thandie.org

Issued by R3

About this certificate

This digital certificate with serial number 04:60:e1:bb:05:02:ee:3e:bf:fe:4a:21:b9:43:8f:12:01:81 was issued on by Let's Encrypt.

This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Certificate Subject

CN=thandie.org

Let's Encrypt

Organization: Let's Encrypt
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 04:60:e1:bb:05:02:ee:3e:bf:fe:4a:21:b9:43:8f:12:01:81
Serial Number (int): 381416298311659468798837442120403026837889
Serial Number lenght: 139 bits, 18 octets

SubjectKeyId: 78:90:d2:fd:99:74:b0:65:f1:d3:63:6c:70:3d:52:12:8c:03:7f:80
AuthorityKeyId: 14:2e:b3:17:b7:58:56:cb:ae:50:09:40:e6:1f:af:9d:8b:14:c2:c6

Fingerprint (sha1): 6e:29:49:4c:75:58:a0:c6:0e:04:00:a0:64:de:5e:7c:e8:9c:83:c3
Fingerprint (sha256): 7a:e3:3f:5e:36:f4:e8:e7:36:15:70:d3:21:31:dd:3d:f9:3f:81:1c:51:4a:3f:56:76:8f:8e:9b:db:4b:dc:17

Issuing Certificate URL: http://r3.i.lencr.org/

Revocation information

OCSP Server: http://r3.o.lencr.org

Check the revocation status for certificate thandie.org

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for thandie.org

Public Key Algorithm

RSA

Key Size

4096

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

thandie.org

Other certificates including the domain name thandie.org

(limited to 100 certificates)
www.thandie.org
thandie.org
thandie.org
thandie.org
thandie.org
thandie.org
www.thandie.org
www.thandie.org
thandie.org
www.thandie.org
thandie.org
thandie.org
thandie.org
www.thandie.org
www.thandie.org

Certificate

The complete raw certificate details for thandie.org in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIF5DCCBMygAwIBAgISBGDhuwUC7j6//kohuUOPEgGBMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMzEyMjYwMjIxMDhaFw0yNDAzMjUwMjIxMDdaMBYxFDASBgNVBAMT
C3RoYW5kaWUub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA3mcV
lEWcjMmFBqictO2st/ZVvhoF/YwXCJQlI26OHA3y1y8ZI8IfUMEE0YXMaMFFwKJV
Pp/n1KmRldNBjO6tEslPQC/2qswXsJwq6Igj0heOE9yV4HlzFN6Qy7/yXs4CYv9d
RUWWrbh/5hjhNBsUwxk4dMnUqMze5AMgL5oD74WrfFgRafrYOCanrWy7cMYUe2CA
uSrsOjnIAwXAxp4X6p8UEysNZ4sR5qrh6LTGiKRkNVC7O53ZDG2FUKd7hyEx5iRa
3ndmzmVnegSjJWdUuzgUbX+DB0AAFGMl/ST+lDBZvgnI+pGXG7PlzYZQjVjABAHQ
K5EaKEOvYxVbg1zmHqajCjVPhI158sySw4VsFBMY22gk75fWO4Q7NjWdbFf3ci/f
p4VtbwqSZCddGDiZuoFl/hrcTYH6kBX3H+gYE8Em4AyRSGz01KjICkjvjknsGkGR
tLvyKC+BDyWXTsNQ81Yw5hPMDEBv6hgFghz9KFzQ48xzzZG7bqBHHOWB8fU/oLFa
CFB4YIuYq1R8W1rPNuJMaKH08D8ubjLjpa5VsGv/k4dxiDKkgKptbUT9NC5/IbQd
zvyDw2wI49mvUMFD2nOILORGaIcoWkqy6+9A9A7HkkLrqwPGv/Q/q/mXoEhePrOc
5d069611nkn1FFd1ZjeA+K4ku/F8W/XydISQ1x8CAwEAAaOCAg4wggIKMA4GA1Ud
DwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0T
AQH/BAIwADAdBgNVHQ4EFgQUeJDS/Zl0sGXx02NscD1SEowDf4AwHwYDVR0jBBgw
FoAUFC6zF7dYVsuuUAlA5h+vnYsUwsYwVQYIKwYBBQUHAQEESTBHMCEGCCsGAQUF
BzABhhVodHRwOi8vcjMuby5sZW5jci5vcmcwIgYIKwYBBQUHMAKGFmh0dHA6Ly9y
My5pLmxlbmNyLm9yZy8wFgYDVR0RBA8wDYILdGhhbmRpZS5vcmcwEwYDVR0gBAww
CjAIBgZngQwBAgEwggEFBgorBgEEAdZ5AgQCBIH2BIHzAPEAdwBIsONr2qZHNA/l
agL6nTDrHFIBy1bdLIHZu7+rOdiEcwAAAYykI/KOAAAEAwBIMEYCIQCZ2pWKbIhv
jJ083Jmg9Iz5K8eWSeGApm1iw7/3s79ZdgIhANBsSJhxz6McMqUeg9aFjD0QM3FP
LE4yPdLCkmoBywP5AHYAO1N3dT4tuYBOizBbBv5AO2fYT8P0x70ADS1yb+H61BcA
AAGMpCPyhwAABAMARzBFAiAJEb8p6u/ihdToeSAooP6i6pX2ImXxiSTh02cdcyKE
kwIhAPHs+Z7QffkeHStyDppybXLxuEJjV6++ZqxESOZbCs9bMA0GCSqGSIb3DQEB
CwUAA4IBAQCoHaoupUr7IVxeF5s+fW9PPKdk9JMbksLbD0/DtUQBYTlsXO4gJK+j
QrSLEJu+y/v4bQRY+RYAbsafaUD2t8VgjZMTUB9Qz5HrZL4NV2O0oHzsWWgD285Y
rX9EZBsInPEQ1OCsFpbpF2JX0+zb4XqG0SFRcEuFJT0fiHOwTulINTJeuqlJsuYJ
zcA8amnWScrGjNy8U/D+lqiMl/1ZcbQb4RtB8kxlHgMwtekyE9rWm54MYzudi/4S
zxxl1R4WgfiCrRI+ZvTHq2ATIyji9Gz6WVaKdryNylwwt4JgicJGh5XGnIKcf7bd
SSAssYTzCgxEX6nXAk/l4BLpUpe9gS2A
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA3mcVlEWcjMmFBqictO2s
t/ZVvhoF/YwXCJQlI26OHA3y1y8ZI8IfUMEE0YXMaMFFwKJVPp/n1KmRldNBjO6t
EslPQC/2qswXsJwq6Igj0heOE9yV4HlzFN6Qy7/yXs4CYv9dRUWWrbh/5hjhNBsU
wxk4dMnUqMze5AMgL5oD74WrfFgRafrYOCanrWy7cMYUe2CAuSrsOjnIAwXAxp4X
6p8UEysNZ4sR5qrh6LTGiKRkNVC7O53ZDG2FUKd7hyEx5iRa3ndmzmVnegSjJWdU
uzgUbX+DB0AAFGMl/ST+lDBZvgnI+pGXG7PlzYZQjVjABAHQK5EaKEOvYxVbg1zm
HqajCjVPhI158sySw4VsFBMY22gk75fWO4Q7NjWdbFf3ci/fp4VtbwqSZCddGDiZ
uoFl/hrcTYH6kBX3H+gYE8Em4AyRSGz01KjICkjvjknsGkGRtLvyKC+BDyWXTsNQ
81Yw5hPMDEBv6hgFghz9KFzQ48xzzZG7bqBHHOWB8fU/oLFaCFB4YIuYq1R8W1rP
NuJMaKH08D8ubjLjpa5VsGv/k4dxiDKkgKptbUT9NC5/IbQdzvyDw2wI49mvUMFD
2nOILORGaIcoWkqy6+9A9A7HkkLrqwPGv/Q/q/mXoEhePrOc5d069611nkn1FFd1
ZjeA+K4ku/F8W/XydISQ1x8CAwEAAQ==
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 381416298311659468798837442120403026837889
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'R3'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-12-26 02:21:08 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-03-25 02:21:07 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'thandie.org'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 907323745707105107888975044439784825401280223858491986920769862575151965175651190394888639557272891075040418913333139260057733998179078062062034064257286652119138764601272099681614556903259465074216949211215814863938893025378374657970314694530882143679866681039328881022328719251317702758110750868427119482832988408642269659291814757928714838680785488605074068227342322035329666900110406284839123372248775553229420188528615974361609384744554069987463460681553587988511590496833624189299856356503636022968112353713710699936394761286947000479295639704443876464236882996415738673298065460799710578468630658800601083132935460915503330777878752801975151809238938963386722512904234871603985445302481335883118674461410838906490309031051058618167114227063101223427725279676932990471535445764516782979763561614651503232075110144999477976396357584431051010948701776989782768763704330021943606423369089181303524489748314609137719702235633332530024975602102698005412954146822175392322658015250169473425036834134281475666019523319223909014050896382389364873356425004683977257352332268268370748303282492409808926509880071491370899589523275732506799383915560898007103894781270280952616865354469823031748055165322714848706672595793668842647551268639
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							7890d2fd9974b065f1d3636c703d52128c037f80
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 142eb317b75856cbae500940e61faf9d8b14c2c6
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (73 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.o.lencr.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.i.lencr.org/'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (15 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'thandie.org'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (246 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (243 bytes)
							00f100770048b0e36bdaa647340fe56a02fa9d30eb1c5201cb56dd2c81d9bbbfab39d884730000018ca423f28e000004030048304602210099da958a6c886f8c9d3cdc99a0f48cf92bc79649e180a66d62c3bff7b3bf5976022100d06c489871cfa31c32a51e83d6858c3d1033714f2c4e323dd2c2926a01cb03f90076003b5377753e2db9804e8b305b06fe403b67d84fc3f4c7bd000d2d726fe1fad4170000018ca423f287000004030047304502200911bf29eaefe285d4e8792028a0fea2ea95f62265f18924e1d3671d73228493022100f1ecf99ed07df91e1d2b720e9a726d72f1b8426357afbe66ac4448e65b0acf5b
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		00a81daa2ea54afb215c5e179b3e7d6f4f3ca764f4931b92c2db0f4fc3b5440161396c5cee2024afa342b48b109bbecbfbf86d0458f916006ec69f6940f6b7c5608d9313501f50cf91eb64be0d5763b4a07cec596803dbce58ad7f44641b089cf110d4e0ac1696e9176257d3ecdbe17a86d12151704b85253d1f8873b04ee94835325ebaa949b2e609cdc03c6a69d649cac68cdcbc53f0fe96a88c97fd5971b41be11b41f24c651e0330b5e93213dad69b9e0c633b9d8bfe12cf1c65d51e1681f882ad123e66f4c7ab60132328e2f46cfa59568a76bc8dca5c30b7826089c2468795c69c829c7fb6dd49202cb184f30a0c445fa9d7024fe5e012e95297bd812d80