www.ciac.sh.cn
- 上海市城乡建设和交通委员会业务受理服务中心 -
Issued by SHECA
About this certificate
This digital certificate with serial number 4d:7b:80:26:13:2e:85:bf:76:50:eb:d9:94:6f:25:80 was issued on by SHECA.
This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- Subscriber certificates MUST contain the Subject Alternate Name extension (BRs: 7.1.4.2.1)
- KeyUsage [ContentCommitment DataEncipherment DigitalSignature KeyAgreement KeyEncipherment] (00011111) inconsistent with multiple purpose ExtKeyUsage [clientAuth serverAuth] The certificate MUST only be used for a purpose consistent with both key usage extension and extended key usage extension. (RFC 5280, Section 4.2.1.12.)
- Subscriber certificate with an RSA key contains invalid key usage(s): KeyUsageKeyAgreement Key usage values digitalSignature, nonRepudiation, keyEncipherment, and dataEncipherment may only be present in an end entity certificate with an RSA key (RFC 3279: 2.3.1)
- For certificates valid after 31 Dec 2013, all certificates using RSA public key algorithm MUST have 2048 bits of modulus (BRs: 6.1.5)
- The common name field in subscriber certificates must include only names from the SAN extension (BRs: 7.1.4.2.2)
- Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)
- The keyUsage extension SHOULD be critical (RFC 5280: 4.2.1.3)
上海市城乡建设和交通委员会业务受理服务中心
Organization:
上海市城乡建设和交通委员会业务受理服务中心
Organization unit: 上海建筑建材业
Organization unit: 上海建筑建材业
State / Province:
上海
Locality: 上海
Country: CN
Locality: 上海
Country: CN
SHECA
Organization:
SHECA
This certificate has expire since
Certificate Details
Serial Number (hex): 4d:7b:80:26:13:2e:85:bf:76:50:eb:d9:94:6f:25:80Serial Number (int): 102991807354074206348665230896403522944
Serial Number lenght: 127 bits, 16 octets
SubjectKeyId: 2f:5f:1c:91:42:35:e5:5b:a6:c0:18:2b:4c:12:bd:2e:0d:b9:73:f7
AuthorityKeyId: d4:50:c9:74:93:7d:34:9a:b6:bf:c8:22:04:50:d8:7c:45:3c:85:70
Fingerprint (sha1): a5:21:10:cd:25:c2:89:05:fa:db:2c:cf:64:64:d1:39:65:61:42:66
Fingerprint (sha256): 7e:82:56:7e:e1:23:a4:8a:7a:8a:de:0f:44:de:1a:ea:c8:38:5d:d1:0a:99:35:e9:72:11:be:4a:26:57:0b:ab
Issuing Certificate URL: http://ldap2.sheca.com/root/shecasub.der
Revocation information
OCSP Server: http://ocsp3.sheca.com/Sheca/sheca.ocspCRL Distribution Point: ldap://ldap2.sheca.com:389/cn=CRL1165.crl,ou=RA9020100,ou=CA11,ou=crl,o=UniTrust?certificateRevocationList?base?objectClass=cRLDistributionPoint
CRL Distribution Point: http://ldap2.sheca.com/CA11/RA9020100/CRL1165.crl
Check the revocation status for certificate www.ciac.sh.cn
0
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for www.ciac.sh.cn
Public Key Algorithm
RSA
Key Size
1024
Signature Algorithm
SHA1 with RSA
Key Usage
Digital Signature
Content Commitment
Key Encipherment
Data Encipherment
Key Agreement
Extended Key Usages
Server Authentication
Client Authentication
Extensions
8 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
This certificate doesn't contain any subject alternative names.
Other certificates including the domain name ciac.sh.cn
(limited to 100 certificates)
Certificate
The complete raw certificate details for www.ciac.sh.cn in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIEdjCCA9+gAwIBAgIQTXuAJhMuhb92UOvZlG8lgDANBgkqhkiG9w0BAQUFADAg MQ4wDAYDVQQKEwVTSEVDQTEOMAwGA1UEAxMFU0hFQ0EwHhcNMTMxMTI0MTYwMDAw WhcNMTQxMTI0MTYwMDAwWjCBsjELMAkGA1UEBhMCQ04xDzANBgNVBAgMBuS4iua1 tzEPMA0GA1UEBwwG5LiK5rW3MUgwRgYDVQQKDD/kuIrmtbfluILln47kuaHlu7ro rr7lkozkuqTpgJrlp5TlkZjkvJrkuJrliqHlj5fnkIbmnI3liqHkuK3lv4MxHjAc BgNVBAsMFeS4iua1t+W7uuetkeW7uuadkOS4mjEXMBUGA1UEAwwOd3d3LmNpYWMu c2guY24wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALf0SYnq1xviqzD7LpkN ++BeZlcqtbIh4BSZbmL5+nDWzoNJCgD5ST8XuPM7LztGEQK9oYo7+z9P3jqHOer2 sbpgR0al44ZDDs+viaa511+sVGiQg6UScMB5aqUSXXuWT4D38DclgC0ywaDy5+/S RGafEX/Mr8KimD+lqQqEdE4jAgMBAAGjggIcMIICGDAfBgNVHSMEGDAWgBTUUMl0 k300mra/yCIEUNh8RTyFcDAdBgNVHQ4EFgQUL18ckUI15VumwBgrTBK9Lg25c/cw CwYDVR0PBAQDAgP4MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBBBgNV HSAEOjA4MDYGCCqBHAHFOIEVMCowKAYIKwYBBQUHAgEWHGh0dHA6Ly93d3cuc2hl Y2EuY29tL3BvbGljeS8wCQYDVR0TBAIwADCB4AYDVR0fBIHYMIHVMIGZoIGWoIGT hoGQbGRhcDovL2xkYXAyLnNoZWNhLmNvbTozODkvY249Q1JMMTE2NS5jcmwsb3U9 UkE5MDIwMTAwLG91PUNBMTEsb3U9Y3JsLG89VW5pVHJ1c3Q/Y2VydGlmaWNhdGVS ZXZvY2F0aW9uTGlzdD9iYXNlP29iamVjdENsYXNzPWNSTERpc3RyaWJ1dGlvblBv aW50MDegNaAzhjFodHRwOi8vbGRhcDIuc2hlY2EuY29tL0NBMTEvUkE5MDIwMTAw L0NSTDExNjUuY3JsMHkGCCsGAQUFBwEBBG0wazAzBggrBgEFBQcwAYYnaHR0cDov L29jc3AzLnNoZWNhLmNvbS9TaGVjYS9zaGVjYS5vY3NwMDQGCCsGAQUFBzAChiho dHRwOi8vbGRhcDIuc2hlY2EuY29tL3Jvb3Qvc2hlY2FzdWIuZGVyMA0GCSqGSIb3 DQEBBQUAA4GBAFhrbwEjJOnoLLRWvqfKUlQl5fUdSlyonEMttb1rkAa5IZe4i+lz LNbRFYuV/Mz7nZpBvpOWCt8jzGroJDOhZlEe/Z1W4Sv7tj3uU+oWuORc3MmiFhSr lYMalw0/iz5s46SLYjmhfUe1mlP07YFOzGfLau+sximrnEKFRNWehNFJ -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC39EmJ6tcb4qsw+y6ZDfvgXmZX KrWyIeAUmW5i+fpw1s6DSQoA+Uk/F7jzOy87RhECvaGKO/s/T946hznq9rG6YEdG peOGQw7Pr4mmuddfrFRokIOlEnDAeWqlEl17lk+A9/A3JYAtMsGg8ufv0kRmnxF/ zK/Copg/pakKhHROIwIDAQAB -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 102991807354074206348665230896403522944 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.5 (sha1WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'SHECA' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'SHECA' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2013-11-24 16:00:00 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2014-11-24 16:00:00 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CN' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName) . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String '上海' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName) . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String '上海' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String '上海市城乡建设和交通委员会业务受理服务中心' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName) . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String '上海建筑建材业' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'www.ciac.sh.cn' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (1120 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 129177065297740925466969241774024347679113436055273134923060020059914771072633644290945949433869206263286791832883180086464033812451592346269980256073987661606375390839393038800259064893838308682183998919477121386754738546169974525964419960352003759967955948444082600434737951661388462594994638432691887033891 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName d450c974937d349ab6bfc8220450d87c453c8570 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) 2f5f1c914235e55ba6c0182b4c12bd2e0db973f7 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (5 bits) 03f8 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (58 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.156.1.8888.149 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.sheca.com/policy/' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (216 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'ldap://ldap2.sheca.com:389/cn=CRL1165.crl,ou=RA9020100,ou=CA11,ou=crl,o=UniTrust?certificateRevocationList?base?objectClass=cRLDistributionPoint' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ldap2.sheca.com/CA11/RA9020100/CRL1165.crl' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (109 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp3.sheca.com/Sheca/sheca.ocsp' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ldap2.sheca.com/root/shecasub.der' . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.5 (sha1WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (1024 bits) 00586b6f012324e9e82cb456bea7ca525425e5f51d4a5ca89c432db5bd6b9006b92197b88be9732cd6d1158b95fcccfb9d9a41be93960adf23cc6ae82433a166511efd9d56e12bfbb63dee53ea16b8e45cdcc9a21614ab95831a970d3f8b3e6ce3a48b6239a17d47b59a53f4ed814ecc67cb6aefacc629ab9c428544d59e84d149