SSL Checker
Submit the Hostname and Port in the fields below. This checker supports SNI and STARTTLS.
Report
It's all good. We have not detected any issues.
| Hostname: | done Matches Common Name or/and SAN |
| Expired: | done No (86 days till expiration) |
| Public Key: | done We were unable to find any issues in the public key of end-entity certificate |
| Trusted: | done Yes, we were able to verify the certificate |
| Self-Signed: | done No, the end-entity certificate is not self-signed |
| Chain Issues: | done No, we were unable to detect any issues in the certificate chain sent by the server |
| Weak signatures: | done No, certificates sent by the server were not signed utilizing a weak hash function |
| OCSP Status: | done OCSP Responder returned "good" status for the end-entity certificate |
DNS Information
| Resolves To: | 155.4.61.251 |
| Reverse IP lookup: | h-155-4-61-251.A980.priv.bahnhof.se. |
| Nameserver: | ali.ns.cloudflare.com. |
| Nameserver: | ridge.ns.cloudflare.com. |
General Information
| Common Name: | immich.harryisback.org |
| SANs: | DNS:immich.harryisback.org Total number of SANs: 1 |
| Signature Algorithm: | ecdsa-with-SHA384 |
| Key Type: | ECDSA (secp256r1) |
| Key size: | 256 bits |
| Serial Number: | 424d49f49d868e3272175cbcf5ef51de754 |
| Not Before: | Dec 30, 2024 20:07:31 GMT |
| Not After: | Mar 30, 2025 20:07:30 GMT |
| Number of certs: | 2 |
| Revocation Status: | good |
| OCSP Stapling: | Not Supported |
| Server: | nginx/1.22.1 |
| HSTS: | Not Supported |
| HPKP: | Not Supported |
Chain Information
Certificate # 1 - Common Name: immich.harryisback.org
Decode this certificate for verbose information → launch| Subject Common Name | immich.harryisback.org |
| Issuer Common Name | E5 |
| Issuer Organization | Let's Encrypt |
| Not Before: | Dec 30, 2024 20:07:31 GMT |
| Not After: | Mar 30, 2025 20:07:30 GMT |
| Signature Algorithm: | ecdsa-with-SHA384 |
| Serial Number: | 424d49f49d868e3272175cbcf5ef51de754 |
| SHA1 Fingerprint: | DD:9D:B4:2B:8C:F4:42:36:0A:83:7A:7F:26:49:BD:B8:72:48:A1:FA |
| MD5 Fingerprint: | BF:8F:E9:B3:2A:59:6F:F8:5C:D2:33:36:67:C3:C6:4F |
Certificate # 2 - Common Name: E5
Decode this certificate for verbose information → launch| In place? | Yes, this certificate directly certifies the preceding one |
| Subject Common Name | E5 |
| Subject Organization | Let's Encrypt |
| Issuer Common Name | ISRG Root X1 |
| Issuer Organization | Internet Security Research Group |
| Not Before: | Mar 13, 2024 00:00:00 GMT |
| Not After: | Mar 12, 2027 23:59:59 GMT |
| Signature Algorithm: | sha256WithRSAEncryption |
| Serial Number: | 838f6c63ceb1398c6206628315c9fdde |
| SHA1 Fingerprint: | 5F:28:D9:C5:89:EE:4B:F3:1A:11:B7:8C:72:B8:D1:3F:07:9D:DC:45 |
| MD5 Fingerprint: | 54:7A:B1:C0:5C:A8:5A:6E:68:2C:91:28:0F:EF:D7:55 |
OpenSSL Handshake
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = E5
verify return:1
depth=0 CN = immich.harryisback.org
verify return:1
CONNECTED(00000003)
OCSP response: no response sent
---
Certificate chain
0 s:CN = immich.harryisback.org
i:C = US, O = Let's Encrypt, CN = E5
-----BEGIN CERTIFICATE-----
MIIDjjCCAxOgAwIBAgISBCTUn0nYaOMnIXXLz171HedUMAoGCCqGSM49BAMDMDIx
CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJF
NTAeFw0yNDEyMzAyMDA3MzFaFw0yNTAzMzAyMDA3MzBaMCExHzAdBgNVBAMTFmlt
bWljaC5oYXJyeWlzYmFjay5vcmcwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATH
ND/TDAiIyqptYi5Jn0NqMMApQhzPaUR7SE9bGQMZUgJMcxsR9ISAVx9YnYzhkNKB
xJs/kGoa1eC8HVd3i3dbo4ICGDCCAhQwDgYDVR0PAQH/BAQDAgeAMB0GA1UdJQQW
MBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSv
+qjozwvejZTNmmRrJoOlC7VzFzAfBgNVHSMEGDAWgBSfK1/PPCFPnQS37SssxMZw
i9LXDTBVBggrBgEFBQcBAQRJMEcwIQYIKwYBBQUHMAGGFWh0dHA6Ly9lNS5vLmxl
bmNyLm9yZzAiBggrBgEFBQcwAoYWaHR0cDovL2U1LmkubGVuY3Iub3JnLzAhBgNV
HREEGjAYghZpbW1pY2guaGFycnlpc2JhY2sub3JnMBMGA1UdIAQMMAowCAYGZ4EM
AQIBMIIBBAYKKwYBBAHWeQIEAgSB9QSB8gDwAHYAouMK5EXvva2bfjjtR2d3U9eC
W4SU1yteGyzEuVCkR+cAAAGUGWPaYAAABAMARzBFAiAx15XRwZtAyFyqp2hLyN8X
721DtgolOZNavAUI+QEB4AIhANWTQrAADijIWyHbd/tygbAJhN/Ymq+/jEMJpqKk
BkC6AHYATnWjJ1yaEMM4W2zU3z9S6x3w4I4bjWnAsfpksWKaOd8AAAGUGWPaWQAA
BAMARzBFAiEAksEKml2GaTUPlZwvphp1X1WXyQ9bSlMAoK0r/PKHH/oCIDKsoFVR
R2uAhwoyqCk00CDx15WpE9L1FWC10ykQU3VHMAoGCCqGSM49BAMDA2kAMGYCMQDM
QrFFeGFoO5LlqWsAZCNALHlDzbDI7kA1xXHu58zsTipdMMzuRXj/Qox4S7WHFp8C
MQDO/l0KHrbV9LW0RKb/2NrC0ZjIEF7HoKMys17iez25JITLlIxJR8DKaMZQIDDP
02I=
-----END CERTIFICATE-----
1 s:C = US, O = Let's Encrypt, CN = E5
i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
-----BEGIN CERTIFICATE-----
MIIEVzCCAj+gAwIBAgIRAIOPbGPOsTmMYgZigxXJ/d4wDQYJKoZIhvcNAQELBQAw
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjQwMzEzMDAwMDAw
WhcNMjcwMzEyMjM1OTU5WjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
RW5jcnlwdDELMAkGA1UEAxMCRTUwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQNCzqK
a2GOtu/cX1jnxkJFVKtj9mZhSAouWXW0gQI3ULc/FnncmOyhKJdyIBwsz9V8UiBO
VHhbhBRrwJCuhezAUUE8Wod/Bk3U/mDR+mwt4X2VEIiiCFQPmRpM5uoKrNijgfgw
gfUwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcD
ATASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBSfK1/PPCFPnQS37SssxMZw
i9LXDTAfBgNVHSMEGDAWgBR5tFnme7bl5AFzgAiIyBpY9umbbjAyBggrBgEFBQcB
AQQmMCQwIgYIKwYBBQUHMAKGFmh0dHA6Ly94MS5pLmxlbmNyLm9yZy8wEwYDVR0g
BAwwCjAIBgZngQwBAgEwJwYDVR0fBCAwHjAcoBqgGIYWaHR0cDovL3gxLmMubGVu
Y3Iub3JnLzANBgkqhkiG9w0BAQsFAAOCAgEAH3KdNEVCQdqk0LKyuNImTKdRJY1C
2uw2SJajuhqkyGPY8C+zzsufZ+mgnhnq1A2KVQOSykOEnUbx1cy637rBAihx97r+
bcwbZM6sTDIaEriR/PLk6LKs9Be0uoVxgOKDcpG9svD33J+G9Lcfv1K9luDmSTgG
6XNFIN5vfI5gs/lMPyojEMdIzK9blcl2/1vKxO8WGCcjvsQ1nJ/Pwt8LQZBfOFyV
XP8ubAp/au3dc4EKWG9MO5zcx1qT9+NXRGdVWxGvmBFRAajciMfXME1ZuGmk3/GO
koAM7ZkjZmleyokP1LGzmfJcUd9s7eeu1/9/eg5XlXd/55GtYjAM+C4DG5i7eaNq
cm2F+yxYIPt6cbbtYVNJCGfHWqHEQ4FYStUyFnv8sjyqU8ypgZaNJ9aVcWSICLOI
E1/Qv/7oKsnZCWJ926wU6RqG1OYPGOi1zuABhLw61cuPVDT28nQS/e6z95cJXq0e
K1BcaJ6fJZsmbjRgD5p3mvEf5vdQM7MCEvU0tHbsx2I5mHHJoABHb8KVBgWp/lcX
GWiWaeOyB7RP+OfDtvi2OsapxXiV7vNVs7fMlrRjY1joKaqmmycnBvAq14AEbtyL
sVfOS66B8apkeFX2NY4XPEYV4ZSCe8VHPrdrERk2wILG3T/EGmSIkCYVUMSnjmJd
VQD9F6Na/+zmXCc=
-----END CERTIFICATE-----
---
Server certificate
subject=CN = immich.harryisback.org
issuer=C = US, O = Let's Encrypt, CN = E5
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: ECDSA
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 2523 bytes and written 426 bytes
Verification: OK
---
New, TLSv1.2, Cipher is ECDHE-ECDSA-AES256-GCM-SHA384
Server public key is 256 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-ECDSA-AES256-GCM-SHA384
Session-ID: 85515B737041DBA7B6B633C00703C905BEAAB10A09040CF05F42F6398A682786
Session-ID-ctx:
Master-Key: F23B58DA3096D02CE0C26D0D4DF846A71D5C959E52FAA0D44275715C342D2B9F2C7B766953EA6ED2388C46B3B598CF57
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - 9e b5 e5 82 a3 92 95 10-08 b6 a3 4a 65 b4 4c 5f ...........Je.L_
0010 - e9 d2 ac 18 fa fa dc 39-bd 0d 6a 6a 5d 96 03 c3 .......9..jj]...
0020 - 85 fe f3 1a 63 02 d4 56-ce de 38 37 ef 91 3c 71 ....c..V..87..<q
0030 - 81 0a 10 23 c7 89 a3 0e-35 a3 2a af 11 f9 35 5a ...#....5.*...5Z
0040 - ee 8a 57 85 e7 0d 02 a2-4d 5a e5 36 01 c1 1a ee ..W.....MZ.6....
0050 - 43 c1 82 6d 08 bb ca 33-0a eb 0c 18 36 df ca ef C..m...3....6...
0060 - 46 b9 4e de 08 fd 24 70-d4 44 c2 ed fd bd ab 52 F.N...$p.D.....R
0070 - 2e 46 88 20 49 35 2e e9-d3 59 87 42 bb fb 1d 68 .F. I5...Y.B...h
0080 - df ab cb af b5 96 0e 0c-83 ec 9a 44 f5 32 76 4f ...........D.2vO
0090 - 51 a7 2d 59 a2 79 f2 8b-28 8c c1 2c b1 90 23 48 Q.-Y.y..(..,..#H
00a0 - 3e 66 75 ae 0c 15 41 2e-73 51 92 d7 08 70 15 fd >fu...A.sQ...p..
00b0 - f6 f3 29 86 2e 7d 0d 83-1a 24 5d 2d d9 52 bf eb ..)..}...$]-.R..
00c0 - b3 35 fb 1a 09 88 a3 db-d6 7b 84 ad 25 47 7a 68 .5.......{..%Gzh
Start Time: 1735855067
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: yes
---
DONE