DigiCert.com SSL Certificate Checker Failed Example
Is there any example of server certificate failed the validation with DigiCert.com SSL Certificate Checker?
Here is an example of server certificate failed to pass the validation of DigiCert.com SSL Certificate Checker.
1. Go to https://www.digicert.com/help/.
2. Enter this URL: www.wikipedia.com.
3. Click "CHECK SERVER" button. You will see the output with these sections:
Pass - DNS resolves www.wikipedia.com to 22.214.171.124 - HTTP Server Header: mw1212.eqiad.wmnet
Pass - SSL Certificate -
Common Name = *.wikipedia.org Subject Alternative Names = *.wikipedia.org, mediawiki.org, wikibooks.org... Issuer = GlobalSign Organization Validation CA - SHA256 - G2 Serial Number = 1121A225BA0402D791854854C8BA60686A9B SHA1 Thumbprint = 87F5BABBD897C579B66AF52FD8638B99BD1CE826 Key Length = 256 Signature algorithm = SHA256 + RSA (excellent) Secure Renegotiation: Supported
Pass - SSL Certificate has not been revoked -
OCSP Staple: Good OCSP Origin: Good CRL Status: Good
Pass - SSL Certificate expiration - The certificate expires December 10, 2016 (147 days from today)
Failed - Certificate does not match name www.wikipedia.com -
Server Certificate: Subject *.wikipedia.org Valid from 10/Dec/2015 to 10/Dec/2016 Issuer GlobalSign Organization Validation CA - SHA256 - G2 Intermediate Certificate: Subject GlobalSign Organization Validation CA - SHA256 - G2 Valid from 20/Feb/2014 to 20/Feb/2024 Issuer GlobalSign Root CA
Pass - Heartbleed Vulnerability - This server is not vulnerable to the Heartbleed Bug.
Pass - Protocol Support - TLS 1.2, TLS 1.1, TLS 1.0
Pass - SSL ciphers supported by the server - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, ...
Pass - No known vulnerable Debian keys were found
As you can see, www.wikipedia.com is using a certificate that has different name: www.wikipedia.org. If this happens to your bank Websites, it would be a major security concern.
The picture befow shows you result for www.wikipedia.com
from the Certificate Checker:
2016-10-05, 2477👍, 0💬
Certificate summary - Owner: Thawte SSL CA, "Thawte, Inc.", US Issuer: thawte Primary Root CA, "(c) ...
Certificate Summary: Subject: *.mail.yahoo.com Issuer: DigiCert High Assurance CA-3 Expiration: 2014...
Certificate summary - Owner: *.thepiratebay.se, Domain Control Validated - RapidSSL(R), See www.rapi...
Can Microsoft "certutil" tool validates an expired certificates and reports the expired status? Yes....
What is the structure of certificates? What types of values are recorded in a certificate? The struc...