This check checks if the CSR's name contains a field with no value. For example, the CSR Decoder would issue a warning about the name given below because the locality field is present, but has no value.
CN=www.acme.com, O=acme, L=, C=gb
The reason for this warning is that some CAs may reject CSRs that contain fields with empty values.
Checks for weak RSA keys generated by Debian-based
systems.
In May 2008, the Debian team announced that Luciano Bello
had discovered a vulnerabilty in the
Debian OpenSSL package. The impact was that all SSL and SSH
keys generated on Debian-based systems (including Ubuntu)
released between September 2006 and May 13th 2008 may be affected.
The Debian Security Team disclosed
this vulnerability in
Debian Security Advisory 1571.
The best resource on this vulnerability is the
Debian Wiki.
We have also written about this in our
CSR FAQ.
NIST recommends a minimum RSA key size of 2048-bits
after 31 December 2010.
For a number of years now many prominent voices in the security
community have suggested a move away from 1024-bit RSA key lengths by the end of 2010. In Special Publication 800-57 NIST recommends that 1024-bit RSA keys only be used to protect data until 2010. In 2003, RSA Labs published a document that recommended 1024-bit RSA keys should not be used to protect data with a lifetime beyond 2010.This check warns you if the RSA key size is less than 2048 bits
This SSL Checker will test your SSL certificate and help identify
any problems with it.
SSL Certificate Summary
Subject
| RDN |
Value |
| emailAddress |
postmaster@circle.ms |
| Common Name (CN) |
www.circle.ms |
| Country (C) |
JP |
| description |
RGK2GOt48c7bO7yk |
Properties
| Property |
Value |
| Issuer Company |
StartCom Ltd. |
| Issuer Full Name |
CN = StartCom Class 1 Primary Intermediate Server CA,OU = Secure Digital Certificate Signing,O = StartCom Ltd.,C = IL |
| Subject |
emailAddress = postmaster@circle.ms,CN = www.circle.ms,C = JP,description = RGK2GOt48c7bO7yk |
| Valid From |
Jan. 30, 2012, 11:40 a.m. |
| Valid To |
Jan. 30, 2013, 9:53 a.m. |
| Serial Number |
05:4E:45 (347717) |
| CA Cert |
No |
| Key Size |
2048 bits |
| Fingerprint (SHA-1) |
20:6F:78:0D:7D:84:DD:8A:6A:79:47:81:90:D8:8F:8B:5C:A1:95:F6 |
| Fingerprint (MD5) |
10:31:A2:1C:C8:4B:8F:07:A8:E8:D7:F0:B5:95:A5:56 |
| SANS |
www.circle.ms, circle.ms |
Detailed Information
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 347717 (0x54e45)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Class 1 Primary Intermediate Server CA
Validity
Not Before: Jan 30 11:40:41 2012 GMT
Not After : Jan 30 09:53:17 2013 GMT
Subject: description=RGK2GOt48c7bO7yk, C=JP, CN=www.circle.ms/emailAddress=postmaster@circle.ms
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
00:99:03:95:87:e3:3f:6a:b9:b0:c6:3d:ab:5c:89:
56:b1:76:bc:ca:3d:9e:bc:4d:a9:2d:c0:66:8c:d6:
01:84:6f:17:fe:33:1e:d7:2e:e0:95:71:e4:b1:71:
c6:b4:ea:61:02:ba:20:33:6a:95:a4:df:1e:12:21:
45:12:a1:f1:9f:90:98:9b:37:d6:63:af:75:fa:c9:
b5:6d:59:e9:e3:f3:ce:b2:42:75:aa:ba:44:32:c6:
50:b8:1c:22:29:88:dd:fd:24:b0:51:69:b4:3a:06:
6f:e1:cf:d4:8d:d9:86:ba:2e:77:f6:ac:cb:84:a9:
a1:10:e3:28:01:35:30:9e:59:38:3d:72:c2:83:c4:
fa:56:db:6c:f6:6f:51:fa:aa:12:f4:cd:d1:1b:a5:
cf:3c:4e:a8:14:13:66:3c:7d:63:25:8c:51:ca:b7:
fe:42:0e:2f:dd:07:76:8d:25:5b:01:19:46:e3:c9:
d3:a8:53:f8:8e:c3:71:6b:ea:98:84:89:32:91:d2:
a1:f9:d1:13:3c:b3:f2:b4:02:16:46:4c:21:01:4a:
fa:64:40:bf:f3:e1:35:b9:17:da:89:72:b6:52:ec:
72:80:7a:58:e4:da:d3:7f:05:31:ed:c7:6b:64:6a:
9f:4a:e2:ba:97:ff:99:6e:17:21:17:00:08:78:54:
05:ed
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage:
Digital Signature, Key Encipherment, Key Agreement
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 Subject Key Identifier:
DE:8A:C7:D0:40:83:B1:99:4F:DF:49:D4:AC:F6:FB:3E:0B:49:3B:FF
X509v3 Authority Key Identifier:
keyid:EB:42:34:D0:98:B0:AB:9F:F4:1B:6B:08:F7:CC:64:2E:EF:0E:2C:45
X509v3 Subject Alternative Name:
DNS:www.circle.ms, DNS:circle.ms
X509v3 Certificate Policies:
Policy: 1.3.6.1.4.1.23223.1.2.2
CPS: http://www.startssl.com/policy.pdf
CPS: http://www.startssl.com/intermediate.pdf
User Notice:
Organization: StartCom Certification Authority
Number: 1
Explicit Text: This certificate was issued according to the Class 1 Validation requirements of the StartCom CA policy, reliance only for the intended purpose in compliance of the relying party obligations.
User Notice:
Organization: StartCom Certification Authority
Number: 2
Explicit Text: Liability and warranties are limited! See section "Legal and Limitations" of the StartCom CA policy.
X509v3 CRL Distribution Points:
URI:http://crl.startssl.com/crt1-crl.crl
Authority Information Access:
OCSP - URI:http://ocsp.startssl.com/sub/class1/server/ca
CA Issuers - URI:http://aia.startssl.com/certs/sub.class1.server.ca.crt
X509v3 Issuer Alternative Name:
URI:http://www.startssl.com/
Signature Algorithm: sha1WithRSAEncryption
9c:15:0a:c3:8b:c0:c1:ba:51:81:fb:99:0e:f0:c7:4c:37:cb:
3d:d2:04:62:49:24:be:fe:32:4d:ba:82:fd:e0:a3:81:11:22:
41:8b:74:d9:45:2f:79:4c:7a:91:b8:49:e3:6b:db:2d:c6:4d:
98:78:92:2b:7d:a4:bb:89:88:18:d5:c9:31:8b:ef:23:74:42:
c0:cc:56:46:b8:75:e3:71:72:c9:a6:b3:34:47:9c:2a:2a:a9:
8b:78:64:46:e5:d5:99:ed:c2:22:76:29:a4:f5:49:a8:21:64:
eb:f2:16:3c:cf:8a:49:cf:38:3d:35:fc:73:d0:73:7b:a3:46:
23:f4:78:8f:e2:a3:28:2b:ed:0e:b7:ff:07:a5:5e:aa:c5:d4:
9c:78:f4:1f:ff:55:32:63:b6:25:61:b0:e5:6d:7e:7c:56:46:
c2:e7:ef:49:04:24:61:ab:cc:03:84:cc:7d:8d:cd:d3:79:c6:
d8:60:8c:e0:7d:e2:c1:3a:74:d3:0a:2f:68:c4:12:57:b5:ba:
99:ae:7d:33:2f:3f:a4:3e:e2:92:12:ec:24:52:b7:28:c2:6a:
4d:ac:41:fb:86:b0:74:97:b3:a5:af:77:7a:28:c6:ba:e3:17:
6d:ed:b8:b4:94:23:31:53:04:79:fb:7b:f6:4d:66:d5:4e:8e:
34:93:4a:56
Certificates Received
Certificate - www.circle.ms
| Property |
Value |
| Issuer Company |
StartCom Ltd. |
| Issuer Full Name |
CN = StartCom Class 1 Primary Intermediate Server CA,OU = Secure Digital Certificate Signing,O = StartCom Ltd.,C = IL |
| Subject |
emailAddress = postmaster@circle.ms,CN = www.circle.ms,C = JP,description = RGK2GOt48c7bO7yk |
| Valid From |
Jan. 30, 2012, 11:40 a.m. |
| Valid To |
Jan. 30, 2013, 9:53 a.m. |
| Serial Number |
05:4E:45 (347717) |
| CA Cert |
No |
| Key Size |
2048 bits |
| Fingerprint (SHA-1) |
20:6F:78:0D:7D:84:DD:8A:6A:79:47:81:90:D8:8F:8B:5C:A1:95:F6 |
| Fingerprint (MD5) |
10:31:A2:1C:C8:4B:8F:07:A8:E8:D7:F0:B5:95:A5:56 |
| PEM |
-----BEGIN CERTIFICATE-----
MIIHGTCCBgGgAwIBAgIDBU5FMA0GCSqGSIb3DQEBBQUAMIGMMQswCQYDVQQGEwJJ
TDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0
YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMvU3RhcnRDb20gQ2xhc3Mg
MSBQcmltYXJ5IEludGVybWVkaWF0ZSBTZXJ2ZXIgQ0EwHhcNMTIwMTMwMTE0MDQx
WhcNMTMwMTMwMDk1MzE3WjBlMRkwFwYDVQQNExBSR0syR090NDhjN2JPN3lrMQsw
CQYDVQQGEwJKUDEWMBQGA1UEAxMNd3d3LmNpcmNsZS5tczEjMCEGCSqGSIb3DQEJ
ARYUcG9zdG1hc3RlckBjaXJjbGUubXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQCZA5WH4z9qubDGPatciVaxdrzKPZ68TaktwGaM1gGEbxf+Mx7XLuCV
ceSxcca06mECuiAzapWk3x4SIUUSofGfkJibN9Zjr3X6ybVtWenj886yQnWqukQy
xlC4HCIpiN39JLBRabQ6Bm/hz9SN2Ya6Lnf2rMuEqaEQ4ygBNTCeWTg9csKDxPpW
22z2b1H6qhL0zdEbpc88TqgUE2Y8fWMljFHKt/5CDi/dB3aNJVsBGUbjydOoU/iO
w3Fr6piEiTKR0qH50RM8s/K0AhZGTCEBSvpkQL/z4TW5F9qJcrZS7HKAeljk2tN/
BTHtx2tkap9K4rqX/5luFyEXAAh4VAXtAgMBAAGjggOoMIIDpDAJBgNVHRMEAjAA
MAsGA1UdDwQEAwIDqDATBgNVHSUEDDAKBggrBgEFBQcDATAdBgNVHQ4EFgQU3orH
0ECDsZlP30nUrPb7PgtJO/8wHwYDVR0jBBgwFoAU60I00Jiwq5/0G2sI98xkLu8O
LEUwIwYDVR0RBBwwGoINd3d3LmNpcmNsZS5tc4IJY2lyY2xlLm1zMIICIQYDVR0g
BIICGDCCAhQwggIQBgsrBgEEAYG1NwECAjCCAf8wLgYIKwYBBQUHAgEWImh0dHA6
Ly93d3cuc3RhcnRzc2wuY29tL3BvbGljeS5wZGYwNAYIKwYBBQUHAgEWKGh0dHA6
Ly93d3cuc3RhcnRzc2wuY29tL2ludGVybWVkaWF0ZS5wZGYwgfcGCCsGAQUFBwIC
MIHqMCcWIFN0YXJ0Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MAMCAQEagb5U
aGlzIGNlcnRpZmljYXRlIHdhcyBpc3N1ZWQgYWNjb3JkaW5nIHRvIHRoZSBDbGFz
cyAxIFZhbGlkYXRpb24gcmVxdWlyZW1lbnRzIG9mIHRoZSBTdGFydENvbSBDQSBw
b2xpY3ksIHJlbGlhbmNlIG9ubHkgZm9yIHRoZSBpbnRlbmRlZCBwdXJwb3NlIGlu
IGNvbXBsaWFuY2Ugb2YgdGhlIHJlbHlpbmcgcGFydHkgb2JsaWdhdGlvbnMuMIGc
BggrBgEFBQcCAjCBjzAnFiBTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0
eTADAgECGmRMaWFiaWxpdHkgYW5kIHdhcnJhbnRpZXMgYXJlIGxpbWl0ZWQhIFNl
ZSBzZWN0aW9uICJMZWdhbCBhbmQgTGltaXRhdGlvbnMiIG9mIHRoZSBTdGFydENv
bSBDQSBwb2xpY3kuMDUGA1UdHwQuMCwwKqAooCaGJGh0dHA6Ly9jcmwuc3RhcnRz
c2wuY29tL2NydDEtY3JsLmNybDCBjgYIKwYBBQUHAQEEgYEwfzA5BggrBgEFBQcw
AYYtaHR0cDovL29jc3Auc3RhcnRzc2wuY29tL3N1Yi9jbGFzczEvc2VydmVyL2Nh
MEIGCCsGAQUFBzAChjZodHRwOi8vYWlhLnN0YXJ0c3NsLmNvbS9jZXJ0cy9zdWIu
Y2xhc3MxLnNlcnZlci5jYS5jcnQwIwYDVR0SBBwwGoYYaHR0cDovL3d3dy5zdGFy
dHNzbC5jb20vMA0GCSqGSIb3DQEBBQUAA4IBAQCcFQrDi8DBulGB+5kO8MdMN8s9
0gRiSSS+/jJNuoL94KOBESJBi3TZRS95THqRuEnja9stxk2YeJIrfaS7iYgY1ckx
i+8jdELAzFZGuHXjcXLJprM0R5wqKqmLeGRG5dWZ7cIidimk9UmoIWTr8hY8z4pJ
zzg9Nfxz0HN7o0Yj9HiP4qMoK+0Ot/8HpV6qxdScePQf/1UyY7YlYbDlbX58VkbC
5+9JBCRhq8wDhMx9jc3TecbYYIzgfeLBOnTTCi9oxBJXtbqZrn0zLz+kPuKSEuwk
UrcowmpNrEH7hrB0l7Olr3d6KMa64xdt7bi0lCMxUwR5+3v2TWbVTo40k0pW
-----END CERTIFICATE-----
|
Certificate - StartCom Class 1 Primary Intermediate Server CA
| Property |
Value |
| Issuer Company |
StartCom Ltd. |
| Issuer Full Name |
CN = StartCom Certification Authority,OU = Secure Digital Certificate Signing,O = StartCom Ltd.,C = IL |
| Subject |
CN = StartCom Class 1 Primary Intermediate Server CA,OU = Secure Digital Certificate Signing,O = StartCom Ltd.,C = IL |
| Valid From |
Oct. 24, 2007, 8:54 p.m. |
| Valid To |
Oct. 24, 2017, 8:54 p.m. |
| Serial Number |
18 (24) |
| CA Cert |
Yes |
| Key Size |
2048 bits |
| Fingerprint (SHA-1) |
F6:91:FC:87:EF:B3:13:53:54:22:5A:10:E1:27:E9:11:D1:C7:F8:CF |
| Fingerprint (MD5) |
30:B0:5A:F7:B2:F4:BE:0C:28:67:15:EA:CC:5B:24:20 |
| PEM |
-----BEGIN CERTIFICATE-----
MIIGNDCCBBygAwIBAgIBGDANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJJTDEW
MBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwg
Q2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3RhcnRDb20gQ2VydGlmaWNh
dGlvbiBBdXRob3JpdHkwHhcNMDcxMDI0MjA1NDE3WhcNMTcxMDI0MjA1NDE3WjCB
jDELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsT
IlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxODA2BgNVBAMTL1N0
YXJ0Q29tIENsYXNzIDEgUHJpbWFyeSBJbnRlcm1lZGlhdGUgU2VydmVyIENBMIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtonGrO8JUngHrJJj0PREGBiE
gFYfka7hh/oyULTTRwbw5gdfcA4Q9x3AzhA2NIVaD5Ksg8asWFI/ujjo/OenJOJA
pgh2wJJuniptTT9uYSAK21ne0n1jsz5G/vohURjXzTCm7QduO3CHtPn66+6CPAVv
kvek3AowHpNz/gfK11+AnSJYUq4G2ouHI2mw5CrY6oPSvfNx23BaKA+vWjhwRRI/
ME3NO68X5Q/LoKldSKqxYVDLNM08XMML6BDAjJvwAwNi/rJsPnIO7hxDKslIDlc5
xDEhyBDBLIf+VJVSH1I8MRKbf+fAoKVZ1eKPPvDVqOHXcDGpxLPPr21TLwb0pwID
AQABo4IBrTCCAakwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYD
VR0OBBYEFOtCNNCYsKuf9BtrCPfMZC7vDixFMB8GA1UdIwQYMBaAFE4L7xqkQFul
F2mHMMo0aEPQQa7yMGYGCCsGAQUFBwEBBFowWDAnBggrBgEFBQcwAYYbaHR0cDov
L29jc3Auc3RhcnRzc2wuY29tL2NhMC0GCCsGAQUFBzAChiFodHRwOi8vd3d3LnN0
YXJ0c3NsLmNvbS9zZnNjYS5jcnQwWwYDVR0fBFQwUjAnoCWgI4YhaHR0cDovL3d3
dy5zdGFydHNzbC5jb20vc2ZzY2EuY3JsMCegJaAjhiFodHRwOi8vY3JsLnN0YXJ0
c3NsLmNvbS9zZnNjYS5jcmwwgYAGA1UdIAR5MHcwdQYLKwYBBAGBtTcBAgEwZjAu
BggrBgEFBQcCARYiaHR0cDovL3d3dy5zdGFydHNzbC5jb20vcG9saWN5LnBkZjA0
BggrBgEFBQcCARYoaHR0cDovL3d3dy5zdGFydHNzbC5jb20vaW50ZXJtZWRpYXRl
LnBkZjANBgkqhkiG9w0BAQUFAAOCAgEAIQlJPqWIbuALi0jaMU2P91ZXouHTYlfp
tVbzhUV1O+VQHwSL5qBaPucAroXQ+/8gA2TLrQLhxpFy+KNN1t7ozD+hiqLjfDen
xk+PNdb01m4Ge90h2c9W/8swIkn+iQTzheWq8ecf6HWQTd35RvdCNPdFWAwRDYSw
xtpdPvkBnufh2lWVvnQce/xNFE+sflVHfXv0pQ1JHpXo9xLBzP92piVH0PN1Nb6X
t1gW66pceG/sUzCv6gRNzKkC4/C2BBL2MLERPZBOVmTX3DxDX3M570uvh+v2/miI
RHLq0gfGabDBoYvvF0nXYbFFSF87ICHpW7LM9NfpMfULFWE7epTj69m8f5SuauNi
YpaoZHy4h/OZMn6SolK+u/hlz8nyMPyLwcKmltdfieFcNID1j0cHL7SRv7Gifl9L
WtBbnySGBVFaaQNlQ0lxxeBvlDRr9hvYqbBMflPrj0jfyjO1SPo2ShpTpjMM0InN
SRXNiTE8kMBy12VLUjWKRhFEuT2OKGWmPnmeXAhEKa2wNREuIU640ucQPl2Eg7PD
wuTSxv0JS3QJ3fGz0xk+gA2iCxnwOOfFwq/iI9th4p1cbiCJSS4jarJiwUW0n6+L
p/EiO/h94pDQehn7Skzj0n1fSoMD7SfWI55rjbRZotnvbIIp3XUZPD9MEI3vu3Un
0q6Dp6jOW6c=
-----END CERTIFICATE-----
|
