gemmio.com
Issued by R3
About this certificate
This digital certificate with serial number 04:00:c6:1a:88:81:9c:c8:ca:4e:9e:14:63:33:3c:b3:66:5b was issued on by Let's Encrypt.
With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
- Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
- Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)
Certificate Subject
CN=gemmio.com
Let's Encrypt
Organization:
Let's Encrypt
Country:
US
This certificate has expire since
Certificate Details
Serial Number (hex): 04:00:c6:1a:88:81:9c:c8:ca:4e:9e:14:63:33:3c:b3:66:5bSerial Number (int): 348712468638601383297880489979766985942619
Serial Number lenght: 139 bits, 18 octets
SubjectKeyId: 1e:8d:f4:f4:28:0a:fa:3a:78:4c:ff:88:94:4b:bd:de:a3:68:ab:18
AuthorityKeyId: 14:2e:b3:17:b7:58:56:cb:ae:50:09:40:e6:1f:af:9d:8b:14:c2:c6
Fingerprint (sha1): b1:1b:2c:1e:56:66:6f:3b:ad:a0:ce:43:3f:43:9b:eb:67:aa:15:63
Fingerprint (sha256): f7:b2:85:1e:65:5b:39:14:39:ba:c1:e5:68:58:37:90:85:a1:b9:7b:33:32:73:9f:21:4d:7f:ad:d6:04:e4:29
Issuing Certificate URL: http://r3.i.lencr.org/
Revocation information
OCSP Server: http://r3.o.lencr.orgCheck the revocation status for certificate gemmio.com
2
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for gemmio.com
Public Key Algorithm
RSA
Key Size
4096
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
9 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
gemmio.com
www.gemmio.com
www.gemmio.com
Other certificates including the domain name gemmio.com
(limited to 100 certificates)
Certificate
The complete raw certificate details for gemmio.com in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIF8TCCBNmgAwIBAgISBADGGoiBnMjKTp4UYzM8s2ZbMA0GCSqGSIb3DQEBCwUA MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD EwJSMzAeFw0yMzEwMDIwOTAyMTJaFw0yMzEyMzEwOTAyMTFaMBUxEzARBgNVBAMT CmdlbW1pby5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCYRlfv Fi6EDlZ2FL33dPDELwqc2skv+x4RfhGyHdTovkBzhlLUzQ+0W2R3f2w2qL8jPMxx cL9JlNWOmZh9lbEWvvuxrH3wW0JmEh/b3wttrR7LwHEyT0UrTh4U3E8R9lQlk5os lGwr9z/TS1L3LzciJ1JP46MPzqL5357cHnqKmTLnajxEWPg5YoiMnYqe5GBKF6qq RZPCBX49HnrIAZQuATX8TEnEd6wbuTD28QbelGoLP3XW3Vno2UprWKz04B+EnVgM uIJRkIeKwIJtYeLLI/2FWQMx83436d5Se6TDfYFThZAdrakh3Kz9L+ZeNLHNwssB 5noZym9yYziLgMyl0Enc32PGJQ5i3SA9Z3wtawiIx4yTq1nnm/q/3jtNFoRHnkAZ DTgkw4oHnUIG5MqT3gnuKuidl+bnw2KXhI5J2Z42M1HGXoTz7iKoBbNzqpqGW8Q0 M4ROKUX08j8Hb0FyC0Og1BiYL7vFWeaVIDxV1fkhz6sOfDIEC/6ZGDmWjR0MLdYT pvsIbNOnxWirO2xEbFET7bIrgkD+AQ4+YfJ44Dtt0L0iqAL0ayc8sXKLdDs7D0f7 J+NRD0gxVZbhClKw8fWAp3gp+p4qXLOehjnEkM5IMevonv0cjPLUmgWCQtI0Y7eN XmvZ1CJVdohXM5+TC67emuDlxFo/nioE6e1/SQIDAQABo4ICHDCCAhgwDgYDVR0P AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMB Af8EAjAAMB0GA1UdDgQWBBQejfT0KAr6OnhM/4iUS73eo2irGDAfBgNVHSMEGDAW gBQULrMXt1hWy65QCUDmH6+dixTCxjBVBggrBgEFBQcBAQRJMEcwIQYIKwYBBQUH MAGGFWh0dHA6Ly9yMy5vLmxlbmNyLm9yZzAiBggrBgEFBQcwAoYWaHR0cDovL3Iz LmkubGVuY3Iub3JnLzAlBgNVHREEHjAcggpnZW1taW8uY29tgg53d3cuZ2VtbWlv LmNvbTATBgNVHSAEDDAKMAgGBmeBDAECATCCAQQGCisGAQQB1nkCBAIEgfUEgfIA 8AB2AHoyjFTYty22IOo44FIe6YQWcDIThU070ivBOlejUutSAAABiu/WmBoAAAQD AEcwRQIhAK5OaP5aACfCQWzGGB71bJrIML8HdH1eXHLN/09Q3+JbAiBViRKXYXFa mfcqP/Ga1fqArPQ8Tbszc1aurhAl54dNAwB2AK33vvp8/xDIi509nB4+GGq0Zyld z7EMJMqFhjTr3IKKAAABiu/WmIgAAAQDAEcwRQIhAIn17YzJ0/UEg6oi2/BXEtQK Q8XbXLrJp0WRlnkJ1o6NAiA9vOGs9bntMegN6goq4uhXi/vqDVpf2I+NvTUL9Puj EjANBgkqhkiG9w0BAQsFAAOCAQEAApkiFMAX6DnJjsLoGW7yWXl3aGOD8sI7bwAq QjwT7pncJmGtgiSsFHAFSddfD5pELXDdSNlafMvGyuhSUXT8jUCZUOhg/PwNjdKQ WEc25wLKfAMAxkRR393VWu8pOyRDlx9UB2RYwCJSt7n6PaORMLYG7QU5JNuHLshm AeAIdLRvlkI1f3+fgZyJVUsj6LfY69wnk4xJRq9fqicWXNfekmrapob+0QB24zQ3 DvQ5X63l2JHcPBo2INW44jPDHD0J0n7lznWTdSa4C/k1TfVpUEukupXWsqgoLk9y zMxfUT9aMbj1FtuOgs/r4QrpchiFERC0tQRjs7rIdQOXFs6EtQ== -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAmEZX7xYuhA5WdhS993Tw xC8KnNrJL/seEX4Rsh3U6L5Ac4ZS1M0PtFtkd39sNqi/IzzMcXC/SZTVjpmYfZWx Fr77sax98FtCZhIf298Lba0ey8BxMk9FK04eFNxPEfZUJZOaLJRsK/c/00tS9y83 IidST+OjD86i+d+e3B56ipky52o8RFj4OWKIjJ2KnuRgSheqqkWTwgV+PR56yAGU LgE1/ExJxHesG7kw9vEG3pRqCz911t1Z6NlKa1is9OAfhJ1YDLiCUZCHisCCbWHi yyP9hVkDMfN+N+neUnukw32BU4WQHa2pIdys/S/mXjSxzcLLAeZ6GcpvcmM4i4DM pdBJ3N9jxiUOYt0gPWd8LWsIiMeMk6tZ55v6v947TRaER55AGQ04JMOKB51CBuTK k94J7ironZfm58Nil4SOSdmeNjNRxl6E8+4iqAWzc6qahlvENDOETilF9PI/B29B cgtDoNQYmC+7xVnmlSA8VdX5Ic+rDnwyBAv+mRg5lo0dDC3WE6b7CGzTp8Voqzts RGxRE+2yK4JA/gEOPmHyeOA7bdC9IqgC9GsnPLFyi3Q7Ow9H+yfjUQ9IMVWW4QpS sPH1gKd4KfqeKlyznoY5xJDOSDHr6J79HIzy1JoFgkLSNGO3jV5r2dQiVXaIVzOf kwuu3prg5cRaP54qBOntf0kCAwEAAQ== -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 348712468638601383297880489979766985942619 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'R3' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-10-02 09:02:12 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-12-31 09:02:11 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'gemmio.com' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 621226899938849691416657834592585623211490338601309635054857594203222838429502647302445919145356788751634106944089053526084436369449564827108468990228933595362111397139008932012332900768631063846260711578778739162724920858153576589934083384844464944862167214444302209576276190533689729591266743940287911614883604521226822105256238770681789093016102156914899500593536716149705130948943083039474842438089631525576052744380215655358018282212856262576038368083467259657642047964817509382711438925550481736834125085659539817694110024230357191558379866389912376521051854053089812872387955580209298514103256817137930424139865276261841622992479495414140842906261958233943014655424575437923010110488708933981550802080746343463660126321547547816104229018742847211496580161007545582509281934458081927350749437499825421454908986168474115272826191029697915883421340806845171594828495185371909504861906334089699765947336757942124653658932272461440803806524569282617914161563413246174709188819606298004845352808055346243631547219603731801989743843814973701338231355058426335283475867458811145804412098722696285518489175129151315123374018623195642408627853817658382208093805411801549837779368920716084021887361372146273260174355517940641194832658249 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) 1e8df4f4280afa3a784cff88944bbddea368ab18 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 142eb317b75856cbae500940e61faf9d8b14c2c6 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (73 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.o.lencr.org' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.i.lencr.org/' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (30 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'gemmio.com' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.gemmio.com' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (245 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (242 bytes) 00f00076007a328c54d8b72db620ea38e0521ee98416703213854d3bd22bc13a57a352eb520000018aefd6981a0000040300473045022100ae4e68fe5a0027c2416cc6181ef56c9ac830bf07747d5e5c72cdff4f50dfe25b02205589129761715a99f72a3ff19ad5fa80acf43c4dbb337356aeae1025e7874d03007600adf7befa7cff10c88b9d3d9c1e3e186ab467295dcfb10c24ca858634ebdc828a0000018aefd69888000004030047304502210089f5ed8cc9d3f50483aa22dbf05712d40a43c5db5cbac9a74591967909d68e8d02203dbce1acf5b9ed31e80dea0a2ae2e8578bfbea0d5a5fd88f8dbd350bf4fba312 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 0002992214c017e839c98ec2e8196ef2597977686383f2c23b6f002a423c13ee99dc2661ad8224ac14700549d75f0f9a442d70dd48d95a7ccbc6cae8525174fc8d409950e860fcfc0d8dd290584736e702ca7c0300c64451dfddd55aef293b2443971f54076458c02252b7b9fa3da39130b606ed053924db872ec86601e00874b46f9642357f7f9f819c89554b23e8b7d8ebdc27938c4946af5faa27165cd7de926adaa686fed10076e334370ef4395fade5d891dc3c1a3620d5b8e233c31c3d09d27ee5ce75937526b80bf9354df569504ba4ba95d6b2a8282e4f72cccc5f513f5a31b8f516db8e82cfebe10ae97218851110b4b50463b3bac875039716ce84b5