geldstroom.com
Issued by R3
About this certificate
This digital certificate with serial number 04:11:45:b2:f8:1a:59:fc:ab:d2:6c:73:ac:34:c3:83:ff:5c was issued on by Let's Encrypt.
With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
- Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
- Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)
Certificate Subject
CN=geldstroom.com
Let's Encrypt
Organization:
Let's Encrypt
Country:
US
This certificate has expire since
Certificate Details
Serial Number (hex): 04:11:45:b2:f8:1a:59:fc:ab:d2:6c:73:ac:34:c3:83:ff:5cSerial Number (int): 354326589957372282417493287571305019998044
Serial Number lenght: 139 bits, 18 octets
SubjectKeyId: 21:07:a5:4f:64:ae:1b:05:ae:43:a7:f6:17:8b:71:51:96:e2:09:6c
AuthorityKeyId: 14:2e:b3:17:b7:58:56:cb:ae:50:09:40:e6:1f:af:9d:8b:14:c2:c6
Fingerprint (sha1): 67:78:88:d8:65:68:0b:d0:8c:44:c1:d1:3b:b4:ab:a4:c2:6f:5e:a6
Fingerprint (sha256): 71:56:f1:a0:90:96:71:ce:2e:cd:e1:e9:79:1b:43:98:02:a1:48:02:3b:8a:08:bb:23:96:51:51:a2:c4:3a:5d
Issuing Certificate URL: http://r3.i.lencr.org/
Revocation information
OCSP Server: http://r3.o.lencr.orgCheck the revocation status for certificate geldstroom.com
2
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for geldstroom.com
Public Key Algorithm
RSA
Key Size
4096
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
9 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
geldstroom.com
www.geldstroom.com
www.geldstroom.com
Other certificates including the domain name geldstroom.com
(limited to 100 certificates)
Certificate
The complete raw certificate details for geldstroom.com in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIF/TCCBOWgAwIBAgISBBFFsvgaWfyr0mxzrDTDg/9cMA0GCSqGSIb3DQEBCwUA MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD EwJSMzAeFw0yNDAyMjExOTE3MTJaFw0yNDA1MjExOTE3MTFaMBkxFzAVBgNVBAMT DmdlbGRzdHJvb20uY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA su2OLMd9Dh4Yw6/75+rzbTM6sLmsTtfqRylc6hCWuHlJmuv4N16FgU966C4shWu+ T50fckSifK22ZuZdZZgv5eP6SorP9LKXoJ4Z0ec4e0o0rxxlKXdxlbkzil9tYA2L Y7yobx9cr+ICTIM+zLoCtVoKyaG72t2IEwHedgiywrXeILMNKM4lEZw6VYS4p8yG +z6UqAKFqu8Z5TV96fBgRzcg+AUu33Ko/O8LgLLoHyqVn/QlN022ZS0dTZFX9nYm NmbtosOvrAx7TxdTYQT7jZE7PxySkuqXYQ4qi79O9s3VEjwDrFcp72D8K/vRftkf SCZOFMi5Y4rPKWo0iLPgTYbUkyA3WXcaIbNNcv2zzKI2Vj/3cHOZwEvpQKOZDYRQ C3EIb1ixNTan17Faf3N7r0hNMH0bMD4f+ZWM1kJI2Luu0xmjGmxcvZ1PLOl/W3/z RHNHuj7ylQLB/4O7DbC4PFVLW9x/JonpwqUGau3vx/5docSDRN7vN2LtOULIqWwm xHkpBfdM7JzO2TvYs1KKsNICTHVljqND9LPJvOVr1PB+hrvKKPb0oifAO7ja7MoW h1HDcD7VVifLj5KjSZbQRreK9BJFikMD9UnymIBeXb6YnpnjkbK2IO7pA3lplkb1 umuYA07Hpt+2ICKxggfDgjlWzV3e5Mb/RKIC4cPwaeUCAwEAAaOCAiQwggIgMA4G A1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYD VR0TAQH/BAIwADAdBgNVHQ4EFgQUIQelT2SuGwWuQ6f2F4txUZbiCWwwHwYDVR0j BBgwFoAUFC6zF7dYVsuuUAlA5h+vnYsUwsYwVQYIKwYBBQUHAQEESTBHMCEGCCsG AQUFBzABhhVodHRwOi8vcjMuby5sZW5jci5vcmcwIgYIKwYBBQUHMAKGFmh0dHA6 Ly9yMy5pLmxlbmNyLm9yZy8wLQYDVR0RBCYwJIIOZ2VsZHN0cm9vbS5jb22CEnd3 dy5nZWxkc3Ryb29tLmNvbTATBgNVHSAEDDAKMAgGBmeBDAECATCCAQQGCisGAQQB 1nkCBAIEgfUEgfIA8AB1AEiw42vapkc0D+VqAvqdMOscUgHLVt0sgdm7v6s52IRz AAABjc1Qrw8AAAQDAEYwRAIgZ/pzqUSe0XrPYa14PZF3jjyyICZP6jJN9b8Tv9jn LT0CIB1cUxHHmQqvYdepflpL1xx4JTkQ4VXu6TQXeV3CVbbUAHcA7s3QZNXbGs7F XLedtM0TojKHRny87N7DUUhZRnEftZsAAAGNzVCvqAAABAMASDBGAiEA1iC/kqSf gOd34cJPRUNllYgi3vOAVaociEpGbPuGofYCIQDl1Wk6k2AxUEpwAB54Lv+eTiZx O24KK2nmd0jYA/ou6zANBgkqhkiG9w0BAQsFAAOCAQEAkNC8e/wWwGpZRQZl+njo HLZsO/sz/E0agkJD3anl1Q7IboroFYK2NrcUI/7wHQOZuid8yVrdlnDvEmdhE/Bj cDBJ0au8rYWKIjZvDwxQmBtRoee3tbGupuBHjSrzIBreUlvXEY0rrt7g9X1Cg+1q XbSJKmJa87768ROBAXlZpCSasvlDdZODBEuqtRSkHBmcaCu/R8j1Dn2+txmvghzY r0HZ67U2vgZGZ/9gK8GoVEIvVhCR8ySCqCMz28QbGLjJX/C2ivu2ke6hgFZZ23Op xg1SvB+6sih5SYrAP2lkY5pg+IRRm/RfbFocaBGBoHUhZP/PfO6nGbJ5phmRNcNA oQ== -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAsu2OLMd9Dh4Yw6/75+rz bTM6sLmsTtfqRylc6hCWuHlJmuv4N16FgU966C4shWu+T50fckSifK22ZuZdZZgv 5eP6SorP9LKXoJ4Z0ec4e0o0rxxlKXdxlbkzil9tYA2LY7yobx9cr+ICTIM+zLoC tVoKyaG72t2IEwHedgiywrXeILMNKM4lEZw6VYS4p8yG+z6UqAKFqu8Z5TV96fBg Rzcg+AUu33Ko/O8LgLLoHyqVn/QlN022ZS0dTZFX9nYmNmbtosOvrAx7TxdTYQT7 jZE7PxySkuqXYQ4qi79O9s3VEjwDrFcp72D8K/vRftkfSCZOFMi5Y4rPKWo0iLPg TYbUkyA3WXcaIbNNcv2zzKI2Vj/3cHOZwEvpQKOZDYRQC3EIb1ixNTan17Faf3N7 r0hNMH0bMD4f+ZWM1kJI2Luu0xmjGmxcvZ1PLOl/W3/zRHNHuj7ylQLB/4O7DbC4 PFVLW9x/JonpwqUGau3vx/5docSDRN7vN2LtOULIqWwmxHkpBfdM7JzO2TvYs1KK sNICTHVljqND9LPJvOVr1PB+hrvKKPb0oifAO7ja7MoWh1HDcD7VVifLj5KjSZbQ RreK9BJFikMD9UnymIBeXb6YnpnjkbK2IO7pA3lplkb1umuYA07Hpt+2ICKxggfD gjlWzV3e5Mb/RKIC4cPwaeUCAwEAAQ== -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 354326589957372282417493287571305019998044 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'R3' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-02-21 19:17:12 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-05-21 19:17:11 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'geldstroom.com' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 729962352542025420734480199534066877808663336817175391064740360660902074566737823727143894593795650457930794078572455620483758369307404821642939237668547330161278701396377002669633724395818841299244395197272391741753258749907062667376859920322107138168153578403974527639088630376150916078108963168379742232964309538333881238451774477948151160692547114220182929008891183152591300783025757669732553015164789298597557523124525114572033102079293653450052204116496671805778542268290743873210388388474392348602805806347774051976028578096946751514695045843228288067863480777455628614952631117572552473740035946971853303456638848654976409880951933991083433081221973305379519326574624189974213564535277806316725282747888906822824880594392189097485748398334897433479843433822123468638794118620925918016912246728945943424969531541925170289642333426007001678791837867574433178767086909987058398124265706896016218455048584991453772514591067919181060719829051331461734314130403718029818120621700439725484542434482348282359565540419884301372450516788187118870399808166487429013085730469318407464729308442781173989406776984912009055229247237539662120243134356840275730652326672981922150556918751426273277662889423955372267910195425450320436237724133 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) 2107a54f64ae1b05ae43a7f6178b715196e2096c . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 142eb317b75856cbae500940e61faf9d8b14c2c6 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (73 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.o.lencr.org' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.i.lencr.org/' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (38 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'geldstroom.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.geldstroom.com' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (245 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (242 bytes) 00f000750048b0e36bdaa647340fe56a02fa9d30eb1c5201cb56dd2c81d9bbbfab39d884730000018dcd50af0f0000040300463044022067fa73a9449ed17acf61ad783d91778e3cb220264fea324df5bf13bfd8e72d3d02201d5c5311c7990aaf61d7a97e5a4bd71c78253910e155eee93417795dc255b6d4007700eecdd064d5db1acec55cb79db4cd13a23287467cbcecdec351485946711fb59b0000018dcd50afa80000040300483046022100d620bf92a49f80e777e1c24f454365958822def38055aa1c884a466cfb86a1f6022100e5d5693a936031504a70001e782eff9e4e26713b6e0a2b69e67748d803fa2eeb . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 0090d0bc7bfc16c06a59450665fa78e81cb66c3bfb33fc4d1a824243dda9e5d50ec86e8ae81582b636b71423fef01d0399ba277cc95add9670ef12676113f063703049d1abbcad858a22366f0f0c50981b51a1e7b7b5b1aea6e0478d2af3201ade525bd7118d2baedee0f57d4283ed6a5db4892a625af3befaf11381017959a4249ab2f943759383044baab514a41c199c682bbf47c8f50e7dbeb719af821cd8af41d9ebb536be064667ff602bc1a854422f561091f32482a82333dbc41b18b8c95ff0b68afbb691eea1805659db73a9c60d52bc1fbab22879498ac03f6964639a60f884519bf45f6c5a1c681181a0752164ffcf7ceea719b279a6199135c340a1