akha.fi
Issued by R3
About this certificate
This digital certificate with serial number 03:98:09:86:6a:a1:1f:26:63:ec:7f:b3:0f:76:b9:e3:78:31 was issued on by Let's Encrypt.
With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
- Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
- Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)
Certificate Subject
CN=akha.fi
Let's Encrypt
Organization:
Let's Encrypt
Country:
US
This certificate has expire since
Certificate Details
Serial Number (hex): 03:98:09:86:6a:a1:1f:26:63:ec:7f:b3:0f:76:b9:e3:78:31Serial Number (int): 313072438549705286894299141652242290145329
Serial Number lenght: 138 bits, 18 octets
SubjectKeyId: 8e:9b:72:3a:0f:3a:b8:14:3a:c5:be:8d:6e:aa:67:53:dc:0c:48:2c
AuthorityKeyId: 14:2e:b3:17:b7:58:56:cb:ae:50:09:40:e6:1f:af:9d:8b:14:c2:c6
Fingerprint (sha1): 4a:6b:8d:ba:a2:b8:81:d9:fa:54:3d:51:11:46:f9:4e:bc:94:d8:37
Fingerprint (sha256): a0:4a:b9:65:4a:28:51:0c:59:92:68:78:db:6f:bd:76:f8:ed:13:68:b1:be:e8:52:d6:98:d6:7c:63:c5:82:3e
Issuing Certificate URL: http://r3.i.lencr.org/
Revocation information
OCSP Server: http://r3.o.lencr.orgCheck the revocation status for certificate akha.fi
2
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for akha.fi
Public Key Algorithm
RSA
Key Size
2048
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
9 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
*.akha.fi
akha.fi
akha.fi
Other certificates including the domain name akha.fi
(limited to 100 certificates)
Certificate
The complete raw certificate details for akha.fi in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIE5jCCA86gAwIBAgISA5gJhmqhHyZj7H+zD3a543gxMA0GCSqGSIb3DQEBCwUA MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD EwJSMzAeFw0yMzExMjEwNDA5MTVaFw0yNDAyMTkwNDA5MTRaMBIxEDAOBgNVBAMT B2FraGEuZmkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDpSzU8UWLv GmWXpsDhwGbuQXrl98tSnQZ4FG65PWdlHcOL+UQ9Jt5SMlmKIKhDB+zow4c0nPqN eF4BeLajGlyrqcsLXlUyagvUIuT70d7Otr7g/SeGHAG+J529HlOQz2WGwUI6Zuhz sLBDJIOTqykbdudUyqDneraso5bMz+iYuzBIRO91vIBcqqRF2pG4+6fVZvTfdTnj 7D/S6Qivg/ZUkjjxGznpvyO98vhqEBZJnpwJlORehoHVhTaq/R4Qczq3qBQxqqnl CEzpRM4uitbA9dVFOvm6gJ0+8CZFQS0lS1+JsUP6ABOe3SDFiVYVBERaNqFeNb3T +ek6TwYMklYrAgMBAAGjggIUMIICEDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYw FAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFI6b cjoPOrgUOsW+jW6qZ1PcDEgsMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52L FMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVu Y3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMB0GA1Ud EQQWMBSCCSouYWtoYS5maYIHYWtoYS5maTATBgNVHSAEDDAKMAgGBmeBDAECATCC AQQGCisGAQQB1nkCBAIEgfUEgfIA8AB2AEiw42vapkc0D+VqAvqdMOscUgHLVt0s gdm7v6s52IRzAAABi/BIWqEAAAQDAEcwRQIgfuq4GoJ5/sv5wLqzNv1PdzWQwYDi OeGnlpMVcZOLLVUCIQDLoRX8S2b6ksaIR6s35Gutv0RQnH/0bVEu5usORG4UsgB2 AO7N0GTV2xrOxVy3nbTNE6Iyh0Z8vOzew1FIWUZxH7WbAAABi/BIWrQAAAQDAEcw RQIgFMklIKyZPxWmj/IA29wPrqQi1DAWUYjVUuQiO96sV1wCIQCfe7WHArIGkJNQ GTKncu/ROb3oc1rjXBoPwkMEReMLOjANBgkqhkiG9w0BAQsFAAOCAQEAZL2lLLON yOy5TTrwQCIAM9PNO8bC4C/eLbe2nCnJ1BcJzTDzP4s7tUoq/Cuq/EEPcHjjOLsN ePgC1CbCfM/vH6VLZ3tOF2WZ8Z2+MKFTgYIm2w68cUiMn1RuOlvETJ95QMtWzzHk 6molNuqIGVew6+JLns0zUfiih21Tue80ODrCkCgu3TmcLIWRVlTS1IFnjr5nt4W4 RnZqH0Wceb/jNqAulXF3a4Qtvl6Trr7zNif1idXiR+dGAwZHBLKZb78LNgEt2Cef azkGW9a/Jj2loLuDL5M/AxB7YQwJcGiahvPr1yLccvlkGi/pOgN1efGqCyjYn2Q7 dzrkNLDYrythQg== -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6Us1PFFi7xpll6bA4cBm 7kF65ffLUp0GeBRuuT1nZR3Di/lEPSbeUjJZiiCoQwfs6MOHNJz6jXheAXi2oxpc q6nLC15VMmoL1CLk+9Hezra+4P0nhhwBviedvR5TkM9lhsFCOmboc7CwQySDk6sp G3bnVMqg53q2rKOWzM/omLswSETvdbyAXKqkRdqRuPun1Wb033U54+w/0ukIr4P2 VJI48Rs56b8jvfL4ahAWSZ6cCZTkXoaB1YU2qv0eEHM6t6gUMaqp5QhM6UTOLorW wPXVRTr5uoCdPvAmRUEtJUtfibFD+gATnt0gxYlWFQREWjahXjW90/npOk8GDJJW KwIDAQAB -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 313072438549705286894299141652242290145329 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'R3' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-11-21 04:09:15 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-02-19 04:09:14 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'akha.fi' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 29450611480269521659679785892549996656385870760018538254107911560562540359999278508445707159769757651138133873053404076335364564017654429521290507207108926776299190489914578170551908164496288861242639036495871918766519978946355050645263811980112824736402118018197794327742985758460981659500410609710438838698341177770946451978328488694855996043164012688806686463066879140240096271268650633716641274810749704563957351205265657320799264845527660443791543104971909702210913750887192135297451669644704384423869676743530252461872082652247681602344655432666708185088300214117083457606819872339178491371839127171623545886251 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) 8e9b723a0f3ab8143ac5be8d6eaa6753dc0c482c . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 142eb317b75856cbae500940e61faf9d8b14c2c6 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (73 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.o.lencr.org' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.i.lencr.org/' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.akha.fi' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'akha.fi' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (245 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (242 bytes) 00f000760048b0e36bdaa647340fe56a02fa9d30eb1c5201cb56dd2c81d9bbbfab39d884730000018bf0485aa1000004030047304502207eeab81a8279fecbf9c0bab336fd4f773590c180e239e1a796931571938b2d55022100cba115fc4b66fa92c68847ab37e46badbf44509c7ff46d512ee6eb0e446e14b2007600eecdd064d5db1acec55cb79db4cd13a23287467cbcecdec351485946711fb59b0000018bf0485ab40000040300473045022014c92520ac993f15a68ff200dbdc0faea422d430165188d552e4223bdeac575c0221009f7bb58702b2069093501932a772efd139bde8735ae35c1a0fc2430445e30b3a . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 0064bda52cb38dc8ecb94d3af040220033d3cd3bc6c2e02fde2db7b69c29c9d41709cd30f33f8b3bb54a2afc2baafc410f7078e338bb0d78f802d426c27ccfef1fa54b677b4e176599f19dbe30a153818226db0ebc71488c9f546e3a5bc44c9f7940cb56cf31e4ea6a2536ea881957b0ebe24b9ecd3351f8a2876d53b9ef34383ac290282edd399c2c85915654d2d481678ebe67b785b846766a1f459c79bfe336a02e9571776b842dbe5e93aebef33627f589d5e247e74603064704b2996fbf0b36012dd8279f6b39065bd6bf263da5a0bb832f933f03107b610c0970689a86f3ebd722dc72f9641a2fe93a037579f1aa0b28d89f643b773ae434b0d8af2b6142