This check checks if the CSR's name contains a field with no value. For example, the CSR Decoder would issue a warning about the name given below because the locality field is present, but has no value.
CN=www.acme.com, O=acme, L=, C=gb
The reason for this warning is that some CAs may reject CSRs that contain fields with empty values.
Checks for weak RSA keys generated by Debian-based
systems.
In May 2008, the Debian team announced that Luciano Bello
had discovered a vulnerabilty in the
Debian OpenSSL package. The impact was that all SSL and SSH
keys generated on Debian-based systems (including Ubuntu)
released between September 2006 and May 13th 2008 may be affected.
The Debian Security Team disclosed
this vulnerability in
Debian Security Advisory 1571.
The best resource on this vulnerability is the
Debian Wiki.
We have also written about this in our
CSR FAQ.
NIST recommends a minimum RSA key size of 2048-bits
after 31 December 2010.
For a number of years now many prominent voices in the security
community have suggested a move away from 1024-bit RSA key lengths by the end of 2010. In Special Publication 800-57 NIST recommends that 1024-bit RSA keys only be used to protect data until 2010. In 2003, RSA Labs published a document that recommended 1024-bit RSA keys should not be used to protect data with a lifetime beyond 2010.This check warns you if the RSA key size is less than 2048 bits
This SSL Checker will test your SSL certificate and help identify
any problems with it.
SSL Certificate Summary
Subject
| RDN |
Value |
| Common Name (CN) |
connect.raiffeisen.ru |
| Organizational Unit (OU) |
Electronic Banking Department |
| Organization (O) |
ZAO Raiffeisenbank |
| Locality (L) |
Moscow |
| State (ST) |
Moscow |
| Country (C) |
RU |
Properties
| Property |
Value |
| Issuer Company |
Thawte, Inc. |
| Issuer Full Name |
CN = Thawte SGC CA - G2,O = "Thawte, Inc.",C = US |
| Subject |
CN = connect.raiffeisen.ru,OU = Electronic Banking Department,O = ZAO Raiffeisenbank,L = Moscow,ST = Moscow,C = RU |
| Valid From |
Nov. 18, 2010, midnight |
| Valid To |
Dec. 17, 2012, 11:59 p.m. |
| Serial Number |
30:28:08:8A:22:39:35:F9:3C:40:6F:F8:5D:8B:95:A7 (64010808875372265175014164031473423783) |
| CA Cert |
No |
| Key Size |
2048 bits |
| Fingerprint (SHA-1) |
D8:54:4C:AB:31:AC:1F:C4:3E:F0:8C:0F:80:B9:4C:1B:73:95:FB:1E |
| Fingerprint (MD5) |
DF:D3:62:7E:1D:07:BD:9C:85:B3:6D:29:8F:93:EE:EA |
| SANS |
|
Detailed Information
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
30:28:08:8a:22:39:35:f9:3c:40:6f:f8:5d:8b:95:a7
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, O=Thawte, Inc., CN=Thawte SGC CA - G2
Validity
Not Before: Nov 18 00:00:00 2010 GMT
Not After : Dec 17 23:59:59 2012 GMT
Subject: C=RU, ST=Moscow, L=Moscow, O=ZAO Raiffeisenbank, OU=Electronic Banking Department, CN=connect.raiffeisen.ru
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
00:c5:90:b3:73:46:8b:95:27:8a:32:9a:65:18:9b:
24:d5:e3:2d:85:ab:bf:fd:95:65:88:98:54:f5:0d:
bb:60:90:6b:b7:7e:c1:e4:da:c7:58:fa:eb:60:c8:
68:9e:e7:47:68:5d:9f:cd:7f:55:e4:80:ee:b4:80:
26:e9:3c:b9:7d:f4:aa:75:37:b6:55:10:26:ac:b0:
9a:9b:8f:64:4c:23:18:66:ef:f4:39:75:c1:3f:c9:
b3:ba:a5:dc:e5:f2:cd:5c:34:c9:07:d3:b3:18:7b:
54:10:21:6c:09:7f:3a:27:09:4c:4e:25:bd:70:48:
5c:31:55:a2:d0:82:bd:16:9c:8f:d9:5e:7a:3a:13:
95:18:62:e5:75:e1:79:52:c2:62:0e:2e:5d:e1:84:
b2:43:c8:0c:c1:04:8f:95:f1:1e:bb:a9:3b:dd:19:
87:0f:41:46:26:2e:f8:b5:fe:33:5b:d5:05:48:0e:
2f:97:db:f6:cc:45:95:f8:0d:92:e0:d4:7a:05:0d:
cb:1f:d3:03:db:46:1f:b3:db:2e:38:b6:33:70:f8:
64:92:4f:36:09:68:7b:d7:54:a1:05:5d:e9:10:ae:
c8:0e:99:e5:0f:03:69:9c:32:57:25:79:41:50:6a:
67:d2:25:29:e8:76:73:e3:4f:d2:3f:b1:a4:12:74:
fe:05
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 CRL Distribution Points:
URI:http://svr-sgc-crl.thawte.com/ThawteSGCG2.crl
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto
Authority Information Access:
OCSP - URI:http://ocsp.thawte.com
CA Issuers - URI:http://svr-sgc-aia.thawte.com/ThawteSGCG2.cer
Signature Algorithm: sha1WithRSAEncryption
5f:c6:b7:de:f6:49:d2:46:4d:8a:9e:76:b6:a5:78:e2:92:27:
c6:b5:60:da:36:c1:92:8c:fe:ff:07:53:63:f9:5b:79:50:15:
ca:23:d3:95:18:c3:88:4c:87:c8:6a:68:3d:05:e7:0b:12:8d:
27:41:05:e4:b5:bf:4e:1f:15:4f:0c:55:0e:58:06:8d:56:6c:
e2:c6:3d:ff:17:2a:b6:11:40:40:7c:32:de:e3:37:3a:a0:89:
ba:be:05:1b:9d:37:a0:9b:a8:bd:5b:be:dd:67:28:b3:6f:01:
69:72:86:3b:cf:39:ed:ee:43:84:a4:11:78:37:70:7d:68:2a:
ce:f2:9e:fc:75:b0:86:8c:f5:eb:c3:e3:f5:ea:31:74:b2:8d:
a1:8a:b3:3d:25:03:73:b2:21:bd:aa:97:ea:e4:8a:10:0c:eb:
f3:37:32:b3:b0:15:9b:70:8b:12:58:2f:82:bc:50:2d:ea:6a:
b4:36:3d:08:2b:c8:24:dd:15:8c:7f:0d:46:fa:c3:7f:2e:37:
24:57:ea:d6:35:cb:25:31:91:ad:4e:14:06:cd:07:9d:82:8b:
f7:e4:93:74:6d:20:d6:62:d4:49:04:6b:c5:c5:72:63:9a:3f:
06:2b:14:24:92:8c:ad:97:c6:34:3d:41:0c:83:fc:49:6a:dd:
34:16:b8:27
Certificates Received
Certificate - connect.raiffeisen.ru
| Property |
Value |
| Issuer Company |
Thawte, Inc. |
| Issuer Full Name |
CN = Thawte SGC CA - G2,O = "Thawte, Inc.",C = US |
| Subject |
CN = connect.raiffeisen.ru,OU = Electronic Banking Department,O = ZAO Raiffeisenbank,L = Moscow,ST = Moscow,C = RU |
| Valid From |
Nov. 18, 2010, midnight |
| Valid To |
Dec. 17, 2012, 11:59 p.m. |
| Serial Number |
30:28:08:8A:22:39:35:F9:3C:40:6F:F8:5D:8B:95:A7 (64010808875372265175014164031473423783) |
| CA Cert |
No |
| Key Size |
2048 bits |
| Fingerprint (SHA-1) |
D8:54:4C:AB:31:AC:1F:C4:3E:F0:8C:0F:80:B9:4C:1B:73:95:FB:1E |
| Fingerprint (MD5) |
DF:D3:62:7E:1D:07:BD:9C:85:B3:6D:29:8F:93:EE:EA |
| PEM |
-----BEGIN CERTIFICATE-----
MIIESzCCAzOgAwIBAgIQMCgIiiI5Nfk8QG/4XYuVpzANBgkqhkiG9w0BAQUFADBB
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMVGhhd3RlLCBJbmMuMRswGQYDVQQDExJU
aGF3dGUgU0dDIENBIC0gRzIwHhcNMTAxMTE4MDAwMDAwWhcNMTIxMjE3MjM1OTU5
WjCBlDELMAkGA1UEBhMCUlUxDzANBgNVBAgTBk1vc2NvdzEPMA0GA1UEBxQGTW9z
Y293MRswGQYDVQQKFBJaQU8gUmFpZmZlaXNlbmJhbmsxJjAkBgNVBAsUHUVsZWN0
cm9uaWMgQmFua2luZyBEZXBhcnRtZW50MR4wHAYDVQQDFBVjb25uZWN0LnJhaWZm
ZWlzZW4ucnUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFkLNzRouV
J4oymmUYmyTV4y2Fq7/9lWWImFT1DbtgkGu3fsHk2sdY+utgyGie50doXZ/Nf1Xk
gO60gCbpPLl99Kp1N7ZVECassJqbj2RMIxhm7/Q5dcE/ybO6pdzl8s1cNMkH07MY
e1QQIWwJfzonCUxOJb1wSFwxVaLQgr0WnI/ZXno6E5UYYuV14XlSwmIOLl3hhLJD
yAzBBI+V8R67qTvdGYcPQUYmLvi1/jNb1QVIDi+X2/bMRZX4DZLg1HoFDcsf0wPb
Rh+z2y44tjNw+GSSTzYJaHvXVKEFXekQrsgOmeUPA2mcMlcleUFQamfSJSnodnPj
T9I/saQSdP4FAgMBAAGjgeowgecwDAYDVR0TAQH/BAIwADA+BgNVHR8ENzA1MDOg
MaAvhi1odHRwOi8vc3ZyLXNnYy1jcmwudGhhd3RlLmNvbS9UaGF3dGVTR0NHMi5j
cmwwKAYDVR0lBCEwHwYIKwYBBQUHAwEGCCsGAQUFBwMCBglghkgBhvhCBAEwbQYI
KwYBBQUHAQEEYTBfMCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC50aGF3dGUuY29t
MDkGCCsGAQUFBzAChi1odHRwOi8vc3ZyLXNnYy1haWEudGhhd3RlLmNvbS9UaGF3
dGVTR0NHMi5jZXIwDQYJKoZIhvcNAQEFBQADggEBAF/Gt972SdJGTYqedraleOKS
J8a1YNo2wZKM/v8HU2P5W3lQFcoj05UYw4hMh8hqaD0F5wsSjSdBBeS1v04fFU8M
VQ5YBo1WbOLGPf8XKrYRQEB8Mt7jNzqgibq+BRudN6CbqL1bvt1nKLNvAWlyhjvP
Oe3uQ4SkEXg3cH1oKs7ynvx1sIaM9evD4/XqMXSyjaGKsz0lA3OyIb2ql+rkihAM
6/M3MrOwFZtwixJYL4K8UC3qarQ2PQgryCTdFYx/DUb6w38uNyRX6tY1yyUxka1O
FAbNB52Ci/fkk3RtINZi1EkEa8XFcmOaPwYrFCSSjK2XxjQ9QQyD/Elq3TQWuCc=
-----END CERTIFICATE-----
|
Certificate - Thawte SGC CA - G2
| Property |
Value |
| Issuer Company |
VeriSign, Inc. |
| Issuer Full Name |
CN = VeriSign Class 3 Public Primary Certification Authority - G5,OU = "(c) 2006 VeriSign, Inc. - For authorized use only",OU = VeriSign Trust Network,O = "VeriSign, Inc.",C = US |
| Subject |
CN = Thawte SGC CA - G2,O = Thawte\, Inc.,C = US |
| Valid From |
July 29, 2010, midnight |
| Valid To |
July 28, 2020, 11:59 p.m. |
| Serial Number |
18:A2:23:6C:D7:27:C7:52:8D:F6:7B:4B:85:6E:FF:ED (32743342497485668866873372693735866349) |
| CA Cert |
Yes |
| Key Size |
2048 bits |
| Fingerprint (SHA-1) |
BE:BC:70:D3:DF:2B:3F:8F:55:AE:D9:83:BF:20:F2:E3:B2:1A:36:F6 |
| Fingerprint (MD5) |
E0:08:48:A4:3C:BA:3E:49:0F:79:70:6E:B3:54:8C:AC |
| PEM |
-----BEGIN CERTIFICATE-----
MIIEyzCCA7OgAwIBAgIQGKIjbNcnx1KN9ntLhW7/7TANBgkqhkiG9w0BAQUFADCB
yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp
U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW
ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0
aG9yaXR5IC0gRzUwHhcNMTAwNzI5MDAwMDAwWhcNMjAwNzI4MjM1OTU5WjBBMQsw
CQYDVQQGEwJVUzEVMBMGA1UEChMMVGhhd3RlLCBJbmMuMRswGQYDVQQDExJUaGF3
dGUgU0dDIENBIC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDN
2elcVUzG/SYNPJ1WOnpGAgXr8MKtvhIvWf9nNSnZadlNNz5th0m8u9UWYkQpcZZc
pifoxZz8GQspry5c2guPv+1TFaeCNTBeCDYyJDY2GuRyK8RoSKR4HzM0IP6Xbpys
Ov3m/YNfdYNxXZDfvUhXbRAmr29B2Mx4nj2chSiJQzGrp26hvALmvo/DY6RkaDsb
w9ozyHtaH9YIcrI2NBjTIE+Y6AKT31CyZ8g9lmRVx2klCrohNnDTWaiC0lRtTgZa
4dgHjTW40BahdP5KG3CoqUOagCegQLdv+eOoqB6KkzyWNqeI6TadwePvtn4CN2IJ
14vGcNkyUJqxpx5UIR5JAgMBAAGjggEzMIIBLzAyBggrBgEFBQcBAQQmMCQwIgYI
KwYBBQUHMAGGFmh0dHA6Ly9vY3NwLnRoYXd0ZS5jb20wEgYDVR0TAQH/BAgwBgEB
/wIBADA0BgNVHR8ELTArMCmgJ6AlhiNodHRwOi8vY3JsLnZlcmlzaWduLmNvbS9w
Y2EzLWc1LmNybDA0BgNVHSUELTArBggrBgEFBQcDAQYIKwYBBQUHAwIGCWCGSAGG
+EIEAQYKYIZIAYb4RQEIATAOBgNVHQ8BAf8EBAMCAQYwKQYDVR0RBCIwIKQeMBwx
GjAYBgNVBAMTEVZlcmlTaWduTVBLSS0yLTE3MB0GA1UdDgQWBBQkwMCkSTxSCxLY
kgxR0YenTVR1LDAfBgNVHSMEGDAWgBR/02Wnwt3su/AwCfNDOfoCrzMxMzANBgkq
hkiG9w0BAQUFAAOCAQEAONp2NRhJMjTwtOgoCEXrj2I+mSFyd5XgNoKz/6t/Emzh
HBDJVJjlDDF0zIB6oCanRcgRTHbk0KmxyJKjgHkmDY3PyEdjLRM8wpY01wBCOkqL
nhep3MlQxUDhKUVhIvWzsIh4ja6hjVBvRIJ0UocVDBxO8hY32sEFadkBVO7NcUn2
bFZ8dXPiip+maddgnwTDo5+BYLPFvaVV0GnbRZhkIPLAi4xO6VdSNqu7U2cwiWMT
KPNE0UN2tIFoKgchP4/0Z9MIoHnezLlTLR9E01ScowdNigg0Td0Xev6ta0uZtgDJ
YnZ+mJqiSRyGvrJVlSwtJyG8GbDxPq220Rre7bbuNQ==
-----END CERTIFICATE-----
|
