SSL Checker
Submit the Hostname and Port in the fields below. This checker supports SNI and STARTTLS.
Report
It's all good. We have not detected any issues.
Hostname: | done Matches Common Name or/and SAN |
Expired: | done No (326 days till expiration) |
Public Key: | done We were unable to find any issues in the public key of end-entity certificate |
Trusted: | done Yes, we were able to verify the certificate |
Self-Signed: | done No, the end-entity certificate is not self-signed |
Chain Issues: | done No, we were unable to detect any issues in the certificate chain sent by the server |
Weak signatures: | done No, certificates sent by the server were not signed utilizing a weak hash function |
OCSP Status: | done OCSP Responder returned "good" status for the end-entity certificate |
DNS Information
Resolves To: | 64.190.63.222 |
Reverse IP lookup: | No records found |
Nameserver: | ns1.sedoparking.com. |
Nameserver: | ns2.sedoparking.com. |
General Information
Common Name: | sh.st |
SANs: | DNS:sh.st Total number of SANs: 1 |
Signature Algorithm: | sha256WithRSAEncryption |
Key Type: | RSA |
Key size: | 2048 bits |
Serial Number: | 254cbf2a16ccfec7b49b71d88083cc0 |
Not Before: | Mar 19, 2024 00:00:00 GMT |
Not After: | Mar 18, 2025 23:59:59 GMT |
Number of certs: | 2 |
Revocation Status: | good |
OCSP Stapling: | Not Supported |
Server: | NginX |
HSTS: | Not Supported |
HPKP: | Not Supported |
Chain Information
Certificate # 1 - Common Name: sh.st
Decode this certificate for verbose information → launchSubject Common Name | sh.st |
Issuer Common Name | Encryption Everywhere DV TLS CA - G2 |
Issuer Organization | DigiCert Inc |
Not Before: | Mar 19, 2024 00:00:00 GMT |
Not After: | Mar 18, 2025 23:59:59 GMT |
Signature Algorithm: | sha256WithRSAEncryption |
Serial Number: | 254cbf2a16ccfec7b49b71d88083cc0 |
SHA1 Fingerprint: | C9:A8:CE:6D:50:0D:4B:26:48:51:DA:28:C1:BD:A8:A2:83:36:59:41 |
MD5 Fingerprint: | 81:D9:CD:4C:C8:F5:43:D5:65:09:C8:29:C9:C6:EF:FC |
Certificate # 2 - Common Name: Encryption Everywhere DV TLS CA - G2
Decode this certificate for verbose information → launchIn place? | Yes, this certificate directly certifies the preceding one |
Subject Common Name | Encryption Everywhere DV TLS CA - G2 |
Subject Organization | DigiCert Inc |
Issuer Common Name | DigiCert Global Root G2 |
Issuer Organization | DigiCert Inc |
Not Before: | Nov 27, 2017 12:46:40 GMT |
Not After: | Nov 27, 2027 12:46:40 GMT |
Signature Algorithm: | sha256WithRSAEncryption |
Serial Number: | de0ffb5ee62cb61109f608c9ced5ed3 |
SHA1 Fingerprint: | ED:63:02:68:4A:32:59:AA:04:F1:0F:E9:A9:7A:8F:D3:0B:96:5D:26 |
MD5 Fingerprint: | 2C:29:E3:A3:30:F9:38:A1:36:B0:DB:03:F0:63:2F:A6 |
OpenSSL Handshake
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G2 verify return:1 depth=1 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = Encryption Everywhere DV TLS CA - G2 verify return:1 depth=0 CN = sh.st verify return:1 CONNECTED(00000003) OCSP response: no response sent --- Certificate chain 0 s:CN = sh.st i:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = Encryption Everywhere DV TLS CA - G2 -----BEGIN CERTIFICATE----- MIIF4TCCBMmgAwIBAgIQAlTL8qFsz+x7SbcdiAg8wDANBgkqhkiG9w0BAQsFADBu MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 d3cuZGlnaWNlcnQuY29tMS0wKwYDVQQDEyRFbmNyeXB0aW9uIEV2ZXJ5d2hlcmUg RFYgVExTIENBIC0gRzIwHhcNMjQwMzE5MDAwMDAwWhcNMjUwMzE4MjM1OTU5WjAQ MQ4wDAYDVQQDEwVzaC5zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB AMCtsPrld3zPxDh5gB9nbbD8ORz5bNP2x3pcAD5WEIBeakp9svaz3tC8fA8LgkP7 X9qrrNfvsfjTtUcNCO6v64YEsMUp4YMBldG1XiQPKAqiNFq1HQ6jbZcF7omr0zDQ TS29OXby41Jp7MT6MqSQUHfzolklbMRdb3ItX120hv1L5ZEIgS+I8f8UvuIx7Eig +xXeVUPjmVOgJdItuE0s0UpwHHDul2L0DwTA9AM0twYWDtpiS5tlbFGAUkOTW9wI DKzxjO2mJkQcuMKnGLDfgtROJuqWSmv1tiG2Oq31N8NWw3i2Y27UgNv2inJaziCp IVTS5P+RL9Bah4r+wZCVvB0CAwEAAaOCAtcwggLTMB8GA1UdIwQYMBaAFHjfkZBf 7t6s9sV169VMVVPvJEq2MB0GA1UdDgQWBBQVM0eSEqZNLvL9WUE80ZA9RL2BrjAQ BgNVHREECTAHggVzaC5zdDA+BgNVHSAENzA1MDMGBmeBDAECATApMCcGCCsGAQUF BwIBFhtodHRwOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwDgYDVR0PAQH/BAQDAgWg MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCBgAYIKwYBBQUHAQEEdDBy MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wSgYIKwYBBQUH MAKGPmh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9FbmNyeXB0aW9uRXZlcnl3 aGVyZURWVExTQ0EtRzIuY3J0MAwGA1UdEwEB/wQCMAAwggF9BgorBgEEAdZ5AgQC BIIBbQSCAWkBZwB1AE51oydcmhDDOFts1N8/Uusd8OCOG41pwLH6ZLFimjnfAAAB jlX45KMAAAQDAEYwRAIgHr9shLhwNno2WHlj6gPv+ObYeMm3pag5koKB7lmyxQoC IGTcVGHMRGnKPDc/OmC8PrmMkOwB/aJe7JwR+buFqPtvAHYAfVkeEuF4KnscYWd8 Xv340IdcFKBOlZ65Ay/ZDowuebgAAAGOVfjk5QAABAMARzBFAiEAoqlAdbdiYFih WkjHBE0+elwApkjOYkrBlsQS7kNTHpwCICkI6/P8EmNzcEqow6hwUFXkLdB7coP7 zOEH8PuKWUNbAHYA5tIxY0B3jMEQQQbXcbnOwdJA9paEhvu6hzId/R43jlAAAAGO Vfjk9wAABAMARzBFAiEApWecmuXFRP8jFJUogLXyBzZQoPGW2bv5j3t2/FqMmVcC IHOE9/mf66F+iGWYgPp25oynBomFDOGpNlH73L8as0BWMA0GCSqGSIb3DQEBCwUA A4IBAQCQ9lQNxvPE6ipPVlTT0ww90oAbOVwRef1VvHK5UuGnS1Tlli8uG+EpPvT4 59Hj1eX8BB7nIn0ccufgODwP/LhbyXdnkW+G075gXVw9QY2AeM2xG5MQr1aVuBLB EKtGtOXWQ3YNzuLstm35rekDiqntu418LkVESR9penhvoR7YvDWQ6kGWD2pTPv7t CqviXg4NTO5LMTQMEo6WGjE5i4SZUBMP9D3vOuwHgLbNaIHJQI3dv0BxeY2rddgT trwPsZDj+mjEStSLzkCaBvmEd4hAkGxaKvALkReeTF5Pp3KmILGJA6jqlSWQI+3D ahfRM4xdlMmmyRY2UIqxIUs+GqyZ -----END CERTIFICATE----- 1 s:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = Encryption Everywhere DV TLS CA - G2 i:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G2 -----BEGIN CERTIFICATE----- MIIEqjCCA5KgAwIBAgIQDeD/te5iy2EQn2CMnO1e0zANBgkqhkiG9w0BAQsFADBh MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBH MjAeFw0xNzExMjcxMjQ2NDBaFw0yNzExMjcxMjQ2NDBaMG4xCzAJBgNVBAYTAlVT MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j b20xLTArBgNVBAMTJEVuY3J5cHRpb24gRXZlcnl3aGVyZSBEViBUTFMgQ0EgLSBH MjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAO8Uf46i/nr7pkgTDqnE eSIfCFqvPnUq3aF1tMJ5hh9MnO6Lmt5UdHfBGwC9Si+XjK12cjZgxObsL6Rg1njv NhAMJ4JunN0JGGRJGSevbJsA3sc68nbPQzuKp5Jc8vpryp2mts38pSCXorPR+sch QisKA7OSQ1MjcFN0d7tbrceWFNbzgL2csJVQeogOBGSe/KZEIZw6gXLKeFe7mupn NYJROi2iC11+HuF79iAttMc32Cv6UOxixY/3ZV+LzpLnklFq98XORgwkIJL1HuvP ha8yvb+W6JislZJL+HLFtidoxmI7Qm3ZyIV66W533DsGFimFJkz3y0GeHWuSVMbI lfsCAwEAAaOCAU8wggFLMB0GA1UdDgQWBBR435GQX+7erPbFdevVTFVT7yRKtjAf BgNVHSMEGDAWgBROIlQgGJXm427mD/r6uRLtBhePOTAOBgNVHQ8BAf8EBAMCAYYw HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBIGA1UdEwEB/wQIMAYBAf8C AQAwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdp Y2VydC5jb20wQgYDVR0fBDswOTA3oDWgM4YxaHR0cDovL2NybDMuZGlnaWNlcnQu Y29tL0RpZ2lDZXJ0R2xvYmFsUm9vdEcyLmNybDBMBgNVHSAERTBDMDcGCWCGSAGG /WwBAjAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BT MAgGBmeBDAECATANBgkqhkiG9w0BAQsFAAOCAQEAoBs1eCLKakLtVRPFRjBIJ9LJ L0s8ZWum8U8/1TMVkQMBn+CPb5xnCD0GSA6L/V0ZFrMNqBirrr5B241OesECvxIi 98bZ90h9+q/X5eMyOD35f8YTaEMpdnQCnawIwiHx06/0BfiTj+b/XQih+mqt3ZXe xNCJqKexdiB2IWGSKcgahPacWkk/BAQFisKIFYEqHzV974S3FAz/8LIfD58xnsEN GfzyIDkH3JrwYZ8caPTf6ZX9M1GrISN8HnWTtdNCH2xEajRa/h9ZBXjUyFKQrGk2 n2hcLrfZSbynEC/pSw/ET7H5nWwckjmAJ1l9fcnbqkU/pf6uMQmnfl0JQjJNSg== -----END CERTIFICATE----- --- Server certificate subject=CN = sh.st issuer=C = US, O = DigiCert Inc, OU = www.digicert.com, CN = Encryption Everywhere DV TLS CA - G2 --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 3252 bytes and written 380 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_128_GCM_SHA256 Server public key is 2048 bit Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- DONE --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_128_GCM_SHA256 Session-ID: EA6A8B7BEE174FCBFBAD08F2870C41CDB429AAF2450DFAC4D349EC4EFF3EB6FC Session-ID-ctx: Resumption PSK: E51E8E58D508E257218DAB4881C8FB443B39808088633570E292B5781922C13A PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 604800 (seconds) TLS session ticket: 0000 - 8e dd 8a a5 e9 ec 04 ff-06 a0 c6 09 4f 2e 16 cd ............O... 0010 - 23 5d d0 9b 51 9a 4e d9-43 e8 39 d9 16 24 01 9f #]..Q.N.C.9..$.. 0020 - 77 4f d6 8f 1a f4 8d 20-24 42 ce 30 df 82 d0 17 wO..... $B.0.... 0030 - f1 0b 85 dd df ee 2f 36-60 10 9f e1 1f 4f f8 6e ....../6`....O.n 0040 - e5 23 d5 95 fc 91 0b 41-b7 36 0c 78 7a 2d 7a cf .#.....A.6.xz-z. 0050 - ff ee 19 fb 5c 87 f4 12-f3 48 c5 de 64 67 e1 33 ....\....H..dg.3 0060 - a8 cf 89 b6 0c 1e 07 f8-4d 3f af 51 67 a8 3d ff ........M?.Qg.=. 0070 - a9 . Start Time: 1714156294 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK