Certificate for dns-redirect001.axc.nl Issued to SomeOrganization

Certificate has expired

Issued by itself (self-signed)

About the dns-redirect001.axc.nl Certificate

This certificate with serial number 61:50 for dns-redirect001.axc.nl was issued on by SomeOrganization.

This Certificate has already expired and will cause a warning or error message. We have found some issues with the compliance of this certificate, they are be shown below. We hope this Certificate review for dns-redirect001.axc.nl provides you with the detailed information you were looking for.


We have identified some issues with this certificate:
  • CAs must include keyIdentifer field of AKI in all non-self-issued certificates (RFC 5280: 4.2.1.1)
  • Subscriber certificates MUST contain the Subject Alternate Name extension (BRs: 7.1.4.2.1)
  • Subscriber Certificate: authorityInformationAccess MUST contain the HTTP URL of the Issuing CA's OSCP responder. (BRs: 7.1.2.3)
  • Subscriber Certificate: authorityInformationAccess MUST be present. (BRs: 7.1.2.3)
  • Subscriber certificates must contain at least one policy identifier that indicates adherence to CAB standards (BRs: 7.1.2.3)
  • Subscriber Certificate: certificatePolicies MUST be present and SHOULD NOT be marked critical. (BRs: 7.1.2.3)
  • Subscriber certificates MUST have the extended key usage extension present (BRs: 7.1.2.3)
  • Country codes must be comprised of uppercase A-Z letters Alpha-2 country codes shall consist of LATIN CAPITAL LETTER A through LATIN CAPITAL LETTER Z (ISO 3166-2:2020(E) section 5.1)
  • The common name field in subscriber certificates must include only names from the SAN extension (BRs: 7.1.4.2.2)
  • found only metadata -- in subjectDN attribute 2.5.4.6 Subject name fields must not contain '.','-',' ' or any other indication that the field has been omitted (BRs: 7.1.4.2.2)
  • The country name field MUST contain the two-letter ISO code for the country or XX (BRs: 7.1.4.2.2)
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)
  • The keyUsage extension SHOULD be critical (RFC 5280: 4.2.1.3)
  • Sub certificates SHOULD include Subject Key Identifier in end entity certs (RFC 5280: 4.2 & 4.2.1.2)

SomeOrganization

Organization: SomeOrganization
Organizational unit: SomeOrganizationalUnit
State / Province: SomeState
Locality: SomeCity
Country: --

This X.509 certificate expired on

Certificate Details

Serial Number (hex): 61:50
Serial Number (int): 24912
Serial Number Length: 15 bits, 2 octets

Subject Key Identifier:
Authority Key Identifier:

Fingerprint (SHA-1): b9:7a:6c:65:ec:00:e3:6a:c8:6f:7f:30:2c:55:b8:e4:1b:e4:dc:75
Fingerprint (SHA-256): 66:c7:c8:55:ab:0a:fe:8c:18:19:ca:34:90:b9:72:3e:8a:ff:4d:03:6a:bf:23:8c:9d:81:4c:33:19:dc:e9:a1


Revocation Information


Check the revocation status for certificate dns-redirect001.axc.nl
0
DNS Names
0
Email Addresses
0
IP Addresses

Advanced Certificate Properties

Technical details of the X.509 certificate for dns-redirect001.axc.nl

Public Key Algorithm
RSA
Key Size
2048
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Content Commitment
Key Encipherment
Extended Key Usages
None
Extensions
2
CA Certificate
This is not a CA certificate

Subject Alternative Names

This X.509 certificate doesn't contain any subject alternative names.

X.509 Certificate

The complete raw X.509 certificate details for dns-redirect001.axc.nl in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIEEjCCAvqgAwIBAgICYVAwDQYJKoZIhvcNAQELBQAwgb0xCzAJBgNVBAYTAi0t
MRIwEAYDVQQIDAlTb21lU3RhdGUxETAPBgNVBAcMCFNvbWVDaXR5MRkwFwYDVQQK
DBBTb21lT3JnYW5pemF0aW9uMR8wHQYDVQQLDBZTb21lT3JnYW5pemF0aW9uYWxV
bml0MR8wHQYDVQQDDBZkbnMtcmVkaXJlY3QwMDEuYXhjLm5sMSowKAYJKoZIhvcN
AQkBFhtyb290QGRucy1yZWRpcmVjdDAwMS5heGMubmwwHhcNMTgwNjExMTQzNTQ2
WhcNMTkwNjExMTQzNTQ2WjCBvTELMAkGA1UEBhMCLS0xEjAQBgNVBAgMCVNvbWVT
dGF0ZTERMA8GA1UEBwwIU29tZUNpdHkxGTAXBgNVBAoMEFNvbWVPcmdhbml6YXRp
b24xHzAdBgNVBAsMFlNvbWVPcmdhbml6YXRpb25hbFVuaXQxHzAdBgNVBAMMFmRu
cy1yZWRpcmVjdDAwMS5heGMubmwxKjAoBgkqhkiG9w0BCQEWG3Jvb3RAZG5zLXJl
ZGlyZWN0MDAxLmF4Yy5ubDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AKq/pwD0pWXNSEdqB2QxjTXv1AnlT68liGktFKpiNbWYk9HjTwE33Grg0Yfxvc6O
DvWEThiSM99+xmkMetuQMipn0j22A4V9VnhvjyfDXUreqWteHoMstvaxAGO3lZti
51C46T5Rq/ioPQudGj+V+obiBjVUOv1tdmAX8OVmLZ8vb/iTHk4ldoN3ab2JuOhJ
R3H9kMDikCnKMLuupL7gh9f/oUjfLiNxUM5mkSM3sw7d62YkbFA++1RbbfWEm3IV
z/Ep2aoCrSRtJ3E20uPHgN7IxqsfWbkHh3ongkYwe6NbUfHMaeqlC6C2GZ8lTEBm
AsTsyeELFYl7CWwKAr7+3j0CAwEAAaMaMBgwCQYDVR0TBAIwADALBgNVHQ8EBAMC
BeAwDQYJKoZIhvcNAQELBQADggEBAIwVUI3AV5xcdlWI2MlH6XSGV2uAsVjBikPq
bM1ngIWiy/UbUjHm1p9SnvDJcKm/6xK+Rk+C+nXUwF2qEol9JVeyt0elEEO00Ju8
fGYNc7G8z/udmBW2A27ijEFeLqAuzLpKXtjH5bjyKT2FYa/2WstAj8SEbqdQqLG6
SDH72rncTdqM1YZySUEtTfP170o4qsZEw4frOBx4LsZgUbrO1k9CiANEGmtZZc67
vkpdSF67AzV0DdCdxtIEON8LjXeBBNLB5WBcosOlYnWg4HXF8+XPLjEfCeVd8UM5
8+i+AKVVBOrc9Or6u69oBYFmMLqLoQJhtOq43F4ltoQllgq8DjQ=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqr+nAPSlZc1IR2oHZDGN
Ne/UCeVPryWIaS0UqmI1tZiT0eNPATfcauDRh/G9zo4O9YROGJIz337GaQx625Ay
KmfSPbYDhX1WeG+PJ8NdSt6pa14egyy29rEAY7eVm2LnULjpPlGr+Kg9C50aP5X6
huIGNVQ6/W12YBfw5WYtny9v+JMeTiV2g3dpvYm46ElHcf2QwOKQKcowu66kvuCH
1/+hSN8uI3FQzmaRIzezDt3rZiRsUD77VFtt9YSbchXP8SnZqgKtJG0ncTbS48eA
3sjGqx9ZuQeHeieCRjB7o1tR8cxp6qULoLYZnyVMQGYCxOzJ4QsViXsJbAoCvv7e
PQIDAQAB
-----END PUBLIC KEY-----

ASN.1 Decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 24912
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11
 . . . . . . . . . . . . [c:0|t:5|false] NULL []
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '--'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'SomeState'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'SomeCity'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'SomeOrganization'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'SomeOrganizationalUnit'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'dns-redirect001.axc.nl'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.9.1
 . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String '[email protected]'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2018-06-11 14:35:46 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-06-11 14:35:46 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '--'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'SomeState'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'SomeCity'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'SomeOrganization'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'SomeOrganizationalUnit'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'dns-redirect001.axc.nl'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.9.1
 . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String '[email protected]'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL []
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 21555019144458812608253319727205743225108663657717946435793072754898423895606065570815046121106276198765803833028513075869262612726821770645845691884230774000725007422289905084966453526938939952712250499203192508895303561132368774162819115203855236080271756086156750359257140053400375693429339450561591921930022174278043426279960723422230786793476053700963572920697875434253790768045650349731238979812669890948223634216757121298281707044592806893627813924421759960117833328518469885083828340162182609512651580735578320523351757211174728590392190762519197573610844450246670518049348587570839734163701052607663582404157
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05e0
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11
 . . . . . . . . [c:0|t:5|false] NULL []
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		008c15508dc0579c5c765588d8c947e97486576b80b158c18a43ea6ccd678085a2cbf51b5231e6d69f529ef0c970a9bfeb12be464f82fa75d4c05daa12897d2557b2b747a51043b4d09bbc7c660d73b1bccffb9d9815b6036ee28c415e2ea02eccba4a5ed8c7e5b8f2293d8561aff65acb408fc4846ea750a8b1ba4831fbdab9dc4dda8cd5867249412d4df3f5ef4a38aac644c387eb381c782ec66051baced64f428803441a6b5965cebbbe4a5d485ebb0335740dd09dc6d20438df0b8d778104d2c1e5605ca2c3a56275a0e075c5f3e5cf2e311f09e55df14339f3e8be00a55504eadcf4eafabbaf6805816630ba8ba10261b4eab8dc5e25b68425960abc0e34