thandie.org

Issued by R3

About this certificate

This digital certificate with serial number 04:69:52:59:c9:e1:5e:8c:7b:47:43:c9:a4:10:3d:a8:6a:2a was issued on by Let's Encrypt.

This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Certificate Subject

CN=thandie.org

Let's Encrypt

Organization: Let's Encrypt
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 04:69:52:59:c9:e1:5e:8c:7b:47:43:c9:a4:10:3d:a8:6a:2a
Serial Number (int): 384288255158434226273785847677932345518634
Serial Number lenght: 139 bits, 18 octets

SubjectKeyId: 6a:4e:8b:a1:d4:db:d7:a0:06:38:b2:20:87:2b:af:bf:db:c5:3e:0a
AuthorityKeyId: 14:2e:b3:17:b7:58:56:cb:ae:50:09:40:e6:1f:af:9d:8b:14:c2:c6

Fingerprint (sha1): 16:07:25:cd:01:23:2c:3f:bf:97:8e:30:d0:2a:ea:e5:81:7a:e8:77
Fingerprint (sha256): 44:86:3c:62:79:16:a8:dc:e4:f8:25:70:96:29:4f:2a:3d:e2:37:ba:18:38:22:49:7a:c1:65:27:63:d3:22:0e

Issuing Certificate URL: http://r3.i.lencr.org/

Revocation information

OCSP Server: http://r3.o.lencr.org

Check the revocation status for certificate thandie.org

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for thandie.org

Public Key Algorithm

RSA

Key Size

4096

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

thandie.org

Other certificates including the domain name thandie.org

(limited to 100 certificates)
www.thandie.org
thandie.org
thandie.org
thandie.org
thandie.org
thandie.org
www.thandie.org
www.thandie.org
thandie.org
www.thandie.org
thandie.org
thandie.org
thandie.org
www.thandie.org
www.thandie.org

Certificate

The complete raw certificate details for thandie.org in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIF4zCCBMugAwIBAgISBGlSWcnhXox7R0PJpBA9qGoqMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yNDAzMTkxMTU4MDJaFw0yNDA2MTcxMTU4MDFaMBYxFDASBgNVBAMT
C3RoYW5kaWUub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA6GnQ
BfNBSFTFHC3biMTtwaHgdh74/I3Dg5uFHxrxbsDj22eL1Z9ZPkgE2yh+vVVv9dAJ
jPHkWwqcdEXS2IoQ+og8UzFbdLp2lfHVZr8XFjyG9FpAstbJJ7dSd2xYg5QKAHsI
j77LwgsuM4Zbz/vNOjyfP7vL+FpVkT/zgooPYqeZlmFW4sqTShvhf02Uo2+8LMyp
+FUisVssSPVvV5VSA5nrfU66blC7enue1TxrYgaAICcOH6E0Arm+GzPaTUePAwNb
AROAJxSJU53W4STFUOg2sxWlN0zscSis6nAhO2h7dlHNpLc19K4Q+V5PyOvn3itG
LmlU99quaOsQ7RH3qh8fJcSjy7x7mOSuTrbKRE+8A4v5YteI5EkHZo1uIc3UOLau
QNy9OfdIMxdaFMhwLbGvZQjm6YL9hjjuUT+vehLkvhoEB+6J/YHnmhQhfxUJZWob
g15CWtixIRb2urc8x3EtUIdHqSbjMvmUQaXpGMtOlqkyDoUHM68T7LCGRSjV8KlS
G2u5ML8DgoOgfaXitYh0sCAkpQsgGFdyYrd1MLUIztJw+1Exbw5vRZcwnGAiEpjs
zjvxEcc/NrtGDsr4OY47wuP8kaVMaQANrxVJlFyYV8Bnj1TbjHyZ+iCw9O8Hot/F
or9rRI++RCtOVErMFSgWlQvnUL9ggY0XuzXNO2kCAwEAAaOCAg0wggIJMA4GA1Ud
DwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0T
AQH/BAIwADAdBgNVHQ4EFgQUak6LodTb16AGOLIghyuvv9vFPgowHwYDVR0jBBgw
FoAUFC6zF7dYVsuuUAlA5h+vnYsUwsYwVQYIKwYBBQUHAQEESTBHMCEGCCsGAQUF
BzABhhVodHRwOi8vcjMuby5sZW5jci5vcmcwIgYIKwYBBQUHMAKGFmh0dHA6Ly9y
My5pLmxlbmNyLm9yZy8wFgYDVR0RBA8wDYILdGhhbmRpZS5vcmcwEwYDVR0gBAww
CjAIBgZngQwBAgEwggEEBgorBgEEAdZ5AgQCBIH1BIHyAPAAdQA7U3d1Pi25gE6L
MFsG/kA7Z9hPw/THvQANLXJv4frUFwAAAY5WykzpAAAEAwBGMEQCIDMlhuLFMsC2
WeEwgEgVlouINoZtbiVoMBPNVDSw2X4JAiBriT1sfxcXmg4fWYtBcVXZ9ZCFw5BU
Joi08x+DliMS2wB3AHb/iD8KtvuVUcJhzPWHujS0pM27KdxoQgqf5mdMWjp0AAAB
jlbKTSoAAAQDAEgwRgIhAJEE8z4eBJUCE/YP5k/1hBr8c0OSXi9fbBmiSq9zr950
AiEAuz87Sz+qx2Fc5PgzNQaxrd6DMYQyKTbqLmGOlOu+SGowDQYJKoZIhvcNAQEL
BQADggEBABpY7b5zMuvXgkttqmFlMwo/WM96kmf4rfUjRPUG0AW3lmXJ3zNMkN4x
dtmXVgwAPZxnoTmknWJxQA3hxJfG7hZzm3sA/HoLtOtVVXczvGsVLp0LRDrN86Ih
49BA4HEr9EOLAtPjMff9AwTBta7qHAN+iY/ekMjFWTJR88tCkJGRkAm+73SFyq85
eV87u94ncsOL3i4O/EGcSncM1I10aKLxHV51PF41ZcuLwQd7kwgwzfeE9FHZ/HRo
uBhASshqPfixuBqIBiAvguVO2Efnd++lFgS3eX3ckTDs6KiHYpHwVJMROsrPaPop
QY9VaRTWJ2Q3kmTjMsbl96eEpuUdBFQ=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA6GnQBfNBSFTFHC3biMTt
waHgdh74/I3Dg5uFHxrxbsDj22eL1Z9ZPkgE2yh+vVVv9dAJjPHkWwqcdEXS2IoQ
+og8UzFbdLp2lfHVZr8XFjyG9FpAstbJJ7dSd2xYg5QKAHsIj77LwgsuM4Zbz/vN
OjyfP7vL+FpVkT/zgooPYqeZlmFW4sqTShvhf02Uo2+8LMyp+FUisVssSPVvV5VS
A5nrfU66blC7enue1TxrYgaAICcOH6E0Arm+GzPaTUePAwNbAROAJxSJU53W4STF
UOg2sxWlN0zscSis6nAhO2h7dlHNpLc19K4Q+V5PyOvn3itGLmlU99quaOsQ7RH3
qh8fJcSjy7x7mOSuTrbKRE+8A4v5YteI5EkHZo1uIc3UOLauQNy9OfdIMxdaFMhw
LbGvZQjm6YL9hjjuUT+vehLkvhoEB+6J/YHnmhQhfxUJZWobg15CWtixIRb2urc8
x3EtUIdHqSbjMvmUQaXpGMtOlqkyDoUHM68T7LCGRSjV8KlSG2u5ML8DgoOgfaXi
tYh0sCAkpQsgGFdyYrd1MLUIztJw+1Exbw5vRZcwnGAiEpjszjvxEcc/NrtGDsr4
OY47wuP8kaVMaQANrxVJlFyYV8Bnj1TbjHyZ+iCw9O8Hot/For9rRI++RCtOVErM
FSgWlQvnUL9ggY0XuzXNO2kCAwEAAQ==
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 384288255158434226273785847677932345518634
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'R3'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-03-19 11:58:02 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-06-17 11:58:01 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'thandie.org'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 948163664828914789295683893954867943347538054990734367333426328438571742156818284400958690679282617243103984267372756814503504639350416641399158673116421034592808014876881244371008921910333100222072309104845789742992427276307958829568175821329846734891708884467306873456952369109404479098125673869819943965947207656442643915342348207741489930360022177547828656216523133930245571455844555716025605891267613998263028542997378500950894531696054607056819390702504509858868157606675484096672342275636046387368543733865651694540015248763026001431130357480628375312342715546377048528171112774116466867496709050205759088501484720867022890793089032359756487704316321106936197088319096231751317167223824691022868726704329347667593245100530702469800152588999179674460080382597395231894238258119441941753213681818905348865368638471045740024729749971177605512008392124705481873795484566453508145027115441374072642224925238479581133294338559930806330377605923160007181256477370626081633680163326939580721814726028855477160090546509726814273371541331031698898217755610169734372696753849449775391135084708655916062484678589814385576289040071172642822079536623843229036739853931930396322017359428650336148833743468728887841959553597320945519649700713
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							6a4e8ba1d4dbd7a00638b220872bafbfdbc53e0a
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 142eb317b75856cbae500940e61faf9d8b14c2c6
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (73 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.o.lencr.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.i.lencr.org/'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (15 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'thandie.org'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (245 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (242 bytes)
							00f00075003b5377753e2db9804e8b305b06fe403b67d84fc3f4c7bd000d2d726fe1fad4170000018e56ca4ce900000403004630440220332586e2c532c0b659e130804815968b8836866d6e25683013cd5434b0d97e0902206b893d6c7f17179a0e1f598b417155d9f59085c390542688b4f31f83962312db00770076ff883f0ab6fb9551c261ccf587ba34b4a4cdbb29dc68420a9fe6674c5a3a740000018e56ca4d2a00000403004830460221009104f33e1e04950213f60fe64ff5841afc7343925e2f5f6c19a24aaf73afde74022100bb3f3b4b3faac7615ce4f8333506b1adde833184322936ea2e618e94ebbe486a
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		001a58edbe7332ebd7824b6daa6165330a3f58cf7a9267f8adf52344f506d005b79665c9df334c90de3176d997560c003d9c67a139a49d6271400de1c497c6ee16739b7b00fc7a0bb4eb55557733bc6b152e9d0b443acdf3a221e3d040e0712bf4438b02d3e331f7fd0304c1b5aeea1c037e898fde90c8c5593251f3cb429091919009beef7485caaf39795f3bbbde2772c38bde2e0efc419c4a770cd48d7468a2f11d5e753c5e3565cb8bc1077b930830cdf784f451d9fc7468b818404ac86a3df8b1b81a8806202f82e54ed847e777efa51604b7797ddc9130ece8a8876291f05493113acacf68fa29418f556914d62764379264e332c6e5f7a784a6e51d0454