certificate error ?

George nginx-forum at
Tue Apr 9 14:42:18 UTC 2019

testssl 3.0rc4 output for 


Testing server defaults (Server Hello) 

 TLS extensions (standard)    "server name/#0" "renegotiation info/#65281"
"EC point formats/#11" "session ticket/#35" "heartbeat/#15" "next
protocol/#13172" "application layer protocol negotiation/#16"
 Session Ticket RFC 5077 hint 14400 seconds, session tickets keys seems to
be rotated < daily
 SSL Session ID support       yes
 Session Resumption           Tickets: yes, ID: yes
 TLS clock skew               Random values, no fingerprinting possible 
 Signature Algorithm          SHA256 with RSA
 Server key size              RSA 2048 bits
 Server key usage             Digital Signature, Key Encipherment
 Server extended key usage    TLS Web Server Authentication, TLS Web Client
 Serial / Fingerprints        030D311281F9B8198440D9E1F99E6DCBEA36 / SHA1
 Common Name (CN)    (CN in response to request
w/o SNI: *
 subjectAltName (SAN) 
 Issuer                       Let's Encrypt Authority X3 (Let's Encrypt from
 Trust (hostname)             Ok via SAN (SNI mandatory)
 Chain of trust               Ok   
 EV cert (experimental)       no 
 "eTLS" (visibility info)     not present
 Certificate Validity (UTC)   36 >= 30 days (2019-02-14 15:18 --> 2019-05-15
 # of certificates provided   2
 Certificate Revocation List  --
 OCSP URI           
 OCSP stapling                not offered
 OCSP must staple extension   --
 DNS CAA RR (experimental)    not offered
 Certificate Transparency     yes (certificate extension)

of note

Common Name (CN) (CN in response to request w/o SNI:
subjectAltName (SAN)

Posted at Nginx Forum:,283686,283691#msg-283691

More information about the nginx mailing list