SSL Checker
Submit the Hostname and Port in the fields below. This checker supports SNI and STARTTLS.
Report
| Hostname: | close Doesn't match Common Name or/and SANs |
| Expired: | done No (291 days till expiration) |
| Public Key: | done We were unable to find any issues in the public key of end-entity certificate |
| Trusted: | close The end-entity certificate is self-signed |
| Self-Signed: | close Yes, the end-entity certificate is self-signed |
| Chain Issues: | close The chain doesn't contain any intermediate certificates |
| Weak signatures: | done No, certificates sent by the server were not signed utilizing a weak hash function |
DNS Information
| Resolves To: | 58.69.164.60 |
| Reverse IP lookup: | 58.69.164.60.pldt.net. |
| Nameserver: | ns73.domaincontrol.com. |
| Nameserver: | ns74.domaincontrol.com. |
General Information
| Common Name: | Kubernetes Ingress Controller Fake Certificate |
| SANs: | DNS:ingress.local Total number of SANs: 1 |
| Organization: | Acme Co |
| Signature Algorithm: | sha256WithRSAEncryption |
| Key Type: | RSA |
| Key size: | 2048 bits |
| Serial Number: | 9e811f897a66ca286b42b041a8437069 |
| Not Before: | Jul 20, 2022 17:05:54 GMT |
| Not After: | Jul 20, 2023 17:05:54 GMT |
| Number of certs: | 1 |
| Revocation Status: | Certificate does not supply CA Issuers information |
| OCSP Stapling: | Not Supported |
| Server: | Not Provided |
| HSTS: | max-age=15724800; includeSubDomains |
| HPKP: | Not Supported |
Chain Information
Certificate # 1 - Common Name: Kubernetes Ingress Controller Fake Certificate
Decode this certificate for verbose information → launch| Subject Common Name | Kubernetes Ingress Controller Fake Certificate |
| Subject Organization | Acme Co |
| Issuer Common Name | Kubernetes Ingress Controller Fake Certificate |
| Issuer Organization | Acme Co |
| Not Before: | Jul 20, 2022 17:05:54 GMT |
| Not After: | Jul 20, 2023 17:05:54 GMT |
| Signature Algorithm: | sha256WithRSAEncryption |
| Serial Number: | 9e811f897a66ca286b42b041a8437069 |
| SHA1 Fingerprint: | AC:1F:36:0C:A8:D1:52:32:FE:77:90:51:1F:E1:DD:2B:9B:24:4F:00 |
| MD5 Fingerprint: | F2:22:5D:09:C6:21:38:67:07:76:2F:0E:81:C0:19:BA |
OpenSSL Handshake
depth=0 O = Acme Co, CN = Kubernetes Ingress Controller Fake Certificate
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 O = Acme Co, CN = Kubernetes Ingress Controller Fake Certificate
verify error:num=21:unable to verify the first certificate
verify return:1
CONNECTED(00000003)
OCSP response: no response sent
---
Certificate chain
0 s:/O=Acme Co/CN=Kubernetes Ingress Controller Fake Certificate
i:/O=Acme Co/CN=Kubernetes Ingress Controller Fake Certificate
-----BEGIN CERTIFICATE-----
MIIDcDCCAligAwIBAgIRAJ6BH4l6Zsooa0KwQahDcGkwDQYJKoZIhvcNAQELBQAw
SzEQMA4GA1UEChMHQWNtZSBDbzE3MDUGA1UEAxMuS3ViZXJuZXRlcyBJbmdyZXNz
IENvbnRyb2xsZXIgRmFrZSBDZXJ0aWZpY2F0ZTAeFw0yMjA3MjAxNzA1NTRaFw0y
MzA3MjAxNzA1NTRaMEsxEDAOBgNVBAoTB0FjbWUgQ28xNzA1BgNVBAMTLkt1YmVy
bmV0ZXMgSW5ncmVzcyBDb250cm9sbGVyIEZha2UgQ2VydGlmaWNhdGUwggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3OJLFDDHl2OIkruLPv0pKhB3Jm6W+
0fNUMTAafoIrvLrbEeS6VvPFs1nlFnMakrxEZZ72D+yeKG2mENbm1LlMtKLY0jRo
oTnT8yClzc3lbod3JJA3R35qdVSx+6gUTeHQDPWiqyBBOJqorVv943mZTrkce++P
E5vZukioDvmhbJI4FaZxJXBzzqcQ2PfQ/A88nVhhH0DGrJotE0f/+G6uxAla0ar3
uX8t9RDNDRwdYHSJnAjTgv+ShbBdCkjS3xLh+qg8EyHOXJ+VEPRcdv3yxKnrtNia
l3NclUKeYWzxUfsmlU4BUXUKL7gHYqZ0TqkkJG1eG1xH8xb/C8+G7u3RAgMBAAGj
TzBNMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcDATAMBgNVHRMB
Af8EAjAAMBgGA1UdEQQRMA+CDWluZ3Jlc3MubG9jYWwwDQYJKoZIhvcNAQELBQAD
ggEBAEcBx4js3fm6DTQqvj+w0I5yzLKMD+vZLmvxCBpepz4/ZCPZBq/Do9Im+tWr
WAbXVlHp8g1wq+3R8GMcEa4XjurprrOGZJ9o2qJu4W2NfASSrH38o4HME5hO+8wH
+ubYokDug1zqo3GqxFac2zSmR8ljPbf/6CCXt85Xu3uYCUyn7IRsofEAJxCKQ2u3
Nv8SwOj8rTKd6QFiBAPDUKLTqkKxbkhDBwQJ/Bd+OnGg0Njqs156qpriC4H4nVqT
e8gW+kgXyB7ubnBgODB/5ITqlBC1KxCDROp/VoSm71Ibhg1blZKUpIO6hlS0Wmbj
93ZvRojzPZk98121EBXzwrYSHW8=
-----END CERTIFICATE-----
---
Server certificate
subject=/O=Acme Co/CN=Kubernetes Ingress Controller Fake Certificate
issuer=/O=Acme Co/CN=Kubernetes Ingress Controller Fake Certificate
---
No client certificate CA names sent
Peer signing digest: SHA256
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 1366 bytes and written 313 bytes
Verification error: unable to verify the first certificate
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES128-GCM-SHA256
Session-ID: A9D526870AB7BC5169DE7B13D96336BA06E0FFB4E0E3C02162526AE6B2013628
Session-ID-ctx:
Master-Key: F175C8169CA82CAA62E44EDF96CDB25290B361BCB6402703261D516CE392D51BB5A95EAEB6E85BB43E6B0F271FADE380
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1664656336
Timeout : 7200 (sec)
Verify return code: 21 (unable to verify the first certificate)
Extended master secret: yes
---
DONE