SSL Checker
Submit the Hostname and Port in the fields below. This checker supports SNI and STARTTLS.
Report
It's all good. We have not detected any issues.
Hostname: | done Matches Common Name or/and SAN |
Expired: | done No (78 days till expiration) |
Public Key: | done We were unable to find any issues in the public key of end-entity certificate |
Trusted: | done Yes, we were able to verify the certificate |
Self-Signed: | done No, the end-entity certificate is not self-signed |
Chain Issues: | done No, we were unable to detect any issues in the certificate chain sent by the server |
Weak signatures: | done No, certificates sent by the server were not signed utilizing a weak hash function |
OCSP Status: | done OCSP Responder returned "good" status for the end-entity certificate |
DNS Information
Resolves To: | 23.185.0.2 |
Reverse IP lookup: | No records found |
Nameserver: | ns1-01.azure-dns.com. |
Nameserver: | ns2-01.azure-dns.net. |
Nameserver: | ns3-01.azure-dns.org. |
Nameserver: | ns4-01.azure-dns.info. |
General Information
Common Name: | admin.hrw.org |
SANs: | DNS:admin.hrw.orgDNS:archive.hrw.orgDNS:backend.hrw.orgDNS:careers.hrw.orgDNS:china.hrw.orgDNS:dailybrief.hrw.orgDNS:edit.hrw.orgDNS:hrw.orgDNS:humanrightswatch.comDNS:humanrightswatch.orgDNS:internap.hrw.orgDNS:jptest.hrw.orgDNS:legacy.hrw.orgDNS:pantheon.hrw.orgDNS:search.hrw.orgDNS:text.hrw.orgDNS:www.hrw.orgDNS:www.humanrightswatch.comDNS:www.humanrightswatch.orgDNS:www.legacy.hrw.org Total number of SANs: 20 |
Signature Algorithm: | sha256WithRSAEncryption |
Key Type: | RSA |
Key size: | 2048 bits |
Serial Number: | 496b9437239df92e377bae2c5fda64c0a97 |
Not Before: | Mar 18, 2024 09:14:11 GMT |
Not After: | Jun 16, 2024 09:14:10 GMT |
Number of certs: | 2 |
Revocation Status: | good |
OCSP Stapling: | Supported |
Server: | nginx |
HSTS: | max-age=31622400; includeSubDomains; preload |
HPKP: | Not Supported |
Chain Information
Certificate # 1 - Common Name: admin.hrw.org
Decode this certificate for verbose information → launchSubject Common Name | admin.hrw.org |
Issuer Common Name | R3 |
Issuer Organization | Let's Encrypt |
Not Before: | Mar 18, 2024 09:14:11 GMT |
Not After: | Jun 16, 2024 09:14:10 GMT |
Signature Algorithm: | sha256WithRSAEncryption |
Serial Number: | 496b9437239df92e377bae2c5fda64c0a97 |
SHA1 Fingerprint: | 9E:93:18:A2:2A:2D:33:1E:0B:42:9D:BD:B0:1C:CE:EB:69:65:F0:44 |
MD5 Fingerprint: | D9:78:9F:D4:42:FA:25:41:58:83:67:E1:C7:55:6A:34 |
Certificate # 2 - Common Name: R3
Decode this certificate for verbose information → launchIn place? | Yes, this certificate directly certifies the preceding one |
Subject Common Name | R3 |
Subject Organization | Let's Encrypt |
Issuer Common Name | ISRG Root X1 |
Issuer Organization | Internet Security Research Group |
Not Before: | Sep 04, 2020 00:00:00 GMT |
Not After: | Sep 15, 2025 16:00:00 GMT |
Signature Algorithm: | sha256WithRSAEncryption |
Serial Number: | 912b084acf0c18a753f6d62e25a75f5a |
SHA1 Fingerprint: | A0:53:37:5B:FE:84:E8:B7:48:78:2C:7C:EE:15:82:7A:6A:F5:A4:05 |
MD5 Fingerprint: | E8:29:E6:5D:7C:43:07:D6:FB:C1:3C:17:9E:03:7A:36 |
OpenSSL Handshake
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1 verify return:1 depth=1 C = US, O = Let's Encrypt, CN = R3 verify return:1 depth=0 CN = admin.hrw.org verify return:1 CONNECTED(00000003) OCSP response: ====================================== OCSP Response Data: OCSP Response Status: successful (0x0) Response Type: Basic OCSP Response Version: 1 (0x0) Responder Id: C = US, O = Let's Encrypt, CN = R3 Produced At: Mar 23 11:00:00 2024 GMT Responses: Certificate ID: Hash Algorithm: sha1 Issuer Name Hash: 48DAC9A0FB2BD32D4FF0DE68D2F567B735F9B3C4 Issuer Key Hash: 142EB317B75856CBAE500940E61FAF9D8B14C2C6 Serial Number: 0496B9437239DF92E377BAE2C5FDA64C0A97 Cert Status: good This Update: Mar 23 11:00:00 2024 GMT Next Update: Mar 30 10:59:58 2024 GMT Signature Algorithm: sha256WithRSAEncryption 5f:1e:18:e8:85:bc:1f:2a:59:bd:65:6d:6e:ad:4a:4f:58:0d: 61:2e:fd:0d:81:3c:2e:c1:a8:68:d9:df:4d:b8:d0:94:db:71: 78:1e:1c:ca:80:1b:43:76:41:52:08:a0:41:83:2c:a9:57:c4: fb:e0:b6:c5:c0:b2:27:b0:37:f1:6c:e5:18:c7:72:0f:7d:b0: c1:37:6c:7d:29:fe:30:51:6e:05:33:6c:44:ad:d0:e9:d2:0b: f8:01:c0:82:f4:73:73:bd:f6:a7:84:79:5d:50:2a:1d:9a:03: 3b:e6:15:a2:f1:37:b1:92:04:37:45:ee:c0:d2:72:75:8b:08: ee:15:40:54:09:72:3a:1e:62:51:af:09:4a:ae:38:f1:45:e6: 7f:11:e4:15:c0:0c:b3:92:a3:e7:38:f0:0c:d2:16:66:af:bb: 54:ed:00:b8:bd:b6:df:81:f7:8b:2f:36:c4:f2:ba:91:8e:3a: c4:1a:86:06:05:a7:e9:5c:f6:4a:f2:04:5c:89:3a:8a:c4:9e: 68:f0:e4:64:13:50:b0:29:4f:36:8e:55:a4:3f:d8:1e:74:66: 39:87:00:f9:c0:d6:52:0a:b5:10:6e:7e:c7:40:9f:98:ed:37: de:1d:12:68:41:fc:ab:dc:da:c0:22:d9:56:14:0a:65:f5:ec: b9:26:2f:86 ====================================== --- Certificate chain 0 s:CN = admin.hrw.org i:C = US, O = Let's Encrypt, CN = R3 -----BEGIN CERTIFICATE----- MIIGPTCCBSWgAwIBAgISBJa5Q3I535Ljd7rixf2mTAqXMA0GCSqGSIb3DQEBCwUA MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD EwJSMzAeFw0yNDAzMTgwOTE0MTFaFw0yNDA2MTYwOTE0MTBaMBgxFjAUBgNVBAMT DWFkbWluLmhydy5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA dKd6a/TBnNxcCAyQFBfO3CM0cWsekizlrGvPOt2XDtP4ZkBAs+JS9JmYXdJxFDU2 LvszvC++PxYqASbqSaQgayoSvU3BU7/0z5t8vh4/LXLBXztbHtk5VUrglYkypy06 1ZnKcnPeNfrs11rT70H77j83hMBoulSfG7zeYxpMv6X/zJiKfSIi3HFndhEy8vyg w70FaoWKCEJKzN8ilG58YeOkR6h0ll7touLsNx4+/DJdlaL9qXVhB4J0WSumRyCT ybKE/8A/NCOTdt0oCXApAN29BHhjdv5swlWJsNZWtWqMvP7JuloAmI6Mo6an00ML otk8m6NWwT6a9hHzLZlVAgMBAAGjggNlMIIDYTAOBgNVHQ8BAf8EBAMCBaAwHQYD VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0O BBYEFPqnMCJguLsYsLVvaKPMOXITyyIUMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJ QOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3Iz Lm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcv MIIBbAYDVR0RBIIBYzCCAV+CDWFkbWluLmhydy5vcmeCD2FyY2hpdmUuaHJ3Lm9y Z4IPYmFja2VuZC5ocncub3Jngg9jYXJlZXJzLmhydy5vcmeCDWNoaW5hLmhydy5v cmeCEmRhaWx5YnJpZWYuaHJ3Lm9yZ4IMZWRpdC5ocncub3Jnggdocncub3JnghRo dW1hbnJpZ2h0c3dhdGNoLmNvbYIUaHVtYW5yaWdodHN3YXRjaC5vcmeCEGludGVy bmFwLmhydy5vcmeCDmpwdGVzdC5ocncub3Jngg5sZWdhY3kuaHJ3Lm9yZ4IQcGFu dGhlb24uaHJ3Lm9yZ4IOc2VhcmNoLmhydy5vcmeCDHRleHQuaHJ3Lm9yZ4ILd3d3 Lmhydy5vcmeCGHd3dy5odW1hbnJpZ2h0c3dhdGNoLmNvbYIYd3d3Lmh1bWFucmln aHRzd2F0Y2gub3JnghJ3d3cubGVnYWN5Lmhydy5vcmcwEwYDVR0gBAwwCjAIBgZn gQwBAgEwggEEBgorBgEEAdZ5AgQCBIH1BIHyAPAAdgCi4r/WHt4vLweg1k5tN6fc ZUOwxrUuotq3iviabfUX2AAAAY5RDfA2AAAEAwBHMEUCIAb0RyYNxR5ARN2vCD82 O8+KJb+84WnqBszT+jP8bw2GAiEAzwPhVDpDA0VK9yYGPmRSyY8rhcQP7O/Qf4HI Yrbue3sAdgBIsONr2qZHNA/lagL6nTDrHFIBy1bdLIHZu7+rOdiEcwAAAY5RDfBg AAAEAwBHMEUCIQDcpBjrhBrJRnCMhgl91Ij3voRC7XJmpjQS3VsslbhwqgIgcjSB LirMAAMeFC5pqN5sbTbiAnxpODulP7zAclcJCVcwDQYJKoZIhvcNAQELBQADggEB ABLQrZ3RFda6MMWQQGao0pUo3/TYSqvJzpwrFqTFHlnVVvUmHItW8spEoNmyTXMZ kjvv8YyMm2K28MEWQVs9OuPLepHFuW47je8Y0m/tBQVIjKqJYkpo7H2Lu0m6i6lP ki8h9QJpdCMmXnPrQVeZlPAq9Mdn+yXgtBrnO1nDxFXflD/d96wv5aLOedFtZ98k 0grz/sLSRtTun9Am3uH+PhEmfdXJrvcH6GoJIthiZXyd9kwLl6XkeSHjJ9AMc1Tl cRxYq2XaOhBPHaBcbaS1IOYgdgrhmUmhBbm/ohParceTTCscYh56z0uAbdpfsbON TvUAdbU2OUe1aNmRxUWlX7M= -----END CERTIFICATE----- 1 s:C = US, O = Let's Encrypt, CN = R3 i:C = US, O = Internet Security Research Group, CN = ISRG Root X1 -----BEGIN CERTIFICATE----- MIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjAwOTA0MDAwMDAw WhcNMjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg RW5jcnlwdDELMAkGA1UEAxMCUjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK AoIBAQC7AhUozPaglNMPEuyNVZLD+ILxmaZ6QoinXSaqtSu5xUyxr45r+XXIo9cP R5QUVTVXjJ6oojkZ9YI8QqlObvU7wy7bjcCwXPNZOOftz2nwWgsbvsCUJCWH+jdx sxPnHKzhm+/b5DtFUkWWqcFTzjTIUu61ru2P3mBw4qVUq7ZtDpelQDRrK9O8Zutm NHz6a4uPVymZ+DAXXbpyb/uBxa3Shlg9F8fnCbvxK/eG3MHacV3URuPMrSXBiLxg Z3Vms/EY96Jc5lP/Ooi2R6X/ExjqmAl3P51T+c8B5fWmcBcUr2Ok/5mzk53cU6cG /kiFHaFpriV1uxPMUgP17VGhi9sVAgMBAAGjggEIMIIBBDAOBgNVHQ8BAf8EBAMC AYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYB Af8CAQAwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB8GA1UdIwQYMBaA FHm0WeZ7tuXkAXOACIjIGlj26ZtuMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw AoYWaHR0cDovL3gxLmkubGVuY3Iub3JnLzAnBgNVHR8EIDAeMBygGqAYhhZodHRw Oi8veDEuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYGZ4EMAQIBMA0GCysGAQQB gt8TAQEBMA0GCSqGSIb3DQEBCwUAA4ICAQCFyk5HPqP3hUSFvNVneLKYY611TR6W PTNlclQtgaDqw+34IL9fzLdwALduO/ZelN7kIJ+m74uyA+eitRY8kc607TkC53wl ikfmZW4/RvTZ8M6UK+5UzhK8jCdLuMGYL6KvzXGRSgi3yLgjewQtCPkIVz6D2QQz CkcheAmCJ8MqyJu5zlzyZMjAvnnAT45tRAxekrsu94sQ4egdRCnbWSDtY7kh+BIm lJNXoB1lBMEKIq4QDUOXoRgffuDghje1WrG9ML+Hbisq/yFOGwXD9RiX8F6sw6W4 avAuvDszue5L3sz85K+EC4Y/wFVDNvZo4TYXao6Z0f+lQKc0t8DQYzk1OXVu8rp2 yJMC6alLbBfODALZvYH7n7do1AZls4I9d1P4jnkDrQoxB3UqQ9hVl3LEKQ73xF1O yK5GhDDX8oVfGKF5u+decIsH4YaTw7mP3GFxJSqv3+0lUFJoi5Lc5da149p90Ids hCExroL1+7mryIkXPeFM5TgO9r0rvZaBFOvV2z0gp35Z0+L4WPlbuEjN/lxPFin+ HlUjr8gRsI3qfJOQFy/9rKIJR0Y/8Omwt/8oTWgy1mdeHmmjk7j1nYsvC9JSQ6Zv MldlTTKB3zhThV1+XWYp6rjd5JW1zbVWEkLNxE7GJThEUG3szgBVGP7pSWTUTsqX nLRbwHOoq7hHwg== -----END CERTIFICATE----- --- Server certificate subject=CN = admin.hrw.org issuer=C = US, O = Let's Encrypt, CN = R3 --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 3967 bytes and written 382 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_128_GCM_SHA256 Server public key is 2048 bit Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- DONE --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_128_GCM_SHA256 Session-ID: 2A4D3B30078CA0F527B3D396774D2E852453FE6307B72A1761F72917AB35CF6F Session-ID-ctx: Resumption PSK: FA89174DB185F56D8B27C85351CDAB73FFDCD79A15F8E371FC1401D5A8A37F3A PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 3600 (seconds) TLS session ticket: 0000 - 9a c4 67 1f ce 3c 81 19-da 07 52 8f 54 23 17 b8 ..g..<....R.T#.. 0010 - 1e 20 79 54 04 23 2f 36-74 ae 63 a9 d2 3e f6 12 . yT.#/6t.c..>.. 0020 - bf 28 6e c3 e3 a2 40 53-3d 20 23 02 f9 8c d0 be .(n...@S= #..... 0030 - 1f bb 26 13 14 3c ba 2f-09 dc 39 46 0a b7 89 2e ..&..<./..9F.... 0040 - d2 e9 91 fb 90 d5 d5 3b-17 d3 b6 54 6e 83 19 97 .......;...Tn... 0050 - d8 77 3d 15 fa 44 48 a1-10 6c a0 6b 6d 19 d5 8c .w=..DH..l.km... 0060 - 23 fd 47 0d 35 8f ae 30-da d7 be a2 3d ae 41 29 #.G.5..0....=.A) 0070 - 57 86 c6 e6 4e f7 31 dd-c5 d0 cc a6 42 dd df aa W...N.1.....B... 0080 - ba aa 10 17 2f 53 a4 18-6e d2 a1 07 47 c6 c6 14 ..../S..n...G... 0090 - c0 91 f2 2c d6 63 e2 61-df 43 e9 59 2d ce 41 0e ...,.c.a.C.Y-.A. Start Time: 1711710551 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 8192 --- read R BLOCK