StartCom Class 2 Primary Intermediate Client CA

Issued by StartCom Certification Authority

About this certificate


This digital certificate with serial number 21 was issued on by StartCom Ltd. .

This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com.

Cerificate errors/warnings *beta

  • ERROR: Certificate has key usage [CertSign] set
  • ERROR: Certificate has key usage [CRLSign] set

StartCom Ltd.

Organization: StartCom Ltd.
Organization unit: Secure Digital Certificate Signing
Country: IL

StartCom Ltd.

Organization: StartCom Ltd.
Organization unit: Secure Digital Certificate Signing
Country: IL

Time untill certificate expires

This certificate will expire on

Certificate Details

Serial Number (hex): 21
Serial Number (int): 33
Serial Number lenght: 6 bits, 1 octets

SubjectKeyId: ae:55:83:6f:ec:31:ca:b9:f7:1d:fa:af:6b:31:f3:c8:1d:e3:ac:bb
AuthorityKeyId: 4e:0b:ef:1a:a4:40:5b:a5:17:69:87:30:ca:34:68:43:d0:41:ae:f2

Fingerprint (sha1): df:04:35:7a:80:b7:18:cc:93:06:d2:6d:4c:2f:64:ca:38:75:8a:92
Fingerprint (sha256): bd:ac:77:84:1b:d2:99:0b:48:d5:fc:a6:e3:bb:65:f2:5b:18:b7:28:fa:43:31:28:d9:f6:4d:14:20:25:8a:72

Issuing Certificate URL: http://www.startssl.com/sfsca.crt

Revocation information

OCSP Server: http://ocsp.startssl.com/ca
CRL Distribution Point: http://www.startssl.com/sfsca.crl
CRL Distribution Point: http://crl.startssl.com/sfsca.crl

Check the revocation status for the current certificate on StartCom Class 2 Primary Intermediate Client CA
0
DNS Names
0
Email Addresses
0
IP Addresses

Advanced Certificate Properties

Technical details about this certificate


Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA



Key Usage

Cert Sign
CRL Sign

Extended Key Usages

Extensions

7 extensions
No unhandled critical extensions



CA Certificate

This is a CA certificate
Maximum Path Lenght:

-1

Subject Alternative Names

This certificate doesn't contain any subject alternative names (DNS Name).

Certificate

The complete raw certificate details in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE----- MIIGNDCCBBygAwIBAgIBITANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQGEwJJTDEW MBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwg Q2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3RhcnRDb20gQ2VydGlmaWNh dGlvbiBBdXRob3JpdHkwHhcNMDcxMDI0MjEwMjU1WhcNMTcxMDI0MjEwMjU1WjCB jDELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsT IlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxODA2BgNVBAMTL1N0 YXJ0Q29tIENsYXNzIDIgUHJpbWFyeSBJbnRlcm1lZGlhdGUgQ2xpZW50IENBMIIB IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyyiFRZwBLPsZ8qulM4wqoA3L 0FXtXSKBZ0bEDwhTvsvdpPEStD59zG0NhnfpnoYfRgWft+rlEAO14/QBjOsID4RB N+LyrX6QDebSfC3Bcb3gzmwiqy+zuVE/VrJwGR7+zmD2EkevJnZpxJyfNzOMEICj tfW/kbfLDwwM/abZELJ7Qp+Bnic4N6tklXOECU4P1h6O8BdmoeSzDnofMSVUihhJ nerj5Em49dd8ijJvL5jabUT5jNfmIJlcHHTmCTowoBbW9rDj+/Y44vLoVkfdcce0 6TNSt4b/8KwWcH365phKVHrlx0bNOyaggrxYfXKCheFEGb3xIPsd/+vcUQs29QID AQABo4IBrTCCAakwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYD VR0OBBYEFK5Vg2/sMcq59x36r2sx88gd46y7MB8GA1UdIwQYMBaAFE4L7xqkQFul F2mHMMo0aEPQQa7yMGYGCCsGAQUFBwEBBFowWDAnBggrBgEFBQcwAYYbaHR0cDov L29jc3Auc3RhcnRzc2wuY29tL2NhMC0GCCsGAQUFBzAChiFodHRwOi8vd3d3LnN0 YXJ0c3NsLmNvbS9zZnNjYS5jcnQwWwYDVR0fBFQwUjAnoCWgI4YhaHR0cDovL3d3 dy5zdGFydHNzbC5jb20vc2ZzY2EuY3JsMCegJaAjhiFodHRwOi8vY3JsLnN0YXJ0 c3NsLmNvbS9zZnNjYS5jcmwwgYAGA1UdIAR5MHcwdQYLKwYBBAGBtTcBAgEwZjAu BggrBgEFBQcCARYiaHR0cDovL3d3dy5zdGFydHNzbC5jb20vcG9saWN5LnBkZjA0 BggrBgEFBQcCARYoaHR0cDovL3d3dy5zdGFydHNzbC5jb20vaW50ZXJtZWRpYXRl LnBkZjANBgkqhkiG9w0BAQsFAAOCAgEAQfpouQ/byG02TilPevXSpLSxV7HP77/Q 6ObEOhQ3d5+Jv0p64r5OHO84BzQSdxi9fajFi/gJOFNRTWIz8vTjtuwsiBkTtrNd 1PN3jSTiPAiteMJVJubvnvFAMVWIRZabxDIBQlvFeZ5fkGjxkUAlOdJxTyEou//p cp+jrnrFiRPpiXD3lmZ9Xz32wC5CLJzUElxWLllpg/LM4GYBHznIaObVD5cYVC/S D4b5yyhHo0cpsmeoEYWXVOrM7U6bAzCd+sNjUHzG5KDtlPJ1l9vQN/27n3OfZPTS iDtzBxa3U5XNu9bCkFPYKeMeU3vd6nPwJmNxtDPtVujVmKV7k/qqmQ2luo/jYnht 1Vv2nVKywA4PrGZKMD5SwNIgj0IcSQ+AwJ5cR2vCLE2JqpYdGzcJBUMbnHaLoOx5 3PMLo30A16sjHy6Jw1nxSDXMPlp18D0Zq78LROMCiYQticaZfq/ALgBqgfz4993L tOJrWq5GDVW/Pejuaa0UEmkkLbKWDTgyvVT4e5ez5We6j9r/okD3exsVoD82nb3L 3FgR+rCfRpXMJ2Yt4iCEamZuXSfvaRvdlYWy+HLKSPB044qjdmlkGVJ77usqqw8j bjmR7i2aYjZ4Dp2nOcw5fNAMYWRfECQo/nBaIqQFjIdqUAA2G58QNzTAHb9jjMa5 UBZ46ar+yO0= -----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyyiFRZwBLPsZ8qulM4wq oA3L0FXtXSKBZ0bEDwhTvsvdpPEStD59zG0NhnfpnoYfRgWft+rlEAO14/QBjOsI D4RBN+LyrX6QDebSfC3Bcb3gzmwiqy+zuVE/VrJwGR7+zmD2EkevJnZpxJyfNzOM EICjtfW/kbfLDwwM/abZELJ7Qp+Bnic4N6tklXOECU4P1h6O8BdmoeSzDnofMSVU ihhJnerj5Em49dd8ijJvL5jabUT5jNfmIJlcHHTmCTowoBbW9rDj+/Y44vLoVkfd cce06TNSt4b/8KwWcH365phKVHrlx0bNOyaggrxYfXKCheFEGb3xIPsd/+vcUQs2 9QIDAQAB -----END PUBLIC KEY-----

ASN1 Decoded

[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 33 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'IL' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'StartCom Ltd.' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Secure Digital Certificate Signing' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'StartCom Certification Authority' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2007-10-24 21:02:55 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2017-10-24 21:02:55 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'IL' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'StartCom Ltd.' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Secure Digital Certificate Signing' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'StartCom Class 2 Primary Intermediate Client CA' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 25646357357436742361663659162920103970007274337442695989300088015592918625282855756356226740061178915916124188440391776000375805019675289578562224131136300385133705963103129258373337044818724914953548889061094196773471713533452405366642442318727709596318487667401416918618799909867067033459714633685801273499832663606365976200842767436630532449493407030903870169169677715413695434670655204699377723699643688436777645896427508910671757824796253715258304386049974394934957272604328290624982420398952064825884603185693179257044665710370459473286313009889521577044603845181747021661006113133911168551244009427290464925429 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (5 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (7 bits) 0106 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) ae55836fec31cab9f71dfaaf6b31f3c81de3acbb . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 4e0bef1aa4405ba517698730ca346843d041aef2 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (90 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.startssl.com/ca' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://www.startssl.com/sfsca.crt' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (84 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://www.startssl.com/sfsca.crl' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.startssl.com/sfsca.crl' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (121 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.23223.1.2.1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.startssl.com/policy.pdf' . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.startssl.com/intermediate.pdf' . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (4096 bits) 0041fa68b90fdbc86d364e294f7af5d2a4b4b157b1cfefbfd0e8e6c43a1437779f89bf4a7ae2be4e1cef380734127718bd7da8c58bf8093853514d6233f2f4e3b6ec2c881913b6b35dd4f3778d24e23c08ad78c25526e6ef9ef14031558845969bc43201425bc5799e5f9068f191402539d2714f2128bbffe9729fa3ae7ac58913e98970f796667d5f3df6c02e422c9cd4125c562e596983f2cce066011f39c868e6d50f9718542fd20f86f9cb2847a34729b267a811859754eacced4e9b03309dfac363507cc6e4a0ed94f27597dbd037fdbb9f739f64f4d2883b730716b75395cdbbd6c29053d829e31e537bddea73f0266371b433ed56e8d598a57b93faaa990da5ba8fe362786dd55bf69d52b2c00e0fac664a303e52c0d2208f421c490f80c09e5c476bc22c4d89aa961d1b370905431b9c768ba0ec79dcf30ba37d00d7ab231f2e89c359f14835cc3e5a75f03d19abbf0b44e30289842d89c6997eafc02e006a81fcf8f7ddcbb4e26b5aae460d55bf3de8ee69ad141269242db2960d3832bd54f87b97b3e567ba8fdaffa240f77b1b15a03f369dbdcbdc5811fab09f4695cc27662de220846a666e5d27ef691bdd9585b2f872ca48f074e38aa376696419527beeeb2aab0f236e3991ee2d9a6236780e9da739cc397cd00c61645f102428fe705a22a4058c876a5000361b9f103734c01dbf638cc6b9501678e9aafec8ed