Issued by Gandi Standard SSL CA 2

About this certificate

This digital certificate with serial number 9e:04:d9:49:5d:d5:d0:91:dc:48:b2:5d:f1:bd:37:fc was issued on by Gandi.

This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.

We have idenified some issues with this certificate:
  • KeyUsage contains an inefficient encoding wherein the number of 'unused bits' is declared to be 5, but it should be 7. Raw Bytes: [3 2 5 128], Raw Binary: [00000011 00000010 00000101 10000000] RFC 5280 Section describes the value of a KeyUsage to be a DER encoded BitString, which itself defines that all trailing 0 bits be counted as being "unused". (Where ITU-T Rec. X.680 | ISO/IEC 8824-1, 21.7, applies, the bitstring shall have all trailing 0 bits removed before it is encoded.)
  • Subscriber Certificate: commonName is deprecated. (BRs:

Certificate Subject


Organization: Gandi
State / Province: Paris
Locality: Paris
Country: FR

This certificate has expire since

Certificate Details

Serial Number (hex): 9e:04:d9:49:5d:d5:d0:91:dc:48:b2:5d:f1:bd:37:fc
Serial Number (int): 210043199617031295238936746374779975676
Serial Number lenght: 128 bits, 16 octets

SubjectKeyId: bf:9f:5b:f6:af:a9:e3:f9:bd:e1:a8:60:54:51:57:1f:b3:22:26:fc
AuthorityKeyId: b3:90:a7:d8:c9:af:4e:cd:61:3c:9f:7c:ad:5d:7f:41:fd:69:30:ea

Fingerprint (sha1): a4:bf:fb:0b:29:e2:07:5f:72:db:16:ff:b6:52:2b:85:22:08:e5:34
Fingerprint (sha256): 8c:05:7f:6c:6d:99:2a:2f:09:54:61:c5:85:4f:9b:d1:17:7a:a1:8c:99:f0:73:35:25:95:18:91:8d:ec:49:ea

Issuing Certificate URL:

Revocation information

OCSP Server:
CRL Distribution Point:

Check the revocation status for certificate


DNS Names


Email Addresses


IP Addresses

Advanced Certificate Properties

Tehnical certificate details for

Public Key Algorithm


Key Size


Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature

Extended Key Usages

Server Authentication
Client Authentication


10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

Other certificates including the domain name

(limited to 100 certificates)