cana.org

Issued by Gandi RSA Domain Validation Secure Server CA 3

About this certificate

This digital certificate with serial number 0b:c9:6c:a7:fa:d6:2b:cf:4c:49:91:f3:5b:35:86:2b was issued on by Gandi.

This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Certificate Subject

CN=cana.org

Gandi

Organization: Gandi
Country: FR

This certificate will expire on

Certificate Details

Serial Number (hex): 0b:c9:6c:a7:fa:d6:2b:cf:4c:49:91:f3:5b:35:86:2b
Serial Number (int): 15667363431170078684292341622015100459
Serial Number lenght: 124 bits, 16 octets

SubjectKeyId: 0a:46:95:06:3d:b9:c4:20:09:59:82:58:9f:38:bd:84:85:8c:89:cb
AuthorityKeyId: 81:11:92:de:66:32:a5:b0:5b:33:3d:65:43:85:fc:d4:04:2d:f1:ae

Fingerprint (sha1): 28:d2:1f:5b:03:51:1b:44:ae:49:2c:39:78:ae:64:c6:f8:26:18:9f
Fingerprint (sha256): 52:2f:cf:d7:bd:ca:5d:64:3f:4f:1e:74:a6:48:4b:4c:34:70:1c:b0:9f:4e:9f:0d:01:78:66:ee:4f:56:07:48

Issuing Certificate URL: http://crt.sectigo.com/GandiRSADomainValidationSecureServerCA3.crt

Revocation information

OCSP Server: http://ocsp.sectigo.com

Check the revocation status for certificate cana.org

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for cana.org

Public Key Algorithm

ECDSA

Key Size

256

Signature Algorithm

SHA384 with RSA

Key Usage

Digital Signature

Extended Key Usages

Server Authentication
Client Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

cana.org

Other certificates including the domain name cana.org

(limited to 100 certificates)

Certificate

The complete raw certificate details for cana.org in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIFlDCCA/ygAwIBAgIQC8lsp/rWK89MSZHzWzWGKzANBgkqhkiG9w0BAQwFADBW
MQswCQYDVQQGEwJGUjEOMAwGA1UEChMFR2FuZGkxNzA1BgNVBAMTLkdhbmRpIFJT
QSBEb21haW4gVmFsaWRhdGlvbiBTZWN1cmUgU2VydmVyIENBIDMwHhcNMjMxMTI0
MDAwMDAwWhcNMjQxMjIzMjM1OTU5WjATMREwDwYDVQQDEwhjYW5hLm9yZzBZMBMG
ByqGSM49AgEGCCqGSM49AwEHA0IABD11BazUtMhFFC2MhVR2Wi0LoZmGQs6ruu/+
PLmiaCpPlNRCILC4hv1rR2BtEQAEdK11z/M6hgfxtfP/id+G8iyjggLqMIIC5jAf
BgNVHSMEGDAWgBSBEZLeZjKlsFszPWVDhfzUBC3xrjAdBgNVHQ4EFgQUCkaVBj25
xCAJWYJYnzi9hIWMicswDgYDVR0PAQH/BAQDAgeAMAwGA1UdEwEB/wQCMAAwHQYD
VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMEkGA1UdIARCMEAwNAYLKwYBBAGy
MQECAhowJTAjBggrBgEFBQcCARYXaHR0cHM6Ly9zZWN0aWdvLmNvbS9DUFMwCAYG
Z4EMAQIBMIGDBggrBgEFBQcBAQR3MHUwTgYIKwYBBQUHMAKGQmh0dHA6Ly9jcnQu
c2VjdGlnby5jb20vR2FuZGlSU0FEb21haW5WYWxpZGF0aW9uU2VjdXJlU2VydmVy
Q0EzLmNydDAjBggrBgEFBQcwAYYXaHR0cDovL29jc3Auc2VjdGlnby5jb20wEwYD
VR0RBAwwCoIIY2FuYS5vcmcwggF/BgorBgEEAdZ5AgQCBIIBbwSCAWsBaQB2AHb/
iD8KtvuVUcJhzPWHujS0pM27KdxoQgqf5mdMWjp0AAABi/6uUcUAAAQDAEcwRQIh
ANoaVDHE3JUWkP19ig7F+vdhFzaML2pctuRsCtxzVyUEAiAkp64hNX8mAv3MdV/N
KNP9yZJh99BDgJ24FeDkPgMizwB2AD8XS0/XIkdYlB1lHIS+DRLtkDd/H4Vq68G/
KIXs+GRuAAABi/6uUo0AAAQDAEcwRQIhAJOnEdSG9h4AjuC4zEOmxY1yXj9fhoPv
PNAHhLWg+J7eAiBX/JFqYgJaj1jt0Zzp+nC/QTfQGM7GNe51lG5xbp54dgB3AO7N
0GTV2xrOxVy3nbTNE6Iyh0Z8vOzew1FIWUZxH7WbAAABi/6uUfIAAAQDAEgwRgIh
AOKGaEAHVeprPERJH83YUx585fUpVAQNskm+fM/7L6RiAiEAjaQDor1DAaHAfkh+
0va9z97Hp2mvWg3kroPc+L7HVQQwDQYJKoZIhvcNAQEMBQADggGBABDEVZn5s/Wc
yBtiHPY+z6FalX5HY13KjXxLkktljQ5sFAWUo8/N1Ns6bOm6sppcUk07HhBAtvgY
HXP/2FUXfZFWosqh8iE1XXra7MF/jLKI6iZoTfadO+gHskA6p5hIPD8nCt04XxOe
VWABcomY+g1dGGM7jl+GhBmAV/9VH0VtueNYNsQzZbbIndwcdyDMTeVtyqXQtSF2
ehbSXggS2hDpmwCIQk0P3G5Yt66bx5NyDOGf6sLwmV2ekb/oBZwnbmFJ9aru3Xf0
u0hvKc15V0ZO1Vzw82of6wfYgNJbhHIdd/D6T1c6t4jgyUspeTioS3Xeg0Or2fhM
ofuAdJZYGkkOdQKYaGT8Bv9FOwEarqrNe2/96AFO4P0vndfBEEWZa3cBehy26cXq
/goYvUZXt4Sd5b3bqDZIYNOf1JBgKr1eTCuRhriysVLojzOKHt8RC+1ZjhbqQCPH
ruMY1yygrLWnNSe0n8h7wO4ZlC5zMI2XApglbsK9DVzeG93BR5ORPw==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEPXUFrNS0yEUULYyFVHZaLQuhmYZC
zqu67/48uaJoKk+U1EIgsLiG/WtHYG0RAAR0rXXP8zqGB/G18/+J34byLA==
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 15667363431170078684292341622015100459
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.12 (sha384WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'FR'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Gandi'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Gandi RSA Domain Validation Secure Server CA 3'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-11-24 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-12-23 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'cana.org'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.10045.2.1 (ecPublicKey)
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.10045.3.1.7 (prime256v1)
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (520 bits)
				00043d7505acd4b4c845142d8c8554765a2d0ba1998642ceabbaeffe3cb9a2682a4f94d44220b0b886fd6b47606d11000474ad75cff33a8607f1b5f3ff89df86f22c
 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 811192de6632a5b05b333d654385fcd4042df1ae
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							0a4695063db9c420095982589f38bd84858c89cb
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (1 bits)
							0780
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (66 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.6449.1.2.2.26
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://sectigo.com/CPS'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (119 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.sectigo.com/GandiRSADomainValidationSecureServerCA3.crt'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.sectigo.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cana.org'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (367 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (363 bytes)
							016900760076ff883f0ab6fb9551c261ccf587ba34b4a4cdbb29dc68420a9fe6674c5a3a740000018bfeae51c50000040300473045022100da1a5431c4dc951690fd7d8a0ec5faf76117368c2f6a5cb6e46c0adc73572504022024a7ae21357f2602fdcc755fcd28d3fdc99261f7d043809db815e0e43e0322cf0076003f174b4fd7224758941d651c84be0d12ed90377f1f856aebc1bf2885ecf8646e0000018bfeae528d000004030047304502210093a711d486f61e008ee0b8cc43a6c58d725e3f5f8683ef3cd00784b5a0f89ede022057fc916a62025a8f58edd19ce9fa70bf4137d018cec635ee75946e716e9e7876007700eecdd064d5db1acec55cb79db4cd13a23287467cbcecdec351485946711fb59b0000018bfeae51f20000040300483046022100e28668400755ea6b3c44491fcdd8531e7ce5f52954040db249be7ccffb2fa4620221008da403a2bd4301a1c07e487ed2f6bdcfdec7a769af5a0de4ae83dcf8bec75504
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.12 (sha384WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (3072 bits)
		0010c45599f9b3f59cc81b621cf63ecfa15a957e47635dca8d7c4b924b658d0e6c140594a3cfcdd4db3a6ce9bab29a5c524d3b1e1040b6f8181d73ffd855177d9156a2caa1f221355d7adaecc17f8cb288ea26684df69d3be807b2403aa798483c3f270add385f139e556001728998fa0d5d18633b8e5f8684198057ff551f456db9e35836c43365b6c89ddc1c7720cc4de56dcaa5d0b521767a16d25e0812da10e99b0088424d0fdc6e58b7ae9bc793720ce19feac2f0995d9e91bfe8059c276e6149f5aaeedd77f4bb486f29cd7957464ed55cf0f36a1feb07d880d25b84721d77f0fa4f573ab788e0c94b297938a84b75de8343abd9f84ca1fb807496581a490e7502986864fc06ff453b011aaeaacd7b6ffde8014ee0fd2f9dd7c11045996b77017a1cb6e9c5eafe0a18bd4657b7849de5bddba8364860d39fd490602abd5e4c2b9186b8b2b152e88f338a1edf110bed598e16ea4023c7aee318d72ca0acb5a73527b49fc87bc0ee19942e73308d970298256ec2bd0d5cde1bddc14793913f