candidrecords.com
Issued by GTS CA 1D4
About this certificate
This digital certificate with serial number 14:51:5d:2f:47:94:44:dd:09:ec:d0:67:3d:c4:8c:15 was issued on by Google Trust Services LLC.
This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
- Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
- Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)
Certificate Subject
CN=candidrecords.com
Google Trust Services LLC
Organization:
Google Trust Services LLC
Country:
US
This certificate will expire on
Certificate Details
Serial Number (hex): 14:51:5d:2f:47:94:44:dd:09:ec:d0:67:3d:c4:8c:15Serial Number (int): 27007025971209098188745321404891958293
Serial Number lenght: 125 bits, 16 octets
SubjectKeyId: 53:0d:b5:0d:03:a5:66:b1:89:fb:32:5a:c2:18:c0:62:8e:e4:d5:4d
AuthorityKeyId: 25:e2:18:0e:b2:57:91:94:2a:e5:d4:5d:86:90:83:de:53:b3:b8:92
Fingerprint (sha1): fe:b0:88:95:22:cc:98:05:2d:5a:4f:5e:61:33:d6:bf:eb:20:36:30
Fingerprint (sha256): eb:35:22:5b:64:eb:06:7e:b3:f5:c6:b7:dd:f5:94:af:d6:98:13:de:d9:77:9d:5c:35:5b:2e:69:ce:e0:38:cb
Issuing Certificate URL: http://pki.goog/repo/certs/gts1d4.der
Revocation information
OCSP Server: http://ocsp.pki.goog/s/gts1d4/c_jSgrljH4gCRL Distribution Point: http://crls.pki.goog/gts1d4/EM1tx45pidw.crl
Check the revocation status for certificate candidrecords.com
1
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for candidrecords.com
Public Key Algorithm
RSA
Key Size
2048
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Extensions
10 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
candidrecords.com
Other certificates including the domain name candidrecords.com
(limited to 100 certificates)
candidrecords.com
candidrecords.com
candidrecords.com
candidrecords.com
candidrecords.com
store.candidrecords.com
candidrecords.com
store.candidrecords.com
candidrecords.com
www.candidrecords.com
store.candidrecords.com
candidrecords.com
store.candidrecords.com
candidrecords.com
store.candidrecords.com
candidrecords.com
store.candidrecords.com
store.candidrecords.com
candidrecords.com
store.candidrecords.com
store.candidrecords.com
candidrecords.com
www.candidrecords.com
candidrecords.com
candidrecords.com
candidrecords.com
candidrecords.com
candidrecords.com
store.candidrecords.com
candidrecords.com
store.candidrecords.com
candidrecords.com
www.candidrecords.com
store.candidrecords.com
candidrecords.com
store.candidrecords.com
candidrecords.com
store.candidrecords.com
candidrecords.com
store.candidrecords.com
store.candidrecords.com
candidrecords.com
store.candidrecords.com
store.candidrecords.com
candidrecords.com
www.candidrecords.com
candidrecords.com
Certificate
The complete raw certificate details for candidrecords.com in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIFZjCCBE6gAwIBAgIQFFFdL0eURN0J7NBnPcSMFTANBgkqhkiG9w0BAQsFADBG MQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExM QzETMBEGA1UEAxMKR1RTIENBIDFENDAeFw0yNDA0MjAwNTIwMjJaFw0yNDA3MTkw NjA4MzNaMBwxGjAYBgNVBAMTEWNhbmRpZHJlY29yZHMuY29tMIIBIjANBgkqhkiG 9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs/ck/HNGndQrPnBws9SKHfXkAGZm+SocgQSv SabE8Vy6p1LGNkEON1+GBz646tuyPJw20vqOq+uxmvUpSnkvG2nVtelk7v0P02q+ l8NQV6CbxLIB/+ycZIPGGP4tOWH/49gm/+ICgES+Y4ZDpKWUKkoTe7aJNioCAUfs f4QFzK/Z5uvFbNZh6xTPje7nxLPzH5IEqbyUrhME426Yva97KL1zmFTeu4YL/WHV APt3su1MjcXttv1i9Xikcj+jiOHFuel8UMS1jJC1eAisyJa4jc7Y46TwuREQXIqD 4Taerm1OIu8A//uErgwXpfxZK7lsENUfffFXJmfnA1mriuHvswIDAQABo4ICeDCC AnQwDgYDVR0PAQH/BAQDAgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAwGA1UdEwEB /wQCMAAwHQYDVR0OBBYEFFMNtQ0DpWaxifsyWsIYwGKO5NVNMB8GA1UdIwQYMBaA FCXiGA6yV5GUKuXUXYaQg95Ts7iSMHgGCCsGAQUFBwEBBGwwajA1BggrBgEFBQcw AYYpaHR0cDovL29jc3AucGtpLmdvb2cvcy9ndHMxZDQvY19qU2dybGpINGcwMQYI KwYBBQUHMAKGJWh0dHA6Ly9wa2kuZ29vZy9yZXBvL2NlcnRzL2d0czFkNC5kZXIw HAYDVR0RBBUwE4IRY2FuZGlkcmVjb3Jkcy5jb20wIQYDVR0gBBowGDAIBgZngQwB AgEwDAYKKwYBBAHWeQIFAzA8BgNVHR8ENTAzMDGgL6AthitodHRwOi8vY3Jscy5w a2kuZ29vZy9ndHMxZDQvRU0xdHg0NXBpZHcuY3JsMIIBBAYKKwYBBAHWeQIEAgSB 9QSB8gDwAHYAdv+IPwq2+5VRwmHM9Ye6NLSkzbsp3GhCCp/mZ0xaOnQAAAGO+im+ VgAABAMARzBFAiAHRVoBktOlZfxW1jpTSAeEjSPBGyzWdaAD3wMy1TkEvgIhAMf0 39N5UO3q9ZzNGR03yXsOvBeEQ3DiOAwompYttv+LAHYAPxdLT9ciR1iUHWUchL4N Eu2QN38fhWrrwb8ohez4ZG4AAAGO+im+NgAABAMARzBFAiEAtfOU4ydpcR7SV8bP CKaiaGhDJGH6n492f54UVaXvFHoCIFz7vlLnhsB1Eo2cSCtLIQJNeW9mgsNHYSeu 5CQofoF6MA0GCSqGSIb3DQEBCwUAA4IBAQB/enR52DNayZCsOejt30mRyduB1Ki/ Qhq8i2s6xKOXWgM0GylZOHU/8XKFD77f3KnPRXnLU+EKCDfT2Jg0goM4T4PMxHZb +8FE96iZNLwNn4axSfPtF4crJw60DVEDbEEcDRrKlcp7oM5djO/SFUSyInb0WHG+ STkjy7gaPIZkYq1PAOuev3+OXLpbHKWN/Ta9cF2lbgicFeMyPl8+UdRC7SO/myHB 09Qnr+c8C82plUB3dsppuXglJ5Y0TZkuZUAvxO65MCRvMK1UFn/zhAr5Drd727zV HoK4WuMvMAWlxD/TXlFKMyQvlkDGBBmBiZoToSFsJ+hhxCjJWiYOmEWO -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs/ck/HNGndQrPnBws9SK HfXkAGZm+SocgQSvSabE8Vy6p1LGNkEON1+GBz646tuyPJw20vqOq+uxmvUpSnkv G2nVtelk7v0P02q+l8NQV6CbxLIB/+ycZIPGGP4tOWH/49gm/+ICgES+Y4ZDpKWU KkoTe7aJNioCAUfsf4QFzK/Z5uvFbNZh6xTPje7nxLPzH5IEqbyUrhME426Yva97 KL1zmFTeu4YL/WHVAPt3su1MjcXttv1i9Xikcj+jiOHFuel8UMS1jJC1eAisyJa4 jc7Y46TwuREQXIqD4Taerm1OIu8A//uErgwXpfxZK7lsENUfffFXJmfnA1mriuHv swIDAQAB -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 27007025971209098188745321404891958293 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Google Trust Services LLC' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GTS CA 1D4' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-04-20 05:20:22 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-07-19 06:08:33 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'candidrecords.com' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 22718528072787918309321595366070886441096218880275931256964318427703242742966689986593146614934419236515684235260831521763844309881829934468151263068682704180992199789063542783096559042317787523763705671614276550244594485460992408273341476972966015993199323117761818907575299190078194559163987784895653499966624496839522082842714038111299749660161580939694363871654245287701999136360969741587453272804165057065822860904566743054973600777861337127388416074425681234648819334431936382516609674189462413541817352681863288624154865819985443325721064477450337255724442032172245132749253104105682104174671941798825621057459 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) 530db50d03a566b189fb325ac218c0628ee4d54d . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 25e2180eb25791942ae5d45d869083de53b3b892 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (108 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.pki.goog/s/gts1d4/c_jSgrljH4g' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://pki.goog/repo/certs/gts1d4.der' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (21 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'candidrecords.com' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (26 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.5.3 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (53 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crls.pki.goog/gts1d4/EM1tx45pidw.crl' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (245 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (242 bytes) 00f000760076ff883f0ab6fb9551c261ccf587ba34b4a4cdbb29dc68420a9fe6674c5a3a740000018efa29be560000040300473045022007455a0192d3a565fc56d63a534807848d23c11b2cd675a003df0332d53904be022100c7f4dfd37950edeaf59ccd191d37c97b0ebc17844370e2380c289a962db6ff8b0076003f174b4fd7224758941d651c84be0d12ed90377f1f856aebc1bf2885ecf8646e0000018efa29be360000040300473045022100b5f394e32769711ed257c6cf08a6a26868432461fa9f8f767f9e1455a5ef147a02205cfbbe52e786c075128d9c482b4b21024d796f6682c3476127aee424287e817a . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 007f7a7479d8335ac990ac39e8eddf4991c9db81d4a8bf421abc8b6b3ac4a3975a03341b295938753ff172850fbedfdca9cf4579cb53e10a0837d3d898348283384f83ccc4765bfbc144f7a89934bc0d9f86b149f3ed17872b270eb40d51036c411c0d1aca95ca7ba0ce5d8cefd21544b22276f45871be493923cbb81a3c866462ad4f00eb9ebf7f8e5cba5b1ca58dfd36bd705da56e089c15e3323e5f3e51d442ed23bf9b21c1d3d427afe73c0bcda995407776ca69b978252796344d992e65402fc4eeb930246f30ad54167ff3840af90eb77bdbbcd51e82b85ae32f3005a5c43fd35e514a33242f9640c6041981899a13a1216c27e861c428c95a260e98458e