hospizarbeit-werden.de
Issued by R3
About this certificate
This digital certificate with serial number 04:39:fa:5c:96:24:76:4f:29:36:0f:0f:93:25:34:25:89:06 was issued on by Let's Encrypt.
With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
- Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
- Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)
Certificate Subject
CN=hospizarbeit-werden.de
Let's Encrypt
Organization:
Let's Encrypt
Country:
US
This certificate has expire since
Certificate Details
Serial Number (hex): 04:39:fa:5c:96:24:76:4f:29:36:0f:0f:93:25:34:25:89:06Serial Number (int): 368178026377041962505452710449202399119622
Serial Number lenght: 139 bits, 18 octets
SubjectKeyId: f5:dc:8e:29:44:af:f9:12:1f:d6:78:ec:e3:98:9f:75:38:20:d8:45
AuthorityKeyId: 14:2e:b3:17:b7:58:56:cb:ae:50:09:40:e6:1f:af:9d:8b:14:c2:c6
Fingerprint (sha1): 7e:19:54:b6:d3:67:72:ca:bd:65:49:95:6b:2f:49:cd:82:94:c3:8f
Fingerprint (sha256): 8d:7a:de:50:22:f1:9e:93:d5:49:0a:38:7f:b9:5f:4e:7e:bc:b9:a8:bc:c5:68:50:ae:33:dd:af:35:67:4f:79
Issuing Certificate URL: http://r3.i.lencr.org/
Revocation information
OCSP Server: http://r3.o.lencr.orgCheck the revocation status for certificate hospizarbeit-werden.de
2
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for hospizarbeit-werden.de
Public Key Algorithm
RSA
Key Size
2048
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
9 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
hospizarbeit-werden.de
www.hospizarbeit-werden.de
www.hospizarbeit-werden.de
Other certificates including the domain name hospizarbeit-werden.de
(limited to 100 certificates)
Certificate
The complete raw certificate details for hospizarbeit-werden.de in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIFFjCCA/6gAwIBAgISBDn6XJYkdk8pNg8PkyU0JYkGMA0GCSqGSIb3DQEBCwUA MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD EwJSMzAeFw0yMzExMDMxMDQwNDZaFw0yNDAyMDExMDQwNDVaMCExHzAdBgNVBAMT Fmhvc3BpemFyYmVpdC13ZXJkZW4uZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw ggEKAoIBAQC2CbBj3mifm5LcgSBp+9SHNDWvdqIKL6z8BdPybtlDlnxvhkbNKOJa j7Osp6F4Tw+GQ2BekBLJjIBd9jP/MSyW1CmdMxQrurEVRhsYtDOl49E3KLpFeffg ZciserUJpZcWBuG71bj93N6nJiMnlNMcilzXewtS7qA6roFm9X5gNk+eAM1GfsZM SgEKhO9malsWaB2CoyyK9FU+3g5k6/2PxaOeo6GCiOUMInOJwXoMZiYFGiASHMTG Tq8QCqbWjqeqLS6b5Kg8FOEf89bhzLfPsgqlCYF1NG1EwnKZTZgT2VjtuNAQqLdQ fD8dCcg/h8YXckO0+l2sX/yMnlZn1U3NAgMBAAGjggI1MIICMTAOBgNVHQ8BAf8E BAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQC MAAwHQYDVR0OBBYEFPXcjilEr/kSH9Z47OOYn3U4INhFMB8GA1UdIwQYMBaAFBQu sxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYV aHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5s ZW5jci5vcmcvMD0GA1UdEQQ2MDSCFmhvc3BpemFyYmVpdC13ZXJkZW4uZGWCGnd3 dy5ob3NwaXphcmJlaXQtd2VyZGVuLmRlMBMGA1UdIAQMMAowCAYGZ4EMAQIBMIIB BQYKKwYBBAHWeQIEAgSB9gSB8wDxAHcAO1N3dT4tuYBOizBbBv5AO2fYT8P0x70A DS1yb+H61BcAAAGLlPxWewAABAMASDBGAiEAjN51e9GwfZ2PuG41jyYzFUPM7zbx ISWtz4UN2pGE2soCIQCPbzE6PGhI9RFQM9ev5yImFRnamZyKbosNnjPuyCDaVQB2 AHb/iD8KtvuVUcJhzPWHujS0pM27KdxoQgqf5mdMWjp0AAABi5T8WKYAAAQDAEcw RQIgXnxiPoNkt8Z9oAuTIXg7T5i5LOncDXaVfOabbBrF3yQCIQDOm+pT5MJZuQXN 7TY6TowIygzsX96a6HPDpLUUbEPbFTANBgkqhkiG9w0BAQsFAAOCAQEAVPGSjcZE DEIzx8YcyAHUglv+3nAkb5kUI9RXHk+IfXR6y1y+AIsIKasERhzzehb61EXsTBth 7PTAF4OsW/ZQNVuy1yfmKnZc37uF+yC0gqhuV0hGUQqBGHE08K4DnXKWu2SfclX1 lbG8czSQZuEXa9EhxPZjdScyAPxHxRk/QX/z0cOwSchDbKPnM17jxHK8Qyha0Ehq LM6E8AMgPjNSWcUTGOOTbGwCl30FcvTtiGSdgKfXixZEDG/C0k52JJ6+fveSlY1K oABCB9fFCJwPvGIhMI4ZsuTzLrc6RkWkFB4kkbCtTFdw1tPAMDckDVDNrxDi405r 3kSqRUhX4FevBw== -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtgmwY95on5uS3IEgafvU hzQ1r3aiCi+s/AXT8m7ZQ5Z8b4ZGzSjiWo+zrKeheE8PhkNgXpASyYyAXfYz/zEs ltQpnTMUK7qxFUYbGLQzpePRNyi6RXn34GXIrHq1CaWXFgbhu9W4/dzepyYjJ5TT HIpc13sLUu6gOq6BZvV+YDZPngDNRn7GTEoBCoTvZmpbFmgdgqMsivRVPt4OZOv9 j8WjnqOhgojlDCJzicF6DGYmBRogEhzExk6vEAqm1o6nqi0um+SoPBThH/PW4cy3 z7IKpQmBdTRtRMJymU2YE9lY7bjQEKi3UHw/HQnIP4fGF3JDtPpdrF/8jJ5WZ9VN zQIDAQAB -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 368178026377041962505452710449202399119622 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'R3' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-11-03 10:40:46 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-02-01 10:40:45 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'hospizarbeit-werden.de' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 22980149339568650786235527628822534696204296271999363159421487892417070769578961016368732776615024514089570188279095818053154603370907651586905372447940476208718820597240531709004710156296350390240997259099629627233431719979008604731533843704664980167054026059768333230409087639265838904426757278145642846219513276893507059973413890121272244667279459977616261921143325804229991746481570942709399856331553953201637713368613190378867985786711719385120819039339427587355613262552384902621452264337352785404181659956219993728368970015186476592416742493011308095688122463075381705511738886507528778574143615631267202420173 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) f5dc8e2944aff9121fd678ece3989f753820d845 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 142eb317b75856cbae500940e61faf9d8b14c2c6 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (73 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.o.lencr.org' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.i.lencr.org/' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (54 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'hospizarbeit-werden.de' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.hospizarbeit-werden.de' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (246 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (243 bytes) 00f10077003b5377753e2db9804e8b305b06fe403b67d84fc3f4c7bd000d2d726fe1fad4170000018b94fc567b00000403004830460221008cde757bd1b07d9d8fb86e358f26331543ccef36f12125adcf850dda9184daca0221008f6f313a3c6848f5115033d7afe722261519da999c8a6e8b0d9e33eec820da5500760076ff883f0ab6fb9551c261ccf587ba34b4a4cdbb29dc68420a9fe6674c5a3a740000018b94fc58a6000004030047304502205e7c623e8364b7c67da00b9321783b4f98b92ce9dc0d76957ce69b6c1ac5df24022100ce9bea53e4c259b905cded363a4e8c08ca0cec5fde9ae873c3a4b5146c43db15 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 0054f1928dc6440c4233c7c61cc801d4825bfede70246f991423d4571e4f887d747acb5cbe008b0829ab04461cf37a16fad445ec4c1b61ecf4c01783ac5bf650355bb2d727e62a765cdfbb85fb20b482a86e574846510a81187134f0ae039d7296bb649f7255f595b1bc73349066e1176bd121c4f66375273200fc47c5193f417ff3d1c3b049c8436ca3e7335ee3c472bc43285ad0486a2cce84f003203e335259c51318e3936c6c02977d0572f4ed88649d80a7d78b16440c6fc2d24e76249ebe7ef792958d4aa0004207d7c5089c0fbc6221308e19b2e4f32eb73a4645a4141e2491b0ad4c5770d6d3c03037240d50cdaf10e2e34e6bde44aa454857e057af07