SSL Checker
Submit the Hostname and Port in the fields below. This checker supports SNI and STARTTLS.
Report
It's all good. We have not detected any issues.
Hostname: | done Matches Common Name or/and SAN |
Expired: | done No (69 days till expiration) |
Public Key: | done We were unable to find any issues in the public key of end-entity certificate |
Trusted: | done Yes, we were able to verify the certificate |
Self-Signed: | done No, the end-entity certificate is not self-signed |
Chain Issues: | done No, we were unable to detect any issues in the certificate chain sent by the server |
Weak signatures: | done No, certificates sent by the server were not signed utilizing a weak hash function |
OCSP Status: | done OCSP Responder returned "good" status for the end-entity certificate |
DNS Information
Resolves To: | 23.206.188.157 |
Reverse IP lookup: | a23-206-188-157.deploy.static.akamaitechnologies.com. |
Nameserver: | a10-67.akam.net. |
Nameserver: | a18-65.akam.net. |
Nameserver: | a5-66.akam.net. |
Nameserver: | a11-64.akam.net. |
Nameserver: | a1-124.akam.net. |
Nameserver: | a6-67.akam.net. |
General Information
Common Name: | www.fvap.gov |
SANs: | DNS:fvap.govDNS:staging.fvap.govDNS:www.fvap.gov Total number of SANs: 3 |
Signature Algorithm: | sha256WithRSAEncryption |
Key Type: | RSA |
Key size: | 2048 bits |
Serial Number: | 4d3c62afb1d5e50d6525db6e83a8d9f7aea |
Not Before: | Mar 08, 2024 04:28:09 GMT |
Not After: | Jun 06, 2024 04:28:08 GMT |
Number of certs: | 2 |
Revocation Status: | good |
OCSP Stapling: | Supported |
Server: | AkamaiGHost |
HSTS: | max-age=31536000 ; includeSubDomains ; preload |
HPKP: | Not Supported |
Chain Information
Certificate # 1 - Common Name: www.fvap.gov
Decode this certificate for verbose information → launchSubject Common Name | www.fvap.gov |
Issuer Common Name | R3 |
Issuer Organization | Let's Encrypt |
Not Before: | Mar 08, 2024 04:28:09 GMT |
Not After: | Jun 06, 2024 04:28:08 GMT |
Signature Algorithm: | sha256WithRSAEncryption |
Serial Number: | 4d3c62afb1d5e50d6525db6e83a8d9f7aea |
SHA1 Fingerprint: | 8E:F1:02:06:73:C8:06:AC:61:50:35:52:B2:D2:DF:E9:8A:6B:FE:E0 |
MD5 Fingerprint: | 98:87:68:BF:AB:92:2E:A4:6B:E5:98:40:A2:F0:7E:37 |
Certificate # 2 - Common Name: R3
Decode this certificate for verbose information → launchIn place? | Yes, this certificate directly certifies the preceding one |
Subject Common Name | R3 |
Subject Organization | Let's Encrypt |
Issuer Common Name | ISRG Root X1 |
Issuer Organization | Internet Security Research Group |
Not Before: | Sep 04, 2020 00:00:00 GMT |
Not After: | Sep 15, 2025 16:00:00 GMT |
Signature Algorithm: | sha256WithRSAEncryption |
Serial Number: | 912b084acf0c18a753f6d62e25a75f5a |
SHA1 Fingerprint: | A0:53:37:5B:FE:84:E8:B7:48:78:2C:7C:EE:15:82:7A:6A:F5:A4:05 |
MD5 Fingerprint: | E8:29:E6:5D:7C:43:07:D6:FB:C1:3C:17:9E:03:7A:36 |
OpenSSL Handshake
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1 verify return:1 depth=1 C = US, O = Let's Encrypt, CN = R3 verify return:1 depth=0 CN = www.fvap.gov verify return:1 CONNECTED(00000003) OCSP response: ====================================== OCSP Response Data: OCSP Response Status: successful (0x0) Response Type: Basic OCSP Response Version: 1 (0x0) Responder Id: C = US, O = Let's Encrypt, CN = R3 Produced At: Mar 25 19:09:00 2024 GMT Responses: Certificate ID: Hash Algorithm: sha1 Issuer Name Hash: 48DAC9A0FB2BD32D4FF0DE68D2F567B735F9B3C4 Issuer Key Hash: 142EB317B75856CBAE500940E61FAF9D8B14C2C6 Serial Number: 04D3C62AFB1D5E50D6525DB6E83A8D9F7AEA Cert Status: good This Update: Mar 25 19:09:00 2024 GMT Next Update: Apr 1 19:08:58 2024 GMT Signature Algorithm: sha256WithRSAEncryption b8:68:98:5d:4d:86:04:72:7a:ed:7a:35:f4:78:f8:e9:33:76: de:cc:f9:0c:c8:d9:91:f5:7d:7d:2e:f3:28:8c:c2:2f:0d:34: a8:16:b4:17:c8:de:3e:0e:d0:89:43:90:dd:0d:71:0b:ff:e6: 40:84:c3:2e:86:c8:29:27:94:7e:42:ef:c7:d5:73:4b:6e:a1: 3f:d5:13:0a:a5:b9:7b:19:fe:0f:e5:e1:e4:a3:ff:59:a4:89: 22:5e:5f:40:a5:a5:c1:16:cb:f6:14:81:93:e3:c0:fc:99:1f: b0:64:be:a7:a9:68:61:cb:a9:4b:97:41:60:d7:09:ef:d2:05: a4:19:29:df:e7:b5:a7:d4:ac:e6:27:55:15:eb:b8:ab:1c:a3: a4:62:73:e5:d5:6f:89:ac:36:47:e5:d0:7a:3d:3e:16:3e:3a: 76:00:36:61:ce:2e:63:9a:4d:41:94:38:1a:92:78:12:82:23: 09:15:e7:99:10:8d:bb:f5:09:bb:79:4d:0e:0d:a6:a1:1b:04: ea:f0:19:5e:3a:50:de:26:08:72:8c:24:71:f0:9e:d8:ed:4d: d1:fd:6d:b7:db:45:a0:cf:60:44:c6:95:76:b1:35:1e:72:70: 3b:6f:63:de:fc:f0:ba:7e:2d:2d:c1:71:50:4b:9b:c1:6e:4a: 9b:b2:c1:c8 ====================================== --- Certificate chain 0 s:CN = www.fvap.gov i:C = US, O = Let's Encrypt, CN = R3 -----BEGIN CERTIFICATE----- MIIFAjCCA+qgAwIBAgISBNPGKvsdXlDWUl226DqNn3rqMA0GCSqGSIb3DQEBCwUA MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD EwJSMzAeFw0yNDAzMDgwNDI4MDlaFw0yNDA2MDYwNDI4MDhaMBcxFTATBgNVBAMT DHd3dy5mdmFwLmdvdjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKhU S1MX0uWvtB7LRqEUZMqI/zaTgFU76/kG5Y0qKf0EJ8F06q+W3hsagnGAy8boPpFQ KRMuazRJWfqnDLvLgmxoCm/Cv0WjoGIDuHe/khVkQgqDDuAyzqz0lpg+bLjTpFxX Ztypet8vFGyI3+cMwkfYsxyh3+G80XjCbGDAdHlGBfToXPP9aK/tH0H4Hsi8M7Ow GQ7P6bTSRBb9NwcT5VdRWgLwEkRKNxRzL7w2DqydxiPCnfgBxI890t9zF9MPAVs/ 3kg2r/IIf8Bc/fMgje1+T5WQZINvNlQgtsEBWHD0M91hAHTzvQZuq0aArfC7Hufw HLnmjftfXEOJw8rre7UCAwEAAaOCAiswggInMA4GA1UdDwEB/wQEAwIFoDAdBgNV HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4E FgQUKXi1GMWkHiInP6QWpMYu68nKW7kwHwYDVR0jBBgwFoAUFC6zF7dYVsuuUAlA 5h+vnYsUwsYwVQYIKwYBBQUHAQEESTBHMCEGCCsGAQUFBzABhhVodHRwOi8vcjMu by5sZW5jci5vcmcwIgYIKwYBBQUHMAKGFmh0dHA6Ly9yMy5pLmxlbmNyLm9yZy8w MwYDVR0RBCwwKoIIZnZhcC5nb3aCEHN0YWdpbmcuZnZhcC5nb3aCDHd3dy5mdmFw LmdvdjATBgNVHSAEDDAKMAgGBmeBDAECATCCAQUGCisGAQQB1nkCBAIEgfYEgfMA 8QB3AEiw42vapkc0D+VqAvqdMOscUgHLVt0sgdm7v6s52IRzAAABjhyIeOQAAAQD AEgwRgIhAOHfdxSGlRPXCjKa81i29B4OkAJJZ4OVsvyo/ylvpSY0AiEA4Ni7YA/i aretB5Q4FaV1UvR3mz285UH3K7vgVA4u5mYAdgDuzdBk1dsazsVct520zROiModG fLzs3sNRSFlGcR+1mwAAAY4ciHjnAAAEAwBHMEUCIQCu6/K1Ss433qzrAZn/bF7v T3m+AzU7ZeNtdGjs0WQbmAIgIaERF+Q7NjNuS0PKPwAq27sJai6stNfhtUYJL2Xv G5wwDQYJKoZIhvcNAQELBQADggEBAKKv84BebflqUlV4aSh/8eE/4qlbXukXHHPt OA3tPhPfRWrUPuj/FHRD+h4tLLCbQ4h/6h8Sm10g7Q0aIQn81MaieT5zIK6Vim1P zvvHTxikUsv/5KVdI94fu7hCyPbN51zKOOzV9vqc4bhABC9vjU7cFK2KCzrzW3Ex qwx8zzCndpHxquXRFiCSaCTd7Ie/gGkrnSUynCo+q/AimLgnxgMVqPt1cYlBf7+a cgwHO622HNNJgdk9rVD3NvgBlST0WMCceVW+9JKSI+MKRkZ3PpCaNZdbQdMxKiGU J+DsKeWlV4ZFKT5yBZ7/+UxO8LGvGK5gAHHQTiajG93fyke8Qwo= -----END CERTIFICATE----- 1 s:C = US, O = Let's Encrypt, CN = R3 i:C = US, O = Internet Security Research Group, CN = ISRG Root X1 -----BEGIN CERTIFICATE----- MIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjAwOTA0MDAwMDAw WhcNMjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg RW5jcnlwdDELMAkGA1UEAxMCUjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK AoIBAQC7AhUozPaglNMPEuyNVZLD+ILxmaZ6QoinXSaqtSu5xUyxr45r+XXIo9cP R5QUVTVXjJ6oojkZ9YI8QqlObvU7wy7bjcCwXPNZOOftz2nwWgsbvsCUJCWH+jdx sxPnHKzhm+/b5DtFUkWWqcFTzjTIUu61ru2P3mBw4qVUq7ZtDpelQDRrK9O8Zutm NHz6a4uPVymZ+DAXXbpyb/uBxa3Shlg9F8fnCbvxK/eG3MHacV3URuPMrSXBiLxg Z3Vms/EY96Jc5lP/Ooi2R6X/ExjqmAl3P51T+c8B5fWmcBcUr2Ok/5mzk53cU6cG /kiFHaFpriV1uxPMUgP17VGhi9sVAgMBAAGjggEIMIIBBDAOBgNVHQ8BAf8EBAMC AYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYB Af8CAQAwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB8GA1UdIwQYMBaA FHm0WeZ7tuXkAXOACIjIGlj26ZtuMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw AoYWaHR0cDovL3gxLmkubGVuY3Iub3JnLzAnBgNVHR8EIDAeMBygGqAYhhZodHRw Oi8veDEuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYGZ4EMAQIBMA0GCysGAQQB gt8TAQEBMA0GCSqGSIb3DQEBCwUAA4ICAQCFyk5HPqP3hUSFvNVneLKYY611TR6W PTNlclQtgaDqw+34IL9fzLdwALduO/ZelN7kIJ+m74uyA+eitRY8kc607TkC53wl ikfmZW4/RvTZ8M6UK+5UzhK8jCdLuMGYL6KvzXGRSgi3yLgjewQtCPkIVz6D2QQz CkcheAmCJ8MqyJu5zlzyZMjAvnnAT45tRAxekrsu94sQ4egdRCnbWSDtY7kh+BIm lJNXoB1lBMEKIq4QDUOXoRgffuDghje1WrG9ML+Hbisq/yFOGwXD9RiX8F6sw6W4 avAuvDszue5L3sz85K+EC4Y/wFVDNvZo4TYXao6Z0f+lQKc0t8DQYzk1OXVu8rp2 yJMC6alLbBfODALZvYH7n7do1AZls4I9d1P4jnkDrQoxB3UqQ9hVl3LEKQ73xF1O yK5GhDDX8oVfGKF5u+decIsH4YaTw7mP3GFxJSqv3+0lUFJoi5Lc5da149p90Ids hCExroL1+7mryIkXPeFM5TgO9r0rvZaBFOvV2z0gp35Z0+L4WPlbuEjN/lxPFin+ HlUjr8gRsI3qfJOQFy/9rKIJR0Y/8Omwt/8oTWgy1mdeHmmjk7j1nYsvC9JSQ6Zv MldlTTKB3zhThV1+XWYp6rjd5JW1zbVWEkLNxE7GJThEUG3szgBVGP7pSWTUTsqX nLRbwHOoq7hHwg== -----END CERTIFICATE----- --- Server certificate subject=CN = www.fvap.gov issuer=C = US, O = Let's Encrypt, CN = R3 --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: ECDH, P-256, 256 bits --- SSL handshake has read 3789 bytes and written 445 bytes Verification: OK --- New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES256-GCM-SHA384 Session-ID: A41D6A0D11D1796AC3983AA2D0BBBC2965BC2A93DA298E0D7D86765B57918D7D Session-ID-ctx: Master-Key: E072E95E85969BDD9913F291C8D794CC1934C5C750252C6FA4242536A938CF47BE5A74925BB23F9F2CD6E977A8659A61 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 83100 (seconds) TLS session ticket: 0000 - 00 00 f8 45 86 86 60 de-92 5f cf e6 73 4d a4 26 ...E..`.._..sM.& 0010 - 75 bb 08 24 97 8b 6a fd-85 a8 b0 40 4f f4 0c d0 u..$..j....@O... 0020 - 6d ed 98 14 51 57 26 9f-52 36 a9 ea c8 67 bc f6 m...QW&.R6...g.. 0030 - 9e a5 72 db 19 8d 65 87-01 09 4e 72 68 14 eb 63 ..r...e...Nrh..c 0040 - 38 bd da cd 96 9e c0 92-1c 95 68 64 13 37 b1 97 8.........hd.7.. 0050 - 43 aa 55 cc 60 a5 4f 1d-97 37 50 e2 11 53 0a 54 C.U.`.O..7P..S.T 0060 - dc 30 5f 68 34 94 a2 04-84 e4 91 15 75 d8 6f 1e .0_h4.......u.o. 0070 - 1c 8a 94 29 89 c7 29 0e-8c 6e 05 6b 29 88 ba 5e ...)..)..n.k)..^ 0080 - 3e f9 6c 7c de 44 90 13-ff 10 8d ce 5c 28 71 d6 >.l|.D......\(q. 0090 - 0a cc ef 07 80 ce 5a 7a-8f 58 05 04 2a b1 bb 2c ......Zz.X..*.., 00a0 - 96 1e ac 26 d8 e3 1c d8-d8 59 eb 41 49 f9 05 de ...&.....Y.AI... Start Time: 1711651651 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no --- DONE