guru.opthb.com
Issued by R3
About this certificate
This digital certificate with serial number 03:00:5a:ac:a5:09:20:29:f7:6a:d6:24:8a:42:bd:59:b7:11 was issued on by Let's Encrypt.
With 3 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
- Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
- Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)
Certificate Subject
CN=guru.opthb.com
Let's Encrypt
Organization:
Let's Encrypt
Country:
US
This certificate has expire since
Certificate Details
Serial Number (hex): 03:00:5a:ac:a5:09:20:29:f7:6a:d6:24:8a:42:bd:59:b7:11Serial Number (int): 261457384737281642678607341370883664623377
Serial Number lenght: 138 bits, 18 octets
SubjectKeyId: 43:16:f6:7a:04:9b:83:a9:86:e4:d6:da:87:59:cd:3c:04:8c:87:4d
AuthorityKeyId: 14:2e:b3:17:b7:58:56:cb:ae:50:09:40:e6:1f:af:9d:8b:14:c2:c6
Fingerprint (sha1): 21:49:e4:8a:22:0d:18:06:78:da:0d:c2:a9:88:bd:af:cf:be:3a:d3
Fingerprint (sha256): 57:47:66:1c:ab:c5:d9:aa:13:9a:0a:eb:3a:f7:9f:23:15:2d:4c:7c:fe:d2:39:46:2d:82:40:c5:bc:eb:26:d3
Issuing Certificate URL: http://r3.i.lencr.org/
Revocation information
OCSP Server: http://r3.o.lencr.orgCheck the revocation status for certificate guru.opthb.com
3
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for guru.opthb.com
Public Key Algorithm
RSA
Key Size
4096
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
9 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
guru.opthb.com
rdc2.apicit.net
rtb.opthb.com
rdc2.apicit.net
rtb.opthb.com
Other certificates including the domain name opthb.com
(limited to 100 certificates)
Certificate
The complete raw certificate details for guru.opthb.com in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIGCjCCBPKgAwIBAgISAwBarKUJICn3atYkikK9WbcRMA0GCSqGSIb3DQEBCwUA MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD EwJSMzAeFw0yMzEyMTQxNTM3MDFaFw0yNDAzMTMxNTM3MDBaMBkxFzAVBgNVBAMT Dmd1cnUub3B0aGIuY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA 0bfIPRu1OIpWhOxidbdyHVNLkA2D32vg/A74LCwPkqfx+JMaf/EwmjWyOHNyB6fo 0AB4zOJTVik4TI3Yv1Tv8svbYgDYUtBC1DvxgLTMPx8WswKGh3PDhK6wb8wFysFk 4Gre56IXGXNyTjcn3Aa87K6OIdsAmpiZnx9MS9JU5KkB4h1xTn0B+cRfxrgyrTXd fg2Z6JlbrVGNqGxk/4Gz2yMs+69b84Zksuqx4GT3J/9kAflDBPWpYsXVZo+UJZBK jfS1sllt7FxzFTPxsMzTGyNd72vzdcXeGZpGFQQoQHNfV6J/7/EZlKntnQegqy4n Tkg7zBPQoMfgpv+dBirPgK2DD2RI63JBbCuezMtJjH+Tv4QlQeQJcpIxKbpU9jHd 4w9vz/JA6EVyIn2BcaHB2D23S/hOdxIh1oaT66QwH5Ixt9/OZ2IE3QFqKDpZZweg aIGGa8Yaz16bJkxQkwUXgIvun3byUb8trqX759fya7Z20a1f1IdJdmsqWHL3uCIx GGC8Il6Ao4WUYwZXcx/Fvt/joy4DVQbbsJM6ASZVOHQDAhNtg9Y1tStWN09libk7 71tOWSVEai9K/EqHWXTZyVrG875necz247QORjsYZp4JC0SzSy4im0PxlYjiv8eF MezT/LUNBLH/vW6Baj7Hwursw0BEShrsjmae+ecFN40CAwEAAaOCAjEwggItMA4G A1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYD VR0TAQH/BAIwADAdBgNVHQ4EFgQUQxb2egSbg6mG5Nbah1nNPASMh00wHwYDVR0j BBgwFoAUFC6zF7dYVsuuUAlA5h+vnYsUwsYwVQYIKwYBBQUHAQEESTBHMCEGCCsG AQUFBzABhhVodHRwOi8vcjMuby5sZW5jci5vcmcwIgYIKwYBBQUHMAKGFmh0dHA6 Ly9yMy5pLmxlbmNyLm9yZy8wOQYDVR0RBDIwMIIOZ3VydS5vcHRoYi5jb22CD3Jk YzIuYXBpY2l0Lm5ldIINcnRiLm9wdGhiLmNvbTATBgNVHSAEDDAKMAgGBmeBDAEC ATCCAQUGCisGAQQB1nkCBAIEgfYEgfMA8QB2ADtTd3U+LbmAToswWwb+QDtn2E/D 9Me9AA0tcm/h+tQXAAABjGkwSj8AAAQDAEcwRQIgPq075UaCd/p6o9NueNuZQxFF SjRZ+umS3P9aIvDwzhACIQDVmzx90dvEse+G0yS5jYAx4/ePlgRN+YdYGsXSaGQl ywB3AHb/iD8KtvuVUcJhzPWHujS0pM27KdxoQgqf5mdMWjp0AAABjGkwSpEAAAQD AEgwRgIhAKl5Xm8oH+62i5/d5sndqeHR21BngIcanwQ/TcqMhmZfAiEA4AuqHP8l 27uWCNXyZhmiE5+X04/qjQK0EbAuUgavVf0wDQYJKoZIhvcNAQELBQADggEBAHd+ 2NZobEZzWJgrCYzPOFpungHbP4CwlpPhkzUT07shuXQs1K/VCY18u8B9NNfNLIYa FfQDsO3qB4miPByNPNtj6LnZn76+v69KkVHy6sLYL6Xl739fKtUoGJySWaHOJ6by T6Kn0MHWqAAKtSbo0li0mVT5YFIYr9r6xJYPv1HG1eirHmG8wK46IRYETdh8nrMw n/GHAbcPhG22ptkbZTw1k/1YUHftviF+3nnQ3TAwqf3GlMd4luiEfcoAOvAo2OaH b7rlDVYnImkaeqThL6qX7gc0U+DGlEI5UGJWTTYL9k5m4Kgks8Ph0gMgCLUf/X/Y EYhA5nzzYo7lZmDCKYY= -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0bfIPRu1OIpWhOxidbdy HVNLkA2D32vg/A74LCwPkqfx+JMaf/EwmjWyOHNyB6fo0AB4zOJTVik4TI3Yv1Tv 8svbYgDYUtBC1DvxgLTMPx8WswKGh3PDhK6wb8wFysFk4Gre56IXGXNyTjcn3Aa8 7K6OIdsAmpiZnx9MS9JU5KkB4h1xTn0B+cRfxrgyrTXdfg2Z6JlbrVGNqGxk/4Gz 2yMs+69b84Zksuqx4GT3J/9kAflDBPWpYsXVZo+UJZBKjfS1sllt7FxzFTPxsMzT GyNd72vzdcXeGZpGFQQoQHNfV6J/7/EZlKntnQegqy4nTkg7zBPQoMfgpv+dBirP gK2DD2RI63JBbCuezMtJjH+Tv4QlQeQJcpIxKbpU9jHd4w9vz/JA6EVyIn2BcaHB 2D23S/hOdxIh1oaT66QwH5Ixt9/OZ2IE3QFqKDpZZwegaIGGa8Yaz16bJkxQkwUX gIvun3byUb8trqX759fya7Z20a1f1IdJdmsqWHL3uCIxGGC8Il6Ao4WUYwZXcx/F vt/joy4DVQbbsJM6ASZVOHQDAhNtg9Y1tStWN09libk771tOWSVEai9K/EqHWXTZ yVrG875necz247QORjsYZp4JC0SzSy4im0PxlYjiv8eFMezT/LUNBLH/vW6Baj7H wursw0BEShrsjmae+ecFN40CAwEAAQ== -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 261457384737281642678607341370883664623377 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'R3' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-12-14 15:37:01 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-03-13 15:37:00 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'guru.opthb.com' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 855574383225540756266225393595700351007841489276597830541777377451922642639630432044726358792457202894051072957587896904307020341728492503581741244792778341519850288353548094550879699051265632399526312753056566018758998947950554840316142217826061752794111087262924506456749440674027995122884469166521668475353155650776238347647238595710414663900377385870715060479921714813041432311528194437184860632983406360692719645196206646976764176302296872006829346665440901267047657258373305889196422187597741935732740743189145231010979378618046505253392228742323482171277680049192995333779818688975326525793979200340432559088906402044408950536122469145572004075051333300316069304992755258673426087587854426535105660671692898794797753155795961684855716540133919547286447221626949932066547773426216557596911116838050001276496530122897040352117764055512143573957880148101963222706868752659895134424689093184180336948803047999010506226338932305268232680841907782781127099215032489910342728652942576079939146583526558140624299091348053767436823100647802469644959383167741123494366725639318924892938941104453529791166607252220153759875855311596577147746130581335519610836719025265631985693675207287272383590155249357883830934040829933900831570343821 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) 4316f67a049b83a986e4d6da8759cd3c048c874d . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 142eb317b75856cbae500940e61faf9d8b14c2c6 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (73 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.o.lencr.org' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.i.lencr.org/' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (50 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'guru.opthb.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'rdc2.apicit.net' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'rtb.opthb.com' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (246 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (243 bytes) 00f10076003b5377753e2db9804e8b305b06fe403b67d84fc3f4c7bd000d2d726fe1fad4170000018c69304a3f000004030047304502203ead3be5468277fa7aa3d36e78db994311454a3459fae992dcff5a22f0f0ce10022100d59b3c7dd1dbc4b1ef86d324b98d8031e3f78f96044df987581ac5d2686425cb00770076ff883f0ab6fb9551c261ccf587ba34b4a4cdbb29dc68420a9fe6674c5a3a740000018c69304a910000040300483046022100a9795e6f281feeb68b9fdde6c9dda9e1d1db506780871a9f043f4dca8c86665f022100e00baa1cff25dbbb9608d5f26619a2139f97d38fea8d02b411b02e5206af55fd . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 00777ed8d6686c467358982b098ccf385a6e9e01db3f80b09693e1933513d3bb21b9742cd4afd5098d7cbbc07d34d7cd2c861a15f403b0edea0789a23c1c8d3cdb63e8b9d99fbebebfaf4a9151f2eac2d82fa5e5ef7f5f2ad528189c9259a1ce27a6f24fa2a7d0c1d6a8000ab526e8d258b49954f9605218afdafac4960fbf51c6d5e8ab1e61bcc0ae3a2116044dd87c9eb3309ff18701b70f846db6a6d91b653c3593fd585077edbe217ede79d0dd3030a9fdc694c77896e8847dca003af028d8e6876fbae50d562722691a7aa4e12faa97ee073453e0c69442395062564d360bf64e66e0a824b3c3e1d2032008b51ffd7fd8118840e67cf3628ee56660c22986