SSL Checker
Submit the Hostname and Port in the fields below. This checker supports SNI and STARTTLS.
Report
It's all good. We have not detected any issues.
Hostname: | done Matches Common Name or/and SAN |
Expired: | done No (86 days till expiration) |
Public Key: | done We were unable to find any issues in the public key of end-entity certificate |
Trusted: | done Yes, we were able to verify the certificate |
Self-Signed: | done No, the end-entity certificate is not self-signed |
Chain Issues: | done No, we were unable to detect any issues in the certificate chain sent by the server |
Weak signatures: | done No, certificates sent by the server were not signed utilizing a weak hash function |
OCSP Status: | done OCSP Responder returned "good" status for the end-entity certificate |
DNS Information
Resolves To: | 71.115.165.14 |
Reverse IP lookup: | pool-71-115-165-14.syrcny.fios.verizon.net. |
Nameserver: | iris.ns.cloudflare.com. |
Nameserver: | sam.ns.cloudflare.com. |
General Information
Common Name: | harry.lu |
SANs: | DNS:harry.lu Total number of SANs: 1 |
Signature Algorithm: | sha256WithRSAEncryption |
Key Type: | RSA |
Key size: | 2048 bits |
Serial Number: | 44b6cc35ac588c33b4677e79129134ff1b3 |
Not Before: | Apr 20, 2024 12:35:50 GMT |
Not After: | Jul 19, 2024 12:35:49 GMT |
Number of certs: | 2 |
Revocation Status: | good |
OCSP Stapling: | Supported |
Server: | nginx |
HSTS: | Not Supported |
HPKP: | Not Supported |
Chain Information
Certificate # 1 - Common Name: harry.lu
Decode this certificate for verbose information → launchSubject Common Name | harry.lu |
Issuer Common Name | R3 |
Issuer Organization | Let's Encrypt |
Not Before: | Apr 20, 2024 12:35:50 GMT |
Not After: | Jul 19, 2024 12:35:49 GMT |
Signature Algorithm: | sha256WithRSAEncryption |
Serial Number: | 44b6cc35ac588c33b4677e79129134ff1b3 |
SHA1 Fingerprint: | 26:00:02:65:72:1A:B8:09:13:65:CE:78:C2:C5:54:2C:14:31:EA:0D |
MD5 Fingerprint: | 30:95:A1:79:1F:9E:F9:66:38:C5:DB:80:A2:D4:BA:54 |
Certificate # 2 - Common Name: R3
Decode this certificate for verbose information → launchIn place? | Yes, this certificate directly certifies the preceding one |
Subject Common Name | R3 |
Subject Organization | Let's Encrypt |
Issuer Common Name | ISRG Root X1 |
Issuer Organization | Internet Security Research Group |
Not Before: | Sep 04, 2020 00:00:00 GMT |
Not After: | Sep 15, 2025 16:00:00 GMT |
Signature Algorithm: | sha256WithRSAEncryption |
Serial Number: | 912b084acf0c18a753f6d62e25a75f5a |
SHA1 Fingerprint: | A0:53:37:5B:FE:84:E8:B7:48:78:2C:7C:EE:15:82:7A:6A:F5:A4:05 |
MD5 Fingerprint: | E8:29:E6:5D:7C:43:07:D6:FB:C1:3C:17:9E:03:7A:36 |
OpenSSL Handshake
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1 verify return:1 depth=1 C = US, O = Let's Encrypt, CN = R3 verify return:1 depth=0 CN = harry.lu verify return:1 CONNECTED(00000003) OCSP response: ====================================== OCSP Response Data: OCSP Response Status: successful (0x0) Response Type: Basic OCSP Response Version: 1 (0x0) Responder Id: C = US, O = Let's Encrypt, CN = R3 Produced At: Apr 23 06:29:00 2024 GMT Responses: Certificate ID: Hash Algorithm: sha1 Issuer Name Hash: 48DAC9A0FB2BD32D4FF0DE68D2F567B735F9B3C4 Issuer Key Hash: 142EB317B75856CBAE500940E61FAF9D8B14C2C6 Serial Number: 044B6CC35AC588C33B4677E79129134FF1B3 Cert Status: good This Update: Apr 23 06:29:00 2024 GMT Next Update: Apr 30 06:28:58 2024 GMT Signature Algorithm: sha256WithRSAEncryption 6a:c0:da:76:22:dd:90:89:68:db:2e:a7:47:99:d0:2d:44:19: 6c:69:b9:3c:59:eb:2a:9f:df:c3:d9:cb:8f:b4:86:30:79:22: 80:b3:24:e4:44:4a:4a:12:63:59:58:a6:30:95:4e:a6:ea:8a: 1c:d6:8c:50:86:5d:d6:e7:9e:1c:5d:e8:5a:c6:83:8d:30:2b: df:b3:ad:2f:4e:fa:94:59:79:4a:45:6a:1b:4d:76:d9:fe:e6: 52:3a:29:1a:da:4a:59:c9:94:fa:74:fc:11:2b:e6:54:f6:18: ec:72:99:51:62:24:5c:d9:b9:66:19:54:91:5c:19:d3:ed:ae: 0c:46:16:8d:d1:11:f4:23:14:2e:47:41:d5:eb:96:df:d2:16: 9f:ec:4e:ba:9e:6c:e4:ee:33:0e:b8:2c:a4:f1:e4:ce:e0:e0: 72:52:d4:f1:40:97:fd:02:ab:4b:f5:c1:be:80:11:d6:fa:f7: 54:d5:44:c9:6a:77:74:b3:a5:72:7d:2e:9c:f5:6c:63:ff:e6: 1a:6c:bb:3b:94:32:0f:f8:c3:ac:53:f8:55:9a:a1:9e:d2:d2: a8:cf:39:ea:3e:24:dd:54:3e:1d:75:49:b6:e5:f2:11:e7:ee: 3c:c8:db:6c:76:78:ed:29:3b:f4:bd:22:99:7e:96:a1:aa:85: ad:c2:53:53 ====================================== --- Certificate chain 0 s:CN = harry.lu i:C = US, O = Let's Encrypt, CN = R3 -----BEGIN CERTIFICATE----- MIIE3TCCA8WgAwIBAgISBEtsw1rFiMM7RnfnkSkTT/GzMA0GCSqGSIb3DQEBCwUA MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD EwJSMzAeFw0yNDA0MjAxMjM1NTBaFw0yNDA3MTkxMjM1NDlaMBMxETAPBgNVBAMT CGhhcnJ5Lmx1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnliLP3nn 6qgEEzHG82qHIu2o7EtAYZlFvF/WMSQc7qEZWmtssQ0Ve2zZdUvVSwrBj8pkSvxm 5X1Fv+XKxD6cqh0SPGwqvI54kuJOA7HaACAfgsfWofgj+mQ+rr0RwDf4MqsQ9vrV 1WF5zu0Y+bHyRsd063HROISoAEE+pkMsabIf/FPDf8rwQO0YW4zjw+zoYQVviszh q3mSmMO9quyuny1cPOOrlH+M6Q+oE33vvSt4jixq7+DsV6NJxaFahm6VWYDAmR4P P3jY5LrIFrWx146oDhg3eBXnQ25ZtpAQHUcMHimhgQXA0W9KxgVbvhYQQTA1BdXy 5oZuyAdzSq+/iQIDAQABo4ICCjCCAgYwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQW MBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBQc 4wYbK9FcQlzekHuCQZVXkOuJSTAfBgNVHSMEGDAWgBQULrMXt1hWy65QCUDmH6+d ixTCxjBVBggrBgEFBQcBAQRJMEcwIQYIKwYBBQUHMAGGFWh0dHA6Ly9yMy5vLmxl bmNyLm9yZzAiBggrBgEFBQcwAoYWaHR0cDovL3IzLmkubGVuY3Iub3JnLzATBgNV HREEDDAKgghoYXJyeS5sdTATBgNVHSAEDDAKMAgGBmeBDAECATCCAQQGCisGAQQB 1nkCBAIEgfUEgfIA8AB1ADtTd3U+LbmAToswWwb+QDtn2E/D9Me9AA0tcm/h+tQX AAABjvu4aqYAAAQDAEYwRAIgYD/j2BJjaGMqP1GQjImwlUrpHl32lfkGurPDgP1X A80CIH+TQbqK76p/X4l1YlfPQKeWGL9IiUpWqdkIDvZ+g6lAAHcA3+FW66oFr7Wc D4ZxjajAMk6uVtlup/WlagHRwTu+UlwAAAGO+7hrZgAABAMASDBGAiEAq9UgpXNJ uEZ/fUcQESf6lmTtwmUF7fVPkESsfDPARcECIQCvwxQHd91OZH160XyX1KRcJb85 SVfaYJuDQ4kF/yan7TANBgkqhkiG9w0BAQsFAAOCAQEAuPoR7U3e2LK8Y0i5vX37 RLIevIAVL5EcDh/kDQSw+ythA7LP3jJaEt3bLCGhfBj8GClEYqSQQzfbnHlYC7r1 vJYmYUPXU/CtvRfYc3K0O2rpMhnIMWqBC5dBkDczFiXZa/g4Ttk2jCVH2R+REz7P mwsl1XQTkMQXjWoYMznhUHi6tjhjl4mduDOSJR8afg+nFc5DXK3pM7kVR64vsgNd 46zaFv+guGIOIoFcV0p5TqyCi8KNaFT0ESvmYBlKotj1L0RSycIy66+Hjx+yCwMV uSLLt+Ig5xZeHdPEauDe7PBnGLU/VyHcRilcLXkBlaVtOvoeiiCs2t9X8m3v9sEm Sw== -----END CERTIFICATE----- 1 s:C = US, O = Let's Encrypt, CN = R3 i:C = US, O = Internet Security Research Group, CN = ISRG Root X1 -----BEGIN CERTIFICATE----- MIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjAwOTA0MDAwMDAw WhcNMjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg RW5jcnlwdDELMAkGA1UEAxMCUjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK AoIBAQC7AhUozPaglNMPEuyNVZLD+ILxmaZ6QoinXSaqtSu5xUyxr45r+XXIo9cP R5QUVTVXjJ6oojkZ9YI8QqlObvU7wy7bjcCwXPNZOOftz2nwWgsbvsCUJCWH+jdx sxPnHKzhm+/b5DtFUkWWqcFTzjTIUu61ru2P3mBw4qVUq7ZtDpelQDRrK9O8Zutm NHz6a4uPVymZ+DAXXbpyb/uBxa3Shlg9F8fnCbvxK/eG3MHacV3URuPMrSXBiLxg Z3Vms/EY96Jc5lP/Ooi2R6X/ExjqmAl3P51T+c8B5fWmcBcUr2Ok/5mzk53cU6cG /kiFHaFpriV1uxPMUgP17VGhi9sVAgMBAAGjggEIMIIBBDAOBgNVHQ8BAf8EBAMC AYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYB Af8CAQAwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB8GA1UdIwQYMBaA FHm0WeZ7tuXkAXOACIjIGlj26ZtuMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw AoYWaHR0cDovL3gxLmkubGVuY3Iub3JnLzAnBgNVHR8EIDAeMBygGqAYhhZodHRw Oi8veDEuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYGZ4EMAQIBMA0GCysGAQQB gt8TAQEBMA0GCSqGSIb3DQEBCwUAA4ICAQCFyk5HPqP3hUSFvNVneLKYY611TR6W PTNlclQtgaDqw+34IL9fzLdwALduO/ZelN7kIJ+m74uyA+eitRY8kc607TkC53wl ikfmZW4/RvTZ8M6UK+5UzhK8jCdLuMGYL6KvzXGRSgi3yLgjewQtCPkIVz6D2QQz CkcheAmCJ8MqyJu5zlzyZMjAvnnAT45tRAxekrsu94sQ4egdRCnbWSDtY7kh+BIm lJNXoB1lBMEKIq4QDUOXoRgffuDghje1WrG9ML+Hbisq/yFOGwXD9RiX8F6sw6W4 avAuvDszue5L3sz85K+EC4Y/wFVDNvZo4TYXao6Z0f+lQKc0t8DQYzk1OXVu8rp2 yJMC6alLbBfODALZvYH7n7do1AZls4I9d1P4jnkDrQoxB3UqQ9hVl3LEKQ73xF1O yK5GhDDX8oVfGKF5u+decIsH4YaTw7mP3GFxJSqv3+0lUFJoi5Lc5da149p90Ids hCExroL1+7mryIkXPeFM5TgO9r0rvZaBFOvV2z0gp35Z0+L4WPlbuEjN/lxPFin+ HlUjr8gRsI3qfJOQFy/9rKIJR0Y/8Omwt/8oTWgy1mdeHmmjk7j1nYsvC9JSQ6Zv MldlTTKB3zhThV1+XWYp6rjd5JW1zbVWEkLNxE7GJThEUG3szgBVGP7pSWTUTsqX nLRbwHOoq7hHwg== -----END CERTIFICATE----- --- Server certificate subject=CN = harry.lu issuer=C = US, O = Let's Encrypt, CN = R3 --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 3552 bytes and written 404 bytes Verification: OK --- New, TLSv1.2, Cipher is ECDHE-RSA-CHACHA20-POLY1305 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-CHACHA20-POLY1305 Session-ID: 5C9883662F51FA9AC8EEBC4193070279A604D29FFD670867A8D997C8B32E3503 Session-ID-ctx: Master-Key: 23D8CA247488B3ABA354DB4A43E3E3B9DC48FF77A673A4DC60A12A2564CF15EC1E64B3376F218ED7E504B409A3FF6176 PSK identity: None PSK identity hint: None SRP username: None Start Time: 1713912717 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: yes --- DONE