www.lafa-collectivites.fr

Issued by Gandi RSA Domain Validation Secure Server CA 3

About this certificate

This digital certificate with serial number fe:e4:3b:16:36:17:8b:91:9e:69:52:47:bc:99:9d:b1 was issued on by Gandi.

This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Certificate Subject

CN=www.lafa-collectivites.fr

Gandi

Organization: Gandi
Country: FR

This certificate will expire on

Certificate Details

Serial Number (hex): fe:e4:3b:16:36:17:8b:91:9e:69:52:47:bc:99:9d:b1
Serial Number (int): 338808953035041418098579911369396166065
Serial Number lenght: 128 bits, 16 octets

SubjectKeyId: 24:1d:99:98:e8:04:d1:8a:db:1d:5a:bb:81:01:57:1c:ce:f3:4d:38
AuthorityKeyId: 81:11:92:de:66:32:a5:b0:5b:33:3d:65:43:85:fc:d4:04:2d:f1:ae

Fingerprint (sha1): f4:68:55:ea:c9:20:01:b1:29:1e:78:32:16:bf:18:61:70:a0:c4:9b
Fingerprint (sha256): b9:37:62:02:da:0f:8a:c1:ef:3a:3f:03:d9:97:8f:4f:58:99:6e:e1:0c:e1:12:31:70:b9:2c:fc:d5:0e:10:36

Issuing Certificate URL: http://crt.sectigo.com/GandiRSADomainValidationSecureServerCA3.crt

Revocation information

OCSP Server: http://ocsp.sectigo.com

Check the revocation status for certificate www.lafa-collectivites.fr

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for www.lafa-collectivites.fr

Public Key Algorithm

ECDSA

Key Size

256

Signature Algorithm

SHA384 with RSA

Key Usage

Digital Signature

Extended Key Usages

Server Authentication
Client Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

www.lafa-collectivites.fr

Other certificates including the domain name lafa-collectivites.fr

(limited to 100 certificates)

Certificate

The complete raw certificate details for www.lafa-collectivites.fr in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIFuDCCBCCgAwIBAgIRAP7kOxY2F4uRnmlSR7yZnbEwDQYJKoZIhvcNAQEMBQAw
VjELMAkGA1UEBhMCRlIxDjAMBgNVBAoTBUdhbmRpMTcwNQYDVQQDEy5HYW5kaSBS
U0EgRG9tYWluIFZhbGlkYXRpb24gU2VjdXJlIFNlcnZlciBDQSAzMB4XDTIzMTIy
MzAwMDAwMFoXDTI1MDEyMjIzNTk1OVowJDEiMCAGA1UEAxMZd3d3LmxhZmEtY29s
bGVjdGl2aXRlcy5mcjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABKIlC+pPNhEc
etzqUbMATLjjgWB18KP4tUvYjOjq5OczM1tVldsV4x/1407Fv8j0VvR/2+ae6U2Y
A55kXBV4rKejggL8MIIC+DAfBgNVHSMEGDAWgBSBEZLeZjKlsFszPWVDhfzUBC3x
rjAdBgNVHQ4EFgQUJB2ZmOgE0YrbHVq7gQFXHM7zTTgwDgYDVR0PAQH/BAQDAgeA
MAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMEkG
A1UdIARCMEAwNAYLKwYBBAGyMQECAhowJTAjBggrBgEFBQcCARYXaHR0cHM6Ly9z
ZWN0aWdvLmNvbS9DUFMwCAYGZ4EMAQIBMIGDBggrBgEFBQcBAQR3MHUwTgYIKwYB
BQUHMAKGQmh0dHA6Ly9jcnQuc2VjdGlnby5jb20vR2FuZGlSU0FEb21haW5WYWxp
ZGF0aW9uU2VjdXJlU2VydmVyQ0EzLmNydDAjBggrBgEFBQcwAYYXaHR0cDovL29j
c3Auc2VjdGlnby5jb20wJAYDVR0RBB0wG4IZd3d3LmxhZmEtY29sbGVjdGl2aXRl
cy5mcjCCAYAGCisGAQQB1nkCBAIEggFwBIIBbAFqAHcAzxFW7tUufK/zh1vZaS6b
6RpxZ0qwF+ysAdJbd87MOwgAAAGMlCKWywAABAMASDBGAiEA221zPs/m1tfiblRK
PzgpcDON2mXuqAfWhGy9T5h+06ACIQCYd/uf+3KTY+cD+fi8n+WCkBrgAVcoqvCN
yKJQSBUcCQB2AKLjCuRF772tm3447Udnd1PXgluElNcrXhssxLlQpEfnAAABjJQi
lnIAAAQDAEcwRQIgZaFLWofTFXtsgYrGeMBGjcC9IRtf1NHXfmuBK61Mqy4CIQCW
T6Du5gOrfx+YWQ9T4SaZKeN7+JHjpViYn7x4eVz1AAB3AE51oydcmhDDOFts1N8/
Uusd8OCOG41pwLH6ZLFimjnfAAABjJQilnAAAAQDAEgwRgIhAM8QLXi8P442zuQS
aJRaJlM3G3vEnW0q2692v4sTLr2SAiEA1FYf6K4oFyU0oHkRsPaC/Jrm/Tnww9Mp
gwJkClmc6PgwDQYJKoZIhvcNAQEMBQADggGBABUFy8IRDKxgqZNKbMSHN8VQuEbI
jfy7Glyskcdpy8opYCmk8xr/1JaDPRYSHRScE2qPFhWels97yNm8BSWyUmdLUukZ
f0di6GEysugany5b/HdnrClooNgvsk1wrc4j/qChaMSZZBBpgp4w2anoPIPPQQz/
fSXINz6FmTb45VY9dvLv10LaCJPvYUuAPgF/hpHE+8+0LKVIqZXGbnkPBnwK/H67
P8jaEPzu+jsQEVr9B/Cl+FELiNXek8ktVPSmZIExjOvmIJaIsk+nlmaFdhpuzV2x
zb5rq16jxZVKU3+hfJYlrPzLLhOaBTQYvJs7M2AWlKiMjYyU1apjEd44LTLe2rHH
LaDVKXUCPwfQaHBfBjA+2iICqbUM0QXlSQ/qadQaJBbZYFWcEoE4sPPwMVjGvJTt
zmCu1kEFTI9+G7qmjp4PaKocFdmiNo69na1KcyW1niueB9EmGO4/u/JRrRWXbXMw
gh5GimTi5IbNkoR9EbTFWhYbwtAEFQ8gM31DDw==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEoiUL6k82ERx63OpRswBMuOOBYHXw
o/i1S9iM6Ork5zMzW1WV2xXjH/XjTsW/yPRW9H/b5p7pTZgDnmRcFXispw==
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 338808953035041418098579911369396166065
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.12 (sha384WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'FR'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Gandi'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Gandi RSA Domain Validation Secure Server CA 3'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-12-23 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-01-22 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.lafa-collectivites.fr'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.10045.2.1 (ecPublicKey)
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.10045.3.1.7 (prime256v1)
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (520 bits)
				0004a2250bea4f36111c7adcea51b3004cb8e3816075f0a3f8b54bd88ce8eae4e733335b5595db15e31ff5e34ec5bfc8f456f47fdbe69ee94d98039e645c1578aca7
 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 811192de6632a5b05b333d654385fcd4042df1ae
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							241d9998e804d18adb1d5abb8101571ccef34d38
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (1 bits)
							0780
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (66 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.6449.1.2.2.26
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://sectigo.com/CPS'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (119 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.sectigo.com/GandiRSADomainValidationSecureServerCA3.crt'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.sectigo.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (29 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.lafa-collectivites.fr'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (368 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (364 bytes)
							016a007700cf1156eed52e7caff3875bd9692e9be91a71674ab017ecac01d25b77cecc3b080000018c942296cb0000040300483046022100db6d733ecfe6d6d7e26e544a3f382970338dda65eea807d6846cbd4f987ed3a00221009877fb9ffb729363e703f9f8bc9fe582901ae0015728aaf08dc8a25048151c09007600a2e30ae445efbdad9b7e38ed47677753d7825b8494d72b5e1b2cc4b950a447e70000018c942296720000040300473045022065a14b5a87d3157b6c818ac678c0468dc0bd211b5fd4d1d77e6b812bad4cab2e022100964fa0eee603ab7f1f98590f53e1269929e37bf891e3a558989fbc78795cf5000077004e75a3275c9a10c3385b6cd4df3f52eb1df0e08e1b8d69c0b1fa64b1629a39df0000018c942296700000040300483046022100cf102d78bc3f8e36cee41268945a2653371b7bc49d6d2adbaf76bf8b132ebd92022100d4561fe8ae28172534a07911b0f682fc9ae6fd39f0c3d3298302640a599ce8f8
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.12 (sha384WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (3072 bits)
		001505cbc2110cac60a9934a6cc48737c550b846c88dfcbb1a5cac91c769cbca296029a4f31affd496833d16121d149c136a8f16159e96cf7bc8d9bc0525b252674b52e9197f4762e86132b2e81a9f2e5bfc7767ac2968a0d82fb24d70adce23fea0a168c499641069829e30d9a9e83c83cf410cff7d25c8373e859936f8e5563d76f2efd742da0893ef614b803e017f8691c4fbcfb42ca548a995c66e790f067c0afc7ebb3fc8da10fceefa3b10115afd07f0a5f8510b88d5de93c92d54f4a66481318cebe6209688b24fa7966685761a6ecd5db1cdbe6bab5ea3c5954a537fa17c9625acfccb2e139a053418bc9b3b33601694a88c8d8c94d5aa6311de382d32dedab1c72da0d52975023f07d068705f06303eda2202a9b50cd105e5490fea69d41a2416d960559c128138b0f3f03158c6bc94edce60aed641054c8f7e1bbaa68e9e0f68aa1c15d9a2368ebd9dad4a7325b59e2b9e07d12618ee3fbbf251ad15976d7330821e468a64e2e486cd92847d11b4c55a161bc2d004150f20337d430f