brightsavant.com
Issued by R3
About this certificate
This digital certificate with serial number 03:b2:69:92:0a:ac:1e:fe:ec:c3:42:58:92:6e:72:0a:c4:4a was issued on by Let's Encrypt.
This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
- Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
- Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)
Certificate Subject
CN=brightsavant.com
Let's Encrypt
Organization:
Let's Encrypt
Country:
US
This certificate has expire since
Certificate Details
Serial Number (hex): 03:b2:69:92:0a:ac:1e:fe:ec:c3:42:58:92:6e:72:0a:c4:4aSerial Number (int): 322047446338567481412344422381297565615178
Serial Number lenght: 138 bits, 18 octets
SubjectKeyId: 82:64:d7:9e:80:37:7d:df:7b:de:bd:94:22:17:be:b6:84:6c:79:eb
AuthorityKeyId: 14:2e:b3:17:b7:58:56:cb:ae:50:09:40:e6:1f:af:9d:8b:14:c2:c6
Fingerprint (sha1): 48:c5:47:09:fb:2b:8a:b8:14:5d:05:1c:c4:45:20:4c:14:c9:16:ca
Fingerprint (sha256): 98:22:e0:74:56:a3:21:5b:29:38:ec:33:d3:05:54:14:55:2a:f0:33:db:18:81:1f:0e:30:7d:fc:ef:fa:a8:ab
Issuing Certificate URL: http://r3.i.lencr.org/
Revocation information
OCSP Server: http://r3.o.lencr.orgCheck the revocation status for certificate brightsavant.com
1
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for brightsavant.com
Public Key Algorithm
RSA
Key Size
4096
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
9 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
brightsavant.com
Other certificates including the domain name brightsavant.com
(limited to 100 certificates)
Certificate
The complete raw certificate details for brightsavant.com in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIF7TCCBNWgAwIBAgISA7JpkgqsHv7sw0JYkm5yCsRKMA0GCSqGSIb3DQEBCwUA MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD EwJSMzAeFw0yNDAzMDEwNzMzMTBaFw0yNDA1MzAwNzMzMDlaMBsxGTAXBgNVBAMT EGJyaWdodHNhdmFudC5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC AQD2G7tODOaUyfPIL0hiG+7UX/qSVrDZ7/6pyFDPvlehU7Nt/e9BWsuXID/yWigI gvx1iesRWFNH9CO+N02rTO4lp5LYvhvoNKn+SU+jVj4Adsy2p+5bk0EFZaO9TS6Q s+i3hIqhU9CPCjeY15ahPS68yEYRIAG7OYP/J1FKy63kMoAQO/jl0q9onRx0QLsj aSynWdvcro8hPEbRgjYhscfmGdOpJwnKF996XdhiZRIw8PzqqL6lgAEhBKaENFC9 rOIEor8SWl2glHxEIotsco/n4tgVuWdB2jn1mVtG5kUomJNxwbJMqr6j/3faFpEd KX9QlSUneHmzGwa2fNea1oTMcN3QUgvayiExGXvXo41x+81pHoJ4WivRsf/9TwcH KNJkckGBtd2bI7mPqa5mFh4ITa7dV6SPu6iuH9YVO4dNdSMZSFS8MpnIpLqy/vbe P/fRqY6qytmysvt10Kv8r2uNSSZCObbTYcFINBcPplcSqmS09oPsSVX+J3zH5BET zRmTYlfukCt/qb9fJwIWUZA+Jxxvmj4C5Uiv40+T/4Bu/akoa54q3EZ9ttCPYsNh bmSpNKv4oP+Vji2xCQcEYzqH5hbGdCtXsLzoAvL63tbqMW3TeKVJIGq6yUS6xS8Y 3DOECrVuqOrI4SzKM8PiARtNa/L3XLaT1aMFGUzqCJjNaQIDAQABo4ICEjCCAg4w DgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAM BgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSCZNeegDd933vevZQiF762hGx56zAfBgNV HSMEGDAWgBQULrMXt1hWy65QCUDmH6+dixTCxjBVBggrBgEFBQcBAQRJMEcwIQYI KwYBBQUHMAGGFWh0dHA6Ly9yMy5vLmxlbmNyLm9yZzAiBggrBgEFBQcwAoYWaHR0 cDovL3IzLmkubGVuY3Iub3JnLzAbBgNVHREEFDASghBicmlnaHRzYXZhbnQuY29t MBMGA1UdIAQMMAowCAYGZ4EMAQIBMIIBBAYKKwYBBAHWeQIEAgSB9QSB8gDwAHYA O1N3dT4tuYBOizBbBv5AO2fYT8P0x70ADS1yb+H61BcAAAGN+SVY/wAABAMARzBF AiEAu5obMD2LFo+mPckSttXQxWJsreZyj3L+GWxajY2eMQUCIHRvAcb/Ie+bu9ky zRqUPBf3XGr3cnSQf2kSNyCRqQBiAHYA7s3QZNXbGs7FXLedtM0TojKHRny87N7D UUhZRnEftZsAAAGN+SVY+wAABAMARzBFAiAZcOMk5lNH9Knw/4YQSfMVid2TdvkU YiSnoZ/obh4aWgIhALwxEUEaCn1tm3ZF88+a4UN3h1qP3bxaFhc9B9hmI5L/MA0G CSqGSIb3DQEBCwUAA4IBAQBNHmK/viqJ7dnVtP+TcgtpUV1LifGUAChJwLXd/DJn ecWPW1wLl3jTlq3OAI02bQTq1ItA855RCZQblg6raNDmVuqt4KeiNr9bd9eIMukJ fly5pFuuTTfHQOWXvX/WcwG1MdOXX/j+su88BShGa+eLqJ4jt2qmgTZZrJKkui7B rnwSs0nRfiwViS0sLav744543Xn7mRtn2GWHV0j2G3zdEZQWlfH+dHOfLaw0gNF4 /eTH3O8JwnWYxcg9cRdEF82qm8O5XYx6x5Ma5xrLI30cR5zRnPaizHSvrXO+WSLQ oXsh/jgTUnwcxRCTGEejvya4onvAiqH11/luY/FwUpGX -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA9hu7TgzmlMnzyC9IYhvu 1F/6klaw2e/+qchQz75XoVOzbf3vQVrLlyA/8looCIL8dYnrEVhTR/QjvjdNq0zu JaeS2L4b6DSp/klPo1Y+AHbMtqfuW5NBBWWjvU0ukLPot4SKoVPQjwo3mNeWoT0u vMhGESABuzmD/ydRSsut5DKAEDv45dKvaJ0cdEC7I2ksp1nb3K6PITxG0YI2IbHH 5hnTqScJyhffel3YYmUSMPD86qi+pYABIQSmhDRQvaziBKK/ElpdoJR8RCKLbHKP 5+LYFblnQdo59ZlbRuZFKJiTccGyTKq+o/932haRHSl/UJUlJ3h5sxsGtnzXmtaE zHDd0FIL2sohMRl716ONcfvNaR6CeFor0bH//U8HByjSZHJBgbXdmyO5j6muZhYe CE2u3Vekj7uorh/WFTuHTXUjGUhUvDKZyKS6sv723j/30amOqsrZsrL7ddCr/K9r jUkmQjm202HBSDQXD6ZXEqpktPaD7ElV/id8x+QRE80Zk2JX7pArf6m/XycCFlGQ Piccb5o+AuVIr+NPk/+Abv2pKGueKtxGfbbQj2LDYW5kqTSr+KD/lY4tsQkHBGM6 h+YWxnQrV7C86ALy+t7W6jFt03ilSSBquslEusUvGNwzhAq1bqjqyOEsyjPD4gEb TWvy91y2k9WjBRlM6giYzWkCAwEAAQ== -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 322047446338567481412344422381297565615178 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'R3' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-03-01 07:33:10 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-05-30 07:33:09 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'brightsavant.com' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 1004034375502520655911482973495038814443328105215891054871984307664867211250594912961066989334421730267331498567048377086913862860425371590761358132383768671872895529961337181647569443036547986913256233080487916376958835953586604225201169208177283189126827310745402460068129054694836980781183161177307360893360097492941361079464951707475213616636712446635833338747658352432900933395629438960756925655148824539866066732914312194840702221231575934424813225622666299067457915086366490166376426393758953749020661386634932304930023262754549747755991669533180605696830391038613815520527474439351832698275254605229655425320270523546144414863709019269217928009367654464717006093447530423226148988857031605429289040398440175643486126431764208427380604966600557958885226131612014682089484836322769652474515612999077106678758558878126443125397069927892689283457001827593370495742634196847314143923769405579432483742327346296704313525048411097215090186869893821741433090793605621592833448368784090356237005090981757433915456120114849678708810954793574192461014552799559154397504653252690891866657373387957542068859988922170631879206278695397412049101584812236381756860034316714003593024580003085022142825803595499094589822288023581240145951116649 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) 8264d79e80377ddf7bdebd942217beb6846c79eb . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 142eb317b75856cbae500940e61faf9d8b14c2c6 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (73 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.o.lencr.org' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.i.lencr.org/' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'brightsavant.com' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (245 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (242 bytes) 00f00076003b5377753e2db9804e8b305b06fe403b67d84fc3f4c7bd000d2d726fe1fad4170000018df92558ff0000040300473045022100bb9a1b303d8b168fa63dc912b6d5d0c5626cade6728f72fe196c5a8d8d9e31050220746f01c6ff21ef9bbbd932cd1a943c17f75c6af77274907f6912372091a90062007600eecdd064d5db1acec55cb79db4cd13a23287467cbcecdec351485946711fb59b0000018df92558fb000004030047304502201970e324e65347f4a9f0ff861049f31589dd9376f9146224a7a19fe86e1e1a5a022100bc3111411a0a7d6d9b7645f3cf9ae14377875a8fddbc5a16173d07d8662392ff . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 004d1e62bfbe2a89edd9d5b4ff93720b69515d4b89f194002849c0b5ddfc326779c58f5b5c0b9778d396adce008d366d04ead48b40f39e5109941b960eab68d0e656eaade0a7a236bf5b77d78832e9097e5cb9a45bae4d37c740e597bd7fd67301b531d3975ff8feb2ef3c0528466be78ba89e23b76aa6813659ac92a4ba2ec1ae7c12b349d17e2c15892d2c2dabfbe38e78dd79fb991b67d865875748f61b7cdd11941695f1fe74739f2dac3480d178fde4c7dcef09c27598c5c83d71174417cdaa9bc3b95d8c7ac7931ae71acb237d1c479cd19cf6a2cc74afad73be5922d0a17b21fe3813527c1cc510931847a3bf26b8a27bc08aa1f5d7f96e63f170529197