cana.org
Issued by Gandi RSA Domain Validation Secure Server CA 3
About this certificate
This digital certificate with serial number 0b:c9:6c:a7:fa:d6:2b:cf:4c:49:91:f3:5b:35:86:2b was issued on by Gandi.
This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
- Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
- Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)
Certificate Subject
CN=cana.org
Gandi
Organization:
Gandi
Country:
FR
This certificate will expire on
Certificate Details
Serial Number (hex): 0b:c9:6c:a7:fa:d6:2b:cf:4c:49:91:f3:5b:35:86:2bSerial Number (int): 15667363431170078684292341622015100459
Serial Number lenght: 124 bits, 16 octets
SubjectKeyId: 0a:46:95:06:3d:b9:c4:20:09:59:82:58:9f:38:bd:84:85:8c:89:cb
AuthorityKeyId: 81:11:92:de:66:32:a5:b0:5b:33:3d:65:43:85:fc:d4:04:2d:f1:ae
Fingerprint (sha1): 28:d2:1f:5b:03:51:1b:44:ae:49:2c:39:78:ae:64:c6:f8:26:18:9f
Fingerprint (sha256): 52:2f:cf:d7:bd:ca:5d:64:3f:4f:1e:74:a6:48:4b:4c:34:70:1c:b0:9f:4e:9f:0d:01:78:66:ee:4f:56:07:48
Issuing Certificate URL: http://crt.sectigo.com/GandiRSADomainValidationSecureServerCA3.crt
Revocation information
OCSP Server: http://ocsp.sectigo.comCheck the revocation status for certificate cana.org
1
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for cana.org
Public Key Algorithm
ECDSA
Key Size
256
Signature Algorithm
SHA384 with RSA
Key Usage
Digital Signature
Extended Key Usages
Server Authentication
Client Authentication
Extensions
9 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
cana.org
Other certificates including the domain name cana.org
(limited to 100 certificates)
Certificate
The complete raw certificate details for cana.org in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIFlDCCA/ygAwIBAgIQC8lsp/rWK89MSZHzWzWGKzANBgkqhkiG9w0BAQwFADBW MQswCQYDVQQGEwJGUjEOMAwGA1UEChMFR2FuZGkxNzA1BgNVBAMTLkdhbmRpIFJT QSBEb21haW4gVmFsaWRhdGlvbiBTZWN1cmUgU2VydmVyIENBIDMwHhcNMjMxMTI0 MDAwMDAwWhcNMjQxMjIzMjM1OTU5WjATMREwDwYDVQQDEwhjYW5hLm9yZzBZMBMG ByqGSM49AgEGCCqGSM49AwEHA0IABD11BazUtMhFFC2MhVR2Wi0LoZmGQs6ruu/+ PLmiaCpPlNRCILC4hv1rR2BtEQAEdK11z/M6hgfxtfP/id+G8iyjggLqMIIC5jAf BgNVHSMEGDAWgBSBEZLeZjKlsFszPWVDhfzUBC3xrjAdBgNVHQ4EFgQUCkaVBj25 xCAJWYJYnzi9hIWMicswDgYDVR0PAQH/BAQDAgeAMAwGA1UdEwEB/wQCMAAwHQYD VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMEkGA1UdIARCMEAwNAYLKwYBBAGy MQECAhowJTAjBggrBgEFBQcCARYXaHR0cHM6Ly9zZWN0aWdvLmNvbS9DUFMwCAYG Z4EMAQIBMIGDBggrBgEFBQcBAQR3MHUwTgYIKwYBBQUHMAKGQmh0dHA6Ly9jcnQu c2VjdGlnby5jb20vR2FuZGlSU0FEb21haW5WYWxpZGF0aW9uU2VjdXJlU2VydmVy Q0EzLmNydDAjBggrBgEFBQcwAYYXaHR0cDovL29jc3Auc2VjdGlnby5jb20wEwYD VR0RBAwwCoIIY2FuYS5vcmcwggF/BgorBgEEAdZ5AgQCBIIBbwSCAWsBaQB2AHb/ iD8KtvuVUcJhzPWHujS0pM27KdxoQgqf5mdMWjp0AAABi/6uUcUAAAQDAEcwRQIh ANoaVDHE3JUWkP19ig7F+vdhFzaML2pctuRsCtxzVyUEAiAkp64hNX8mAv3MdV/N KNP9yZJh99BDgJ24FeDkPgMizwB2AD8XS0/XIkdYlB1lHIS+DRLtkDd/H4Vq68G/ KIXs+GRuAAABi/6uUo0AAAQDAEcwRQIhAJOnEdSG9h4AjuC4zEOmxY1yXj9fhoPv PNAHhLWg+J7eAiBX/JFqYgJaj1jt0Zzp+nC/QTfQGM7GNe51lG5xbp54dgB3AO7N 0GTV2xrOxVy3nbTNE6Iyh0Z8vOzew1FIWUZxH7WbAAABi/6uUfIAAAQDAEgwRgIh AOKGaEAHVeprPERJH83YUx585fUpVAQNskm+fM/7L6RiAiEAjaQDor1DAaHAfkh+ 0va9z97Hp2mvWg3kroPc+L7HVQQwDQYJKoZIhvcNAQEMBQADggGBABDEVZn5s/Wc yBtiHPY+z6FalX5HY13KjXxLkktljQ5sFAWUo8/N1Ns6bOm6sppcUk07HhBAtvgY HXP/2FUXfZFWosqh8iE1XXra7MF/jLKI6iZoTfadO+gHskA6p5hIPD8nCt04XxOe VWABcomY+g1dGGM7jl+GhBmAV/9VH0VtueNYNsQzZbbIndwcdyDMTeVtyqXQtSF2 ehbSXggS2hDpmwCIQk0P3G5Yt66bx5NyDOGf6sLwmV2ekb/oBZwnbmFJ9aru3Xf0 u0hvKc15V0ZO1Vzw82of6wfYgNJbhHIdd/D6T1c6t4jgyUspeTioS3Xeg0Or2fhM ofuAdJZYGkkOdQKYaGT8Bv9FOwEarqrNe2/96AFO4P0vndfBEEWZa3cBehy26cXq /goYvUZXt4Sd5b3bqDZIYNOf1JBgKr1eTCuRhriysVLojzOKHt8RC+1ZjhbqQCPH ruMY1yygrLWnNSe0n8h7wO4ZlC5zMI2XApglbsK9DVzeG93BR5ORPw== -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEPXUFrNS0yEUULYyFVHZaLQuhmYZC zqu67/48uaJoKk+U1EIgsLiG/WtHYG0RAAR0rXXP8zqGB/G18/+J34byLA== -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 15667363431170078684292341622015100459 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.12 (sha384WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'FR' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Gandi' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Gandi RSA Domain Validation Secure Server CA 3' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-11-24 00:00:00 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-12-23 23:59:59 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'cana.org' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.10045.2.1 (ecPublicKey) . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.10045.3.1.7 (prime256v1) . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (520 bits) 00043d7505acd4b4c845142d8c8554765a2d0ba1998642ceabbaeffe3cb9a2682a4f94d44220b0b886fd6b47606d11000474ad75cff33a8607f1b5f3ff89df86f22c . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 811192de6632a5b05b333d654385fcd4042df1ae . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) 0a4695063db9c420095982589f38bd84858c89cb . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (1 bits) 0780 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (66 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.6449.1.2.2.26 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://sectigo.com/CPS' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (119 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.sectigo.com/GandiRSADomainValidationSecureServerCA3.crt' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.sectigo.com' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cana.org' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (367 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (363 bytes) 016900760076ff883f0ab6fb9551c261ccf587ba34b4a4cdbb29dc68420a9fe6674c5a3a740000018bfeae51c50000040300473045022100da1a5431c4dc951690fd7d8a0ec5faf76117368c2f6a5cb6e46c0adc73572504022024a7ae21357f2602fdcc755fcd28d3fdc99261f7d043809db815e0e43e0322cf0076003f174b4fd7224758941d651c84be0d12ed90377f1f856aebc1bf2885ecf8646e0000018bfeae528d000004030047304502210093a711d486f61e008ee0b8cc43a6c58d725e3f5f8683ef3cd00784b5a0f89ede022057fc916a62025a8f58edd19ce9fa70bf4137d018cec635ee75946e716e9e7876007700eecdd064d5db1acec55cb79db4cd13a23287467cbcecdec351485946711fb59b0000018bfeae51f20000040300483046022100e28668400755ea6b3c44491fcdd8531e7ce5f52954040db249be7ccffb2fa4620221008da403a2bd4301a1c07e487ed2f6bdcfdec7a769af5a0de4ae83dcf8bec75504 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.12 (sha384WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (3072 bits) 0010c45599f9b3f59cc81b621cf63ecfa15a957e47635dca8d7c4b924b658d0e6c140594a3cfcdd4db3a6ce9bab29a5c524d3b1e1040b6f8181d73ffd855177d9156a2caa1f221355d7adaecc17f8cb288ea26684df69d3be807b2403aa798483c3f270add385f139e556001728998fa0d5d18633b8e5f8684198057ff551f456db9e35836c43365b6c89ddc1c7720cc4de56dcaa5d0b521767a16d25e0812da10e99b0088424d0fdc6e58b7ae9bc793720ce19feac2f0995d9e91bfe8059c276e6149f5aaeedd77f4bb486f29cd7957464ed55cf0f36a1feb07d880d25b84721d77f0fa4f573ab788e0c94b297938a84b75de8343abd9f84ca1fb807496581a490e7502986864fc06ff453b011aaeaacd7b6ffde8014ee0fd2f9dd7c11045996b77017a1cb6e9c5eafe0a18bd4657b7849de5bddba8364860d39fd490602abd5e4c2b9186b8b2b152e88f338a1edf110bed598e16ea4023c7aee318d72ca0acb5a73527b49fc87bc0ee19942e73308d970298256ec2bd0d5cde1bddc14793913f