nycstream.com
Issued by R3
About this certificate
This digital certificate with serial number 03:f9:67:d5:ae:8d:de:f0:fb:c9:41:28:98:af:ec:19:17:78 was issued on by Let's Encrypt.
With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
- Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
- Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)
Certificate Subject
CN=nycstream.com
Let's Encrypt
Organization:
Let's Encrypt
Country:
US
This certificate has expire since
Certificate Details
Serial Number (hex): 03:f9:67:d5:ae:8d:de:f0:fb:c9:41:28:98:af:ec:19:17:78Serial Number (int): 346205187141770570548751394294394972084088
Serial Number lenght: 138 bits, 18 octets
SubjectKeyId: b6:5a:50:f3:30:2e:1e:fb:b7:f9:cb:57:3f:6d:b5:9f:e6:e2:e2:f3
AuthorityKeyId: 14:2e:b3:17:b7:58:56:cb:ae:50:09:40:e6:1f:af:9d:8b:14:c2:c6
Fingerprint (sha1): 19:a7:cf:11:4e:63:99:24:09:18:d3:cd:44:80:6a:bd:8c:1a:48:be
Fingerprint (sha256): 5c:95:5c:f4:5f:5c:33:74:3e:bf:6b:91:e8:a3:56:9e:c6:77:4e:54:60:56:6a:f0:e3:20:5b:39:a9:e5:15:84
Issuing Certificate URL: http://r3.i.lencr.org/
Revocation information
OCSP Server: http://r3.o.lencr.orgCheck the revocation status for certificate nycstream.com
2
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for nycstream.com
Public Key Algorithm
RSA
Key Size
4096
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
9 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
nycstream.com
www.nycstream.com
www.nycstream.com
Other certificates including the domain name nycstream.com
(limited to 100 certificates)
Certificate
The complete raw certificate details for nycstream.com in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIF/DCCBOSgAwIBAgISA/ln1a6N3vD7yUEomK/sGRd4MA0GCSqGSIb3DQEBCwUA MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD EwJSMzAeFw0yMzEwMjMxMTA2MzlaFw0yNDAxMjExMTA2MzhaMBgxFjAUBgNVBAMT DW55Y3N0cmVhbS5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCJ d+Jk+uFBIhlX/czxGfeRctXWuiq9w5OSjkK2ifjIaz/xqwBjbteqd6bgTqPZwfgK sTnECt7qhnNAok+MgU7JYx9bmOy4XYQwbey86MjHPXjWcNFCD7mNt5J8yQZOFf5i JhPMbbgcfeAQO9hgbwzwrc/i12vjGMbjqh+I305CBe3dN+n3a/I1gmbqqgopQmhX eyCqQwd3Y9DoM/OVX8AlICdSf6NUIyQnwZ/+98jIhu8zdCGCgZFUCPgmTbbuG2xq Yo2NS39eV5O3TFlmdmOvowBx3WV/V9+rDxh5SM/kZ6Flszp0ZRnZyKyPWbDG73EY 0dIlfB3u4XI05W80brZlG5TcnOnfDNPFRzxn8Fs+JWnjMtpwdP4/GOrY/YsAz2ce pqqABCwZGiI518dRLVZh5ZA7VX5AjyOrDyWX1MG2UT3JLHYvKA4iiPrrP94ZsDhT HdTFHdhVtq3yYc6eLZ96VcynzmG+U/bbAv0daU441uJbY7AuwwATk7cZP/6mbkfg M5iXyKVBSAg7nEL3mBLl7VKwI/30y8aUhWLpnPYJzKqe03S/JcR4QxN/u3Mv2vlX HtLWTkAHRNNVfJibm8Vwi+0nLakAPikjf1kE3Xta0hrkUvNWjVJvm4m3T6si0cng hGaBE2KxxoCmbBzfNlUhfaOTJc/L51OKujGCiNIzjQIDAQABo4ICJDCCAiAwDgYD VR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNV HRMBAf8EAjAAMB0GA1UdDgQWBBS2WlDzMC4e+7f5y1c/bbWf5uLi8zAfBgNVHSME GDAWgBQULrMXt1hWy65QCUDmH6+dixTCxjBVBggrBgEFBQcBAQRJMEcwIQYIKwYB BQUHMAGGFWh0dHA6Ly9yMy5vLmxlbmNyLm9yZzAiBggrBgEFBQcwAoYWaHR0cDov L3IzLmkubGVuY3Iub3JnLzArBgNVHREEJDAigg1ueWNzdHJlYW0uY29tghF3d3cu bnljc3RyZWFtLmNvbTATBgNVHSAEDDAKMAgGBmeBDAECATCCAQYGCisGAQQB1nkC BAIEgfcEgfQA8gB3ADtTd3U+LbmAToswWwb+QDtn2E/D9Me9AA0tcm/h+tQXAAAB i1xuE+8AAAQDAEgwRgIhAKhFj1bz3ARbnsDuuo3degU3Q/ZvRdEwn3anGgfYODUI AiEA3rx7YrlRkuNFeq93FAbbP54LUiLcdK5vzEMJe9jMHysAdwB2/4g/Crb7lVHC Ycz1h7o0tKTNuyncaEIKn+ZnTFo6dAAAAYtcbhTLAAAEAwBIMEYCIQCVekckciuK Z5SAZRAbSCVpgOT1VHTiEa3ZcQmgLiwh8gIhAP3rIsEsTx8HRqS7Qc8IwXP3Ac3z sLMt+a/JTtHpDV8dMA0GCSqGSIb3DQEBCwUAA4IBAQAu5gvg3b+LzGGol5BbY933 o2Xu7bUl6WqppaYiVzWntEA0FiSk/55ojgKvcF1iB6zEYm/yNmGEai5f8Fpzu1yd 0ET4P5bRQMcPSoSVCIp5FJ58fbwjPRsWOj3AKLa58kzuAy7tmp2Thn4uNopOz9aL r41EE3/Rr1MqAADQQPuIIZ7M80Y+I7lRQypeWGwv94FtLHiqcOu1fAZ/0LvvRz86 2f8oKcndgojFvvJVZo7qpgBVC2djBqrFcmGZ1ENyxEuwvxVymbBa1GjXMejaw3qZ r5pdKkBI2BUzLK7J86KGuaR/9WtIyhtUqrWCiyvmbLqbb11ab/jR1Lr31/SyqAXs -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAiXfiZPrhQSIZV/3M8Rn3 kXLV1roqvcOTko5Cton4yGs/8asAY27Xqnem4E6j2cH4CrE5xAre6oZzQKJPjIFO yWMfW5jsuF2EMG3svOjIxz141nDRQg+5jbeSfMkGThX+YiYTzG24HH3gEDvYYG8M 8K3P4tdr4xjG46ofiN9OQgXt3Tfp92vyNYJm6qoKKUJoV3sgqkMHd2PQ6DPzlV/A JSAnUn+jVCMkJ8Gf/vfIyIbvM3QhgoGRVAj4Jk227htsamKNjUt/XleTt0xZZnZj r6MAcd1lf1ffqw8YeUjP5GehZbM6dGUZ2cisj1mwxu9xGNHSJXwd7uFyNOVvNG62 ZRuU3Jzp3wzTxUc8Z/BbPiVp4zLacHT+Pxjq2P2LAM9nHqaqgAQsGRoiOdfHUS1W YeWQO1V+QI8jqw8ll9TBtlE9ySx2LygOIoj66z/eGbA4Ux3UxR3YVbat8mHOni2f elXMp85hvlP22wL9HWlOONbiW2OwLsMAE5O3GT/+pm5H4DOYl8ilQUgIO5xC95gS 5e1SsCP99MvGlIVi6Zz2CcyqntN0vyXEeEMTf7tzL9r5Vx7S1k5AB0TTVXyYm5vF cIvtJy2pAD4pI39ZBN17WtIa5FLzVo1Sb5uJt0+rItHJ4IRmgRNiscaApmwc3zZV IX2jkyXPy+dTiroxgojSM40CAwEAAQ== -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 346205187141770570548751394294394972084088 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'R3' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-10-23 11:06:39 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-01-21 11:06:38 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'nycstream.com' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 560821727517669185048735787653585990686840956582501099444627324351771251959641563806391572278051781470542574152101700265981441343023834710236804818290946410531182694890853233134374424116830057613662541046696174571105068063469559114250681086352270287039057098234260772264481564794395077079332029307664955791073281018844407213991113004659791156966038425971585688199811913624866332515064807978349832609573120075978191441805101128984636871666126415477115399621357875658323406676271139828904192124291719543322243748021067331283720155581138746418096565180630754408327483122107341463464455618200627772195579669758868079567043250617999065769053221825639925683455677012490812505352560588772606613337718597877107255903120274915895279852903009574808693727025183312685797314932904246456074569661904851183165404422148970309637322804460693642665674900830584873675484894584035857671770688830930829239437384319564278163517033015143282297384124115661507498693397859824705460045402283077944279148861714182629020660775912750289305397798849694101042159271153488169501332242308560722740006416343476811709004035979757188661201897197916309220935891169207527860643393148296083084227720956806070085170343055078618472789383965150277493333493520484877361886093 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) b65a50f3302e1efbb7f9cb573f6db59fe6e2e2f3 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 142eb317b75856cbae500940e61faf9d8b14c2c6 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (73 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.o.lencr.org' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.i.lencr.org/' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (36 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'nycstream.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.nycstream.com' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (247 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (244 bytes) 00f20077003b5377753e2db9804e8b305b06fe403b67d84fc3f4c7bd000d2d726fe1fad4170000018b5c6e13ef0000040300483046022100a8458f56f3dc045b9ec0eeba8ddd7a053743f66f45d1309f76a71a07d8383508022100debc7b62b95192e3457aaf771406db3f9e0b5222dc74ae6fcc43097bd8cc1f2b00770076ff883f0ab6fb9551c261ccf587ba34b4a4cdbb29dc68420a9fe6674c5a3a740000018b5c6e14cb0000040300483046022100957a4724722b8a67948065101b48256980e4f55474e211add97109a02e2c21f2022100fdeb22c12c4f1f0746a4bb41cf08c173f701cdf3b0b32df9afc94ed1e90d5f1d . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 002ee60be0ddbf8bcc61a897905b63ddf7a365eeedb525e96aa9a5a6225735a7b440341624a4ff9e688e02af705d6207acc4626ff23661846a2e5ff05a73bb5c9dd044f83f96d140c70f4a8495088a79149e7c7dbc233d1b163a3dc028b6b9f24cee032eed9a9d93867e2e368a4ecfd68baf8d44137fd1af532a0000d040fb88219eccf3463e23b951432a5e586c2ff7816d2c78aa70ebb57c067fd0bbef473f3ad9ff2829c9dd8288c5bef255668eeaa600550b676306aac5726199d44372c44bb0bf157299b05ad468d731e8dac37a99af9a5d2a4048d815332caec9f3a286b9a47ff56b48ca1b54aab5828b2be66cba9b6f5d5a6ff8d1d4baf7d7f4b2a805ec