mychurch.bible
Issued by R3
About this certificate
This digital certificate with serial number 03:71:f1:2a:37:fc:17:7c:2f:e9:47:b8:6e:92:60:9a:db:2c was issued on by Let's Encrypt.
With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
- Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
- Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)
Certificate Subject
CN=mychurch.bible
Let's Encrypt
Organization:
Let's Encrypt
Country:
US
This certificate has expire since
Certificate Details
Serial Number (hex): 03:71:f1:2a:37:fc:17:7c:2f:e9:47:b8:6e:92:60:9a:db:2cSerial Number (int): 300109328416304302942081738537226437581612
Serial Number lenght: 138 bits, 18 octets
SubjectKeyId: b0:e8:90:09:0f:0e:2a:c1:d7:30:52:f8:ee:23:b9:70:ca:64:27:3f
AuthorityKeyId: 14:2e:b3:17:b7:58:56:cb:ae:50:09:40:e6:1f:af:9d:8b:14:c2:c6
Fingerprint (sha1): 88:1b:1c:49:23:c6:0a:e1:3a:ba:9e:d9:8d:6a:8d:10:05:f4:0b:b9
Fingerprint (sha256): e3:d5:46:17:3a:3a:75:9a:ea:c9:8d:b8:2f:0d:ec:b4:64:7d:fc:3d:dd:74:47:ee:01:73:28:cc:ca:dc:04:de
Issuing Certificate URL: http://r3.i.lencr.org/
Revocation information
OCSP Server: http://r3.o.lencr.orgCheck the revocation status for certificate mychurch.bible
2
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for mychurch.bible
Public Key Algorithm
RSA
Key Size
4096
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
9 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
*.mychurch.bible
mychurch.bible
mychurch.bible
Other certificates including the domain name mychurch.bible
(limited to 100 certificates)
Certificate
The complete raw certificate details for mychurch.bible in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIF+zCCBOOgAwIBAgISA3HxKjf8F3wv6Ue4bpJgmtssMA0GCSqGSIb3DQEBCwUA MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD EwJSMzAeFw0yNDAzMjcwMjUzMTdaFw0yNDA2MjUwMjUzMTZaMBkxFzAVBgNVBAMT Dm15Y2h1cmNoLmJpYmxlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA 5MeRX0eWmJu5Xq+385hlVpE5B43AvTVXVmP5wFh6o8UXH35l/shdtbZSlQpf9NQS p29feQE7yEa1eMRphIgPFA2Ez6NZLq/dM29QBOceWaDHPz+3pMylkJG3w85AqNz7 CaOwA/YLstAEUVes0U/3IaWN6ug2qDyoO+u4zRxNuFgObZt45W5bdXxX8/O/cd/C xWFm8PBMPjdJa4017tv+Dbw4pvrbZH5+E3gl/iOlB3bnumKre84gteJ6mbsCsyia IssM2KZ3RKlu0CP5RAjD6UVKDLKdV5mXce8Ki1H84tfy673p0430er1PpM3+P4Dw jk96aTgBU7keQdJhjiUxB/HpcMhG+QXN+/AsHew5u0Ls9o3wXg9/Etao4Iw7uiG1 Igf5AaoMYmUHSGKQL+ucf+AVnmbW3XQwAz696XMazhwEjlHU6SKTtxph2Aw0Dp3T m7NnTP8qYFMpXAtoRZdY6xvxMz4bHey79hPUMKw2gEDTd0YA8sXjUfbEKzrr97IA gLef0fS1LE28GqR4QywPrFKNWzrbTD8LenP3bZAQU25Zp/pwSxCg6YhC4hrWp8oQ X6NXDFooNhjNvihOq0+pbtNhva9HgSU89OREP/pzZtujjha191G0Qv6Nb1LAtyyr /aUQ+PTY1ZdPCB/9wUt61hduOBA+WfvcWz0Niea9/EUCAwEAAaOCAiIwggIeMA4G A1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYD VR0TAQH/BAIwADAdBgNVHQ4EFgQUsOiQCQ8OKsHXMFL47iO5cMpkJz8wHwYDVR0j BBgwFoAUFC6zF7dYVsuuUAlA5h+vnYsUwsYwVQYIKwYBBQUHAQEESTBHMCEGCCsG AQUFBzABhhVodHRwOi8vcjMuby5sZW5jci5vcmcwIgYIKwYBBQUHMAKGFmh0dHA6 Ly9yMy5pLmxlbmNyLm9yZy8wKwYDVR0RBCQwIoIQKi5teWNodXJjaC5iaWJsZYIO bXljaHVyY2guYmlibGUwEwYDVR0gBAwwCjAIBgZngQwBAgEwggEEBgorBgEEAdZ5 AgQCBIH1BIHyAPAAdgBIsONr2qZHNA/lagL6nTDrHFIBy1bdLIHZu7+rOdiEcwAA AY5+CnFhAAAEAwBHMEUCIBemsoW04Q2AMS6fNeGnpXgQaX/glzfWWRmh1usw2nm8 AiEA0ClA+1vFonPxN84L4ajJeT8pRwvIduS104gJJ13nC6kAdgB2/4g/Crb7lVHC Ycz1h7o0tKTNuyncaEIKn+ZnTFo6dAAAAY5+CnGqAAAEAwBHMEUCIQC1iz1zThRN iijJT0aVRwJ9jhACLNhPrs3mkRJu0HYw9gIgX3bVETZofMsjSFsCmvk8cv3qW21c sJMbdedvrQt8p/MwDQYJKoZIhvcNAQELBQADggEBAJdpjAPk7VIatUNl3FgL26T1 GRplLZBPuondL8+0EpNpaR+ijbYXPZvNIOqLw0F0uh9BMTg1bgUHekPbLxG6y/BH 0Es4gjkEXHpdtSuHVwuxJEvq2yAnztUXymplaC3wgt9FBARh9aVDNzelVgJaSAxn W6HNsbAS/iW7mG/LXNEbaKx2MQuEeifC0fXs3FRTvmo6a7F31muSfHVlit0fsZSx RNDKSJb88WSOVrH0xllaLifvePf38ZpKgQX269IVAphpzzw+8cK1v+M+8kxa8SPZ FxAtBwSpHgUgDzWv85z8+xVbF5xqOhKzZ/O5dbFiOF/TI2vBAoVbfxxbStvAfJ8= -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA5MeRX0eWmJu5Xq+385hl VpE5B43AvTVXVmP5wFh6o8UXH35l/shdtbZSlQpf9NQSp29feQE7yEa1eMRphIgP FA2Ez6NZLq/dM29QBOceWaDHPz+3pMylkJG3w85AqNz7CaOwA/YLstAEUVes0U/3 IaWN6ug2qDyoO+u4zRxNuFgObZt45W5bdXxX8/O/cd/CxWFm8PBMPjdJa4017tv+ Dbw4pvrbZH5+E3gl/iOlB3bnumKre84gteJ6mbsCsyiaIssM2KZ3RKlu0CP5RAjD 6UVKDLKdV5mXce8Ki1H84tfy673p0430er1PpM3+P4Dwjk96aTgBU7keQdJhjiUx B/HpcMhG+QXN+/AsHew5u0Ls9o3wXg9/Etao4Iw7uiG1Igf5AaoMYmUHSGKQL+uc f+AVnmbW3XQwAz696XMazhwEjlHU6SKTtxph2Aw0Dp3Tm7NnTP8qYFMpXAtoRZdY 6xvxMz4bHey79hPUMKw2gEDTd0YA8sXjUfbEKzrr97IAgLef0fS1LE28GqR4QywP rFKNWzrbTD8LenP3bZAQU25Zp/pwSxCg6YhC4hrWp8oQX6NXDFooNhjNvihOq0+p btNhva9HgSU89OREP/pzZtujjha191G0Qv6Nb1LAtyyr/aUQ+PTY1ZdPCB/9wUt6 1hduOBA+WfvcWz0Niea9/EUCAwEAAQ== -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 300109328416304302942081738537226437581612 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'R3' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-03-27 02:53:17 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-06-25 02:53:16 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'mychurch.bible' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 933339182807934293680036208179742318775480882375657082557825498296615368676471440311112799724659847891691927512317079396802106312501546331322988538737296721946166367247330551278554333412586674096879409514247790181613087345199612724091211486847408264875580438584713311848889072141443268334737229815286846549889252343525010903539455571405610691022130694515440662374852936039002436967939739826190937527937933945805710473044924041809856378043046155313983689436838565065597514869136983739103814984741145462988631722067285510619385148534566899805859768484068906316251856635861035558705269094489670817201761551721976218367541059081292439663121790652935544856031566328609266371939506899245252448352185512822238484539507954202862702845125261410181184089272976770563921718630362291610083915321131848746479872010558931426451854101067694864677088429799566149466108098723261198980183742785333585104648613247768367876936984824742854862990265702235346806300016260730180986230265053305720682856269288955022151044339919938464669350119934951634234142930373431724998562660323744989469073350195460323285198176606299550932340060626121040225795092903531180065440273933090979732883805050331950525671297699183761547138986539137248890718652582544180309261381 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) b0e890090f0e2ac1d73052f8ee23b970ca64273f . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 142eb317b75856cbae500940e61faf9d8b14c2c6 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (73 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.o.lencr.org' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.i.lencr.org/' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (36 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.mychurch.bible' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mychurch.bible' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (245 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (242 bytes) 00f000760048b0e36bdaa647340fe56a02fa9d30eb1c5201cb56dd2c81d9bbbfab39d884730000018e7e0a71610000040300473045022017a6b285b4e10d80312e9f35e1a7a57810697fe09737d65919a1d6eb30da79bc022100d02940fb5bc5a273f137ce0be1a8c9793f29470bc876e4b5d38809275de70ba900760076ff883f0ab6fb9551c261ccf587ba34b4a4cdbb29dc68420a9fe6674c5a3a740000018e7e0a71aa0000040300473045022100b58b3d734e144d8a28c94f469547027d8e10022cd84faecde691126ed07630f602205f76d51136687ccb23485b029af93c72fdea5b6d5cb0931b75e76fad0b7ca7f3 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 0097698c03e4ed521ab54365dc580bdba4f5191a652d904fba89dd2fcfb4129369691fa28db6173d9bcd20ea8bc34174ba1f413138356e05077a43db2f11bacbf047d04b388239045c7a5db52b87570bb1244beadb2027ced517ca6a65682df082df45040461f5a5433737a556025a480c675ba1cdb1b012fe25bb986fcb5cd11b68ac76310b847a27c2d1f5ecdc5453be6a3a6bb177d66b927c75658add1fb194b144d0ca4896fcf1648e56b1f4c6595a2e27ef78f7f7f19a4a8105f6ebd215029869cf3c3ef1c2b5bfe33ef24c5af123d917102d0704a91e05200f35aff39cfcfb155b179c6a3a12b367f3b975b162385fd3236bc102855b7f1c5b4adbc07c9f