mail.da.lv
Issued by StartCom Class 1 DV Server CA
About this certificate
This digital certificate with serial number 65:53:79:1e:c0:74:f0:6b:06:bf:62:f6:3a:ae:6c:89 was issued on by StartCom Ltd..
With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)
- The keyUsage extension SHOULD be critical (RFC 5280: 4.2.1.3)
Certificate Subject
CN=mail.da.lv
StartCom Ltd.
Organization:
StartCom Ltd.
Organization unit: StartCom Certification Authority
Organization unit: StartCom Certification Authority
Country:
IL
This certificate has expire since
Certificate Details
Serial Number (hex): 65:53:79:1e:c0:74:f0:6b:06:bf:62:f6:3a:ae:6c:89Serial Number (int): 134685444821504303759521240583026666633
Serial Number lenght: 127 bits, 16 octets
SubjectKeyId: cf:b7:ff:20:55:66:52:88:f5:b2:c7:ea:41:3d:c8:cb:99:7a:e5:71
AuthorityKeyId: d7:91:4e:01:c4:b0:bf:f8:c8:67:93:44:9c:e7:33:fa:ad:93:0c:af
Fingerprint (sha1): 00:59:fd:f6:3a:42:be:59:a1:c1:ab:73:8d:51:d0:47:21:32:d3:d3
Fingerprint (sha256): 9d:11:eb:fe:3f:71:f3:6d:c7:46:82:09:94:b8:b0:f4:52:1a:54:53:e5:08:68:04:c8:97:b0:54:bd:27:57:1c
Issuing Certificate URL: http://aia.startssl.com/certs/sca.server1.crt
Revocation information
OCSP Server: http://ocsp.startssl.comCRL Distribution Point: http://crl.startssl.com/sca-server1.crl
Check the revocation status for certificate mail.da.lv
2
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for mail.da.lv
Public Key Algorithm
RSA
Key Size
4096
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Client Authentication
Server Authentication
Extensions
10 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
mail.da.lv
da.lv
da.lv
Other certificates including the domain name da.lv
(limited to 100 certificates)
Certificate
The complete raw certificate details for mail.da.lv in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIF1DCCBLygAwIBAgIQZVN5HsB08GsGv2L2Oq5siTANBgkqhkiG9w0BAQsFADB4 MQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjEpMCcGA1UECxMg U3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxJjAkBgNVBAMTHVN0YXJ0 Q29tIENsYXNzIDEgRFYgU2VydmVyIENBMB4XDTE2MDEyODIwMTYxMloXDTE3MDEy ODIwMTYxMlowFTETMBEGA1UEAwwKbWFpbC5kYS5sdjCCAiIwDQYJKoZIhvcNAQEB BQADggIPADCCAgoCggIBANjArH0D8tMjLSd0CSi1GqkXmztEkPgHPg9UT8FdkJak mo8tV/kWjdoSt6x+JVX8JmKZlADVySZxmTrp1lo2xh6rI6srcAFZPN1unJVUu0Yn QWloJJufTkB+sOo8p33lbvlnYaYI37LPeNNPi+KjLe6E5CxMDGACal2Dx+LxkHeD 6e3/oMX8YmfaiXKfO15ULvRxUy2dCQMFGMy7J9PXvq+Zis3kk+NGUd4wnWlLLYMy Ux/xpt+i3AdPdQ36wtb3PnJB4zfcqqzhUDoC8O8q5fVbGS97UvElCpoqPABY/NXM soTNuFACuGH4ftnDRmqRyW8zSi2OT61UQVq43kOMgbNLDOBejyXYdp1Bpu52v5EX HzDLmvv3aYyBnehakvoQ+jBCoWRJRzc2X1G1GLKZbFJ4pL7c3lnMw3tOiMElZe5x gA84dSw5UFSlVx9FupV6cNGoN6cMV01XrMrpRYnK/DE2OvGlgPh6mysLPZoKDjBr vAyQGFl/qf1ZllTr9LaUNyQN1iCbFBnoGqy6qhe+S/VF6NlY3DJNi8HYPlYf6iMq vxriyDzwf/FPqq6sRoWPhGpHWhMbQ9s0wcUWEjGoIttIxag/T8MKF/cFZcAcqfI2 po79ax2h0O+1pm83T2VX6DeRyTu8OYAwxiarh8UfYgFihYvPhY5sTGYxheiSIqaF AgMBAAGjggG7MIIBtzALBgNVHQ8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwIG CCsGAQUFBwMBMAkGA1UdEwQCMAAwHQYDVR0OBBYEFM+3/yBVZlKI9bLH6kE9yMuZ euVxMB8GA1UdIwQYMBaAFNeRTgHEsL/4yGeTRJznM/qtkwyvMG8GCCsGAQUFBwEB BGMwYTAkBggrBgEFBQcwAYYYaHR0cDovL29jc3Auc3RhcnRzc2wuY29tMDkGCCsG AQUFBzAChi1odHRwOi8vYWlhLnN0YXJ0c3NsLmNvbS9jZXJ0cy9zY2Euc2VydmVy MS5jcnQwOAYDVR0fBDEwLzAtoCugKYYnaHR0cDovL2NybC5zdGFydHNzbC5jb20v c2NhLXNlcnZlcjEuY3JsMBwGA1UdEQQVMBOCCm1haWwuZGEubHaCBWRhLmx2MCMG A1UdEgQcMBqGGGh0dHA6Ly93d3cuc3RhcnRzc2wuY29tLzBQBgNVHSAESTBHMAgG BmeBDAECATA7BgsrBgEEAYG1NwECBDAsMCoGCCsGAQUFBwIBFh5odHRwOi8vd3d3 LnN0YXJ0c3NsLmNvbS9wb2xpY3kwDQYJKoZIhvcNAQELBQADggEBANAl5h/zt3V0 fwc2n7m9yd8fLbT/ys6ke8OalDs/IHYUFD7vLd4Ap5FCGQbjr2q9sY8OtHIGfrZ9 Y2AXNmeJQN/sR7qT0N9KKdEOb5GV2nEZCQfB/sCibjxcyFxrx49N4cp457yxPMy9 EfVt8gORbFbBIrOLFbmr8UG/Xt2EgqwcD3n7zXFf34WofeftvjR+0kylxEGzI/Dz zDnKiSFaneU892nsY1j7kqKIeDhcV/srgiN+9n5h7ZjfscsYgqjUFzXb38dY5FqV ujMBEIvGrcA+SO9xevHm4lKqs3ulH3vJBNM1EMryWGfJETvhW2fH6nXIeKB+v3kP dAKycuhhXJI= -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA2MCsfQPy0yMtJ3QJKLUa qRebO0SQ+Ac+D1RPwV2QlqSajy1X+RaN2hK3rH4lVfwmYpmUANXJJnGZOunWWjbG HqsjqytwAVk83W6clVS7RidBaWgkm59OQH6w6jynfeVu+Wdhpgjfss9400+L4qMt 7oTkLEwMYAJqXYPH4vGQd4Pp7f+gxfxiZ9qJcp87XlQu9HFTLZ0JAwUYzLsn09e+ r5mKzeST40ZR3jCdaUstgzJTH/Gm36LcB091DfrC1vc+ckHjN9yqrOFQOgLw7yrl 9VsZL3tS8SUKmio8AFj81cyyhM24UAK4Yfh+2cNGapHJbzNKLY5PrVRBWrjeQ4yB s0sM4F6PJdh2nUGm7na/kRcfMMua+/dpjIGd6FqS+hD6MEKhZElHNzZfUbUYspls UnikvtzeWczDe06IwSVl7nGADzh1LDlQVKVXH0W6lXpw0ag3pwxXTVesyulFicr8 MTY68aWA+HqbKws9mgoOMGu8DJAYWX+p/VmWVOv0tpQ3JA3WIJsUGegarLqqF75L 9UXo2VjcMk2Lwdg+Vh/qIyq/GuLIPPB/8U+qrqxGhY+EakdaExtD2zTBxRYSMagi 20jFqD9PwwoX9wVlwByp8jamjv1rHaHQ77WmbzdPZVfoN5HJO7w5gDDGJquHxR9i AWKFi8+FjmxMZjGF6JIipoUCAwEAAQ== -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 134685444821504303759521240583026666633 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'IL' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'StartCom Ltd.' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'StartCom Certification Authority' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'StartCom Class 1 DV Server CA' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2016-01-28 20:16:12 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2017-01-28 20:16:12 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'mail.da.lv' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 884273589216494885043666984555649016847918324315341891935308582916825708137152078572194317456527119059529248759621647672043010292240937298227152035791083048410731945326211484090545825095527228766721298682725571253500006735452591904888562356233919003813367173259544392751993397216109575425809726840641467212561256923325740328181551708342143527675574920260088479699414860862189713165467488685548306422128842683327330298943561161115126264923747983830246560484502580392928626620517866627849658132692616589808523615497839415248098352919465677162149971760550892700299618518327905463357754216223584272030530941359665737508382253967740858227827713307967910799747356862049239149714171858788195080173506244556890644435602889924769608720243624269727483006308606437386517088141681166591157099627482184938409829170614858002819018731908863054883126786472725419444325888185438516671201930920550574711155699690071282052020603196916007010959031497258219334480202909837457350823813785000901460323930017205546955303407884212366913367154408001925386032217409628959867114353198874537151152817837057041525335832751710248611615682772788811273208160983486335168201431275848577668319854658337621315162541669097367253783474245887863303717026834056052916528773 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) cfb7ff2055665288f5b2c7ea413dc8cb997ae571 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName d7914e01c4b0bff8c86793449ce733faad930caf . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (99 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.startssl.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://aia.startssl.com/certs/sca.server1.crt' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (49 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.startssl.com/sca-server1.crl' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (21 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mail.da.lv' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'da.lv' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.18 (issuerAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (28 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://www.startssl.com/' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (73 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.23223.1.2.4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.startssl.com/policy' . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 00d025e61ff3b775747f07369fb9bdc9df1f2db4ffcacea47bc39a943b3f207614143eef2dde00a791421906e3af6abdb18f0eb472067eb67d63601736678940dfec47ba93d0df4a29d10e6f9195da71190907c1fec0a26e3c5cc85c6bc78f4de1ca78e7bcb13cccbd11f56df203916c56c122b38b15b9abf141bf5edd8482ac1c0f79fbcd715fdf85a87de7edbe347ed24ca5c441b323f0f3cc39ca89215a9de53cf769ec6358fb92a28878385c57fb2b82237ef67e61ed98dfb1cb1882a8d41735dbdfc758e45a95ba3301108bc6adc03e48ef717af1e6e252aab37ba51f7bc904d33510caf25867c9113be15b67c7ea75c878a07ebf790f7402b272e8615c92