www.thexs.ca

Issued by GTS CA 1D2

About this certificate

This digital certificate with serial number c7:2b:fe:5e:6b:1a:f0:70:0a:00:00:00:00:0d:36:fc was issued on by Google Trust Services.

This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Certificate Subject

CN=www.thexs.ca

Google Trust Services

Organization: Google Trust Services
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): c7:2b:fe:5e:6b:1a:f0:70:0a:00:00:00:00:0d:36:fc
Serial Number (int): 264744799138749323717925536355698161404
Serial Number lenght: 128 bits, 16 octets

SubjectKeyId: d7:f4:8e:90:2c:3b:fc:de:83:96:e8:e1:47:d5:db:9d:74:ee:2a:ea
AuthorityKeyId: b1:dd:32:5d:e8:b7:37:72:d2:ce:5c:ce:26:fe:47:79:e2:01:08:e9

Fingerprint (sha1): d7:d4:36:b3:3f:46:5b:a0:d0:af:74:f4:1f:35:42:5d:3f:97:e4:79
Fingerprint (sha256): 70:a1:5f:b3:8c:94:1a:65:66:7e:37:78:36:27:50:36:88:e5:b8:a1:38:36:23:58:d1:42:d4:82:72:10:d1:5e

Issuing Certificate URL: http://pki.goog/gsr2/GTS1D2.crt

Revocation information

OCSP Server: http://ocsp.pki.goog/gts1d2
CRL Distribution Point: http://crl.pki.goog/GTS1D2.crl

Check the revocation status for certificate www.thexs.ca

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for www.thexs.ca

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

www.thexs.ca

Other certificates including the domain name thexs.ca

(limited to 100 certificates)

Certificate

The complete raw certificate details for www.thexs.ca in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgIRAMcr/l5rGvBwCgAAAAANNvwwDQYJKoZIhvcNAQELBQAw
QjELMAkGA1UEBhMCVVMxHjAcBgNVBAoTFUdvb2dsZSBUcnVzdCBTZXJ2aWNlczET
MBEGA1UEAxMKR1RTIENBIDFEMjAeFw0yMDAxMTUxMjA4MThaFw0yMDA0MTQxMjA4
MThaMBcxFTATBgNVBAMTDHd3dy50aGV4cy5jYTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMB7PdW0fznHp0W69DtJU5LPRR1F1ec+cX+r/gBUpnilTpgg
CekRRVNnXcrRF4ILyitJFaGCbahTlq+cv1qv5S0jGoRUQX2pmcQF4EOMgpq5k831
WsnXNRVVnYOG7/stqZj+MCOb1NUXMtPrr6PhyogX4Mtt0j1+OPoO/zO5pe3hjXsx
pb7yizJjgVQe98orgO2PPvTPenDdaxpsZIpXkepPi0cKZBahXDaHYYIkcKAzY9fN
2Ua16K50FZR7HVFi7d/oEDRD1tbEtEpQ964s+kNtUJqL/3JAqXUY6LInPddHH4hQ
aOPxSdm4+YQpzyDg+OPdmXlnAgMkx74kYWez260CAwEAAaOCAlEwggJNMA4GA1Ud
DwEB/wQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMB0G
A1UdDgQWBBTX9I6QLDv83oOW6OFH1duddO4q6jAfBgNVHSMEGDAWgBSx3TJd6Lc3
ctLOXM4m/kd54gEI6TBkBggrBgEFBQcBAQRYMFYwJwYIKwYBBQUHMAGGG2h0dHA6
Ly9vY3NwLnBraS5nb29nL2d0czFkMjArBggrBgEFBQcwAoYfaHR0cDovL3BraS5n
b29nL2dzcjIvR1RTMUQyLmNydDAXBgNVHREEEDAOggx3d3cudGhleHMuY2EwIQYD
VR0gBBowGDAIBgZngQwBAgEwDAYKKwYBBAHWeQIFAzAvBgNVHR8EKDAmMCSgIqAg
hh5odHRwOi8vY3JsLnBraS5nb29nL0dUUzFEMi5jcmwwggEDBgorBgEEAdZ5AgQC
BIH0BIHxAO8AdgCyHgXMi6LNiiBOh2b5K7mKJSBna9r6cOeySVMt74uQXgAAAW+p
UaekAAAEAwBHMEUCIQDx5r5jzJwlG29o2UQIhltV3M+kkXEoxy6nUKvpGs2pKAIg
RT713K8q14eGXjjBeRHYOLrTTkrNOg5MctAgycxGlGAAdQBep3P531bA57U2SH3Q
SeAyepGaDIShEhKEGHWWgXFFWAAAAW+pUae/AAAEAwBGMEQCICA3WuL7J/lD9pbp
CodWJmlhRSORBpx08Rf+2oPqP4DvAiBf6oPI2nUW32a997Awif/wx/yKnInqEl7q
vvJmf58RhjANBgkqhkiG9w0BAQsFAAOCAQEAKsX7y1/3VqQje8RQzcZrtzrtptgo
z2Mb54bT9WuCNijuYhWaoKamodD8FrHQyTGGUo5QFMqHjXC0yMYstbRBJ0l6+Qju
rs2qkonQrKoslhYKwJcpHt9HrwaPWHXeSdQR5sTvg5t2uuKTwysZG6kFPc78E6Ki
Ii0ZVvTcz3L3UjpTvFlMSlUYeooIlBKAxBMHvPRvDC+pCNlETqgjYHl87LBXkfKk
idJrOePWRhplV51ACke/JEkyN3gmr5YyvPI4pgZbZPaWKNGJ2oiMP44qcCecY6tX
FopJWwAwBV+QzGnAXsj/BhE1Q3mHVOWG7+t31xgs2KvDtxg8QH5dt9T/xg==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwHs91bR/OcenRbr0O0lT
ks9FHUXV5z5xf6v+AFSmeKVOmCAJ6RFFU2ddytEXggvKK0kVoYJtqFOWr5y/Wq/l
LSMahFRBfamZxAXgQ4yCmrmTzfVaydc1FVWdg4bv+y2pmP4wI5vU1Rcy0+uvo+HK
iBfgy23SPX44+g7/M7ml7eGNezGlvvKLMmOBVB73yiuA7Y8+9M96cN1rGmxkileR
6k+LRwpkFqFcNodhgiRwoDNj183ZRrXornQVlHsdUWLt3+gQNEPW1sS0SlD3riz6
Q21Qmov/ckCpdRjosic910cfiFBo4/FJ2bj5hCnPIOD4492ZeWcCAyTHviRhZ7Pb
rQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 264744799138749323717925536355698161404
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Google Trust Services'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GTS CA 1D2'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2020-01-15 12:08:18 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2020-04-14 12:08:18 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.thexs.ca'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 24298527222936228163211519351139639388316240742720022047342085596384280017954276317373255395296282071928274409231353141585600815065657603666070034412212445154240912304985835158260856573002517990300404784817661029129130610895396727179713868075699453050239943258628088898819328554200462957296487179539704493052798567758586316293333847063236976603504590104896013144759062930940236654548558616192759206666579899369616278720247761385520849710128038076445709786685958646030551046706893143299336707778048172401681925393846088457888291554057568248509250870951907672964557272922044788016696165490969143343796448142316727950253
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							d7f48e902c3bfcde8396e8e147d5db9d74ee2aea
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName b1dd325de8b73772d2ce5cce26fe4779e20108e9
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (88 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.pki.goog/gts1d2'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://pki.goog/gsr2/GTS1D2.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (16 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.thexs.ca'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (26 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.5.3
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (40 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.pki.goog/GTS1D2.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (244 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (241 bytes)
							00ef007600b21e05cc8ba2cd8a204e8766f92bb98a2520676bdafa70e7b249532def8b905e0000016fa951a7a40000040300473045022100f1e6be63cc9c251b6f68d94408865b55dccfa4917128c72ea750abe91acda9280220453ef5dcaf2ad787865e38c17911d838bad34e4acd3a0e4c72d020c9cc4694600075005ea773f9df56c0e7b536487dd049e0327a919a0c84a1121284187596817145580000016fa951a7bf0000040300463044022020375ae2fb27f943f696e90a8756266961452391069c74f117feda83ea3f80ef02205fea83c8da7516df66bdf7b03089fff0c7fc8a9c89ea125eeabef2667f9f1186
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		002ac5fbcb5ff756a4237bc450cdc66bb73aeda6d828cf631be786d3f56b823628ee62159aa0a6a6a1d0fc16b1d0c93186528e5014ca878d70b4c8c62cb5b44127497af908eeaecdaa9289d0acaa2c96160ac097291edf47af068f5875de49d411e6c4ef839b76bae293c32b191ba9053dcefc13a2a2222d1956f4dccf72f7523a53bc594c4a55187a8a08941280c41307bcf46f0c2fa908d9444ea82360797cecb05791f2a489d26b39e3d6461a65579d400a47bf244932377826af9632bcf238a6065b64f69628d189da888c3f8e2a70279c63ab57168a495b0030055f90cc69c05ec8ff06113543798754e586efeb77d7182cd8abc3b7183c407e5db7d4ffc6