guru.opthb.com

Issued by R3

About this certificate

This digital certificate with serial number 04:f5:5f:90:dc:06:fd:ad:f3:08:83:1e:c6:1f:74:41:25:fb was issued on by Let's Encrypt.

With 3 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Certificate Subject

CN=guru.opthb.com

Let's Encrypt

Organization: Let's Encrypt
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 04:f5:5f:90:dc:06:fd:ad:f3:08:83:1e:c6:1f:74:41:25:fb
Serial Number (int): 431945352435702097935923497317123171100155
Serial Number lenght: 139 bits, 18 octets

SubjectKeyId: 8a:ef:95:18:1b:f5:ba:96:8e:a4:61:2f:15:43:88:c1:40:a9:96:d8
AuthorityKeyId: 14:2e:b3:17:b7:58:56:cb:ae:50:09:40:e6:1f:af:9d:8b:14:c2:c6

Fingerprint (sha1): 9a:42:22:8f:f7:dc:35:df:8f:c2:6b:b5:a6:8f:59:20:7f:9e:a6:1f
Fingerprint (sha256): ad:9b:2f:d4:a7:25:c1:4d:5c:89:4f:e9:66:52:72:8a:36:4e:8f:1e:da:6e:2f:aa:ee:29:a3:b1:c6:05:ef:9f

Issuing Certificate URL: http://r3.i.lencr.org/

Revocation information

OCSP Server: http://r3.o.lencr.org

Check the revocation status for certificate guru.opthb.com

3

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for guru.opthb.com

Public Key Algorithm

RSA

Key Size

4096

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

guru.opthb.com
rdc2.apicit.net
rtb.opthb.com

Other certificates including the domain name opthb.com

(limited to 100 certificates)
*.opthb.com
*.opthb.com
guru.opthb.com
*.opthb.com
guru.opthb.com

Certificate

The complete raw certificate details for guru.opthb.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIGCjCCBPKgAwIBAgISBPVfkNwG/a3zCIMexh90QSX7MA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMzA5MjgwMDQ5NTNaFw0yMzEyMjcwMDQ5NTJaMBkxFzAVBgNVBAMT
Dmd1cnUub3B0aGIuY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA
y8arpU9e2jC3XFjwtdJd9tvdUUp3ckgpHVwwKmyo/SErdbijxfjRWPgyTKVUTHYB
8gksdOEROnGjB/9+itc/S7yqQ6ePgEynYl3T+gnuCiB2f4M9BLhdpgot0G6HwEuD
pigPIKuq32avhonyt/umFPUlFvFNOP4lRDf5p67Cy9/GKRT/u8iS2GLlrecByl4p
/0bArURA8RSqn0JJdmtkh5OCSUqEyP24qGIcG/zllnikGcITDB7XybPhvu58chd5
rwzEggGX1/SLUsAUlzJvwiCaq+aPCm2Y+1/oMG7COZcJtWnN8cbOgzaOvzGkwwTA
IpCTbFE5ilZ4EInDKQOAQ53J0oSsfYVwJ1KZE3/ZKuWLZsrhyxtI66ihmO28lPeo
gA0TKBBelwaseHjzcL8zTXdO/kW6q5WBDK4wFaZgS8G2qqDehtmseG8H7S2bv/kt
Wm/Lvrs8AsWnfWM3V07bSstUEYP3dEk49z1qkW3FLiK6oD5vZ26nh7O6AeLWqGcf
RI50/jFrHL+l9TLEozb5pM6a856gGpCQPTEzRSwnauJMd+rUrmVsWWJqYvK+O+0p
b2oXltEHrxADb1s/tcPbVp8LRPxihqqVzyx/R2BabSh1WTQi0GkbebaM0XA52kds
zDdOqpZ6NlHAL2cbCpFwZ1tsTBOxg6T9EGej29t8vdcCAwEAAaOCAjEwggItMA4G
A1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYD
VR0TAQH/BAIwADAdBgNVHQ4EFgQUiu+VGBv1upaOpGEvFUOIwUCpltgwHwYDVR0j
BBgwFoAUFC6zF7dYVsuuUAlA5h+vnYsUwsYwVQYIKwYBBQUHAQEESTBHMCEGCCsG
AQUFBzABhhVodHRwOi8vcjMuby5sZW5jci5vcmcwIgYIKwYBBQUHMAKGFmh0dHA6
Ly9yMy5pLmxlbmNyLm9yZy8wOQYDVR0RBDIwMIIOZ3VydS5vcHRoYi5jb22CD3Jk
YzIuYXBpY2l0Lm5ldIINcnRiLm9wdGhiLmNvbTATBgNVHSAEDDAKMAgGBmeBDAEC
ATCCAQUGCisGAQQB1nkCBAIEgfYEgfMA8QB2ALc++yTfnE26dfI5xbpY9Gxd/ELP
ep81xJ4dCYEl7bSZAAABitl6bcEAAAQDAEcwRQIhAMaBlH8DfTTa81k4hRRz9Q7o
qHOg0cwp41k7hg9IsSV5AiAhmP6oThZ6kO4Fr9o0PaDvKaixDx4EKoI4FdKwZZ/b
/QB3AOg+0No+9QY1MudXKLyJa8kD08vREWvs62nhd31tBr1uAAABitl6bcsAAAQD
AEgwRgIhAOn1/onwdjKOg4+mm3sT4AIlpg3akZXDwD9vk0jm0t85AiEAlwg/hZM7
1mvbCIMYng4Medg8xWEcxWNWBy6U9UHlzvMwDQYJKoZIhvcNAQELBQADggEBABrh
yf2sVuTmYK/GBIOVQyumV30FooAo7dR8ov8rDneRUK9LiZJ5UDmBDXySVvReYA9W
wLVIJqK7R4p2+VOWDXr2+vQjlPQQoZ6Riz/nM3Y4oCsvjuhjMWTLQIUnh9RK3onG
dlFLdVFy5ecWF11RJFheCCbWlK3ZKhGiT9W2KwyI5cQFLSj4Ho13vom3krW9ZAC1
eBr/YM21AZi+xrqlTrkbYWVOiAnZfpUerlYeGmkKx6jGOYmWuU0K3ocDwWEt8aHO
hnOqC+R1hThYCscFt3ugzTEy8VcIX7XTDmbqMcWiaiUYuJJzLoea3lpJYrVvCalm
86svQ+9NP/+r/hV2awc=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAy8arpU9e2jC3XFjwtdJd
9tvdUUp3ckgpHVwwKmyo/SErdbijxfjRWPgyTKVUTHYB8gksdOEROnGjB/9+itc/
S7yqQ6ePgEynYl3T+gnuCiB2f4M9BLhdpgot0G6HwEuDpigPIKuq32avhonyt/um
FPUlFvFNOP4lRDf5p67Cy9/GKRT/u8iS2GLlrecByl4p/0bArURA8RSqn0JJdmtk
h5OCSUqEyP24qGIcG/zllnikGcITDB7XybPhvu58chd5rwzEggGX1/SLUsAUlzJv
wiCaq+aPCm2Y+1/oMG7COZcJtWnN8cbOgzaOvzGkwwTAIpCTbFE5ilZ4EInDKQOA
Q53J0oSsfYVwJ1KZE3/ZKuWLZsrhyxtI66ihmO28lPeogA0TKBBelwaseHjzcL8z
TXdO/kW6q5WBDK4wFaZgS8G2qqDehtmseG8H7S2bv/ktWm/Lvrs8AsWnfWM3V07b
SstUEYP3dEk49z1qkW3FLiK6oD5vZ26nh7O6AeLWqGcfRI50/jFrHL+l9TLEozb5
pM6a856gGpCQPTEzRSwnauJMd+rUrmVsWWJqYvK+O+0pb2oXltEHrxADb1s/tcPb
Vp8LRPxihqqVzyx/R2BabSh1WTQi0GkbebaM0XA52kdszDdOqpZ6NlHAL2cbCpFw
Z1tsTBOxg6T9EGej29t8vdcCAwEAAQ==
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 431945352435702097935923497317123171100155
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'R3'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-09-28 00:49:53 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-12-27 00:49:52 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'guru.opthb.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 831333780537919379990286704464953989206776077085551975540900587122454492432482562735015667858325467409624173970181268190102953604830389454587412576634141403365333189795614203794894090364782922213014793353878155409143089929877850508746518723619918429435831131826231976004324976306391720310128032694484613434312938414035096554982066987223235473750599156818821634688556031525857306639144188332249946972131130606955628212301935425046424748288230083879189606381205957511845447717762137542859640870269873521601462052007110800122686411817923235281777083918755683626686217675870358834772391981438020575722436196489695033169930573970596183414467287388387181384270787205129859382819695291590012153660569103728955338819971417857077496151323754611788762135438735795931829853835753235595319111077657780379250834548397197814366399189873893242508168145966153683822409448183594984081918296668833248502947079332794615493441330066016181081527184374825249523534539690556958522692904963210263989027533981464091344507431021205145036937321342232142676423510483201230295449662135820250753516170964176633714957432094661379598392935304124348425759171911922393510428786705000730334295543272297860086444206662568475766669231660850236668485250819293208754568663
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							8aef95181bf5ba968ea4612f154388c140a996d8
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 142eb317b75856cbae500940e61faf9d8b14c2c6
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (73 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.o.lencr.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.i.lencr.org/'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (50 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'guru.opthb.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'rdc2.apicit.net'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'rtb.opthb.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (246 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (243 bytes)
							00f1007600b73efb24df9c4dba75f239c5ba58f46c5dfc42cf7a9f35c49e1d098125edb4990000018ad97a6dc10000040300473045022100c681947f037d34daf35938851473f50ee8a873a0d1cc29e3593b860f48b1257902202198fea84e167a90ee05afda343da0ef29a8b10f1e042a823815d2b0659fdbfd007700e83ed0da3ef5063532e75728bc896bc903d3cbd1116beceb69e1777d6d06bd6e0000018ad97a6dcb0000040300483046022100e9f5fe89f076328e838fa69b7b13e00225a60dda9195c3c03f6f9348e6d2df3902210097083f85933bd66bdb0883189e0e0c79d83cc5611cc56356072e94f541e5cef3
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		001ae1c9fdac56e4e660afc6048395432ba6577d05a28028edd47ca2ff2b0e779150af4b8992795039810d7c9256f45e600f56c0b54826a2bb478a76f953960d7af6faf42394f410a19e918b3fe7337638a02b2f8ee8633164cb40852787d44ade89c676514b755172e5e716175d5124585e0826d694add92a11a24fd5b62b0c88e5c4052d28f81e8d77be89b792b5bd6400b5781aff60cdb50198bec6baa54eb91b61654e8809d97e951eae561e1a690ac7a8c6398996b94d0ade8703c1612df1a1ce8673aa0be4758538580ac705b77ba0cd3132f157085fb5d30e66ea31c5a26a2518b892732e879ade5a4962b56f09a966f3ab2f43ef4d3fffabfe15766b07