This tool does not make conclusions. Please check the data and define the validity yourself!

This result is saved at most 60 days on the following URL. Do note that this might be deleted earlier if space runs out.

Receive notifications when this certificate is about to expire with my other service, Certificate Monitor.

Connection Data for blog.effenberger.org / 78.47.92.189

Connection Data
Chain sent by Server
(in server order)
Name...........: blog.effenberger.org
Issued by......: Let's Encrypt Authority X3
Name...........: Let's Encrypt Authority X3
Issued by......: DST Root CA X3

- Successfully validated certificate chain.
IP / Hostname / Port78.47.92.189 - dilbert.effenberger.org - 443
Protocols

- TLSv1.3 (Not supported)

- TLSv1.2 (Supported)

- TLSv1.1 (Supported)

- TLSv1.0 (Supported)

- SSLv3 (Not supported)

- SSLv2 (Not supported)

SSL Compression

- SSL Compression disabled

Ciphersuites supported by server ECDHE-RSA-AES256-GCM-SHA384
ECDHE-RSA-AES256-SHA384
ECDHE-RSA-AES256-SHA
DHE-RSA-AES256-GCM-SHA384
DHE-RSA-AES256-SHA256
DHE-RSA-AES256-SHA
DHE-RSA-CAMELLIA256-SHA
AES256-GCM-SHA384
AES256-SHA256
AES256-SHA
CAMELLIA256-SHA
ECDHE-RSA-AES128-GCM-SHA256
ECDHE-RSA-AES128-SHA256
ECDHE-RSA-AES128-SHA
DHE-RSA-AES128-GCM-SHA256
DHE-RSA-AES128-SHA256
DHE-RSA-AES128-SHA
DHE-RSA-SEED-SHA
DHE-RSA-CAMELLIA128-SHA
AES128-GCM-SHA256
AES128-SHA256
AES128-SHA
SEED-SHA
CAMELLIA128-SHA
ECDHE-RSA-DES-CBC3-SHA
DES-CBC3-SHA


Ciphersuites containing NULL, EXP(ort), DES and RC4 are marked RED because they are suboptimal.

TLS_FALLBACK_SCSV - TLS_FALLBACK_SCSV supported.
Heartbleed - Not vulnerable.
Heartbeat ExtensionExtenstion not enabled.
Strict Transport Security - max-age=15768000
HTTP Public Key Pinning Extension (HPKP)Not Set
OCSP Stapling
Cert statusgood
This updateOct 20 22
Next updateOct 27 22
Responder idC = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
Hash algorithmsha1
Signature algorithmsha256WithRSAEncryption
Issuer name hash7EE66AE7729AB3FCF8A220646C16A12D6071085D
This Server's OpenSSL VersionOpenSSL 1.1.1 11 Sep 2018 (Library: OpenSSL 1.1.1d 10 Sep 2019)
This Server's Date
(RFC 2822)
Wed, 23 Oct 2019 05:30:25 +0000

Certificate for 'blog.effenberger.org'

Certificate Data
Hostname Not Expired Issuer CRL OCSP Signing Type

 

 

 

 

Signed by CA
Common Nameblog.effenberger.org
Subject Alternative Namesblog.effenberger.org
TypeDomain Validation
Full Subject/CN=blog.effenberger.org
Issuer
CountryUS
OrganizationLet's Encrypt
Common NameLet's Encrypt Authority X3
Validity
Valid From - Tue, 27 Aug 2019 21:43:04 +0000
Valid Until - Mon, 25 Nov 2019 21:43:04 +0000
CRLNo CRL URI found in certificate
OCSP - OK: http://ocsp.int-x3.letsencrypt.org
Last update: Oct 20 22:00:00 2019 GMT
Next update: Oct 27 22:00:00 2019 GMT
Hostname Validation - blog.effenberger.org found in CN or SAN.
Details
Purposessslclient sslserver nssslserver any ocsphelper
Purposes CAany
Serial34:19:4B:BB:0A:39:A7:09:52:18:E2:BD:C6:B7:1F:A3:52:5
Key Size / Type4096 bits rsa
Weak debian keyThis is not a weak debian key.
Signature Algorithmsha256WithRSAEncryption
Hashes
MD5edd21311e3e439641768223c0eb53d50
SHA17d479cd460345fe29ff3cb8cbc3c1876099c96b5
SHA256eea95a19d5cba800c355c055b981cf7c5aec9ecd4fb76a8cbbe5aebd31aafd51
SHA384c05c2349fceb65cfbc0fa5bedc802205eda3cfac50aae79980c4153e961805ba
9c719d32318cb269f05cc94e1a0494d8
SHA51278857035a26af3306299179ee8b9e02762a6125213b52b1db7f6fc33c3d3bb3a
28bd68c5da6fff0ed59ce76b7f55a0cd34d4d493b9b415b913d68cda965e1a05
TLSA DNS

No TLSA record found.Here's an example TLSA record based on this certificate's SHA-256 hash:

_443._tcp.blog.effenberger.org IN TLSA 3 0 1 eea95a19d5cba800c355c055b981cf7c5aec9ecd4fb76a8cbbe5aebd31aafd51;

Please note that the DNSSEC chain is not validated. The status of the DNSSEC signature will not show up here.
More information about TLSA and DNSSEC. - Simple TLSA record generator here.

Extensions
keyUsage
Digital Signature, Key Encipherment
extendedKeyUsage
TLS Web Server Authentication, TLS Web Client Authentication
basicConstraints
CA:FALSE
subjectKeyIdentifier
D7:3A:D7:8A:AE:71:DE:EC:18:06:F4:1F:59:E6:5C:32:69:E6:57:76
authorityKeyIdentifier
keyid:A8:4A:6A:63:04:7D:DD:BA:E6:D1:39:B7:A6:45:65:EF:F3:A8:EC:A1
authorityInfoAccess
OCSP - URI:http://ocsp.int-x3.letsencrypt.org
CA Issuers - URI:http://cert.int-x3.letsencrypt.org/
subjectAltName
DNS:blog.effenberger.org
certificatePolicies
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
  CPS: http://cps.letsencrypt.org
ct_precert_scts
Signed Certificate Timestamp:
    Version   : v1(0)
    Log ID    : 74:7E:DA:83:31:AD:33:10:91:21:9C:CE:25:4F:42:70:
                C2:BF:FD:5E:42:20:08:C6:37:35:79:E6:10:7B:CC:56
    Timestamp : Aug 27 22:43:04.363 2019 GMT
    Extensions: none
    Signature : ecdsa-with-SHA256
                30:44:02:20:5E:6B:E5:69:C9:23:98:FB:9A:61:95:7D:
                F8:26:FC:0D:AB:8C:74:AD:A6:DA:13:9D:72:13:4B:28:
                90:01:65:6D:02:20:6D:7B:A0:C4:F8:7A:3C:57:BA:13:
                9D:D7:C2:A3:7F:E5:39:E0:0C:43:0E:A3:16:AC:63:8A:
                32:24:14:9D:69:69
Signed Certificate Timestamp:
    Version   : v1(0)
    Log ID    : 63:F2:DB:CD:E8:3B:CC:2C:CF:0B:72:84:27:57:6B:33:
                A4:8D:61:77:8F:BD:75:A6:38:B1:C7:68:54:4B:D8:8D
    Timestamp : Aug 27 22:43:04.390 2019 GMT
    Extensions: none
    Signature : ecdsa-with-SHA256
                30:44:02:20:26:97:61:D3:4E:4B:CD:33:9B:B4:98:01:
                05:A9:6B:FB:1D:83:AB:C9:77:34:91:EE:E9:B0:09:D5:
                D5:86:A9:20:02:20:2E:9C:7B:40:9E:E2:0E:79:81:A7:
                40:45:77:8A:6B:31:AD:03:1D:2A:34:57:6A:D3:A1:57:
                AF:33:1E:F8:F1:79
Certificate PEM
-----BEGIN CERTIFICATE-----
MIIGXjCCBUagAwIBAgISA0GUu7CjmnCVIY4r3Gtx+jUlMA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xOTA4MjcyMTQzMDRaFw0x
OTExMjUyMTQzMDRaMB8xHTAbBgNVBAMTFGJsb2cuZWZmZW5iZXJnZXIub3JnMIIC
IjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr+pWeWOBHCveVRj+M+wXq6N7
yzIMYtXdAnsQkKW0FyaFcacWzPwFNz4fL8lIVRyZV1z/cMQQpdHKg6p8Qk5kynwy
ssKd3WJfIo4mk0kODiC1EnffJcKJuQ6MlqPnflYgVkJyjo0WIs2AI1rlOZLUx/UG
1RdjzdfgDwiTkpc0y0DXJZC2GOHTOjr9CvhVei/8++Su5psnNzyf4luxZ5u+vUg5
fknHy6k21aVKwKFD/ocfIEgt129MPEJyyDkKJNHMWVckPfwHg2BjvP4Rssnt7hyQ
EQPYn273CHMW0ukv36SZXEB9rpw+l1aevn5L/Tc0fepWd76nVAqZ0aUrcd0Xctoa
aAvGcv6+Semp9ZSDTJ3CWTwbQkiY1g7BT9PqajyqnbD2vuhyYTugrNsKACK05Xug
b2/2PLsUqqIy+CFJynKf0YEAmsaSkOnSaYAPMFpHT2o3HD/jZY51Kedc5rx4ICaE
4No3Ld0C8SSMsjKa/QjQVR3jGDmKAZE97+lUlUM0Vel4w6pzgCa2MgBdeZPaDdxB
nuOr6Ena8loa2SIjpecDzxMjkF0FL7FyIRPCft81z0YiS+sujIq8iWG3BAcXz5yS
feEqZ3AxCV3cPMIE6WwDe0faDFR9U1fu0/480q2MIk3PP0VM2qx4uCA0R3GdQPr7
6WS+Uc8/caqGLO1+uY8CAwEAAaOCAmcwggJjMA4GA1UdDwEB/wQEAwIFoDAdBgNV
HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4E
FgQU1zrXiq5x3uwYBvQfWeZcMmnmV3YwHwYDVR0jBBgwFoAUqEpqYwR93brm0Tm3
pkVl7/Oo7KEwbwYIKwYBBQUHAQEEYzBhMC4GCCsGAQUFBzABhiJodHRwOi8vb2Nz
cC5pbnQteDMubGV0c2VuY3J5cHQub3JnMC8GCCsGAQUFBzAChiNodHRwOi8vY2Vy
dC5pbnQteDMubGV0c2VuY3J5cHQub3JnLzAfBgNVHREEGDAWghRibG9nLmVmZmVu
YmVyZ2VyLm9yZzBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAo
MCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQIGCisG
AQQB1nkCBAIEgfMEgfAA7gB1AHR+2oMxrTMQkSGcziVPQnDCv/1eQiAIxjc1eeYQ
e8xWAAABbNU/MisAAAQDAEYwRAIgXmvlackjmPuaYZV9+Cb8DauMdK2m2hOdchNL
KJABZW0CIG17oMT4ejxXuhOd18Kjf+U54AxDDqMWrGOKMiQUnWlpAHUAY/Lbzeg7
zCzPC3KEJ1drM6SNYXePvXWmOLHHaFRL2I0AAAFs1T8yRgAABAMARjBEAiAml2HT
TkvNM5u0mAEFqWv7HYOryXc0ke7psAnV1YapIAIgLpx7QJ7iDnmBp0BFd4prMa0D
HSo0V2rToVevMx748XkwDQYJKoZIhvcNAQELBQADggEBAEKfJwcefqwNBRnFDuz5
VqZDhXB9w+8XAK5LOGE9siTFu+MbwFoE/UJqjQQQwSgnH4hj7qiKed/jjM30msDF
SCXBGq/+RnmJhbh1jJDo4pJVYOVwFVzlbc7k5vma7M2lwDLQXorw3uXGXK/+za2b
smTH+KooOz+KjOLajDVFxSbRkm1rWz5JkrlKqz2JYPi5A9P3VOophUm3DfXCZaIJ
wwEb6EF9iy2Mf1p3rhz/Dz+TxlsAJdOXToBvRyYKYL/ZJGW245CjcalS+i8q22ZS
8hBrJ4bBt3YGFTFVdDla/jx/WDKCiYGkmzqM/H+FUOlMeZDLJDbmkpwfuanFZBse
snE=
-----END CERTIFICATE-----
Public Key PEM
-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr+pWeWOBHCveVRj+M+wX
q6N7yzIMYtXdAnsQkKW0FyaFcacWzPwFNz4fL8lIVRyZV1z/cMQQpdHKg6p8Qk5k
ynwyssKd3WJfIo4mk0kODiC1EnffJcKJuQ6MlqPnflYgVkJyjo0WIs2AI1rlOZLU
x/UG1RdjzdfgDwiTkpc0y0DXJZC2GOHTOjr9CvhVei/8++Su5psnNzyf4luxZ5u+
vUg5fknHy6k21aVKwKFD/ocfIEgt129MPEJyyDkKJNHMWVckPfwHg2BjvP4Rssnt
7hyQEQPYn273CHMW0ukv36SZXEB9rpw+l1aevn5L/Tc0fepWd76nVAqZ0aUrcd0X
ctoaaAvGcv6+Semp9ZSDTJ3CWTwbQkiY1g7BT9PqajyqnbD2vuhyYTugrNsKACK0
5Xugb2/2PLsUqqIy+CFJynKf0YEAmsaSkOnSaYAPMFpHT2o3HD/jZY51Kedc5rx4
ICaE4No3Ld0C8SSMsjKa/QjQVR3jGDmKAZE97+lUlUM0Vel4w6pzgCa2MgBdeZPa
DdxBnuOr6Ena8loa2SIjpecDzxMjkF0FL7FyIRPCft81z0YiS+sujIq8iWG3BAcX
z5ySfeEqZ3AxCV3cPMIE6WwDe0faDFR9U1fu0/480q2MIk3PP0VM2qx4uCA0R3Gd
QPr76WS+Uc8/caqGLO1+uY8CAwEAAQ==
-----END PUBLIC KEY-----
SPKI Hash/eHCGnNE53OlnDEVjzaQx51Uft7cqS8xA4vik1mxpG4=

Certificate for 'Let's Encrypt Authority X3'

Certificate Data
Hostname Not Expired Issuer CRL OCSP Signing Type

 

 

CA Certificate
CountryUS
OrganizationLet's Encrypt
Common NameLet's Encrypt Authority X3
TypeOrganization Validation
Full Subject/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
Issuer
OrganizationDigital Signature Trust Co.
Common NameDST Root CA X3
Validity
Valid From - Thu, 17 Mar 2016 16:40:46 +0000
Valid Until - Wed, 17 Mar 2021 16:40:46 +0000
CRL - Not on CRL: http://crl.identrust.com/DSTROOTCAX3CRL.crl
Last update: Oct 16 19:26:17 2019 GMT
Next update: Nov 15 19:26:17 2019 GMT
OCSPNo issuer certificate provided. Unable to send OCSP request.
Hostname ValidationNot applicable, this seems to be a CA signing certificate.
Details
Purposessslclient sslserver smimesign crlsign any ocsphelper
Purposes CAsslclient sslserver nssslserver smimesign smimeencrypt crlsign any ocsphelper timestampsign
SerialA0:14:14:20:00:00:15:38:57:36:A0:B8:5E:CA:70:8
Key Size / Type2048 bits rsa
Weak debian keyThis is not a weak debian key.
Signature Algorithmsha256WithRSAEncryption
Hashes
MD5b15409274f54ad8f023d3b85a5ecec5d
SHA1e6a3b45b062d509b3382282d196efe97d5956ccb
SHA25625847d668eb4f04fdd40b12b6b0740c567da7d024308eb6c2c96fe41d9de218d
SHA384fb9e2e20e8912db0c8e3ad1d68705eb783586a89f1b89570e7f48465bfd28b68
9e83c6120c0ddfc54e971f02dcb11bf1
SHA5122e1e12dacb350e69317a7f37d769f46f16f437cf8d392319279c93515e5600ba
ed3d3acd5dc83b673e8c60cf7fba0dce00a4d162a3b966a3ebf72487c376fca0
TLSA DNS

Please note that the DNSSEC chain is not validated. The status of the DNSSEC signature will not show up here.
More information about TLSA and DNSSEC. - Simple TLSA record generator here.

Extensions
basicConstraints
CA:TRUE, pathlen:0
keyUsage
Digital Signature, Certificate Sign, CRL Sign
authorityInfoAccess
OCSP - URI:http://isrg.trustid.ocsp.identrust.com
CA Issuers - URI:http://apps.identrust.com/roots/dstrootcax3.p7c
authorityKeyIdentifier
keyid:C4:A7:B1:A4:7B:2C:71:FA:DB:E1:4B:90:75:FF:C4:15:60:85:89:10
certificatePolicies
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
  CPS: http://cps.root-x1.letsencrypt.org
crlDistributionPoints
Full Name:
  URI:http://crl.identrust.com/DSTROOTCAX3CRL.crl
subjectKeyIdentifier
A8:4A:6A:63:04:7D:DD:BA:E6:D1:39:B7:A6:45:65:EF:F3:A8:EC:A1
Certificate PEM
-----BEGIN CERTIFICATE-----
MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow
SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT
GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF
q6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8
SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0
Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWA
a6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj
/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0T
AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG
CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv
bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k
c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw
VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC
ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz
MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu
Y3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF
AAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo
uM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/
wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu
X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG
PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6
KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg==
-----END CERTIFICATE-----
Public Key PEM
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7No
YzDq1zUmGSXhvb418XCSL7e4S0EFq6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf
15Gan/PQeGdxyGkOlZHP/uaZ6WA8SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K
671B5TaYucv9bTyWaN8jKkKQDIZ0Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+X
hq+w3Brvaw2VFn3EK6BlspkENnWAa6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiV
FrqoM7hD8bEfwzB/onkxEz0tNvjj/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3D
kwIDAQAB
-----END PUBLIC KEY-----
SPKI HashYLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg=

Certificate Transparency Submission

Information about Certificate Transparency

CT Log URLhttps://ct.googleapis.com/pilot
Sct version0
IdpLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BA=
Timestamp1567041555202
Extensions
SignatureBAMARjBEAiBQIFlcNWTn9NStxlwfuonUhKRxax6y2GhKt+BZcS5f6wIgZpd7gWhXy
IjmdZq2XtG6qSzebNkDxbyJ/IWyzGNuj9o=