guru.opthb.com

Issued by R3

About this certificate

This digital certificate with serial number 03:00:5a:ac:a5:09:20:29:f7:6a:d6:24:8a:42:bd:59:b7:11 was issued on by Let's Encrypt.

With 3 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Certificate Subject

CN=guru.opthb.com

Let's Encrypt

Organization: Let's Encrypt
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 03:00:5a:ac:a5:09:20:29:f7:6a:d6:24:8a:42:bd:59:b7:11
Serial Number (int): 261457384737281642678607341370883664623377
Serial Number lenght: 138 bits, 18 octets

SubjectKeyId: 43:16:f6:7a:04:9b:83:a9:86:e4:d6:da:87:59:cd:3c:04:8c:87:4d
AuthorityKeyId: 14:2e:b3:17:b7:58:56:cb:ae:50:09:40:e6:1f:af:9d:8b:14:c2:c6

Fingerprint (sha1): 21:49:e4:8a:22:0d:18:06:78:da:0d:c2:a9:88:bd:af:cf:be:3a:d3
Fingerprint (sha256): 57:47:66:1c:ab:c5:d9:aa:13:9a:0a:eb:3a:f7:9f:23:15:2d:4c:7c:fe:d2:39:46:2d:82:40:c5:bc:eb:26:d3

Issuing Certificate URL: http://r3.i.lencr.org/

Revocation information

OCSP Server: http://r3.o.lencr.org

Check the revocation status for certificate guru.opthb.com

3

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for guru.opthb.com

Public Key Algorithm

RSA

Key Size

4096

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

guru.opthb.com
rdc2.apicit.net
rtb.opthb.com

Other certificates including the domain name opthb.com

(limited to 100 certificates)
*.opthb.com
*.opthb.com
guru.opthb.com
*.opthb.com
guru.opthb.com

Certificate

The complete raw certificate details for guru.opthb.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIGCjCCBPKgAwIBAgISAwBarKUJICn3atYkikK9WbcRMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMzEyMTQxNTM3MDFaFw0yNDAzMTMxNTM3MDBaMBkxFzAVBgNVBAMT
Dmd1cnUub3B0aGIuY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA
0bfIPRu1OIpWhOxidbdyHVNLkA2D32vg/A74LCwPkqfx+JMaf/EwmjWyOHNyB6fo
0AB4zOJTVik4TI3Yv1Tv8svbYgDYUtBC1DvxgLTMPx8WswKGh3PDhK6wb8wFysFk
4Gre56IXGXNyTjcn3Aa87K6OIdsAmpiZnx9MS9JU5KkB4h1xTn0B+cRfxrgyrTXd
fg2Z6JlbrVGNqGxk/4Gz2yMs+69b84Zksuqx4GT3J/9kAflDBPWpYsXVZo+UJZBK
jfS1sllt7FxzFTPxsMzTGyNd72vzdcXeGZpGFQQoQHNfV6J/7/EZlKntnQegqy4n
Tkg7zBPQoMfgpv+dBirPgK2DD2RI63JBbCuezMtJjH+Tv4QlQeQJcpIxKbpU9jHd
4w9vz/JA6EVyIn2BcaHB2D23S/hOdxIh1oaT66QwH5Ixt9/OZ2IE3QFqKDpZZweg
aIGGa8Yaz16bJkxQkwUXgIvun3byUb8trqX759fya7Z20a1f1IdJdmsqWHL3uCIx
GGC8Il6Ao4WUYwZXcx/Fvt/joy4DVQbbsJM6ASZVOHQDAhNtg9Y1tStWN09libk7
71tOWSVEai9K/EqHWXTZyVrG875necz247QORjsYZp4JC0SzSy4im0PxlYjiv8eF
MezT/LUNBLH/vW6Baj7Hwursw0BEShrsjmae+ecFN40CAwEAAaOCAjEwggItMA4G
A1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYD
VR0TAQH/BAIwADAdBgNVHQ4EFgQUQxb2egSbg6mG5Nbah1nNPASMh00wHwYDVR0j
BBgwFoAUFC6zF7dYVsuuUAlA5h+vnYsUwsYwVQYIKwYBBQUHAQEESTBHMCEGCCsG
AQUFBzABhhVodHRwOi8vcjMuby5sZW5jci5vcmcwIgYIKwYBBQUHMAKGFmh0dHA6
Ly9yMy5pLmxlbmNyLm9yZy8wOQYDVR0RBDIwMIIOZ3VydS5vcHRoYi5jb22CD3Jk
YzIuYXBpY2l0Lm5ldIINcnRiLm9wdGhiLmNvbTATBgNVHSAEDDAKMAgGBmeBDAEC
ATCCAQUGCisGAQQB1nkCBAIEgfYEgfMA8QB2ADtTd3U+LbmAToswWwb+QDtn2E/D
9Me9AA0tcm/h+tQXAAABjGkwSj8AAAQDAEcwRQIgPq075UaCd/p6o9NueNuZQxFF
SjRZ+umS3P9aIvDwzhACIQDVmzx90dvEse+G0yS5jYAx4/ePlgRN+YdYGsXSaGQl
ywB3AHb/iD8KtvuVUcJhzPWHujS0pM27KdxoQgqf5mdMWjp0AAABjGkwSpEAAAQD
AEgwRgIhAKl5Xm8oH+62i5/d5sndqeHR21BngIcanwQ/TcqMhmZfAiEA4AuqHP8l
27uWCNXyZhmiE5+X04/qjQK0EbAuUgavVf0wDQYJKoZIhvcNAQELBQADggEBAHd+
2NZobEZzWJgrCYzPOFpungHbP4CwlpPhkzUT07shuXQs1K/VCY18u8B9NNfNLIYa
FfQDsO3qB4miPByNPNtj6LnZn76+v69KkVHy6sLYL6Xl739fKtUoGJySWaHOJ6by
T6Kn0MHWqAAKtSbo0li0mVT5YFIYr9r6xJYPv1HG1eirHmG8wK46IRYETdh8nrMw
n/GHAbcPhG22ptkbZTw1k/1YUHftviF+3nnQ3TAwqf3GlMd4luiEfcoAOvAo2OaH
b7rlDVYnImkaeqThL6qX7gc0U+DGlEI5UGJWTTYL9k5m4Kgks8Ph0gMgCLUf/X/Y
EYhA5nzzYo7lZmDCKYY=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0bfIPRu1OIpWhOxidbdy
HVNLkA2D32vg/A74LCwPkqfx+JMaf/EwmjWyOHNyB6fo0AB4zOJTVik4TI3Yv1Tv
8svbYgDYUtBC1DvxgLTMPx8WswKGh3PDhK6wb8wFysFk4Gre56IXGXNyTjcn3Aa8
7K6OIdsAmpiZnx9MS9JU5KkB4h1xTn0B+cRfxrgyrTXdfg2Z6JlbrVGNqGxk/4Gz
2yMs+69b84Zksuqx4GT3J/9kAflDBPWpYsXVZo+UJZBKjfS1sllt7FxzFTPxsMzT
GyNd72vzdcXeGZpGFQQoQHNfV6J/7/EZlKntnQegqy4nTkg7zBPQoMfgpv+dBirP
gK2DD2RI63JBbCuezMtJjH+Tv4QlQeQJcpIxKbpU9jHd4w9vz/JA6EVyIn2BcaHB
2D23S/hOdxIh1oaT66QwH5Ixt9/OZ2IE3QFqKDpZZwegaIGGa8Yaz16bJkxQkwUX
gIvun3byUb8trqX759fya7Z20a1f1IdJdmsqWHL3uCIxGGC8Il6Ao4WUYwZXcx/F
vt/joy4DVQbbsJM6ASZVOHQDAhNtg9Y1tStWN09libk771tOWSVEai9K/EqHWXTZ
yVrG875necz247QORjsYZp4JC0SzSy4im0PxlYjiv8eFMezT/LUNBLH/vW6Baj7H
wursw0BEShrsjmae+ecFN40CAwEAAQ==
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 261457384737281642678607341370883664623377
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'R3'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-12-14 15:37:01 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-03-13 15:37:00 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'guru.opthb.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 855574383225540756266225393595700351007841489276597830541777377451922642639630432044726358792457202894051072957587896904307020341728492503581741244792778341519850288353548094550879699051265632399526312753056566018758998947950554840316142217826061752794111087262924506456749440674027995122884469166521668475353155650776238347647238595710414663900377385870715060479921714813041432311528194437184860632983406360692719645196206646976764176302296872006829346665440901267047657258373305889196422187597741935732740743189145231010979378618046505253392228742323482171277680049192995333779818688975326525793979200340432559088906402044408950536122469145572004075051333300316069304992755258673426087587854426535105660671692898794797753155795961684855716540133919547286447221626949932066547773426216557596911116838050001276496530122897040352117764055512143573957880148101963222706868752659895134424689093184180336948803047999010506226338932305268232680841907782781127099215032489910342728652942576079939146583526558140624299091348053767436823100647802469644959383167741123494366725639318924892938941104453529791166607252220153759875855311596577147746130581335519610836719025265631985693675207287272383590155249357883830934040829933900831570343821
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							4316f67a049b83a986e4d6da8759cd3c048c874d
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 142eb317b75856cbae500940e61faf9d8b14c2c6
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (73 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.o.lencr.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.i.lencr.org/'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (50 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'guru.opthb.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'rdc2.apicit.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'rtb.opthb.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (246 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (243 bytes)
							00f10076003b5377753e2db9804e8b305b06fe403b67d84fc3f4c7bd000d2d726fe1fad4170000018c69304a3f000004030047304502203ead3be5468277fa7aa3d36e78db994311454a3459fae992dcff5a22f0f0ce10022100d59b3c7dd1dbc4b1ef86d324b98d8031e3f78f96044df987581ac5d2686425cb00770076ff883f0ab6fb9551c261ccf587ba34b4a4cdbb29dc68420a9fe6674c5a3a740000018c69304a910000040300483046022100a9795e6f281feeb68b9fdde6c9dda9e1d1db506780871a9f043f4dca8c86665f022100e00baa1cff25dbbb9608d5f26619a2139f97d38fea8d02b411b02e5206af55fd
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00777ed8d6686c467358982b098ccf385a6e9e01db3f80b09693e1933513d3bb21b9742cd4afd5098d7cbbc07d34d7cd2c861a15f403b0edea0789a23c1c8d3cdb63e8b9d99fbebebfaf4a9151f2eac2d82fa5e5ef7f5f2ad528189c9259a1ce27a6f24fa2a7d0c1d6a8000ab526e8d258b49954f9605218afdafac4960fbf51c6d5e8ab1e61bcc0ae3a2116044dd87c9eb3309ff18701b70f846db6a6d91b653c3593fd585077edbe217ede79d0dd3030a9fdc694c77896e8847dca003af028d8e6876fbae50d562722691a7aa4e12faa97ee073453e0c69442395062564d360bf64e66e0a824b3c3e1d2032008b51ffd7fd8118840e67cf3628ee56660c22986