TLS/SSL check of 'expired.badssl.com'

End-Entity certificate verification error

Certificat '*.badssl.com' FAILED the verification

Summary


Host:
expired.badssl.com, 104.154.89.105, port 443


Protocols:
All good
 3 supported protocols: TLS 1.2, TLS 1.1, TLS 1.0


Certificate:
Failed
 Certificate '*.badssl.com': The certificate is expired (NotTimeValid)

Protocol support



Protocol support:
TLS 1.3
No support
TLS 1.2
Supported
TLS 1.1
Supported
TLS 1.0
Supported
SSL 3.0
No support
SSL 2.0
No support

Verification:
TLS 1.2 is supported
 
It is noticable, that TLS 1.3 is not supported. Please consider disableing TLS 1.1, 1.0, SSL3 and SSL2 - as of March 2021, TLS 1.1 and 1.0 was oficially depricated, and as of June 2015 SSL3 and SSL2 was depricated. Use of either protocol is not recomended

Chain of certificates

3 of 3 - End-Entity
*.badssl.com


Certificat:
*.badssl.com

Issued by:
COMODO RSA Domain Validation Secure Server CA, COMODO CA Limited, GB

Valid:
From 08-04-2015 to 12-04-2015

Verification:
The certificate is expired (NotTimeValid)
 

SAN's:
*.badssl.com
badssl.com

Key:
RSA, 2048 bit
Signature algorithm:
sha256RSA

Serial:
4AE79549FA9ABE3F100F17A478E16909

PEM format:

2 of 3 - Intermediate
COMODO RSA Domain Validation Secure Server CA


Certificat:
COMODO RSA Domain Validation Secure Server CA, COMODO CA Limited, GB

Issued by:
COMODO RSA Certification Authority, COMODO CA Limited, GB

Valid:
From 11-02-2014 to 11-02-2029

Verification:
Certificate is verified okay

Key:
RSA, 2048 bit
Signature algorithm:
sha384RSA

Serial:
2B2E6EEAD975366C148A6EDBA37C8C07

PEM format:

1 of 3 - Root certificate
COMODO RSA Certification Authority


Certificat:
COMODO RSA Certification Authority, COMODO CA Limited, GB

Issued by:
COMODO RSA Certification Authority, COMODO CA Limited, GB

Valid:
From 18-01-2010 to 18-01-2038

Verification:
Certificate is verified okay

Key:
RSA, 4096 bit
Signature algorithm:
sha384RSA

Serial:
4CAAF9CADB636FE01FF74ED85B03869D

PEM format:

Root Store trust


Root Certificat:
COMODO RSA Certification Authority
Issued by:
Sectigo

Root Store trust:
The root certificte is trustet by ALL major trusted root certificate stores

Microsoft:
Root Certificate is fully trusted by Microsoft (Windows)

Apple:
Root Certificate is fully is trusted by Apple (iOS, iPadOS, macOS)

Android:
Root Certificate is fully is trusted by Android

API

You may perform this lookup using the API and get the results as easy-to-parse JSON data.

Read more on the API at https://iamroot.tech/about/api (regarding authentication and rate limits, among other things), or give it a go right away using the 'try it' button.

 
GET
https://iamroot.tech/ssl-certificate-check/api/?host=expired.badssl.com copy try it
 

Log

088+088
  • Host 'expired.badssl.com' resolved in 87ms
088+000
  • Check protocols
088+000
  • Start SSL 2.0 protocol check, expired.badssl.com, port 443
088+000
  • Start TLS 1.3 protocol check, expired.badssl.com, port 443
088+000
  • Start TLS 1.1 protocol check, expired.badssl.com, port 443
088+000
  • Start TLS 1.0 protocol check, expired.badssl.com, port 443
088+000
  • Start SSL 3.0 protocol check, expired.badssl.com, port 443
088+000
  • Start TLS 1.2 protocol check, expired.badssl.com, port 443
119+031
  • Protocol check of SSL 3.0 done in 30ms - failed
    Unable to authenticate connection using SSL 3.0
119+031
  • Protocol check of SSL 2.0 done in 31ms - failed
    Unable to authenticate connection using SSL 2.0
151+063
  • Protocol check of TLS 1.3 done in 62ms - failed
    Unable to authenticate connection using TLS 1.3
186+098
  • Protocol check of TLS 1.0 done in 97ms - all good
186+098
  • Protocol check of TLS 1.2 done in 97ms - all good
186+098
  • Protocol check of TLS 1.1 done in 98ms - all good
186+067
  • TLS 1.2 is supported
    It is noticable, that TLS 1.3 is not supported. Please consider disableing TLS 1.1, 1.0, SSL3 and SSL2 - as of March 2021, TLS 1.1 and 1.0 was oficially depricated, and as of June 2015 SSL3 and SSL2 was depricated. Use of either protocol is not recomended
186+000
  • Done
186+000
  • Check certificate
186+000
  • Load and verify chain of certificates
391+204
  • Full chain of certificates has been loaded and verified in 204ms.
391+000
  • ERREnd-Entity certificate verification error
    Certificat '*.badssl.com' FAILED the verification
391+000
  • Host 'expired.badssl.com' is matching Subject/SAN '*.badssl.com' of certificate. All good!
391+000
  • Intermediate certificate verification success
    Certificat 'COMODO RSA Domain Validation Secure Server CA' SUCCEDED the verification.
391+000
  • Root certificate verification success
    Certificat 'COMODO RSA Certification Authority' SUCCEDED the verification.
391+000
  • Check root store status of root certificate
392+001
  • Trustet by all major trusted root certificate stores
    The root certificte is trustet by ALL major trusted root certificate stores
392+000
  • Done
392+000
  • Done
392+000
  • Done