www.kncar.cz
Issued by Let's Encrypt Authority X3
About this certificate
This digital certificate with serial number 03:ea:8f:0d:28:a0:cd:bc:5b:e9:05:f3:5a:5f:38:1e:e9:a7 was issued on by Let's Encrypt.
With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)
Certificate Subject
CN=www.kncar.cz
Let's Encrypt
Organization:
Let's Encrypt
Country:
US
This certificate has expire since
Certificate Details
Serial Number (hex): 03:ea:8f:0d:28:a0:cd:bc:5b:e9:05:f3:5a:5f:38:1e:e9:a7Serial Number (int): 341153079582073306600336216311001205631399
Serial Number lenght: 138 bits, 18 octets
SubjectKeyId: cc:05:52:dc:54:9e:48:f5:01:4f:ee:ef:01:e1:e3:37:3f:b4:d5:22
AuthorityKeyId: a8:4a:6a:63:04:7d:dd:ba:e6:d1:39:b7:a6:45:65:ef:f3:a8:ec:a1
Fingerprint (sha1): 7c:11:ce:c7:fa:e8:af:8f:46:71:55:29:24:7d:00:d2:8e:7d:e2:68
Fingerprint (sha256): 5e:77:f8:0d:5e:3c:df:ed:05:7e:74:6e:81:75:70:be:12:83:6b:67:7a:4b:9c:fb:e8:a5:43:27:0d:db:f0:47
Issuing Certificate URL: http://cert.int-x3.letsencrypt.org/
Revocation information
OCSP Server: http://ocsp.int-x3.letsencrypt.orgCheck the revocation status for certificate www.kncar.cz
2
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for www.kncar.cz
Public Key Algorithm
RSA
Key Size
4096
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
9 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
kncar.cz
www.kncar.cz
www.kncar.cz
Other certificates including the domain name kncar.cz
(limited to 100 certificates)
Certificate
The complete raw certificate details for www.kncar.cz in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIGWjCCBUKgAwIBAgISA+qPDSigzbxb6QXzWl84HumnMA0GCSqGSIb3DQEBCwUA MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0yMDAzMDQwODA3MjFaFw0y MDA2MDIwODA3MjFaMBcxFTATBgNVBAMTDHd3dy5rbmNhci5jejCCAiIwDQYJKoZI hvcNAQEBBQADggIPADCCAgoCggIBAKsr9AcQpc0YiyIFleDzMcOFgmRVMh/afSGE 7+cY02BDc+mfN+q9ua6HNDHhWUIs9hYH4Sk37EwcCU7LNUNYumIj2EoPcjWUDz/O CSwHBtn666delIJuQAwpfQcM36up7jkJrSEPYmrIA/bl/RgPExG5Q48H43PTrqOe u6+Afwn6+hGl55RX1DtWU4GYViorLD9KMYDAeXRWWUZdFDmABh41G1kYEIoncohq 3xTARMhIYD7S4A15leSn0CLfVhXasF9S9vR9Nyi4O0Ldi/GFI6Mu697I9f9UeI6X Bhs/C+0y9N69gFOGM0gg1USzRKD4Cy6h6URPDZq9gN9IlrC0m2KJpHDFZjM1gQVR qjo8d+WPQTASvYKpNBamMpO6sMFaAMndC0AvyAOe7kpYe8YuCgZwuxecbrsgOh04 NoSMfiI8Uxwcb4wKsX5J3KcONdL2CaYEHfWTTVWxCCQOEdGMqcXjy+nYQ23qf4dx e8zTD0e+BtxGpSLQ1mY1ZR1D7S6Gpo3AaZyxMr1k6nluzZW1VREM2aZMdIksXbyf SDqJimnfMBugPA0AaiOhkDKW4/Kht9gpS/VNgf9wg91yIxrheh5dmMJKft2NXL2p H3vPAEGTdOdjv3Kxm8HKX0wFV2mzyfX06f+B1NV/l2TmB8gAO41FPZUnkiO+cZ3V CC0hLIlfAgMBAAGjggJrMIICZzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYI KwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFMwFUtxU nkj1AU/u7wHh4zc/tNUiMB8GA1UdIwQYMBaAFKhKamMEfd265tE5t6ZFZe/zqOyh MG8GCCsGAQUFBwEBBGMwYTAuBggrBgEFBQcwAYYiaHR0cDovL29jc3AuaW50LXgz LmxldHNlbmNyeXB0Lm9yZzAvBggrBgEFBQcwAoYjaHR0cDovL2NlcnQuaW50LXgz LmxldHNlbmNyeXB0Lm9yZy8wIQYDVR0RBBowGIIIa25jYXIuY3qCDHd3dy5rbmNh ci5jejBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsG AQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQQGCisGAQQB1nkC BAIEgfUEgfIA8AB2APCVpFnyANGCQBAtL5OIjq1L/h1H45nh0DSmsKiqjrJzAAAB cKTMq6cAAAQDAEcwRQIhAIS3ZGUi5p1FiBQs+vC7tl0H0ETLWMogcjCwN94c4wkX AiBP4rlHFG3UP2Zzy9hFWSGXa+ndlZYDW1ks1xXPkglcbwB2ALIeBcyLos2KIE6H ZvkruYolIGdr2vpw57JJUy3vi5BeAAABcKTMq6UAAAQDAEcwRQIgU6EfKi16qzn4 Vidbe+cSt0kkmqF/7wll4tPAgOnA8kACIQDVP5mwglEnMVcqIjJDexwA3Fzhk2F8 xAd5LGp2GYTrEzANBgkqhkiG9w0BAQsFAAOCAQEAQMoWUDuMxYceiFM9MU/uEb/Y nJ51LLn0FOUZZFma0seXJePCGU6XAblcSVhmJdaczysHk2eYYldM2rIA6Ex6629X F0pLnLysoECc6R5oxIOjGRcK6DpjF0q4dJyiFZ++ao0fLzUNHqbWUt2X8NRaroZE mLwJnSnNQLHgbUrHh8yVarXl0gKxy+yls8scnpbIuzr52rOsqNtOnMayDKyRJqhV +dFr/8OByuQU3l09XuXJ06uhaQ6ZJ8BSt58fM0A6xo7gXZx0YyYx6lGeDy2TB2lp qK7mCNxcntYuJuGdb3Ah0cMsCdobRpUhK4KgR+mpAWyPBEoKc8w5bikG99n00g== -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAqyv0BxClzRiLIgWV4PMx w4WCZFUyH9p9IYTv5xjTYENz6Z836r25roc0MeFZQiz2FgfhKTfsTBwJTss1Q1i6 YiPYSg9yNZQPP84JLAcG2frrp16Ugm5ADCl9Bwzfq6nuOQmtIQ9iasgD9uX9GA8T EblDjwfjc9Ouo567r4B/Cfr6EaXnlFfUO1ZTgZhWKissP0oxgMB5dFZZRl0UOYAG HjUbWRgQiidyiGrfFMBEyEhgPtLgDXmV5KfQIt9WFdqwX1L29H03KLg7Qt2L8YUj oy7r3sj1/1R4jpcGGz8L7TL03r2AU4YzSCDVRLNEoPgLLqHpRE8Nmr2A30iWsLSb YomkcMVmMzWBBVGqOjx35Y9BMBK9gqk0FqYyk7qwwVoAyd0LQC/IA57uSlh7xi4K BnC7F5xuuyA6HTg2hIx+IjxTHBxvjAqxfkncpw410vYJpgQd9ZNNVbEIJA4R0Yyp xePL6dhDbep/h3F7zNMPR74G3EalItDWZjVlHUPtLoamjcBpnLEyvWTqeW7NlbVV EQzZpkx0iSxdvJ9IOomKad8wG6A8DQBqI6GQMpbj8qG32ClL9U2B/3CD3XIjGuF6 Hl2Ywkp+3Y1cvakfe88AQZN052O/crGbwcpfTAVXabPJ9fTp/4HU1X+XZOYHyAA7 jUU9lSeSI75xndUILSEsiV8CAwEAAQ== -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 341153079582073306600336216311001205631399 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt Authority X3' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2020-03-04 08:07:21 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2020-06-02 08:07:21 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.kncar.cz' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 698319579168466462694720957029808912290565405364385943193913958855939693111478687284698934498317301968068910053066616443780326812840096822817601289847620914092950925293200697714209761854830150308538493836773908681523970822596318143190127551669136583090259760687918754251521434880326591774353192975449761392474094905904541153257111128171819820585711587354178852253888067697178162384390623363721331532063380056515276874190165320660215527333039897674042634589838365573320652377021323320555147509852221421872323078110730921219366947994262717444614503656659966407998749311799457392869439910036395683496048244716988817220761392849906485882879760748637431480942327966060228958542880049225000654255204811528683007365670690014803918935790430515703368081858794373193946724645945842351077217802358535131563606988313941278312830929817485691749807920034083028383526343314627995434484350850842479523040921555294648431300229487622962981661549327605044464848063433698022362455261723960864017731749337708814584352292107416205591732670432333643774582536660016353219285777609202286118249731080943158293688033339375120542421449381646586955923812924719980126198170688453564442629309735952006166080198420840060207322029754480384542902308562894868169132383 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) cc0552dc549e48f5014feeef01e1e3373fb4d522 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName a84a6a63047dddbae6d139b7a64565eff3a8eca1 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (99 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.int-x3.letsencrypt.org' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cert.int-x3.letsencrypt.org/' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (26 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'kncar.cz' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.kncar.cz' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (69 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.44947.1.1.1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://cps.letsencrypt.org' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (245 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (242 bytes) 00f0007600f095a459f200d18240102d2f93888ead4bfe1d47e399e1d034a6b0a8aa8eb27300000170a4ccaba7000004030047304502210084b7646522e69d4588142cfaf0bbb65d07d044cb58ca207230b037de1ce3091702204fe2b947146dd43f6673cbd8455921976be9dd9596035b592cd715cf92095c6f007600b21e05cc8ba2cd8a204e8766f92bb98a2520676bdafa70e7b249532def8b905e00000170a4ccaba50000040300473045022053a11f2a2d7aab39f856275b7be712b749249aa17fef0965e2d3c080e9c0f240022100d53f99b082512731572a2232437b1c00dc5ce193617cc407792c6a761984eb13 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 0040ca16503b8cc5871e88533d314fee11bfd89c9e752cb9f414e51964599ad2c79725e3c2194e9701b95c49586625d69ccf2b0793679862574cdab200e84c7aeb6f57174a4b9cbcaca0409ce91e68c483a319170ae83a63174ab8749ca2159fbe6a8d1f2f350d1ea6d652dd97f0d45aae864498bc099d29cd40b1e06d4ac787cc956ab5e5d202b1cbeca5b3cb1c9e96c8bb3af9dab3aca8db4e9cc6b20cac9126a855f9d16bffc381cae414de5d3d5ee5c9d3aba1690e9927c052b79f1f33403ac68ee05d9c74632631ea519e0f2d93076969a8aee608dc5c9ed62e26e19d6f7021d1c32c09da1b4695212b82a047e9a9016c8f044a0a73cc396e2906f7d9f4d2