oersterk.nu
Issued by Let's Encrypt Authority X3
About this certificate
This digital certificate with serial number 03:a3:8b:62:10:c5:95:cc:61:21:37:e4:8a:b2:ff:2a:bc:df was issued on by Let's Encrypt.
With 3 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)
Certificate Subject
CN=oersterk.nu
Let's Encrypt
Organization:
Let's Encrypt
Country:
US
This certificate has expire since
Certificate Details
Serial Number (hex): 03:a3:8b:62:10:c5:95:cc:61:21:37:e4:8a:b2:ff:2a:bc:dfSerial Number (int): 316988155480072811223592686666927414361311
Serial Number lenght: 138 bits, 18 octets
SubjectKeyId: 69:0b:20:3e:d5:42:63:71:63:78:56:da:08:60:81:7c:8a:4d:a5:0f
AuthorityKeyId: a8:4a:6a:63:04:7d:dd:ba:e6:d1:39:b7:a6:45:65:ef:f3:a8:ec:a1
Fingerprint (sha1): 05:1f:f3:80:26:d0:d6:a3:34:58:7a:c5:67:33:f9:9c:e6:9a:fe:67
Fingerprint (sha256): ca:fd:76:61:d4:aa:7b:2f:74:70:57:37:51:24:1d:25:cc:0c:37:0f:de:9f:da:46:52:c0:16:0a:03:2a:05:20
Issuing Certificate URL: http://cert.int-x3.letsencrypt.org/
Revocation information
OCSP Server: http://ocsp.int-x3.letsencrypt.orgCheck the revocation status for certificate oersterk.nu
3
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for oersterk.nu
Public Key Algorithm
RSA
Key Size
4096
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
9 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
mail.oersterk.nu
oersterk.nu
www.oersterk.nu
oersterk.nu
www.oersterk.nu
Other certificates including the domain name oersterk.nu
(limited to 100 certificates)
Certificate
The complete raw certificate details for oersterk.nu in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIGcTCCBVmgAwIBAgISA6OLYhDFlcxhITfkirL/KrzfMA0GCSqGSIb3DQEBCwUA MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xOTEwMTgxNjQ5NTBaFw0y MDAxMTYxNjQ5NTBaMBYxFDASBgNVBAMTC29lcnN0ZXJrLm51MIICIjANBgkqhkiG 9w0BAQEFAAOCAg8AMIICCgKCAgEAxm670uf5JXEc9Esd7uLSbAAyQKqEn4ZvIKzJ 0d3k30T7Vh39APCay3EN80TKC1y4X2iYcKfi4fYAdKxXQsNJyYtyGqgGPnaeCnEn tf224PVP184NICinOCm7YCVpiCQehVaCbbX/1BmF5Y+4ggmg1/dVXgxtj0xcrPLI 4UOWPAl7W8Eq4+94aL26Hzl9Ve1ofY4qP5ev6yMpNH6YycXrfzcZHqX574sH4n/z LQiKa7iCFl678ihmUSCp1StEAhDs4nqTSEolEvf1qru7FSh7QFwZF3tBnuWkXxcU NHCitEyRfl/0eubg6DAbkExF2CEDBViAdwK85bZXM37LPkHxTdEYOLhytYmkYR9B XpSmJmumLFv3iSGYIK00EQqmDKKnDkNewds507Y7QWi8QXEf9P9Y3ZNfN2hGXvIV sBBHLR8tWxDl3PF+4QGkffUZrx5Yj9ZfqFob/AL+DabJ9QcuWFNRUyfHQEmtcUcL lZV8K6dbrewA/QgX5//BvnWfljzbPAOI45EhL4Rn78N3XxcEcJw05AlddRD8geiI giV0M+kQIK79ggdvNZEUB341C3qVWAWzDmFbICyVWmIpVPNwmldmcxGaIK3VjaAL DrOgjFb78uYKGAw91CnP4QTs75WURGj0HC+b5AzGAzblwzskhXDsguteJCxMeC5H peosKesCAwEAAaOCAoMwggJ/MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggr BgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUaQsgPtVC Y3FjeFbaCGCBfIpNpQ8wHwYDVR0jBBgwFoAUqEpqYwR93brm0Tm3pkVl7/Oo7KEw bwYIKwYBBQUHAQEEYzBhMC4GCCsGAQUFBzABhiJodHRwOi8vb2NzcC5pbnQteDMu bGV0c2VuY3J5cHQub3JnMC8GCCsGAQUFBzAChiNodHRwOi8vY2VydC5pbnQteDMu bGV0c2VuY3J5cHQub3JnLzA5BgNVHREEMjAwghBtYWlsLm9lcnN0ZXJrLm51ggtv ZXJzdGVyay5udYIPd3d3Lm9lcnN0ZXJrLm51MEwGA1UdIARFMEMwCAYGZ4EMAQIB MDcGCysGAQQBgt8TAQEBMCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2Vu Y3J5cHQub3JnMIIBBAYKKwYBBAHWeQIEAgSB9QSB8gDwAHYAXqdz+d9WwOe1Nkh9 0EngMnqRmgyEoRIShBh1loFxRVgAAAFt3/1s9wAABAMARzBFAiEA/C+6GBwbzQ1q n5Bhx7sMPDFzPO82uAwjIZelQ5R0hcoCIFHqSKJN4KUaawwi/gLKTC7gHEWWvOoe yuVmVWIejm9kAHYAKTxRllTIOWW6qlD8WAfUt2+/WHopctykwwz05UVH9HgAAAFt 3/1s4gAABAMARzBFAiEAjnJ6nMIfwq7SvAASdHyrWHVAg3/psYDhQ0Vw+0KLeVQC IAJ6Mgx/dhLrQ3r+GiIr2VCeRlPsyY6Zo+1jOm0WM5ekMA0GCSqGSIb3DQEBCwUA A4IBAQCIzZTP1wI34E2PeSoUF/4VM5zu/yFmps8tW7pwXpAWhdGp8cE+uz0sVWle jeRzrqf8mTqfW05j6KJ/xPntznXYPaDYWdhEKwythNvmXIwMmJgK28e1RYfUQkAa nRuSRm1jNHEWHOC2TWmD+65nVnq1S4TVTyg/mz6fRbKGjDdkuZ5lVOHvnXlRZxfN +hApWgxUWkO4PxybQd+QPb7+vqNdK9XyI4Mqq6yLWlZREirGMfXoOByWULk/NwD+ IbYknySLlafQ6s/tZFR6TDoMia815svsyDUH98LgrmElU6hsdjtqHFXQO+0c2WCM rF9lv7L6q5KTuF4XQhwp9fjZsKvU -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxm670uf5JXEc9Esd7uLS bAAyQKqEn4ZvIKzJ0d3k30T7Vh39APCay3EN80TKC1y4X2iYcKfi4fYAdKxXQsNJ yYtyGqgGPnaeCnEntf224PVP184NICinOCm7YCVpiCQehVaCbbX/1BmF5Y+4ggmg 1/dVXgxtj0xcrPLI4UOWPAl7W8Eq4+94aL26Hzl9Ve1ofY4qP5ev6yMpNH6YycXr fzcZHqX574sH4n/zLQiKa7iCFl678ihmUSCp1StEAhDs4nqTSEolEvf1qru7FSh7 QFwZF3tBnuWkXxcUNHCitEyRfl/0eubg6DAbkExF2CEDBViAdwK85bZXM37LPkHx TdEYOLhytYmkYR9BXpSmJmumLFv3iSGYIK00EQqmDKKnDkNewds507Y7QWi8QXEf 9P9Y3ZNfN2hGXvIVsBBHLR8tWxDl3PF+4QGkffUZrx5Yj9ZfqFob/AL+DabJ9Qcu WFNRUyfHQEmtcUcLlZV8K6dbrewA/QgX5//BvnWfljzbPAOI45EhL4Rn78N3XxcE cJw05AlddRD8geiIgiV0M+kQIK79ggdvNZEUB341C3qVWAWzDmFbICyVWmIpVPNw mldmcxGaIK3VjaALDrOgjFb78uYKGAw91CnP4QTs75WURGj0HC+b5AzGAzblwzsk hXDsguteJCxMeC5HpeosKesCAwEAAQ== -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 316988155480072811223592686666927414361311 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt Authority X3' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-10-18 16:49:50 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2020-01-16 16:49:50 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'oersterk.nu' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 809534189643699617201487378260764118173028874193883329012290095592869944023222932192896213519028336034035055261528348198291526548111932334510658858053571000249384069579235656363077248324705026295310314707496565793156802968820669243830278510924356945290446812840709673142694927771528260784671284814830827815940228692301374269172819795969108932421559351641624844684565512363728091670109995523998110762719034306389468353908364619069207921692146628216355782759197441051790423989103424060270227477606816386962442367440167036277324296160877221793085341231376267573116669416921864179583070154368086431256082241932905634249253359602552466510384345364602968148721137534600254183648938437432016379733096299282136092466863200657155383335764679414182228934633487075606048106638908907963939805703362288965302629959196912500672731049023093773448876071074280904089949582270971986479394884706194046083396697861957123162618588640527390461324560266650110060096570542705955289495907482157267833520641867088540379248535202960205931404981746525362311539185624871981021243899305816825324777474021191214761837103197307838817445086009787126965317872497595471956831737806234604184035722174917930510027504708072545841483806166209933839867367922940615420815851 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) 690b203ed5426371637856da0860817c8a4da50f . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName a84a6a63047dddbae6d139b7a64565eff3a8eca1 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (99 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.int-x3.letsencrypt.org' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cert.int-x3.letsencrypt.org/' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (50 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mail.oersterk.nu' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'oersterk.nu' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.oersterk.nu' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (69 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.44947.1.1.1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://cps.letsencrypt.org' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (245 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (242 bytes) 00f00076005ea773f9df56c0e7b536487dd049e0327a919a0c84a1121284187596817145580000016ddffd6cf70000040300473045022100fc2fba181c1bcd0d6a9f9061c7bb0c3c31733cef36b80c232197a543947485ca022051ea48a24de0a51a6b0c22fe02ca4c2ee01c4596bcea1ecae56655621e8e6f64007600293c519654c83965baaa50fc5807d4b76fbf587a2972dca4c30cf4e54547f4780000016ddffd6ce200000403004730450221008e727a9cc21fc2aed2bc0012747cab587540837fe9b180e1434570fb428b79540220027a320c7f7612eb437afe1a222bd9509e4653ecc98e99a3ed633a6d163397a4 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 0088cd94cfd70237e04d8f792a1417fe15339ceeff2166a6cf2d5bba705e901685d1a9f1c13ebb3d2c55695e8de473aea7fc993a9f5b4e63e8a27fc4f9edce75d83da0d859d8442b0cad84dbe65c8c0c98980adbc7b54587d442401a9d1b92466d633471161ce0b64d6983fbae67567ab54b84d54f283f9b3e9f45b2868c3764b99e6554e1ef9d79516717cdfa10295a0c545a43b83f1c9b41df903dbefebea35d2bd5f223832aabac8b5a5651122ac631f5e8381c9650b93f3700fe21b6249f248b95a7d0eacfed64547a4c3a0c89af35e6cbecc83507f7c2e0ae612553a86c763b6a1c55d03bed1cd9608cac5f65bfb2faab9293b85e17421c29f5f8d9b0abd4