contrera.com
Issued by R3
About this certificate
This digital certificate with serial number 03:d8:0a:eb:3f:e5:e4:45:69:cc:79:c6:d5:03:6b:13:a5:2d was issued on by Let's Encrypt.
This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
- Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
- Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)
Certificate Subject
CN=contrera.com
Let's Encrypt
Organization:
Let's Encrypt
Country:
US
This certificate has expire since
Certificate Details
Serial Number (hex): 03:d8:0a:eb:3f:e5:e4:45:69:cc:79:c6:d5:03:6b:13:a5:2dSerial Number (int): 334852362815928753634745337980264922719533
Serial Number lenght: 138 bits, 18 octets
SubjectKeyId: ca:35:a7:9c:70:83:b6:63:22:58:a3:98:4c:66:b3:86:02:3c:44:93
AuthorityKeyId: 14:2e:b3:17:b7:58:56:cb:ae:50:09:40:e6:1f:af:9d:8b:14:c2:c6
Fingerprint (sha1): 32:7c:d5:bb:67:b2:0c:34:f4:27:2c:11:d8:9a:31:84:98:d2:8c:db
Fingerprint (sha256): 4f:bc:9d:f7:94:0d:07:a0:fc:77:38:79:27:fe:bc:51:b7:9c:64:12:6e:0c:6f:48:b3:91:1f:3f:ae:87:82:bf
Issuing Certificate URL: http://r3.i.lencr.org/
Revocation information
OCSP Server: http://r3.o.lencr.orgCheck the revocation status for certificate contrera.com
1
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for contrera.com
Public Key Algorithm
RSA
Key Size
4096
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
9 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
contrera.com
Other certificates including the domain name contrera.com
(limited to 100 certificates)
Certificate
The complete raw certificate details for contrera.com in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIF5jCCBM6gAwIBAgISA9gK6z/l5EVpzHnG1QNrE6UtMA0GCSqGSIb3DQEBCwUA MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD EwJSMzAeFw0yMzEyMjYwNDIzMzJaFw0yNDAzMjUwNDIzMzFaMBcxFTATBgNVBAMT DGNvbnRyZXJhLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAL+H n4X7bE/qKHH57yAfoTXaGlt+AHc0GjeaooqgqwUxehUe+/fDhv88KAfrgQAbwIXG qtJS2aTI5OBBYMvgS1sff7nolRllxFp8xgnp+kjZzls0VeWQXsSjvt0CQO0ELqWQ FUjn2CQIITVOruiYBGr2OdYmFzTF3k6YLl/NMA87Wv/47QqU4cwQK0UY0MwMFkIx ZvFwQLEobmB68ETuKUf1geYt9gRtU1Qm1HOHJEOK8sDFGQciKfmmI6LKjcLoMck0 6D/rFYep9ELAlCaqR9pQgdkNN+h4EyH1AaeN0LARAe6kHgOhsWV+enMF0u83c8Kd +N5mTXqYXs04isoXJytfrJaymGsC1xQTIpkKMt9bbLOwjp8dH7YtKrcNP1IbLd2w YruRgH9/9IAunZSgOyUN1UcO1uCGGLeSQu6f6DoaJAcc8ll4lb6zCVkf8N0eU1ol bD1lyy0cszNHs9GCAJvU2fOffkMUas3jyaFMha7iPTtI6/gcyFeECH/bQlp+JZPV Lg97QSsAyF0HYbeLbUUqqyvTi2cTYooDlwwEoLbCh0wmlGCEMF63Igb2MM0jPQBU +w0Z4+W2ehL+aWJcNEoLvjQVQztUMP86XwPLcFhXkoGSwV4wQ2ZzP7339SD6qVwJ VbPmeTQwZ2FRdxkwHx0KlhKMPefL2us0+KwD/CUBAgMBAAGjggIPMIICCzAOBgNV HQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1Ud EwEB/wQCMAAwHQYDVR0OBBYEFMo1p5xwg7ZjIlijmExms4YCPESTMB8GA1UdIwQY MBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEF BQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8v cjMuaS5sZW5jci5vcmcvMBcGA1UdEQQQMA6CDGNvbnRyZXJhLmNvbTATBgNVHSAE DDAKMAgGBmeBDAECATCCAQUGCisGAQQB1nkCBAIEgfYEgfMA8QB2ADtTd3U+LbmA ToswWwb+QDtn2E/D9Me9AA0tcm/h+tQXAAABjKSUA/MAAAQDAEcwRQIgOZoIbkD9 iErSFMR6UzyfeNsDuoivH4u83pZTy8r2Fi4CIQCp770CSExtIeHlv0jznUQh+nF7 NtFd6f4GUklCbNwuZwB3AEiw42vapkc0D+VqAvqdMOscUgHLVt0sgdm7v6s52IRz AAABjKSUBd8AAAQDAEgwRgIhAJfjBP+khfQFwIgks7nCCxQ6OX2Uvf8hTvGOUxwZ yyJaAiEAj4Aq3yFNHURyKrjht+lGC44DGGxuYqH3IU2PpbgB2mUwDQYJKoZIhvcN AQELBQADggEBAGQw8qeKYipDg9RvfiG1yC6LhgzHuKWdzhoOfpwgh+ojPrSfGtua zbswlvs++YD5OwLvkX9ZBQFGrrJUSwgyA0U30+yj6VuTTUtpfwv2IvqrZ70vTNwN szLShA6pD9mUsNbPtGDd3jgP8QsoW3UJ6hpKHXg/OryPOnk5scqC4ljGDpRaLTlB nBKNm4zkPm3w4/NrIjA7BkI/2NVDVXu8Bi/jKhrm8NzHpKkKldwKimBoL/dLtFbq HwsHDrCbZ1gVm6c1aism8EwTDbgpMb22i08624vuEWOOzQq2KhDjKmkBT1TYt0j0 WTmMLmXh1aOnxe4/OwgCUlVw25PtFEmbGN8= -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAv4efhftsT+oocfnvIB+h NdoaW34AdzQaN5qiiqCrBTF6FR7798OG/zwoB+uBABvAhcaq0lLZpMjk4EFgy+BL Wx9/ueiVGWXEWnzGCen6SNnOWzRV5ZBexKO+3QJA7QQupZAVSOfYJAghNU6u6JgE avY51iYXNMXeTpguX80wDzta//jtCpThzBArRRjQzAwWQjFm8XBAsShuYHrwRO4p R/WB5i32BG1TVCbUc4ckQ4rywMUZByIp+aYjosqNwugxyTToP+sVh6n0QsCUJqpH 2lCB2Q036HgTIfUBp43QsBEB7qQeA6GxZX56cwXS7zdzwp343mZNephezTiKyhcn K1+slrKYawLXFBMimQoy31tss7COnx0fti0qtw0/Uhst3bBiu5GAf3/0gC6dlKA7 JQ3VRw7W4IYYt5JC7p/oOhokBxzyWXiVvrMJWR/w3R5TWiVsPWXLLRyzM0ez0YIA m9TZ859+QxRqzePJoUyFruI9O0jr+BzIV4QIf9tCWn4lk9UuD3tBKwDIXQdht4tt RSqrK9OLZxNiigOXDASgtsKHTCaUYIQwXrciBvYwzSM9AFT7DRnj5bZ6Ev5pYlw0 Sgu+NBVDO1Qw/zpfA8twWFeSgZLBXjBDZnM/vff1IPqpXAlVs+Z5NDBnYVF3GTAf HQqWEow958va6zT4rAP8JQECAwEAAQ== -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 334852362815928753634745337980264922719533 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'R3' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-12-26 04:23:32 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-03-25 04:23:31 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'contrera.com' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 781373322191297504826965128868018600651084504716770390955673780946260503555258948041200428961036016661120069611809219848611530245262625911491306383349030229371879990982982227936577911882281627220526542678401382877631825550500948016518808508376217703317034359784898679433195760320990937030289335515253022933599181182645374722423617624668563320725027270106054655884660475741474498841168290321637238340910033335270342265167384926970397111697347115516907117954043319762201047022541132184367808784933225309702998853737668086778920573072362516662244325193111249965746836652279483753364977478310478940803691307528472131909081318902264598077386030875631235351913077650695163566067313385463086326927347338056549297841180339486156446404759215727459293357553734495230441024438353919605918551101665954612685396452719876748998148999668303408392429428899041277513972806546487489562110636279196246318297969848359108460668773755408348716850741583246646130262083981876816464215720744504139571997053143109391563565373729125030278318953872639958982204389014575298997675301960670265301539045634238287011743677859023048463661857183985890409062060798861289200323111199082172347487659797062163567735597503925835418974695847342893362226679859827481962620161 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) ca35a79c7083b6632258a3984c66b386023c4493 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 142eb317b75856cbae500940e61faf9d8b14c2c6 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (73 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.o.lencr.org' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.i.lencr.org/' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (16 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'contrera.com' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (246 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (243 bytes) 00f10076003b5377753e2db9804e8b305b06fe403b67d84fc3f4c7bd000d2d726fe1fad4170000018ca49403f300000403004730450220399a086e40fd884ad214c47a533c9f78db03ba88af1f8bbcde9653cbcaf6162e022100a9efbd02484c6d21e1e5bf48f39d4421fa717b36d15de9fe065249426cdc2e6700770048b0e36bdaa647340fe56a02fa9d30eb1c5201cb56dd2c81d9bbbfab39d884730000018ca49405df000004030048304602210097e304ffa485f405c08824b3b9c20b143a397d94bdff214ef18e531c19cb225a0221008f802adf214d1d44722ab8e1b7e9460b8e03186c6e62a1f7214d8fa5b801da65 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 006430f2a78a622a4383d46f7e21b5c82e8b860cc7b8a59dce1a0e7e9c2087ea233eb49f1adb9acdbb3096fb3ef980f93b02ef917f59050146aeb2544b0832034537d3eca3e95b934d4b697f0bf622faab67bd2f4cdc0db332d2840ea90fd994b0d6cfb460ddde380ff10b285b7509ea1a4a1d783f3abc8f3a7939b1ca82e258c60e945a2d39419c128d9b8ce43e6df0e3f36b22303b06423fd8d543557bbc062fe32a1ae6f0dcc7a4a90a95dc0a8a60682ff74bb456ea1f0b070eb09b6758159ba7356a2b26f04c130db82931bdb68b4f3adb8bee11638ecd0ab62a10e32a69014f54d8b748f459398c2e65e1d5a3a7c5ee3f3b0802525570db93ed14499b18df