thandie.org
Issued by R3
About this certificate
This digital certificate with serial number 04:69:52:59:c9:e1:5e:8c:7b:47:43:c9:a4:10:3d:a8:6a:2a was issued on by Let's Encrypt.
This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
- Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
- Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)
Certificate Subject
CN=thandie.org
Let's Encrypt
Organization:
Let's Encrypt
Country:
US
This certificate has expire since
Certificate Details
Serial Number (hex): 04:69:52:59:c9:e1:5e:8c:7b:47:43:c9:a4:10:3d:a8:6a:2aSerial Number (int): 384288255158434226273785847677932345518634
Serial Number lenght: 139 bits, 18 octets
SubjectKeyId: 6a:4e:8b:a1:d4:db:d7:a0:06:38:b2:20:87:2b:af:bf:db:c5:3e:0a
AuthorityKeyId: 14:2e:b3:17:b7:58:56:cb:ae:50:09:40:e6:1f:af:9d:8b:14:c2:c6
Fingerprint (sha1): 16:07:25:cd:01:23:2c:3f:bf:97:8e:30:d0:2a:ea:e5:81:7a:e8:77
Fingerprint (sha256): 44:86:3c:62:79:16:a8:dc:e4:f8:25:70:96:29:4f:2a:3d:e2:37:ba:18:38:22:49:7a:c1:65:27:63:d3:22:0e
Issuing Certificate URL: http://r3.i.lencr.org/
Revocation information
OCSP Server: http://r3.o.lencr.orgCheck the revocation status for certificate thandie.org
1
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for thandie.org
Public Key Algorithm
RSA
Key Size
4096
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
9 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
thandie.org
Other certificates including the domain name thandie.org
(limited to 100 certificates)
Certificate
The complete raw certificate details for thandie.org in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIF4zCCBMugAwIBAgISBGlSWcnhXox7R0PJpBA9qGoqMA0GCSqGSIb3DQEBCwUA MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD EwJSMzAeFw0yNDAzMTkxMTU4MDJaFw0yNDA2MTcxMTU4MDFaMBYxFDASBgNVBAMT C3RoYW5kaWUub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA6GnQ BfNBSFTFHC3biMTtwaHgdh74/I3Dg5uFHxrxbsDj22eL1Z9ZPkgE2yh+vVVv9dAJ jPHkWwqcdEXS2IoQ+og8UzFbdLp2lfHVZr8XFjyG9FpAstbJJ7dSd2xYg5QKAHsI j77LwgsuM4Zbz/vNOjyfP7vL+FpVkT/zgooPYqeZlmFW4sqTShvhf02Uo2+8LMyp +FUisVssSPVvV5VSA5nrfU66blC7enue1TxrYgaAICcOH6E0Arm+GzPaTUePAwNb AROAJxSJU53W4STFUOg2sxWlN0zscSis6nAhO2h7dlHNpLc19K4Q+V5PyOvn3itG LmlU99quaOsQ7RH3qh8fJcSjy7x7mOSuTrbKRE+8A4v5YteI5EkHZo1uIc3UOLau QNy9OfdIMxdaFMhwLbGvZQjm6YL9hjjuUT+vehLkvhoEB+6J/YHnmhQhfxUJZWob g15CWtixIRb2urc8x3EtUIdHqSbjMvmUQaXpGMtOlqkyDoUHM68T7LCGRSjV8KlS G2u5ML8DgoOgfaXitYh0sCAkpQsgGFdyYrd1MLUIztJw+1Exbw5vRZcwnGAiEpjs zjvxEcc/NrtGDsr4OY47wuP8kaVMaQANrxVJlFyYV8Bnj1TbjHyZ+iCw9O8Hot/F or9rRI++RCtOVErMFSgWlQvnUL9ggY0XuzXNO2kCAwEAAaOCAg0wggIJMA4GA1Ud DwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0T AQH/BAIwADAdBgNVHQ4EFgQUak6LodTb16AGOLIghyuvv9vFPgowHwYDVR0jBBgw FoAUFC6zF7dYVsuuUAlA5h+vnYsUwsYwVQYIKwYBBQUHAQEESTBHMCEGCCsGAQUF BzABhhVodHRwOi8vcjMuby5sZW5jci5vcmcwIgYIKwYBBQUHMAKGFmh0dHA6Ly9y My5pLmxlbmNyLm9yZy8wFgYDVR0RBA8wDYILdGhhbmRpZS5vcmcwEwYDVR0gBAww CjAIBgZngQwBAgEwggEEBgorBgEEAdZ5AgQCBIH1BIHyAPAAdQA7U3d1Pi25gE6L MFsG/kA7Z9hPw/THvQANLXJv4frUFwAAAY5WykzpAAAEAwBGMEQCIDMlhuLFMsC2 WeEwgEgVlouINoZtbiVoMBPNVDSw2X4JAiBriT1sfxcXmg4fWYtBcVXZ9ZCFw5BU Joi08x+DliMS2wB3AHb/iD8KtvuVUcJhzPWHujS0pM27KdxoQgqf5mdMWjp0AAAB jlbKTSoAAAQDAEgwRgIhAJEE8z4eBJUCE/YP5k/1hBr8c0OSXi9fbBmiSq9zr950 AiEAuz87Sz+qx2Fc5PgzNQaxrd6DMYQyKTbqLmGOlOu+SGowDQYJKoZIhvcNAQEL BQADggEBABpY7b5zMuvXgkttqmFlMwo/WM96kmf4rfUjRPUG0AW3lmXJ3zNMkN4x dtmXVgwAPZxnoTmknWJxQA3hxJfG7hZzm3sA/HoLtOtVVXczvGsVLp0LRDrN86Ih 49BA4HEr9EOLAtPjMff9AwTBta7qHAN+iY/ekMjFWTJR88tCkJGRkAm+73SFyq85 eV87u94ncsOL3i4O/EGcSncM1I10aKLxHV51PF41ZcuLwQd7kwgwzfeE9FHZ/HRo uBhASshqPfixuBqIBiAvguVO2Efnd++lFgS3eX3ckTDs6KiHYpHwVJMROsrPaPop QY9VaRTWJ2Q3kmTjMsbl96eEpuUdBFQ= -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA6GnQBfNBSFTFHC3biMTt waHgdh74/I3Dg5uFHxrxbsDj22eL1Z9ZPkgE2yh+vVVv9dAJjPHkWwqcdEXS2IoQ +og8UzFbdLp2lfHVZr8XFjyG9FpAstbJJ7dSd2xYg5QKAHsIj77LwgsuM4Zbz/vN OjyfP7vL+FpVkT/zgooPYqeZlmFW4sqTShvhf02Uo2+8LMyp+FUisVssSPVvV5VS A5nrfU66blC7enue1TxrYgaAICcOH6E0Arm+GzPaTUePAwNbAROAJxSJU53W4STF UOg2sxWlN0zscSis6nAhO2h7dlHNpLc19K4Q+V5PyOvn3itGLmlU99quaOsQ7RH3 qh8fJcSjy7x7mOSuTrbKRE+8A4v5YteI5EkHZo1uIc3UOLauQNy9OfdIMxdaFMhw LbGvZQjm6YL9hjjuUT+vehLkvhoEB+6J/YHnmhQhfxUJZWobg15CWtixIRb2urc8 x3EtUIdHqSbjMvmUQaXpGMtOlqkyDoUHM68T7LCGRSjV8KlSG2u5ML8DgoOgfaXi tYh0sCAkpQsgGFdyYrd1MLUIztJw+1Exbw5vRZcwnGAiEpjszjvxEcc/NrtGDsr4 OY47wuP8kaVMaQANrxVJlFyYV8Bnj1TbjHyZ+iCw9O8Hot/For9rRI++RCtOVErM FSgWlQvnUL9ggY0XuzXNO2kCAwEAAQ== -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 384288255158434226273785847677932345518634 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'R3' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-03-19 11:58:02 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-06-17 11:58:01 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'thandie.org' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 948163664828914789295683893954867943347538054990734367333426328438571742156818284400958690679282617243103984267372756814503504639350416641399158673116421034592808014876881244371008921910333100222072309104845789742992427276307958829568175821329846734891708884467306873456952369109404479098125673869819943965947207656442643915342348207741489930360022177547828656216523133930245571455844555716025605891267613998263028542997378500950894531696054607056819390702504509858868157606675484096672342275636046387368543733865651694540015248763026001431130357480628375312342715546377048528171112774116466867496709050205759088501484720867022890793089032359756487704316321106936197088319096231751317167223824691022868726704329347667593245100530702469800152588999179674460080382597395231894238258119441941753213681818905348865368638471045740024729749971177605512008392124705481873795484566453508145027115441374072642224925238479581133294338559930806330377605923160007181256477370626081633680163326939580721814726028855477160090546509726814273371541331031698898217755610169734372696753849449775391135084708655916062484678589814385576289040071172642822079536623843229036739853931930396322017359428650336148833743468728887841959553597320945519649700713 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) 6a4e8ba1d4dbd7a00638b220872bafbfdbc53e0a . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 142eb317b75856cbae500940e61faf9d8b14c2c6 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (73 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.o.lencr.org' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.i.lencr.org/' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (15 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'thandie.org' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (245 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (242 bytes) 00f00075003b5377753e2db9804e8b305b06fe403b67d84fc3f4c7bd000d2d726fe1fad4170000018e56ca4ce900000403004630440220332586e2c532c0b659e130804815968b8836866d6e25683013cd5434b0d97e0902206b893d6c7f17179a0e1f598b417155d9f59085c390542688b4f31f83962312db00770076ff883f0ab6fb9551c261ccf587ba34b4a4cdbb29dc68420a9fe6674c5a3a740000018e56ca4d2a00000403004830460221009104f33e1e04950213f60fe64ff5841afc7343925e2f5f6c19a24aaf73afde74022100bb3f3b4b3faac7615ce4f8333506b1adde833184322936ea2e618e94ebbe486a . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 001a58edbe7332ebd7824b6daa6165330a3f58cf7a9267f8adf52344f506d005b79665c9df334c90de3176d997560c003d9c67a139a49d6271400de1c497c6ee16739b7b00fc7a0bb4eb55557733bc6b152e9d0b443acdf3a221e3d040e0712bf4438b02d3e331f7fd0304c1b5aeea1c037e898fde90c8c5593251f3cb429091919009beef7485caaf39795f3bbbde2772c38bde2e0efc419c4a770cd48d7468a2f11d5e753c5e3565cb8bc1077b930830cdf784f451d9fc7468b818404ac86a3df8b1b81a8806202f82e54ed847e777efa51604b7797ddc9130ece8a8876291f05493113acacf68fa29418f556914d62764379264e332c6e5f7a784a6e51d0454