SSL Checker
Submit the Hostname and Port in the fields below. This checker supports SNI and STARTTLS.
Report
It's all good. We have not detected any issues.
| Hostname: | done Matches Common Name or/and SAN |
| Expired: | done No (326 days till expiration) |
| Public Key: | done We were unable to find any issues in the public key of end-entity certificate |
| Trusted: | done Yes, we were able to verify the certificate |
| Self-Signed: | done No, the end-entity certificate is not self-signed |
| Chain Issues: | done No, we were unable to detect any issues in the certificate chain sent by the server |
| Weak signatures: | done No, certificates sent by the server were not signed utilizing a weak hash function |
| OCSP Status: | done OCSP Responder returned "good" status for the end-entity certificate |
DNS Information
| Resolves To: | 64.190.63.222 |
| Reverse IP lookup: | No records found |
| Nameserver: | ns1.sedoparking.com. |
| Nameserver: | ns2.sedoparking.com. |
General Information
| Common Name: | sh.st |
| SANs: | DNS:sh.st Total number of SANs: 1 |
| Signature Algorithm: | sha256WithRSAEncryption |
| Key Type: | RSA |
| Key size: | 2048 bits |
| Serial Number: | 254cbf2a16ccfec7b49b71d88083cc0 |
| Not Before: | Mar 19, 2024 00:00:00 GMT |
| Not After: | Mar 18, 2025 23:59:59 GMT |
| Number of certs: | 2 |
| Revocation Status: | good |
| OCSP Stapling: | Not Supported |
| Server: | NginX |
| HSTS: | Not Supported |
| HPKP: | Not Supported |
Chain Information
Certificate # 1 - Common Name: sh.st
Decode this certificate for verbose information → launch| Subject Common Name | sh.st |
| Issuer Common Name | Encryption Everywhere DV TLS CA - G2 |
| Issuer Organization | DigiCert Inc |
| Not Before: | Mar 19, 2024 00:00:00 GMT |
| Not After: | Mar 18, 2025 23:59:59 GMT |
| Signature Algorithm: | sha256WithRSAEncryption |
| Serial Number: | 254cbf2a16ccfec7b49b71d88083cc0 |
| SHA1 Fingerprint: | C9:A8:CE:6D:50:0D:4B:26:48:51:DA:28:C1:BD:A8:A2:83:36:59:41 |
| MD5 Fingerprint: | 81:D9:CD:4C:C8:F5:43:D5:65:09:C8:29:C9:C6:EF:FC |
Certificate # 2 - Common Name: Encryption Everywhere DV TLS CA - G2
Decode this certificate for verbose information → launch| In place? | Yes, this certificate directly certifies the preceding one |
| Subject Common Name | Encryption Everywhere DV TLS CA - G2 |
| Subject Organization | DigiCert Inc |
| Issuer Common Name | DigiCert Global Root G2 |
| Issuer Organization | DigiCert Inc |
| Not Before: | Nov 27, 2017 12:46:40 GMT |
| Not After: | Nov 27, 2027 12:46:40 GMT |
| Signature Algorithm: | sha256WithRSAEncryption |
| Serial Number: | de0ffb5ee62cb61109f608c9ced5ed3 |
| SHA1 Fingerprint: | ED:63:02:68:4A:32:59:AA:04:F1:0F:E9:A9:7A:8F:D3:0B:96:5D:26 |
| MD5 Fingerprint: | 2C:29:E3:A3:30:F9:38:A1:36:B0:DB:03:F0:63:2F:A6 |
OpenSSL Handshake
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G2
verify return:1
depth=1 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = Encryption Everywhere DV TLS CA - G2
verify return:1
depth=0 CN = sh.st
verify return:1
CONNECTED(00000003)
OCSP response: no response sent
---
Certificate chain
0 s:CN = sh.st
i:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = Encryption Everywhere DV TLS CA - G2
-----BEGIN CERTIFICATE-----
MIIF4TCCBMmgAwIBAgIQAlTL8qFsz+x7SbcdiAg8wDANBgkqhkiG9w0BAQsFADBu
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMS0wKwYDVQQDEyRFbmNyeXB0aW9uIEV2ZXJ5d2hlcmUg
RFYgVExTIENBIC0gRzIwHhcNMjQwMzE5MDAwMDAwWhcNMjUwMzE4MjM1OTU5WjAQ
MQ4wDAYDVQQDEwVzaC5zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AMCtsPrld3zPxDh5gB9nbbD8ORz5bNP2x3pcAD5WEIBeakp9svaz3tC8fA8LgkP7
X9qrrNfvsfjTtUcNCO6v64YEsMUp4YMBldG1XiQPKAqiNFq1HQ6jbZcF7omr0zDQ
TS29OXby41Jp7MT6MqSQUHfzolklbMRdb3ItX120hv1L5ZEIgS+I8f8UvuIx7Eig
+xXeVUPjmVOgJdItuE0s0UpwHHDul2L0DwTA9AM0twYWDtpiS5tlbFGAUkOTW9wI
DKzxjO2mJkQcuMKnGLDfgtROJuqWSmv1tiG2Oq31N8NWw3i2Y27UgNv2inJaziCp
IVTS5P+RL9Bah4r+wZCVvB0CAwEAAaOCAtcwggLTMB8GA1UdIwQYMBaAFHjfkZBf
7t6s9sV169VMVVPvJEq2MB0GA1UdDgQWBBQVM0eSEqZNLvL9WUE80ZA9RL2BrjAQ
BgNVHREECTAHggVzaC5zdDA+BgNVHSAENzA1MDMGBmeBDAECATApMCcGCCsGAQUF
BwIBFhtodHRwOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwDgYDVR0PAQH/BAQDAgWg
MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCBgAYIKwYBBQUHAQEEdDBy
MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wSgYIKwYBBQUH
MAKGPmh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9FbmNyeXB0aW9uRXZlcnl3
aGVyZURWVExTQ0EtRzIuY3J0MAwGA1UdEwEB/wQCMAAwggF9BgorBgEEAdZ5AgQC
BIIBbQSCAWkBZwB1AE51oydcmhDDOFts1N8/Uusd8OCOG41pwLH6ZLFimjnfAAAB
jlX45KMAAAQDAEYwRAIgHr9shLhwNno2WHlj6gPv+ObYeMm3pag5koKB7lmyxQoC
IGTcVGHMRGnKPDc/OmC8PrmMkOwB/aJe7JwR+buFqPtvAHYAfVkeEuF4KnscYWd8
Xv340IdcFKBOlZ65Ay/ZDowuebgAAAGOVfjk5QAABAMARzBFAiEAoqlAdbdiYFih
WkjHBE0+elwApkjOYkrBlsQS7kNTHpwCICkI6/P8EmNzcEqow6hwUFXkLdB7coP7
zOEH8PuKWUNbAHYA5tIxY0B3jMEQQQbXcbnOwdJA9paEhvu6hzId/R43jlAAAAGO
Vfjk9wAABAMARzBFAiEApWecmuXFRP8jFJUogLXyBzZQoPGW2bv5j3t2/FqMmVcC
IHOE9/mf66F+iGWYgPp25oynBomFDOGpNlH73L8as0BWMA0GCSqGSIb3DQEBCwUA
A4IBAQCQ9lQNxvPE6ipPVlTT0ww90oAbOVwRef1VvHK5UuGnS1Tlli8uG+EpPvT4
59Hj1eX8BB7nIn0ccufgODwP/LhbyXdnkW+G075gXVw9QY2AeM2xG5MQr1aVuBLB
EKtGtOXWQ3YNzuLstm35rekDiqntu418LkVESR9penhvoR7YvDWQ6kGWD2pTPv7t
CqviXg4NTO5LMTQMEo6WGjE5i4SZUBMP9D3vOuwHgLbNaIHJQI3dv0BxeY2rddgT
trwPsZDj+mjEStSLzkCaBvmEd4hAkGxaKvALkReeTF5Pp3KmILGJA6jqlSWQI+3D
ahfRM4xdlMmmyRY2UIqxIUs+GqyZ
-----END CERTIFICATE-----
1 s:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = Encryption Everywhere DV TLS CA - G2
i:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G2
-----BEGIN CERTIFICATE-----
MIIEqjCCA5KgAwIBAgIQDeD/te5iy2EQn2CMnO1e0zANBgkqhkiG9w0BAQsFADBh
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBH
MjAeFw0xNzExMjcxMjQ2NDBaFw0yNzExMjcxMjQ2NDBaMG4xCzAJBgNVBAYTAlVT
MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j
b20xLTArBgNVBAMTJEVuY3J5cHRpb24gRXZlcnl3aGVyZSBEViBUTFMgQ0EgLSBH
MjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAO8Uf46i/nr7pkgTDqnE
eSIfCFqvPnUq3aF1tMJ5hh9MnO6Lmt5UdHfBGwC9Si+XjK12cjZgxObsL6Rg1njv
NhAMJ4JunN0JGGRJGSevbJsA3sc68nbPQzuKp5Jc8vpryp2mts38pSCXorPR+sch
QisKA7OSQ1MjcFN0d7tbrceWFNbzgL2csJVQeogOBGSe/KZEIZw6gXLKeFe7mupn
NYJROi2iC11+HuF79iAttMc32Cv6UOxixY/3ZV+LzpLnklFq98XORgwkIJL1HuvP
ha8yvb+W6JislZJL+HLFtidoxmI7Qm3ZyIV66W533DsGFimFJkz3y0GeHWuSVMbI
lfsCAwEAAaOCAU8wggFLMB0GA1UdDgQWBBR435GQX+7erPbFdevVTFVT7yRKtjAf
BgNVHSMEGDAWgBROIlQgGJXm427mD/r6uRLtBhePOTAOBgNVHQ8BAf8EBAMCAYYw
HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBIGA1UdEwEB/wQIMAYBAf8C
AQAwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdp
Y2VydC5jb20wQgYDVR0fBDswOTA3oDWgM4YxaHR0cDovL2NybDMuZGlnaWNlcnQu
Y29tL0RpZ2lDZXJ0R2xvYmFsUm9vdEcyLmNybDBMBgNVHSAERTBDMDcGCWCGSAGG
/WwBAjAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BT
MAgGBmeBDAECATANBgkqhkiG9w0BAQsFAAOCAQEAoBs1eCLKakLtVRPFRjBIJ9LJ
L0s8ZWum8U8/1TMVkQMBn+CPb5xnCD0GSA6L/V0ZFrMNqBirrr5B241OesECvxIi
98bZ90h9+q/X5eMyOD35f8YTaEMpdnQCnawIwiHx06/0BfiTj+b/XQih+mqt3ZXe
xNCJqKexdiB2IWGSKcgahPacWkk/BAQFisKIFYEqHzV974S3FAz/8LIfD58xnsEN
GfzyIDkH3JrwYZ8caPTf6ZX9M1GrISN8HnWTtdNCH2xEajRa/h9ZBXjUyFKQrGk2
n2hcLrfZSbynEC/pSw/ET7H5nWwckjmAJ1l9fcnbqkU/pf6uMQmnfl0JQjJNSg==
-----END CERTIFICATE-----
---
Server certificate
subject=CN = sh.st
issuer=C = US, O = DigiCert Inc, OU = www.digicert.com, CN = Encryption Everywhere DV TLS CA - G2
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 3252 bytes and written 380 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_128_GCM_SHA256
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
DONE
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_128_GCM_SHA256
Session-ID: EA6A8B7BEE174FCBFBAD08F2870C41CDB429AAF2450DFAC4D349EC4EFF3EB6FC
Session-ID-ctx:
Resumption PSK: E51E8E58D508E257218DAB4881C8FB443B39808088633570E292B5781922C13A
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 604800 (seconds)
TLS session ticket:
0000 - 8e dd 8a a5 e9 ec 04 ff-06 a0 c6 09 4f 2e 16 cd ............O...
0010 - 23 5d d0 9b 51 9a 4e d9-43 e8 39 d9 16 24 01 9f #]..Q.N.C.9..$..
0020 - 77 4f d6 8f 1a f4 8d 20-24 42 ce 30 df 82 d0 17 wO..... $B.0....
0030 - f1 0b 85 dd df ee 2f 36-60 10 9f e1 1f 4f f8 6e ....../6`....O.n
0040 - e5 23 d5 95 fc 91 0b 41-b7 36 0c 78 7a 2d 7a cf .#.....A.6.xz-z.
0050 - ff ee 19 fb 5c 87 f4 12-f3 48 c5 de 64 67 e1 33 ....\....H..dg.3
0060 - a8 cf 89 b6 0c 1e 07 f8-4d 3f af 51 67 a8 3d ff ........M?.Qg.=.
0070 - a9 .
Start Time: 1714156294
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK