geldstroom.com

Issued by R3

About this certificate

This digital certificate with serial number 04:11:45:b2:f8:1a:59:fc:ab:d2:6c:73:ac:34:c3:83:ff:5c was issued on by Let's Encrypt.

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Certificate Subject

CN=geldstroom.com

Let's Encrypt

Organization: Let's Encrypt
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 04:11:45:b2:f8:1a:59:fc:ab:d2:6c:73:ac:34:c3:83:ff:5c
Serial Number (int): 354326589957372282417493287571305019998044
Serial Number lenght: 139 bits, 18 octets

SubjectKeyId: 21:07:a5:4f:64:ae:1b:05:ae:43:a7:f6:17:8b:71:51:96:e2:09:6c
AuthorityKeyId: 14:2e:b3:17:b7:58:56:cb:ae:50:09:40:e6:1f:af:9d:8b:14:c2:c6

Fingerprint (sha1): 67:78:88:d8:65:68:0b:d0:8c:44:c1:d1:3b:b4:ab:a4:c2:6f:5e:a6
Fingerprint (sha256): 71:56:f1:a0:90:96:71:ce:2e:cd:e1:e9:79:1b:43:98:02:a1:48:02:3b:8a:08:bb:23:96:51:51:a2:c4:3a:5d

Issuing Certificate URL: http://r3.i.lencr.org/

Revocation information

OCSP Server: http://r3.o.lencr.org

Check the revocation status for certificate geldstroom.com

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for geldstroom.com

Public Key Algorithm

RSA

Key Size

4096

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

geldstroom.com
www.geldstroom.com

Other certificates including the domain name geldstroom.com

(limited to 100 certificates)
geldstroom.com
geldstroom.com

Certificate

The complete raw certificate details for geldstroom.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIF/TCCBOWgAwIBAgISBBFFsvgaWfyr0mxzrDTDg/9cMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yNDAyMjExOTE3MTJaFw0yNDA1MjExOTE3MTFaMBkxFzAVBgNVBAMT
DmdlbGRzdHJvb20uY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA
su2OLMd9Dh4Yw6/75+rzbTM6sLmsTtfqRylc6hCWuHlJmuv4N16FgU966C4shWu+
T50fckSifK22ZuZdZZgv5eP6SorP9LKXoJ4Z0ec4e0o0rxxlKXdxlbkzil9tYA2L
Y7yobx9cr+ICTIM+zLoCtVoKyaG72t2IEwHedgiywrXeILMNKM4lEZw6VYS4p8yG
+z6UqAKFqu8Z5TV96fBgRzcg+AUu33Ko/O8LgLLoHyqVn/QlN022ZS0dTZFX9nYm
NmbtosOvrAx7TxdTYQT7jZE7PxySkuqXYQ4qi79O9s3VEjwDrFcp72D8K/vRftkf
SCZOFMi5Y4rPKWo0iLPgTYbUkyA3WXcaIbNNcv2zzKI2Vj/3cHOZwEvpQKOZDYRQ
C3EIb1ixNTan17Faf3N7r0hNMH0bMD4f+ZWM1kJI2Luu0xmjGmxcvZ1PLOl/W3/z
RHNHuj7ylQLB/4O7DbC4PFVLW9x/JonpwqUGau3vx/5docSDRN7vN2LtOULIqWwm
xHkpBfdM7JzO2TvYs1KKsNICTHVljqND9LPJvOVr1PB+hrvKKPb0oifAO7ja7MoW
h1HDcD7VVifLj5KjSZbQRreK9BJFikMD9UnymIBeXb6YnpnjkbK2IO7pA3lplkb1
umuYA07Hpt+2ICKxggfDgjlWzV3e5Mb/RKIC4cPwaeUCAwEAAaOCAiQwggIgMA4G
A1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYD
VR0TAQH/BAIwADAdBgNVHQ4EFgQUIQelT2SuGwWuQ6f2F4txUZbiCWwwHwYDVR0j
BBgwFoAUFC6zF7dYVsuuUAlA5h+vnYsUwsYwVQYIKwYBBQUHAQEESTBHMCEGCCsG
AQUFBzABhhVodHRwOi8vcjMuby5sZW5jci5vcmcwIgYIKwYBBQUHMAKGFmh0dHA6
Ly9yMy5pLmxlbmNyLm9yZy8wLQYDVR0RBCYwJIIOZ2VsZHN0cm9vbS5jb22CEnd3
dy5nZWxkc3Ryb29tLmNvbTATBgNVHSAEDDAKMAgGBmeBDAECATCCAQQGCisGAQQB
1nkCBAIEgfUEgfIA8AB1AEiw42vapkc0D+VqAvqdMOscUgHLVt0sgdm7v6s52IRz
AAABjc1Qrw8AAAQDAEYwRAIgZ/pzqUSe0XrPYa14PZF3jjyyICZP6jJN9b8Tv9jn
LT0CIB1cUxHHmQqvYdepflpL1xx4JTkQ4VXu6TQXeV3CVbbUAHcA7s3QZNXbGs7F
XLedtM0TojKHRny87N7DUUhZRnEftZsAAAGNzVCvqAAABAMASDBGAiEA1iC/kqSf
gOd34cJPRUNllYgi3vOAVaociEpGbPuGofYCIQDl1Wk6k2AxUEpwAB54Lv+eTiZx
O24KK2nmd0jYA/ou6zANBgkqhkiG9w0BAQsFAAOCAQEAkNC8e/wWwGpZRQZl+njo
HLZsO/sz/E0agkJD3anl1Q7IboroFYK2NrcUI/7wHQOZuid8yVrdlnDvEmdhE/Bj
cDBJ0au8rYWKIjZvDwxQmBtRoee3tbGupuBHjSrzIBreUlvXEY0rrt7g9X1Cg+1q
XbSJKmJa87768ROBAXlZpCSasvlDdZODBEuqtRSkHBmcaCu/R8j1Dn2+txmvghzY
r0HZ67U2vgZGZ/9gK8GoVEIvVhCR8ySCqCMz28QbGLjJX/C2ivu2ke6hgFZZ23Op
xg1SvB+6sih5SYrAP2lkY5pg+IRRm/RfbFocaBGBoHUhZP/PfO6nGbJ5phmRNcNA
oQ==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAsu2OLMd9Dh4Yw6/75+rz
bTM6sLmsTtfqRylc6hCWuHlJmuv4N16FgU966C4shWu+T50fckSifK22ZuZdZZgv
5eP6SorP9LKXoJ4Z0ec4e0o0rxxlKXdxlbkzil9tYA2LY7yobx9cr+ICTIM+zLoC
tVoKyaG72t2IEwHedgiywrXeILMNKM4lEZw6VYS4p8yG+z6UqAKFqu8Z5TV96fBg
Rzcg+AUu33Ko/O8LgLLoHyqVn/QlN022ZS0dTZFX9nYmNmbtosOvrAx7TxdTYQT7
jZE7PxySkuqXYQ4qi79O9s3VEjwDrFcp72D8K/vRftkfSCZOFMi5Y4rPKWo0iLPg
TYbUkyA3WXcaIbNNcv2zzKI2Vj/3cHOZwEvpQKOZDYRQC3EIb1ixNTan17Faf3N7
r0hNMH0bMD4f+ZWM1kJI2Luu0xmjGmxcvZ1PLOl/W3/zRHNHuj7ylQLB/4O7DbC4
PFVLW9x/JonpwqUGau3vx/5docSDRN7vN2LtOULIqWwmxHkpBfdM7JzO2TvYs1KK
sNICTHVljqND9LPJvOVr1PB+hrvKKPb0oifAO7ja7MoWh1HDcD7VVifLj5KjSZbQ
RreK9BJFikMD9UnymIBeXb6YnpnjkbK2IO7pA3lplkb1umuYA07Hpt+2ICKxggfD
gjlWzV3e5Mb/RKIC4cPwaeUCAwEAAQ==
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 354326589957372282417493287571305019998044
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'R3'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-02-21 19:17:12 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-05-21 19:17:11 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'geldstroom.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 729962352542025420734480199534066877808663336817175391064740360660902074566737823727143894593795650457930794078572455620483758369307404821642939237668547330161278701396377002669633724395818841299244395197272391741753258749907062667376859920322107138168153578403974527639088630376150916078108963168379742232964309538333881238451774477948151160692547114220182929008891183152591300783025757669732553015164789298597557523124525114572033102079293653450052204116496671805778542268290743873210388388474392348602805806347774051976028578096946751514695045843228288067863480777455628614952631117572552473740035946971853303456638848654976409880951933991083433081221973305379519326574624189974213564535277806316725282747888906822824880594392189097485748398334897433479843433822123468638794118620925918016912246728945943424969531541925170289642333426007001678791837867574433178767086909987058398124265706896016218455048584991453772514591067919181060719829051331461734314130403718029818120621700439725484542434482348282359565540419884301372450516788187118870399808166487429013085730469318407464729308442781173989406776984912009055229247237539662120243134356840275730652326672981922150556918751426273277662889423955372267910195425450320436237724133
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							2107a54f64ae1b05ae43a7f6178b715196e2096c
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 142eb317b75856cbae500940e61faf9d8b14c2c6
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (73 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.o.lencr.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.i.lencr.org/'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (38 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'geldstroom.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.geldstroom.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (245 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (242 bytes)
							00f000750048b0e36bdaa647340fe56a02fa9d30eb1c5201cb56dd2c81d9bbbfab39d884730000018dcd50af0f0000040300463044022067fa73a9449ed17acf61ad783d91778e3cb220264fea324df5bf13bfd8e72d3d02201d5c5311c7990aaf61d7a97e5a4bd71c78253910e155eee93417795dc255b6d4007700eecdd064d5db1acec55cb79db4cd13a23287467cbcecdec351485946711fb59b0000018dcd50afa80000040300483046022100d620bf92a49f80e777e1c24f454365958822def38055aa1c884a466cfb86a1f6022100e5d5693a936031504a70001e782eff9e4e26713b6e0a2b69e67748d803fa2eeb
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		0090d0bc7bfc16c06a59450665fa78e81cb66c3bfb33fc4d1a824243dda9e5d50ec86e8ae81582b636b71423fef01d0399ba277cc95add9670ef12676113f063703049d1abbcad858a22366f0f0c50981b51a1e7b7b5b1aea6e0478d2af3201ade525bd7118d2baedee0f57d4283ed6a5db4892a625af3befaf11381017959a4249ab2f943759383044baab514a41c199c682bbf47c8f50e7dbeb719af821cd8af41d9ebb536be064667ff602bc1a854422f561091f32482a82333dbc41b18b8c95ff0b68afbb691eea1805659db73a9c60d52bc1fbab22879498ac03f6964639a60f884519bf45f6c5a1c681181a0752164ffcf7ceea719b279a6199135c340a1