https://hg.nginx.org certificate error ?
George
nginx-forum at forum.nginx.org
Tue Apr 9 14:42:18 UTC 2019
testssl 3.0rc4 output for
testssl hg.nginx.org:443
Testing server defaults (Server Hello)
TLS extensions (standard) "server name/#0" "renegotiation info/#65281"
"EC point formats/#11" "session ticket/#35" "heartbeat/#15" "next
protocol/#13172" "application layer protocol negotiation/#16"
Session Ticket RFC 5077 hint 14400 seconds, session tickets keys seems to
be rotated < daily
SSL Session ID support yes
Session Resumption Tickets: yes, ID: yes
TLS clock skew Random values, no fingerprinting possible
Signature Algorithm SHA256 with RSA
Server key size RSA 2048 bits
Server key usage Digital Signature, Key Encipherment
Server extended key usage TLS Web Server Authentication, TLS Web Client
Authentication
Serial / Fingerprints 030D311281F9B8198440D9E1F99E6DCBEA36 / SHA1
FCFED1288228D3D056CD63018F453AF21F2520E7
SHA256
237EE7B9E1FD73D9462D1730F6C706E4636CE2D85B2372E4936B61EFE58C0111
Common Name (CN) mailman.nginx.org (CN in response to request
w/o SNI: *.nginx.com)
subjectAltName (SAN) hg.nginx.org mailman.nginx.com
mailman.nginx.org trac.nginx.org
Issuer Let's Encrypt Authority X3 (Let's Encrypt from
US)
Trust (hostname) Ok via SAN (SNI mandatory)
Chain of trust Ok
EV cert (experimental) no
"eTLS" (visibility info) not present
Certificate Validity (UTC) 36 >= 30 days (2019-02-14 15:18 --> 2019-05-15
15:18)
# of certificates provided 2
Certificate Revocation List --
OCSP URI http://ocsp.int-x3.letsencrypt.org
OCSP stapling not offered
OCSP must staple extension --
DNS CAA RR (experimental) not offered
Certificate Transparency yes (certificate extension)
of note
Common Name (CN) mailman.nginx.org (CN in response to request w/o SNI:
*.nginx.com)
subjectAltName (SAN) hg.nginx.org mailman.nginx.com mailman.nginx.org
trac.nginx.org
Posted at Nginx Forum: https://forum.nginx.org/read.php?2,283686,283691#msg-283691
More information about the nginx
mailing list