId: 14:2e:b3:17:b7:58:56:cb:ae:50:09:40:e6:1f:af:9d:8b:14:c2:c6
Fingerprint (sha1): 04:29:17:f2:d8:36:dd:52:39:43:de:86:a2:0b:46:2e:65:d3:59:0f
Fingerprint (sha256): 41:31:f1:84:48:3b:64:52:00:b7:5f:6e:7e:9c:cb:4e:91:20:14:3f:fe:88:25:29:e9:b1:20:57:ef:2e:63:be
Issuing Certificate URL: http://r3.i.lencr.org/
Revocation information
OCSP Server: http://r3.o.lencr.orgCheck the revocation status for certificate candy-cane.com
2
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for candy-cane.com
Public Key Algorithm
RSA
Key Size
4096
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
9 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
candy-cane.com
www.candy-cane.com
www.candy-cane.com
Other certificates including the domain name candy-cane.com
(limited to 100 certificates)
www.assaultcases.com
candy-cane.com
slapcard.com
candy-cane.com
candy-cane.com
www.lejlasudar.com
www.beauty-mask.com
vpofspite.com
635217.com
www.2wheelerinsurance.com
lodovico.com
www.mindfulmarraige.org
atlantajointpain.com
houstonprp.org
www.hotelyg.com
www.trombano.com
963uni.com
www.panearn.com
afro7.com
armyair.com
duratravel.com
www.staake.com
www.zeemcar.com
www.treffit.one
www.grasssolution.com
candy-cane.com
slapcard.com
candy-cane.com
candy-cane.com
www.lejlasudar.com
www.beauty-mask.com
vpofspite.com
635217.com
www.2wheelerinsurance.com
lodovico.com
www.mindfulmarraige.org
atlantajointpain.com
houstonprp.org
www.hotelyg.com
www.trombano.com
963uni.com
www.panearn.com
afro7.com
armyair.com
duratravel.com
www.staake.com
www.zeemcar.com
www.treffit.one
www.grasssolution.com
Certificate
The complete raw certificate details for candy-cane.com in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIF/TCCBOWgAwIBAgISBERWqmS1MiS/EfDzxk2ek08SMA0GCSqGSIb3DQEBCwUA MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD EwJSMzAeFw0yNDAxMjUyMzA2NTdaFw0yNDA0MjQyMzA2NTZaMBkxFzAVBgNVBAMT DmNhbmR5LWNhbmUuY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA v5w6mzjWM0D9az+5kZVqOOMyoP2AbSjcYkh/s2Zu3oFWZcgCy4Wfj5HrOa6hjX1X KNIT/Rdenk7J7AaUVxKQYKsgjoK3UbIZ7Ng6kZgU42SVzSqTOZ6YUimi+5swf4TR hPxMONi4e761Y68KYK72hv5qI+1vV/wNbMHJoSEJdSKrQILJYkA0TYDJJcu5cSco nI5dpvqvLm1OvppJupwGB1Iwmcm/zRKuOVuCElbfc6Abdsmo+0GjxRnDgsMir8Kz VlCCYjaN0aygVn+XVjMoqXh9rC0qf9Y8dy3GSYcA70rvzHT4zkuuH3U3OQA7HjZF /Hl99Wgme45aH1+ZzneCuXS7MryBNF9iy4FArh5cwb7kTlUSeQpujjeaTR3wW2di npUCYjBEBDVgpTLIgvKhm+7xbBqfsi/AEzBGFmIwfgWcuev30vW/asiVa/f6Bd/r NMxRHs/hPMt7FIgFy8VZGXtxl5oEE9i/dc+3z6kzRGByHvXR52CONYHF5PLqb9Ey 6JA4MeeGP5Ne7/vH685KjSJ6Iy9MofLBbXvwfz52p7+V2GKZiAKQ/7+jW3spyUF1 WWD9BpQNRSsdyhKowRHpNW8WzvlxnFPHqrxkJLUAJTZvZ/zolx2hfIDjheTqHFLt tJqnqp+X3XZ1fZpiqghcg/xOoEs8AUGOpBL0KGBVnrECAwEAAaOCAiQwggIgMA4G A1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYD VR0TAQH/BAIwADAdBgNVHQ4EFgQU5bM+XvxkvEzxDJGW0o5qa6FSpRkwHwYDVR0j BBgwFoAUFC6zF7dYVsuuUAlA5h+vnYsUwsYwVQYIKwYBBQUHAQEESTBHMCEGCCsG AQUFBzABhhVodHRwOi8vcjMuby5sZW5jci5vcmcwIgYIKwYBBQUHMAKGFmh0dHA6 Ly9yMy5pLmxlbmNyLm9yZy8wLQYDVR0RBCYwJIIOY2FuZHktY2FuZS5jb22CEnd3 dy5jYW5keS1jYW5lLmNvbTATBgNVHSAEDDAKMAgGBmeBDAECATCCAQQGCisGAQQB 1nkCBAIEgfUEgfIA8AB2AEiw42vapkc0D+VqAvqdMOscUgHLVt0sgdm7v6s52IRz AAABjUMXUC4AAAQDAEcwRQIhAMQKAUPYkUbdQheMg6YDykf9S/c3FuVQq+69xC4u HLuqAiBmaT2+kgsOZUAfBKeej67arlD3D9lK1mIUBvcNrl5JdwB2ADtTd3U+LbmA ToswWwb+QDtn2E/D9Me9AA0tcm/h+tQXAAABjUMXUC0AAAQDAEcwRQIhAJDZHZKY Kavv8e6LXI+KL7MCcbfULdopkb+flzlyeLAFAiAWiC51tw5mL4c1ExUi2a150YES YJCDiwL5KIaeDMeTFTANBgkqhkiG9w0BAQsFAAOCAQEAfc8hrW7G70lvqAOlEfxj Sj4bwS2ZnNntC8k6vssQyP0ZTlyr2KuF3gLC6IHovCxM3GWjQ/sGANyTPhsiagMj v/HwQbz3ip8zet268niKpKio70EyC6drbRxT3uQsu9sB1vO2krrqDJiiKky+/nxT eXaff6pRRJYd2lm6X2RkWd7nJPQblG9P0CCweHnfaTL1ZsmQvurFzGCaPYT2Yy2p ye2QiC1oFCdJ0LZH4rNMfWw64ApS2k8DjW4FKPw2/ac/8exv3h9/f2eef/cWQ5y2 sZE3WG7MgucMC05zNVfQNGszyCCRtC/Hr48R6pMkaTOUO9CHhZeMlWQgaTp33Qsw Xg== -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAv5w6mzjWM0D9az+5kZVq OOMyoP2AbSjcYkh/s2Zu3oFWZcgCy4Wfj5HrOa6hjX1XKNIT/Rdenk7J7AaUVxKQ YKsgjoK3UbIZ7Ng6kZgU42SVzSqTOZ6YUimi+5swf4TRhPxMONi4e761Y68KYK72 hv5qI+1vV/wNbMHJoSEJdSKrQILJYkA0TYDJJcu5cSconI5dpvqvLm1OvppJupwG B1Iwmcm/zRKuOVuCElbfc6Abdsmo+0GjxRnDgsMir8KzVlCCYjaN0aygVn+XVjMo qXh9rC0qf9Y8dy3GSYcA70rvzHT4zkuuH3U3OQA7HjZF/Hl99Wgme45aH1+ZzneC uXS7MryBNF9iy4FArh5cwb7kTlUSeQpujjeaTR3wW2dinpUCYjBEBDVgpTLIgvKh m+7xbBqfsi/AEzBGFmIwfgWcuev30vW/asiVa/f6Bd/rNMxRHs/hPMt7FIgFy8VZ GXtxl5oEE9i/dc+3z6kzRGByHvXR52CONYHF5PLqb9Ey6JA4MeeGP5Ne7/vH685K jSJ6Iy9MofLBbXvwfz52p7+V2GKZiAKQ/7+jW3spyUF1WWD9BpQNRSsdyhKowRHp NW8WzvlxnFPHqrxkJLUAJTZvZ/zolx2hfIDjheTqHFLttJqnqp+X3XZ1fZpiqghc g/xOoEs8AUGOpBL0KGBVnrECAwEAAQ== -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 371703543018365032242144065102674492870418 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'R3' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-01-25 23:06:57 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-04-24 23:06:56 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'candy-cane.com' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 781701698365310766148084873695157960401045206532339166695657867239878710369083393138162170263673609951280155885758836783481856877957749261334089736678739488430891775174890857694259023866946993742534737114070745709425997646180140560165929409355912243266871231177102814318856536492269785339035080393094447474632156439793573842107735508384049638587033651929816404756190965692124745364729595367231583091646335646611379950778450135203611286911610067993395196650343744642330705925965577030568557110728100650773000891014888754837775687361722436715155340503526692060141406010022747204245686219295776855574873693523491873621239928628761462169685900437621110746227661153837200920209819280827755454867271779186264196800883604744728528519292774632719433348368999539993195753450738245456537335190659504850126492985668617188237316572525933991774439393607406287172436902113018283326638530393252764177731670517524019813074449662814776141528310813433384125589923750990769505861787264819963515699704073824364367778947537712147360006649505680583045255372857672863622309545549778358737430605953334705334691284253178720208113898211638715173674102193634792559166508454848743165333320386491873028310541387274113728914671252784780419863969790516342744784561 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) e5b33e5efc64bc4cf10c9196d28e6a6ba152a519 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 142eb317b75856cbae500940e61faf9d8b14c2c6 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (73 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.o.lencr.org' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.i.lencr.org/' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (38 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'candy-cane.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.candy-cane.com' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (245 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (242 bytes) 00f000760048b0e36bdaa647340fe56a02fa9d30eb1c5201cb56dd2c81d9bbbfab39d884730000018d4317502e0000040300473045022100c40a0143d89146dd42178c83a603ca47fd4bf73716e550abeebdc42e2e1cbbaa022066693dbe920b0e65401f04a79e8faedaae50f70fd94ad6621406f70dae5e49770076003b5377753e2db9804e8b305b06fe403b67d84fc3f4c7bd000d2d726fe1fad4170000018d4317502d000004030047304502210090d91d929829abeff1ee8b5c8f8a2fb30271b7d42dda2991bf9f97397278b005022016882e75b70e662f8735131522d9ad79d181126090838b02f928869e0cc79315 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 007dcf21ad6ec6ef496fa803a511fc634a3e1bc12d999cd9ed0bc93abecb10c8fd194e5cabd8ab85de02c2e881e8bc2c4cdc65a343fb0600dc933e1b226a0323bff1f041bcf78a9f337addbaf2788aa4a8a8ef41320ba76b6d1c53dee42cbbdb01d6f3b692baea0c98a22a4cbefe7c5379769f7faa5144961dda59ba5f646459dee724f41b946f4fd020b07879df6932f566c990beeac5cc609a3d84f6632da9c9ed90882d68142749d0b647e2b34c7d6c3ae00a52da4f038d6e0528fc36fda73ff1ec6fde1f7f7f679e7ff716439cb6b19137586ecc82e70c0b4e733557d0346b33c82091b42fc7af8f11ea93246933943bd08785978c956420693a77dd0b305e