staging.lal.org.uk
Issued by R3
About this certificate
This digital certificate with serial number 04:29:f1:30:b1:92:66:c1:b6:04:e0:71:e6:0d:e4:c1:f8:77 was issued on by Let's Encrypt.
This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
- Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
- Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)
Certificate Subject
CN=staging.lal.org.uk
Let's Encrypt
Organization:
Let's Encrypt
Country:
US
This certificate will expire on
Certificate Details
Serial Number (hex): 04:29:f1:30:b1:92:66:c1:b6:04:e0:71:e6:0d:e4:c1:f8:77Serial Number (int): 362721317549618451212263824847200529283191
Serial Number lenght: 139 bits, 18 octets
SubjectKeyId: dc:00:84:6e:b7:ab:2f:bb:4a:9c:b1:e2:49:3a:d3:92:18:05:ab:a8
AuthorityKeyId: 14:2e:b3:17:b7:58:56:cb:ae:50:09:40:e6:1f:af:9d:8b:14:c2:c6
Fingerprint (sha1): e9:42:41:96:e0:98:68:b8:90:b2:39:b6:b4:7e:5d:2e:4c:67:62:30
Fingerprint (sha256): cd:13:f7:40:c7:6c:66:7e:4a:53:56:03:7e:d5:6d:76:d0:98:a9:66:d9:f9:32:b9:32:9a:d5:d9:ae:2a:a1:78
Issuing Certificate URL: http://r3.i.lencr.org/
Revocation information
OCSP Server: http://r3.o.lencr.orgCheck the revocation status for certificate staging.lal.org.uk
1
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for staging.lal.org.uk
Public Key Algorithm
RSA
Key Size
4096
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
9 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
staging.lal.org.uk
Other certificates including the domain name lal.org.uk
(limited to 100 certificates)
Certificate
The complete raw certificate details for staging.lal.org.uk in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIE/jCCA+agAwIBAgISBCnxMLGSZsG2BOBx5g3kwfh3MA0GCSqGSIb3DQEBCwUA MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD EwJSMzAeFw0yNDA0MDIwMjU5MTVaFw0yNDA3MDEwMjU5MTRaMB0xGzAZBgNVBAMT EnN0YWdpbmcubGFsLm9yZy51azCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC ggIBALheRwnSp1xwP89T4dM9wfedbhcyOxE/eAJyWnMewV3cGdMfPS3Iny39bK5F d0u+HF2GJSPN+Heh5MT68p8XvhjPp9XcCaJ6u71RMOFXecoOOqgA/eFwqL1l2XxG EtMyvduzrGIJcIqT8e+W1h8LKKFHbYw2jzEYFCye7pl+gH2KowbcKI8uK7YIyMZz aywXleQWpIxyoZsZA2GlgySq0p0ynz5rKP6PlqhdW7B/Ig0t63jZmtmcr6Ea3BoV ZYxrDKUe72i9UynkKrGs6Tk4+NbCZ5EoincxMqQjHZQoXyNG2TBvI7mIz6q4BEy5 Eh1w19M4aA3zpPBDhnIfc1ZLvD5EFRvYBi1gzGyKlwbmQJikN+5vEhUZZOl5iwq6 t2EgtyrUlGIvGgDTypi5+I312rPziLrCZFAwrxKHt1Po2Yk53dy12EuZKRYQ89QD YIkLWTPlABcjVpynw7owKnsYpIAZVbgyzLN+b9777e2Q35/MxBc8k0x5A5qlg4Xw 6l9le0omHz99uEu6O4vkqKY66pQZe/71K3raLZ7Z9oPKSZnuEUq9gHEijQ21j3JH lISP/gt7727Y82bINMfDlEW46YUZYq6Fq5CfkuOTJhKwHd4T9dbsUTGDZRwnW3QT V90FsT7x2ZiiGrgqLumZgVt5ygK5/btN15zg0Sm9MGtqA+dtAgMBAAGjggEhMIIB HTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC MAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFNwAhG63qy+7Spyx4kk605IYBauoMB8G A1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAh BggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZo dHRwOi8vcjMuaS5sZW5jci5vcmcvMB0GA1UdEQQWMBSCEnN0YWdpbmcubGFsLm9y Zy51azATBgNVHSAEDDAKMAgGBmeBDAECATATBgorBgEEAdZ5AgQDAQH/BAIFADAN BgkqhkiG9w0BAQsFAAOCAQEAk/i7+hGJqDgRPfc5Wu0tYoqOPkjYSqeMZdK993Ib ERJzQkIyjGNOfICSaQ6LcWNiZbRpH3PViD85IE1OBO0uwm4/1vX+Ukd8SGaB3PLj skJlm3Z3VEZjYQlc/tw7PdhEUdv0sE4NjVp5XSypVapFcTIrWArHhqz41D5ONAir DhfqHWndB4xhL6+IwyTXg0utbTPQ31MJL+Rda2gSL5mLTIoGb/D67IMkbUMDM24a pFYHU11TlNxS24gheECYej6qTCirK6TwYxaRnc1GfAMBqx4e8FFaz/T9okp2d4VT ZnTcGuTdIa80rG1TlSlhUTAuJ6huq+gxuSNLcYVYGoA9Ow== -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAuF5HCdKnXHA/z1Ph0z3B 951uFzI7ET94AnJacx7BXdwZ0x89LcifLf1srkV3S74cXYYlI834d6HkxPrynxe+ GM+n1dwJonq7vVEw4Vd5yg46qAD94XCovWXZfEYS0zK927OsYglwipPx75bWHwso oUdtjDaPMRgULJ7umX6AfYqjBtwojy4rtgjIxnNrLBeV5BakjHKhmxkDYaWDJKrS nTKfPmso/o+WqF1bsH8iDS3reNma2ZyvoRrcGhVljGsMpR7vaL1TKeQqsazpOTj4 1sJnkSiKdzEypCMdlChfI0bZMG8juYjPqrgETLkSHXDX0zhoDfOk8EOGch9zVku8 PkQVG9gGLWDMbIqXBuZAmKQ37m8SFRlk6XmLCrq3YSC3KtSUYi8aANPKmLn4jfXa s/OIusJkUDCvEoe3U+jZiTnd3LXYS5kpFhDz1ANgiQtZM+UAFyNWnKfDujAqexik gBlVuDLMs35v3vvt7ZDfn8zEFzyTTHkDmqWDhfDqX2V7SiYfP324S7o7i+Sopjrq lBl7/vUretotntn2g8pJme4RSr2AcSKNDbWPckeUhI/+C3vvbtjzZsg0x8OURbjp hRliroWrkJ+S45MmErAd3hP11uxRMYNlHCdbdBNX3QWxPvHZmKIauCou6ZmBW3nK Arn9u03XnODRKb0wa2oD520CAwEAAQ== -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 362721317549618451212263824847200529283191 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'R3' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-04-02 02:59:15 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-07-01 02:59:14 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'staging.lal.org.uk' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 752156924990922159238106083721178832456321685231952459070668951094296382902794182108387368488743430105328574801594486627601667399511141611815526185444200428738679594619344287880832439859336283717687750523413358931805192174834534888985712044346337547382325540147366882660175870372367806523298665355223879606288317770666067868003506703130319947005276417003168242619119499112895482392344798409357990225417373040445290153145145222893705017547022255319799101260701406150585776665606946524005969005067588685745457684669948939915151949326660105947349384987772724355223198740301228873762201569573764366897963026015459493905174619263427575323384730741686800700104131260128515547317142197499646268160825711709438621216652682281460496156859680326587635457486940909731139320665588306689775578975939722188023388667875697191566556657903640220381949989940970552713181273763773503159686688043043578024343377817595404368514181489614536558822166060234124358676991856826845861078282347987191466045919669658172014674223058643180284735966605735821871049565576871165548879492534540933988838097380137892734008844122321942139757107222292773556779249596414742935066413586472838275299805196041701099719173140329787685746798102843686228072073129055676558206829 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) dc00846eb7ab2fbb4a9cb1e2493ad3921805aba8 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 142eb317b75856cbae500940e61faf9d8b14c2c6 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (73 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.o.lencr.org' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.i.lencr.org/' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'staging.lal.org.uk' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 0093f8bbfa1189a838113df7395aed2d628a8e3e48d84aa78c65d2bdf7721b1112734242328c634e7c8092690e8b71636265b4691f73d5883f39204d4e04ed2ec26e3fd6f5fe52477c486681dcf2e3b242659b767754466361095cfedc3b3dd84451dbf4b04e0d8d5a795d2ca955aa4571322b580ac786acf8d43e4e3408ab0e17ea1d69dd078c612faf88c324d7834bad6d33d0df53092fe45d6b68122f998b4c8a066ff0faec83246d4303336e1aa45607535d5394dc52db88217840987a3eaa4c28ab2ba4f06316919dcd467c0301ab1e1ef0515acff4fda24a767785536674dc1ae4dd21af34ac6d5395296151302e27a86eabe831b9234b7185581a803d3b