App1.ciac.sh.cn
- 上海市城乡建设和交通委员会业务受理服务中心 -
Issued by SHECA
About this certificate
This digital certificate with serial number 50:96:a5:4b:be:0c:6d:36:14:a0:94:6b:75:81:11:df was issued on by SHECA.
This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- Subscriber certificates MUST contain the Subject Alternate Name extension (BRs: 7.1.4.2.1)
- KeyUsage [ContentCommitment DataEncipherment DigitalSignature KeyAgreement KeyEncipherment] (00011111) inconsistent with multiple purpose ExtKeyUsage [clientAuth serverAuth] The certificate MUST only be used for a purpose consistent with both key usage extension and extended key usage extension. (RFC 5280, Section 4.2.1.12.)
- Subscriber certificate with an RSA key contains invalid key usage(s): KeyUsageKeyAgreement Key usage values digitalSignature, nonRepudiation, keyEncipherment, and dataEncipherment may only be present in an end entity certificate with an RSA key (RFC 3279: 2.3.1)
- The common name field in subscriber certificates must include only names from the SAN extension (BRs: 7.1.4.2.2)
- Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)
- The keyUsage extension SHOULD be critical (RFC 5280: 4.2.1.3)
上海市城乡建设和交通委员会业务受理服务中心
Organization:
上海市城乡建设和交通委员会业务受理服务中心
Organization unit: 上海建筑建材业
Organization unit: 上海建筑建材业
State / Province:
上海
Locality: 上海
Country: CN
Locality: 上海
Country: CN
SHECA
Organization:
SHECA
This certificate has expire since
Certificate Details
Serial Number (hex): 50:96:a5:4b:be:0c:6d:36:14:a0:94:6b:75:81:11:dfSerial Number (int): 107120436790087459783477512529804071391
Serial Number lenght: 127 bits, 16 octets
SubjectKeyId: 97:ae:d1:a5:63:33:e9:a3:dc:d6:44:5c:83:78:68:66:1a:99:4d:de
AuthorityKeyId: d4:50:c9:74:93:7d:34:9a:b6:bf:c8:22:04:50:d8:7c:45:3c:85:70
Fingerprint (sha1): 7a:24:7a:54:e8:d9:4f:e6:b5:db:7a:ab:3c:dd:8e:9b:71:61:73:9b
Fingerprint (sha256): 70:33:a3:89:59:80:44:f6:04:4f:51:c6:fb:15:3f:e2:e4:e2:d6:13:73:2d:87:18:f5:17:a4:2b:d5:73:f4:cb
Issuing Certificate URL: http://ldap2.sheca.com/root/shecasub.der
Revocation information
OCSP Server: http://ocsp3.sheca.com/Sheca/sheca.ocspCRL Distribution Point: ldap://ldap2.sheca.com:389/cn=CRL1267.crl,ou=RA9020100,ou=CA11,ou=crl,o=UniTrust?certificateRevocationList?base?objectClass=cRLDistributionPoint
CRL Distribution Point: http://ldap2.sheca.com/CA11/RA9020100/CRL1267.crl
Check the revocation status for certificate App1.ciac.sh.cn
0
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for App1.ciac.sh.cn
Public Key Algorithm
RSA
Key Size
2048
Signature Algorithm
SHA1 with RSA
Key Usage
Digital Signature
Content Commitment
Key Encipherment
Data Encipherment
Key Agreement
Extended Key Usages
Server Authentication
Client Authentication
Extensions
8 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
This certificate doesn't contain any subject alternative names.
Other certificates including the domain name ciac.sh.cn
(limited to 100 certificates)
Certificate
The complete raw certificate details for App1.ciac.sh.cn in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIE+zCCBGSgAwIBAgIQUJalS74MbTYUoJRrdYER3zANBgkqhkiG9w0BAQUFADAg MQ4wDAYDVQQKEwVTSEVDQTEOMAwGA1UEAxMFU0hFQ0EwHhcNMTQwNDIxMTYwMDAw WhcNMTYwNDIxMTYwMDAwWjCBszELMAkGA1UEBhMCQ04xDzANBgNVBAgMBuS4iua1 tzEPMA0GA1UEBwwG5LiK5rW3MUgwRgYDVQQKDD/kuIrmtbfluILln47kuaHlu7ro rr7lkozkuqTpgJrlp5TlkZjkvJrkuJrliqHlj5fnkIbmnI3liqHkuK3lv4MxHjAc BgNVBAsMFeS4iua1t+W7uuetkeW7uuadkOS4mjEYMBYGA1UEAwwPQXBwMS5jaWFj LnNoLmNuMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs1XS/aYrfgEt +BY4AW8RALwDBtj6bCn4TxSLhhXcr8DlaKpDficopW5uSVoh5vIHTHrKdlCu5AbN +7+2Zq0U8yG3LImDhke9tPmyh1FqfEThEmlJe0thDpXGCIFbNKJLwxYRArNQCLU3 1kr0fiEtdpbur3M3Bi52MYvmR3zm1ZkOWikVe/eTFc9DJulnC3XtoHOKRA6d8p+p DysfBgH4UbSw35zK58wc+9S2VDRA4EKegT8sUrkFdaQJMVAs01u4ZPpn8hRlgRHn cR6BXSQR74hb8ZPIoUqj6LR3t3ltz32pjLCTrx0569liQDmfLGmwzypybpgKiJsF Jqf/zPVQhwIDAQABo4ICHDCCAhgwHwYDVR0jBBgwFoAU1FDJdJN9NJq2v8giBFDY fEU8hXAwHQYDVR0OBBYEFJeu0aVjM+mj3NZEXIN4aGYamU3eMAsGA1UdDwQEAwID +DAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwQQYDVR0gBDowODA2Bggq gRwBxTiBFTAqMCgGCCsGAQUFBwIBFhxodHRwOi8vd3d3LnNoZWNhLmNvbS9wb2xp Y3kvMAkGA1UdEwQCMAAwgeAGA1UdHwSB2DCB1TCBmaCBlqCBk4aBkGxkYXA6Ly9s ZGFwMi5zaGVjYS5jb206Mzg5L2NuPUNSTDEyNjcuY3JsLG91PVJBOTAyMDEwMCxv dT1DQTExLG91PWNybCxvPVVuaVRydXN0P2NlcnRpZmljYXRlUmV2b2NhdGlvbkxp c3Q/YmFzZT9vYmplY3RDbGFzcz1jUkxEaXN0cmlidXRpb25Qb2ludDA3oDWgM4Yx aHR0cDovL2xkYXAyLnNoZWNhLmNvbS9DQTExL1JBOTAyMDEwMC9DUkwxMjY3LmNy bDB5BggrBgEFBQcBAQRtMGswMwYIKwYBBQUHMAGGJ2h0dHA6Ly9vY3NwMy5zaGVj YS5jb20vU2hlY2Evc2hlY2Eub2NzcDA0BggrBgEFBQcwAoYoaHR0cDovL2xkYXAy LnNoZWNhLmNvbS9yb290L3NoZWNhc3ViLmRlcjANBgkqhkiG9w0BAQUFAAOBgQB7 EM1lMOKLZ2agxiO/auQ1WAmeVNLcoUcxjL5qBa0wqYkFu3uhsXxNWxWtP8yCjJcO 7jXqD7d64Y8xZSJynB60IYsO/qXJmB41cfJpmdpPIwASJOIpwaSfPZhhM/yH1dUR PvGEKa/w2rpCvlZf/DxDYjq8qIjkaCRnH4Rgr26/UQ== -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs1XS/aYrfgEt+BY4AW8R ALwDBtj6bCn4TxSLhhXcr8DlaKpDficopW5uSVoh5vIHTHrKdlCu5AbN+7+2Zq0U 8yG3LImDhke9tPmyh1FqfEThEmlJe0thDpXGCIFbNKJLwxYRArNQCLU31kr0fiEt dpbur3M3Bi52MYvmR3zm1ZkOWikVe/eTFc9DJulnC3XtoHOKRA6d8p+pDysfBgH4 UbSw35zK58wc+9S2VDRA4EKegT8sUrkFdaQJMVAs01u4ZPpn8hRlgRHncR6BXSQR 74hb8ZPIoUqj6LR3t3ltz32pjLCTrx0569liQDmfLGmwzypybpgKiJsFJqf/zPVQ hwIDAQAB -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 107120436790087459783477512529804071391 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.5 (sha1WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'SHECA' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'SHECA' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2014-04-21 16:00:00 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2016-04-21 16:00:00 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CN' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName) . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String '上海' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName) . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String '上海' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String '上海市城乡建设和交通委员会业务受理服务中心' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName) . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String '上海建筑建材业' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'App1.ciac.sh.cn' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 22638978070844931598505001458877528141318654236171270806547536613171333394914133830309495995606656497275443346852853744588837365550193859323610303635571072888297164805826227498155557927998032830386854544184857812413782241971577248746400417449029125102478387016679809007997277166592633998959232398025684013155489657026570169872072869734533451030479673436525908310901337366715464659380687304764558570488707435190508926937308595399158315158610529594825094702586108856383428829998598862142420349386918767174351410087730514073204338806162226703199816793367490387753822968083044626359411866454264030276761209793989332783239 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName d450c974937d349ab6bfc8220450d87c453c8570 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) 97aed1a56333e9a3dcd6445c837868661a994dde . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (5 bits) 03f8 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (58 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.156.1.8888.149 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.sheca.com/policy/' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (216 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'ldap://ldap2.sheca.com:389/cn=CRL1267.crl,ou=RA9020100,ou=CA11,ou=crl,o=UniTrust?certificateRevocationList?base?objectClass=cRLDistributionPoint' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ldap2.sheca.com/CA11/RA9020100/CRL1267.crl' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (109 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp3.sheca.com/Sheca/sheca.ocsp' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ldap2.sheca.com/root/shecasub.der' . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.5 (sha1WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (1024 bits) 007b10cd6530e28b6766a0c623bf6ae43558099e54d2dca147318cbe6a05ad30a98905bb7ba1b17c4d5b15ad3fcc828c970eee35ea0fb77ae18f316522729c1eb4218b0efea5c9981e3571f26999da4f23001224e229c1a49f3d986133fc87d5d5113ef18429aff0daba42be565ffc3c43623abca888e46824671f8460af6ebf51