erik.surfnet.ca

Issued by Let's Encrypt Authority X3

About this certificate

This digital certificate with serial number 03:82:32:7d:78:3c:f2:d7:d8:39:54:8d:64:86:6a:80:ac:d7 was issued on by Let's Encrypt.

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Certificate Subject

CN=erik.surfnet.ca

Let's Encrypt

Organization: Let's Encrypt
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 03:82:32:7d:78:3c:f2:d7:d8:39:54:8d:64:86:6a:80:ac:d7
Serial Number (int): 305640678370617301338782165268413961776343
Serial Number lenght: 138 bits, 18 octets

SubjectKeyId: 11:ee:c7:b4:f3:43:9a:87:a3:b5:37:91:2f:c7:57:ba:76:65:37:67
AuthorityKeyId: a8:4a:6a:63:04:7d:dd:ba:e6:d1:39:b7:a6:45:65:ef:f3:a8:ec:a1

Fingerprint (sha1): d5:f1:0b:bd:aa:c3:d0:94:2a:2b:a2:2b:3f:ca:c9:fc:ee:58:99:1d
Fingerprint (sha256): 82:92:9f:65:f6:2e:f1:ab:cd:3a:ef:17:ad:36:c8:8d:48:c1:8f:b7:ed:58:70:02:7c:4e:41:de:e5:27:5d:06

Issuing Certificate URL: http://cert.int-x3.letsencrypt.org/

Revocation information

OCSP Server: http://ocsp.int-x3.letsencrypt.org

Check the revocation status for certificate erik.surfnet.ca

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for erik.surfnet.ca

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

bw.erik.surfnet.ca
erik.surfnet.ca

Other certificates including the domain name surfnet.ca

(limited to 100 certificates)
piets.surfnet.ca
eazytex2.surfnet.ca
umneonara.surfnet.ca
piets.surfnet.ca
beerlover.surfnet.ca
2bali.id
piets.surfnet.ca
erik.surfnet.ca
ilovecanada.surfnet.ca
kyerenue.surfnet.ca
piets.surfnet.ca
melkyalle.surfnet.ca

Certificate

The complete raw certificate details for erik.surfnet.ca in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIFazCCBFOgAwIBAgISA4IyfXg88tfYOVSNZIZqgKzXMA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xOTA3MjkxNzQ5MzlaFw0x
OTEwMjcxNzQ5MzlaMBoxGDAWBgNVBAMTD2VyaWsuc3VyZm5ldC5jYTCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBALGrBZxBk2yMO+2jI+Ay5sMcRdvLXx3j
oDBlJHh6nxqSalernK81fehZchf9NWaKpJ2vs9xC6MQ56GMHqbFiL6A44As6WYhf
6X3GeEIcOAHk+qswFlKAmII0yYSCAB1BqWchM3lHj3hRzwv5iGVRZYxJPeFNg5qH
BpLDKOB/4M5tRAvxViPOIPCqF8zki84sEGRGdhxRYMlFzM6+PfnhTXC0ZKkeN9JX
2QNi0xVbHlzBF7i6ZkQOJbU8dFIaVetQKKy1ASC3/E/mmtcoDldwUZdlzCFQmrcG
aVmd8v1Ja01BhcgYypZtKGhb2g16y5si0kC1VCGV1dxEebE8zJqKI3sCAwEAAaOC
AnkwggJ1MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYB
BQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUEe7HtPNDmoejtTeRL8dXunZl
N2cwHwYDVR0jBBgwFoAUqEpqYwR93brm0Tm3pkVl7/Oo7KEwbwYIKwYBBQUHAQEE
YzBhMC4GCCsGAQUFBzABhiJodHRwOi8vb2NzcC5pbnQteDMubGV0c2VuY3J5cHQu
b3JnMC8GCCsGAQUFBzAChiNodHRwOi8vY2VydC5pbnQteDMubGV0c2VuY3J5cHQu
b3JnLzAuBgNVHREEJzAlghJidy5lcmlrLnN1cmZuZXQuY2GCD2VyaWsuc3VyZm5l
dC5jYTBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsG
AQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQUGCisGAQQB1nkC
BAIEgfYEgfMA8QB3AOJpS64m6OlACeiGG7Y7g9Q+5/50iPukjyiTAZ3d8dv+AAAB
bD8RFaIAAAQDAEgwRgIhALasJbOQl2Ik1Mp/E+VjZx27SPit7LPsrlNwk7bo19b1
AiEAo7tVtbnWg/fwuRy4pGuNzX7oYUZ8f+yAMRdw9Opzaa0AdgApPFGWVMg5Zbqq
UPxYB9S3b79Yeily3KTDDPTlRUf0eAAAAWw/ERWQAAAEAwBHMEUCIAeQ46ezgpaI
p8VjPlac7XsqQcETFAvM8a3IMYL7WfMYAiEA/uz0CaBxh/ETAdix1ctgZi/EU6z7
ApLK+jpPBNhs/h4wDQYJKoZIhvcNAQELBQADggEBABbOmKO56nVDPutnRokxLkPW
X4EMJOqjHROXv+VMmHja6ir3bhAWyKFf90GAr3snspgD3kqR/ZdPe+eTAnKbnfXU
mYBNGm5gcMS55Zvub6L5LbIV+ZqwAmyCvOS8TvwdUInLO15and/b8VPMeUuAAwHM
Lp2I7HSyLk+/7oHqGGR06FH5cPOSCQdre1TzCpWK4GPD4QZE2L99NKGJFWAyjYzk
NIsuIzDHsmQImVHvxSkiOEc1nZE4Sqgk3FV7Yvr4RqmYcKW7x9XZfwYuPaQyJF28
pdL7ULey9MM+LqLjdU+d6jZsohrlQxWfKS0rUbXm9mS4jsw5xSR5vyQ/Hwo2yG4=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsasFnEGTbIw77aMj4DLm
wxxF28tfHeOgMGUkeHqfGpJqV6ucrzV96FlyF/01Zoqkna+z3ELoxDnoYwepsWIv
oDjgCzpZiF/pfcZ4Qhw4AeT6qzAWUoCYgjTJhIIAHUGpZyEzeUePeFHPC/mIZVFl
jEk94U2DmocGksMo4H/gzm1EC/FWI84g8KoXzOSLziwQZEZ2HFFgyUXMzr49+eFN
cLRkqR430lfZA2LTFVseXMEXuLpmRA4ltTx0UhpV61AorLUBILf8T+aa1ygOV3BR
l2XMIVCatwZpWZ3y/UlrTUGFyBjKlm0oaFvaDXrLmyLSQLVUIZXV3ER5sTzMmooj
ewIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 305640678370617301338782165268413961776343
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt Authority X3'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-07-29 17:49:39 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-10-27 17:49:39 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'erik.surfnet.ca'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 22428514028713158845324130370004552313736300007721140599330722143131084673915518365653769828170363244019984365287007054628057748528013208019122244191058997495046628831323074003864442468013530219921635152762518723688644280626891116814445432199547562265978113386885721826467209300136563850340824957646216594199802712509474018920172850192057049940755363534544917927335138996158871224661719588505072147085023635464202903394360618559217214666743005518244608744823911127249813388397707863508286592838527602322572344319608278925297410771641664762017975287247001118292384766567560477995043936243255087971845333334276354745211
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							11eec7b4f3439a87a3b537912fc757ba76653767
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName a84a6a63047dddbae6d139b7a64565eff3a8eca1
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (99 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.int-x3.letsencrypt.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cert.int-x3.letsencrypt.org/'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (39 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'bw.erik.surfnet.ca'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'erik.surfnet.ca'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (69 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.44947.1.1.1
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://cps.letsencrypt.org'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (246 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (243 bytes)
							00f1007700e2694bae26e8e94009e8861bb63b83d43ee7fe7488fba48f2893019dddf1dbfe0000016c3f1115a20000040300483046022100b6ac25b390976224d4ca7f13e563671dbb48f8adecb3ecae537093b6e8d7d6f5022100a3bb55b5b9d683f7f0b91cb8a46b8dcd7ee861467c7fec80311770f4ea7369ad007600293c519654c83965baaa50fc5807d4b76fbf587a2972dca4c30cf4e54547f4780000016c3f111590000004030047304502200790e3a7b3829688a7c5633e569ced7b2a41c113140bccf1adc83182fb59f318022100feecf409a07187f11301d8b1d5cb60662fc453acfb0292cafa3a4f04d86cfe1e
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		0016ce98a3b9ea75433eeb674689312e43d65f810c24eaa31d1397bfe54c9878daea2af76e1016c8a15ff74180af7b27b29803de4a91fd974f7be79302729b9df5d499804d1a6e6070c4b9e59bee6fa2f92db215f99ab0026c82bce4bc4efc1d5089cb3b5e5a9ddfdbf153cc794b800301cc2e9d88ec74b22e4fbfee81ea186474e851f970f39209076b7b54f30a958ae063c3e10644d8bf7d34a1891560328d8ce4348b2e2330c7b264089951efc529223847359d91384aa824dc557b62faf846a99870a5bbc7d5d97f062e3da432245dbca5d2fb50b7b2f4c33e2ea2e3754f9dea366ca21ae543159f292d2b51b5e6f664b88ecc39c52479bf243f1f0a36c86e