TLS/SSL certificate check


Port to connect on:
Secure HTTP / HTTPS - port 443 Secured SMTP - port 465 Secured IMAP - port 993 Secured POP3 - port 995

TLS/SSL check of 'self-signed.badssl.com'

Self-signed certificate

Please note, that most self-signed certificates is not trusted by anyone. Using such a certificate will most likely raise all kinds of errors, issues and so forth.

No trust!

The root certificte is NOT trusted by ANY known root certificate store!

Summary


Host:
self-signed.badssl.com, 104.154.89.105, port 443


Protocols:
All good
 3 supported protocols: TLS 1.2, TLS 1.1, TLS 1.0


Certificate:
Failed
 Root store: No trust (root certificate '*.badssl.com' is not trusted by any main root certificate stores!)

Protocol support



Protocol support:
TLS 1.3
No support
TLS 1.2
Supported
TLS 1.1
Supported
TLS 1.0
Supported
SSL 3.0
No support
SSL 2.0
No support

Verification:
TLS 1.2 is supported
 
It is noticable, that TLS 1.3 is not supported. Please consider disableing TLS 1.1, 1.0, SSL3 and SSL2 - as of March 2021, TLS 1.1 and 1.0 was oficially depricated, and as of June 2015 SSL3 and SSL2 was depricated. Use of either protocol is not recomended

Chain of certificates

1 of 1 - Self-signed certificate
*.badssl.com

Certificat:
*.badssl.com, US

Issued by:
*.badssl.com, US

Valid:
From 21-02-2024 to 20-02-2026

Verification:
Certificate is verified okay

SAN's:
*.badssl.com
badssl.com

Key:
RSA, 2048 bit
Signature algorithm:
sha256RSA

Serial:
00CD96E1DC95899CB2

PEM format:
Click to see certificate as PEM (modal)

Root Store trust


Root Store trust:
The root certificte is NOT trusted by ANY known root certificate store!

Microsoft:
Root Certificate is NOT trusted by Microsoft (Windows)

Apple:
Root Certificate is NOT trusted by Apple (iOS, iPadOS, macOS)

Android:
Root Certificate is NOT trusted by Android

API

You may perform this lookup using the API and get the results as easy-to-parse JSON data.

Read more on the API at https://iamroot.tech/about/api (regarding authentication and rate limits, among other things), or give it a go right away using the 'try it' button.

 
GET
 https://iamroot.tech/ssl-certificate-check/api/?host=https%3a%2f%2fself-signed.badssl.com%2f copy try it
 

Log

095+095
  • Host 'self-signed.badssl.com' resolved in 94ms
095+000
  • Check protocols
095+000
  • Start SSL 2.0 protocol check, self-signed.badssl.com, port 443
095+000
  • Start TLS 1.2 protocol check, self-signed.badssl.com, port 443
095+000
  • Start TLS 1.3 protocol check, self-signed.badssl.com, port 443
095+000
  • Start TLS 1.0 protocol check, self-signed.badssl.com, port 443
096+000
  • Start SSL 3.0 protocol check, self-signed.badssl.com, port 443
096+000
  • Start TLS 1.1 protocol check, self-signed.badssl.com, port 443
127+031
  • Protocol check of SSL 3.0 done in 31ms - failed
    Unable to authenticate connection using SSL 3.0
127+032
  • Protocol check of SSL 2.0 done in 31ms - failed
    Unable to authenticate connection using SSL 2.0
158+063
  • Protocol check of TLS 1.3 done in 62ms - failed
    Unable to authenticate connection using TLS 1.3
187+092
  • Protocol check of TLS 1.2 done in 92ms - all good
188+092
  • Protocol check of TLS 1.0 done in 92ms - all good
189+093
  • Protocol check of TLS 1.1 done in 93ms - all good
189+062
  • TLS 1.2 is supported
    It is noticable, that TLS 1.3 is not supported. Please consider disableing TLS 1.1, 1.0, SSL3 and SSL2 - as of March 2021, TLS 1.1 and 1.0 was oficially depricated, and as of June 2015 SSL3 and SSL2 was depricated. Use of either protocol is not recomended
189+000
  • Done
189+000
  • Check certificate
189+000
  • Load and verify chain of certificates
191+002
  • Full chain of certificates has been loaded and verified in 2ms.
191+000
  • WRNSelf-signed certificate
    Please note, that most self-signed certificates is not trusted by anyone. Using such a certificate will most likely raise all kinds of errors, issues and so forth.
191+000
  • Self-signed certificate verification success
    Certificat '*.badssl.com' SUCCEDED the verification.
191+000
  • Host 'self-signed.badssl.com' is matching Subject/SAN '*.badssl.com' of certificate. All good!
191+000
  • Check root store status of root certificate
196+004
  • ERRNo trust!
    The root certificte is NOT trusted by ANY known root certificate store!
196+000
  • Done
196+000
  • Done
196+000
  • Done