SSL Checker
Submit the Hostname and Port in the fields below. This checker supports SNI and STARTTLS.
Report
It's all good. We have not detected any issues.
Hostname: | done Matches Common Name or/and SAN |
Expired: | done No (380 days till expiration) |
Public Key: | done We were unable to find any issues in the public key of end-entity certificate |
Trusted: | done Yes, we were able to verify the certificate |
Self-Signed: | done No, the end-entity certificate is not self-signed |
Chain Issues: | done No, we were unable to detect any issues in the certificate chain sent by the server |
Weak signatures: | done No, certificates sent by the server were not signed utilizing a weak hash function |
OCSP Status: | done OCSP Responder returned "good" status for the end-entity certificate |
DNS Information
Resolves To: | 195.50.177.61 |
Reverse IP lookup: | lb-redirect.dns.boreus.de. |
Nameserver: | ns4.boreus.de. |
Nameserver: | ns3.boreus.de. |
Nameserver: | ns1.boreus.de. |
Nameserver: | ns2.boreus.de. |
General Information
Common Name: | *.sueddeutsche.de |
SANs: | DNS:*.sueddeutsche.deDNS:sueddeutsche.de Total number of SANs: 2 |
Signature Algorithm: | sha256WithRSAEncryption |
Key Type: | RSA |
Key size: | 2048 bits |
Serial Number: | c41013cc9008c44b98e0094cddecf96 |
Not Before: | Apr 10, 2024 00:00:00 GMT |
Not After: | May 11, 2025 23:59:59 GMT |
Number of certs: | 2 |
Revocation Status: | good |
OCSP Stapling: | Not Supported |
Server: | nginx |
HSTS: | Not Supported |
HPKP: | Not Supported |
Chain Information
Certificate # 1 - Common Name: *.sueddeutsche.de
Decode this certificate for verbose information → launchSubject Common Name | *.sueddeutsche.de |
Issuer Common Name | Thawte TLS RSA CA G1 |
Issuer Organization | DigiCert Inc |
Not Before: | Apr 10, 2024 00:00:00 GMT |
Not After: | May 11, 2025 23:59:59 GMT |
Signature Algorithm: | sha256WithRSAEncryption |
Serial Number: | c41013cc9008c44b98e0094cddecf96 |
SHA1 Fingerprint: | 93:84:13:75:4A:94:2B:FA:B7:03:60:EA:08:CF:E1:04:6F:D6:B7:0A |
MD5 Fingerprint: | 7A:CB:65:71:23:93:63:1E:73:64:D1:E1:83:75:48:AF |
Certificate # 2 - Common Name: Thawte TLS RSA CA G1
Decode this certificate for verbose information → launchIn place? | Yes, this certificate directly certifies the preceding one |
Subject Common Name | Thawte TLS RSA CA G1 |
Subject Organization | DigiCert Inc |
Issuer Common Name | DigiCert Global Root G2 |
Issuer Organization | DigiCert Inc |
Not Before: | Nov 02, 2017 12:24:25 GMT |
Not After: | Nov 02, 2027 12:24:25 GMT |
Signature Algorithm: | sha256WithRSAEncryption |
Serial Number: | 90ee8c5de5bfa62d2ae2ff7097c4857 |
SHA1 Fingerprint: | C9:FE:FC:76:3D:95:48:B4:87:69:6F:04:7A:CB:A0:AB:E4:5C:7B:C1 |
MD5 Fingerprint: | B6:D2:12:3E:FC:D2:CF:87:C8:67:6D:F1:3D:48:CD:30 |
OpenSSL Handshake
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G2 verify return:1 depth=1 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = Thawte TLS RSA CA G1 verify return:1 depth=0 CN = *.sueddeutsche.de verify return:1 CONNECTED(00000003) OCSP response: no response sent --- Certificate chain 0 s:CN = *.sueddeutsche.de i:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = Thawte TLS RSA CA G1 -----BEGIN CERTIFICATE----- MIIGJjCCBQ6gAwIBAgIQDEEBPMkAjES5jgCUzd7PljANBgkqhkiG9w0BAQsFADBe MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 d3cuZGlnaWNlcnQuY29tMR0wGwYDVQQDExRUaGF3dGUgVExTIFJTQSBDQSBHMTAe Fw0yNDA0MTAwMDAwMDBaFw0yNTA1MTEyMzU5NTlaMBwxGjAYBgNVBAMMESouc3Vl ZGRldXRzY2hlLmRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxdgK gyQ+uUPIKBMIpCstY37q3IAisq3sxaTCCqRu9QIxCBrJc/ulz9/ld/DVYrUNfbVk 68c1FJmjDXcmhl44CXZeyTffZlvKCLI8I+qfv9EwUDpkwPFXbKt2P4/AbBzS6BQb JERtM9Z1jfzWxYovLQSFggx3ne1dCjOSWosX/IwUoLwap57coSVoKw1ie8XoO4EZ 2X8WehPJCMx/yFgzsFqlixVkrvfWf9OT6PSYuUAKQZrzjRZknl0RAacqDXkdgLfB iU6FpTyftPpl6F+YucYMZ8jydiNWrGM3zyangscvXmRhPet2vcABGZbM7lAM1SWS K6bBdQeyL+5WDexw2wIDAQABo4IDIDCCAxwwHwYDVR0jBBgwFoAUpYz+MszrDyzU GcYIuAAkiF3DxbcwHQYDVR0OBBYEFNrG5T4cvy5JcXkFGCAlJZwaMwcZMC0GA1Ud EQQmMCSCESouc3VlZGRldXRzY2hlLmRlgg9zdWVkZGV1dHNjaGUuZGUwPgYDVR0g BDcwNTAzBgZngQwBAgEwKTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdpY2Vy dC5jb20vQ1BTMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYI KwYBBQUHAwIwOwYDVR0fBDQwMjAwoC6gLIYqaHR0cDovL2NkcC50aGF3dGUuY29t L1RoYXd0ZVRMU1JTQUNBRzEuY3JsMHAGCCsGAQUFBwEBBGQwYjAkBggrBgEFBQcw AYYYaHR0cDovL3N0YXR1cy50aGF3dGUuY29tMDoGCCsGAQUFBzAChi5odHRwOi8v Y2FjZXJ0cy50aGF3dGUuY29tL1RoYXd0ZVRMU1JTQUNBRzEuY3J0MAwGA1UdEwEB /wQCMAAwggF9BgorBgEEAdZ5AgQCBIIBbQSCAWkBZwB1AE51oydcmhDDOFts1N8/ Uusd8OCOG41pwLH6ZLFimjnfAAABjshBXvEAAAQDAEYwRAIgJ4k3cKpJRQRK4pwI TCTzmMZB4DrUQNWYEuzSuqZ2iWsCIC9UH1G0W9t8VsK9onMGkcCtZAQ9Rtssg+jQ wlqDOUf3AHYAfVkeEuF4KnscYWd8Xv340IdcFKBOlZ65Ay/ZDowuebgAAAGOyEFf JgAABAMARzBFAiEAkEd06wbX4dhNzLZVpv7OU5aH8TBOrD0A1Yb2R1QLg4oCIF3+ 6HbGZsAFLUmiRxiK9g3lJp18Xmmtjnjp4KzRSHQPAHYA5tIxY0B3jMEQQQbXcbnO wdJA9paEhvu6hzId/R43jlAAAAGOyEFfNwAABAMARzBFAiEA4gKIcmQK27zhXuQU vrMr90dyPK/hP1BkIkg2LpGF6JECIAboXlAEzmRxJPDDyAewe6lJ3u0zPMYm8FQn 0Ao/lAXAMA0GCSqGSIb3DQEBCwUAA4IBAQAxJ81EIwhqpaqlLaNPz1sQeeVDZXPL HRBWjo74Ey+Qj7r3UOkSwMA5uM8E0k5M5zZopjzjrunhVGJZGMNrneMj0iDl7kt+ 2Xi9DnrkjyaujTgHHmMBtVpB4rCJHz4bsynnhHmVj9RaIKSzKB8oBrxPk7PYOmmP 8+/wYh22DBSFo25ysFz8v3abMWL/j1RQl+y/Y64pmONCDIfl4MhedvUt1YuRmiLa ymJJxVInikac97GrcVsuUrLEMibWfC1kYEtiLtH2iC43KbdJ/UfarVqCzTMDLUYW ZBUMh2enYr4Cdh7FEyad3MSpNvZw1ir3f3Sf28ctqxMVYjCkH/IW5bNS -----END CERTIFICATE----- 1 s:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = Thawte TLS RSA CA G1 i:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G2 -----BEGIN CERTIFICATE----- MIIEizCCA3OgAwIBAgIQCQ7oxd5b+mLSri/3CXxIVzANBgkqhkiG9w0BAQsFADBh MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBH MjAeFw0xNzExMDIxMjI0MjVaFw0yNzExMDIxMjI0MjVaMF4xCzAJBgNVBAYTAlVT MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j b20xHTAbBgNVBAMTFFRoYXd0ZSBUTFMgUlNBIENBIEcxMIIBIjANBgkqhkiG9w0B AQEFAAOCAQ8AMIIBCgKCAQEAxjngmPhVetC0b/ozbYJdzOBUA1sMog47030cAP+P 23ANUN8grXECL8NhDEF4F1R9tL0wY0mczHaR0a7lYanlxtwWo1s2uGnnyDs6mOCs 66ew2w3YETr6Tb14xgjpu1gGFtAeewaikO9Fud8hxGJTSwn8xeNkfKVWpD2L4vFN 36FNgxeilK6aE4ykgGAzNlokTp6hNOLAYpDySdLAPKzuJSQ7JCEZ6O+SDKywIdXL oMTnpxuBKGSG88NWTo3CHCOGmQECia2yqdPDjgLqnEiYNjwQL8uMqj8rOvlMgviB cHA7xty+7/uYLN6ZS7Vq1/F/lVhVOf5ej6jZdmB85szFbQIDAQABo4IBQDCCATww HQYDVR0OBBYEFKWM/jLM6w8s1BnGCLgAJIhdw8W3MB8GA1UdIwQYMBaAFE4iVCAY lebjbuYP+vq5Eu0GF485MA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEF BQcDAQYIKwYBBQUHAwIwEgYDVR0TAQH/BAgwBgEB/wIBADA0BggrBgEFBQcBAQQo MCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBCBgNVHR8E OzA5MDegNaAzhjFodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRHbG9i YWxSb290RzIuY3JsMD0GA1UdIAQ2MDQwMgYEVR0gADAqMCgGCCsGAQUFBwIBFhxo dHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMA0GCSqGSIb3DQEBCwUAA4IBAQC6 km0KA4sTb2VYpEBm/uL2HL/pZX9B7L/hbJ4NcoBe7V56oCnt7aeIo8sMjCRWTCWZ D1dY0+2KZOC1dKj8d1VXXAtnjytDDuPPf6/iow0mYQTO/GAg/MLyL6CDm3FzDB8V tsH/aeMgP6pgD1XQqz+haDnfnJTKBuxhcpnx3Adbleue/QnPf1hHYa8L+Rv8Pi5U h4V9FwHOfphdMXOxi14OqmsiTbc5cOs9/uukH+YVsuFdWTna6IVw1qh+tEtyH16R vmi7pkqyZYULOPMIE7avrljVVBZuikwARtY8tCVV6Pp9l3VeagBqb2ffgqNJt3C0 TYNYQI+BXG1R1cABlold -----END CERTIFICATE----- --- Server certificate subject=CN = *.sueddeutsche.de issuer=C = US, O = DigiCert Inc, OU = www.digicert.com, CN = Thawte TLS RSA CA G1 --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA Server Temp Key: ECDH, P-256, 256 bits --- SSL handshake has read 3261 bytes and written 452 bytes Verification: OK --- New, TLSv1.2, Cipher is ECDHE-RSA-AES128-GCM-SHA256 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES128-GCM-SHA256 Session-ID: 92C894E2E60D09C67A91EC784D55B04C2C7A257C1628E75829C7279D1EE5005F Session-ID-ctx: Master-Key: D1C52FCF0F56DEDA75151D53A42DF2F65C452D5F9A597D0A673B3A43C02CE6679B0CC356A79EE79CE9124ED5BF5CE8D6 PSK identity: None PSK identity hint: None SRP username: None Start Time: 1714149459 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: yes --- DONE