*.zscaler.net
Issued by Amazon RSA 2048 M02
About this certificate
This digital certificate with serial number 04:bc:58:5d:38:2f:ee:87:eb:18:80:0e:ee:bd:c3:f7 was issued on by Amazon.
This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
- Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
- Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)
Certificate Subject
CN=*.zscaler.net
Amazon
Organization:
Amazon
Country:
US
This certificate will expire on
Certificate Details
Serial Number (hex): 04:bc:58:5d:38:2f:ee:87:eb:18:80:0e:ee:bd:c3:f7Serial Number (int): 6294856030197552753350680254841996279
Serial Number lenght: 123 bits, 16 octets
SubjectKeyId: 8e:e0:c2:cf:39:37:c4:59:c6:d9:fd:5e:f4:93:89:7a:1a:ea:c4:9b
AuthorityKeyId: c0:31:52:cd:5a:50:c3:82:7c:74:71:ce:cb:e9:9c:f9:7a:eb:82:e2
Fingerprint (sha1): 42:d8:bd:03:62:e7:aa:c6:ef:12:f2:af:f6:7e:60:1a:d5:61:2a:d0
Fingerprint (sha256): c9:13:03:a9:3c:13:ee:84:7e:2a:c0:ae:bc:98:4d:a5:09:3d:1c:00:be:8e:d1:6d:d5:e5:4b:8c:ea:01:26:8a
Issuing Certificate URL: http://crt.r2m02.amazontrust.com/r2m02.cer
Revocation information
OCSP Server: http://ocsp.r2m02.amazontrust.comCRL Distribution Point: http://crl.r2m02.amazontrust.com/r2m02.crl
Check the revocation status for certificate *.zscaler.net
1
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for *.zscaler.net
Public Key Algorithm
RSA
Key Size
2048
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
10 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
*.zscaler.net
Other certificates including the domain name zscaler.net
(limited to 100 certificates)
*.zscaler.net
blog.zscaler.com
*.zscaler.net
blog.zscaler.com
*.zscaler.net
*.mail.zscaler.net
*.zscaler.net
blog.zscaler.com
trust.zscaler.com
private.zscaler.com
private.zscaler.com
blog.zscaler.com
*.zscaler.net
blog.zscaler.com
trust.zscaler.com
trust.zscaler.com
*.zscaler.net
*.zscaler.net
ips.zscaler.net
*.zscaler.net
private.zscaler.com
blog.zscaler.com
*.zscaler.net
trust.zscaler.com
*.zscaler.net
private.zscaler.com
*.zscaler.net
blog.zscaler.com
*.zscaler.net
blog.zscaler.com
*.zscaler.net
trust.zscaler.com
trust.zscaler.com
trust.zscaler.com
*.zscaler.net
*.zscaler.net
trust.zscaler.com
private.zscaler.com
*.zscaler.net
trust.zscaler.com
trust.zscaler.com
ips.zscaler.net
trust.zscaler.com
blog.zscaler.com
*.zscaler.net
trust.zscaler.com
trust.zscaler.com
blog.zscaler.com
private.zscaler.com
*.zscaler.net
trust.zscaler.com
pac.zscaler.net
blog.zscaler.com
*.zscaler.net
*.zscaler.net
trust.zscaler.com
*.zscaler.net
blog.zscaler.com
*.zscaler.net
trust.zscaler.com
*.zscaler.net
trust.zscaler.com
*.zscaler.net
*.prod.eu-central-1.s0.dataprotection.zscaler.net
trust.zscaler.com
private.zscaler.com
*.zscaler.net
blog.zscaler.com
trust.zscaler.com
blog.zscaler.com
trust.zscaler.com
blog.zscaler.com
*.zscaler.net
blog.zscaler.com
*.zscaler.net
*.mail.zscaler.net
*.zscaler.net
blog.zscaler.com
trust.zscaler.com
private.zscaler.com
private.zscaler.com
blog.zscaler.com
*.zscaler.net
blog.zscaler.com
trust.zscaler.com
trust.zscaler.com
*.zscaler.net
*.zscaler.net
ips.zscaler.net
*.zscaler.net
private.zscaler.com
blog.zscaler.com
*.zscaler.net
trust.zscaler.com
*.zscaler.net
private.zscaler.com
*.zscaler.net
blog.zscaler.com
*.zscaler.net
blog.zscaler.com
*.zscaler.net
trust.zscaler.com
trust.zscaler.com
trust.zscaler.com
*.zscaler.net
*.zscaler.net
trust.zscaler.com
private.zscaler.com
*.zscaler.net
trust.zscaler.com
trust.zscaler.com
ips.zscaler.net
trust.zscaler.com
blog.zscaler.com
*.zscaler.net
trust.zscaler.com
trust.zscaler.com
blog.zscaler.com
private.zscaler.com
*.zscaler.net
trust.zscaler.com
pac.zscaler.net
blog.zscaler.com
*.zscaler.net
*.zscaler.net
trust.zscaler.com
*.zscaler.net
blog.zscaler.com
*.zscaler.net
trust.zscaler.com
*.zscaler.net
trust.zscaler.com
*.zscaler.net
*.prod.eu-central-1.s0.dataprotection.zscaler.net
trust.zscaler.com
private.zscaler.com
*.zscaler.net
blog.zscaler.com
trust.zscaler.com
blog.zscaler.com
trust.zscaler.com
Certificate
The complete raw certificate details for *.zscaler.net in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIEWTCCA0GgAwIBAgIQBLxYXTgv7ofrGIAO7r3D9zANBgkqhkiG9w0BAQsFADA8 MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRwwGgYDVQQDExNBbWF6b24g UlNBIDIwNDggTTAyMB4XDTIzMTIxNDAwMDAwMFoXDTI1MDExMTIzNTk1OVowGDEW MBQGA1UEAwwNKi56c2NhbGVyLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC AQoCggEBAJuAyCeTSSHl9gIwJhbFiq0xanZqtRn9cj7lNdO4G7eWRQuCAznTslxR f600JxaR8N/IH+uEqcmgslfHV7ZiywSDfpbCVKjvya2W7ZrG85NfsxmcvWgc8OdO 4ux4GmtanFME6UfQbVFzg3e3CQ+5LnFZHjBSucMoC8j8fYFCEnC8zZ85F0U9WxUF QWSya4balVR2M7X2F9Jqjg9JQriX/+UDNzfg/o9MhOEsY5Hu1u/JysYJSngGYFS6 rmMNCdp021rYiIR9T/o7SL1jnFi0g4RsAza3Ych6sReuGJGxXvg2dFs2as6s/BN2 dIzOdsyh1iKVmTqc50F77gXnNJSnQY0CAwEAAaOCAXkwggF1MB8GA1UdIwQYMBaA FMAxUs1aUMOCfHRxzsvpnPl664LiMB0GA1UdDgQWBBSO4MLPOTfEWcbZ/V70k4l6 GurEmzAYBgNVHREEETAPgg0qLnpzY2FsZXIubmV0MBMGA1UdIAQMMAowCAYGZ4EM AQIBMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH AwIwOwYDVR0fBDQwMjAwoC6gLIYqaHR0cDovL2NybC5yMm0wMi5hbWF6b250cnVz dC5jb20vcjJtMDIuY3JsMHUGCCsGAQUFBwEBBGkwZzAtBggrBgEFBQcwAYYhaHR0 cDovL29jc3AucjJtMDIuYW1hem9udHJ1c3QuY29tMDYGCCsGAQUFBzAChipodHRw Oi8vY3J0LnIybTAyLmFtYXpvbnRydXN0LmNvbS9yMm0wMi5jZXIwDAYDVR0TAQH/ BAIwADATBgorBgEEAdZ5AgQDAQH/BAIFADANBgkqhkiG9w0BAQsFAAOCAQEADQiY HhRnBqstfN9oVLa1hklClHS8RB+APL/PGACuGOnN1bBVjZTYyhxFNGsX/wwp+Qvu JXub2SQYzlwfpsiXhxu8ETEi+rlcxq4pTeQ14CmI6FYvIVkzW07IZX5wgc0Zk2oF bx040lB3OVAGID40gj7LJpxAlNUUn79DLU2fc+xQ/moLNAgu7ceOGiH7ajK3BQPB voGssn18N8X0Qm8UQ+1MALCa6t3+U+79zDYPppgw1wMNGrAtwiEOLyQnfuZPgX9g Ff8UC3ine6s2T73tP4XFxhNaCKLq+d63rYNERfS/2+igYXMKFu0tH3s90HnPX89V DQoEstTpUweH/lk+mQ== -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm4DIJ5NJIeX2AjAmFsWK rTFqdmq1Gf1yPuU107gbt5ZFC4IDOdOyXFF/rTQnFpHw38gf64SpyaCyV8dXtmLL BIN+lsJUqO/JrZbtmsbzk1+zGZy9aBzw507i7Hgaa1qcUwTpR9BtUXODd7cJD7ku cVkeMFK5wygLyPx9gUIScLzNnzkXRT1bFQVBZLJrhtqVVHYztfYX0mqOD0lCuJf/ 5QM3N+D+j0yE4Sxjke7W78nKxglKeAZgVLquYw0J2nTbWtiIhH1P+jtIvWOcWLSD hGwDNrdhyHqxF64YkbFe+DZ0WzZqzqz8E3Z0jM52zKHWIpWZOpznQXvuBec0lKdB jQIDAQAB -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 6294856030197552753350680254841996279 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon RSA 2048 M02' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-12-14 00:00:00 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-01-11 23:59:59 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String '*.zscaler.net' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 19630441968735758336635962635031546795502988411191056759172621532485860822586261231063127141104767469153405723213653981325597564867514064219040637070260441285751027537501156631537325626453893438544133262746023654350491391821540558961354113789416455734369947448993547292700622174794825271218764699983302778880343042647425028148816474718043506096163039269025303881761799816713343253224529856012101579050113231210928872627969432053662680967233893757326547514736611575806260161551182939120006061004292643139430410630340063808023718533395844234076206358970781604263892363997757892855180627322308718939658565014860195119501 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName c03152cd5a50c3827c7471cecbe99cf97aeb82e2 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) 8ee0c2cf3937c459c6d9fd5ef493897a1aeac49b . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (17 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.zscaler.net' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (52 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.r2m02.amazontrust.com/r2m02.crl' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (105 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.r2m02.amazontrust.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.r2m02.amazontrust.com/r2m02.cer' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 000d08981e146706ab2d7cdf6854b6b58649429474bc441f803cbfcf1800ae18e9cdd5b0558d94d8ca1c45346b17ff0c29f90bee257b9bd92418ce5c1fa6c897871bbc113122fab95cc6ae294de435e02988e8562f2159335b4ec8657e7081cd19936a056f1d38d25077395006203e34823ecb269c4094d5149fbf432d4d9f73ec50fe6a0b34082eedc78e1a21fb6a32b70503c1be81acb27d7c37c5f4426f1443ed4c00b09aeaddfe53eefdcc360fa69830d7030d1ab02dc2210e2f24277ee64f817f6015ff140b78a77bab364fbded3f85c5c6135a08a2eaf9deb7ad834445f4bfdbe8a061730a16ed2d1f7b3dd079cf5fcf550d0a04b2d4e9530787fe593e99