erik.surfnet.ca
Issued by Let's Encrypt Authority X3
About this certificate
This digital certificate with serial number 03:82:32:7d:78:3c:f2:d7:d8:39:54:8d:64:86:6a:80:ac:d7 was issued on by Let's Encrypt.
With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)
Certificate Subject
CN=erik.surfnet.ca
Let's Encrypt
Organization:
Let's Encrypt
Country:
US
This certificate has expire since
Certificate Details
Serial Number (hex): 03:82:32:7d:78:3c:f2:d7:d8:39:54:8d:64:86:6a:80:ac:d7Serial Number (int): 305640678370617301338782165268413961776343
Serial Number lenght: 138 bits, 18 octets
SubjectKeyId: 11:ee:c7:b4:f3:43:9a:87:a3:b5:37:91:2f:c7:57:ba:76:65:37:67
AuthorityKeyId: a8:4a:6a:63:04:7d:dd:ba:e6:d1:39:b7:a6:45:65:ef:f3:a8:ec:a1
Fingerprint (sha1): d5:f1:0b:bd:aa:c3:d0:94:2a:2b:a2:2b:3f:ca:c9:fc:ee:58:99:1d
Fingerprint (sha256): 82:92:9f:65:f6:2e:f1:ab:cd:3a:ef:17:ad:36:c8:8d:48:c1:8f:b7:ed:58:70:02:7c:4e:41:de:e5:27:5d:06
Issuing Certificate URL: http://cert.int-x3.letsencrypt.org/
Revocation information
OCSP Server: http://ocsp.int-x3.letsencrypt.orgCheck the revocation status for certificate erik.surfnet.ca
2
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for erik.surfnet.ca
Public Key Algorithm
RSA
Key Size
2048
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
9 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
bw.erik.surfnet.ca
erik.surfnet.ca
erik.surfnet.ca
Other certificates including the domain name surfnet.ca
(limited to 100 certificates)
Certificate
The complete raw certificate details for erik.surfnet.ca in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIFazCCBFOgAwIBAgISA4IyfXg88tfYOVSNZIZqgKzXMA0GCSqGSIb3DQEBCwUA MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xOTA3MjkxNzQ5MzlaFw0x OTEwMjcxNzQ5MzlaMBoxGDAWBgNVBAMTD2VyaWsuc3VyZm5ldC5jYTCCASIwDQYJ KoZIhvcNAQEBBQADggEPADCCAQoCggEBALGrBZxBk2yMO+2jI+Ay5sMcRdvLXx3j oDBlJHh6nxqSalernK81fehZchf9NWaKpJ2vs9xC6MQ56GMHqbFiL6A44As6WYhf 6X3GeEIcOAHk+qswFlKAmII0yYSCAB1BqWchM3lHj3hRzwv5iGVRZYxJPeFNg5qH BpLDKOB/4M5tRAvxViPOIPCqF8zki84sEGRGdhxRYMlFzM6+PfnhTXC0ZKkeN9JX 2QNi0xVbHlzBF7i6ZkQOJbU8dFIaVetQKKy1ASC3/E/mmtcoDldwUZdlzCFQmrcG aVmd8v1Ja01BhcgYypZtKGhb2g16y5si0kC1VCGV1dxEebE8zJqKI3sCAwEAAaOC AnkwggJ1MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYB BQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUEe7HtPNDmoejtTeRL8dXunZl N2cwHwYDVR0jBBgwFoAUqEpqYwR93brm0Tm3pkVl7/Oo7KEwbwYIKwYBBQUHAQEE YzBhMC4GCCsGAQUFBzABhiJodHRwOi8vb2NzcC5pbnQteDMubGV0c2VuY3J5cHQu b3JnMC8GCCsGAQUFBzAChiNodHRwOi8vY2VydC5pbnQteDMubGV0c2VuY3J5cHQu b3JnLzAuBgNVHREEJzAlghJidy5lcmlrLnN1cmZuZXQuY2GCD2VyaWsuc3VyZm5l dC5jYTBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsG AQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQUGCisGAQQB1nkC BAIEgfYEgfMA8QB3AOJpS64m6OlACeiGG7Y7g9Q+5/50iPukjyiTAZ3d8dv+AAAB bD8RFaIAAAQDAEgwRgIhALasJbOQl2Ik1Mp/E+VjZx27SPit7LPsrlNwk7bo19b1 AiEAo7tVtbnWg/fwuRy4pGuNzX7oYUZ8f+yAMRdw9Opzaa0AdgApPFGWVMg5Zbqq UPxYB9S3b79Yeily3KTDDPTlRUf0eAAAAWw/ERWQAAAEAwBHMEUCIAeQ46ezgpaI p8VjPlac7XsqQcETFAvM8a3IMYL7WfMYAiEA/uz0CaBxh/ETAdix1ctgZi/EU6z7 ApLK+jpPBNhs/h4wDQYJKoZIhvcNAQELBQADggEBABbOmKO56nVDPutnRokxLkPW X4EMJOqjHROXv+VMmHja6ir3bhAWyKFf90GAr3snspgD3kqR/ZdPe+eTAnKbnfXU mYBNGm5gcMS55Zvub6L5LbIV+ZqwAmyCvOS8TvwdUInLO15and/b8VPMeUuAAwHM Lp2I7HSyLk+/7oHqGGR06FH5cPOSCQdre1TzCpWK4GPD4QZE2L99NKGJFWAyjYzk NIsuIzDHsmQImVHvxSkiOEc1nZE4Sqgk3FV7Yvr4RqmYcKW7x9XZfwYuPaQyJF28 pdL7ULey9MM+LqLjdU+d6jZsohrlQxWfKS0rUbXm9mS4jsw5xSR5vyQ/Hwo2yG4= -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsasFnEGTbIw77aMj4DLm wxxF28tfHeOgMGUkeHqfGpJqV6ucrzV96FlyF/01Zoqkna+z3ELoxDnoYwepsWIv oDjgCzpZiF/pfcZ4Qhw4AeT6qzAWUoCYgjTJhIIAHUGpZyEzeUePeFHPC/mIZVFl jEk94U2DmocGksMo4H/gzm1EC/FWI84g8KoXzOSLziwQZEZ2HFFgyUXMzr49+eFN cLRkqR430lfZA2LTFVseXMEXuLpmRA4ltTx0UhpV61AorLUBILf8T+aa1ygOV3BR l2XMIVCatwZpWZ3y/UlrTUGFyBjKlm0oaFvaDXrLmyLSQLVUIZXV3ER5sTzMmooj ewIDAQAB -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 305640678370617301338782165268413961776343 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt Authority X3' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-07-29 17:49:39 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-10-27 17:49:39 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'erik.surfnet.ca' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 22428514028713158845324130370004552313736300007721140599330722143131084673915518365653769828170363244019984365287007054628057748528013208019122244191058997495046628831323074003864442468013530219921635152762518723688644280626891116814445432199547562265978113386885721826467209300136563850340824957646216594199802712509474018920172850192057049940755363534544917927335138996158871224661719588505072147085023635464202903394360618559217214666743005518244608744823911127249813388397707863508286592838527602322572344319608278925297410771641664762017975287247001118292384766567560477995043936243255087971845333334276354745211 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) 11eec7b4f3439a87a3b537912fc757ba76653767 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName a84a6a63047dddbae6d139b7a64565eff3a8eca1 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (99 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.int-x3.letsencrypt.org' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cert.int-x3.letsencrypt.org/' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (39 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'bw.erik.surfnet.ca' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'erik.surfnet.ca' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (69 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.44947.1.1.1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://cps.letsencrypt.org' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (246 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (243 bytes) 00f1007700e2694bae26e8e94009e8861bb63b83d43ee7fe7488fba48f2893019dddf1dbfe0000016c3f1115a20000040300483046022100b6ac25b390976224d4ca7f13e563671dbb48f8adecb3ecae537093b6e8d7d6f5022100a3bb55b5b9d683f7f0b91cb8a46b8dcd7ee861467c7fec80311770f4ea7369ad007600293c519654c83965baaa50fc5807d4b76fbf587a2972dca4c30cf4e54547f4780000016c3f111590000004030047304502200790e3a7b3829688a7c5633e569ced7b2a41c113140bccf1adc83182fb59f318022100feecf409a07187f11301d8b1d5cb60662fc453acfb0292cafa3a4f04d86cfe1e . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 0016ce98a3b9ea75433eeb674689312e43d65f810c24eaa31d1397bfe54c9878daea2af76e1016c8a15ff74180af7b27b29803de4a91fd974f7be79302729b9df5d499804d1a6e6070c4b9e59bee6fa2f92db215f99ab0026c82bce4bc4efc1d5089cb3b5e5a9ddfdbf153cc794b800301cc2e9d88ec74b22e4fbfee81ea186474e851f970f39209076b7b54f30a958ae063c3e10644d8bf7d34a1891560328d8ce4348b2e2330c7b264089951efc529223847359d91384aa824dc557b62faf846a99870a5bbc7d5d97f062e3da432245dbca5d2fb50b7b2f4c33e2ea2e3754f9dea366ca21ae543159f292d2b51b5e6f664b88ecc39c52479bf243f1f0a36c86e