Scanning Engine v2 - Module - SSL Simple¶
Overview¶
This module makes a single connection to the target on the requested ports, and reports as much information as it can extract from the TLS/DTLS ServerHello response. This information should include the negotiated protocol version, ciphersuite, and any certificates that were received.
Targeting¶
TLS and DTLS support the Server Name Indication (SNI) extension, which allows a client to specify the DNS hostname it is trying to contact as part of the ClientHello request. Servers frequently use that hostname to alter their configuration choices for the session, notably switching the X.509 certificates returned to the client. This means that passing different hostnames in an SNI extension can result in different results when scanning the same service on the same host. This module ensures that the SNI extension is set to reflect the hostname given, to ensure the result matches the hostname.
JA3¶
This module produces fields labeled ja3_*, which are confusingly-named for historical reasons. These fields actually contain JA3S (server) values as opposed to JA3 (client) values. These values can be used to fingerprint TLS/DTLS services. Users should be note that all the fields that comprise a JA3S value are dependent upon the values the client sent (negotiated protocol version, ciphersuite, and extensions) meaning that different clients with different options will each generate different JA3S values.
A limitation of our implementation of JA3S is that we do not carefully track SNI values, since that would require tracking of TLS/DTLS streams while sniffing packets. As a consequence of this deficiency, the JA3S included in this module's results is calculated using the first ServerHello packet for a given service. That means if a service switches its configuration, beyond choosing a new certificate chain, based on an SNI value, we will erroneously use a single JA3S value for all results produced from that service. This is rarely a problem in practice.
Configuration¶
Only the publicly-available configuration keys that can be set in a job's module invocations will be described below. Additional configuration keys may exist, but not be shown here because they are restricted to specific users or because they are permanently set as a static value. If no keys have (required) after their names then invocations of this module need not contain a config key.
Named Keys¶
addresses-only¶
Discard hostnames once they are resolved to addresses.
- Type: boolean
blocklist-files (required)¶
File of addresses, hostnames, and CIDR blocks that are blocked.
- Type: list(string)
connect-timeout¶
Maximum timeout in seconds.
- Type: float
- Default:
10.0
debug¶
Run module with a debugging configuration.
- Type: boolean
ja3¶
JA3 sniffing is on by default, but can be disabled.
- Type: boolean
- Default:
True
max-v4¶
Maximum number of resolved IPv4 addresses to use.
- Type: integer
max-v6¶
Maximum number of resolved IPv6 addresses to use.
- Type: integer
request-timeout¶
Maximum timeout for each DNS request. (e.g., '10m', '1h', '1s', '1h10m')
- Type: string
resolution-timeout¶
Maximum timeout for DNS resolution of each target. (e.g., '10m', '1h', '1s', '1h10m')
- Type: string
resolver-address¶
Custom DNS resolver address to use.
- Type: string
resolver-concurrency¶
Number of concurrent goroutines to use when resolving targets.
- Type: integer
single-address¶
Use a single address from the DNS resolution.
- Type: boolean
targeting-timeout¶
Maximum duration allowed for parsing and resolving all targets. (e.g., '10m', '1h', '1s', '1h10m')
- Type: string
temporary-directory¶
Place the per-execution temporary directory path in the environment.
- Type: string
workers¶
Number of workers (threads) to run.
- Type: integer
- Default:
10
Schemas¶
The schema for the body object of all results generated with .task.module_name equal to ssl-simple can be found here. The schema for results is available both in standalone and bundled form.
Examples¶
These are examples of the .body object for results with .task.module_name equal to ssl-simple.
TLS with GitHub¶
This example was generated with the GitHub website.
{
"server_info": {
"hostname": "github.com",
"ip_address": "140.82.113.3",
"port": 443,
"highest_ssl_version_supported": "TLSv1.2",
"openssl_cipher_string_supported": "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
"ja3": "771,49195,65281-0",
"ja3_digest": "b524d0b73fe47a71a66e9cedfd641df0"
},
"cert_info": {
"certificate_chain": [
{
"as_pem": "-----BEGIN CERTIFICATE-----\nMIIEozCCBEmgAwIBAgIQTij3hrZsGjuULNLEDrdCpTAKBggqhkjOPQQDAjCBjzELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTcwNQYDVQQDEy5TZWN0aWdvIEVDQyBEb21haW4gVmFsaWRhdGlvbiBTZWN1cmUgU2VydmVyIENBMB4XDTI0MDMwNzAwMDAwMFoXDTI1MDMwNzIzNTk1OVowFTETMBEGA1UEAxMKZ2l0aHViLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABARO/Ho9XdkY1qh9mAgjOUkWmXTb05jgRulKciMVBuKB3ZHexvCdyoiCRHEMBfFXoZhWkQVMogNLo/lW215X3pGjggL+MIIC+jAfBgNVHSMEGDAWgBT2hQo7EYbhBH0Oqgss0u7MZHt7rjAdBgNVHQ4EFgQUO2g/NDr1RzTK76ZOPZq9Xm56zJ8wDgYDVR0PAQH/BAQDAgeAMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMEkGA1UdIARCMEAwNAYLKwYBBAGyMQECAgcwJTAjBggrBgEFBQcCARYXaHR0cHM6Ly9zZWN0aWdvLmNvbS9DUFMwCAYGZ4EMAQIBMIGEBggrBgEFBQcBAQR4MHYwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9jcnQuc2VjdGlnby5jb20vU2VjdGlnb0VDQ0RvbWFpblZhbGlkYXRpb25TZWN1cmVTZXJ2ZXJDQS5jcnQwIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLnNlY3RpZ28uY29tMIIBgAYKKwYBBAHWeQIEAgSCAXAEggFsAWoAdwDPEVbu1S58r/OHW9lpLpvpGnFnSrAX7KwB0lt3zsw7CAAAAY4WOvAZAAAEAwBIMEYCIQD7oNz/2oO8VGaWWrqrsBQBzQH0hRhMLm11oeMpg1fNawIhAKWc0q7Z+mxDVYV/6ov7f/i0H/aAcHSCIi/QJcECraOpAHYAouMK5EXvva2bfjjtR2d3U9eCW4SU1yteGyzEuVCkR+cAAAGOFjrv+AAABAMARzBFAiEAyupEIVAMk0c8BVVpF0QbisfoEwy5xJQKQOe8EvMU4W8CIGAIIuzjxBFlHpkqcsa7UZy24y/B6xZnktUw/Ne5q5hCAHcATnWjJ1yaEMM4W2zU3z9S6x3w4I4bjWnAsfpksWKaOd8AAAGOFjrv9wAABAMASDBGAiEA+8OvQzpgRf31uLBsCE8ktCUfvsiRT7zWSqeXliA09TUCIQDcB7Xn97aEDMBKXIbdm5KZ9GjvRyoF9skD5/4GneoMWzAlBgNVHREEHjAcggpnaXRodWIuY29tgg53d3cuZ2l0aHViLmNvbTAKBggqhkjOPQQDAgNIADBFAiEAru2McPr0eNwcWNuDEY0a/rGzXRfRrm+6XfZeSzhYZewCIBq4TUEBCgapv7xvAtRKdVdi/b4m36Uyej1ggyJsiesA\n-----END CERTIFICATE-----\n",
"sha1_fingerprint": "e7:03:5b:cc:1c:18:77:1f:79:2f:90:86:6b:6c:1d:f8:df:aa:bd:c0",
"sha256_fingerprint": "fd:6e:9b:0e:f3:98:bc:d9:04:c3:b2:ec:16:7a:7b:0f:da:72:01:c9:03:c5:3a:6a:6a:e5:d0:41:43:63:ef:65",
"as_dict": {
"signature_algorithm": "sha256_ecdsa",
"signature_value": "30:45:02:21:00:ae:ed:8c:70:fa:f4:78:dc:1c:58:db:83:11:8d:1a:fe:b1:b3:5d:17:d1:ae:6f:ba:5d:f6:5e:4b:38:58:65:ec:02:20:1a:b8:4d:41:01:0a:06:a9:bf:bc:6f:02:d4:4a:75:57:62:fd:be:26:df:a5:32:7a:3d:60:83:22:6c:89:eb:00",
"issuer": {
"country_name": "GB",
"state_or_province_name": "Greater Manchester",
"locality_name": "Salford",
"organization_name": "Sectigo Limited",
"common_name": "Sectigo ECC Domain Validation Secure Server CA",
"distinguished_name": "Common Name: Sectigo ECC Domain Validation Secure Server CA, Organization: Sectigo Limited, Locality: Salford, State/Province: Greater Manchester, Country: GB"
},
"subject": {
"common_name": "github.com",
"distinguished_name": "Common Name: github.com"
},
"validity": {
"not_after": "2025-03-07T23:59:59+00:00",
"not_before": "2024-03-07T00:00:00+00:00"
},
"serial_number": "103892495973767669722220901035501109925",
"version": "v3",
"public_key_info": {
"algorithm": "ec",
"curve": "secp256r1",
"public_key": "04:04:4e:fc:7a:3d:5d:d9:18:d6:a8:7d:98:08:23:39:49:16:99:74:db:d3:98:e0:46:e9:4a:72:23:15:06:e2:81:dd:91:de:c6:f0:9d:ca:88:82:44:71:0c:05:f1:57:a1:98:56:91:05:4c:a2:03:4b:a3:f9:56:db:5e:57:de:91",
"key_size": 256,
"sha256_fingerprint": "1a:cf:9d:4f:d9:14:0b:5e:e7:0d:86:57:1f:9d:a6:2b:31:a7:95:45:3f:43:99:92:d1:4a:ee:4d:05:b7:1f:45"
},
"extensions": {
"authority_key_identifier": {
"key_identifier": "f6:85:0a:3b:11:86:e1:04:7d:0e:aa:0b:2c:d2:ee:cc:64:7b:7b:ae"
},
"key_identifier": "3b:68:3f:34:3a:f5:47:34:ca:ef:a6:4e:3d:9a:bd:5e:6e:7a:cc:9f",
"key_usage": [
"digital_signature"
],
"basic_constraints": "",
"extended_key_usage": [
"server_auth",
"client_auth"
],
"certificate_policies": [
{
"policy_identifier": "1.3.6.1.4.1.6449.1.2.2.7",
"policy_qualifiers": [
{
"policy_qualifier_id": "certification_practice_statement",
"qualifier": "https://sectigo.com/CPS"
}
]
},
{
"policy_identifier": "2.23.140.1.2.1"
}
],
"authority_information_access": [
{
"access_method": "ca_issuers",
"access_location": "http://crt.sectigo.com/SectigoECCDomainValidationSecureServerCA.crt"
},
{
"access_method": "ocsp",
"access_location": "http://ocsp.sectigo.com"
}
],
"signed_certificate_timestamp_list": {
"packed": "01:6a:00:77:00:cf:11:56:ee:d5:2e:7c:af:f3:87:5b:d9:69:2e:9b:e9:1a:71:67:4a:b0:17:ec:ac:01:d2:5b:77:ce:cc:3b:08:00:00:01:8e:16:3a:f0:19:00:00:04:03:00:48:30:46:02:21:00:fb:a0:dc:ff:da:83:bc:54:66:96:5a:ba:ab:b0:14:01:cd:01:f4:85:18:4c:2e:6d:75:a1:e3:29:83:57:cd:6b:02:21:00:a5:9c:d2:ae:d9:fa:6c:43:55:85:7f:ea:8b:fb:7f:f8:b4:1f:f6:80:70:74:82:22:2f:d0:25:c1:02:ad:a3:a9:00:76:00:a2:e3:0a:e4:45:ef:bd:ad:9b:7e:38:ed:47:67:77:53:d7:82:5b:84:94:d7:2b:5e:1b:2c:c4:b9:50:a4:47:e7:00:00:01:8e:16:3a:ef:f8:00:00:04:03:00:47:30:45:02:21:00:ca:ea:44:21:50:0c:93:47:3c:05:55:69:17:44:1b:8a:c7:e8:13:0c:b9:c4:94:0a:40:e7:bc:12:f3:14:e1:6f:02:20:60:08:22:ec:e3:c4:11:65:1e:99:2a:72:c6:bb:51:9c:b6:e3:2f:c1:eb:16:67:92:d5:30:fc:d7:b9:ab:98:42:00:77:00:4e:75:a3:27:5c:9a:10:c3:38:5b:6c:d4:df:3f:52:eb:1d:f0:e0:8e:1b:8d:69:c0:b1:fa:64:b1:62:9a:39:df:00:00:01:8e:16:3a:ef:f7:00:00:04:03:00:48:30:46:02:21:00:fb:c3:af:43:3a:60:45:fd:f5:b8:b0:6c:08:4f:24:b4:25:1f:be:c8:91:4f:bc:d6:4a:a7:97:96:20:34:f5:35:02:21:00:dc:07:b5:e7:f7:b6:84:0c:c0:4a:5c:86:dd:9b:92:99:f4:68:ef:47:2a:05:f6:c9:03:e7:fe:06:9d:ea:0c:5b",
"unpacked": [
{
"version": "v1",
"log_id": "cf:11:56:ee:d5:2e:7c:af:f3:87:5b:d9:69:2e:9b:e9:1a:71:67:4a:b0:17:ec:ac:01:d2:5b:77:ce:cc:3b:08",
"timestamp": "2024-03-07T00:05:45.113000",
"signature_algorithm": "sha256_ecdsa",
"signature": "30:46:02:21:00:fb:a0:dc:ff:da:83:bc:54:66:96:5a:ba:ab:b0:14:01:cd:01:f4:85:18:4c:2e:6d:75:a1:e3:29:83:57:cd:6b:02:21:00:a5:9c:d2:ae:d9:fa:6c:43:55:85:7f:ea:8b:fb:7f:f8:b4:1f:f6:80:70:74:82:22:2f:d0:25:c1:02:ad:a3:a9"
},
{
"version": "v1",
"log_id": "a2:e3:0a:e4:45:ef:bd:ad:9b:7e:38:ed:47:67:77:53:d7:82:5b:84:94:d7:2b:5e:1b:2c:c4:b9:50:a4:47:e7",
"timestamp": "2024-03-07T00:05:45.080000",
"signature_algorithm": "sha256_ecdsa",
"signature": "30:45:02:21:00:ca:ea:44:21:50:0c:93:47:3c:05:55:69:17:44:1b:8a:c7:e8:13:0c:b9:c4:94:0a:40:e7:bc:12:f3:14:e1:6f:02:20:60:08:22:ec:e3:c4:11:65:1e:99:2a:72:c6:bb:51:9c:b6:e3:2f:c1:eb:16:67:92:d5:30:fc:d7:b9:ab:98:42"
},
{
"version": "v1",
"log_id": "4e:75:a3:27:5c:9a:10:c3:38:5b:6c:d4:df:3f:52:eb:1d:f0:e0:8e:1b:8d:69:c0:b1:fa:64:b1:62:9a:39:df",
"timestamp": "2024-03-07T00:05:45.079000",
"signature_algorithm": "sha256_ecdsa",
"signature": "30:46:02:21:00:fb:c3:af:43:3a:60:45:fd:f5:b8:b0:6c:08:4f:24:b4:25:1f:be:c8:91:4f:bc:d6:4a:a7:97:96:20:34:f5:35:02:21:00:dc:07:b5:e7:f7:b6:84:0c:c0:4a:5c:86:dd:9b:92:99:f4:68:ef:47:2a:05:f6:c9:03:e7:fe:06:9d:ea:0c:5b"
}
]
},
"subject_alt_name": [
"github.com",
"www.github.com"
]
},
"self_signed": false,
"self_issued": false
},
"spki_subject_fingerprint": "ba:a7:15:55:f9:c3:a0:b3:e7:39:65:99:a9:21:be:a2:64:55:78:fd:eb:89:1b:ac:fc:51:d8:97:94:12:2a:d9"
},
{
"as_pem": "-----BEGIN CERTIFICATE-----\nMIIDqDCCAy6gAwIBAgIRAPNkTmtuAFAjfglGvXvh9R0wCgYIKoZIzj0EAwMwgYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5MRQwEgYDVQQHEwtKZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMS4wLAYDVQQDEyVVU0VSVHJ1c3QgRUNDIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTE4MTEwMjAwMDAwMFoXDTMwMTIzMTIzNTk1OVowgY8xCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGDAWBgNVBAoTD1NlY3RpZ28gTGltaXRlZDE3MDUGA1UEAxMuU2VjdGlnbyBFQ0MgRG9tYWluIFZhbGlkYXRpb24gU2VjdXJlIFNlcnZlciBDQTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABHkYk8qfbZ5sVwAjBTcLXw9YWsTef1Wj6R7W2SUKiKAgSh16TwUwimNJE4xkIQeV/To14UrOkPAY9z2vaKb71EijggFuMIIBajAfBgNVHSMEGDAWgBQ64QmG1M8ZwpZ2dEl23OA1xmNjmjAdBgNVHQ4EFgQU9oUKOxGG4QR9DqoLLNLuzGR7e64wDgYDVR0PAQH/BAQDAgGGMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBsGA1UdIAQUMBIwBgYEVR0gADAIBgZngQwBAgEwUAYDVR0fBEkwRzBFoEOgQYY/aHR0cDovL2NybC51c2VydHJ1c3QuY29tL1VTRVJUcnVzdEVDQ0NlcnRpZmljYXRpb25BdXRob3JpdHkuY3JsMHYGCCsGAQUFBwEBBGowaDA/BggrBgEFBQcwAoYzaHR0cDovL2NydC51c2VydHJ1c3QuY29tL1VTRVJUcnVzdEVDQ0FkZFRydXN0Q0EuY3J0MCUGCCsGAQUFBzABhhlodHRwOi8vb2NzcC51c2VydHJ1c3QuY29tMAoGCCqGSM49BAMDA2gAMGUCMEvnx3FcsVwJbZpCYF9z6fDWJtS1UVRscS0chWBNKPFNpvDKdrdKRe+oAkr2jU+ubgIxAODheSr2XhcA7oz9HmedGdMhlrd94ToKFbZl+/OnFFzqnvOhcjHvClECEQcKmc8fmA==\n-----END CERTIFICATE-----\n",
"sha1_fingerprint": "e8:49:90:cb:9b:f8:e3:ab:0b:ca:e8:a6:49:cb:30:fe:4d:c4:d7:67",
"sha256_fingerprint": "61:e9:73:75:e9:f6:da:98:2f:f5:c1:9e:2f:94:e6:6c:4e:35:b6:83:7c:e3:b9:14:d2:24:5c:7f:5f:65:82:5f",
"as_dict": {
"signature_algorithm": "sha384_ecdsa",
"signature_value": "30:65:02:30:4b:e7:c7:71:5c:b1:5c:09:6d:9a:42:60:5f:73:e9:f0:d6:26:d4:b5:51:54:6c:71:2d:1c:85:60:4d:28:f1:4d:a6:f0:ca:76:b7:4a:45:ef:a8:02:4a:f6:8d:4f:ae:6e:02:31:00:e0:e1:79:2a:f6:5e:17:00:ee:8c:fd:1e:67:9d:19:d3:21:96:b7:7d:e1:3a:0a:15:b6:65:fb:f3:a7:14:5c:ea:9e:f3:a1:72:31:ef:0a:51:02:11:07:0a:99:cf:1f:98",
"issuer": {
"country_name": "US",
"state_or_province_name": "New Jersey",
"locality_name": "Jersey City",
"organization_name": "The USERTRUST Network",
"common_name": "USERTrust ECC Certification Authority",
"distinguished_name": "Common Name: USERTrust ECC Certification Authority, Organization: The USERTRUST Network, Locality: Jersey City, State/Province: New Jersey, Country: US"
},
"subject": {
"country_name": "GB",
"state_or_province_name": "Greater Manchester",
"locality_name": "Salford",
"organization_name": "Sectigo Limited",
"common_name": "Sectigo ECC Domain Validation Secure Server CA",
"distinguished_name": "Common Name: Sectigo ECC Domain Validation Secure Server CA, Organization: Sectigo Limited, Locality: Salford, State/Province: Greater Manchester, Country: GB"
},
"validity": {
"not_after": "2030-12-31T23:59:59+00:00",
"not_before": "2018-11-02T00:00:00+00:00"
},
"serial_number": "323523223200994243259439853290236540189",
"version": "v3",
"public_key_info": {
"algorithm": "ec",
"curve": "secp256r1",
"public_key": "04:79:18:93:ca:9f:6d:9e:6c:57:00:23:05:37:0b:5f:0f:58:5a:c4:de:7f:55:a3:e9:1e:d6:d9:25:0a:88:a0:20:4a:1d:7a:4f:05:30:8a:63:49:13:8c:64:21:07:95:fd:3a:35:e1:4a:ce:90:f0:18:f7:3d:af:68:a6:fb:d4:48",
"key_size": 256,
"sha256_fingerprint": "e9:80:44:f2:42:b8:77:92:75:aa:ed:70:12:3c:a8:2a:ac:c4:22:fc:91:63:91:f2:33:f3:41:db:02:9d:71:9a"
},
"extensions": {
"authority_key_identifier": {
"key_identifier": "3a:e1:09:86:d4:cf:19:c2:96:76:74:49:76:dc:e0:35:c6:63:63:9a"
},
"key_identifier": "f6:85:0a:3b:11:86:e1:04:7d:0e:aa:0b:2c:d2:ee:cc:64:7b:7b:ae",
"key_usage": [
"crl_sign",
"digital_signature",
"key_cert_sign"
],
"basic_constraints": {
"ca": true
},
"extended_key_usage": [
"server_auth",
"client_auth"
],
"certificate_policies": [
{
"policy_identifier": "any_policy"
},
{
"policy_identifier": "2.23.140.1.2.1"
}
],
"crl_distribution_points": [
{
"distribution_point": [
"http://crl.usertrust.com/USERTrustECCCertificationAuthority.crl"
]
}
],
"authority_information_access": [
{
"access_method": "ca_issuers",
"access_location": "http://crt.usertrust.com/USERTrustECCAddTrustCA.crt"
},
{
"access_method": "ocsp",
"access_location": "http://ocsp.usertrust.com"
}
]
},
"self_signed": false,
"self_issued": false
},
"spki_subject_fingerprint": "3c:66:2a:a9:24:f9:85:6d:b6:04:e7:ca:79:41:1e:8f:4b:a5:04:c9:08:fd:cd:ee:7e:6d:49:0c:d0:39:e0:78"
},
{
"as_pem": "-----BEGIN CERTIFICATE-----\nMIID0zCCArugAwIBAgIQVmcdBOpPmUxvEIFHWdJ1lDANBgkqhkiG9w0BAQwFADB7MQswCQYDVQQGEwJHQjEbMBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRowGAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UEAwwYQUFBIENlcnRpZmljYXRlIFNlcnZpY2VzMB4XDTE5MDMxMjAwMDAwMFoXDTI4MTIzMTIzNTk1OVowgYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5MRQwEgYDVQQHEwtKZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMS4wLAYDVQQDEyVVU0VSVHJ1c3QgRUNDIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEGqxUWqn5aCPnetUkb1PGWthLq8bVttHmc3Gu3ZzWDGH926CJA7gFFOxXzu5dP+Ihs8731Ip54KODfi2X0GHE8ZncJZFjq38wo7Rw4sehM5zzvy5cU7Ffs30yf4o043l5o4HyMIHvMB8GA1UdIwQYMBaAFKARCiM+lvEH7OKvKe+CpX/QMKS0MB0GA1UdDgQWBBQ64QmG1M8ZwpZ2dEl23OA1xmNjmjAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zARBgNVHSAECjAIMAYGBFUdIAAwQwYDVR0fBDwwOjA4oDagNIYyaHR0cDovL2NybC5jb21vZG9jYS5jb20vQUFBQ2VydGlmaWNhdGVTZXJ2aWNlcy5jcmwwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wDQYJKoZIhvcNAQEMBQADggEBABns652JLCALBIAdGN5CmXKZFjK9Dpx1WywV4ilAbe7/ctvbq5AfjJXyij0IckKJUAfiORVsAYfZFhr1wHUrxeZWEQff2Ji8fJ8ZOd+LygBkc7xGEJuTI42+FsMuCIKchjN0djsoTI0DQoWz4rIjQtUfenVqGtF8qmchxDM6OW1TyaLtYiKou+JVbJlsQ2uRl9EMC5MCHdK8aXdJ5htN978UeAOwproLtOGFfy/cQjutdAFI3tZs4RmYCV4Ks2dH/hzg1cEo70qLRDEmBDeNiXQ2Lu+lIg+DdEmSx/cQwgwp+7e9un/jX9Wf8qn0dNW44bOwgeThpWOjzOoEeJBuv/c=\n-----END CERTIFICATE-----\n",
"sha1_fingerprint": "ca:77:88:c3:2d:a1:e4:b7:86:3a:4f:b5:7d:00:b5:5d:da:cb:c7:f9",
"sha256_fingerprint": "a6:cf:64:db:b4:c8:d5:fd:19:ce:48:89:60:68:db:03:b5:33:a8:d1:33:6c:62:56:a8:7d:00:cb:b3:de:f3:ea",
"as_dict": {
"signature_algorithm": "sha384_rsa",
"signature_value": "19:ec:eb:9d:89:2c:20:0b:04:80:1d:18:de:42:99:72:99:16:32:bd:0e:9c:75:5b:2c:15:e2:29:40:6d:ee:ff:72:db:db:ab:90:1f:8c:95:f2:8a:3d:08:72:42:89:50:07:e2:39:15:6c:01:87:d9:16:1a:f5:c0:75:2b:c5:e6:56:11:07:df:d8:98:bc:7c:9f:19:39:df:8b:ca:00:64:73:bc:46:10:9b:93:23:8d:be:16:c3:2e:08:82:9c:86:33:74:76:3b:28:4c:8d:03:42:85:b3:e2:b2:23:42:d5:1f:7a:75:6a:1a:d1:7c:aa:67:21:c4:33:3a:39:6d:53:c9:a2:ed:62:22:a8:bb:e2:55:6c:99:6c:43:6b:91:97:d1:0c:0b:93:02:1d:d2:bc:69:77:49:e6:1b:4d:f7:bf:14:78:03:b0:a6:ba:0b:b4:e1:85:7f:2f:dc:42:3b:ad:74:01:48:de:d6:6c:e1:19:98:09:5e:0a:b3:67:47:fe:1c:e0:d5:c1:28:ef:4a:8b:44:31:26:04:37:8d:89:74:36:2e:ef:a5:22:0f:83:74:49:92:c7:f7:10:c2:0c:29:fb:b7:bd:ba:7f:e3:5f:d5:9f:f2:a9:f4:74:d5:b8:e1:b3:b0:81:e4:e1:a5:63:a3:cc:ea:04:78:90:6e:bf:f7",
"issuer": {
"country_name": "GB",
"state_or_province_name": "Greater Manchester",
"locality_name": "Salford",
"organization_name": "Comodo CA Limited",
"common_name": "AAA Certificate Services",
"distinguished_name": "Common Name: AAA Certificate Services, Organization: Comodo CA Limited, Locality: Salford, State/Province: Greater Manchester, Country: GB"
},
"subject": {
"country_name": "US",
"state_or_province_name": "New Jersey",
"locality_name": "Jersey City",
"organization_name": "The USERTRUST Network",
"common_name": "USERTrust ECC Certification Authority",
"distinguished_name": "Common Name: USERTrust ECC Certification Authority, Organization: The USERTRUST Network, Locality: Jersey City, State/Province: New Jersey, Country: US"
},
"validity": {
"not_after": "2028-12-31T23:59:59+00:00",
"not_before": "2019-03-12T00:00:00+00:00"
},
"serial_number": "114849002793238729640937462275813569940",
"version": "v3",
"public_key_info": {
"algorithm": "ec",
"curve": "secp384r1",
"public_key": "04:1a:ac:54:5a:a9:f9:68:23:e7:7a:d5:24:6f:53:c6:5a:d8:4b:ab:c6:d5:b6:d1:e6:73:71:ae:dd:9c:d6:0c:61:fd:db:a0:89:03:b8:05:14:ec:57:ce:ee:5d:3f:e2:21:b3:ce:f7:d4:8a:79:e0:a3:83:7e:2d:97:d0:61:c4:f1:99:dc:25:91:63:ab:7f:30:a3:b4:70:e2:c7:a1:33:9c:f3:bf:2e:5c:53:b1:5f:b3:7d:32:7f:8a:34:e3:79:79",
"key_size": 384,
"sha256_fingerprint": "20:21:91:7e:98:26:39:45:c8:59:c4:3f:1d:73:cb:41:39:05:3c:41:4f:a0:3c:a3:bc:7e:e8:86:14:29:8f:3b"
},
"extensions": {
"authority_key_identifier": {
"key_identifier": "a0:11:0a:23:3e:96:f1:07:ec:e2:af:29:ef:82:a5:7f:d0:30:a4:b4"
},
"key_identifier": "3a:e1:09:86:d4:cf:19:c2:96:76:74:49:76:dc:e0:35:c6:63:63:9a",
"key_usage": [
"crl_sign",
"digital_signature",
"key_cert_sign"
],
"basic_constraints": {
"ca": true
},
"certificate_policies": [
{
"policy_identifier": "any_policy"
}
],
"crl_distribution_points": [
{
"distribution_point": [
"http://crl.comodoca.com/AAACertificateServices.crl"
]
}
],
"authority_information_access": [
{
"access_method": "ocsp",
"access_location": "http://ocsp.comodoca.com"
}
]
},
"self_signed": false,
"self_issued": false
},
"spki_subject_fingerprint": "64:fb:e2:39:57:ea:06:2f:d5:71:59:be:44:c0:a5:8f:f5:79:d1:0d:06:7c:3f:81:33:45:12:f7:06:ba:08:cf"
}
]
}
}
TLS with Google¶
This example was generated with the Google website.
{
"server_info": {
"hostname": "google.com",
"ip_address": "142.251.33.174",
"port": 443,
"highest_ssl_version_supported": "TLSv1.2",
"openssl_cipher_string_supported": "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
"ja3": "771,49195,65281",
"ja3_digest": "5cbdf35d43faf9cfc331165209343f05"
},
"cert_info": {
"certificate_chain": [
{
"as_pem": "-----BEGIN CERTIFICATE-----\nMIIODDCCDPSgAwIBAgIQcY34pNFIingJzO0nEH2BhDANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJVUzEeMBwGA1UEChMVR29vZ2xlIFRydXN0IFNlcnZpY2VzMQwwCgYDVQQDEwNXUjIwHhcNMjQwNzMwMTIzMjUzWhcNMjQxMDIyMTIzMjUyWjAXMRUwEwYDVQQDDAwqLmdvb2dsZS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATmma+TRpefY5dZblCsBLNow/4T5zDIQV/Yg0rG0YhN99awjIPaoUV0tsAtbpfPW0OQr7Q4QuGsIUfIX5EKXfOxo4IL+TCCC/UwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFLYIyZUGINH0MWoZV7fNlIdbesqDMB8GA1UdIwQYMBaAFN4bHu15FdQ+NyTDIbvsNDltQrIwMFgGCCsGAQUFBwEBBEwwSjAhBggrBgEFBQcwAYYVaHR0cDovL28ucGtpLmdvb2cvd3IyMCUGCCsGAQUFBzAChhlodHRwOi8vaS5wa2kuZ29vZy93cjIuY3J0MIIJzQYDVR0RBIIJxDCCCcCCDCouZ29vZ2xlLmNvbYIWKi5hcHBlbmdpbmUuZ29vZ2xlLmNvbYIJKi5iZG4uZGV2ghUqLm9yaWdpbi10ZXN0LmJkbi5kZXaCEiouY2xvdWQuZ29vZ2xlLmNvbYIYKi5jcm93ZHNvdXJjZS5nb29nbGUuY29tghgqLmRhdGFjb21wdXRlLmdvb2dsZS5jb22CCyouZ29vZ2xlLmNhggsqLmdvb2dsZS5jbIIOKi5nb29nbGUuY28uaW6CDiouZ29vZ2xlLmNvLmpwgg4qLmdvb2dsZS5jby51a4IPKi5nb29nbGUuY29tLmFygg8qLmdvb2dsZS5jb20uYXWCDyouZ29vZ2xlLmNvbS5icoIPKi5nb29nbGUuY29tLmNvgg8qLmdvb2dsZS5jb20ubXiCDyouZ29vZ2xlLmNvbS50coIPKi5nb29nbGUuY29tLnZuggsqLmdvb2dsZS5kZYILKi5nb29nbGUuZXOCCyouZ29vZ2xlLmZyggsqLmdvb2dsZS5odYILKi5nb29nbGUuaXSCCyouZ29vZ2xlLm5sggsqLmdvb2dsZS5wbIILKi5nb29nbGUucHSCDyouZ29vZ2xlYXBpcy5jboIRKi5nb29nbGV2aWRlby5jb22CDCouZ3N0YXRpYy5jboIQKi5nc3RhdGljLWNuLmNvbYIPZ29vZ2xlY25hcHBzLmNughEqLmdvb2dsZWNuYXBwcy5jboIRZ29vZ2xlYXBwcy1jbi5jb22CEyouZ29vZ2xlYXBwcy1jbi5jb22CDGdrZWNuYXBwcy5jboIOKi5na2VjbmFwcHMuY26CEmdvb2dsZWRvd25sb2Fkcy5jboIUKi5nb29nbGVkb3dubG9hZHMuY26CEHJlY2FwdGNoYS5uZXQuY26CEioucmVjYXB0Y2hhLm5ldC5jboIQcmVjYXB0Y2hhLWNuLm5ldIISKi5yZWNhcHRjaGEtY24ubmV0ggt3aWRldmluZS5jboINKi53aWRldmluZS5jboIRYW1wcHJvamVjdC5vcmcuY26CEyouYW1wcHJvamVjdC5vcmcuY26CEWFtcHByb2plY3QubmV0LmNughMqLmFtcHByb2plY3QubmV0LmNughdnb29nbGUtYW5hbHl0aWNzLWNuLmNvbYIZKi5nb29nbGUtYW5hbHl0aWNzLWNuLmNvbYIXZ29vZ2xlYWRzZXJ2aWNlcy1jbi5jb22CGSouZ29vZ2xlYWRzZXJ2aWNlcy1jbi5jb22CEWdvb2dsZXZhZHMtY24uY29tghMqLmdvb2dsZXZhZHMtY24uY29tghFnb29nbGVhcGlzLWNuLmNvbYITKi5nb29nbGVhcGlzLWNuLmNvbYIVZ29vZ2xlb3B0aW1pemUtY24uY29tghcqLmdvb2dsZW9wdGltaXplLWNuLmNvbYISZG91YmxlY2xpY2stY24ubmV0ghQqLmRvdWJsZWNsaWNrLWNuLm5ldIIYKi5mbHMuZG91YmxlY2xpY2stY24ubmV0ghYqLmcuZG91YmxlY2xpY2stY24ubmV0gg5kb3VibGVjbGljay5jboIQKi5kb3VibGVjbGljay5jboIUKi5mbHMuZG91YmxlY2xpY2suY26CEiouZy5kb3VibGVjbGljay5jboIRZGFydHNlYXJjaC1jbi5uZXSCEyouZGFydHNlYXJjaC1jbi5uZXSCHWdvb2dsZXRyYXZlbGFkc2VydmljZXMtY24uY29tgh8qLmdvb2dsZXRyYXZlbGFkc2VydmljZXMtY24uY29tghhnb29nbGV0YWdzZXJ2aWNlcy1jbi5jb22CGiouZ29vZ2xldGFnc2VydmljZXMtY24uY29tghdnb29nbGV0YWdtYW5hZ2VyLWNuLmNvbYIZKi5nb29nbGV0YWdtYW5hZ2VyLWNuLmNvbYIYZ29vZ2xlc3luZGljYXRpb24tY24uY29tghoqLmdvb2dsZXN5bmRpY2F0aW9uLWNuLmNvbYIkKi5zYWZlZnJhbWUuZ29vZ2xlc3luZGljYXRpb24tY24uY29tghZhcHAtbWVhc3VyZW1lbnQtY24uY29tghgqLmFwcC1tZWFzdXJlbWVudC1jbi5jb22CC2d2dDEtY24uY29tgg0qLmd2dDEtY24uY29tggtndnQyLWNuLmNvbYINKi5ndnQyLWNuLmNvbYILMm1kbi1jbi5uZXSCDSouMm1kbi1jbi5uZXSCFGdvb2dsZWZsaWdodHMtY24ubmV0ghYqLmdvb2dsZWZsaWdodHMtY24ubmV0ggxhZG1vYi1jbi5jb22CDiouYWRtb2ItY24uY29tghRnb29nbGVzYW5kYm94LWNuLmNvbYIWKi5nb29nbGVzYW5kYm94LWNuLmNvbYIeKi5zYWZlbnVwLmdvb2dsZXNhbmRib3gtY24uY29tgg0qLmdzdGF0aWMuY29tghQqLm1ldHJpYy5nc3RhdGljLmNvbYIKKi5ndnQxLmNvbYIRKi5nY3BjZG4uZ3Z0MS5jb22CCiouZ3Z0Mi5jb22CDiouZ2NwLmd2dDIuY29tghAqLnVybC5nb29nbGUuY29tghYqLnlvdXR1YmUtbm9jb29raWUuY29tggsqLnl0aW1nLmNvbYILYW5kcm9pZC5jb22CDSouYW5kcm9pZC5jb22CEyouZmxhc2guYW5kcm9pZC5jb22CBGcuY26CBiouZy5jboIEZy5jb4IGKi5nLmNvggZnb28uZ2yCCnd3dy5nb28uZ2yCFGdvb2dsZS1hbmFseXRpY3MuY29tghYqLmdvb2dsZS1hbmFseXRpY3MuY29tggpnb29nbGUuY29tghJnb29nbGVjb21tZXJjZS5jb22CFCouZ29vZ2xlY29tbWVyY2UuY29tgghnZ3BodC5jboIKKi5nZ3BodC5jboIKdXJjaGluLmNvbYIMKi51cmNoaW4uY29tggh5b3V0dS5iZYILeW91dHViZS5jb22CDSoueW91dHViZS5jb22CEW11c2ljLnlvdXR1YmUuY29tghMqLm11c2ljLnlvdXR1YmUuY29tghR5b3V0dWJlZWR1Y2F0aW9uLmNvbYIWKi55b3V0dWJlZWR1Y2F0aW9uLmNvbYIPeW91dHViZWtpZHMuY29tghEqLnlvdXR1YmVraWRzLmNvbYIFeXQuYmWCByoueXQuYmWCGmFuZHJvaWQuY2xpZW50cy5nb29nbGUuY29tghMqLmFuZHJvaWQuZ29vZ2xlLmNughIqLmNocm9tZS5nb29nbGUuY26CFiouZGV2ZWxvcGVycy5nb29nbGUuY24wEwYDVR0gBAwwCjAIBgZngQwBAgEwNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2MucGtpLmdvb2cvd3IyL29CRllZYWh6Z1ZJLmNybDCCAQYGCisGAQQB1nkCBAIEgfcEgfQA8gB3AEiw42vapkc0D+VqAvqdMOscUgHLVt0sgdm7v6s52IRzAAABkQPYFPYAAAQDAEgwRgIhAKY1vswnrCsPY/2Rb9mkMt/QMBsGRK2hBSgm0BqZZrbpAiEA/l5FtZCwtf/zAJzkzAsR1wIGGubVQRimx3emAy8/7qgAdwDuzdBk1dsazsVct520zROiModGfLzs3sNRSFlGcR+1mwAAAZED2BTNAAAEAwBIMEYCIQCdt+dIh2hphLzc/ALmRvGtBkXjkw5nieuIg6PVpcb5XgIhAOSXQWUlYiBLpMCW6Ae1meor3YRBeqoQT/zyYTS/+hd1MA0GCSqGSIb3DQEBCwUAA4IBAQB9AO5LRDlvrtxbLu2EQWFJrENvHZxEGOjVjY1FI9LJktoV5IY7YefrnPv10iJqRoBeb805s+tp0wE/SeGdCDwBVtsNyvQ8Q24cvYEO5zaikO2Rt7zvbuwEFe+bZzYlvM6c9A5fCFHAeA9VVOrJNZK2ca5f5hoMyKWKlK9B66WZuZwC47KVZ+m1XJ76ZlnvIpVaRtzZIaJfn4xusB0nVecjzlUT7xEunh09AI0xky//tCNLVj1ezYdSndHq6KNNrz8V/huIO8hDyciGHgx1vOJ53wfQxfp0yUWAhRWSBAJnmp13IqSpnxyuUmj+PdKewP/qyVTxbuFdqS0EnOY97yso\n-----END CERTIFICATE-----\n",
"sha1_fingerprint": "a9:52:08:e0:fc:37:b4:6b:5f:cf:c5:ab:c4:10:c7:d6:00:4d:dc:69",
"sha256_fingerprint": "06:5e:3b:66:39:0a:5d:3c:7c:e5:1f:27:34:24:42:60:64:53:b3:d9:8e:4d:4e:97:f5:b7:08:b5:9d:19:0a:0a",
"as_dict": {
"signature_algorithm": "sha256_rsa",
"signature_value": "7d:00:ee:4b:44:39:6f:ae:dc:5b:2e:ed:84:41:61:49:ac:43:6f:1d:9c:44:18:e8:d5:8d:8d:45:23:d2:c9:92:da:15:e4:86:3b:61:e7:eb:9c:fb:f5:d2:22:6a:46:80:5e:6f:cd:39:b3:eb:69:d3:01:3f:49:e1:9d:08:3c:01:56:db:0d:ca:f4:3c:43:6e:1c:bd:81:0e:e7:36:a2:90:ed:91:b7:bc:ef:6e:ec:04:15:ef:9b:67:36:25:bc:ce:9c:f4:0e:5f:08:51:c0:78:0f:55:54:ea:c9:35:92:b6:71:ae:5f:e6:1a:0c:c8:a5:8a:94:af:41:eb:a5:99:b9:9c:02:e3:b2:95:67:e9:b5:5c:9e:fa:66:59:ef:22:95:5a:46:dc:d9:21:a2:5f:9f:8c:6e:b0:1d:27:55:e7:23:ce:55:13:ef:11:2e:9e:1d:3d:00:8d:31:93:2f:ff:b4:23:4b:56:3d:5e:cd:87:52:9d:d1:ea:e8:a3:4d:af:3f:15:fe:1b:88:3b:c8:43:c9:c8:86:1e:0c:75:bc:e2:79:df:07:d0:c5:fa:74:c9:45:80:85:15:92:04:02:67:9a:9d:77:22:a4:a9:9f:1c:ae:52:68:fe:3d:d2:9e:c0:ff:ea:c9:54:f1:6e:e1:5d:a9:2d:04:9c:e6:3d:ef:2b:28",
"issuer": {
"country_name": "US",
"organization_name": "Google Trust Services",
"common_name": "WR2",
"distinguished_name": "Common Name: WR2, Organization: Google Trust Services, Country: US"
},
"subject": {
"common_name": "*.google.com",
"distinguished_name": "Common Name: *.google.com"
},
"validity": {
"not_after": "2024-10-22T12:32:52+00:00",
"not_before": "2024-07-30T12:32:53+00:00"
},
"serial_number": "150939920476519325899932999567496020356",
"version": "v3",
"public_key_info": {
"algorithm": "ec",
"curve": "secp256r1",
"public_key": "04:e6:99:af:93:46:97:9f:63:97:59:6e:50:ac:04:b3:68:c3:fe:13:e7:30:c8:41:5f:d8:83:4a:c6:d1:88:4d:f7:d6:b0:8c:83:da:a1:45:74:b6:c0:2d:6e:97:cf:5b:43:90:af:b4:38:42:e1:ac:21:47:c8:5f:91:0a:5d:f3:b1",
"key_size": 256,
"sha256_fingerprint": "53:1e:7c:7a:09:39:a5:5f:34:60:3f:91:8e:72:85:8c:5d:83:e4:2f:c6:29:7f:aa:dd:54:bd:bb:a3:63:93:a7"
},
"extensions": {
"key_usage": [
"digital_signature"
],
"extended_key_usage": [
"server_auth"
],
"basic_constraints": "",
"key_identifier": "b6:08:c9:95:06:20:d1:f4:31:6a:19:57:b7:cd:94:87:5b:7a:ca:83",
"authority_key_identifier": {
"key_identifier": "de:1b:1e:ed:79:15:d4:3e:37:24:c3:21:bb:ec:34:39:6d:42:b2:30"
},
"authority_information_access": [
{
"access_method": "ocsp",
"access_location": "http://o.pki.goog/wr2"
},
{
"access_method": "ca_issuers",
"access_location": "http://i.pki.goog/wr2.crt"
}
],
"subject_alt_name": [
"*.google.com",
"*.appengine.google.com",
"*.bdn.dev",
"*.origin-test.bdn.dev",
"*.cloud.google.com",
"*.crowdsource.google.com",
"*.datacompute.google.com",
"*.google.ca",
"*.google.cl",
"*.google.co.in",
"*.google.co.jp",
"*.google.co.uk",
"*.google.com.ar",
"*.google.com.au",
"*.google.com.br",
"*.google.com.co",
"*.google.com.mx",
"*.google.com.tr",
"*.google.com.vn",
"*.google.de",
"*.google.es",
"*.google.fr",
"*.google.hu",
"*.google.it",
"*.google.nl",
"*.google.pl",
"*.google.pt",
"*.googleapis.cn",
"*.googlevideo.com",
"*.gstatic.cn",
"*.gstatic-cn.com",
"googlecnapps.cn",
"*.googlecnapps.cn",
"googleapps-cn.com",
"*.googleapps-cn.com",
"gkecnapps.cn",
"*.gkecnapps.cn",
"googledownloads.cn",
"*.googledownloads.cn",
"recaptcha.net.cn",
"*.recaptcha.net.cn",
"recaptcha-cn.net",
"*.recaptcha-cn.net",
"widevine.cn",
"*.widevine.cn",
"ampproject.org.cn",
"*.ampproject.org.cn",
"ampproject.net.cn",
"*.ampproject.net.cn",
"google-analytics-cn.com",
"*.google-analytics-cn.com",
"googleadservices-cn.com",
"*.googleadservices-cn.com",
"googlevads-cn.com",
"*.googlevads-cn.com",
"googleapis-cn.com",
"*.googleapis-cn.com",
"googleoptimize-cn.com",
"*.googleoptimize-cn.com",
"doubleclick-cn.net",
"*.doubleclick-cn.net",
"*.fls.doubleclick-cn.net",
"*.g.doubleclick-cn.net",
"doubleclick.cn",
"*.doubleclick.cn",
"*.fls.doubleclick.cn",
"*.g.doubleclick.cn",
"dartsearch-cn.net",
"*.dartsearch-cn.net",
"googletraveladservices-cn.com",
"*.googletraveladservices-cn.com",
"googletagservices-cn.com",
"*.googletagservices-cn.com",
"googletagmanager-cn.com",
"*.googletagmanager-cn.com",
"googlesyndication-cn.com",
"*.googlesyndication-cn.com",
"*.safeframe.googlesyndication-cn.com",
"app-measurement-cn.com",
"*.app-measurement-cn.com",
"gvt1-cn.com",
"*.gvt1-cn.com",
"gvt2-cn.com",
"*.gvt2-cn.com",
"2mdn-cn.net",
"*.2mdn-cn.net",
"googleflights-cn.net",
"*.googleflights-cn.net",
"admob-cn.com",
"*.admob-cn.com",
"googlesandbox-cn.com",
"*.googlesandbox-cn.com",
"*.safenup.googlesandbox-cn.com",
"*.gstatic.com",
"*.metric.gstatic.com",
"*.gvt1.com",
"*.gcpcdn.gvt1.com",
"*.gvt2.com",
"*.gcp.gvt2.com",
"*.url.google.com",
"*.youtube-nocookie.com",
"*.ytimg.com",
"android.com",
"*.android.com",
"*.flash.android.com",
"g.cn",
"*.g.cn",
"g.co",
"*.g.co",
"goo.gl",
"www.goo.gl",
"google-analytics.com",
"*.google-analytics.com",
"google.com",
"googlecommerce.com",
"*.googlecommerce.com",
"ggpht.cn",
"*.ggpht.cn",
"urchin.com",
"*.urchin.com",
"youtu.be",
"youtube.com",
"*.youtube.com",
"music.youtube.com",
"*.music.youtube.com",
"youtubeeducation.com",
"*.youtubeeducation.com",
"youtubekids.com",
"*.youtubekids.com",
"yt.be",
"*.yt.be",
"android.clients.google.com",
"*.android.google.cn",
"*.chrome.google.cn",
"*.developers.google.cn"
],
"certificate_policies": [
{
"policy_identifier": "2.23.140.1.2.1"
}
],
"crl_distribution_points": [
{
"distribution_point": [
"http://c.pki.goog/wr2/oBFYYahzgVI.crl"
]
}
],
"signed_certificate_timestamp_list": {
"packed": "00:f2:00:77:00:48:b0:e3:6b:da:a6:47:34:0f:e5:6a:02:fa:9d:30:eb:1c:52:01:cb:56:dd:2c:81:d9:bb:bf:ab:39:d8:84:73:00:00:01:91:03:d8:14:f6:00:00:04:03:00:48:30:46:02:21:00:a6:35:be:cc:27:ac:2b:0f:63:fd:91:6f:d9:a4:32:df:d0:30:1b:06:44:ad:a1:05:28:26:d0:1a:99:66:b6:e9:02:21:00:fe:5e:45:b5:90:b0:b5:ff:f3:00:9c:e4:cc:0b:11:d7:02:06:1a:e6:d5:41:18:a6:c7:77:a6:03:2f:3f:ee:a8:00:77:00:ee:cd:d0:64:d5:db:1a:ce:c5:5c:b7:9d:b4:cd:13:a2:32:87:46:7c:bc:ec:de:c3:51:48:59:46:71:1f:b5:9b:00:00:01:91:03:d8:14:cd:00:00:04:03:00:48:30:46:02:21:00:9d:b7:e7:48:87:68:69:84:bc:dc:fc:02:e6:46:f1:ad:06:45:e3:93:0e:67:89:eb:88:83:a3:d5:a5:c6:f9:5e:02:21:00:e4:97:41:65:25:62:20:4b:a4:c0:96:e8:07:b5:99:ea:2b:dd:84:41:7a:aa:10:4f:fc:f2:61:34:bf:fa:17:75",
"unpacked": [
{
"version": "v1",
"log_id": "48:b0:e3:6b:da:a6:47:34:0f:e5:6a:02:fa:9d:30:eb:1c:52:01:cb:56:dd:2c:81:d9:bb:bf:ab:39:d8:84:73",
"timestamp": "2024-07-30T13:32:58.486000",
"signature_algorithm": "sha256_ecdsa",
"signature": "30:46:02:21:00:a6:35:be:cc:27:ac:2b:0f:63:fd:91:6f:d9:a4:32:df:d0:30:1b:06:44:ad:a1:05:28:26:d0:1a:99:66:b6:e9:02:21:00:fe:5e:45:b5:90:b0:b5:ff:f3:00:9c:e4:cc:0b:11:d7:02:06:1a:e6:d5:41:18:a6:c7:77:a6:03:2f:3f:ee:a8"
},
{
"version": "v1",
"log_id": "ee:cd:d0:64:d5:db:1a:ce:c5:5c:b7:9d:b4:cd:13:a2:32:87:46:7c:bc:ec:de:c3:51:48:59:46:71:1f:b5:9b",
"timestamp": "2024-07-30T13:32:58.445000",
"signature_algorithm": "sha256_ecdsa",
"signature": "30:46:02:21:00:9d:b7:e7:48:87:68:69:84:bc:dc:fc:02:e6:46:f1:ad:06:45:e3:93:0e:67:89:eb:88:83:a3:d5:a5:c6:f9:5e:02:21:00:e4:97:41:65:25:62:20:4b:a4:c0:96:e8:07:b5:99:ea:2b:dd:84:41:7a:aa:10:4f:fc:f2:61:34:bf:fa:17:75"
}
]
}
},
"self_signed": false,
"self_issued": false
},
"spki_subject_fingerprint": "28:c4:b4:cb:19:8d:13:89:86:ec:e6:e7:5a:0a:94:b2:97:2d:8e:2e:0e:7f:2d:b7:3f:72:fe:64:6f:eb:c2:18"
},
{
"as_pem": "-----BEGIN CERTIFICATE-----\nMIIFCzCCAvOgAwIBAgIQf/AFoHxM3tEArZ1mpRB7mDANBgkqhkiG9w0BAQsFADBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjEwHhcNMjMxMjEzMDkwMDAwWhcNMjkwMjIwMTQwMDAwWjA7MQswCQYDVQQGEwJVUzEeMBwGA1UEChMVR29vZ2xlIFRydXN0IFNlcnZpY2VzMQwwCgYDVQQDEwNXUjIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCp/5x/RR5wqFOfytnlDd5GV1d9vI+aWqxG8YSau5HbyfsvAfuSCQAWXqAc+MGr+XgvSszYhaLYWTwO0xj7sfUkDSbutltkdnwUxy96zqhMt/TZCPzfhyM1IKjiaeKMTj+xWfpgoh6zySBTGYLKNlNtYE3pAJH8do1cCA8Kwtzxc2vFE24KT3rC8gIcLrRjg9ox9i11MLL7q8Ju26nADrn5Z9TDJVd06wW06Y613ijNzHoU5HEDy01hLmFXxRmpC5iEGuh5KdmyjS//V2pm4M6rlagplmNwEmceOuHbsCFx13ye/aoXbv4r+zgXFNFmp6+atXDMyGOBOozAKql2N87jAgMBAAGjgf4wgfswDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBTeGx7teRXUPjckwyG77DQ5bUKyMDAfBgNVHSMEGDAWgBTkrysmcRorSCeFL1JmLO/wiRNxPjA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAKGGGh0dHA6Ly9pLnBraS5nb29nL3IxLmNydDArBgNVHR8EJDAiMCCgHqAchhpodHRwOi8vYy5wa2kuZ29vZy9yL3IxLmNybDATBgNVHSAEDDAKMAgGBmeBDAECATANBgkqhkiG9w0BAQsFAAOCAgEARXWL5R87RBOWGqtY8TXJbz3S0DNKhjO6V1FP7sQ02hYSTL8Tnw3UVOlIecAwPJQl8hr0ujKUtjNyC4XuCRElNJThb0Lbgpt7fyqaqf9/qdLeSiDLs/sDA7j4BwXaWZIvGEaYzq9yviQmsR4ATb0IrZNBRAq7x9UBhb+TV+PfdBJTDhEl05vc3ssnbrPCuTNiOcLgNeFbpwkuGcuRKnZc8d/KI4RApW//mkHgte8y0YWuryUJ8GLFbsLIbjL9uNrizkqRSvOFVU6xddZIMy9vhNkSXJ/UcZhjJY1pXAprffJBvei7j+Qi151lRehMCofa6WBmiA4fx+FOVsV2/7R6V2nyAiIJJkEd2nSi5SnzxJrlXdaqev3htytmOPvoKWa676ATL/hzfvDaQBEcXd2Ppvy+275W+DKcH0FBbX62xevGiza3F4ydzxl6NJ8hk8R+dDXSqv1MbRT1ybB5W0k8878XSOjvmiYTDIfyc9acxVJrY/cykHipa+te1pOhv7wYPYtZ9orGBV5SGOJm4NrB3K1aJar0RfzxC3ikr7Dyc6QwqDTBU39CluVIQeuQRgwG3MuSxl7zRERDRilGoKb8uY45JzmxWuKxrfwT/478JuHU/oTxUFqOl2stKnn7QGTq8z29W+GgBLCXSBxC9epaHM0myFH/FJlniXJfHeytWt0=\n-----END CERTIFICATE-----\n",
"sha1_fingerprint": "66:e4:16:12:60:b1:00:fe:e0:de:28:7a:9a:52:93:b4:c2:22:4a:e6",
"sha256_fingerprint": "e6:fe:22:bf:45:e4:f0:d3:b8:5c:59:e0:2c:0f:49:54:18:e1:eb:8d:32:10:f7:88:d4:8c:d5:e1:cb:54:7c:d4",
"as_dict": {
"signature_algorithm": "sha256_rsa",
"signature_value": "45:75:8b:e5:1f:3b:44:13:96:1a:ab:58:f1:35:c9:6f:3d:d2:d0:33:4a:86:33:ba:57:51:4f:ee:c4:34:da:16:12:4c:bf:13:9f:0d:d4:54:e9:48:79:c0:30:3c:94:25:f2:1a:f4:ba:32:94:b6:33:72:0b:85:ee:09:11:25:34:94:e1:6f:42:db:82:9b:7b:7f:2a:9a:a9:ff:7f:a9:d2:de:4a:20:cb:b3:fb:03:03:b8:f8:07:05:da:59:92:2f:18:46:98:ce:af:72:be:24:26:b1:1e:00:4d:bd:08:ad:93:41:44:0a:bb:c7:d5:01:85:bf:93:57:e3:df:74:12:53:0e:11:25:d3:9b:dc:de:cb:27:6e:b3:c2:b9:33:62:39:c2:e0:35:e1:5b:a7:09:2e:19:cb:91:2a:76:5c:f1:df:ca:23:84:40:a5:6f:ff:9a:41:e0:b5:ef:32:d1:85:ae:af:25:09:f0:62:c5:6e:c2:c8:6e:32:fd:b8:da:e2:ce:4a:91:4a:f3:85:55:4e:b1:75:d6:48:33:2f:6f:84:d9:12:5c:9f:d4:71:98:63:25:8d:69:5c:0a:6b:7d:f2:41:bd:e8:bb:8f:e4:22:d7:9d:65:45:e8:4c:0a:87:da:e9:60:66:88:0e:1f:c7:e1:4e:56:c5:76:ff:b4:7a:57:69:f2:02:22:09:26:41:1d:da:74:a2:e5:29:f3:c4:9a:e5:5d:d6:aa:7a:fd:e1:b7:2b:66:38:fb:e8:29:66:ba:ef:a0:13:2f:f8:73:7e:f0:da:40:11:1c:5d:dd:8f:a6:fc:be:db:be:56:f8:32:9c:1f:41:41:6d:7e:b6:c5:eb:c6:8b:36:b7:17:8c:9d:cf:19:7a:34:9f:21:93:c4:7e:74:35:d2:aa:fd:4c:6d:14:f5:c9:b0:79:5b:49:3c:f3:bf:17:48:e8:ef:9a:26:13:0c:87:f2:73:d6:9c:c5:52:6b:63:f7:32:90:78:a9:6b:eb:5e:d6:93:a1:bf:bc:18:3d:8b:59:f6:8a:c6:05:5e:52:18:e2:66:e0:da:c1:dc:ad:5a:25:aa:f4:45:fc:f1:0b:78:a4:af:b0:f2:73:a4:30:a8:34:c1:53:7f:42:96:e5:48:41:eb:90:46:0c:06:dc:cb:92:c6:5e:f3:44:44:43:46:29:46:a0:a6:fc:b9:8e:39:27:39:b1:5a:e2:b1:ad:fc:13:ff:8e:fc:26:e1:d4:fe:84:f1:50:5a:8e:97:6b:2d:2a:79:fb:40:64:ea:f3:3d:bd:5b:e1:a0:04:b0:97:48:1c:42:f5:ea:5a:1c:cd:26:c8:51:ff:14:99:67:89:72:5f:1d:ec:ad:5a:dd",
"issuer": {
"country_name": "US",
"organization_name": "Google Trust Services LLC",
"common_name": "GTS Root R1",
"distinguished_name": "Common Name: GTS Root R1, Organization: Google Trust Services LLC, Country: US"
},
"subject": {
"country_name": "US",
"organization_name": "Google Trust Services",
"common_name": "WR2",
"distinguished_name": "Common Name: WR2, Organization: Google Trust Services, Country: US"
},
"validity": {
"not_after": "2029-02-20T14:00:00+00:00",
"not_before": "2023-12-13T09:00:00+00:00"
},
"serial_number": "170058220837755766831192027518741805976",
"version": "v3",
"public_key_info": {
"algorithm": "rsa",
"key_size": 2048,
"modulus": "a9:ff:9c:7f:45:1e:70:a8:53:9f:ca:d9:e5:0d:de:46:57:57:7d:bc:8f:9a:5a:ac:46:f1:84:9a:bb:91:db:c9:fb:2f:01:fb:92:09:00:16:5e:a0:1c:f8:c1:ab:f9:78:2f:4a:cc:d8:85:a2:d8:59:3c:0e:d3:18:fb:b1:f5:24:0d:26:ee:b6:5b:64:76:7c:14:c7:2f:7a:ce:a8:4c:b7:f4:d9:08:fc:df:87:23:35:20:a8:e2:69:e2:8c:4e:3f:b1:59:fa:60:a2:1e:b3:c9:20:53:19:82:ca:36:53:6d:60:4d:e9:00:91:fc:76:8d:5c:08:0f:0a:c2:dc:f1:73:6b:c5:13:6e:0a:4f:7a:c2:f2:02:1c:2e:b4:63:83:da:31:f6:2d:75:30:b2:fb:ab:c2:6e:db:a9:c0:0e:b9:f9:67:d4:c3:25:57:74:eb:05:b4:e9:8e:b5:de:28:cd:cc:7a:14:e4:71:03:cb:4d:61:2e:61:57:c5:19:a9:0b:98:84:1a:e8:79:29:d9:b2:8d:2f:ff:57:6a:66:e0:ce:ab:95:a8:29:96:63:70:12:67:1e:3a:e1:db:b0:21:71:d7:7c:9e:fd:aa:17:6e:fe:2b:fb:38:17:14:d1:66:a7:af:9a:b5:70:cc:c8:63:81:3a:8c:c0:2a:a9:76:37:ce:e3",
"exponent": 65537,
"sha256_fingerprint": "60:fb:47:69:fb:4b:c3:af:f4:be:77:36:06:73:4a:18:5e:78:c6:20:80:db:c5:85:71:c7:23:90:0e:32:a4:23"
},
"extensions": {
"key_usage": [
"digital_signature",
"crl_sign",
"key_cert_sign"
],
"extended_key_usage": [
"server_auth",
"client_auth"
],
"basic_constraints": {
"ca": true
},
"key_identifier": "de:1b:1e:ed:79:15:d4:3e:37:24:c3:21:bb:ec:34:39:6d:42:b2:30",
"authority_key_identifier": {
"key_identifier": "e4:af:2b:26:71:1a:2b:48:27:85:2f:52:66:2c:ef:f0:89:13:71:3e"
},
"authority_information_access": [
{
"access_method": "ca_issuers",
"access_location": "http://i.pki.goog/r1.crt"
}
],
"crl_distribution_points": [
{
"distribution_point": [
"http://c.pki.goog/r/r1.crl"
]
}
],
"certificate_policies": [
{
"policy_identifier": "2.23.140.1.2.1"
}
]
},
"self_signed": false,
"self_issued": false
},
"spki_subject_fingerprint": "95:b1:48:af:c4:c2:49:d3:14:06:75:27:81:3d:43:97:35:74:f8:e1:1a:90:50:40:c8:81:51:00:26:ae:74:f9"
},
{
"as_pem": "-----BEGIN CERTIFICATE-----\nMIIFYjCCBEqgAwIBAgIQd70NbNs2+RrqIQ/E8FjTDTANBgkqhkiG9w0BAQsFADBXMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTEQMA4GA1UECxMHUm9vdCBDQTEbMBkGA1UEAxMSR2xvYmFsU2lnbiBSb290IENBMB4XDTIwMDYxOTAwMDA0MloXDTI4MDEyODAwMDA0MlowRzELMAkGA1UEBhMCVVMxIjAgBgNVBAoTGUdvb2dsZSBUcnVzdCBTZXJ2aWNlcyBMTEMxFDASBgNVBAMTC0dUUyBSb290IFIxMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAthECix7joXebO9y/lD63ladAPKH9gvl9MgaCcfb2jH/76Nu8ai6Xl6OMS/kr9rH5zoQdsfnFl97vufKj6bwSiV6nqlKr+CMny6SxnGPb15l+8Ape62im9MZaRw1NEDPjTrETo8gYbEvs/AmQ351kKSUjB6G00j0uYODP0gmHu81I8E3CwnqIiru6z1kZ1q+PsAewnjHxgsHA3y6mbWwZDrXYfiYaRQM9sHmklCitD38m5agI/pboPGiUU+6DOogrFZYJsuB6jC511pzrp1Zkj5ZPaK49l8KEj8C8QMALXL32h7M1bKwYUH+E4EzNktMg6TO8UpmvMrUpsyUqtEj5cuHKZPfmghCN6J3Cioj6OGaK/GP5Afl4/Xtcd/p2h/rs37EOeZVXtL0m79YB0esWCruOC7XFxYpVq9Os6pFLKcwZpDIlTirxZUTQAs6qzkm06p98g7BAe+dDq6dso499iYH6TKX/1Y7DzkvgtdizjkXPdsDtQCv9Uw+wp9U7DbGKogPeMa3Md+pvez7W35EiEua++tgy/BBjFFFy3l3WFpO9KWgz7zpm7AeKJt8T11dleCfeXkkUAKIAf5qoIbapsZWwpbkNFhHax2xIPEDgfg1azVY80ZcFuctL7TlLnMQ/0lUTbiSw1nH69MG6zO0b9f6BQdgAmD06yK56mDcYBZUCAwEAAaOCATgwggE0MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTkrysmcRorSCeFL1JmLO/wiRNxPjAfBgNVHSMEGDAWgBRge2YaRQ2XyolQL30EzTSo//z9SzBgBggrBgEFBQcBAQRUMFIwJQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3NwLnBraS5nb29nL2dzcjEwKQYIKwYBBQUHMAKGHWh0dHA6Ly9wa2kuZ29vZy9nc3IxL2dzcjEuY3J0MDIGA1UdHwQrMCkwJ6AloCOGIWh0dHA6Ly9jcmwucGtpLmdvb2cvZ3NyMS9nc3IxLmNybDA7BgNVHSAENDAyMAgGBmeBDAECATAIBgZngQwBAgIwDQYLKwYBBAHWeQIFAwIwDQYLKwYBBAHWeQIFAwMwDQYJKoZIhvcNAQELBQADggEBADSkHrEoo9C0dhemMXoh6dFSPsjbdBZBiLg9NR3t5P+T4Vxfq7vqfM/b5A3Ri1fyJm9bvhdGaJQ3b2t6yMAYN/olUazsaL+yyEn9WprKASOshIArAoyZl+tJaox118fessmXn1hIVw41oeQa1v1vg4Fv74zPl6/AhSrw9U5pCZEt4Wi4wStz6dTZ/CLANx8LZh1J7QJVj2fhMtfTJr9w4z30Z209fOU0iOMy+qduBmpvvYuR7hZL6Dupszfnw0Skfths18dG9ZKb59UhvmaSGZRVbNQpsg3BZlvid0lIKO2d1xozclOzgjXPYovJJIultzkMu34qQb9Sz/yilrbCgj8=\n-----END CERTIFICATE-----\n",
"sha1_fingerprint": "08:74:54:87:e8:91:c1:9e:30:78:c1:f2:a0:7e:45:29:50:ef:36:f6",
"sha256_fingerprint": "3e:e0:27:8d:f7:1f:a3:c1:25:c4:cd:48:7f:01:d7:74:69:4e:6f:c5:7e:0c:d9:4c:24:ef:d7:69:13:39:18:e5",
"as_dict": {
"signature_algorithm": "sha256_rsa",
"signature_value": "34:a4:1e:b1:28:a3:d0:b4:76:17:a6:31:7a:21:e9:d1:52:3e:c8:db:74:16:41:88:b8:3d:35:1d:ed:e4:ff:93:e1:5c:5f:ab:bb:ea:7c:cf:db:e4:0d:d1:8b:57:f2:26:6f:5b:be:17:46:68:94:37:6f:6b:7a:c8:c0:18:37:fa:25:51:ac:ec:68:bf:b2:c8:49:fd:5a:9a:ca:01:23:ac:84:80:2b:02:8c:99:97:eb:49:6a:8c:75:d7:c7:de:b2:c9:97:9f:58:48:57:0e:35:a1:e4:1a:d6:fd:6f:83:81:6f:ef:8c:cf:97:af:c0:85:2a:f0:f5:4e:69:09:91:2d:e1:68:b8:c1:2b:73:e9:d4:d9:fc:22:c0:37:1f:0b:66:1d:49:ed:02:55:8f:67:e1:32:d7:d3:26:bf:70:e3:3d:f4:67:6d:3d:7c:e5:34:88:e3:32:fa:a7:6e:06:6a:6f:bd:8b:91:ee:16:4b:e8:3b:a9:b3:37:e7:c3:44:a4:7e:d8:6c:d7:c7:46:f5:92:9b:e7:d5:21:be:66:92:19:94:55:6c:d4:29:b2:0d:c1:66:5b:e2:77:49:48:28:ed:9d:d7:1a:33:72:53:b3:82:35:cf:62:8b:c9:24:8b:a5:b7:39:0c:bb:7e:2a:41:bf:52:cf:fc:a2:96:b6:c2:82:3f",
"issuer": {
"country_name": "BE",
"organization_name": "GlobalSign nv-sa",
"organizational_unit_name": "Root CA",
"common_name": "GlobalSign Root CA",
"distinguished_name": "Common Name: GlobalSign Root CA, Organizational Unit: Root CA, Organization: GlobalSign nv-sa, Country: BE"
},
"subject": {
"country_name": "US",
"organization_name": "Google Trust Services LLC",
"common_name": "GTS Root R1",
"distinguished_name": "Common Name: GTS Root R1, Organization: Google Trust Services LLC, Country: US"
},
"validity": {
"not_after": "2028-01-28T00:00:42+00:00",
"not_before": "2020-06-19T00:00:42+00:00"
},
"serial_number": "159159747900478145820483398898491642637",
"version": "v3",
"public_key_info": {
"algorithm": "rsa",
"key_size": 4096,
"modulus": "b6:11:02:8b:1e:e3:a1:77:9b:3b:dc:bf:94:3e:b7:95:a7:40:3c:a1:fd:82:f9:7d:32:06:82:71:f6:f6:8c:7f:fb:e8:db:bc:6a:2e:97:97:a3:8c:4b:f9:2b:f6:b1:f9:ce:84:1d:b1:f9:c5:97:de:ef:b9:f2:a3:e9:bc:12:89:5e:a7:aa:52:ab:f8:23:27:cb:a4:b1:9c:63:db:d7:99:7e:f0:0a:5e:eb:68:a6:f4:c6:5a:47:0d:4d:10:33:e3:4e:b1:13:a3:c8:18:6c:4b:ec:fc:09:90:df:9d:64:29:25:23:07:a1:b4:d2:3d:2e:60:e0:cf:d2:09:87:bb:cd:48:f0:4d:c2:c2:7a:88:8a:bb:ba:cf:59:19:d6:af:8f:b0:07:b0:9e:31:f1:82:c1:c0:df:2e:a6:6d:6c:19:0e:b5:d8:7e:26:1a:45:03:3d:b0:79:a4:94:28:ad:0f:7f:26:e5:a8:08:fe:96:e8:3c:68:94:53:ee:83:3a:88:2b:15:96:09:b2:e0:7a:8c:2e:75:d6:9c:eb:a7:56:64:8f:96:4f:68:ae:3d:97:c2:84:8f:c0:bc:40:c0:0b:5c:bd:f6:87:b3:35:6c:ac:18:50:7f:84:e0:4c:cd:92:d3:20:e9:33:bc:52:99:af:32:b5:29:b3:25:2a:b4:48:f9:72:e1:ca:64:f7:e6:82:10:8d:e8:9d:c2:8a:88:fa:38:66:8a:fc:63:f9:01:f9:78:fd:7b:5c:77:fa:76:87:fa:ec:df:b1:0e:79:95:57:b4:bd:26:ef:d6:01:d1:eb:16:0a:bb:8e:0b:b5:c5:c5:8a:55:ab:d3:ac:ea:91:4b:29:cc:19:a4:32:25:4e:2a:f1:65:44:d0:02:ce:aa:ce:49:b4:ea:9f:7c:83:b0:40:7b:e7:43:ab:a7:6c:a3:8f:7d:89:81:fa:4c:a5:ff:d5:8e:c3:ce:4b:e0:b5:d8:b3:8e:45:cf:76:c0:ed:40:2b:fd:53:0f:b0:a7:d5:3b:0d:b1:8a:a2:03:de:31:ad:cc:77:ea:6f:7b:3e:d6:df:91:22:12:e6:be:fa:d8:32:fc:10:63:14:51:72:de:5d:d6:16:93:bd:29:68:33:ef:3a:66:ec:07:8a:26:df:13:d7:57:65:78:27:de:5e:49:14:00:a2:00:7f:9a:a8:21:b6:a9:b1:95:b0:a5:b9:0d:16:11:da:c7:6c:48:3c:40:e0:7e:0d:5a:cd:56:3c:d1:97:05:b9:cb:4b:ed:39:4b:9c:c4:3f:d2:55:13:6e:24:b0:d6:71:fa:f4:c1:ba:cc:ed:1b:f5:fe:81:41:d8:00:98:3d:3a:c8:ae:7a:98:37:18:05:95",
"exponent": 65537,
"sha256_fingerprint": "87:1a:91:94:f4:ee:d5:b3:12:ff:40:c8:4c:1d:52:4a:ed:2f:77:8b:bf:f2:5f:13:8c:f8:1f:68:0a:7a:dc:67"
},
"extensions": {
"key_usage": [
"digital_signature",
"crl_sign",
"key_cert_sign"
],
"basic_constraints": {
"ca": true
},
"key_identifier": "e4:af:2b:26:71:1a:2b:48:27:85:2f:52:66:2c:ef:f0:89:13:71:3e",
"authority_key_identifier": {
"key_identifier": "60:7b:66:1a:45:0d:97:ca:89:50:2f:7d:04:cd:34:a8:ff:fc:fd:4b"
},
"authority_information_access": [
{
"access_method": "ocsp",
"access_location": "http://ocsp.pki.goog/gsr1"
},
{
"access_method": "ca_issuers",
"access_location": "http://pki.goog/gsr1/gsr1.crt"
}
],
"crl_distribution_points": [
{
"distribution_point": [
"http://crl.pki.goog/gsr1/gsr1.crl"
]
}
],
"certificate_policies": [
{
"policy_identifier": "2.23.140.1.2.1"
},
{
"policy_identifier": "2.23.140.1.2.2"
},
{
"policy_identifier": "1.3.6.1.4.1.11129.2.5.3.2"
},
{
"policy_identifier": "1.3.6.1.4.1.11129.2.5.3.3"
}
]
},
"self_signed": false,
"self_issued": false
},
"spki_subject_fingerprint": "fa:2d:e6:cc:02:95:5d:ab:1c:25:8e:8c:76:c7:21:be:7b:bf:ae:2b:47:92:70:f8:7f:43:aa:25:f1:4f:0a:b8"
}
]
}
}
TLS v1.3¶
This example was generated with a live host on the internet. Note that despite being TLS v1.3, the JA3 hash uses the version number for TLS v1.2 (i.e., 771). This is to match with Wireshark's interpretation of JA3S, which uses TLS's outermost version.
{
"server_info": {
"hostname": "tls13.1d.pw",
"ip_address": "194.87.109.56",
"port": 443,
"highest_ssl_version_supported": "TLSv1.3",
"openssl_cipher_string_supported": "TLS_AES_128_GCM_SHA256",
"ja3": "771,4865,51-44-43",
"ja3_digest": "5e782992dd22a63dd5c0ebc97e3f3843"
},
"cert_info": {
"certificate_chain": [
{
"as_pem": "-----BEGIN CERTIFICATE-----\nMIIENDCCAxygAwIBAgISA1ArF2HstpF12OppLhahUstvMA0GCSqGSIb3DQEBCwUA\nMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD\nEwJSMzAeFw0yNDA2MDUxNjI3MThaFw0yNDA5MDMxNjI3MTdaMBYxFDASBgNVBAMT\nC3RsczEzLjFkLnB3MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE3q3A3tfL+36jumM3\nGAZTN/nQ904zMhdlvN+pDecoQoDyGGBhznkmjG2Pqr71M+Kvk8FGDcnALcqHMH2o\nfdRCLew0qNzR25+UHVREyaQHXnf7/VFtJoA1zdHnfk1rvxaPo4ICDDCCAggwDgYD\nVR0PAQH/BAQDAgeAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNV\nHRMBAf8EAjAAMB0GA1UdDgQWBBSc9AFVYx2WpanbrUm3bzL5AkdGmTAfBgNVHSME\nGDAWgBQULrMXt1hWy65QCUDmH6+dixTCxjBVBggrBgEFBQcBAQRJMEcwIQYIKwYB\nBQUHMAGGFWh0dHA6Ly9yMy5vLmxlbmNyLm9yZzAiBggrBgEFBQcwAoYWaHR0cDov\nL3IzLmkubGVuY3Iub3JnLzAWBgNVHREEDzANggt0bHMxMy4xZC5wdzATBgNVHSAE\nDDAKMAgGBmeBDAECATCCAQMGCisGAQQB1nkCBAIEgfQEgfEA7wB2ABmYEHEJ8NZS\nLjCA0p4/ZLuDbijM+Q9Sju7fzko/FrTKAAABj+lw3Q8AAAQDAEcwRQIhAPNw04bk\n88ckR8bXZynHSECqYLn4HlvegK6HhRZk73QwAiAEwggBPyGtWaigBWSh2zIfTNGX\nzPuQSAB9GTefW8VTTAB1AHb/iD8KtvuVUcJhzPWHujS0pM27KdxoQgqf5mdMWjp0\nAAABj+lw3UQAAAQDAEYwRAIgaGmlnmAJBIOecc6zxIoTVe5BETWXBGbNDn9VdHpL\nNL8CICJpCmc1YF/s4WnCTxvyKROWGCQ7lrCjBLxP70czfkrSMA0GCSqGSIb3DQEB\nCwUAA4IBAQA8xfdbR2b/CSuIS7OmE85fQPRu1gRGX6iwuf/q5W9E3jZJPkHYuuZD\nJidWcoao2ZCS1NkfLr99bwITr4YKaJYCtiOb8YE1SMv4kZPttFh3UeZFY5GfQtom\nzDsJ0ba+RKzfhk6W9rgFjAnvgfj/rOMgWo20msGriRI48eudKeiqtsgspd8J8G/J\nlZbWKxRtz8a3bHErjV4dWbs44Ii+SwOsRt7g5jSaFPaDvkHDqQSsdf+JSnHlm8cs\nISKKJ2aMLQuHfRB6FhGsGfhJ/1nrrHRms9bdPXbOlA2dvg4P96Qs+ZIfuJasfCcL\n723l7qgctZ90Mp+2WV195vUWCapRITGB\n-----END CERTIFICATE-----\n",
"sha1_fingerprint": "46:36:38:09:91:18:52:b0:70:94:6f:69:66:4c:48:01:22:8a:45:5f",
"sha256_fingerprint": "7b:1c:e2:47:04:f1:10:0e:92:60:8c:a8:97:b3:b6:da:6d:aa:4e:36:2b:64:8c:30:20:6a:07:9a:b7:04:26:1c",
"as_dict": {
"signature_algorithm": "sha256_rsa",
"signature_value": "3c:c5:f7:5b:47:66:ff:09:2b:88:4b:b3:a6:13:ce:5f:40:f4:6e:d6:04:46:5f:a8:b0:b9:ff:ea:e5:6f:44:de:36:49:3e:41:d8:ba:e6:43:26:27:56:72:86:a8:d9:90:92:d4:d9:1f:2e:bf:7d:6f:02:13:af:86:0a:68:96:02:b6:23:9b:f1:81:35:48:cb:f8:91:93:ed:b4:58:77:51:e6:45:63:91:9f:42:da:26:cc:3b:09:d1:b6:be:44:ac:df:86:4e:96:f6:b8:05:8c:09:ef:81:f8:ff:ac:e3:20:5a:8d:b4:9a:c1:ab:89:12:38:f1:eb:9d:29:e8:aa:b6:c8:2c:a5:df:09:f0:6f:c9:95:96:d6:2b:14:6d:cf:c6:b7:6c:71:2b:8d:5e:1d:59:bb:38:e0:88:be:4b:03:ac:46:de:e0:e6:34:9a:14:f6:83:be:41:c3:a9:04:ac:75:ff:89:4a:71:e5:9b:c7:2c:21:22:8a:27:66:8c:2d:0b:87:7d:10:7a:16:11:ac:19:f8:49:ff:59:eb:ac:74:66:b3:d6:dd:3d:76:ce:94:0d:9d:be:0e:0f:f7:a4:2c:f9:92:1f:b8:96:ac:7c:27:0b:ef:6d:e5:ee:a8:1c:b5:9f:74:32:9f:b6:59:5d:7d:e6:f5:16:09:aa:51:21:31:81",
"issuer": {
"country_name": "US",
"organization_name": "Let's Encrypt",
"common_name": "R3",
"distinguished_name": "Common Name: R3, Organization: Let's Encrypt, Country: US"
},
"subject": {
"common_name": "tls13.1d.pw",
"distinguished_name": "Common Name: tls13.1d.pw"
},
"validity": {
"not_after": "2024-09-03T16:27:17+00:00",
"not_before": "2024-06-05T16:27:18+00:00"
},
"serial_number": "288616725361750394730639997024066973387631",
"version": "v3",
"public_key_info": {
"algorithm": "ec",
"curve": "secp384r1",
"public_key": "04:de:ad:c0:de:d7:cb:fb:7e:a3:ba:63:37:18:06:53:37:f9:d0:f7:4e:33:32:17:65:bc:df:a9:0d:e7:28:42:80:f2:18:60:61:ce:79:26:8c:6d:8f:aa:be:f5:33:e2:af:93:c1:46:0d:c9:c0:2d:ca:87:30:7d:a8:7d:d4:42:2d:ec:34:a8:dc:d1:db:9f:94:1d:54:44:c9:a4:07:5e:77:fb:fd:51:6d:26:80:35:cd:d1:e7:7e:4d:6b:bf:16:8f",
"key_size": 384,
"sha256_fingerprint": "7d:e7:3c:ed:da:e6:9f:4b:34:b1:ff:79:4d:fd:a5:b5:84:82:7a:c8:c5:97:8d:f1:09:7f:be:fe:56:93:bd:3b"
},
"extensions": {
"key_usage": [
"digital_signature"
],
"extended_key_usage": [
"server_auth",
"client_auth"
],
"basic_constraints": "",
"key_identifier": "9c:f4:01:55:63:1d:96:a5:a9:db:ad:49:b7:6f:32:f9:02:47:46:99",
"authority_key_identifier": {
"key_identifier": "14:2e:b3:17:b7:58:56:cb:ae:50:09:40:e6:1f:af:9d:8b:14:c2:c6"
},
"authority_information_access": [
{
"access_method": "ocsp",
"access_location": "http://r3.o.lencr.org"
},
{
"access_method": "ca_issuers",
"access_location": "http://r3.i.lencr.org/"
}
],
"subject_alt_name": [
"tls13.1d.pw"
],
"certificate_policies": [
{
"policy_identifier": "2.23.140.1.2.1"
}
],
"signed_certificate_timestamp_list": {
"packed": "00:ef:00:76:00:19:98:10:71:09:f0:d6:52:2e:30:80:d2:9e:3f:64:bb:83:6e:28:cc:f9:0f:52:8e:ee:df:ce:4a:3f:16:b4:ca:00:00:01:8f:e9:70:dd:0f:00:00:04:03:00:47:30:45:02:21:00:f3:70:d3:86:e4:f3:c7:24:47:c6:d7:67:29:c7:48:40:aa:60:b9:f8:1e:5b:de:80:ae:87:85:16:64:ef:74:30:02:20:04:c2:08:01:3f:21:ad:59:a8:a0:05:64:a1:db:32:1f:4c:d1:97:cc:fb:90:48:00:7d:19:37:9f:5b:c5:53:4c:00:75:00:76:ff:88:3f:0a:b6:fb:95:51:c2:61:cc:f5:87:ba:34:b4:a4:cd:bb:29:dc:68:42:0a:9f:e6:67:4c:5a:3a:74:00:00:01:8f:e9:70:dd:44:00:00:04:03:00:46:30:44:02:20:68:69:a5:9e:60:09:04:83:9e:71:ce:b3:c4:8a:13:55:ee:41:11:35:97:04:66:cd:0e:7f:55:74:7a:4b:34:bf:02:20:22:69:0a:67:35:60:5f:ec:e1:69:c2:4f:1b:f2:29:13:96:18:24:3b:96:b0:a3:04:bc:4f:ef:47:33:7e:4a:d2",
"unpacked": [
{
"version": "v1",
"log_id": "19:98:10:71:09:f0:d6:52:2e:30:80:d2:9e:3f:64:bb:83:6e:28:cc:f9:0f:52:8e:ee:df:ce:4a:3f:16:b4:ca",
"timestamp": "2024-06-05T17:27:19.055000",
"signature_algorithm": "sha256_ecdsa",
"signature": "30:45:02:21:00:f3:70:d3:86:e4:f3:c7:24:47:c6:d7:67:29:c7:48:40:aa:60:b9:f8:1e:5b:de:80:ae:87:85:16:64:ef:74:30:02:20:04:c2:08:01:3f:21:ad:59:a8:a0:05:64:a1:db:32:1f:4c:d1:97:cc:fb:90:48:00:7d:19:37:9f:5b:c5:53:4c"
},
{
"version": "v1",
"log_id": "76:ff:88:3f:0a:b6:fb:95:51:c2:61:cc:f5:87:ba:34:b4:a4:cd:bb:29:dc:68:42:0a:9f:e6:67:4c:5a:3a:74",
"timestamp": "2024-06-05T17:27:19.108000",
"signature_algorithm": "sha256_ecdsa",
"signature": "30:44:02:20:68:69:a5:9e:60:09:04:83:9e:71:ce:b3:c4:8a:13:55:ee:41:11:35:97:04:66:cd:0e:7f:55:74:7a:4b:34:bf:02:20:22:69:0a:67:35:60:5f:ec:e1:69:c2:4f:1b:f2:29:13:96:18:24:3b:96:b0:a3:04:bc:4f:ef:47:33:7e:4a:d2"
}
]
}
},
"self_signed": false,
"self_issued": false
},
"spki_subject_fingerprint": "8c:af:67:2a:fb:c9:c1:7c:3d:0c:49:0e:d7:14:14:01:03:63:12:b2:37:36:18:57:dc:42:10:2b:f2:f0:60:87"
}
]
}
}
DTLS v1.2¶
This example was generated with a live host on the internet.
{
"server_info": {
"ip_address": "[REDACTED]",
"port": 3391,
"highest_ssl_version_supported": "DTLSv1.2",
"openssl_cipher_string_supported": "ECDHE-RSA-AES256-GCM-SHA384",
"ja3": "65277,49200,23-65281",
"ja3_digest": "8a94edfb27a1eb6bb1a13ce82218a428"
},
"cert_info": {
"certificate_chain": [
{
"as_pem": "-----BEGIN CERTIFICATE-----\n[REDACTED]\n-----END CERTIFICATE-----\n",
"sha1_fingerprint": "[REDACTED]",
"sha256_fingerprint": "[REDACTED]",
"as_dict": {
"signature_algorithm": "sha256_rsa",
"signature_value": "[REDACTED]",
"issuer": {
"country_name": "US",
"state_or_province_name": "Arizona",
"locality_name": "Scottsdale",
"organization_name": "GoDaddy.com, Inc.",
"organizational_unit_name": "http://certs.godaddy.com/repository/",
"common_name": "Go Daddy Secure Certificate Authority - G2",
"distinguished_name": "Common Name: Go Daddy Secure Certificate Authority - G2; Organizational Unit: http://certs.godaddy.com/repository/; Organization: GoDaddy.com, Inc.; Locality: Scottsdale; State/Province: Arizona; Country: US"
},
"subject": {
"common_name": "[REDACTED]",
"distinguished_name": "Common Name: [REDACTED]"
},
"validity": {
"not_after": "2024-10-18T01:16:35+00:00",
"not_before": "2023-09-17T01:16:35+00:00"
},
"serial_number": "[REDACTED]",
"version": "v3",
"public_key_info": {
"algorithm": "rsa",
"key_size": 2048,
"modulus": "[REDACTED]",
"exponent": 65537,
"sha256_fingerprint": "[REDACTED]"
},
"extensions": {
"basic_constraints": "",
"extended_key_usage": [
"server_auth",
"client_auth"
],
"key_usage": [
"digital_signature",
"key_encipherment"
],
"crl_distribution_points": [
{
"distribution_point": [
"http://crl.godaddy.com/gdig2s1-9010.crl"
]
}
],
"certificate_policies": [
{
"policy_identifier": "2.16.840.1.114413.1.7.23.1",
"policy_qualifiers": [
{
"policy_qualifier_id": "certification_practice_statement",
"qualifier": "http://certificates.godaddy.com/repository/"
}
]
},
{
"policy_identifier": "2.23.140.1.2.1"
}
],
"authority_information_access": [
{
"access_method": "ocsp",
"access_location": "http://ocsp.godaddy.com/"
},
{
"access_method": "ca_issuers",
"access_location": "http://certificates.godaddy.com/repository/gdig2.crt"
}
],
"authority_key_identifier": {
"key_identifier": "40:c2:bd:27:8e:cc:34:83:30:a2:33:d7:fb:6c:b3:f0:b4:2c:80:ce"
},
"subject_alt_name": [
"*.professionalit.com.au",
"professionalit.com.au"
],
"key_identifier": "[REDACTED]",
"signed_certificate_timestamp_list": {
"packed": "[REDACTED]",
"unpacked": [
{
"version": "v1",
"log_id": "[REDACTED]",
"timestamp": "2023-09-17T01:16:46.631000",
"signature_algorithm": "sha256_ecdsa",
"signature": "[REDACTED]"
},
{
"version": "v1",
"log_id": "[REDACTED]",
"timestamp": "2023-09-17T01:16:46.953000",
"signature_algorithm": "sha256_ecdsa",
"signature": "[REDACTED]"
},
{
"version": "v1",
"log_id": "[REDACTED]",
"timestamp": "2023-09-17T01:16:47.102000",
"signature_algorithm": "sha256_ecdsa",
"signature": "[REDACTED]"
}
]
}
},
"self_signed": false,
"self_issued": false
},
"spki_subject_fingerprint": "[REDACTED]"
},
{
"[REDACTED]": "[REDACTED ENTIRE OBJECT]"
}
]
}
}
Changelog¶
- 2024-06-26: Initial public release of documentation.