SSL Checker
Submit the Hostname and Port in the fields below. This checker supports SNI and STARTTLS.
Report
It's all good. We have not detected any issues.
Hostname: | done Matches Common Name or/and SAN |
Expired: | done No (119 days till expiration) |
Public Key: | done We were unable to find any issues in the public key of end-entity certificate |
Trusted: | done Yes, we were able to verify the certificate |
Self-Signed: | done No, the end-entity certificate is not self-signed |
Chain Issues: | done No, we were unable to detect any issues in the certificate chain sent by the server |
Weak signatures: | done No, certificates sent by the server were not signed utilizing a weak hash function |
OCSP Status: | done OCSP Responder returned "good" status for the end-entity certificate |
DNS Information
CNAME: | e118552.dscx.akamaiedge.net. |
Resolves To: | 104.124.1.67 |
Reverse IP lookup: | a104-124-1-67.deploy.static.akamaitechnologies.com. |
Nameserver: | a11-67.akam.net. |
Nameserver: | a12-64.akam.net. |
Nameserver: | a1-236.akam.net. |
Nameserver: | a6-65.akam.net. |
Nameserver: | a9-67.akam.net. |
Nameserver: | a8-66.akam.net. |
General Information
Common Name: | kohls.com |
SANs: | DNS:*.kohls.comDNS:crms.kohlsrewards.comDNS:csr.kohlsrewards.comDNS:k-lab.comDNS:kohls.comDNS:kohlscorporation.comDNS:kohlsgreen.comDNS:kohlsgreenscene.comDNS:kohlsrealestate.comDNS:kohlsrewards.comDNS:kohlssuppliers.comDNS:kohlstravel.comDNS:laurenconradrunway.comDNS:lclaurenconradrunway.comDNS:lcrunway.comDNS:m.kohlsrewards.comDNS:media.kohlsimg.comDNS:media1.kohlsimg.comDNS:media2.kohlsimg.comDNS:mykohlscard.comDNS:mykohlscharge.comDNS:offaisle.comDNS:video.kohlsimg.comDNS:www.k-lab.comDNS:www.kohlscorporation.comDNS:www.kohlsgreen.comDNS:www.kohlsgreenscene.comDNS:www.kohlsrealestate.comDNS:www.kohlsrewards.comDNS:www.kohlssuppliers.comDNS:www.kohlstravel.comDNS:www.laurenconradrunway.comDNS:www.lclaurenconradrunway.comDNS:www.lcrunway.comDNS:www.mykohlscard.comDNS:www.mykohlscharge.comDNS:www.offaisle.com Total number of SANs: 37 |
Organization: | Kohl's, Inc. |
Locality: | Aurora |
Signature Algorithm: | sha256WithRSAEncryption |
Key Type: | ECDSA (secp256r1) |
Key size: | 256 bits |
Serial Number: | 769238826e681c6e77cd46c163c9892 |
Not Before: | Oct 29, 2021 00:00:00 GMT |
Not After: | Oct 29, 2022 23:59:59 GMT |
Number of certs: | 2 |
Revocation Status: | good |
OCSP Stapling: | Supported |
Server: | Not Provided |
HSTS: | Not Supported |
HPKP: | Not Supported |
Chain Information
Certificate # 1 - Common Name: kohls.com
Decode this certificate for verbose information → launchSubject Common Name | kohls.com |
Subject Organization | Kohl's, Inc. |
Issuer Common Name | DigiCert SHA2 Secure Server CA |
Issuer Organization | DigiCert Inc |
Not Before: | Oct 29, 2021 00:00:00 GMT |
Not After: | Oct 29, 2022 23:59:59 GMT |
Signature Algorithm: | sha256WithRSAEncryption |
Serial Number: | 769238826e681c6e77cd46c163c9892 |
SHA1 Fingerprint: | A8:AC:F3:A1:25:61:1D:E9:EA:25:7F:90:71:E6:A8:C2:59:AA:DC:A4 |
MD5 Fingerprint: | 26:04:15:AD:3B:38:C3:22:9C:3D:DB:10:9C:11:2E:5C |
Certificate # 2 - Common Name: DigiCert SHA2 Secure Server CA
Decode this certificate for verbose information → launchIn place? | Yes, this certificate directly certifies the preceding one |
Subject Common Name | DigiCert SHA2 Secure Server CA |
Subject Organization | DigiCert Inc |
Issuer Common Name | DigiCert Global Root CA |
Issuer Organization | DigiCert Inc |
Not Before: | Mar 08, 2013 12:00:00 GMT |
Not After: | Mar 08, 2023 12:00:00 GMT |
Signature Algorithm: | sha256WithRSAEncryption |
Serial Number: | 1fda3eb6eca75c888438b724bcfbc91 |
SHA1 Fingerprint: | 1F:B8:6B:11:68:EC:74:31:54:06:2E:8C:9C:C5:B1:71:A4:B7:CC:B4 |
MD5 Fingerprint: | 34:5E:FF:15:B7:A4:9A:DD:45:1B:65:A7:F4:BD:C6:AE |
OpenSSL Handshake
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA verify return:1 depth=1 C = US, O = DigiCert Inc, CN = DigiCert SHA2 Secure Server CA verify return:1 depth=0 C = US, ST = Illinois, L = Aurora, O = "Kohl's, Inc.", CN = kohls.com verify return:1 CONNECTED(00000003) OCSP response: ====================================== OCSP Response Data: OCSP Response Status: successful (0x0) Response Type: Basic OCSP Response Version: 1 (0x0) Responder Id: 0F80611C823161D52F28E78D4638B42CE1C6D9E2 Produced At: Jun 29 16:13:00 2022 GMT Responses: Certificate ID: Hash Algorithm: sha1 Issuer Name Hash: 105FA67A80089DB5279F35CE830B43889EA3C70D Issuer Key Hash: 0F80611C823161D52F28E78D4638B42CE1C6D9E2 Serial Number: 0769238826E681C6E77CD46C163C9892 Cert Status: good This Update: Jun 29 15:57:01 2022 GMT Next Update: Jul 6 15:12:01 2022 GMT Signature Algorithm: sha256WithRSAEncryption 86:97:cb:df:3e:fd:04:db:f8:6d:91:19:ad:6b:10:45:0b:70: a2:72:54:1c:59:02:fd:41:64:bc:65:d6:fe:77:9b:ec:4c:55: e2:2a:f4:b3:e8:e8:1e:3b:bc:e8:fd:b0:64:dd:2a:e4:f7:83: ec:aa:a3:1d:36:d7:cf:7d:0e:15:d0:91:ad:18:67:d9:65:a9: de:b3:71:79:8b:87:9e:fe:c7:fa:44:e3:16:61:41:20:87:de: fe:8d:1b:22:c6:ac:5b:b4:20:7e:e4:97:c4:cb:e9:5b:64:51: 7c:bd:2f:2d:bc:d0:05:fa:0e:08:e9:e5:59:29:cd:f7:f2:4f: d1:06:03:b7:c1:e4:7f:64:5b:93:86:52:28:af:fc:a8:14:92: 61:ad:02:1a:24:27:a1:9d:a3:5c:33:10:29:62:48:5e:13:00: 70:07:8b:14:b9:c6:6c:c8:4c:b4:79:c6:4d:9d:65:ca:9f:99: 67:c7:1d:70:06:f9:23:bc:7e:36:ca:3d:a4:d9:e9:ee:12:6b: 73:68:e3:0d:6f:ca:27:0e:ea:62:da:1d:1f:5b:5f:55:ce:97: e8:d1:b1:bc:5c:26:23:b3:be:81:0f:82:e0:c3:c0:cc:34:86: 3a:2a:6e:34:63:d5:57:31:27:44:31:eb:66:13:f4:dd:a8:23: ac:9d:12:5a ====================================== --- Certificate chain 0 s:/C=US/ST=Illinois/L=Aurora/O=Kohl's, Inc./CN=kohls.com i:/C=US/O=DigiCert Inc/CN=DigiCert SHA2 Secure Server CA -----BEGIN CERTIFICATE----- MIIIljCCB36gAwIBAgIQB2kjiCbmgcbnfNRsFjyYkjANBgkqhkiG9w0BAQsFADBN MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5E aWdpQ2VydCBTSEEyIFNlY3VyZSBTZXJ2ZXIgQ0EwHhcNMjExMDI5MDAwMDAwWhcN MjIxMDI5MjM1OTU5WjBcMQswCQYDVQQGEwJVUzERMA8GA1UECBMISWxsaW5vaXMx DzANBgNVBAcTBkF1cm9yYTEVMBMGA1UEChMMS29obCdzLCBJbmMuMRIwEAYDVQQD Ewlrb2hscy5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARlByHPcYb4H6RI sWL+h/z+ZBhukepjs8qG646akCXh4QbDZtpvww0RaLDxyjrM1s1xWLPMjY08gqMZ U8RkMqMjo4IGLDCCBigwHwYDVR0jBBgwFoAUD4BhHIIxYdUvKOeNRji0LOHG2eIw HQYDVR0OBBYEFPorT6JuGZLwLeZsUm1eQQDmKsJCMIIC+AYDVR0RBIIC7zCCAuuC Cyoua29obHMuY29tghVjcm1zLmtvaGxzcmV3YXJkcy5jb22CFGNzci5rb2hsc3Jl d2FyZHMuY29tgglrLWxhYi5jb22CCWtvaGxzLmNvbYIUa29obHNjb3Jwb3JhdGlv bi5jb22CDmtvaGxzZ3JlZW4uY29tghNrb2hsc2dyZWVuc2NlbmUuY29tghNrb2hs c3JlYWxlc3RhdGUuY29tghBrb2hsc3Jld2FyZHMuY29tghJrb2hsc3N1cHBsaWVy cy5jb22CD2tvaGxzdHJhdmVsLmNvbYIWbGF1cmVuY29ucmFkcnVud2F5LmNvbYIY bGNsYXVyZW5jb25yYWRydW53YXkuY29tggxsY3J1bndheS5jb22CEm0ua29obHNy ZXdhcmRzLmNvbYISbWVkaWEua29obHNpbWcuY29tghNtZWRpYTEua29obHNpbWcu Y29tghNtZWRpYTIua29obHNpbWcuY29tgg9teWtvaGxzY2FyZC5jb22CEW15a29o bHNjaGFyZ2UuY29tggxvZmZhaXNsZS5jb22CEnZpZGVvLmtvaGxzaW1nLmNvbYIN d3d3LmstbGFiLmNvbYIYd3d3LmtvaGxzY29ycG9yYXRpb24uY29tghJ3d3cua29o bHNncmVlbi5jb22CF3d3dy5rb2hsc2dyZWVuc2NlbmUuY29tghd3d3cua29obHNy ZWFsZXN0YXRlLmNvbYIUd3d3LmtvaGxzcmV3YXJkcy5jb22CFnd3dy5rb2hsc3N1 cHBsaWVycy5jb22CE3d3dy5rb2hsc3RyYXZlbC5jb22CGnd3dy5sYXVyZW5jb25y YWRydW53YXkuY29tghx3d3cubGNsYXVyZW5jb25yYWRydW53YXkuY29tghB3d3cu bGNydW53YXkuY29tghN3d3cubXlrb2hsc2NhcmQuY29tghV3d3cubXlrb2hsc2No YXJnZS5jb22CEHd3dy5vZmZhaXNsZS5jb20wDgYDVR0PAQH/BAQDAgeAMB0GA1Ud JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBvBgNVHR8EaDBmMDGgL6AthitodHRw Oi8vY3JsMy5kaWdpY2VydC5jb20vc3NjYS1zaGEyLWc2LTEuY3JsMDGgL6Athito dHRwOi8vY3JsNC5kaWdpY2VydC5jb20vc3NjYS1zaGEyLWc2LTEuY3JsMD4GA1Ud IAQ3MDUwMwYGZ4EMAQICMCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNl cnQuY29tL0NQUzB8BggrBgEFBQcBAQRwMG4wJAYIKwYBBQUHMAGGGGh0dHA6Ly9v Y3NwLmRpZ2ljZXJ0LmNvbTBGBggrBgEFBQcwAoY6aHR0cDovL2NhY2VydHMuZGln aWNlcnQuY29tL0RpZ2lDZXJ0U0hBMlNlY3VyZVNlcnZlckNBLmNydDAMBgNVHRMB Af8EAjAAMIIBfAYKKwYBBAHWeQIEAgSCAWwEggFoAWYAdQApeb7wnjk5IfBWc59j pXflvld9nGAK+PlNXSZcJV3HhAAAAXzNvuWxAAAEAwBGMEQCICNd3lHQYMFRc5aQ /Vw1saW7xvACYACKVfaM2FYY58aTAiBTWLOvy1Dfwc0oo907KplwVwaLYZM3HKqq FMY+qnqhcwB1AFGjsPX9AXmcVm24N3iPDKR6zBsny/eeiEKaDf7UiwXlAAABfM2+ 5hgAAAQDAEYwRAIhANWtUyAbYCtD0t3Fto3i3zjBCctOLYX621hnONNbFFRWAh8D R8BT7xYiSMGIE1Y9HulEXhUTrtOVmnAeNQWsppFmAHYAQcjKsd8iRkoQxqE6CUKH Xk4xixsD6+tLx2jwkGKWBvYAAAF8zb7l6gAABAMARzBFAiBESASbUmAAiD8P6Mks AkC6Zj3OQoLqNbfUyyFFocYWiwIhAIK2Zrk5Bn7m/DS/5U5iR/JlAWNktRk+BYqF 3XBPQeSPMA0GCSqGSIb3DQEBCwUAA4IBAQCMyc8IyHtAJEyhyKnHdAjr/pdln1zt HgzsvQqTywSmI5SsQ/nFSk7zPDecZPoIw9emWeZ49Q9/qGeAfV0Y1SvrW3cDnWk1 wHAIuUrohvLXJg+KR0KzPEpquH89svcPVwXnNtk2Rqrndu8AJnwviQnxlYjzRuwu IgOxvHK+CJQ+3h8hSFQbB6hqW4mxu3Uoqk9qmKdhqxIL3Lu9ddwfi37/BL8t8bFw 5N59qwm7q9uOeaR59nQfGHWB27rw8nn6r+cEWSY8U1Lck5OGeZvhASWFxFFg1kBr 0wLxmOuLlQFNH1T5jO4fIjtHTD71ISSvLMPiU/LcQn8XsYt8o4YfE+OM -----END CERTIFICATE----- 1 s:/C=US/O=DigiCert Inc/CN=DigiCert SHA2 Secure Server CA i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA -----BEGIN CERTIFICATE----- MIIElDCCA3ygAwIBAgIQAf2j627KdciIQ4tyS8+8kTANBgkqhkiG9w0BAQsFADBh MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD QTAeFw0xMzAzMDgxMjAwMDBaFw0yMzAzMDgxMjAwMDBaME0xCzAJBgNVBAYTAlVT MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxJzAlBgNVBAMTHkRpZ2lDZXJ0IFNIQTIg U2VjdXJlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB ANyuWJBNwcQwFZA1W248ghX1LFy949v/cUP6ZCWA1O4Yok3wZtAKc24RmDYXZK83 nf36QYSvx6+M/hpzTc8zl5CilodTgyu5pnVILR1WN3vaMTIa16yrBvSqXUu3R0bd KpPDkC55gIDvEwRqFDu1m5K+wgdlTvza/P96rtxcflUxDOg5B6TXvi/TC2rSsd9f /ld0Uzs1gN2ujkSYs58O09rg1/RrKatEp0tYhG2SS4HD2nOLEpdIkARFdRrdNzGX kujNVA075ME/OV4uuPNcfhCOhkEAjUVmR7ChZc6gqikJTvOX6+guqw9ypzAO+sf0 /RR3w6RbKFfCs/mC/bdFWJsCAwEAAaOCAVowggFWMBIGA1UdEwEB/wQIMAYBAf8C AQAwDgYDVR0PAQH/BAQDAgGGMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYY aHR0cDovL29jc3AuZGlnaWNlcnQuY29tMHsGA1UdHwR0MHIwN6A1oDOGMWh0dHA6 Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RDQS5jcmwwN6A1 oDOGMWh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RD QS5jcmwwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8v d3d3LmRpZ2ljZXJ0LmNvbS9DUFMwHQYDVR0OBBYEFA+AYRyCMWHVLyjnjUY4tCzh xtniMB8GA1UdIwQYMBaAFAPeUDVW0Uy7ZvCj4hsbw5eyPdFVMA0GCSqGSIb3DQEB CwUAA4IBAQAjPt9L0jFCpbZ+QlwaRMxp0Wi0XUvgBCFsS+JtzLHgl4+mUwnNqipl 5TlPHoOlblyYoiQm5vuh7ZPHLgLGTUq/sELfeNqzqPlt/yGFUzZgTHbO7Djc1lGA 8MXW5dRNJ2Srm8c+cftIl7gzbckTB+6WohsYFfZcTEDts8Ls/3HB40f/1LkAtDdC 2iDJ6m6K7hQGrn2iWZiIqBtvLfTyyRRfJs8sjX7tN8Cp1Tm5gr8ZDOo0rwAhaPit c+LJMto4JQtV05od8GiG7S5BNO98pVAdvzr508EIDObtHopYJeS4d60tbvVS3bR0 j6tJLp07kzQoH3jOlOrHvdPJbRzeXDLz -----END CERTIFICATE----- --- Server certificate subject=/C=US/ST=Illinois/L=Aurora/O=Kohl's, Inc./CN=kohls.com issuer=/C=US/O=DigiCert Inc/CN=DigiCert SHA2 Secure Server CA --- No client certificate CA names sent Peer signing digest: SHA256 Server Temp Key: ECDH, P-256, 256 bits --- SSL handshake has read 4374 bytes and written 336 bytes Verification: OK --- New, TLSv1.2, Cipher is ECDHE-ECDSA-AES256-GCM-SHA384 Server public key is 256 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-ECDSA-AES256-GCM-SHA384 Session-ID: 30D06E6449E42464933E64ADF62D1E5850EBA7111399E1CB51F7012E1676E233 Session-ID-ctx: Master-Key: CBAF8BE761571C7BF165CD3F8BBA4D34C8B94993F127F68BC237DB0251E1D465AC643CA5EDEE820BCC6308E6D729CACC PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 83100 (seconds) TLS session ticket: 0000 - 00 01 cf 18 b9 88 6e a2-33 4f 4c 19 c7 a1 02 c6 ......n.3OL..... 0010 - 0d ae 4e c1 77 08 de f5-f1 7f 80 86 13 f3 a3 c7 ..N.w........... 0020 - f2 b4 9a a3 ed e9 d1 88-aa 40 56 c8 62 ee 8e 5a .........@V.b..Z 0030 - c8 43 23 b1 0b fb 3d 96-5d aa 70 3f 5b 4b fb 7d .C#...=.].p?[K.} 0040 - 99 02 80 51 ba 09 36 2e-e4 a4 05 92 f8 44 8f 00 ...Q..6......D.. 0050 - 26 c1 8b 7b 82 25 7b 19-98 b7 10 b3 fb 4a 33 a8 &..{.%{......J3. 0060 - 30 d4 ad f1 d3 42 67 1f-ed ed a7 7a 72 69 bf 81 0....Bg....zri.. 0070 - 84 d6 42 5f 1d 9c eb b0-50 da f3 f4 c9 39 d1 78 ..B_....P....9.x 0080 - c6 ed 1a 41 d0 b2 22 4d-a4 84 05 73 32 e8 13 76 ...A.."M...s2..v 0090 - 42 f5 6e bb 37 c2 9e a0-25 65 69 ad 54 5a c3 b8 B.n.7...%ei.TZ.. 00a0 - db 45 b0 a5 c7 4a 52 90-1f 50 b6 e1 17 45 00 c0 .E...JR..P...E.. 00b0 - 61 e0 f4 38 97 fc 77 ca-ae 7b 4d fc b5 82 1a fc a..8..w..{M..... Start Time: 1656761946 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no --- DONE