best-of.pt
Issued by R3
About this certificate
This digital certificate with serial number 03:bb:b7:3d:11:06:35:0e:df:d8:4a:72:7c:3b:c9:84:2c:6a was issued on by Let's Encrypt.
With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
- Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
- Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)
Certificate Subject
CN=best-of.pt
Let's Encrypt
Organization:
Let's Encrypt
Country:
US
This certificate will expire on
Certificate Details
Serial Number (hex): 03:bb:b7:3d:11:06:35:0e:df:d8:4a:72:7c:3b:c9:84:2c:6aSerial Number (int): 325213226208125995761473063162315945553002
Serial Number lenght: 138 bits, 18 octets
SubjectKeyId: 61:3e:79:a6:11:9e:f8:65:9c:f0:3c:99:a3:cc:bf:1e:3a:7d:9b:0b
AuthorityKeyId: 14:2e:b3:17:b7:58:56:cb:ae:50:09:40:e6:1f:af:9d:8b:14:c2:c6
Fingerprint (sha1): f3:ec:c8:a3:a4:d7:3b:97:1a:9f:98:17:95:10:ac:0c:22:59:1f:6c
Fingerprint (sha256): d0:d8:82:d8:56:77:21:12:b6:cb:44:cd:5f:52:fd:34:ba:f5:7a:5a:99:e3:11:64:a6:f4:1b:4d:50:88:0e:c5
Issuing Certificate URL: http://r3.i.lencr.org/
Revocation information
OCSP Server: http://r3.o.lencr.orgCheck the revocation status for certificate best-of.pt
2
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for best-of.pt
Public Key Algorithm
RSA
Key Size
2048
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
9 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
*.best-of.pt
best-of.pt
best-of.pt
Other certificates including the domain name best-of.pt
(limited to 100 certificates)
best-of.pt
mkt.best-of.pt
newsletter.yvesrocher.pt
mkt.radiopopular.pt
best-of.pt
bestcampanhas.com
best-of.pt
*.best-of.pt
best-of.pt
best-of.pt
priogo.prio.pt
newsletter.yvesrocher.pt
mkt.radiopopular.pt
best-of.pt
mkt.vhome.com.br
mkt.vhome.com.br
best-of.pt
mkt.radiopopular.pt
bestcampanhas.com
best-of.pt
best-of.pt
mkt.radiopopular.pt
best-of.pt
best-of.pt
best-of.pt
mkt.best-of.pt
newsletter.yvesrocher.pt
mkt.radiopopular.pt
best-of.pt
bestcampanhas.com
best-of.pt
*.best-of.pt
best-of.pt
best-of.pt
priogo.prio.pt
newsletter.yvesrocher.pt
mkt.radiopopular.pt
best-of.pt
mkt.vhome.com.br
mkt.vhome.com.br
best-of.pt
mkt.radiopopular.pt
bestcampanhas.com
best-of.pt
best-of.pt
mkt.radiopopular.pt
best-of.pt
best-of.pt
best-of.pt
Certificate
The complete raw certificate details for best-of.pt in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIE7TCCA9WgAwIBAgISA7u3PREGNQ7f2EpyfDvJhCxqMA0GCSqGSIb3DQEBCwUA MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD EwJSMzAeFw0yNDAzMDYxMzAzNTBaFw0yNDA2MDQxMzAzNDlaMBUxEzARBgNVBAMT CmJlc3Qtb2YucHQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCVmRO 9k26bH5Vwf5qH+/FLriBY4NkTAKPYMugu2T0qQyugY/KznSQGfMxVGbHwbz/0Xdo IAoamyIjZ37a8XObOjKOECRVZAbqyuKPZBeDqqo/bRgsTrGXF9JoqZix0E7Uku4z L65Rcd2N4Ijc1jktoaWABhw/Cy99Uz5CNuOj+hvSAldmxq+4PfNsBSzGqFyAOEJk xhMzmhwCc8c4UWsBCDQ6RMHBXkDVFylY4J7LtJh4KvbkKea3USGeHdKY6a4XydB+ BRp4X/kSJwoesdBzCpMKEcbPoHO/YPKEsOsh2McAJWAQtdl7g0SON5wbOqPaOZNn pPKUyyYwuLqV4airAgMBAAGjggIYMIICFDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0l BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYE FGE+eaYRnvhlnPA8maPMvx46fZsLMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYf r52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8u bGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMCMG A1UdEQQcMBqCDCouYmVzdC1vZi5wdIIKYmVzdC1vZi5wdDATBgNVHSAEDDAKMAgG BmeBDAECATCCAQIGCisGAQQB1nkCBAIEgfMEgfAA7gB1AEiw42vapkc0D+VqAvqd MOscUgHLVt0sgdm7v6s52IRzAAABjhQT38IAAAQDAEYwRAIgasspdbW4PVVDQM+/ 6RcOnaui3zK/w7zu3Z5LcL1XHNsCIF5HF3ML9JIFcT/MTMcIQe5FrAQ/8GqwotbL HHHMIeFIAHUAdv+IPwq2+5VRwmHM9Ye6NLSkzbsp3GhCCp/mZ0xaOnQAAAGOFBPg FAAABAMARjBEAiB0m1e6u99Qn1Z3h/jpgzptf+QvN6ILsIzotZ9ztiZSNAIgVr6A efGxD1RYXae3VzpaAWpxShnm19w7QVcSRyiqTVQwDQYJKoZIhvcNAQELBQADggEB AHW9ppHIkFX+6T6DNlhmG0K2S2aLA0LRfSvo2h853S87PCpuKShSBuMbnkStds69 k/FHpE74r7niYzyPU+gfa5b5tZgAasSL4+/c3UL5kvB48c2fheyzFCSjWtZZYxXD In12BMqHEF3U7U0VPBYgWiRRu2P049Z9MdR6JGtYizbTPiKxSdejKbVhQ/xszQwi tZzhz0M4MzBjzmc+8sb4Z4SOjBXYZaYod7T4XOv2CeJZIWwl8FEXEPvbhDuP075C KIaLjQDtbxc5/6a8nqZ4wDIc/56+nXXMJCl4jCb+ftQRGvLJndsDV3c57JCfcRmm +edc+4j+hjX5DDXbnMwANxM= -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwlZkTvZNumx+VcH+ah/v xS64gWODZEwCj2DLoLtk9KkMroGPys50kBnzMVRmx8G8/9F3aCAKGpsiI2d+2vFz mzoyjhAkVWQG6srij2QXg6qqP20YLE6xlxfSaKmYsdBO1JLuMy+uUXHdjeCI3NY5 LaGlgAYcPwsvfVM+Qjbjo/ob0gJXZsavuD3zbAUsxqhcgDhCZMYTM5ocAnPHOFFr AQg0OkTBwV5A1RcpWOCey7SYeCr25Cnmt1Ehnh3SmOmuF8nQfgUaeF/5EicKHrHQ cwqTChHGz6Bzv2DyhLDrIdjHACVgELXZe4NEjjecGzqj2jmTZ6TylMsmMLi6leGo qwIDAQAB -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 325213226208125995761473063162315945553002 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'R3' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-03-06 13:03:50 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-06-04 13:03:49 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'best-of.pt' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 24532832562498375898669110105223940383909863346272773189264756771214589391844324311734956579221420402996217614798771342170849442652847447622605462023510454089383501279600412740510130879662257942302026804687840765852289356930403594733108477421838436054535374105542991044876909716292632451883100962573861489037421077319734486257518632327858084683599279883229056154368295276131099045570190785404627502503924050371775235146766902289829181694234452876839858336163031162121202164027541230549338623979185786870255952766892000209690427733994413346844669350290852748676935105222606204565740985623161622223221164846820481935531 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) 613e79a6119ef8659cf03c99a3ccbf1e3a7d9b0b . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 142eb317b75856cbae500940e61faf9d8b14c2c6 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (73 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.o.lencr.org' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.i.lencr.org/' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (28 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.best-of.pt' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'best-of.pt' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (243 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (240 bytes) 00ee00750048b0e36bdaa647340fe56a02fa9d30eb1c5201cb56dd2c81d9bbbfab39d884730000018e1413dfc2000004030046304402206acb2975b5b83d554340cfbfe9170e9daba2df32bfc3bceedd9e4b70bd571cdb02205e4717730bf49205713fcc4cc70841ee45ac043ff06ab0a2d6cb1c71cc21e14800750076ff883f0ab6fb9551c261ccf587ba34b4a4cdbb29dc68420a9fe6674c5a3a740000018e1413e01400000403004630440220749b57babbdf509f567787f8e9833a6d7fe42f37a20bb08ce8b59f73b6265234022056be8079f1b10f54585da7b7573a5a016a714a19e6d7dc3b4157124728aa4d54 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 0075bda691c89055fee93e833658661b42b64b668b0342d17d2be8da1f39dd2f3b3c2a6e29285206e31b9e44ad76cebd93f147a44ef8afb9e2633c8f53e81f6b96f9b598006ac48be3efdcdd42f992f078f1cd9f85ecb31424a35ad6596315c3227d7604ca87105dd4ed4d153c16205a2451bb63f4e3d67d31d47a246b588b36d33e22b149d7a329b56143fc6ccd0c22b59ce1cf4338333063ce673ef2c6f867848e8c15d865a62877b4f85cebf609e259216c25f0511710fbdb843b8fd3be4228868b8d00ed6f1739ffa6bc9ea678c0321cff9ebe9d75cc2429788c26fe7ed4111af2c99ddb03577739ec909f7119a6f9e75cfb88fe8635f90c35db9ccc003713