CFCA OV OCA
- China Financial Certification Authority -
Issued by CFCA EV ROOT
About this certificate
This digital certificate with serial number f9:df:6a:df:f5:64:be:a6:8b:82 was issued on by China Financial Certification Authority.
This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- Root and Subordinate CA Certificates that wish to use their private key for signing OCSP responses will not be able to without their digital signature set (BRs: 7.1.2.1)
- Subordinate CA Certificate: authorityInformationAccess SHOULD also contain the HTTP URL of the Issuing CA's certificate. (BRs: 7.1.2.2)
China Financial Certification Authority
Organization:
China Financial Certification Authority
Country:
CN
China Financial Certification Authority
Organization:
China Financial Certification Authority
Country:
CN
This certificate will expire on
Certificate Details
Serial Number (hex): f9:df:6a:df:f5:64:be:a6:8b:82Serial Number (int): 1179990579306679759178626
Serial Number lenght: 80 bits, 10 octets
SubjectKeyId: 66:b3:ef:fb:54:95:87:e9:ac:a5:96:56:ae:e6:7d:ed:3a:d0:43:d1
AuthorityKeyId: e3:fe:2d:fd:28:d0:0b:b5:ba:b6:a2:c4:bf:06:aa:05:8c:93:fb:2f
Fingerprint (sha1): 46:b0:ae:c9:33:a6:26:f6:73:ba:fb:74:41:c9:58:69:ea:94:31:46
Fingerprint (sha256): f0:7b:bb:de:07:6f:9b:40:c5:7c:c4:be:fe:de:97:ca:1f:53:b9:ae:14:7f:03:5d:28:4c:bf:53:f3:43:2f:b8
Revocation information
OCSP Server: http://ocsp.cfca.com.cn/ocspCRL Distribution Point: http://crl.cfca.com.cn/evrca/RSA/crl1.crl
Check the revocation status for certificate CFCA OV OCA
0
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for CFCA OV OCA
Public Key Algorithm
RSA
Key Size
2048
Signature Algorithm
SHA256 with RSA
Key Usage
Cert Sign
CRL Sign
Extended Key Usages
Client Authentication
Email Protection
Server Authentication
Extensions
8 extensions
No
unhandled critical extensions
CA Certificate
This is a CA certificate
Maximum Path Lenght:
-1
Subject Alternative Names
This certificate doesn't contain any subject alternative names.
Other certificates including the domain name
(limited to 100 certificates)
Certificate
The complete raw certificate details for CFCA OV OCA in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIFfDCCA2SgAwIBAgILAPnfat/1ZL6mi4IwDQYJKoZIhvcNAQELBQAwVjELMAkG A1UEBhMCQ04xMDAuBgNVBAoMJ0NoaW5hIEZpbmFuY2lhbCBDZXJ0aWZpY2F0aW9u IEF1dGhvcml0eTEVMBMGA1UEAwwMQ0ZDQSBFViBST09UMB4XDTE1MDMyNTAyMDI1 NloXDTI5MTIyNTAyMDI1NlowVTELMAkGA1UEBhMCQ04xMDAuBgNVBAoMJ0NoaW5h IEZpbmFuY2lhbCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEUMBIGA1UEAwwLQ0ZD QSBPViBPQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDn14xTy0bH zkaeyACeq6ryfxxG5zZT1fCL4lmw7sk6SVmOKNfE60Gf7W6orksrFVIbIMK+VrYp +aYyhScq8EJT9xXBgXK2HqtpaDGOeclspJvcs+rXn9tlT789NBp3i5U+nLE9M1bR CHSx3Hzu8p7Aeqllou+8nZ2egaVbWFL1zC1JENupSSI9Yjbefhb06y/TVxQ0x4Zt zwPwLcd8NUtSruldolxPbhQeCZNJMPq1GKMxhd5pDwY4mCKxDeraqhTNXui9Aef3 qyi2Ic9EXmdNPARkZJU2XTJ9FJ+DE+ChaIvfJ/VwQfM0eGlBn/SAaav54jBmRnec PeD6YfpuiJ8vAgMBAAGjggFKMIIBRjA4BggrBgEFBQcBAQQsMCowKAYIKwYBBQUH MAGGHGh0dHA6Ly9vY3NwLmNmY2EuY29tLmNuL29jc3AwHwYDVR0jBBgwFoAU4/4t /SjQC7W6tqLEvwaqBYyT+y8wDwYDVR0TAQH/BAUwAwEB/zBEBgNVHSAEPTA7MDkG BFUdIAAwMTAvBggrBgEFBQcCARYjaHR0cDovL3d3dy5jZmNhLmNvbS5jbi91cy91 cy0xMi5odG0wOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL2NybC5jZmNhLmNvbS5j bi9ldnJjYS9SU0EvY3JsMS5jcmwwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBRm s+/7VJWH6aylllau5n3tOtBD0TAnBgNVHSUEIDAeBggrBgEFBQcDAgYIKwYBBQUH AwQGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4ICAQDKER8qcBmZGOG8GOJ670VW OSg3UovOoc7/xz2mE+enyEcSwn/0QrL8C5DSA6nMvBMrCWEytYPofGQUXTwtlu78 GLxYNn3A/RtzczJ+/BXIhoe3aOT4tQ+2s9vrFRfIXs4CkmqHhfYSvArokdayYmBd 78psIwS5LCUzGKSn7y8UmAgoxiy7RtrVt5c1wvJyeuYk1Z1l8MN1szPrmAb4HS/D qnB+0qdhFGvfOyv7lg6/wlIAkN84cHlKNC3JvyFHaCIAyhTPgjUayUvBKFK7XwN9 utIXl2L3IZX7zfxGS/J9+ZeNwyblQKmd/MKydJu9Ak6+ZMLLgjlCFkihJIn9Ur8M 2KQigz7YPDVIJjOtS7ljOQVGh88LPUnQ1fBY7RwagficS/xclIOnaXhoyWzg7EcQ /T1/O4FkpMqKuOreaI5NExjAT8cKizyY2wcOOXKIYri3Ewnbm+00IaYYaiQRGUR6 pzFFKxdFMbStCtI4ObN+A9tB7cnBCW4vz3sAJd/OgmLF38XTa+/km3c1nQOfhCGs 6kx2heN/DgFAc+P7ldObo/kgGQtR6tr02gyXCFWnLMtT0+CoNOY0o3T+LbEqYeKL W7p29G9sgHgoqLFibWNMSKG1QvevkhjUMOD/g48f/nMSYsbU++yEaLvjvRHbb5ON IPkcE28TRhQQKmDKI+DRIg== -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA59eMU8tGx85GnsgAnquq 8n8cRuc2U9Xwi+JZsO7JOklZjijXxOtBn+1uqK5LKxVSGyDCvla2KfmmMoUnKvBC U/cVwYFyth6raWgxjnnJbKSb3LPq15/bZU+/PTQad4uVPpyxPTNW0Qh0sdx87vKe wHqpZaLvvJ2dnoGlW1hS9cwtSRDbqUkiPWI23n4W9Osv01cUNMeGbc8D8C3HfDVL Uq7pXaJcT24UHgmTSTD6tRijMYXeaQ8GOJgisQ3q2qoUzV7ovQHn96sotiHPRF5n TTwEZGSVNl0yfRSfgxPgoWiL3yf1cEHzNHhpQZ/0gGmr+eIwZkZ3nD3g+mH6boif LwIDAQAB -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 1179990579306679759178626 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CN' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'China Financial Certification Authority' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'CFCA EV ROOT' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2015-03-25 02:02:56 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2029-12-25 02:02:56 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CN' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'China Financial Certification Authority' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'CFCA OV OCA' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 29267339203208317949176684066622600662043055974778926896568921551650263073547234737674425111391940708242658050868742135600873331129747403586841797752705297134482927288042290969414784394732886836656515430573413730322094422886518694440496619260185286284477508737287682411193250925144087697202503922688202876057397867436554902472154362438456156349969022799269625266261090388234193707408346891512668842375094478959210373790197784245940005119781307357372365271212152373590559652548076746380815533098369401822029518729350740372199553738167131334865517121888502220442145924006866337460723514119792002707874994155025007681327 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (44 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.cfca.com.cn/ocsp' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName e3fe2dfd28d00bb5bab6a2c4bf06aa058c93fb2f . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (5 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (61 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32.0 (anyPolicy) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.cfca.com.cn/us/us-12.htm' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (51 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.cfca.com.cn/evrca/RSA/crl1.crl' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (7 bits) 0106 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) 66b3effb549587e9aca59656aee67ded3ad043d1 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (32 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.4 (emailProtection) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (4096 bits) 00ca111f2a70199918e1bc18e27aef4556392837528bcea1ceffc73da613e7a7c84712c27ff442b2fc0b90d203a9ccbc132b096132b583e87c64145d3c2d96eefc18bc58367dc0fd1b7373327efc15c88687b768e4f8b50fb6b3dbeb1517c85ece02926a8785f612bc0ae891d6b262605defca6c2304b92c253318a4a7ef2f14980828c62cbb46dad5b79735c2f2727ae624d59d65f0c375b333eb9806f81d2fc3aa707ed2a761146bdf3b2bfb960ebfc2520090df3870794a342dc9bf2147682200ca14cf82351ac94bc12852bb5f037dbad2179762f72195fbcdfc464bf27df9978dc326e540a99dfcc2b2749bbd024ebe64c2cb8239421648a12489fd52bf0cd8a422833ed83c35482633ad4bb96339054687cf0b3d49d0d5f058ed1c1a81f89c4bfc5c9483a7697868c96ce0ec4710fd3d7f3b8164a4ca8ab8eade688e4d1318c04fc70a8b3c98db070e39728862b8b71309db9bed3421a6186a241119447aa731452b174531b4ad0ad23839b37e03db41edc9c1096e2fcf7b0025dfce8262c5dfc5d36befe49b77359d039f8421acea4c7685e37f0e014073e3fb95d39ba3f920190b51eadaf4da0c970855a72ccb53d3e0a834e634a374fe2db12a61e28b5bba76f46f6c807828a8b1626d634c48a1b542f7af9218d430e0ff838f1ffe731262c6d4fbec8468bbe3bd11db6f938d20f91c136f134614102a60ca23e0d122