guru.opthb.com
Issued by R3
About this certificate
This digital certificate with serial number 04:f5:5f:90:dc:06:fd:ad:f3:08:83:1e:c6:1f:74:41:25:fb was issued on by Let's Encrypt.
With 3 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
- Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
- Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)
Certificate Subject
CN=guru.opthb.com
Let's Encrypt
Organization:
Let's Encrypt
Country:
US
This certificate has expire since
Certificate Details
Serial Number (hex): 04:f5:5f:90:dc:06:fd:ad:f3:08:83:1e:c6:1f:74:41:25:fbSerial Number (int): 431945352435702097935923497317123171100155
Serial Number lenght: 139 bits, 18 octets
SubjectKeyId: 8a:ef:95:18:1b:f5:ba:96:8e:a4:61:2f:15:43:88:c1:40:a9:96:d8
AuthorityKeyId: 14:2e:b3:17:b7:58:56:cb:ae:50:09:40:e6:1f:af:9d:8b:14:c2:c6
Fingerprint (sha1): 9a:42:22:8f:f7:dc:35:df:8f:c2:6b:b5:a6:8f:59:20:7f:9e:a6:1f
Fingerprint (sha256): ad:9b:2f:d4:a7:25:c1:4d:5c:89:4f:e9:66:52:72:8a:36:4e:8f:1e:da:6e:2f:aa:ee:29:a3:b1:c6:05:ef:9f
Issuing Certificate URL: http://r3.i.lencr.org/
Revocation information
OCSP Server: http://r3.o.lencr.orgCheck the revocation status for certificate guru.opthb.com
3
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for guru.opthb.com
Public Key Algorithm
RSA
Key Size
4096
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
9 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
guru.opthb.com
rdc2.apicit.net
rtb.opthb.com
rdc2.apicit.net
rtb.opthb.com
Other certificates including the domain name opthb.com
(limited to 100 certificates)
Certificate
The complete raw certificate details for guru.opthb.com in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIGCjCCBPKgAwIBAgISBPVfkNwG/a3zCIMexh90QSX7MA0GCSqGSIb3DQEBCwUA MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD EwJSMzAeFw0yMzA5MjgwMDQ5NTNaFw0yMzEyMjcwMDQ5NTJaMBkxFzAVBgNVBAMT Dmd1cnUub3B0aGIuY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA y8arpU9e2jC3XFjwtdJd9tvdUUp3ckgpHVwwKmyo/SErdbijxfjRWPgyTKVUTHYB 8gksdOEROnGjB/9+itc/S7yqQ6ePgEynYl3T+gnuCiB2f4M9BLhdpgot0G6HwEuD pigPIKuq32avhonyt/umFPUlFvFNOP4lRDf5p67Cy9/GKRT/u8iS2GLlrecByl4p /0bArURA8RSqn0JJdmtkh5OCSUqEyP24qGIcG/zllnikGcITDB7XybPhvu58chd5 rwzEggGX1/SLUsAUlzJvwiCaq+aPCm2Y+1/oMG7COZcJtWnN8cbOgzaOvzGkwwTA IpCTbFE5ilZ4EInDKQOAQ53J0oSsfYVwJ1KZE3/ZKuWLZsrhyxtI66ihmO28lPeo gA0TKBBelwaseHjzcL8zTXdO/kW6q5WBDK4wFaZgS8G2qqDehtmseG8H7S2bv/kt Wm/Lvrs8AsWnfWM3V07bSstUEYP3dEk49z1qkW3FLiK6oD5vZ26nh7O6AeLWqGcf RI50/jFrHL+l9TLEozb5pM6a856gGpCQPTEzRSwnauJMd+rUrmVsWWJqYvK+O+0p b2oXltEHrxADb1s/tcPbVp8LRPxihqqVzyx/R2BabSh1WTQi0GkbebaM0XA52kds zDdOqpZ6NlHAL2cbCpFwZ1tsTBOxg6T9EGej29t8vdcCAwEAAaOCAjEwggItMA4G A1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYD VR0TAQH/BAIwADAdBgNVHQ4EFgQUiu+VGBv1upaOpGEvFUOIwUCpltgwHwYDVR0j BBgwFoAUFC6zF7dYVsuuUAlA5h+vnYsUwsYwVQYIKwYBBQUHAQEESTBHMCEGCCsG AQUFBzABhhVodHRwOi8vcjMuby5sZW5jci5vcmcwIgYIKwYBBQUHMAKGFmh0dHA6 Ly9yMy5pLmxlbmNyLm9yZy8wOQYDVR0RBDIwMIIOZ3VydS5vcHRoYi5jb22CD3Jk YzIuYXBpY2l0Lm5ldIINcnRiLm9wdGhiLmNvbTATBgNVHSAEDDAKMAgGBmeBDAEC ATCCAQUGCisGAQQB1nkCBAIEgfYEgfMA8QB2ALc++yTfnE26dfI5xbpY9Gxd/ELP ep81xJ4dCYEl7bSZAAABitl6bcEAAAQDAEcwRQIhAMaBlH8DfTTa81k4hRRz9Q7o qHOg0cwp41k7hg9IsSV5AiAhmP6oThZ6kO4Fr9o0PaDvKaixDx4EKoI4FdKwZZ/b /QB3AOg+0No+9QY1MudXKLyJa8kD08vREWvs62nhd31tBr1uAAABitl6bcsAAAQD AEgwRgIhAOn1/onwdjKOg4+mm3sT4AIlpg3akZXDwD9vk0jm0t85AiEAlwg/hZM7 1mvbCIMYng4Medg8xWEcxWNWBy6U9UHlzvMwDQYJKoZIhvcNAQELBQADggEBABrh yf2sVuTmYK/GBIOVQyumV30FooAo7dR8ov8rDneRUK9LiZJ5UDmBDXySVvReYA9W wLVIJqK7R4p2+VOWDXr2+vQjlPQQoZ6Riz/nM3Y4oCsvjuhjMWTLQIUnh9RK3onG dlFLdVFy5ecWF11RJFheCCbWlK3ZKhGiT9W2KwyI5cQFLSj4Ho13vom3krW9ZAC1 eBr/YM21AZi+xrqlTrkbYWVOiAnZfpUerlYeGmkKx6jGOYmWuU0K3ocDwWEt8aHO hnOqC+R1hThYCscFt3ugzTEy8VcIX7XTDmbqMcWiaiUYuJJzLoea3lpJYrVvCalm 86svQ+9NP/+r/hV2awc= -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAy8arpU9e2jC3XFjwtdJd 9tvdUUp3ckgpHVwwKmyo/SErdbijxfjRWPgyTKVUTHYB8gksdOEROnGjB/9+itc/ S7yqQ6ePgEynYl3T+gnuCiB2f4M9BLhdpgot0G6HwEuDpigPIKuq32avhonyt/um FPUlFvFNOP4lRDf5p67Cy9/GKRT/u8iS2GLlrecByl4p/0bArURA8RSqn0JJdmtk h5OCSUqEyP24qGIcG/zllnikGcITDB7XybPhvu58chd5rwzEggGX1/SLUsAUlzJv wiCaq+aPCm2Y+1/oMG7COZcJtWnN8cbOgzaOvzGkwwTAIpCTbFE5ilZ4EInDKQOA Q53J0oSsfYVwJ1KZE3/ZKuWLZsrhyxtI66ihmO28lPeogA0TKBBelwaseHjzcL8z TXdO/kW6q5WBDK4wFaZgS8G2qqDehtmseG8H7S2bv/ktWm/Lvrs8AsWnfWM3V07b SstUEYP3dEk49z1qkW3FLiK6oD5vZ26nh7O6AeLWqGcfRI50/jFrHL+l9TLEozb5 pM6a856gGpCQPTEzRSwnauJMd+rUrmVsWWJqYvK+O+0pb2oXltEHrxADb1s/tcPb Vp8LRPxihqqVzyx/R2BabSh1WTQi0GkbebaM0XA52kdszDdOqpZ6NlHAL2cbCpFw Z1tsTBOxg6T9EGej29t8vdcCAwEAAQ== -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 431945352435702097935923497317123171100155 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'R3' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-09-28 00:49:53 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-12-27 00:49:52 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'guru.opthb.com' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 831333780537919379990286704464953989206776077085551975540900587122454492432482562735015667858325467409624173970181268190102953604830389454587412576634141403365333189795614203794894090364782922213014793353878155409143089929877850508746518723619918429435831131826231976004324976306391720310128032694484613434312938414035096554982066987223235473750599156818821634688556031525857306639144188332249946972131130606955628212301935425046424748288230083879189606381205957511845447717762137542859640870269873521601462052007110800122686411817923235281777083918755683626686217675870358834772391981438020575722436196489695033169930573970596183414467287388387181384270787205129859382819695291590012153660569103728955338819971417857077496151323754611788762135438735795931829853835753235595319111077657780379250834548397197814366399189873893242508168145966153683822409448183594984081918296668833248502947079332794615493441330066016181081527184374825249523534539690556958522692904963210263989027533981464091344507431021205145036937321342232142676423510483201230295449662135820250753516170964176633714957432094661379598392935304124348425759171911922393510428786705000730334295543272297860086444206662568475766669231660850236668485250819293208754568663 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) 8aef95181bf5ba968ea4612f154388c140a996d8 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 142eb317b75856cbae500940e61faf9d8b14c2c6 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (73 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.o.lencr.org' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.i.lencr.org/' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (50 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'guru.opthb.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'rdc2.apicit.net' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'rtb.opthb.com' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (246 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (243 bytes) 00f1007600b73efb24df9c4dba75f239c5ba58f46c5dfc42cf7a9f35c49e1d098125edb4990000018ad97a6dc10000040300473045022100c681947f037d34daf35938851473f50ee8a873a0d1cc29e3593b860f48b1257902202198fea84e167a90ee05afda343da0ef29a8b10f1e042a823815d2b0659fdbfd007700e83ed0da3ef5063532e75728bc896bc903d3cbd1116beceb69e1777d6d06bd6e0000018ad97a6dcb0000040300483046022100e9f5fe89f076328e838fa69b7b13e00225a60dda9195c3c03f6f9348e6d2df3902210097083f85933bd66bdb0883189e0e0c79d83cc5611cc56356072e94f541e5cef3 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 001ae1c9fdac56e4e660afc6048395432ba6577d05a28028edd47ca2ff2b0e779150af4b8992795039810d7c9256f45e600f56c0b54826a2bb478a76f953960d7af6faf42394f410a19e918b3fe7337638a02b2f8ee8633164cb40852787d44ade89c676514b755172e5e716175d5124585e0826d694add92a11a24fd5b62b0c88e5c4052d28f81e8d77be89b792b5bd6400b5781aff60cdb50198bec6baa54eb91b61654e8809d97e951eae561e1a690ac7a8c6398996b94d0ade8703c1612df1a1ce8673aa0be4758538580ac705b77ba0cd3132f157085fb5d30e66ea31c5a26a2518b892732e879ade5a4962b56f09a966f3ab2f43ef4d3fffabfe15766b07