nexrun.ca
Issued by R3
About this certificate
This digital certificate with serial number 03:6f:b9:37:be:10:8a:ac:f8:f6:c3:32:ab:40:f6:f9:82:c7 was issued on by Let's Encrypt.
With 4 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
- Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
- Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)
Certificate Subject
CN=nexrun.ca
Let's Encrypt
Organization:
Let's Encrypt
Country:
US
This certificate has expire since
Certificate Details
Serial Number (hex): 03:6f:b9:37:be:10:8a:ac:f8:f6:c3:32:ab:40:f6:f9:82:c7Serial Number (int): 299354397134020731572653834989837049496263
Serial Number lenght: 138 bits, 18 octets
SubjectKeyId: 3b:18:c4:a3:9b:f5:c4:70:ec:3d:04:3d:42:01:c7:33:c4:73:87:1b
AuthorityKeyId: 14:2e:b3:17:b7:58:56:cb:ae:50:09:40:e6:1f:af:9d:8b:14:c2:c6
Fingerprint (sha1): de:60:df:49:ef:e6:14:b3:d8:f7:e4:f6:85:04:52:f5:2c:e9:74:a0
Fingerprint (sha256): 8e:25:0c:85:f9:65:46:4d:3e:54:59:c8:cb:0e:c5:9a:ad:7e:ea:41:1c:6b:9f:79:42:d2:f6:ec:a0:1c:d2:bd
Issuing Certificate URL: http://r3.i.lencr.org/
Revocation information
OCSP Server: http://r3.o.lencr.orgCheck the revocation status for certificate nexrun.ca
4
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for nexrun.ca
Public Key Algorithm
RSA
Key Size
2048
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
9 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
nexrun.ca
sajb.ca
www.nexrun.ca
www.sajb.ca
sajb.ca
www.nexrun.ca
www.sajb.ca
Other certificates including the domain name nexrun.ca
(limited to 100 certificates)
Certificate
The complete raw certificate details for nexrun.ca in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIFBjCCA+6gAwIBAgISA2+5N74Qiqz49sMyq0D2+YLHMA0GCSqGSIb3DQEBCwUA MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD EwJSMzAeFw0yNDAzMDYxNTE5MTNaFw0yNDA2MDQxNTE5MTJaMBQxEjAQBgNVBAMT CW5leHJ1bi5jYTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL6CoAuT EHZSkbQ2lp+gQdoDxscQy89Ud6VbfOvz9xX7kQjBO/iTfn0WDixia8oePSc9eU7e WugvwtqC9gu5S/olkKxT5J6qigCwfpcGhryqWoqz52+ZRQZfuyeXvtYRCdfTbXiu ky4My25OdHq8NRdlhzcdaKrcc9jNs5XnJRjyw8HwvpeirqgCsOCPITnO99BV9BS4 1wyNMyApjpWjE/aL+GDF7M88Zep+KoZAy0ZaB6EGj7e+sr8LR+2003PPlqs1tJ62 T6saDJWbfUb/PyBKW44rpfqN4TOpqjvzm/6/0o8H9zSzaOyWK3phYcP0E0DO5oSj KTdiiyVzgL1WAqMCAwEAAaOCAjIwggIuMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUE FjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU OxjEo5v1xHDsPQQ9QgHHM8RzhxswHwYDVR0jBBgwFoAUFC6zF7dYVsuuUAlA5h+v nYsUwsYwVQYIKwYBBQUHAQEESTBHMCEGCCsGAQUFBzABhhVodHRwOi8vcjMuby5s ZW5jci5vcmcwIgYIKwYBBQUHMAKGFmh0dHA6Ly9yMy5pLmxlbmNyLm9yZy8wOQYD VR0RBDIwMIIJbmV4cnVuLmNhggdzYWpiLmNhgg13d3cubmV4cnVuLmNhggt3d3cu c2FqYi5jYTATBgNVHSAEDDAKMAgGBmeBDAECATCCAQYGCisGAQQB1nkCBAIEgfcE gfQA8gB3AEiw42vapkc0D+VqAvqdMOscUgHLVt0sgdm7v6s52IRzAAABjhSP0+MA AAQDAEgwRgIhAK26XWA7DSvtxsvGKKfCwdIOJP0f1nRrG4HvYQeA6L31AiEAw/6f og3N4PwvqbjQiVocOZ8W9h8qQuoHzLbaRY/VL9kAdwA7U3d1Pi25gE6LMFsG/kA7 Z9hPw/THvQANLXJv4frUFwAAAY4Uj9PjAAAEAwBIMEYCIQDdb3ZBNS5e/JY7sJmv ftgh6dkR7uCl7/bxEjpyJ9uCbAIhANj2DOLeUwsmpcKxMWY8+pdypRtD3CXewGdC /0q+Kg6bMA0GCSqGSIb3DQEBCwUAA4IBAQCzcjb6gyH3nTlQtDWUCv9xmmup5e9H xCRabxa6jZ4udNDD71eQrlffiRKRxnCD2i79oAyocOvI1m93YIt+R77OT0wKufPi kk06IVrdcelFwqTMk81KIahs5wGe9cIo7joradSpsIHokB7U6smUUadOxsBwIMw7 jO6NpFQLaYzSXCyRstYjCgsspc00IuSlqqT3d3uuGHSNc+N2HVrfozeB84/J/SdH h5g9aqIHAE7a95mGOZCndHalXhGZxV9B50sCTndwoEBIVHYTlUuxDmWiR+ezQaN2 Cllk5FtvXoK7kFt6XLzLjJ2XgTIw4+jWqwqDeFSvyy+IsBZyylZRFFOg -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvoKgC5MQdlKRtDaWn6BB 2gPGxxDLz1R3pVt86/P3FfuRCME7+JN+fRYOLGJryh49Jz15Tt5a6C/C2oL2C7lL +iWQrFPknqqKALB+lwaGvKpairPnb5lFBl+7J5e+1hEJ19NteK6TLgzLbk50erw1 F2WHNx1oqtxz2M2zleclGPLDwfC+l6KuqAKw4I8hOc730FX0FLjXDI0zICmOlaMT 9ov4YMXszzxl6n4qhkDLRloHoQaPt76yvwtH7bTTc8+WqzW0nrZPqxoMlZt9Rv8/ IEpbjiul+o3hM6mqO/Ob/r/Sjwf3NLNo7JYremFhw/QTQM7mhKMpN2KLJXOAvVYC owIDAQAB -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 299354397134020731572653834989837049496263 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'R3' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-03-06 15:19:13 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-06-04 15:19:12 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'nexrun.ca' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 24049691618869266494592522396802191219027017499008377184441229153153607592619673441602079647612167458640209536014674674939444784640519002835648522752758599861440529031650460988777516253933644826276192985224261511617339963384475986714510267180454731917712069439184758938879497155780309985742409281728514894819440587838444576404384647576978957146721680854854390827515012417267649148191493866613331176069898508169299460216769414622508071675522193809604811488509206402181223111063768569016485806128292170156517796256518909947849440840016530465317088142106858430974455357901201937246088549912061963729930183155022441087651 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) 3b18c4a39bf5c470ec3d043d4201c733c473871b . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 142eb317b75856cbae500940e61faf9d8b14c2c6 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (73 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.o.lencr.org' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.i.lencr.org/' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (50 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'nexrun.ca' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'sajb.ca' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.nexrun.ca' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.sajb.ca' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (247 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (244 bytes) 00f200770048b0e36bdaa647340fe56a02fa9d30eb1c5201cb56dd2c81d9bbbfab39d884730000018e148fd3e30000040300483046022100adba5d603b0d2bedc6cbc628a7c2c1d20e24fd1fd6746b1b81ef610780e8bdf5022100c3fe9fa20dcde0fc2fa9b8d0895a1c399f16f61f2a42ea07ccb6da458fd52fd90077003b5377753e2db9804e8b305b06fe403b67d84fc3f4c7bd000d2d726fe1fad4170000018e148fd3e30000040300483046022100dd6f7641352e5efc963bb099af7ed821e9d911eee0a5eff6f1123a7227db826c022100d8f60ce2de530b26a5c2b131663cfa9772a51b43dc25dec06742ff4abe2a0e9b . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 00b37236fa8321f79d3950b435940aff719a6ba9e5ef47c4245a6f16ba8d9e2e74d0c3ef5790ae57df891291c67083da2efda00ca870ebc8d66f77608b7e47bece4f4c0ab9f3e2924d3a215add71e945c2a4cc93cd4a21a86ce7019ef5c228ee3a2b69d4a9b081e8901ed4eac99451a74ec6c07020cc3b8cee8da4540b698cd25c2c91b2d6230a0b2ca5cd3422e4a5aaa4f7777bae18748d73e3761d5adfa33781f38fc9fd274787983d6aa207004edaf799863990a77476a55e1199c55f41e74b024e7770a04048547613954bb10e65a247e7b341a3760a5964e45b6f5e82bb905b7a5cbccb8c9d97813230e3e8d6ab0a837854afcb2f88b01672ca56511453a0