Namecheap.com
SSL Checker SSL & CSR Decoder CSR Generator SSL Converter

SSL Checker

Submit the Hostname and Port in the fields below. This checker supports SNI and STARTTLS.

Report

Hostname: Doesn't match Common Name or/and SANs
Expired: No (21 days till expiration)
Public Key: We were unable to find any issues in the public key of end-entity certificate
Trusted: Yes, we were able to verify the certificate
Self-Signed: No, the end-entity certificate is not self-signed
Chain Issues: No, we were unable to detect any issues in the certificate chain sent by the server
Weak signatures: No, certificates sent by the server were not signed utilizing a weak hash function
OCSP Status: OCSP Responder returned "good" status for the end-entity certificate

DNS Information

Resolves To: 67.199.248.12
Reverse IP lookup: cname.bitly.com.
Nameserver: dns1.p06.nsone.net.
Nameserver: dns2.p06.nsone.net.
Nameserver: dns3.p06.nsone.net.
Nameserver: ns01.gannett-dns.com.
Nameserver: ns02.gannett-dns.com.
Nameserver: ns03.gannett-dns.com.

General Information

Common Name: bit.ly
SANs: DNS:bit.lyDNS:www.bit.ly Total number of SANs: 2
Organization: Bitly, Inc.
Locality: New York
Signature Algorithm: sha256WithRSAEncryption
Key Type: RSA
Key size: 2048 bits
Serial Number: 390720beaf85f007b838341e43d4950
Not Before: May 12, 2023 00:00:00 GMT
Not After: May 15, 2024 23:59:59 GMT
Number of certs: 2
Revocation Status: good
OCSP Stapling: Not Supported
Server: nginx
HSTS: Not Supported
HPKP: Not Supported

Chain Information

Certificate # 1 - Common Name: bit.ly

Decode this certificate for verbose information →
Subject Common Name bit.ly
Subject Organization Bitly, Inc.
Issuer Common Name DigiCert EV RSA CA G2
Issuer Organization DigiCert Inc
Not Before: May 12, 2023 00:00:00 GMT
Not After: May 15, 2024 23:59:59 GMT
Signature Algorithm: sha256WithRSAEncryption
Serial Number: 390720beaf85f007b838341e43d4950
SHA1 Fingerprint: A2:9E:97:EA:E4:51:06:C6:7B:BF:11:55:77:67:F5:8F:E5:7A:F7:0A
MD5 Fingerprint: 87:93:38:99:C7:A9:62:B1:E7:57:9F:C9:C8:19:79:95

Certificate # 2 - Common Name: DigiCert EV RSA CA G2

Decode this certificate for verbose information →
In place? Yes, this certificate directly certifies the preceding one
Subject Common Name DigiCert EV RSA CA G2
Subject Organization DigiCert Inc
Issuer Common Name DigiCert Global Root G2
Issuer Organization DigiCert Inc
Not Before: Jul 02, 2020 12:42:50 GMT
Not After: Jul 02, 2030 12:42:50 GMT
Signature Algorithm: sha256WithRSAEncryption
Serial Number: 1678f1fef882255d8b0a70e6b7bb220
SHA1 Fingerprint: 09:0A:16:F9:BA:16:00:1B:2E:C1:30:F8:05:23:E5:B5:EB:25:91:58
MD5 Fingerprint: 51:25:85:FE:60:C0:F0:F9:98:8B:2A:94:52:6D:4D:82

OpenSSL Handshake

depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G2
verify return:1
depth=1 C = US, O = DigiCert Inc, CN = DigiCert EV RSA CA G2
verify return:1
depth=0 jurisdictionC = US, jurisdictionST = Delaware, businessCategory = Private Organization, serialNumber = 4627013, C = US, ST = New York, L = New York, O = "Bitly, Inc.", CN = bit.ly
verify return:1
CONNECTED(00000003)
OCSP response: no response sent
---
Certificate chain
 0 s:jurisdictionC = US, jurisdictionST = Delaware, businessCategory = Private Organization, serialNumber = 4627013, C = US, ST = New York, L = New York, O = "Bitly, Inc.", CN = bit.ly
   i:C = US, O = DigiCert Inc, CN = DigiCert EV RSA CA G2
-----BEGIN CERTIFICATE-----
MIIG4jCCBcqgAwIBAgIQA5ByC+r4XwB7g4NB5D1JUDANBgkqhkiG9w0BAQsFADBE
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMR4wHAYDVQQDExVE
aWdpQ2VydCBFViBSU0EgQ0EgRzIwHhcNMjMwNTEyMDAwMDAwWhcNMjQwNTE1MjM1
OTU5WjCBuzETMBEGCysGAQQBgjc8AgEDEwJVUzEZMBcGCysGAQQBgjc8AgECEwhE
ZWxhd2FyZTEdMBsGA1UEDwwUUHJpdmF0ZSBPcmdhbml6YXRpb24xEDAOBgNVBAUT
BzQ2MjcwMTMxCzAJBgNVBAYTAlVTMREwDwYDVQQIEwhOZXcgWW9yazERMA8GA1UE
BxMITmV3IFlvcmsxFDASBgNVBAoTC0JpdGx5LCBJbmMuMQ8wDQYDVQQDEwZiaXQu
bHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQemlGH4RHoah3UNXa
AUbA2Y6fYEJIyBOpRU1QsEzifLqf+6vHMKEYQug4hpftzY5JLROUMv9NwVvuA76W
SiAAwdaAOWRIs4DewbZLm1SnOXOFM81Z14iVsfUZAzC25qCryh5rzz7qQVV6iv+9
vwGHdswRjrGf3ntvcZZ0t+R3IvN58BHpoKUKLm+Hw9SAc33KJ60vM9Hy1msH9QLq
qsJ9Y/iHpiinJ+MHbPtIp7s6adwlWeHUkquM2WBs2F/wHPXl0raxZROQHmrroqLR
4rfRqRQDUoaODGYnRSayLNuyJjQBPg2fyZgHNGP2XRsSv0XR67CYiNv77I/dVfpZ
FwHfAgMBAAGjggNWMIIDUjAfBgNVHSMEGDAWgBRqTlC/mGidW3sgddRZAXlIZpIy
BjAdBgNVHQ4EFgQUkcWVqjduZNHS58XwOuBnCjvS3VgwHQYDVR0RBBYwFIIGYml0
Lmx5ggp3d3cuYml0Lmx5MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEF
BQcDAQYIKwYBBQUHAwIwdQYDVR0fBG4wbDA0oDKgMIYuaHR0cDovL2NybDMuZGln
aWNlcnQuY29tL0RpZ2lDZXJ0RVZSU0FDQUcyLmNybDA0oDKgMIYuaHR0cDovL2Ny
bDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0RVZSU0FDQUcyLmNybDBKBgNVHSAEQzBB
MAsGCWCGSAGG/WwCATAyBgVngQwBATApMCcGCCsGAQUFBwIBFhtodHRwOi8vd3d3
LmRpZ2ljZXJ0LmNvbS9DUFMwcwYIKwYBBQUHAQEEZzBlMCQGCCsGAQUFBzABhhho
dHRwOi8vb2NzcC5kaWdpY2VydC5jb20wPQYIKwYBBQUHMAKGMWh0dHA6Ly9jYWNl
cnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEVWUlNBQ0FHMi5jcnQwCQYDVR0TBAIw
ADCCAX0GCisGAQQB1nkCBAIEggFtBIIBaQFnAHUAdv+IPwq2+5VRwmHM9Ye6NLSk
zbsp3GhCCp/mZ0xaOnQAAAGIDVwYYAAABAMARjBEAiA2GQdHfY2GG2h1bPvah8Bd
o7docFpr+xiztSnZnUgIiwIgIlCV0YFeLY6xtJF7afNWvdIvETwSHr2jF/BV8Xbs
V5YAdgBIsONr2qZHNA/lagL6nTDrHFIBy1bdLIHZu7+rOdiEcwAAAYgNXBhIAAAE
AwBHMEUCIBeZ+wFOOgoEtb1hzRyWVwe2VEOy+chzstaNENrdYUaQAiEA9SPF6WHb
5UnUxT04N5VRjQosxqStn/4swGtJMeaehJoAdgDatr9rP7W2Ip+bwrtca+hwkXFs
u1GEhTS9pD0wSNf7qwAAAYgNXBgXAAAEAwBHMEUCIChZAqdFCEdQW1K77ni7zbo1
amGleDbWgSEGXK2XE4/WAiEAjgaYmxRyXUXphak2RrB9KyEh+nz431lc26f3EU80
gdkwDQYJKoZIhvcNAQELBQADggEBADyekA9PyrSTtknk2nlnZuK1oeQg2DQMPTcs
nLxFT3tPM2rIlBaJvIvnht5xXeC9naDISz6k1Sw5p6pGhNaYC+GqRVXM71scI5Tb
ucEp4IS8jLaVRrsmo6dTvXUoSLC1X5nyiTI+GhotQwtFW3VdaJzshVzv1pBIpprq
yXBx5dqcJ22wvq/SIHN5Wwv+556gfurq9TEubaVBNBzj8I34zi8eYy+bB0IwKPSq
EU57RGgPR4zx2JCGsSjQlgDT9DXu+7ZLaL9WRqc/BZZ4sQER+qu6y1csUbUs5AB9
UFbn1BVMWZf+Q+KjGpKI6XfqpKgIxDyKeNejWlTXokxQqdRis18=
-----END CERTIFICATE-----
 1 s:C = US, O = DigiCert Inc, CN = DigiCert EV RSA CA G2
   i:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G2
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgIQAWePH++IIlXYsKcOa3uyIDANBgkqhkiG9w0BAQsFADBh
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBH
MjAeFw0yMDA3MDIxMjQyNTBaFw0zMDA3MDIxMjQyNTBaMEQxCzAJBgNVBAYTAlVT
MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxHjAcBgNVBAMTFURpZ2lDZXJ0IEVWIFJT
QSBDQSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK0eZsx/neTr
f4MXJz0R2fJTIDfN8AwUAu7hy4gI0vp7O8LAAHx2h3bbf8wl+pGMSxaJK9ffDDCD
63FqqFBqE9eTmo3RkgQhlu55a04LsXRLcK6crkBOO0djdonybmhrfGrtBqYvbRat
xenkv0Sg4frhRl4wYh4dnW0LOVRGhbt1G5Q19zm9CqMlq7LlUdAE+6d3a5++ppfG
cnWLmbEVEcLHPAnbl+/iKauQpQlU1Mi+wEBnjE5tK8Q778naXnF+DsedQJ7NEi+b
QoonTHEz9ryeEcUHuQTv7nApa/zCqes5lXn1pMs4LZJ3SVgbkTLj+RbBov/uiwTX
tkBEWawvZH8CAwEAAaOCAgswggIHMB0GA1UdDgQWBBRqTlC/mGidW3sgddRZAXlI
ZpIyBjAfBgNVHSMEGDAWgBROIlQgGJXm427mD/r6uRLtBhePOTAOBgNVHQ8BAf8E
BAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBIGA1UdEwEB/wQI
MAYBAf8CAQAwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2Nz
cC5kaWdpY2VydC5jb20wewYDVR0fBHQwcjA3oDWgM4YxaHR0cDovL2NybDMuZGln
aWNlcnQuY29tL0RpZ2lDZXJ0R2xvYmFsUm9vdEcyLmNybDA3oDWgM4YxaHR0cDov
L2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0R2xvYmFsUm9vdEcyLmNybDCBzgYD
VR0gBIHGMIHDMIHABgRVHSAAMIG3MCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5k
aWdpY2VydC5jb20vQ1BTMIGKBggrBgEFBQcCAjB+DHxBbnkgdXNlIG9mIHRoaXMg
Q2VydGlmaWNhdGUgY29uc3RpdHV0ZXMgYWNjZXB0YW5jZSBvZiB0aGUgUmVseWlu
ZyBQYXJ0eSBBZ3JlZW1lbnQgbG9jYXRlZCBhdCBodHRwczovL3d3dy5kaWdpY2Vy
dC5jb20vcnBhLXVhMA0GCSqGSIb3DQEBCwUAA4IBAQBSMgrCdY2+O9spnYNvwHiG
+9lCJbyELR0UsoLwpzGpSdkHD7pVDDFJm3//B8Es+17T1o5Hat+HRDsvRr7d3MEy
o9iXkkxLhKEgApA2Ft2eZfPrTolc95PwSWnn3FZ8BhdGO4brTA4+zkPSKoMXi/X+
WLBNN29Z/nbCS7H/qLGt7gViEvTIdU8x+H4l/XigZMUDaVmJ+B5d7cwSK7yOoQdf
oIBGmA5Mp4LhMzo52rf//kXPfE3wYIZVHqVuxxlnTkFYmffCX9/Lon7SWaGdg6Rc
k4RHhHLWtmz2lTZ5CEo2ljDsGzCFGJP7oT4q6Q8oFC38irvdKIJ95cUxYzj4tnOI
-----END CERTIFICATE-----
---
Server certificate
subject=jurisdictionC = US, jurisdictionST = Delaware, businessCategory = Private Organization, serialNumber = 4627013, C = US, ST = New York, L = New York, O = "Bitly, Inc.", CN = bit.ly

issuer=C = US, O = DigiCert Inc, CN = DigiCert EV RSA CA G2

---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 3655 bytes and written 382 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_128_GCM_SHA256
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
DONE
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol  : TLSv1.3
    Cipher    : TLS_AES_128_GCM_SHA256
    Session-ID: 76B311B4F8F851BB230FAB09AF8EA8E23807C43A21081E62143C177F6DB4E1CF
    Session-ID-ctx: 
    Resumption PSK: 779D87D2BA6D8232EA76E12A214ED075E0B47E45B4F7023E1F42D12238557EAC
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 604800 (seconds)
    TLS session ticket:
    0000 - 83 97 f1 a1 a5 d7 bc 9e-f0 96 ee d9 d2 a4 1b ba   ................
    0010 - a7 32 02 c2 3a 39 fe b8-07 fb 2f 94 b9 48 36 96   .2..:9..../..H6.
    0020 - 62 f1 a3 d9 50 f0 a5 aa-7e 0a d5 1f 90 14 06 36   b...P...~......6
    0030 - a6 dd 70 db 2f 50 53 fc-38 ff 56 ae fd 04 58 cb   ..p./PS.8.V...X.
    0040 - 6c 3f 72 35 a5 c8 55 8e-c4 c9 af 21 01 55 7e c3   l?r5..U....!.U~.
    0050 - da fc db c6 4f 52 6d 5d-c5 13 b1 cb f2 d4 f0 08   ....ORm]........
    0060 - c9 50 95 38 53 28 5c 5a-43                        .P.8S(\ZC

    Start Time: 1713975851
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
    Max Early Data: 0
---
read R BLOCK