Ссл чекер


10 онлайн-инструментов для проверки SSL, TLS и последних уязвимостей

От переводчика.

Привет! В последнее время было обнаружено довольно много уязвимостей, связанных с SSL, поэтому мне захотелось сделать перевод статьи, в которой собран список инструментов для тестирования SSL, TLS и различных уязвимостей. В статье довольно много терминов, поэтому хочу извиниться, если что-то перевела не совсем корректно. Если вы можете предложить лучший вариант перевода, пожалуйста, напишите в личные сообщения.

Проверяйте SSL, TLS и шифрование

Проверка SSL необходима для обеспечения правильного отображения параметров сертификата. Существует множество способов проверки SSL-сертификатов. Проверка с помощью инструментов в сети позволяет получить полезную информацию, находящуюся ниже. Она также поможет вам выявить угрозы на ранних стадиях, а не после получения жалобы клиента.

Я получил ряд вопросов после своей последней публикации «Усиление защиты Apache. Гид по безопасности» о проверке TLS и SSL. В этой статье я расскажу вам о некоторых полезных инструментах для проверки SSL-сертификатов в сети.

Symantec SSL Toolbox

Проверка CSR — очень важно проверить CSR перед отправкой для подписи запроса. Вы сможете удостовериться в том, что CSR содержит все требуемые параметры, например, CN, DN, O, OU, алгоритм и др.

Проверка установки сертификата — после установки всегда полезно удостовериться в том, что сертификат действителен и содержит необходимую информацию. Этот онлайн инструмент позволит вам проверить CN, SAN, название организации, OU, город, серийный номер, тип применяемого алгоритма, длину ключа и подробности о цепочке сертификата.

Wormly Web Server Tester

Тестирование web сервера от Wormly позволяет получить подробный обзор параметров ссылки. Обзор включает в себя данные о сертификате (CN, срок действия, цепочка сертификата), шифровании, длине открытого ключа, безопасности повторного согласования, протоколах типа SSLv3/v2, TLSv1/1.2.

DigiCert SSL Certificate Checker

Инструмент для проверки установки SSL сертификатов от DigiCert — еще один прекрасный инструмент, который позволит вам преобразовать DNS в IP адрес, узнать кто выдал сертификат, его серийный номер, длину ключа, алгоритм подписи, SSL-шифрование, поддерживаемое сервером и срок действия сертификата.

SSL Shopper

Проверка SSL от SSL Shopper — подойдет для быстрой проверки типа сервера, срока действия, SAN и цепочки доверия. Вы сможете оперативно найти ошибку в цепочке сертификата или узнать, что он не работает должным образом. Инструмент отлично подходит для устранения неполадок в работе.

GlobalSign SSL Check

Проверка конфигурации SSL от GlobalSign предоставляет очень подробную информацию о веб-сервере и SSL. Инструмент ставит баллы в зависимости от данных сертификата, поддержки протоколов, обмена ключами и надёжности шифра. Это незаменимый инструмент при настройке нового безопасного URL или проведении аудита. Обязательно попробуйте!

Qualys SSL Labs

Позволяет оценить ваш сайт в отношении безопасности SSL-сертификата. Предоставляет очень подробную техническую информацию. Советую системным администраторам, аудиторам, инженерам по интернет-безопасности для выявления и наладки “слабых” параметров.

Free SSL Server Test

Производит проверку вашей https ссылки и отображает следующую информацию, которую при желании можно скачать в PDF-формате:

COMODO SSL Analyzer

SSL анализатор от COMODO позволяет провести анализ https URL и быстро получить отчеты по различным параметрам, включая

SSL Checker

Что действительно хорошо в SSL Checker, так это то, что инструмент позволяет настроить напоминание (за 30 дней) об истечении срока действия сертификата. Это отлично, мне кажется, что бесплатно эту услугу больше нигде получить нельзя. Кроме того, инструмент позволяет выполнить базовую проверку таких параметров, как:

HowsMySSL

Этот инструмент отличается от остальных. Он позволяет проверить клиента (браузер) и получить оценку состояния по следующим параметрам: Для проверки клиента, просто зайдите на HowsMySSL в браузере.

Другие инструменты онлайн-проверки

Проверка уязвимости POODLE: Проверка уязвимости FREAK: Проверка уязвимости LogJam: Проверка уязвимости SHA-1: Я считаю, что перечислил все бесплатные онлайн-инструменты для проверки параметров SSL-сертификата и получения достоверной технической информации для проведения аудита и обеспечения безопасности веб-приложений. Если вам понравилось, поделитесь с друзьями.

P. S. Приглашаем в наше Хостинг Кафе. Работают и активно развиваются 6 сайтов для поиска хостинговых услуг:

Спасибо andorro за помощь с подготовкой публикации.

habrahabr.ru

10 Online Tool to Test SSL, TLS and Latest Vulnerability

Verify your SSL, TLS & Ciphers implementation.

SSL verification is necessary to ensure your certificate parameters are displayed as expected. There are multiple ways to check SSL certificate, however testing through online tool provides you much useful information listed below.

This also helps you in finding any issues in advance instead of user complaining about them.

Having misconfigured SSL/TLS can lead your website to vulnerable so check out following online tools to find out if something wrong.

1. SSL Labs

SSL Labs by Qualys is one of the most popular SSL testing tools to check all latest vulnerability & misconfiguration. Ex:

Test results provide detailed technical information; advisable to use for system administrator, auditor, web security engineer to know and fix for any weak parameters.

2. SSL Checker

SSL Checker let you quickly identify if chain certificate is properly implemented. Great idea to proactively test after SSL cert implementation to ensure chain certificate is not broken.

SSL Store got some other tool which might be useful like:

3. Symantec

Check SSL/TLS cert installation test against latest vulnerability like heartbleed, poodle, FREAK, BEAST, CRIME, and provide information like:

4. Wormly

Web Server Tester by Wormly check for more than 65 metrics and give you a status of each including overall scores. The report contains certificate overview (CN, Expiry details, Trust chain), Encryption Ciphers details, Public key size, Secure Renegotiation, Protocols like SSLv3/v2, TLSv1/1.2.

5. DigiCert

DigiCert SSL Installation Diagnostics Tool is another fantastic tool to provide you DNS resolves IP address, Certificate details including Issuer, Serial number, key length, signature algorithm, SSL cipher supported by the server and expiry details.

It’s useful if you are looking to verify what all ciphers your server supports.

6. SSL Server Security Test

Useful tool by High-Tech Bridge to perform scan against your https URL and provide in-depth technical information with an option to download the report in PDF format.

7. SSL Analyzer

Comodo Analyzer scans your https URL and gives you quick reports on various parameters including:

8. SSL Checker

One good thing about SSL Checker is that it has an option to add a reminder (30 days before) about SSL cert expiry. This is great, as I don’t think any other providing this feature in free. Along with this excellent feature, it verifies the basic stuff like:

9. HowsMySSL

This is different. It scans the client (browser) and gives you status on various checks like:

To test the client, just access the HowsMySSL from a browser.

10. SSL Checker

SSL Checker by SSL Shopper help you to check certificate issuer, expiry details & chain implementation.

I believe the above listed free online tool is sufficient to validate SSL certificate parameter and gives good technical information for auditing and keep your web application security.

If you are looking to learn in-depth about SSL/TLS operations needed for Dev Ops and System Administration, then you may refer online course by Nisheed K M.

geekflare.com

4 SSL Checker Extensions For Chrome

User Ratings:

[Total: 0    Average: 0/5]

Here’s a list of 4 SSL checker extensions for Chrome which can be used to check if a website uses proper implementation of SSL encryption. Not all versions of SSL are the same. Some of them use weaker methods of encryption, like SHA-1, which has increased risk of being tampered with by third parties. Other irregularities involving SSL certificates are also possible. By having an SSL checker extension, you’ll be able to check the quality of SSL encryption before sharing info with a website.

Check SSL

Check SSL is an SSL checker extension which focuses on checking what type of encryption is used by SSL implementations of websites that you visit. It focuses on the problem I mentioned in the introduction, use of the less safe SHA-1 encryption.

Sponsored Links

After installing the extension it is going to add its own icon to the top right corner of the screen from where you’ll be able to read off messages depending on what the extension scan detects. “Bad” means that there are serious problems with SSL, “almost” means that problematic encryptions are found (as in SHA-1) and “good” means that no problems are found and you can be rest assured that your connection with the website is encrypted and secure.

Get Check SSL.

SSL Checker

SSL Checker is much more simpler than Check SSL as it only checks whether or not a certain website has proper SSL setup or not.

If there are no problems with SSL and everything is working properly, you’re going to see a Green lock icon displayed on the top right corner icon. If problems are detected, the icon won’t “light up” Green; it will remain Gray. Chrome has something similar in place for reporting on SSL encryption issues of websites. With SSL Checker you add additional layer of protection to make sure you don’t accidentally submit sensitive info over un-encrypted connections.

Get SSL Checker.

Also have a look at Free Chrome Extension To Digitally Sign Documents.

SSL Grade

SSL Grade gives websites grades based on how secure their SSL encryption is. It works with SSLLabs website to determine the quality of SSL encryption that a certain website has.

Grades are displayed in the address bar, all the way to the right. They go from A+ for “everything is OK” SSL encryption all the way to F for those SSL setups which have problems and might not even be safe enough for you to comfortably register/login on the website in question. Left click on the grade will take you to more in-depth results of the analysis on the SSLLabs website.

Get SSL Grade.

SSLight

SSLight will make sure that you never again type in and submit sensitive data on un-encrypted SSL web pages. It does this by warning the user with red indicators inside forms, see image down below, when there’s something wrong with SSL.

If everything is OK with SSL, indicators are going to be green. It’s possible to setup the extension to only show red indicators in case something is wrong, so that you’re not bombarded with them all the time.

Get SSLight.

Also have a look at 4 Email Tracking Extensions For Chrome.

Conclusion

Most of us don’t pay attention to SSL but it is very important. At the very least you should make sure that you have proper SSL active when logging into Paypal, net banking and when typing in credit card info. I think that SSLight and SSL Grade are best for doing that, but you can’t go wrong no matter which of the 4 SSL checker extensions from the list above you choose.

www.ilovefreesoftware.com

SSL Checker Tool - A free Tool to Check SSL Certificate

An SSL (Secure Sockets Layer) checker is a tool used by SEO and webmasters to verify proper installation of SSL certificate on the web server hosting their website. We all know that connections on the internet between website visitors and web servers are not secure. To overcome this vulnerability, SSL was designed in the 1990s to secure HTTP connections between Netscape clients and web servers. SSL was eventually used to encrypt and authenticate communications over the internet at the transport layer of the network.

In 2015 the Internet Engineering Task Force replaced SSL with TLS (Transport Layer Security). Both these protocols are not interoperable TLS is backward compatible with SSL 3.0.

How SSL works

SSL uses a combination of keys, both public and a symmetric encrypted key to secure the connection between two machines (web server and client) over a public network. SSL runs on the network and the transport layer. Both these layers are responsible for transporting and routing data over a network. A point to note here is that when client setups a connection with a server it traverses over some networks and establishes a connection. SSL ensures that the connection established is secure and data can be transferred over it.

Advertisement

The SSL protocol has two sub protocols which are the 'handshake' and the record protocol. The handshake protocol establishes how data will be encrypted and authenticated for transfer between the two machines. The record protocol defines how data will be prepared and transmitted between the server and client.

Once the encryption code has been accepted on how data will be exchanged during that session between both the machines. The entire session of establishing the connection and authentication is invisible to the user. The client presents its certification, and the server verifies it before the session starts. If a user looks closely at the navigation bar on the search browser and sees a padlock icon, this indicates that the session is secure.

There were some issues with the SSL protocol, and that led to the evolvement of TLS. The term SSL or SSL/TLS are still commonly used to refer to the security protocol of the internet traffic. The SSL/TLS protocol is so widely used that Google reported that more than 50 percent of pages loaded on Google Chrome were using this protocol to establish and authenticate web server and client browsers.

SSL Certificate Checker

An SEO must ensure that the SSL certification in use on the website's web server is authentic and valid. To do this, an SSL certificate checker can be used. If you were to search for SSL certificate checker on your browser, you would come across some sites like; Symantec SSL checker, DigiCert SSL checker, Comodo SSL checker and its checker on your browser. In case you are an Apple user you can use SSL certificate viewer mac to check the certification.

You can verify if the SSL certificate on your web server is correctly installed, trusted and valid and is not causing any problems to your website users. As an internet user, you can check if your connection to a website is secure or not. If you look at the address bar on your browser, you will see a padlock on the left corner, click on it and you can 'View Certificate.' If you are using Google Chrome browser, it will give a message, and you can view the certification in another window. The certification also tells you how many times you have visited the web site and whether you have saved a password for the site on the web server.

As a webmaster or SEO, you can get an SSL certification for your website if you have a dedicated IP address for your website. You will need to contact the companies that sell SSL certification, they can be easily found by searching the internet. The price varies, and an annual certificate is issued after which you need to renew it. Websites that want all their interactions to be secure over the internet apply and purchase SSL certification.

You need to provide information about your website, its owner, address, contact information, etc., which is a part of your 'public key' before you are given the SSL certification. The SSL certificate providers have to make sure that they are selling the certificate to a genuine and legal buyer. SSL is designed to protect websites and clients against illegal access, and SSL certificate providers have to be sure that they are providing certificates to the right clients.

You must know how to activate your SSL certificate on your website. To do this, you will have to coordinate with your web service provider. They will provide you all the information that you will need to activate your SSL certificate. As an SEO or webmaster, you should not find this a difficult task to perform. But if you do need help you can always find websites that will guide you on how to install and activate SSL certification on the website. You might need this help if you are unfamiliar with the web server type or operating system on it.

After installing the SSL certificate on the website, you can check and see if the certification has been correctly installed and is activated.

How to Use SSL Checker

You can do an SSL certificate check by navigating to smallseotools.com website, or you can copy/paste smallseotools.com/ssl-checker in the address bar of your search browser. In the SSL Checker window enter your website's URL address and click 'Submit.' The application will check if your website has SSL certification or not.

This tool by smallseotools.com is the easiest and most handy tool to check if your website has SSL certification. In case you had an SSL certification which has expired, it will provide you with that information. Also in case, you have got SSL certification which you have uploaded to your web server you can check if it's working and providing the security to your website and your clients. You can also perform an SSL server test. Getting SSL certification creates trust among your visitors, and if you are managing an e-commerce website, you must get it.

smallseotools.com

SSL Checker - Test Certificate and Installation

This check checks if the CSR's name contains a field with no value. For example, the CSR Decoder would issue a warning about the name given below because the locality field is present, but has no value.

CN=www.acme.com, O=acme, L=, C=gb

The reason for this warning is that some CAs may reject CSRs that contain fields with empty values.

Checks for weak RSA keys generated by Debian-based systems. It uses the dowkd blacklist, which may be incomplete.

This page contains CSRs and certificates with known weak keys. Please let us know if it fails to identify a CSR or certificate you know to have weak key.

In May 2008, the Debian team announced that Luciano Bello had discovered a vulnerabilty in the Debian OpenSSL package. The impact was that all SSL and SSH keys generated on Debian-based systems (including Ubuntu) released between September 2006 and May 13th 2008 may be affected. The Debian Security Team disclosed this vulnerability in Debian Security Advisory 1571. The best resource on this vulnerability is the Debian Wiki. We have also written about this in our CSR FAQ.

(IP Addresses for this host: 12.130.86.86)

Subject
RDN Value
Common Name (CN) *.ipsoft.com
Organizational Unit (OU) IPsoft Platform Support
Organization (O) IPsoft Inc
Locality (L) New York
State (ST) New York
Country (C) US
Properties
Property Value
Issuer Company thawte, Inc.
Issuer Full Name CN = thawte SSL CA - G2,O = "thawte, Inc.",C = US
Subject CN = *.ipsoft.com,OU = IPsoft Platform Support,O = IPsoft Inc,L = New York,ST = New York,C = US
Valid From 8 Sep 2016, midnight
Valid To 8 Sep 2019, 11:59 p.m.
Serial Number 7C:07:DF:0F:C2:F6:2D:11:8D:C2:71:F5:AC:D1:38:A6 (164865141781441064557208765790755567782)
Signature Algorithm sha256WithRSAEncryption
CA Cert No
Key Size 2048 bits
Fingerprint (SHA-1) 0E:48:78:A6:DB:C7:8C:5D:C2:33:9A:56:9A:50:81:41:A8:CB:0A:3B
Fingerprint (MD5) 71:92:72:9D:94:FF:C1:84:8F:D7:16:CC:EC:A4:49:54
SANS *.ipsoft.com, ipsoft.com
Certificate: Data: Version: 3 (0x2) Serial Number: 7c:07:df:0f:c2:f6:2d:11:8d:c2:71:f5:ac:d1:38:a6 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=thawte, Inc., CN=thawte SSL CA - G2 Validity Not Before: Sep 8 00:00:00 2016 GMT Not After : Sep 8 23:59:59 2019 GMT Subject: C=US, ST=New York, L=New York, O=IPsoft Inc, OU=IPsoft Platform Support, CN=*.ipsoft.com Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:c3:f6:a2:fe:3d:2f:cd:c2:92:fb:e7:60:56:92: b1:8a:46:ca:76:fc:e2:8c:6b:07:73:b3:f0:14:77: bf:86:db:45:80:d4:65:76:e3:2b:8f:b0:57:43:2a: 58:7e:1d:7f:f9:ea:7a:00:e8:a9:b9:77:89:4a:28: de:e1:31:e8:82:bf:2a:95:e4:04:77:70:e3:cb:93: c4:ab:56:3d:86:07:d4:80:f1:85:ac:48:79:96:02: da:e8:e7:d6:3f:2d:59:c0:c8:ad:f9:67:d0:5a:3d: 0a:bb:11:b9:6b:bf:09:4f:03:d4:48:9a:bc:06:10: 91:a7:09:28:b6:54:96:83:6e:94:9f:ec:cc:1d:28: 42:04:9d:81:0d:21:0f:0a:de:41:d4:3d:e1:08:24: 31:ce:94:b7:3c:8a:c2:80:7f:fb:d2:dd:54:04:3c: 19:cc:fb:ac:5c:7d:b5:d7:48:98:82:5a:a6:3e:60: 04:88:13:a6:de:90:3c:48:fd:29:ec:8c:88:d4:49: ef:2b:9f:fc:41:1b:75:49:41:3c:77:5f:36:54:78: 04:0a:6b:66:a6:30:b6:8f:12:a4:98:bd:a9:42:71: 33:12:26:b1:2e:21:ba:83:6d:f0:cc:99:ea:03:9b: db:bd:16:85:aa:ad:c1:c9:8f:c1:54:7b:e4:74:b4: fb:99 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Alternative Name: DNS:*.ipsoft.com, DNS:ipsoft.com X509v3 Basic Constraints: CA:FALSE X509v3 Certificate Policies: Policy: 2.23.140.1.2.2 CPS: https://www.thawte.com/cps User Notice: Explicit Text: https://www.thawte.com/repository X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Authority Key Identifier: keyid:C2:4F:48:57:FC:D1:4F:9A:C0:5D:38:7D:0E:05:DB:D9:2E:B5:52:60 X509v3 CRL Distribution Points: Full Name: URI:http://tj.symcb.com/tj.crl X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication Authority Information Access: OCSP - URI:http://tj.symcd.com CA Issuers - URI:http://tj.symcb.com/tj.crt 1.3.6.1.4.1.11129.2.4.2: .......u....+z O. ....hp~.....\..=..........W .w......F0D. ;..w....1..6w.gO..W.. ....T....0. ..^...B8fu....G. ....st..nu;.:...u.......X......gp <5.......w... .....W .yg.....F0D. Wf....f..F..z9K..(..U....a..8w... c....:.+.E..hD...C.Z...!. .......u.h....d..:...(.L.qQ]g..D. g..OO.....W .y=.....F0D. .t....o.......H.U.0`[.=2.......>. Y.......`E.....f.....K.....i..z..u..K..u.`..Bi....f..~_.r....{.z......W .y......F0D. Q-....6..h.. ...N...'......:[).4. #...B..-}.]........6..y......... Signature Algorithm: sha256WithRSAEncryption 94:ae:a1:cb:f9:f9:ad:df:f0:46:ea:66:b7:d2:ee:1e:d3:d6: eb:76:14:65:8d:da:68:0b:f4:69:61:a3:37:54:bd:01:d8:c6: 22:a8:51:4f:f6:b2:ec:bd:e3:88:45:ef:0e:7a:b5:f3:5d:82: a6:09:37:35:ed:de:9c:a3:33:f1:f6:5a:ec:45:b0:56:43:1a: 16:12:2d:fe:fb:e4:6c:48:a0:93:78:28:f2:6d:c6:cc:7c:47: 88:d1:51:65:c3:0e:af:1b:70:84:89:f4:92:36:0d:1a:0c:1a: 6a:84:97:e7:c5:fe:cf:7c:2b:e9:92:5e:80:76:ab:46:0a:59: ff:c5:68:de:7e:90:00:36:52:9f:17:db:13:3f:eb:ba:d1:95: bb:4d:91:40:21:a8:67:3e:b3:ae:be:10:7e:54:c4:0e:57:93: 99:5c:22:d8:a9:15:ad:3a:28:51:67:ab:cb:c8:3d:87:0f:c8: 2f:49:12:c9:13:0f:79:36:39:82:b0:bb:0a:62:bf:8c:5e:ec: a1:38:c6:2a:8f:9e:d9:f6:95:5a:3f:17:44:83:3a:bd:39:e2: 94:c1:5b:bc:10:1c:5c:a9:3a:c4:58:e1:a5:4a:14:de:06:d9: 16:24:14:08:07:7e:03:10:da:18:f8:3b:1e:a8:d5:92:bf:12: f2:c8:7b:be
Certificate - *.ipsoft.com
Property Value
Issuer Company thawte, Inc.
Issuer Full Name CN = thawte SSL CA - G2,O = "thawte, Inc.",C = US
Subject CN = *.ipsoft.com,OU = IPsoft Platform Support,O = IPsoft Inc,L = New York,ST = New York,C = US
Valid From 8 Sep 2016, midnight
Valid To 8 Sep 2019, 11:59 p.m.
Serial Number 7C:07:DF:0F:C2:F6:2D:11:8D:C2:71:F5:AC:D1:38:A6 (164865141781441064557208765790755567782)
Signature Algorithm sha256WithRSAEncryption
CA Cert No
Key Size 2048 bits
Fingerprint (SHA-1) 0E:48:78:A6:DB:C7:8C:5D:C2:33:9A:56:9A:50:81:41:A8:CB:0A:3B
Fingerprint (MD5) 71:92:72:9D:94:FF:C1:84:8F:D7:16:CC:EC:A4:49:54
PEM -----BEGIN CERTIFICATE----- MIIGvzCCBaegAwIBAgIQfAffD8L2LRGNwnh2rNE4pjANBgkqhkiG9w0BAQsFADBB MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3RlLCBJbmMuMRswGQYDVQQDExJ0 aGF3dGUgU1NMIENBIC0gRzIwHhcNMTYwOTA4MDAwMDAwWhcNMTkwOTA4MjM1OTU5 WjCBgTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMREwDwYDVQQHDAhO ZXcgWW9yazETMBEGA1UECgwKSVBzb2Z0IEluYzEgMB4GA1UECwwXSVBzb2Z0IFBs YXRmb3JtIFN1cHBvcnQxFTATBgNVBAMMDCouaXBzb2Z0LmNvbTCCASIwDQYJKoZI hvcNAQEBBQADggEPADCCAQoCggEBAMP2ov49L83CkvvnYFaSsYpGynb84oxrB3Oz 8BR3v4bbRYDUZXbjK4+wV0MqWh5df/nqegDoqbl3iUoo3uEx6IK/KpXkBHdw48uT xKtWPYYh2IDxhaxIeZYC2ujn1j8tWcDIrfln0Fo9CrsRuWu/CU8D1EiavAYQkacJ KLZUloNulJ/szB0oQgSdgQ0hDwreQdQ94QgkMc6UtzyKwoB/+9LdVAQ8Gcz7rFx9 tddImIJapj5gBIgTpt6QPEj9KeyMiNRJ7yuf/EEbdUlBPHdfNlR4BAprZqYwto8S pJi9qUJxMxImsS4huoNt8MyZ6gOb270WhaqtwcmPwVR75HS0+5kCAwEAAaOCA3Aw ggNsMCMGA1UdEQQcMBqCDCouaXBzb2Z0LmNvbYIKaXBzb2Z0LmNvbTAJBgNVHRME AjAAMG4GA1UdIARnMGUwYwYGZ4EMAQICMFkwJgYIKwYBBQUHAgEWGmh0dHBzOi8v d3d3LnRoYXd0ZS5jb20vY3BzMC8GCCsGAQUFBwICMCMMIWh0dHBzOi8vd3d3LnRo YXd0ZS5jb20vcmVwb3NpdG9yeTAOBgNVHQ8BAf8EBAMCBaAwHwYDVR0jBBgwFoAU wk9IV/zRT5rAXTh9DgXb2S61UmAwKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3Rq LnN5bWNiLmNvbS90ai5jcmwwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC MFcGCCsGAQUFBwEBBEswSTAfBggrBgEFBQcwAYYTaHR0cDovL3RqLnN5bWNkLmNv bTAmBggrBgEFBQcwAoYaaHR0cDovL3RqLnN5bWNiLmNvbS90ai5jcnQwggHyBgor BgEEAdZ5AgQCBIIB4gSCAd4B3AB1AN3rHSt6DU+mIIuBrYFoch5ujp0B1VyIjT0R xM227L7MAAABVwqid7sAAAQDAEYwRAIgO4eBdwLvv8Ex5Ls2d/tnT5qKV/eXCs+G qZdU5/UAxDACIAK4XvXfykI4ZnXNvADFRxwKiBu1s3N0iABudTsIOgUBAHUApLkJ kLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BAAAAFXCqJ5ZwAABAMARjBEAiBX ZuWrs51mox1G3Qx6OUvyxCi/8VXtob7iYZeZOHehDAIgY+sSBdc63SvuRakfaESB Dn9DulqHHfYhmCAX5er/wIcAdQBo9pj4h3SCvjqM7rkoHUz8cVFdZ5PURNEKZ6y7 T0/7xAAAAVcKonk9AAAEAwBGMEQCIBd0lYGEB2/e+/mG86HvSOhVtTBgWwI9MoeP i/YR7e0+AiBZ1ZvCiwvTmmBF2O2F6NJmt5cLxcpLAQfciM9p/ox65wB1AO5Lvbd1 zmC64UJpH6vhnmajD35fsHLYgwDEe4l6qP3LAAABVwqieX8AAAQDAEYwRAIgUS0u DL7ONgzWaBqWCom5lU777K0n6rGVifqIOlspyDQCICOZ46BCkfQtfdBd/JjPhxPt q7k2+uJ57I6soxHJ1IuwMA0GCSqGSIb3DQEBCwUAA4IBAQCUrqHL+fmt3/BG6ma3 0u4e09brdhRljdpoC/RpYaM3VL0B2MYiqFFP9rLsveOIRe8OerXzXYKmCTc17d6c ozPx9lrsRbBWQxoWEi3+++RsSKCTeCjybcbMfEeI0VFlww6vG3CEifSSNg0aDBpq hJfnxf7PfCvpkl6AdqtGCln/xWjefpAANlKfF9sTP+u60ZW7TZFAIahnPrOuvhB+ VMQOV5OZXCLYqRWtOihRZ6vLyD2HD8gvSRLJEw95NjmCsLsKYr+MXuyhOMYqj57Z 9pVaPxdEgzq9OeKUwVu8EBxcqTrEWOGlShTeBtkWJBQIB34DENoY+DseqNWSvxLy yHu+ -----END CERTIFICATE-----
Certificate - thawte SSL CA - G2
Property Value
Issuer Company thawte, Inc.
Issuer Full Name CN = thawte Primary Root CA,OU = "(c) 2006 thawte, Inc. - For authorized use only",OU = Certification Services Division,O = "thawte, Inc.",C = US
Subject CN = thawte SSL CA - G2,O = thawte\, Inc.,C = US
Valid From 31 Oct 2013, midnight
Valid To 30 Oct 2023, 11:59 p.m.
Serial Number 16:87:D6:88:6D:E2:30:06:85:23:3D:BF:11:BF:65:97 (29948327227862944430780750156152137111)
Signature Algorithm sha256WithRSAEncryption
CA Cert Yes
Key Size 2048 bits
Fingerprint (SHA-1) 2E:A7:1C:36:7D:17:8C:84:3F:D2:1D:B4:FD:B6:30:BA:54:A2:0D:C5
Fingerprint (MD5) 51:EE:3E:B6:61:30:8E:2D:20:E0:43:6E:D0:66:79:F0
PEM -----BEGIN CERTIFICATE----- MIIEsjCCA5qgAwIBAgIQFofWiG3iMAaFIz2/Eb9llzANBgkqhkiG9w0BAQsFADCB qTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMf Q2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIw MDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxHzAdBgNV BAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwHhcNMTMxMDMxMDAwMDAwWhcNMjMx MDMwMjM1OTU5WjBBMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3RlLCBJbmMu MRswGQYDVQQDExJ0aGF3dGUgU1NMIENBIC0gRzIwggEiMA0GCSqGSIb3DQEBAQUA A4IBDwAwggEKAoIBAQCy/Ab7BJPS6lkgO0SFl1I55xDweuCwlEDaRvgMKLu5zmA4 P9LYEUIbka1J7o/h4mzeN2/9iyA8bed009zVJIhBgInuNr7E1b6NUxOq5KW4kwq+ 7NrNPNQyVu/QTqC4l7s5UB5uZcP9ss7gWalICcb+vq78PjuBIJeLj0bfYGQHdbsb hjifR3s0zqHRl6122J+3Jtt5gDZI8sU3+NkyrnykU4HHmaFUOC9PdaC7WqW7zawC WxkC1RMYp86sdFUSBYubopVGZHI4zVobOhanvnGZjFQDuJZsAdM+Bpg/IYE7An4A R1MBHg5GQ/tLLdwLGugvmPh+0ZmrE2ykF95v9hX1AgMBAAGjggE7MIIBNzASBgNV HRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBBjAyBgNVHR8EKzApMCegJaAj hiFodHRwOi8vdDEuc3ltY2IuY29tL1RoYXd0ZVBDQS5jcmwwLwYIKwYBBQUHAQEE IzAhMB8GCCsGAQUFBzABhhNodHRwOi8vdDIuc3ltY2IuY29tMEEGA1UdIAQ6MDgw NgYKYIZIAYb4RQEHNjAoMCYGCCsGAQUFBwIBFhpodHRwczovL3d3dy50aGF3dGUu Y29tL2NwczApBgNVHREEIjAgpB4wHDEaMBgGA1UEAxMRU3ltYW50ZWNQS0ktMS01 MzcwHQYDVR0OBBYEFMJPSFf80U+awF04fQ4F29kutVJgMB8GA1UdIwQYMBaAFHtb Rc+vzst6/TGSGmq280brV0hQMA0GCSqGSIb3DQEBCwUAA4IBAQCNBt5DyXYCytkj l17zY9d9RMIPawr1B+WLuPrgo/prgJK1AyzFN+DC5ZW1knAYKEKU7kt3agEPiyPs Vk30AGnlhMji6t5bPvY8BzqUymwnscyDGmBxJ9K/AvUeRNNI1abTdiEAnPqYZOsX Nj/rGzw+prHZWAYOctlovvGnINdS5KR3h4FwnVU1hTfhHU2UwnB/lUBuS32ytCkq A3nIuUxnYQSgiyf/WQDrVX/GtzM1LV5OrLjqEsXo97mrvnSSLLfZTcqELxzC8HJ8 sjFuz4DliAc2UXu6Ya9tjSNbNKOVvKIxf/L157fo78S1JzLp955pxyvovrsMqufq YBLqJop4 -----END CERTIFICATE-----

certlogik.com

SSL Checker - Check server TLS/SSL setup and vulnerabilities

TLS & SSL Checker performs a detailed analysis of TLS/SSL configuration on the target server and port, including checks for TLS and SSL vulnerabilities, such as BREACH, CRIME, OpenSSL CCS injection, Heartbleed, POODLE, etc. The tool provide details about the certificate chain, certificate paths, TLS and SSL protocols and cipher suites, and points out problems in the target server configuration and certificate issues.

This tool can help you deploy your services running on TLS/SSL protocols in a way they are secure against the known attack vectors. Our SSL checker supports not only HTTPS, but also other protocols including SMTPS, POP3S, RDP, FTPS, IMAPS, and others. STARTTLS is also supported on selected protocols.

According to Trustworthy Internet Movement SSL Pulse survey, the security level of majority of web sites running HTTPS is inadequate. Few administrators are well aware of all security aspects related to TLS/SSL protocols and thus new insecure machines are put online on a daily basis. The current state of TLS/SSL covered services on servers world-wide needs to be improved and our SSL Checker is one of the tools that can help.

Our checker is based on a modified SSLyze scanner, testssl.sh tool, and our own certificate analyzis tool.

Testing your server is very simple. If you run an HTTPS web server on a single IP address, just fill in the Domain name and hit the "Check SSL/TLS!" button. Wait for the results and analyze the results. The default Port is set by default to the common HTTPS port 443.

If your domain resolves to more than one IP address, you might want to specify, which IP address should be scanned. Use the IP address field to do so. If you are running your service on a different port, simply change the Port field. If the target port is one of the common ports (such as 110 for POP3, or 25 for SMTP), and if the protocol is recognize, STARTTLS will be supported automatically. For all other protocols, implicit TLS/SSL is assumed.

The length of the scan depends on the configuration of the target server. In extreme cases, where anti-abuse filtering is implemented, it may take very long time to complete or even time out. However, for most services, the scan is finished within 2 or 3 minutes, rarely it takes more than 5 minutes. If you are a registered user, you do not need to wait for the scan to finish with your browser opened. You can check your Tasks History any time later to see results of all scans you executed.

Output Structure

The Problems Summary section contains a list of all problems that our tool detected during the scan. The information in this section is relevant for both expert users as well as common users. The most critical problems are displayed with red background. Red alerts should be taken seriously and fixed as soon as possible, if security is critical for the target service. Non-critical problems are displayed on yellow-orange background. It is a good idea to learn more about these problems and consider fixing the issues if possible. Finally, there are notice-level problems (wtih blue background) that just informs you about a potential problem that might soon be relevant to you (e.g. a server's certificate expires in the near future).

Further sections provide more details about the analyzed protocols and certificates. Most of the information provided in these sections are intended for expert users only. If any of the values presented in these section presents a critical problem, it is written in red. Similarly, non-critical values are written in orange. Information about potential future problems are written in blue. Green color present values that are configured well and are somehow significant for the security of the target service.

The Certificate Chain section contains the chain of certificates provided by the target server itself. It starts with the server's certificate, for which we provide information about validity, used key and signature algorithms, certificate's fingerprint, and some additional details such as whether it is an extended validation certificate, whether it supports certificate transparency, which revocation methods are supported. For publicly used services, probably the most important value here is whether the certificate is Trusted. We check the trust status of the server's certificate against four different trust stores – Apple, Java, Microsoft, and Mozilla. If any of these are missing, some users are likely to see warnings about untrusted certificate, or will not be able to connect to the target service at all.

The Certificate Parts section contains list of different certification paths. Each certificate's trust can be proved by one or more certificates. The root certificate in each path is self-signed and should be in the trust store of the client, so that the client knows the whole path is trusted. For each certificate, we also provide information on how it was obtained. The root certificates should be In trust store, which means they are stored locally on the client. The Sent by server value means that the certificate was directly sent by the target server. Certificates marked as Extra download had to be obtained from an external source, which is unpleasant since this means the initial connection to the target service takes longer time than necessary.

The Protocol Details section contains interesting data about the following supported features and detected vulnerabilities:

The Supported Protocols and Cipher Suites section lists all supported protocols and their cipher suites. The level of security (grade) of each supported cipher suite is evaluated as either Secure, Weak, or Insecure. The actual grade is based on size of the keys, used parameters, and whether or not the cipher is vulnerable to known attacks. Additional information about some of the features and values are also provided – Key Size, forward secrecy support (FS), whether or not it is anonymous or export cipher suite, and whether it is preferred by the server.

ssl-checker.online-domain-tools.com

SSL Checker - Test Certificate and Installation

This check checks if the CSR's name contains a field with no value. For example, the CSR Decoder would issue a warning about the name given below because the locality field is present, but has no value.

CN=www.acme.com, O=acme, L=, C=gb

The reason for this warning is that some CAs may reject CSRs that contain fields with empty values.

Checks for weak RSA keys generated by Debian-based systems. It uses the dowkd blacklist, which may be incomplete.

This page contains CSRs and certificates with known weak keys. Please let us know if it fails to identify a CSR or certificate you know to have weak key.

In May 2008, the Debian team announced that Luciano Bello had discovered a vulnerabilty in the Debian OpenSSL package. The impact was that all SSL and SSH keys generated on Debian-based systems (including Ubuntu) released between September 2006 and May 13th 2008 may be affected. The Debian Security Team disclosed this vulnerability in Debian Security Advisory 1571. The best resource on this vulnerability is the Debian Wiki. We have also written about this in our CSR FAQ.

(IP Addresses for this host: 193.28.44.148)

Subject
RDN Value
Common Name (CN) online.raiffeisen.ru
Organizational Unit (OU) Electronic Banking Department
Organization (O) AO Raiffeisenbank
Locality (L) Moscow
State (ST) Russian Federation
Country (C) RU
serialNumber 1027739326449
businessCategory Private Organization
1.3.6.1.4.1.311.60.2.1.3 RU
Properties
Property Value
Issuer Company thawte, Inc.
Issuer Full Name CN = thawte Extended Validation SHA256 SSL CA,O = "thawte, Inc.",C = US
Subject CN = online.raiffeisen.ru,OU = Electronic Banking Department,O = AO Raiffeisenbank,L = Moscow,ST = Russian Federation,C = RU,serialNumber = 1027739326449,businessCategory = Private Organization,1.3.6.1.4.1.311.60.2.1.3 = RU
Valid From 11 Aug 2016, midnight
Valid To 11 Aug 2018, 11:59 p.m.
Serial Number 7D:3B:80:B8:E5:95:DC:DC:59:24:77:19:D2:4A:A3:79 (166462455785232449163055482223096144761)
Signature Algorithm sha256WithRSAEncryption
CA Cert No
Key Size 2048 bits
Fingerprint (SHA-1) 86:75:99:15:F9:F6:97:65:64:E5:EC:C0:80:A4:D9:85:B8:72:27:25
Fingerprint (MD5) 0A:87:AA:7F:58:6A:FC:7E:8E:E2:A0:2A:D2:D8:19:F2
SANS connect.raiffeisen.ru, www.rconnect.ru, online.raiffeisen.ru
Certificate: Data: Version: 3 (0x2) Serial Number: 7d:3b:80:b8:e5:95:dc:dc:59:24:77:19:d2:4a:a3:79 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=thawte, Inc., CN=thawte Extended Validation SHA256 SSL CA Validity Not Before: Aug 11 00:00:00 2016 GMT Not After : Aug 11 23:59:59 2018 GMT Subject: 1.3.6.1.4.1.311.60.2.1.3=RU/businessCategory=Private Organization/serialNumber=1027739326449, C=RU, ST=Russian Federation, L=Moscow, O=AO Raiffeisenbank, OU=Electronic Banking Department, CN=online.raiffeisen.ru Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:a1:15:2b:5a:b3:d0:e0:ff:b9:47:43:1d:63:fd: 97:2a:0c:91:9e:f2:ee:5a:4c:a1:0e:ba:f6:fd:7a: 73:fd:ac:45:bc:a0:09:31:0a:09:2e:ac:31:4e:45: f7:bc:23:47:5a:c8:a2:53:95:2b:84:b8:7a:6b:ea: ed:16:30:30:ab:51:f8:84:2e:94:00:bd:f0:ae:2b: f1:48:80:1f:d6:e0:50:76:30:89:86:56:7a:08:ac: 00:14:92:52:0a:d6:ea:56:6c:8e:24:95:70:d8:8d: 07:3f:70:00:f9:4b:48:a0:67:3c:ff:77:a6:35:76: d6:cd:fd:6e:1b:46:58:52:14:81:97:4b:65:b8:6c: 33:8c:cd:a1:ca:2b:cd:b9:07:8d:fc:f9:ea:57:23: 1b:57:7d:c5:c7:d9:d2:f7:a0:17:11:a2:2b:18:2e: c3:6c:db:d0:8c:5e:61:b7:01:39:d9:79:f7:7c:66: 8a:04:eb:de:62:03:cd:c9:73:29:1f:e2:b9:29:b9: 11:d8:75:80:2c:92:13:e8:13:6f:13:88:05:59:a8: 98:54:c9:bb:5f:bb:33:57:71:1f:27:89:ed:35:b8: 1b:c2:9f:d8:74:a0:2a:3f:57:30:5d:8e:88:37:45: a4:98:fc:e5:dd:59:7f:19:f4:30:e4:a7:88:72:4a: 7c:db Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Alternative Name: DNS:connect.raiffeisen.ru, DNS:www.rconnect.ru, DNS:online.raiffeisen.ru X509v3 Basic Constraints: CA:FALSE X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 CRL Distribution Points: Full Name: URI:http://tf.symcb.com/tf.crl X509v3 Certificate Policies: Policy: 2.16.840.1.113733.1.7.48.1 CPS: https://www.thawte.com/cps User Notice: Explicit Text: https://www.thawte.com/repository Policy: 2.23.140.1.1 X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Authority Key Identifier: keyid:3B:24:C8:31:A0:B7:5A:D0:6A:B8:D2:CA:07:74:CC:1E:24:D4:C4:DC Authority Information Access: OCSP - URI:http://tf.symcd.com CA Issuers - URI:http://tf.symcb.com/tf.crt 1.3.6.1.4.1.11129.2.4.2: ...g.e.u....+z O. ....hp~.....\..=..........Vy.d......F0D. OPDl...r...}~^.cT...'E..gDt....5. .IaW.$..5.1xh.1\f..D..+....Ac....u.......X......gp <5.......w... .....Vy.d......F0D. N.C...'.7.n.+q. ...v..,}<.1.^^... o[y^..O.}...,`K-h.aO5...Y..+.....u.h....d..:...(.L.qQ]g..D. g..OO.....Vy.d......F0D. W....w......K....t..ctK :]..B.... ..V5%>_....EC..y.....'Zd.:.....O Signature Algorithm: sha256WithRSAEncryption b6:57:ca:3d:51:d0:e0:3c:18:72:4a:a2:d8:e5:75:38:5f:6f: e7:a7:62:39:23:cd:bb:0e:33:44:4f:19:03:b9:37:79:d5:b7: 42:bd:29:c0:40:e3:ac:34:35:b5:15:a9:72:3e:1c:c0:60:40: ab:bc:e5:86:18:20:ba:bd:61:2d:a3:f5:df:ed:54:1f:ae:7b: 8f:5c:8e:22:84:af:71:07:cc:73:18:a3:c5:94:7f:c3:fb:f9: 10:3c:05:5c:62:c3:67:14:2b:a8:9d:fe:cc:ca:a8:d9:63:d6: 0e:fd:38:24:96:3a:53:7e:5d:9b:f6:2e:6a:ab:d4:7c:c7:b1: 0d:6a:9e:4a:5c:d8:23:57:54:74:4d:1e:66:bb:eb:4d:a5:64: 59:72:1c:83:7b:52:97:f1:a7:b9:f7:ec:8e:71:ab:e6:f8:52: f9:2f:6f:c0:7d:8c:10:56:46:a7:b6:70:5a:c3:b9:be:93:ec: bb:23:91:20:26:5f:d8:d9:41:19:a4:ce:1c:b4:d0:0b:37:2f: dd:fb:ae:83:3d:07:8e:4f:69:b1:05:9f:a8:2a:f6:91:b9:bb: 45:d8:c0:0b:39:de:8f:39:ff:ce:5f:d3:f8:c7:b1:29:b8:45: 25:c1:b0:28:8e:ae:cb:f3:5a:cc:f6:2a:a4:39:39:5c:e2:25: 9e:90:91:98
Certificate - online.raiffeisen.ru
Property Value
Issuer Company thawte, Inc.
Issuer Full Name CN = thawte Extended Validation SHA256 SSL CA,O = "thawte, Inc.",C = US
Subject CN = online.raiffeisen.ru,OU = Electronic Banking Department,O = AO Raiffeisenbank,L = Moscow,ST = Russian Federation,C = RU,serialNumber = 1027739326449,businessCategory = Private Organization,1.3.6.1.4.1.311.60.2.1.3 = RU
Valid From 11 Aug 2016, midnight
Valid To 11 Aug 2018, 11:59 p.m.
Serial Number 7D:3B:80:B8:E5:95:DC:DC:59:24:77:19:D2:4A:A3:79 (166462455785232449163055482223096144761)
Signature Algorithm sha256WithRSAEncryption
CA Cert No
Key Size 2048 bits
Fingerprint (SHA-1) 86:75:99:15:F9:F6:97:65:64:E5:EC:C0:80:A4:D9:85:B8:72:27:25
Fingerprint (MD5) 0A:87:AA:7F:58:6A:FC:7E:8E:E2:A0:2A:D2:D8:19:F2
PEM -----BEGIN CERTIFICATE----- MIIG+TCCBeGgAwIBAgIQfTuAuOWV3NxZJHcZ0kqjeTANBgkqhkiG9w0BAQsFADBX MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3RlLCBJbmMuMTEwLwYDVQQDEyh0 aGF3dGUgRXh0ZW5kZWQgVmFsaWRhdGlvbiBTSEEyNTYgU1NMIENBMB4XDTE2MDgx MTAwMDAwMFoXDTE4MDgxMTIzNTk1OVowgeoxEzARBgsrBgEEAYI3PAIBAxMCUlUx HTAbBgNVBA8TFFByaXZhdGUgT3JnYW5pemF0aW9uMRYwFAYDVQQFEw0xMDI3NzM5 MzI2NDQ5MQswCQYDVQQGEwJSVTEbMBkGA1UECAwSUnVzc2lhbiBGZWRlcmF0aW9u MQ8wDQYDVQQHDAZNb3Njb3cxGjAYBgNVBAoMEUFPIFJhaWZmZWlzZW5iYW5rMSYw JAYDVQQLDB1FbGVjdHJvbmljIEJhbmtpbmcgRGVwYXJ0bWVudDEdMBsGA1UEAwwU b25saW5lLnJhaWZmZWlzZW4ucnUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK AoIBAQChFStas9Dg/7lHQx1j/ZcqDJGe8u5aTKEOuvb9enP9rEW8oAkxCgkurDFO Rfe8I0dayKJTlSuEuHpr6u0WMDCrUfiELpQAvfCuK/FIgB/W4FB2MImGVnoIrAAU klIK1upWbI4klXDYjQc/cAD5S0igZzz/d6Y1dtbN/W4bRlhSFIGXS2W4bDOMzaHK K825B438+epXIxtXfcXh3dL3oBcRoisYLsNs29CMXmG3ATnZefd8ZooE695iA83J cykf4rkpuRHYdYAskhPoE28TiAVZqJhUybtfuzNXcR8nie01uBvCn9h0oCo/VzBd jog3RaSY/OXdWX8Z9DDkp4hySnzbAgMBAAGjggMrMIIDJzBHBgNVHREEQDA+ghVj b25uZWN0LnJhaWZmZWlzZW4ucnWCD3d3dy5yY29ubmVjdC5ydYIUb25saW5lLnJh aWZmZWlzZW4ucnUwCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBaAwKwYDVR0fBCQw IjAgoB6gHIYaaHR0cDovL3RmLnN5bWNiLmNvbS90Zi5jcmwwfAYDVR0gBHUwczBo BgtghkgBhvhFAQcwATBZMCYGCCsGAQUFBwIBFhpodHRwczovL3d3dy50aGF3dGUu Y29tL2NwczAvBggrBgEFBQcCAjAjDCFodHRwczovL3d3dy50aGF3dGUuY29tL3Jl cG9zaXRvcnkwBwYFZ4EMAQEwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC MB8GA1UdIwQYMBaAFDskyDGgt1rQarjSygd0zB4k1MTcMFcGCCsGAQUFBwEBBEsw STAfBggrBgEFBQcwAYYTaHR0cDovL3RmLnN5bWNkLmNvbTAmBggrBgEFBQcwAoYa aHR0cDovL3RmLnN5bWNiLmNvbS90Zi5jcnQwggF7BgorBgEEAdZ5AgQCBIIBawSC AWcBZQB1AN3rHSt6DU+mIIuBrYFoch5ujp0B1VyIjT0RxM227L7MAAABVnmiZIgA AAQDAEYwRAIgT1BEbN7syHL4lpx9fl72Y1QDndonRZ/LZ0R07YWvADUCIBJJYVfj JBiWNYIxeGiiMVxm3a5EwsEr0ogFtkFj3AgEAHUApLkJkLQYWBSHuxOizGdwCjw1 mAT5G9+443fNDsgN3BAAAAFWeaJktAAABAMARjBEAiBO10PEmMonBDfAbpArcZ4g +tn1dp4cLH08kTHEXl4A3AIgb1t5Xp6nT+R9rIkfLGBLLWiLYU81yO4YWYgLKw6+ /7UAdQBo9pj4h3SCvjqM7rkoHUz8cVFdZ5PURNEKZ6y7T0/7xAAAAVZ5omS9AAAE AwBGMEQCIFeuFAHndx6tiIyFq0v0GwDmdM3iY3RLCjpd5OtC78a9AiAb+1Y1JT5f GxvrzEVDv5R58dWPuO0nWmSBOuSliPetTzANBgkqhkiG9w0BAQsFAAOCAQEAtlfK PVHQ4DwYckqi2OV1OF9v56diOSPNuw4zRE8ZA7k3edW3Qr0pwEDjrDQ1tRWpcj4c wGBAq7zlhhggur1hLaP13+1UH657j1yOIoSvcQfMcxijxZR/w/v5EDwFXGLDZxQr qJ3+zMqo2WPWDv04JJY6U35dm/YuaqvUfMexDWqeSlzYI1dUdE0eZrvrTaVkWXIc g3tSl/GnuffsjnGr5vhS+S9vwh3MEFZGp7ZwWsO5vpPsuyORICZf2NlBGaTOHLTQ Czcv3fuugz0Hjk9psQWfqCr2kbm7RdjACznejzn/zl/T+MexKbhFJcGwKI6uy/Na zPYqpDk5XOIlnpCRmA== -----END CERTIFICATE-----
Certificate - thawte Extended Validation SHA256 SSL CA
Property Value
Issuer Company thawte, Inc.
Issuer Full Name CN = thawte Primary Root CA - G3,OU = "(c) 2008 thawte, Inc. - For authorized use only",OU = Certification Services Division,O = "thawte, Inc.",C = US
Subject CN = thawte Extended Validation SHA256 SSL CA,O = thawte\, Inc.,C = US
Valid From 9 Apr 2013, midnight
Valid To 8 Apr 2023, 11:59 p.m.
Serial Number 0A:48:9E:88:53:7E:8A:A6:45:4D:6E:2C:4B:2A:EB:20 (13669340753251380444340167651525061408)
Signature Algorithm sha256WithRSAEncryption
CA Cert Yes
Key Size 2048 bits
Fingerprint (SHA-1) 14:B4:AC:F9:44:34:F7:D0:76:8D:3E:E4:8D:18:8E:FD:0C:29:13:7A
Fingerprint (MD5) A1:97:DD:20:32:89:26:8A:B9:80:85:53:27:0E:3C:22
PEM -----BEGIN CERTIFICATE----- MIIE0DCCA7igAwIBAgIQCkieiFN+iqZFTW4sSyrrIDANBgkqhkiG9w0BAQsFADCB rjELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMf Q2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIw MDggdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxJDAiBgNV BAMTG3RoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EgLSBHMzAeFw0xMzA0MDkwMDAwMDBa Fw0yMzA0MDgyMzU5NTlaMFcxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwx0aGF3dGUs IEluYy4xMTAvBgNVBAMTKHRoYXd0ZSBFeHRlbmRlZCBWYWxpZGF0aW9uIFNIQTI1 NiBTU0wgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDyxLx06CX2 AGIo40zouN8Tn4sHN+9iSvFXCfaC6HXwCqknz5M77DaJpW4d1lTzuASXcrRpJczR Qg5b1Rx/omBusVIa25MvuwsNZFMWyxwJJJUpIrSKGACJ/vcfcsjoXC8aG6IYuO8Y XMu12zpO2w+u38R54x6qXKOk5axhmzeFj0h2G7nVaJbpJ3lwVyMau2yTkMdF1xfS Nyp2s82CqU/AA3vhPXp+W7iF8vUV+3CpvfVQZRad47ZrYW6hep7oDRz3Ko5pfkMw jnjO7mUeO5uHHkkc+DJGXShGeSpOJ10XWKg3/qgTqWkV3zYiiXW6ygFALu2d1wyq Mc4nrlfV0lH7AgMBAAGjggE+MIIBOjASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1Ud DwEB/wQEAwIBBjAyBggrBgEFBQcBAQQmMCQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9v Y3NwLnRoYXd0ZS5jb20wOwYDVR0gBDQwMjAwBgRVHSAAMCgwJgYIKwYBBQUHAgEW Gmh0dHBzOi8vd3d3LnRoYXd0ZS5jb20vY3BzMDcGA1UdHwQwMC4wLKAqoCiGJmh0 dHA6Ly9jcmwudGhhd3RlLmNvbS9UaGF3dGVQQ0EtRzMuY3JsMCoGA1UdEQQjMCGk HzAdMRswGQYDVQQDExJWZXJpU2lnbk1QS0ktMi0zNzQwHQYDVR0OBBYEFDskyDGg t1rQarjSygd0zB4k1MTcMB8GA1UdIwQYMBaAFK1sqpRgnO3k//o+CnQrYwP3tlm/ MA0GCSqGSIb3DQEBCwUAA4IBAQBomCaq1DPJunVw1J9JrdbBVNzuqlYfeKfwoaTu C/kSr9+muO7DyzUTalkq+MnpTC+8sbwrwgIw4cO+wvCBjJl3iVgAo8x/owJMU7Ju Nk/+34d2sz/sWmJQtgBFWPKHrHfm0CBQY8XksnAVGJAFe3uvK0a+a04fU/yEJ66D 0o1HU6cOh3O1utsW2GoJJVV9jz1KwYP5s7mnBFrI8xEEkVMw2VKHyzkAnOxTwwIJ fqc2jnIhLyO7TMZHpaHuZ8QvXDpHOGHiwx43kp7IL2v679LDzSmNmPhSF+21Uzzf r8kbYq3fAu5dNPZBS8vDVa+xy9qcc9UCqC2nrPzh5QfQUeg1 -----END CERTIFICATE-----

certlogik.com


Смотрите также