SSL Checker
Submit the Hostname and Port in the fields below. This checker supports SNI and STARTTLS.
Report
| Hostname: | done Matches Common Name or/and SAN |
| Expired: | done No (28 days till expiration) |
| Public Key: | done We were unable to find any issues in the public key of end-entity certificate |
| Trusted: | close We were unable to verify this certificate |
| Self-Signed: | done No, the end-entity certificate is not self-signed |
| Chain Issues: | done No, we were unable to detect any issues in the certificate chain sent by the server |
| Weak signatures: | done No, certificates sent by the server were not signed utilizing a weak hash function |
| OCSP Status: | done OCSP Responder returned "good" status for the end-entity certificate |
DNS Information
| Resolves To: | 199.59.243.225 |
| Reverse IP lookup: | No records found |
| Nameserver: | ns2.bodis.com. |
| Nameserver: | ns1.bodis.com. |
General Information
| Common Name: | test-domain.com |
| SANs: | DNS:*.test-domain.comDNS:test-domain.com Total number of SANs: 2 |
| Signature Algorithm: | ecdsa-with-SHA384 |
| Key Type: | ECDSA (secp256r1) |
| Key size: | 256 bits |
| Serial Number: | 4e449bb340d089626595c179fcafce3cbfe |
| Not Before: | Mar 08, 2024 23:11:29 GMT |
| Not After: | Jun 06, 2024 23:11:28 GMT |
| Number of certs: | 2 |
| Revocation Status: | good |
| OCSP Stapling: | Not Supported |
| Server: | Not Provided |
| HSTS: | Not Supported |
| HPKP: | Not Supported |
Chain Information
Certificate # 1 - Common Name: test-domain.com
Decode this certificate for verbose information → launch| Subject Common Name | test-domain.com |
| Issuer Common Name | E1 |
| Issuer Organization | Let's Encrypt |
| Not Before: | Mar 08, 2024 23:11:29 GMT |
| Not After: | Jun 06, 2024 23:11:28 GMT |
| Signature Algorithm: | ecdsa-with-SHA384 |
| Serial Number: | 4e449bb340d089626595c179fcafce3cbfe |
| SHA1 Fingerprint: | 0F:2C:C1:EA:92:0E:F0:3B:B9:7C:9C:4E:75:9C:C2:0A:4E:1A:1A:4F |
| MD5 Fingerprint: | 34:37:BE:14:60:74:04:7D:E2:A4:10:71:9A:2B:D2:4E |
Certificate # 2 - Common Name: E1
Decode this certificate for verbose information → launch| In place? | Yes, this certificate directly certifies the preceding one |
| Subject Common Name | E1 |
| Subject Organization | Let's Encrypt |
| Issuer Common Name | ISRG Root X2 |
| Issuer Organization | Internet Security Research Group |
| Not Before: | Sep 04, 2020 00:00:00 GMT |
| Not After: | Sep 15, 2025 16:00:00 GMT |
| Signature Algorithm: | ecdsa-with-SHA384 |
| Serial Number: | b3bddff8a7845bbce903a04135b34a45 |
| SHA1 Fingerprint: | 09:1E:8E:A1:B2:56:A3:12:96:2A:F6:C1:40:C0:FB:F0:79:A4:07:B3 |
| MD5 Fingerprint: | 90:D3:66:64:04:88:FC:F8:76:BD:BD:3A:19:C5:FB:F1 |
OpenSSL Handshake
depth=1 C = US, O = Let's Encrypt, CN = E1
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN = test-domain.com
verify return:1
CONNECTED(00000003)
OCSP response: no response sent
---
Certificate chain
0 s:CN = test-domain.com
i:C = US, O = Let's Encrypt, CN = E1
-----BEGIN CERTIFICATE-----
MIIDkjCCAxigAwIBAgISBORJuzQNCJYmWVwXn8r848v+MAoGCCqGSM49BAMDMDIx
CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJF
MTAeFw0yNDAzMDgyMzExMjlaFw0yNDA2MDYyMzExMjhaMBoxGDAWBgNVBAMTD3Rl
c3QtZG9tYWluLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABOVq2zhphpLo
VDWRdDDaJJrF2bbdRp4XJTLSLAUdgxSFLFTEeykPTVRLL25oTiv6BJ/JiK7WxVYJ
SWCrEZxBFZCjggIkMIICIDAOBgNVHQ8BAf8EBAMCB4AwHQYDVR0lBBYwFAYIKwYB
BQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFMm/E2MrDyfo
8F7sbHE7ER1gb0VqMB8GA1UdIwQYMBaAFFrz7Sv8NsI3eblSMOpUb89Vyy6sMFUG
CCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL2UxLm8ubGVuY3Iub3Jn
MCIGCCsGAQUFBzAChhZodHRwOi8vZTEuaS5sZW5jci5vcmcvMC0GA1UdEQQmMCSC
ESoudGVzdC1kb21haW4uY29tgg90ZXN0LWRvbWFpbi5jb20wEwYDVR0gBAwwCjAI
BgZngQwBAgEwggEEBgorBgEEAdZ5AgQCBIH1BIHyAPAAdQA7U3d1Pi25gE6LMFsG
/kA7Z9hPw/THvQANLXJv4frUFwAAAY4gjOisAAAEAwBGMEQCIGdh2jikceaBiFML
JhV5LNLARnlJRc3cMN6MX3A4/8ayAiAgCP5osTmepH6m0A2Sp5cv33sKVmz3ggTf
8Nsdt4TcuwB3AKLiv9Ye3i8vB6DWTm03p9xlQ7DGtS6i2reK+Jpt9RfYAAABjiCM
6N8AAAQDAEgwRgIhAJrhrFFkd14AqLuUaL7nyL3N4p1Lrg2+KCmVb3hW8HT6AiEA
8kX4NPfgEGJcp1x473LLhXQhZkY2ye0vSUZi6EgNR7EwCgYIKoZIzj0EAwMDaAAw
ZQIxANQJBD6Adfta2p3YBo93oxZQgRcdaz4v+jGP0iHIOeCvPSqpZvTZVQHWr9V6
sF9OIgIwFRYXnS2nIBKOYms2Qe++kL6/KGtyxnwfHmUAJsD8JuXYyDDDynJNYS9U
bSN95tQt
-----END CERTIFICATE-----
1 s:C = US, O = Let's Encrypt, CN = E1
i:C = US, O = Internet Security Research Group, CN = ISRG Root X2
-----BEGIN CERTIFICATE-----
MIICxjCCAk2gAwIBAgIRALO93/inhFu86QOgQTWzSkUwCgYIKoZIzj0EAwMwTzEL
MAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2VhcmNo
IEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDIwHhcNMjAwOTA0MDAwMDAwWhcN
MjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3MgRW5j
cnlwdDELMAkGA1UEAxMCRTEwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQkXC2iKv0c
S6Zdl3MnMayyoGli72XoprDwrEuf/xwLcA/TmC9N/A8AmzfwdAVXMpcuBe8qQyWj
+240JxP2T35p0wKZXuskR5LBJJvmsSGPwSSB/GjMH2m6WPUZIvd0xhajggEIMIIB
BDAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMB
MBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFFrz7Sv8NsI3eblSMOpUb89V
yy6sMB8GA1UdIwQYMBaAFHxClq7eS0g7+pL4nozPbYupcjeVMDIGCCsGAQUFBwEB
BCYwJDAiBggrBgEFBQcwAoYWaHR0cDovL3gyLmkubGVuY3Iub3JnLzAnBgNVHR8E
IDAeMBygGqAYhhZodHRwOi8veDIuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYG
Z4EMAQIBMA0GCysGAQQBgt8TAQEBMAoGCCqGSM49BAMDA2cAMGQCMHt01VITjWH+
Dbo/AwCd89eYhNlXLr3pD5xcSAQh8suzYHKOl9YST8pE9kLJ03uGqQIwWrGxtO3q
YJkgsTgDyj2gJrjubi1K9sZmHzOa25JK1fUpE8ZwYii6I4zPPS/Lgul/
-----END CERTIFICATE-----
---
Server certificate
subject=CN = test-domain.com
issuer=C = US, O = Let's Encrypt, CN = E1
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: ECDSA
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 1992 bytes and written 390 bytes
Verification error: unable to get local issuer certificate
---
New, TLSv1.3, Cipher is TLS_AES_128_GCM_SHA256
Server public key is 256 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 20 (unable to get local issuer certificate)
---
DONE
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_128_GCM_SHA256
Session-ID: DD67150C18B1D5A40E082D9E19B646D107DE174078F094B674441D61FDE8A3E2
Session-ID-ctx:
Resumption PSK: 1B72005824DB90EAA1A04F0DE65744B7590BD747A55FADFE3928669161729B50
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 604800 (seconds)
TLS session ticket:
0000 - 17 c0 df c9 99 0f 72 93-f5 f9 b4 d4 b9 5a 96 e0 ......r......Z..
0010 - 94 05 e4 52 02 cd c3 9b-f3 c3 13 4d b2 6d c9 14 ...R.......M.m..
0020 - 51 95 86 ee 81 dd 53 fb-93 a7 2b b9 0b e7 c3 d6 Q.....S...+.....
0030 - 62 aa d0 65 e8 f6 ce 2e-f0 5d 4a bc b0 35 1b 6b b..e.....]J..5.k
0040 - c8 66 a9 45 02 42 47 1b-1e 34 39 f9 4d 47 9a 54 .f.E.BG..49.MG.T
0050 - 0f f1 82 ab d2 e3 cf 9a-9c 90 5b 71 41 03 fd 84 ..........[qA...
0060 - a7 fd b7 54 ef f3 d0 73-76 ...T...sv
Start Time: 1715269926
Timeout : 7200 (sec)
Verify return code: 20 (unable to get local issuer certificate)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK