sumex.ch
Issued by Gandi RSA Domain Validation Secure Server CA 3
About this certificate
This digital certificate with serial number 37:90:b1:14:2f:22:e5:d8:89:0c:e2:da:2d:e1:98:6d was issued on by Gandi.
With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
- Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
- Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)
Certificate Subject
CN=sumex.ch
Gandi
Organization:
Gandi
Country:
FR
This certificate will expire on
Certificate Details
Serial Number (hex): 37:90:b1:14:2f:22:e5:d8:89:0c:e2:da:2d:e1:98:6dSerial Number (int): 73858822101450469174936500522822244461
Serial Number lenght: 126 bits, 16 octets
SubjectKeyId: d2:76:8a:20:8b:b4:4b:86:b4:c2:9f:13:6f:3f:53:6a:6b:96:84:15
AuthorityKeyId: 81:11:92:de:66:32:a5:b0:5b:33:3d:65:43:85:fc:d4:04:2d:f1:ae
Fingerprint (sha1): c2:f1:03:65:0d:a6:cd:c8:28:c8:f7:cf:ed:00:f2:81:16:1e:a2:f1
Fingerprint (sha256): 82:a9:75:96:38:e9:ba:18:aa:90:a1:b3:1d:0d:f3:c6:57:18:46:15:26:4d:30:20:fe:2a:2f:e4:85:42:20:41
Issuing Certificate URL: http://crt.sectigo.com/GandiRSADomainValidationSecureServerCA3.crt
Revocation information
OCSP Server: http://ocsp.sectigo.comCheck the revocation status for certificate sumex.ch
2
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for sumex.ch
Public Key Algorithm
RSA
Key Size
2048
Signature Algorithm
SHA384 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
9 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
sumex.ch
www.sumex.ch
www.sumex.ch
Other certificates including the domain name sumex.ch
(limited to 100 certificates)
Certificate
The complete raw certificate details for sumex.ch in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIGazCCBNOgAwIBAgIQN5CxFC8i5diJDOLaLeGYbTANBgkqhkiG9w0BAQwFADBW MQswCQYDVQQGEwJGUjEOMAwGA1UEChMFR2FuZGkxNzA1BgNVBAMTLkdhbmRpIFJT QSBEb21haW4gVmFsaWRhdGlvbiBTZWN1cmUgU2VydmVyIENBIDMwHhcNMjMxMDMw MDAwMDAwWhcNMjQxMDMwMjM1OTU5WjATMREwDwYDVQQDEwhzdW1leC5jaDCCASIw DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMKlmUPjWS9tl5h9oyEuwocwRkck VYBu/0bIwk+KzYJ6YOkPkHLClhhnNrUl3fGzIEKCoSOp2ozpEJS2nVKkgjjt8o+j DUMDLv82+DT5WaQzqksWRvwFREB8sP9eyDNBjL9lAspytpDTOgcNrDhnVka3DsQA ilqAbp7mkG3NX+k76UFZ0p2jK42grhNVJYMLD+l+Fu2egARYC6yI7GZJ7gzV5rz/ ykRNklNlEPn2wcuRJOmB+8bXunZWW7hQJ1DHnKugdvSaY9JX9pkTnLbK6pbcnRCh /wMkZGQud1dIaRxkBAXbj3L4sj1Y1AuGANeu97pKYSZR8qxLdNAJZ0MCZ30CAwEA AaOCAvYwggLyMB8GA1UdIwQYMBaAFIERkt5mMqWwWzM9ZUOF/NQELfGuMB0GA1Ud DgQWBBTSdoogi7RLhrTCnxNvP1Nqa5aEFTAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0T AQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwSQYDVR0gBEIw QDA0BgsrBgEEAbIxAQICGjAlMCMGCCsGAQUFBwIBFhdodHRwczovL3NlY3RpZ28u Y29tL0NQUzAIBgZngQwBAgEwgYMGCCsGAQUFBwEBBHcwdTBOBggrBgEFBQcwAoZC aHR0cDovL2NydC5zZWN0aWdvLmNvbS9HYW5kaVJTQURvbWFpblZhbGlkYXRpb25T ZWN1cmVTZXJ2ZXJDQTMuY3J0MCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5zZWN0 aWdvLmNvbTAhBgNVHREEGjAYgghzdW1leC5jaIIMd3d3LnN1bWV4LmNoMIIBfQYK KwYBBAHWeQIEAgSCAW0EggFpAWcAdgB2/4g/Crb7lVHCYcz1h7o0tKTNuyncaEIK n+ZnTFo6dAAAAYuBEN37AAAEAwBHMEUCIQCKGt3IMJDYuUVBenn89Wnfq/gCLoTN h/FBI0MaP2B+mgIgF0kqqDBx7hDQcmQP3DSctorzxQqt4AbelHTRo51+0GQAdQDa tr9rP7W2Ip+bwrtca+hwkXFsu1GEhTS9pD0wSNf7qwAAAYuBEN5GAAAEAwBGMEQC IDs6A+Nusu3BtARhD8HBPm8+f+iN6v7FZmUwWOgwxw77AiAO8BSEFzjdi1cN5rX3 cDmwdf9/2ho6NiMnWZHGzguXYQB2AO7N0GTV2xrOxVy3nbTNE6Iyh0Z8vOzew1FI WUZxH7WbAAABi4EQ3iUAAAQDAEcwRQIhAIkQ1fhgY2CW3G+BtgP+b5nca894vh20 vFqgOiFJr+sgAiBed/6xHUG/YHR3xZpSVtDIiwoBg8+iaVOhwZ09inmlRDANBgkq hkiG9w0BAQwFAAOCAYEAIkRYDCn53r6IypHz6p3/ve46UZlPfsgES8f7rpHsF9Nn azvDlGgY64gcebdSF1Cxw2ett552ShzOES5AS4DAt2DAdfzOM03rYSRAUVdK7q6f KrjFI2uomNiShUDlnKbP1CGCYKUDbT+RPyOsGYMPbS2AByJwerbVCPsc175QACVv BCw0xrrFO9+vODdsPlSgAX2+CblcVjouX+FFM0PszQA/juks4OZ0dPc5uGPcDBbE jNcTbPD2MIXRUFfKX+zT7EIiliW/domBvautT3Q1QS0DTGbZV8nOvz8b+JP6zbvi ZvLy952+WHhYO6Yjr8Hd6NCkJythscI1kKcAJIlSVqvmEFUnPzPIHp65/hYCF6oI Ig3DOOSJpto5+ftos8KoA0df0rqQreAIYY9Mkr1C0RSvE8ELp99bD5zdhXkWwmO7 S7BYNHK0AkGFhpXtBXz88xdlhzl8Z49kLrjv8QgZ6Om/1lj5r6Kzs1c9eCmgn1eQ bBzTih0weAN7FqugVzwO -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwqWZQ+NZL22XmH2jIS7C hzBGRyRVgG7/RsjCT4rNgnpg6Q+QcsKWGGc2tSXd8bMgQoKhI6najOkQlLadUqSC OO3yj6MNQwMu/zb4NPlZpDOqSxZG/AVEQHyw/17IM0GMv2UCynK2kNM6Bw2sOGdW RrcOxACKWoBunuaQbc1f6TvpQVnSnaMrjaCuE1UlgwsP6X4W7Z6ABFgLrIjsZknu DNXmvP/KRE2SU2UQ+fbBy5Ek6YH7xte6dlZbuFAnUMecq6B29Jpj0lf2mROctsrq ltydEKH/AyRkZC53V0hpHGQEBduPcviyPVjUC4YA1673ukphJlHyrEt00AlnQwJn fQIDAQAB -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 73858822101450469174936500522822244461 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.12 (sha384WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'FR' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Gandi' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Gandi RSA Domain Validation Secure Server CA 3' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-10-30 00:00:00 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-10-30 23:59:59 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'sumex.ch' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 24571890922010433115901897237661055244806029055066459684180892722758396463245581816338772401948409900875891320547146404178980237259550939766000831108216869722836165841437143384890180905416386890758312041460288798472679915352749918548492195779513005041219738895649352617376597679648206182310225760377012487582058340122870165571385571506310476104928651674778426096554073887488380734127895349635047335603700261693259808772627900756141738841886448691597416605676831519590137416739292785406863852165131677657511513413701898648795957105546697986151715776677527318722245093739941260911615216655646124995047867239616351463293 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 811192de6632a5b05b333d654385fcd4042df1ae . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) d2768a208bb44b86b4c29f136f3f536a6b968415 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (66 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.6449.1.2.2.26 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://sectigo.com/CPS' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (119 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.sectigo.com/GandiRSADomainValidationSecureServerCA3.crt' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.sectigo.com' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (26 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'sumex.ch' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.sumex.ch' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (365 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (361 bytes) 016700760076ff883f0ab6fb9551c261ccf587ba34b4a4cdbb29dc68420a9fe6674c5a3a740000018b8110ddfb00000403004730450221008a1addc83090d8b945417a79fcf569dfabf8022e84cd87f14123431a3f607e9a022017492aa83071ee10d072640fdc349cb68af3c50aade006de9474d1a39d7ed064007500dab6bf6b3fb5b6229f9bc2bb5c6be87091716cbb51848534bda43d3048d7fbab0000018b8110de46000004030046304402203b3a03e36eb2edc1b404610fc1c13e6f3e7fe88deafec566653058e830c70efb02200ef014841738dd8b570de6b5f77039b075ff7fda1a3a3623275991c6ce0b9761007600eecdd064d5db1acec55cb79db4cd13a23287467cbcecdec351485946711fb59b0000018b8110de2500000403004730450221008910d5f860636096dc6f81b603fe6f99dc6bcf78be1db4bc5aa03a2149afeb2002205e77feb11d41bf607477c59a5256d0c88b0a0183cfa26953a1c19d3d8a79a544 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.12 (sha384WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (3072 bits) 002244580c29f9debe88ca91f3ea9dffbdee3a51994f7ec8044bc7fbae91ec17d3676b3bc3946818eb881c79b7521750b1c367adb79e764a1cce112e404b80c0b760c075fcce334deb61244051574aeeae9f2ab8c5236ba898d8928540e59ca6cfd4218260a5036d3f913f23ac19830f6d2d800722707ab6d508fb1cd7be5000256f042c34c6bac53bdfaf38376c3e54a0017dbe09b95c563a2e5fe1453343eccd003f8ee92ce0e67474f739b863dc0c16c48cd7136cf0f63085d15057ca5fecd3ec42229625bf768981bdabad4f7435412d034c66d957c9cebf3f1bf893facdbbe266f2f2f79dbe5878583ba623afc1dde8d0a4272b61b1c23590a70024895256abe61055273f33c81e9eb9fe160217aa08220dc338e489a6da39f9fb68b3c2a803475fd2ba90ade008618f4c92bd42d114af13c10ba7df5b0f9cdd857916c263bb4bb0583472b40241858695ed057cfcf3176587397c678f642eb8eff10819e8e9bfd658f9afa2b3b3573d7829a09f57906c1cd38a1d3078037b16aba0573c0e