www.agalma.ee

Issued by R3

About this certificate

This digital certificate with serial number 04:b2:45:62:ad:ff:0e:d5:22:37:50:f5:6c:6b:4d:29:80:f8 was issued on by Let's Encrypt.

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Certificate Subject

CN=www.agalma.ee

Let's Encrypt

Organization: Let's Encrypt
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 04:b2:45:62:ad:ff:0e:d5:22:37:50:f5:6c:6b:4d:29:80:f8
Serial Number (int): 409111634144833962017108568014711939498232
Serial Number lenght: 139 bits, 18 octets

SubjectKeyId: 2c:47:9d:74:48:a4:e7:f4:f8:c7:8f:3f:cb:e3:d1:98:86:f2:c3:f0
AuthorityKeyId: 14:2e:b3:17:b7:58:56:cb:ae:50:09:40:e6:1f:af:9d:8b:14:c2:c6

Fingerprint (sha1): 8a:f0:31:53:89:e4:fc:39:5d:5c:96:93:65:8a:3e:49:a3:91:bc:86
Fingerprint (sha256): 52:4b:96:b6:1b:27:e8:8b:7b:9f:b4:58:8e:f4:ad:ca:7c:09:29:48:bb:c1:62:d4:76:95:49:a3:85:ff:81:1d

Issuing Certificate URL: http://r3.i.lencr.org/

Revocation information

OCSP Server: http://r3.o.lencr.org

Check the revocation status for certificate www.agalma.ee

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for www.agalma.ee

Public Key Algorithm

RSA

Key Size

4096

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

agalma.ee
www.agalma.ee

Other certificates including the domain name agalma.ee

(limited to 100 certificates)
www.agalma.ee
www.agalma.ee
www.agalma.ee
www.agalma.ee
www.agalma.ee
www.agalma.ee
www.agalma.ee
www.agalma.ee
www.agalma.ee
www.agalma.ee
www.agalma.ee
www.agalma.ee
www.agalma.ee
www.agalma.ee
www.agalma.ee
www.agalma.ee
www.agalma.ee
www.agalma.ee
www.agalma.ee
www.agalma.ee

Certificate

The complete raw certificate details for www.agalma.ee in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIF8TCCBNmgAwIBAgISBLJFYq3/DtUiN1D1bGtNKYD4MA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMzEyMjAwMTM3NTNaFw0yNDAzMTkwMTM3NTJaMBgxFjAUBgNVBAMT
DXd3dy5hZ2FsbWEuZWUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCr
BG0zbzmZoArCjkJnV45FapK25b/IHn/2W2/6gNuCYY03gG04Y4eh9HZyF6M4Z9WU
Oq3putMjp4f/KxCyrwaEwgIaCfHxwB++q5U7h/LIanYx4ZZS77t5fmfqWdS+W5P8
oHGAQQqVK+VSr9VjFMBNK10h7d0uMtfe3N5Y8d+zfu++/9GOr7Y3VYLJppgWlbMT
pCqFeIu1mAoqhOOUBL9oLWoJUEaeSqhIYuX3kEvhTnZAMmmw3au9oTyaIG8/QTOf
BO8EbR2YXHUEfDUOB4fm70DCuNFRE8Ppuvd8E9cAfubc1gh+3A1am8HJn5jkz1Dz
yCr6/slj7NttESHFJ9PW7/i/1ZQCc2l/1noeFHRts4C+pnfAw6x2UuhXtZ5VxjHl
tPxdH/0sOy8bgq7FelLLn9fUJlolDggANVUX43u6VJ1+1jrep28kiQPdTG5EylDd
N1bjBZYdwnueMlRNIqAZDvc9E22jJ4PC7ZvDesQdgKOADueeUgWlv9VvKZNgkZnG
Cik1oVoaigZbq/G7Yba63SpRdqMJ4VNyz3z29J3cfWJWBgG9RsLOTfM5P1eKUh3R
V5taTyXcFx5Ptd0xkNmsMHf6oO+3NazuIHeowQFuPPxU2ZPeqXp6L6xNGo65n4KP
0Chh2FLfepl8itd6Op+uDqUIoqvjAjFt1c0X+g8n0QIDAQABo4ICGTCCAhUwDgYD
VR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNV
HRMBAf8EAjAAMB0GA1UdDgQWBBQsR510SKTn9PjHjz/L49GYhvLD8DAfBgNVHSME
GDAWgBQULrMXt1hWy65QCUDmH6+dixTCxjBVBggrBgEFBQcBAQRJMEcwIQYIKwYB
BQUHMAGGFWh0dHA6Ly9yMy5vLmxlbmNyLm9yZzAiBggrBgEFBQcwAoYWaHR0cDov
L3IzLmkubGVuY3Iub3JnLzAjBgNVHREEHDAagglhZ2FsbWEuZWWCDXd3dy5hZ2Fs
bWEuZWUwEwYDVR0gBAwwCjAIBgZngQwBAgEwggEDBgorBgEEAdZ5AgQCBIH0BIHx
AO8AdgA7U3d1Pi25gE6LMFsG/kA7Z9hPw/THvQANLXJv4frUFwAAAYyFFjQrAAAE
AwBHMEUCIQD2xytEAF91VE5vnbxVTHjLKY1kf1E5lBzm3fq8kbHATwIgF/kJi/zI
rIIZcVWC0Lrl4maD6Zog2YyznKM5xt3UWJAAdQAp0DobtnSqcRzTA1tlV8FPiqeL
T+g4lEnspFP5RL0kaAAAAYyFFjTsAAAEAwBGMEQCIGPxDhriC3GgdCUfB0LxDLVz
yxTGEWyGwWNQC913ec1oAiBgnzqmf8Y8l/ohkmBWqR0h4YMVbOX8Dn0j/lzaAYjq
/DANBgkqhkiG9w0BAQsFAAOCAQEAWWQJyGBhEoH6lv8IPq6YjeFGCPOUryiizEhY
Ei6/TSkaAuyLXCfpeGS/2PImBNBuzXfYigndYLR945KAe4+cfj9LL45l0hjkIGkb
SxFiNJalKH/1pYlyE+6gCbyApy7WivS1XVO5/G/S3O/LTZAOdld68migeHu0WJ+i
yI6ScoDT14DbziTNW4fdSKQQQvo10ubgRyWb5JkG5ARo4sD47LZhheomWvlBviUJ
dwBt6TbqGwt8XvTFh0oGSF3z8GYuquET74obspBj73JvJDFUiu6UmIQO+oQcDC96
N0MM0b8rkaxHxE86Wr1WKVtCL0gTBP1EQl1HmIc4kEURikNGxQ==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAqwRtM285maAKwo5CZ1eO
RWqStuW/yB5/9ltv+oDbgmGNN4BtOGOHofR2chejOGfVlDqt6brTI6eH/ysQsq8G
hMICGgnx8cAfvquVO4fyyGp2MeGWUu+7eX5n6lnUvluT/KBxgEEKlSvlUq/VYxTA
TStdIe3dLjLX3tzeWPHfs37vvv/Rjq+2N1WCyaaYFpWzE6QqhXiLtZgKKoTjlAS/
aC1qCVBGnkqoSGLl95BL4U52QDJpsN2rvaE8miBvP0EznwTvBG0dmFx1BHw1DgeH
5u9AwrjRURPD6br3fBPXAH7m3NYIftwNWpvByZ+Y5M9Q88gq+v7JY+zbbREhxSfT
1u/4v9WUAnNpf9Z6HhR0bbOAvqZ3wMOsdlLoV7WeVcYx5bT8XR/9LDsvG4KuxXpS
y5/X1CZaJQ4IADVVF+N7ulSdftY63qdvJIkD3UxuRMpQ3TdW4wWWHcJ7njJUTSKg
GQ73PRNtoyeDwu2bw3rEHYCjgA7nnlIFpb/VbymTYJGZxgopNaFaGooGW6vxu2G2
ut0qUXajCeFTcs989vSd3H1iVgYBvUbCzk3zOT9XilId0VebWk8l3BceT7XdMZDZ
rDB3+qDvtzWs7iB3qMEBbjz8VNmT3ql6ei+sTRqOuZ+Cj9AoYdhS33qZfIrXejqf
rg6lCKKr4wIxbdXNF/oPJ9ECAwEAAQ==
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 409111634144833962017108568014711939498232
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'R3'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-12-20 01:37:53 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-03-19 01:37:52 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.agalma.ee'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 697689677873788856849375724680589751358985296989696619634594961989787647190700852058049529705530609229099744313992208178889665174731383236652131141884660729712155197175559611381189773161159654919146336575308192410457826839764787808567253626013253691488685301686020802571996385179274600381950331179034015714268856059589064310125224131464793571883231293453906450672925076008262286992003589392922407937882128395138762789532957835000003581608067462791314821353150421879974255449063219183514173099497687288138394394120866855483019999520531462853574581342946111902614436277451004254476982191817165948817343699126282855440197889668325379477890303847026020671877756502319424154431665099886347186192171989482184312580182975425111488854082752223534417884112021396899996751224534881345925574288018420434020683051629339035604591361129550366515231835735342521999914901236622911041613778966162205387101472207245800476985075643745314000461303955618659758638668569249461052908228776904055053168316358511374163271421233525589959234813546531878765736609851336795632928232964118049289385090548432578467941773322461319985112608001801589425137489220024360653209539340369201281244723727046584022107668522984949700549862113405585667277105564252447550941137
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							2c479d7448a4e7f4f8c78f3fcbe3d19886f2c3f0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 142eb317b75856cbae500940e61faf9d8b14c2c6
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (73 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.o.lencr.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.i.lencr.org/'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (28 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'agalma.ee'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.agalma.ee'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (244 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (241 bytes)
							00ef0076003b5377753e2db9804e8b305b06fe403b67d84fc3f4c7bd000d2d726fe1fad4170000018c8516342b0000040300473045022100f6c72b44005f75544e6f9dbc554c78cb298d647f5139941ce6ddfabc91b1c04f022017f9098bfcc8ac8219715582d0bae5e26683e99a20d98cb39ca339c6ddd4589000750029d03a1bb674aa711cd3035b6557c14f8aa78b4fe8389449eca453f944bd24680000018c851634ec0000040300463044022063f10e1ae20b71a074251f0742f10cb573cb14c6116c86c163500bdd7779cd680220609f3aa67fc63c97fa21926056a91d21e183156ce5fc0e7d23fe5cda0188eafc
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00596409c860611281fa96ff083eae988de14608f394af28a2cc4858122ebf4d291a02ec8b5c27e97864bfd8f22604d06ecd77d88a09dd60b47de392807b8f9c7e3f4b2f8e65d218e420691b4b11623496a5287ff5a5897213eea009bc80a72ed68af4b55d53b9fc6fd2dcefcb4d900e76577af268a0787bb4589fa2c88e927280d3d780dbce24cd5b87dd48a41042fa35d2e6e047259be49906e40468e2c0f8ecb66185ea265af941be250977006de936ea1b0b7c5ef4c5874a06485df3f0662eaae113ef8a1bb29063ef726f2431548aee9498840efa841c0c2f7a37430cd1bf2b91ac47c44f3a5abd56295b422f481304fd44425d479887389045118a4346c5