legaia.ca
Issued by Let's Encrypt Authority X3
About this certificate
This digital certificate with serial number 03:85:db:13:5b:a7:18:e0:06:3f:08:72:de:0f:c7:dd:4c:fd was issued on by Let's Encrypt.
This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)
Certificate Subject
CN=legaia.ca
Let's Encrypt
Organization:
Let's Encrypt
Country:
US
This certificate has expire since
Certificate Details
Serial Number (hex): 03:85:db:13:5b:a7:18:e0:06:3f:08:72:de:0f:c7:dd:4c:fdSerial Number (int): 306885614039420839859691808604481625345277
Serial Number lenght: 138 bits, 18 octets
SubjectKeyId: 70:a8:b2:bc:65:06:a8:a8:76:c0:bb:f4:16:ef:49:31:fc:50:94:43
AuthorityKeyId: a8:4a:6a:63:04:7d:dd:ba:e6:d1:39:b7:a6:45:65:ef:f3:a8:ec:a1
Fingerprint (sha1): 42:4a:90:dc:f2:e9:d4:3f:9c:a6:32:cd:8a:d6:20:ef:16:ae:db:17
Fingerprint (sha256): 76:36:66:44:df:a8:fa:f2:75:67:fe:1b:cb:48:42:9c:33:3f:b6:db:92:4c:36:b2:cf:22:8b:1e:92:ff:20:e0
Issuing Certificate URL: http://cert.int-x3.letsencrypt.org/
Revocation information
OCSP Server: http://ocsp.int-x3.letsencrypt.orgCheck the revocation status for certificate legaia.ca
1
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for legaia.ca
Public Key Algorithm
RSA
Key Size
2048
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
8 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
legaia.ca
Other certificates including the domain name legaia.ca
(limited to 100 certificates)
www.legaia.ca
www.legaia.ca
legaia.ca
legaia.ca
legaia.ca
www.legaia.ca
legaia.ca
www.legaia.ca
www.legaia.ca
legaia.ca
legaia.ca
legaia.ca
legaia.ca
legaia.ca
legaia.ca
www.legaia.ca
legaia.ca
www.legaia.ca
www.legaia.ca
legaia.ca
www.legaia.ca
legaia.ca
legaia.ca
legaia.ca
legaia.ca
legaia.ca
www.legaia.ca
www.legaia.ca
legaia.ca
www.legaia.ca
www.legaia.ca
legaia.ca
legaia.ca
legaia.ca
www.legaia.ca
legaia.ca
www.legaia.ca
www.legaia.ca
legaia.ca
legaia.ca
legaia.ca
legaia.ca
legaia.ca
legaia.ca
www.legaia.ca
legaia.ca
www.legaia.ca
www.legaia.ca
legaia.ca
www.legaia.ca
legaia.ca
legaia.ca
legaia.ca
legaia.ca
legaia.ca
www.legaia.ca
www.legaia.ca
legaia.ca
www.legaia.ca
Certificate
The complete raw certificate details for legaia.ca in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIE9TCCA92gAwIBAgISA4XbE1unGOAGPwhy3g/H3Uz9MA0GCSqGSIb3DQEBCwUA MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xNzEyMDYxNDQ1NDNaFw0x ODAzMDYxNDQ1NDNaMBQxEjAQBgNVBAMTCWxlZ2FpYS5jYTCCASIwDQYJKoZIhvcN AQEBBQADggEPADCCAQoCggEBAKXvuafkEyGI13SPOvmWUIpIev/TIpvY32cESzEn 2g/i2i64+MN8mtlWQlXJi6k59cZbX2i+GtoUEKY2x50l+YVuwQlj8FTlenqghh1n M8vLDO8wcb81EKzT5/Ua4dX3ZiM523Lalvn8ynohle8syQ6WGL2q2McL+ODZGDfL QM/IOfid4wJ8zHTbw/3icj9d0igHAnk0Th77y4iMfL/bvmxT2horos/3oZia69Un iZDJaodSlzWLbwwBknKUzTZfnpe9ee/k7mvMdGR6ylzr/O5NRVknd9bDcpmCBKEe ME6KzWVY9NBISepPJRRqtdeq+/B/kAPeB2W3/VyLIIE/TnkCAwEAAaOCAgkwggIF MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw DAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUcKiyvGUGqKh2wLv0Fu9JMfxQlEMwHwYD VR0jBBgwFoAUqEpqYwR93brm0Tm3pkVl7/Oo7KEwbwYIKwYBBQUHAQEEYzBhMC4G CCsGAQUFBzABhiJodHRwOi8vb2NzcC5pbnQteDMubGV0c2VuY3J5cHQub3JnMC8G CCsGAQUFBzAChiNodHRwOi8vY2VydC5pbnQteDMubGV0c2VuY3J5cHQub3JnLzAU BgNVHREEDTALgglsZWdhaWEuY2Ewgf4GA1UdIASB9jCB8zAIBgZngQwBAgEwgeYG CysGAQQBgt8TAQEBMIHWMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNy eXB0Lm9yZzCBqwYIKwYBBQUHAgIwgZ4MgZtUaGlzIENlcnRpZmljYXRlIG1heSBv bmx5IGJlIHJlbGllZCB1cG9uIGJ5IFJlbHlpbmcgUGFydGllcyBhbmQgb25seSBp biBhY2NvcmRhbmNlIHdpdGggdGhlIENlcnRpZmljYXRlIFBvbGljeSBmb3VuZCBh dCBodHRwczovL2xldHNlbmNyeXB0Lm9yZy9yZXBvc2l0b3J5LzANBgkqhkiG9w0B AQsFAAOCAQEAXzonIySse/0WlvApeYTu/onC9ZjuVDrXGLRJ4I00kuf5Yq+XnbPG f4aqofP0ZDrHxD9fKQWoSk/jOnZNyXMsSo7HtK5BwZ9wly9M00VovKrAuD2q17tr 7uqdS/Y5NlaXNhtSZPd1zj5KqyKyjsJo11sglAFW1Iq90Ir7u5RzNBzcxkq1PJ1T if1BY7745qc+nXDdglhHUQXiXK1QWwRwt9RLa5b6j6h8KwNdVaKyEYC8+H4DUcpU wrEyG0WiSjoaOwwgIyFK1lowezSPUIwSuZLDQF/tqaC7VgVuK7PA08V3jAPD7p7m WdzA6zPtv50aNDDYGkohJ5aJPoneXN3WSg== -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApe+5p+QTIYjXdI86+ZZQ ikh6/9Mim9jfZwRLMSfaD+LaLrj4w3ya2VZCVcmLqTn1xltfaL4a2hQQpjbHnSX5 hW7BCWPwVOV6eqCGHWczy8sM7zBxvzUQrNPn9Rrh1fdmIznbctqW+fzKeiGV7yzJ DpYYvarYxwv44NkYN8tAz8g5+J3jAnzMdNvD/eJyP13SKAcCeTROHvvLiIx8v9u+ bFPaGiuiz/ehmJrr1SeJkMlqh1KXNYtvDAGScpTNNl+el7157+Tua8x0ZHrKXOv8 7k1FWSd31sNymYIEoR4wTorNZVj00EhJ6k8lFGq116r78H+QA94HZbf9XIsggT9O eQIDAQAB -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 306885614039420839859691808604481625345277 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt Authority X3' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2017-12-06 14:45:43 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2018-03-06 14:45:43 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'legaia.ca' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 20947533230281612553695259042618959057871922912162909105578843825212036827660550851588519748621028444104754290671063649643074740570791442470352069441227308490684542406115642291832369366773692655367336345180887253122661648060724525854197719076308199250987362986288469979586996979065793150492203375033229159024394728933773270050006492942398580520777764188803052104332436894339026811135117131012498311237538470111544350421727821543842139154374856427336961798770234235772247405140787104745056107365965891815122241028972125212610245442090229098111813018060972729296585092339823544769384952812138755890407566311433298726521 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) 70a8b2bc6506a8a876c0bbf416ef4931fc509443 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName a84a6a63047dddbae6d139b7a64565eff3a8eca1 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (99 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.int-x3.letsencrypt.org' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cert.int-x3.letsencrypt.org/' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (13 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'legaia.ca' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (246 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.44947.1.1.1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://cps.letsencrypt.org' . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.2 (unotice) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'This Certificate may only be relied upon by Relying Parties and only in accordance with the Certificate Policy found at https://letsencrypt.org/repository/' . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 005f3a272324ac7bfd1696f0297984eefe89c2f598ee543ad718b449e08d3492e7f962af979db3c67f86aaa1f3f4643ac7c43f5f2905a84a4fe33a764dc9732c4a8ec7b4ae41c19f70972f4cd34568bcaac0b83daad7bb6beeea9d4bf639365697361b5264f775ce3e4aab22b28ec268d75b20940156d48abdd08afbbb9473341cdcc64ab53c9d5389fd4163bef8e6a73e9d70dd8258475105e25cad505b0470b7d44b6b96fa8fa87c2b035d55a2b21180bcf87e0351ca54c2b1321b45a24a3a1a3b0c2023214ad65a307b348f508c12b992c3405feda9a0bb56056e2bb3c0d3c5778c03c3ee9ee659dcc0eb33edbf9d1a3430d81a4a212796893e89de5cddd64a