nfwaterworks.ca
Issued by R3
About this certificate
This digital certificate with serial number 04:c8:dc:1a:61:33:56:8f:c3:c0:78:8c:c1:78:a6:10:6a:d3 was issued on by Let's Encrypt.
With 14 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
- Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
- Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)
Certificate Subject
CN=nfwaterworks.ca
Let's Encrypt
Organization:
Let's Encrypt
Country:
US
This certificate has expire since
Certificate Details
Serial Number (hex): 04:c8:dc:1a:61:33:56:8f:c3:c0:78:8c:c1:78:a6:10:6a:d3Serial Number (int): 416798184241480840030815977302925224471251
Serial Number lenght: 139 bits, 18 octets
SubjectKeyId: 80:e7:29:5d:40:1b:c0:8f:e4:a5:1b:3a:fb:d9:a9:39:94:41:51:49
AuthorityKeyId: 14:2e:b3:17:b7:58:56:cb:ae:50:09:40:e6:1f:af:9d:8b:14:c2:c6
Fingerprint (sha1): 77:04:ec:36:c7:18:99:32:28:0d:4b:43:e3:8b:e4:bf:46:29:fb:89
Fingerprint (sha256): e0:c0:35:1f:8d:52:1e:d1:af:98:8f:8a:75:ac:91:9e:59:60:11:73:86:ce:01:90:88:4a:5a:ac:d2:39:58:8b
Issuing Certificate URL: http://r3.i.lencr.org/
Revocation information
OCSP Server: http://r3.o.lencr.orgCheck the revocation status for certificate nfwaterworks.ca
14
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for nfwaterworks.ca
Public Key Algorithm
RSA
Key Size
2048
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
9 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
60discount.com
arbitrageaficionado.com
drivingbanana.com
finewinevineyard.com.panzer.finance
fintechforvip.com.arbitragecryptos.com
galvestoncommercialappraisal.com
homeschooldiplomas.org.texasnetworksystems.net.naturokids.com
ifainaction.com
lylanoel.com
nfwaterworks.ca
promomprobaby.com
trapsand.com
whipantenna.com
willacycounty.com
arbitrageaficionado.com
drivingbanana.com
finewinevineyard.com.panzer.finance
fintechforvip.com.arbitragecryptos.com
galvestoncommercialappraisal.com
homeschooldiplomas.org.texasnetworksystems.net.naturokids.com
ifainaction.com
lylanoel.com
nfwaterworks.ca
promomprobaby.com
trapsand.com
whipantenna.com
willacycounty.com
Other certificates including the domain name nfwaterworks.ca
(limited to 100 certificates)
Certificate
The complete raw certificate details for nfwaterworks.ca in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIGPzCCBSegAwIBAgISBMjcGmEzVo/DwHiMwXimEGrTMA0GCSqGSIb3DQEBCwUA MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD EwJSMzAeFw0yMzEyMjYwMzQwNDZaFw0yNDAzMjUwMzQwNDVaMBoxGDAWBgNVBAMT D25md2F0ZXJ3b3Jrcy5jYTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB AMmCRostbiPMCgIwu6wipaLf1BwPmHLNrOFYrU0ofA64rF9Ng0AbhkHcjvj6vPbB J5bc/+jl/aGB1SiGPuQPf5+ObaDtEtQvovUxklbtMgTB3dqs8l050M3A01u2+ZGB wBsMUDea2eDPv26T3lvsz5n2FQTLmRqL0q4FhKGLaKa4xp8QDKGngBjgI4kynTqr 6gE14r9v2+sqetv2FHHVlW5qf6y/bfz0aXDvMuN8jKbr1yqg12qB9YbhuaaqG0+/ Zdc8jS00bBubzHvZJWbGmqi84RmyFYiE7Zl8bWKiCIF51/47xFxpg9nw5UC10Een ooO94l2Am5KEw24Po4TvuOsCAwEAAaOCA2UwggNhMA4GA1UdDwEB/wQEAwIFoDAd BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNV HQ4EFgQUgOcpXUAbwI/kpRs6+9mpOZRBUUkwHwYDVR0jBBgwFoAUFC6zF7dYVsuu UAlA5h+vnYsUwsYwVQYIKwYBBQUHAQEESTBHMCEGCCsGAQUFBzABhhVodHRwOi8v cjMuby5sZW5jci5vcmcwIgYIKwYBBQUHMAKGFmh0dHA6Ly9yMy5pLmxlbmNyLm9y Zy8wggFsBgNVHREEggFjMIIBX4IONjBkaXNjb3VudC5jb22CF2FyYml0cmFnZWFm aWNpb25hZG8uY29tghFkcml2aW5nYmFuYW5hLmNvbYIjZmluZXdpbmV2aW5leWFy ZC5jb20ucGFuemVyLmZpbmFuY2WCJmZpbnRlY2hmb3J2aXAuY29tLmFyYml0cmFn ZWNyeXB0b3MuY29tgiBnYWx2ZXN0b25jb21tZXJjaWFsYXBwcmFpc2FsLmNvbYI9 aG9tZXNjaG9vbGRpcGxvbWFzLm9yZy50ZXhhc25ldHdvcmtzeXN0ZW1zLm5ldC5u YXR1cm9raWRzLmNvbYIPaWZhaW5hY3Rpb24uY29tggxseWxhbm9lbC5jb22CD25m d2F0ZXJ3b3Jrcy5jYYIRcHJvbW9tcHJvYmFieS5jb22CDHRyYXBzYW5kLmNvbYIP d2hpcGFudGVubmEuY29tghF3aWxsYWN5Y291bnR5LmNvbTATBgNVHSAEDDAKMAgG BmeBDAECATCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB2ADtTd3U+LbmAToswWwb+ QDtn2E/D9Me9AA0tcm/h+tQXAAABjKRs28kAAAQDAEcwRQIhAJ/AvEUBDsuBoQ55 ge01xbgvo8pKYoowyii34IPlxrWCAiAK17I2wBtEV4gypazrMTKuFbPJtxsxtedS EPorEcd7fgB2AEiw42vapkc0D+VqAvqdMOscUgHLVt0sgdm7v6s52IRzAAABjKRs 28sAAAQDAEcwRQIgOeldjaZXOQ41rjFaCEVRHAplwHmMRds1pliZKcplHgUCIQCW yK7rvkeafLrZh0d3lmMMT9V+F8XnlSql0tKfZBF1QjANBgkqhkiG9w0BAQsFAAOC AQEAZHRIXdp7zngTSN8YMBAOuLyqYgjuNdKaEorcHtL7Z2yCK5OD/CRC46y3oCg3 C7AVmWH7fBeyYu8xL29KCFn5YeJa63BvNCGQIiCU7bN6FsbBwkYgzCRk29WcHqn5 Rawk1TgY6PEpV0diDoSgk12byqfFJIAXrSEMDlkooRzDfSu6v39+TFhj8fTzAHHn pUty7URunAe7cKdWZACp0825HqPYtjOoojNZ/1OeRaHM3AFDEhSI2QLxejkeKx3F lbmqPLuOtj8PGMFjnZ1f1VN3+HORVQriUG00EXIOicht6GRUXqUNzHBwwc+B/3X6 JCH//0LHw9h0/B2S4l/ZbEF6Tg== -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyYJGiy1uI8wKAjC7rCKl ot/UHA+Ycs2s4VitTSh8DrisX02DQBuGQdyO+Pq89sEnltz/6OX9oYHVKIY+5A9/ n45toO0S1C+i9TGSVu0yBMHd2qzyXTnQzcDTW7b5kYHAGwxQN5rZ4M+/bpPeW+zP mfYVBMuZGovSrgWEoYtoprjGnxAMoaeAGOAjiTKdOqvqATXiv2/b6yp62/YUcdWV bmp/rL9t/PRpcO8y43yMpuvXKqDXaoH1huG5pqobT79l1zyNLTRsG5vMe9klZsaa qLzhGbIViITtmXxtYqIIgXnX/jvEXGmD2fDlQLXQR6eig73iXYCbkoTDbg+jhO+4 6wIDAQAB -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 416798184241480840030815977302925224471251 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'R3' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-12-26 03:40:46 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-03-25 03:40:45 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'nfwaterworks.ca' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 25438140571700463810025723912293074255545792876720048097998879763813821323318293475138601633473380286262301173655621447022258999628061739167617282959826878510133800322388556789944097509585268186201503613048889910378355058032515893295975870687947734719271330559504831903356142608412358294988085543171892966242166756448572942105623822421810653664147731174010647003011612512148714163261859704219345251568234763658283222349296166621720843629623837378563087365650814008697902875918434221116295251888279768549903774264262908681252752504605091137024737438440905338958942450625505744984174663439241969291212452952242949961963 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) 80e7295d401bc08fe4a51b3afbd9a93994415149 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 142eb317b75856cbae500940e61faf9d8b14c2c6 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (73 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.o.lencr.org' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.i.lencr.org/' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (355 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '60discount.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'arbitrageaficionado.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'drivingbanana.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'finewinevineyard.com.panzer.finance' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'fintechforvip.com.arbitragecryptos.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'galvestoncommercialappraisal.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'homeschooldiplomas.org.texasnetworksystems.net.naturokids.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ifainaction.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'lylanoel.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'nfwaterworks.ca' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'promomprobaby.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'trapsand.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'whipantenna.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'willacycounty.com' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (245 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (242 bytes) 00f00076003b5377753e2db9804e8b305b06fe403b67d84fc3f4c7bd000d2d726fe1fad4170000018ca46cdbc900000403004730450221009fc0bc45010ecb81a10e7981ed35c5b82fa3ca4a628a30ca28b7e083e5c6b58202200ad7b236c01b44578832a5aceb3132ae15b3c9b71b31b5e75210fa2b11c77b7e00760048b0e36bdaa647340fe56a02fa9d30eb1c5201cb56dd2c81d9bbbfab39d884730000018ca46cdbcb0000040300473045022039e95d8da657390e35ae315a0845511c0a65c0798c45db35a6589929ca651e0502210096c8aeebbe479a7cbad987477796630c4fd57e17c5e7952aa5d2d29f64117542 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 006474485dda7bce781348df1830100eb8bcaa6208ee35d29a128adc1ed2fb676c822b9383fc2442e3acb7a028370bb0159961fb7c17b262ef312f6f4a0859f961e25aeb706f342190222094edb37a16c6c1c24620cc2464dbd59c1ea9f945ac24d53818e8f1295747620e84a0935d9bcaa7c5248017ad210c0e5928a11cc37d2bbabf7f7e4c5863f1f4f30071e7a54b72ed446e9c07bb70a7566400a9d3cdb91ea3d8b633a8a23359ff539e45a1ccdc0143121488d902f17a391e2b1dc595b9aa3cbb8eb63f0f18c1639d9d5fd55377f87391550ae2506d3411720e89c86de864545ea50dcc7070c1cf81ff75fa2421ffff42c7c3d874fc1d92e25fd96c417a4e