SSL Checker
Submit the Hostname and Port in the fields below. This checker supports SNI and STARTTLS.
Report
It's all good. We have not detected any issues.
| Hostname: | done Matches Common Name or/and SAN |
| Expired: | done No (380 days till expiration) |
| Public Key: | done We were unable to find any issues in the public key of end-entity certificate |
| Trusted: | done Yes, we were able to verify the certificate |
| Self-Signed: | done No, the end-entity certificate is not self-signed |
| Chain Issues: | done No, we were unable to detect any issues in the certificate chain sent by the server |
| Weak signatures: | done No, certificates sent by the server were not signed utilizing a weak hash function |
| OCSP Status: | done OCSP Responder returned "good" status for the end-entity certificate |
DNS Information
| Resolves To: | 195.50.177.61 |
| Reverse IP lookup: | lb-redirect.dns.boreus.de. |
| Nameserver: | ns4.boreus.de. |
| Nameserver: | ns3.boreus.de. |
| Nameserver: | ns1.boreus.de. |
| Nameserver: | ns2.boreus.de. |
General Information
| Common Name: | *.sueddeutsche.de |
| SANs: | DNS:*.sueddeutsche.deDNS:sueddeutsche.de Total number of SANs: 2 |
| Signature Algorithm: | sha256WithRSAEncryption |
| Key Type: | RSA |
| Key size: | 2048 bits |
| Serial Number: | c41013cc9008c44b98e0094cddecf96 |
| Not Before: | Apr 10, 2024 00:00:00 GMT |
| Not After: | May 11, 2025 23:59:59 GMT |
| Number of certs: | 2 |
| Revocation Status: | good |
| OCSP Stapling: | Not Supported |
| Server: | nginx |
| HSTS: | Not Supported |
| HPKP: | Not Supported |
Chain Information
Certificate # 1 - Common Name: *.sueddeutsche.de
Decode this certificate for verbose information → launch| Subject Common Name | *.sueddeutsche.de |
| Issuer Common Name | Thawte TLS RSA CA G1 |
| Issuer Organization | DigiCert Inc |
| Not Before: | Apr 10, 2024 00:00:00 GMT |
| Not After: | May 11, 2025 23:59:59 GMT |
| Signature Algorithm: | sha256WithRSAEncryption |
| Serial Number: | c41013cc9008c44b98e0094cddecf96 |
| SHA1 Fingerprint: | 93:84:13:75:4A:94:2B:FA:B7:03:60:EA:08:CF:E1:04:6F:D6:B7:0A |
| MD5 Fingerprint: | 7A:CB:65:71:23:93:63:1E:73:64:D1:E1:83:75:48:AF |
Certificate # 2 - Common Name: Thawte TLS RSA CA G1
Decode this certificate for verbose information → launch| In place? | Yes, this certificate directly certifies the preceding one |
| Subject Common Name | Thawte TLS RSA CA G1 |
| Subject Organization | DigiCert Inc |
| Issuer Common Name | DigiCert Global Root G2 |
| Issuer Organization | DigiCert Inc |
| Not Before: | Nov 02, 2017 12:24:25 GMT |
| Not After: | Nov 02, 2027 12:24:25 GMT |
| Signature Algorithm: | sha256WithRSAEncryption |
| Serial Number: | 90ee8c5de5bfa62d2ae2ff7097c4857 |
| SHA1 Fingerprint: | C9:FE:FC:76:3D:95:48:B4:87:69:6F:04:7A:CB:A0:AB:E4:5C:7B:C1 |
| MD5 Fingerprint: | B6:D2:12:3E:FC:D2:CF:87:C8:67:6D:F1:3D:48:CD:30 |
OpenSSL Handshake
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G2
verify return:1
depth=1 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = Thawte TLS RSA CA G1
verify return:1
depth=0 CN = *.sueddeutsche.de
verify return:1
CONNECTED(00000003)
OCSP response: no response sent
---
Certificate chain
0 s:CN = *.sueddeutsche.de
i:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = Thawte TLS RSA CA G1
-----BEGIN CERTIFICATE-----
MIIGJjCCBQ6gAwIBAgIQDEEBPMkAjES5jgCUzd7PljANBgkqhkiG9w0BAQsFADBe
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMR0wGwYDVQQDExRUaGF3dGUgVExTIFJTQSBDQSBHMTAe
Fw0yNDA0MTAwMDAwMDBaFw0yNTA1MTEyMzU5NTlaMBwxGjAYBgNVBAMMESouc3Vl
ZGRldXRzY2hlLmRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxdgK
gyQ+uUPIKBMIpCstY37q3IAisq3sxaTCCqRu9QIxCBrJc/ulz9/ld/DVYrUNfbVk
68c1FJmjDXcmhl44CXZeyTffZlvKCLI8I+qfv9EwUDpkwPFXbKt2P4/AbBzS6BQb
JERtM9Z1jfzWxYovLQSFggx3ne1dCjOSWosX/IwUoLwap57coSVoKw1ie8XoO4EZ
2X8WehPJCMx/yFgzsFqlixVkrvfWf9OT6PSYuUAKQZrzjRZknl0RAacqDXkdgLfB
iU6FpTyftPpl6F+YucYMZ8jydiNWrGM3zyangscvXmRhPet2vcABGZbM7lAM1SWS
K6bBdQeyL+5WDexw2wIDAQABo4IDIDCCAxwwHwYDVR0jBBgwFoAUpYz+MszrDyzU
GcYIuAAkiF3DxbcwHQYDVR0OBBYEFNrG5T4cvy5JcXkFGCAlJZwaMwcZMC0GA1Ud
EQQmMCSCESouc3VlZGRldXRzY2hlLmRlgg9zdWVkZGV1dHNjaGUuZGUwPgYDVR0g
BDcwNTAzBgZngQwBAgEwKTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdpY2Vy
dC5jb20vQ1BTMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYI
KwYBBQUHAwIwOwYDVR0fBDQwMjAwoC6gLIYqaHR0cDovL2NkcC50aGF3dGUuY29t
L1RoYXd0ZVRMU1JTQUNBRzEuY3JsMHAGCCsGAQUFBwEBBGQwYjAkBggrBgEFBQcw
AYYYaHR0cDovL3N0YXR1cy50aGF3dGUuY29tMDoGCCsGAQUFBzAChi5odHRwOi8v
Y2FjZXJ0cy50aGF3dGUuY29tL1RoYXd0ZVRMU1JTQUNBRzEuY3J0MAwGA1UdEwEB
/wQCMAAwggF9BgorBgEEAdZ5AgQCBIIBbQSCAWkBZwB1AE51oydcmhDDOFts1N8/
Uusd8OCOG41pwLH6ZLFimjnfAAABjshBXvEAAAQDAEYwRAIgJ4k3cKpJRQRK4pwI
TCTzmMZB4DrUQNWYEuzSuqZ2iWsCIC9UH1G0W9t8VsK9onMGkcCtZAQ9Rtssg+jQ
wlqDOUf3AHYAfVkeEuF4KnscYWd8Xv340IdcFKBOlZ65Ay/ZDowuebgAAAGOyEFf
JgAABAMARzBFAiEAkEd06wbX4dhNzLZVpv7OU5aH8TBOrD0A1Yb2R1QLg4oCIF3+
6HbGZsAFLUmiRxiK9g3lJp18Xmmtjnjp4KzRSHQPAHYA5tIxY0B3jMEQQQbXcbnO
wdJA9paEhvu6hzId/R43jlAAAAGOyEFfNwAABAMARzBFAiEA4gKIcmQK27zhXuQU
vrMr90dyPK/hP1BkIkg2LpGF6JECIAboXlAEzmRxJPDDyAewe6lJ3u0zPMYm8FQn
0Ao/lAXAMA0GCSqGSIb3DQEBCwUAA4IBAQAxJ81EIwhqpaqlLaNPz1sQeeVDZXPL
HRBWjo74Ey+Qj7r3UOkSwMA5uM8E0k5M5zZopjzjrunhVGJZGMNrneMj0iDl7kt+
2Xi9DnrkjyaujTgHHmMBtVpB4rCJHz4bsynnhHmVj9RaIKSzKB8oBrxPk7PYOmmP
8+/wYh22DBSFo25ysFz8v3abMWL/j1RQl+y/Y64pmONCDIfl4MhedvUt1YuRmiLa
ymJJxVInikac97GrcVsuUrLEMibWfC1kYEtiLtH2iC43KbdJ/UfarVqCzTMDLUYW
ZBUMh2enYr4Cdh7FEyad3MSpNvZw1ir3f3Sf28ctqxMVYjCkH/IW5bNS
-----END CERTIFICATE-----
1 s:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = Thawte TLS RSA CA G1
i:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G2
-----BEGIN CERTIFICATE-----
MIIEizCCA3OgAwIBAgIQCQ7oxd5b+mLSri/3CXxIVzANBgkqhkiG9w0BAQsFADBh
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBH
MjAeFw0xNzExMDIxMjI0MjVaFw0yNzExMDIxMjI0MjVaMF4xCzAJBgNVBAYTAlVT
MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j
b20xHTAbBgNVBAMTFFRoYXd0ZSBUTFMgUlNBIENBIEcxMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEAxjngmPhVetC0b/ozbYJdzOBUA1sMog47030cAP+P
23ANUN8grXECL8NhDEF4F1R9tL0wY0mczHaR0a7lYanlxtwWo1s2uGnnyDs6mOCs
66ew2w3YETr6Tb14xgjpu1gGFtAeewaikO9Fud8hxGJTSwn8xeNkfKVWpD2L4vFN
36FNgxeilK6aE4ykgGAzNlokTp6hNOLAYpDySdLAPKzuJSQ7JCEZ6O+SDKywIdXL
oMTnpxuBKGSG88NWTo3CHCOGmQECia2yqdPDjgLqnEiYNjwQL8uMqj8rOvlMgviB
cHA7xty+7/uYLN6ZS7Vq1/F/lVhVOf5ej6jZdmB85szFbQIDAQABo4IBQDCCATww
HQYDVR0OBBYEFKWM/jLM6w8s1BnGCLgAJIhdw8W3MB8GA1UdIwQYMBaAFE4iVCAY
lebjbuYP+vq5Eu0GF485MA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEF
BQcDAQYIKwYBBQUHAwIwEgYDVR0TAQH/BAgwBgEB/wIBADA0BggrBgEFBQcBAQQo
MCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBCBgNVHR8E
OzA5MDegNaAzhjFodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRHbG9i
YWxSb290RzIuY3JsMD0GA1UdIAQ2MDQwMgYEVR0gADAqMCgGCCsGAQUFBwIBFhxo
dHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMA0GCSqGSIb3DQEBCwUAA4IBAQC6
km0KA4sTb2VYpEBm/uL2HL/pZX9B7L/hbJ4NcoBe7V56oCnt7aeIo8sMjCRWTCWZ
D1dY0+2KZOC1dKj8d1VXXAtnjytDDuPPf6/iow0mYQTO/GAg/MLyL6CDm3FzDB8V
tsH/aeMgP6pgD1XQqz+haDnfnJTKBuxhcpnx3Adbleue/QnPf1hHYa8L+Rv8Pi5U
h4V9FwHOfphdMXOxi14OqmsiTbc5cOs9/uukH+YVsuFdWTna6IVw1qh+tEtyH16R
vmi7pkqyZYULOPMIE7avrljVVBZuikwARtY8tCVV6Pp9l3VeagBqb2ffgqNJt3C0
TYNYQI+BXG1R1cABlold
-----END CERTIFICATE-----
---
Server certificate
subject=CN = *.sueddeutsche.de
issuer=C = US, O = DigiCert Inc, OU = www.digicert.com, CN = Thawte TLS RSA CA G1
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 3261 bytes and written 452 bytes
Verification: OK
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES128-GCM-SHA256
Session-ID: 92C894E2E60D09C67A91EC784D55B04C2C7A257C1628E75829C7279D1EE5005F
Session-ID-ctx:
Master-Key: D1C52FCF0F56DEDA75151D53A42DF2F65C452D5F9A597D0A673B3A43C02CE6679B0CC356A79EE79CE9124ED5BF5CE8D6
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1714149459
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: yes
---
DONE