www.kiveld.nl

Issued by R3

About this certificate

This digital certificate with serial number 03:5f:27:7b:d4:b6:15:fa:c2:d3:2a:ee:02:db:c7:b2:85:1c was issued on by Let's Encrypt.

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Certificate Subject

CN=www.kiveld.nl

Let's Encrypt

Organization: Let's Encrypt
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 03:5f:27:7b:d4:b6:15:fa:c2:d3:2a:ee:02:db:c7:b2:85:1c
Serial Number (int): 293716165511416269360179689251995470955804
Serial Number lenght: 138 bits, 18 octets

SubjectKeyId: 85:be:da:e9:ff:90:34:9d:33:0f:9c:b2:10:97:c4:fb:5f:30:e8:dd
AuthorityKeyId: 14:2e:b3:17:b7:58:56:cb:ae:50:09:40:e6:1f:af:9d:8b:14:c2:c6

Fingerprint (sha1): c8:60:fa:26:ce:18:b7:b8:88:cd:8a:fa:47:f6:7e:e9:5e:50:63:74
Fingerprint (sha256): 98:6c:cd:3a:fb:f4:a6:9e:e9:b7:79:6d:20:68:2f:33:88:4c:08:d7:8d:2f:cf:ed:63:30:b4:3a:55:83:0d:7a

Issuing Certificate URL: http://r3.i.lencr.org/

Revocation information

OCSP Server: http://r3.o.lencr.org

Check the revocation status for certificate www.kiveld.nl

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for www.kiveld.nl

Public Key Algorithm

RSA

Key Size

3072

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

kiveld.nl
www.kiveld.nl

Other certificates including the domain name kiveld.nl

(limited to 100 certificates)
extranet.kiveld.nl
www.kiveld.nl
extranet.kiveld.nl
cicero.kiveld.nl
portal.kiveld.nl
outlook.kiveld.nl
www.kiveld.nl
www.kiveld.nl
outlook.kiveld.nl
www.kiveld.nl
www.kiveld.nl
extranet.kiveld.nl
extranet.kiveld.nl
www.kiveld.nl

Certificate

The complete raw certificate details for www.kiveld.nl in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIFcDCCBFigAwIBAgISA18ne9S2FfrC0yruAtvHsoUcMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMzEyMjkwMjAwNDRaFw0yNDAzMjgwMjAwNDNaMBgxFjAUBgNVBAMT
DXd3dy5raXZlbGQubmwwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQCP
zQpERuW06P3zrzUha6w/DS0dOlBR0sNQx+/2BPHQkeynqu7SAq4Bvcl0YMbJ9Jq2
4OkOK0/zXz/e5+2JgfXvqHxz7K6McWERJ2jvf9crOQ+hXYBLoSneMHWvbWTRnIpm
a0Ew8kRongmFO8TxVergtSPLGvCuAQHRE/Xw0f4BC19ovoZK4AWrWOq7XrSSopW2
46YsJHfi6wrKkMZpJBNYtKI0B1uhanuPSra2BznM2LsKJ9/nH9MTxL7dCMhTpZfi
I2DudMyXMh8zhys57g/SvLSC09h3Z2tKKr3P3XmnKs6r/g9BPzTJIbiHZnmfQ8O3
7/IiUghsaO4/UrhsupgVrp2ZvWM8ZZXSRSiH7CDpXWo8Hs2GszJSqnVsOtcnukat
g3qXlQUtSGEbMJg4axcYWFUEeWd2H8knSZFslJj+XCoZcA0+1f3q611tJCgakzCX
VK6+TRrdmHxRdPvB58p/OXZzb5BVbLn87uIOr/N6nJ9wPBydFRfdXB4Rji6fByMC
AwEAAaOCAhgwggIUMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcD
AQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUhb7a6f+QNJ0zD5yy
EJfE+18w6N0wHwYDVR0jBBgwFoAUFC6zF7dYVsuuUAlA5h+vnYsUwsYwVQYIKwYB
BQUHAQEESTBHMCEGCCsGAQUFBzABhhVodHRwOi8vcjMuby5sZW5jci5vcmcwIgYI
KwYBBQUHMAKGFmh0dHA6Ly9yMy5pLmxlbmNyLm9yZy8wIwYDVR0RBBwwGoIJa2l2
ZWxkLm5sgg13d3cua2l2ZWxkLm5sMBMGA1UdIAQMMAowCAYGZ4EMAQIBMIIBAgYK
KwYBBAHWeQIEAgSB8wSB8ADuAHYAO1N3dT4tuYBOizBbBv5AO2fYT8P0x70ADS1y
b+H61BcAAAGMs4RbRAAABAMARzBFAiBVO3/kZirrQ31HRta1d14voddPpspaf3BH
8lWA527g7wIhAIG7cKdF+J1q95N32Li/gobjDU8eqgxipfq2Bn1Dhm+oAHQA7s3Q
ZNXbGs7FXLedtM0TojKHRny87N7DUUhZRnEftZsAAAGMs4RbigAABAMARTBDAh8J
4kPUZ0PrfDrAgTV9MhU2QEIQ3GO2e4+C7EVbvXZyAiByRWsE6CE9TzhaZnKQeJ4M
qPgIp4FmuqdAyPuknzjfsTANBgkqhkiG9w0BAQsFAAOCAQEAOmOW8PUAuT6pG08I
OfIL3mV1AVjVhMOt4RajXhZPnUGBiqw8E0KLQg5wfvdWoaY42eLX1y9smWcEszgv
vAxUhVP+80UzP7J8jAmUicyiYAakaMwmtYM7l1fzrWL3D9USpxlt9MJ47QSm23yj
qxv2yiNXRAqZU2k0aOpkJZgnZ0Srgl3h3E8Qm8Bz6NPrGgjg/9+pZm9v+r+GjPjn
olYd7XMHYf5klQ3kVztI9hsGB3WqiptbDO7Ypp712u7G1a3KvpU26vRc4z0c5UA5
P+V3XsA5v7OGZkumzWewcvt2q/VE0Ns8PGAAOnZ6WMHzJknSR80/U6bF1oH6X+xo
Cfjzzg==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAj80KREbltOj98681IWus
Pw0tHTpQUdLDUMfv9gTx0JHsp6ru0gKuAb3JdGDGyfSatuDpDitP818/3uftiYH1
76h8c+yujHFhESdo73/XKzkPoV2AS6Ep3jB1r21k0ZyKZmtBMPJEaJ4JhTvE8VXq
4LUjyxrwrgEB0RP18NH+AQtfaL6GSuAFq1jqu160kqKVtuOmLCR34usKypDGaSQT
WLSiNAdboWp7j0q2tgc5zNi7Ciff5x/TE8S+3QjIU6WX4iNg7nTMlzIfM4crOe4P
0ry0gtPYd2drSiq9z915pyrOq/4PQT80ySG4h2Z5n0PDt+/yIlIIbGjuP1K4bLqY
Fa6dmb1jPGWV0kUoh+wg6V1qPB7NhrMyUqp1bDrXJ7pGrYN6l5UFLUhhGzCYOGsX
GFhVBHlndh/JJ0mRbJSY/lwqGXANPtX96utdbSQoGpMwl1Suvk0a3Zh8UXT7wefK
fzl2c2+QVWy5/O7iDq/zepyfcDwcnRUX3VweEY4unwcjAgMBAAE=
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 293716165511416269360179689251995470955804
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'R3'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-12-29 02:00:44 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-03-28 02:00:43 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.kiveld.nl'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3184 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 3263385902372319086960026186948166428197031439830319441103717401726579541462430440060156422331347661737839896267376183564937078316459575709843852933470667756838474473132303437757478952225635259704640008289809385934038728330742611857910106981475554046545347822191323701071335438233957380604844922720199254505313536469634596137115610135884738331246458858061462584385298520781408776551787413423449938339105814611379292001852140658676713844303520180824174058579300289815128682300856320128921831760873506549958305178461234693256419336173952871102545229128997280074029996925434254629227784246622208036752271325702280923276247642564173383451595284492271998581904811936618907939583863538610068592301073106729803653412696904489230613150351145111124168088186858554551443562227171172129949384097785256980625557522131946713630478244386744386166133288757256340992568696348695816500145860327601850999589511843247337131788790078348749375267
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							85bedae9ff90349d330f9cb21097c4fb5f30e8dd
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 142eb317b75856cbae500940e61faf9d8b14c2c6
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (73 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.o.lencr.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.i.lencr.org/'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (28 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'kiveld.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.kiveld.nl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (243 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (240 bytes)
							00ee0076003b5377753e2db9804e8b305b06fe403b67d84fc3f4c7bd000d2d726fe1fad4170000018cb3845b4400000403004730450220553b7fe4662aeb437d4746d6b5775e2fa1d74fa6ca5a7f7047f25580e76ee0ef02210081bb70a745f89d6af79377d8b8bf8286e30d4f1eaa0c62a5fab6067d43866fa8007400eecdd064d5db1acec55cb79db4cd13a23287467cbcecdec351485946711fb59b0000018cb3845b8a0000040300453043021f09e243d46743eb7c3ac081357d321536404210dc63b67b8f82ec455bbd7672022072456b04e8213d4f385a667290789e0ca8f808a78166baa740c8fba49f38dfb1
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		003a6396f0f500b93ea91b4f0839f20bde65750158d584c3ade116a35e164f9d41818aac3c13428b420e707ef756a1a638d9e2d7d72f6c996704b3382fbc0c548553fef345333fb27c8c099489cca26006a468cc26b5833b9757f3ad62f70fd512a7196df4c278ed04a6db7ca3ab1bf6ca2357440a9953693468ea642598276744ab825de1dc4f109bc073e8d3eb1a08e0ffdfa9666f6ffabf868cf8e7a2561ded730761fe64950de4573b48f61b060775aa8a9b5b0ceed8a69ef5daeec6d5adcabe9536eaf45ce33d1ce540393fe5775ec039bfb386664ba6cd67b072fb76abf544d0db3c3c60003a767a58c1f32649d247cd3f53a6c5d681fa5fec6809f8f3ce