www.agalma.ee
Issued by R3
About this certificate
This digital certificate with serial number 04:b2:45:62:ad:ff:0e:d5:22:37:50:f5:6c:6b:4d:29:80:f8 was issued on by Let's Encrypt.
With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
- Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
- Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)
Certificate Subject
CN=www.agalma.ee
Let's Encrypt
Organization:
Let's Encrypt
Country:
US
This certificate has expire since
Certificate Details
Serial Number (hex): 04:b2:45:62:ad:ff:0e:d5:22:37:50:f5:6c:6b:4d:29:80:f8Serial Number (int): 409111634144833962017108568014711939498232
Serial Number lenght: 139 bits, 18 octets
SubjectKeyId: 2c:47:9d:74:48:a4:e7:f4:f8:c7:8f:3f:cb:e3:d1:98:86:f2:c3:f0
AuthorityKeyId: 14:2e:b3:17:b7:58:56:cb:ae:50:09:40:e6:1f:af:9d:8b:14:c2:c6
Fingerprint (sha1): 8a:f0:31:53:89:e4:fc:39:5d:5c:96:93:65:8a:3e:49:a3:91:bc:86
Fingerprint (sha256): 52:4b:96:b6:1b:27:e8:8b:7b:9f:b4:58:8e:f4:ad:ca:7c:09:29:48:bb:c1:62:d4:76:95:49:a3:85:ff:81:1d
Issuing Certificate URL: http://r3.i.lencr.org/
Revocation information
OCSP Server: http://r3.o.lencr.orgCheck the revocation status for certificate www.agalma.ee
2
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for www.agalma.ee
Public Key Algorithm
RSA
Key Size
4096
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
9 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
agalma.ee
www.agalma.ee
www.agalma.ee
Other certificates including the domain name agalma.ee
(limited to 100 certificates)
Certificate
The complete raw certificate details for www.agalma.ee in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIF8TCCBNmgAwIBAgISBLJFYq3/DtUiN1D1bGtNKYD4MA0GCSqGSIb3DQEBCwUA MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD EwJSMzAeFw0yMzEyMjAwMTM3NTNaFw0yNDAzMTkwMTM3NTJaMBgxFjAUBgNVBAMT DXd3dy5hZ2FsbWEuZWUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCr BG0zbzmZoArCjkJnV45FapK25b/IHn/2W2/6gNuCYY03gG04Y4eh9HZyF6M4Z9WU Oq3putMjp4f/KxCyrwaEwgIaCfHxwB++q5U7h/LIanYx4ZZS77t5fmfqWdS+W5P8 oHGAQQqVK+VSr9VjFMBNK10h7d0uMtfe3N5Y8d+zfu++/9GOr7Y3VYLJppgWlbMT pCqFeIu1mAoqhOOUBL9oLWoJUEaeSqhIYuX3kEvhTnZAMmmw3au9oTyaIG8/QTOf BO8EbR2YXHUEfDUOB4fm70DCuNFRE8Ppuvd8E9cAfubc1gh+3A1am8HJn5jkz1Dz yCr6/slj7NttESHFJ9PW7/i/1ZQCc2l/1noeFHRts4C+pnfAw6x2UuhXtZ5VxjHl tPxdH/0sOy8bgq7FelLLn9fUJlolDggANVUX43u6VJ1+1jrep28kiQPdTG5EylDd N1bjBZYdwnueMlRNIqAZDvc9E22jJ4PC7ZvDesQdgKOADueeUgWlv9VvKZNgkZnG Cik1oVoaigZbq/G7Yba63SpRdqMJ4VNyz3z29J3cfWJWBgG9RsLOTfM5P1eKUh3R V5taTyXcFx5Ptd0xkNmsMHf6oO+3NazuIHeowQFuPPxU2ZPeqXp6L6xNGo65n4KP 0Chh2FLfepl8itd6Op+uDqUIoqvjAjFt1c0X+g8n0QIDAQABo4ICGTCCAhUwDgYD VR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNV HRMBAf8EAjAAMB0GA1UdDgQWBBQsR510SKTn9PjHjz/L49GYhvLD8DAfBgNVHSME GDAWgBQULrMXt1hWy65QCUDmH6+dixTCxjBVBggrBgEFBQcBAQRJMEcwIQYIKwYB BQUHMAGGFWh0dHA6Ly9yMy5vLmxlbmNyLm9yZzAiBggrBgEFBQcwAoYWaHR0cDov L3IzLmkubGVuY3Iub3JnLzAjBgNVHREEHDAagglhZ2FsbWEuZWWCDXd3dy5hZ2Fs bWEuZWUwEwYDVR0gBAwwCjAIBgZngQwBAgEwggEDBgorBgEEAdZ5AgQCBIH0BIHx AO8AdgA7U3d1Pi25gE6LMFsG/kA7Z9hPw/THvQANLXJv4frUFwAAAYyFFjQrAAAE AwBHMEUCIQD2xytEAF91VE5vnbxVTHjLKY1kf1E5lBzm3fq8kbHATwIgF/kJi/zI rIIZcVWC0Lrl4maD6Zog2YyznKM5xt3UWJAAdQAp0DobtnSqcRzTA1tlV8FPiqeL T+g4lEnspFP5RL0kaAAAAYyFFjTsAAAEAwBGMEQCIGPxDhriC3GgdCUfB0LxDLVz yxTGEWyGwWNQC913ec1oAiBgnzqmf8Y8l/ohkmBWqR0h4YMVbOX8Dn0j/lzaAYjq /DANBgkqhkiG9w0BAQsFAAOCAQEAWWQJyGBhEoH6lv8IPq6YjeFGCPOUryiizEhY Ei6/TSkaAuyLXCfpeGS/2PImBNBuzXfYigndYLR945KAe4+cfj9LL45l0hjkIGkb SxFiNJalKH/1pYlyE+6gCbyApy7WivS1XVO5/G/S3O/LTZAOdld68migeHu0WJ+i yI6ScoDT14DbziTNW4fdSKQQQvo10ubgRyWb5JkG5ARo4sD47LZhheomWvlBviUJ dwBt6TbqGwt8XvTFh0oGSF3z8GYuquET74obspBj73JvJDFUiu6UmIQO+oQcDC96 N0MM0b8rkaxHxE86Wr1WKVtCL0gTBP1EQl1HmIc4kEURikNGxQ== -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAqwRtM285maAKwo5CZ1eO RWqStuW/yB5/9ltv+oDbgmGNN4BtOGOHofR2chejOGfVlDqt6brTI6eH/ysQsq8G hMICGgnx8cAfvquVO4fyyGp2MeGWUu+7eX5n6lnUvluT/KBxgEEKlSvlUq/VYxTA TStdIe3dLjLX3tzeWPHfs37vvv/Rjq+2N1WCyaaYFpWzE6QqhXiLtZgKKoTjlAS/ aC1qCVBGnkqoSGLl95BL4U52QDJpsN2rvaE8miBvP0EznwTvBG0dmFx1BHw1DgeH 5u9AwrjRURPD6br3fBPXAH7m3NYIftwNWpvByZ+Y5M9Q88gq+v7JY+zbbREhxSfT 1u/4v9WUAnNpf9Z6HhR0bbOAvqZ3wMOsdlLoV7WeVcYx5bT8XR/9LDsvG4KuxXpS y5/X1CZaJQ4IADVVF+N7ulSdftY63qdvJIkD3UxuRMpQ3TdW4wWWHcJ7njJUTSKg GQ73PRNtoyeDwu2bw3rEHYCjgA7nnlIFpb/VbymTYJGZxgopNaFaGooGW6vxu2G2 ut0qUXajCeFTcs989vSd3H1iVgYBvUbCzk3zOT9XilId0VebWk8l3BceT7XdMZDZ rDB3+qDvtzWs7iB3qMEBbjz8VNmT3ql6ei+sTRqOuZ+Cj9AoYdhS33qZfIrXejqf rg6lCKKr4wIxbdXNF/oPJ9ECAwEAAQ== -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 409111634144833962017108568014711939498232 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'R3' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-12-20 01:37:53 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-03-19 01:37:52 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.agalma.ee' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 697689677873788856849375724680589751358985296989696619634594961989787647190700852058049529705530609229099744313992208178889665174731383236652131141884660729712155197175559611381189773161159654919146336575308192410457826839764787808567253626013253691488685301686020802571996385179274600381950331179034015714268856059589064310125224131464793571883231293453906450672925076008262286992003589392922407937882128395138762789532957835000003581608067462791314821353150421879974255449063219183514173099497687288138394394120866855483019999520531462853574581342946111902614436277451004254476982191817165948817343699126282855440197889668325379477890303847026020671877756502319424154431665099886347186192171989482184312580182975425111488854082752223534417884112021396899996751224534881345925574288018420434020683051629339035604591361129550366515231835735342521999914901236622911041613778966162205387101472207245800476985075643745314000461303955618659758638668569249461052908228776904055053168316358511374163271421233525589959234813546531878765736609851336795632928232964118049289385090548432578467941773322461319985112608001801589425137489220024360653209539340369201281244723727046584022107668522984949700549862113405585667277105564252447550941137 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) 2c479d7448a4e7f4f8c78f3fcbe3d19886f2c3f0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 142eb317b75856cbae500940e61faf9d8b14c2c6 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (73 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.o.lencr.org' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.i.lencr.org/' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (28 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'agalma.ee' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.agalma.ee' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (244 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (241 bytes) 00ef0076003b5377753e2db9804e8b305b06fe403b67d84fc3f4c7bd000d2d726fe1fad4170000018c8516342b0000040300473045022100f6c72b44005f75544e6f9dbc554c78cb298d647f5139941ce6ddfabc91b1c04f022017f9098bfcc8ac8219715582d0bae5e26683e99a20d98cb39ca339c6ddd4589000750029d03a1bb674aa711cd3035b6557c14f8aa78b4fe8389449eca453f944bd24680000018c851634ec0000040300463044022063f10e1ae20b71a074251f0742f10cb573cb14c6116c86c163500bdd7779cd680220609f3aa67fc63c97fa21926056a91d21e183156ce5fc0e7d23fe5cda0188eafc . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 00596409c860611281fa96ff083eae988de14608f394af28a2cc4858122ebf4d291a02ec8b5c27e97864bfd8f22604d06ecd77d88a09dd60b47de392807b8f9c7e3f4b2f8e65d218e420691b4b11623496a5287ff5a5897213eea009bc80a72ed68af4b55d53b9fc6fd2dcefcb4d900e76577af268a0787bb4589fa2c88e927280d3d780dbce24cd5b87dd48a41042fa35d2e6e047259be49906e40468e2c0f8ecb66185ea265af941be250977006de936ea1b0b7c5ef4c5874a06485df3f0662eaae113ef8a1bb29063ef726f2431548aee9498840efa841c0c2f7a37430cd1bf2b91ac47c44f3a5abd56295b422f481304fd44425d479887389045118a4346c5