tic.cheb.cz
Issued by R3
About this certificate
This digital certificate with serial number 03:22:b1:89:1b:35:ee:13:fa:27:5d:eb:9c:79:3d:5f:ae:a0 was issued on by Let's Encrypt.
With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
- Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
- Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)
Certificate Subject
CN=tic.cheb.cz
Let's Encrypt
Organization:
Let's Encrypt
Country:
US
This certificate has expire since
Certificate Details
Serial Number (hex): 03:22:b1:89:1b:35:ee:13:fa:27:5d:eb:9c:79:3d:5f:ae:a0Serial Number (int): 273142443522414030573612493242484826025632
Serial Number lenght: 138 bits, 18 octets
SubjectKeyId: ff:9d:37:45:13:48:61:e8:81:83:29:d4:8f:f2:7a:86:6a:7b:0d:05
AuthorityKeyId: 14:2e:b3:17:b7:58:56:cb:ae:50:09:40:e6:1f:af:9d:8b:14:c2:c6
Fingerprint (sha1): 70:d9:de:c8:bb:50:bd:0f:06:13:32:17:18:b0:b1:09:25:be:46:da
Fingerprint (sha256): f8:51:4e:7c:90:e5:03:49:38:c6:3a:16:10:3c:e0:8c:fa:8d:b6:ae:26:00:4c:0a:01:9d:4d:63:47:e4:8a:da
Issuing Certificate URL: http://r3.i.lencr.org/
Revocation information
OCSP Server: http://r3.o.lencr.orgCheck the revocation status for certificate tic.cheb.cz
2
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for tic.cheb.cz
Public Key Algorithm
RSA
Key Size
2048
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
9 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
tic.cheb.cz
tic.mestocheb.cz
tic.mestocheb.cz
Other certificates including the domain name cheb.cz
(limited to 100 certificates)
Certificate
The complete raw certificate details for tic.cheb.cz in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIE9jCCA96gAwIBAgISAyKxiRs17hP6J13rnHk9X66gMA0GCSqGSIb3DQEBCwUA MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD EwJSMzAeFw0yNDAxMjMwMjA1MTBaFw0yNDA0MjIwMjA1MDlaMBYxFDASBgNVBAMT C3RpYy5jaGViLmN6MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy7+o haPtHh76t/Ll8Ol9J0HFMbm8cVpgRsvuhRnK3BDxiycAER7pJnS4J0oRJ5C9XnCc A3L0A7yacX1j67DB7MCOuxxcaQrkah0agX2jswL0a+3zGmnDGRSdcqrBYQ6OUKff CIBscN+gsFl30UZbSpImj7ajSlzHGOD3f3LyYTJX0Mq0fs0WzEG7qECFmgjEs42x FtmU4Zz4K1TwRRJukYdzkfZPxIHmx0R6P73Jop2rwpYQPf5D2csoZsxTNTT6BDXi DwLvlsTTR/Uh9kxQDjnYLh9+Pi/LyYzSFD6EpaUFb9MHpSoysHPRDG4Qm3/IyNfb P4S4bhADdwAtIV1ODQIDAQABo4ICIDCCAhwwDgYDVR0PAQH/BAQDAgWgMB0GA1Ud JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQW BBT/nTdFE0hh6IGDKdSP8nqGansNBTAfBgNVHSMEGDAWgBQULrMXt1hWy65QCUDm H6+dixTCxjBVBggrBgEFBQcBAQRJMEcwIQYIKwYBBQUHMAGGFWh0dHA6Ly9yMy5v LmxlbmNyLm9yZzAiBggrBgEFBQcwAoYWaHR0cDovL3IzLmkubGVuY3Iub3JnLzAo BgNVHREEITAfggt0aWMuY2hlYi5jeoIQdGljLm1lc3RvY2hlYi5jejATBgNVHSAE DDAKMAgGBmeBDAECATCCAQUGCisGAQQB1nkCBAIEgfYEgfMA8QB2ADtTd3U+LbmA ToswWwb+QDtn2E/D9Me9AA0tcm/h+tQXAAABjTRHZZIAAAQDAEcwRQIgXUISyXnv LfoJKfomLEMa4IJH0dEgU2BRxD4C9Hs5y8ICIQCNY8Aojje5tPazRIWtPy/IlLgo zc2YcjQUNwRwGLb6NAB3AHb/iD8KtvuVUcJhzPWHujS0pM27KdxoQgqf5mdMWjp0 AAABjTRHZe8AAAQDAEgwRgIhAIrjeq1ul9qc24bdGYtLCz7j38ElWlVGgYSTarYU aIBRAiEApamumC+Sv8g3hrqv931xDpoGlW1I5hUsEjMZjV/RXy8wDQYJKoZIhvcN AQELBQADggEBAEm97fOngNGOTnfY947aqHgOfYZn4kHmOdS/dZC2nab/FWciBaDT yzAZwGtwCbOoqRQSMbJ0jTlFn4IEcQED/ik9p+jJqRULuZMljhRT5WkfzlPWh6QU HYOgZLeDoMUqXpftYh7Yuna/Cc568hJY9tcYEIyaQSo3qxAi8zjf5ch6jetXT9vQ 05vLZ1CReBFvG3u7tyAQFJ81KoqulHjsfePfAjoQkDyltWAAr8UrfypvldDTIh49 Qsili6aAqMNtzT2jCuDA2bASx0hmdIYWnP2dsjrQuwNRz3wLvzLf96iXWjHjQDgg esztfPLnnpxmHvyqrAFmS0NRZMA0TAWL82Y= -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy7+ohaPtHh76t/Ll8Ol9 J0HFMbm8cVpgRsvuhRnK3BDxiycAER7pJnS4J0oRJ5C9XnCcA3L0A7yacX1j67DB 7MCOuxxcaQrkah0agX2jswL0a+3zGmnDGRSdcqrBYQ6OUKffCIBscN+gsFl30UZb SpImj7ajSlzHGOD3f3LyYTJX0Mq0fs0WzEG7qECFmgjEs42xFtmU4Zz4K1TwRRJu kYdzkfZPxIHmx0R6P73Jop2rwpYQPf5D2csoZsxTNTT6BDXiDwLvlsTTR/Uh9kxQ DjnYLh9+Pi/LyYzSFD6EpaUFb9MHpSoysHPRDG4Qm3/IyNfbP4S4bhADdwAtIV1O DQIDAQAB -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 273142443522414030573612493242484826025632 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Let's Encrypt' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'R3' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-01-23 02:05:10 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-04-22 02:05:09 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'tic.cheb.cz' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 25720886132953664976045166982619697685004392778733266629398373381853963815457291536183225377755218259126946451612889641101987836032837471472101144761328935382754976165199279917258507642929011456162219056082332364845734831612421800508685897477704609242132054715664196915234410112294988971136287808769621872291559483450349349259956644162029392422018617668964643987250514918433040695142836869081110462334852441434946664242323903146349842932537098709597843647289314967400215652718837961295854438559923812156790294066453352540466063040147143251619973040364622521926074505980860283760201110785859301767481230510253083020813 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) ff9d3745134861e8818329d48ff27a866a7b0d05 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 142eb317b75856cbae500940e61faf9d8b14c2c6 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (73 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.o.lencr.org' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://r3.i.lencr.org/' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (33 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'tic.cheb.cz' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'tic.mestocheb.cz' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (12 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (246 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (243 bytes) 00f10076003b5377753e2db9804e8b305b06fe403b67d84fc3f4c7bd000d2d726fe1fad4170000018d34476592000004030047304502205d4212c979ef2dfa0929fa262c431ae08247d1d120536051c43e02f47b39cbc20221008d63c0288e37b9b4f6b34485ad3f2fc894b828cdcd9872341437047018b6fa3400770076ff883f0ab6fb9551c261ccf587ba34b4a4cdbb29dc68420a9fe6674c5a3a740000018d344765ef00000403004830460221008ae37aad6e97da9cdb86dd198b4b0b3ee3dfc1255a55468184936ab614688051022100a5a9ae982f92bfc83786baaff77d710e9a06956d48e6152c1233198d5fd15f2f . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 0049bdedf3a780d18e4e77d8f78edaa8780e7d8667e241e639d4bf7590b69da6ff15672205a0d3cb3019c06b7009b3a8a9141231b2748d39459f8204710103fe293da7e8c9a9150bb993258e1453e5691fce53d687a4141d83a064b783a0c52a5e97ed621ed8ba76bf09ce7af21258f6d718108c9a412a37ab1022f338dfe5c87a8deb574fdbd0d39bcb67509178116f1b7bbbb72010149f352a8aae9478ec7de3df023a10903ca5b56000afc52b7f2a6f95d0d3221e3d42c8a58ba680a8c36dcd3da30ae0c0d9b012c748667486169cfd9db23ad0bb0351cf7c0bbf32dff7a8975a31e34038207acced7cf2e79e9c661efcaaac01664b435164c0344c058bf366