Tag: HTTPS tests

Test #32 :: The full elliptic monty – CA and CERT using Elliptic Curves

This server and CA both use elliptic curve technology. Non-hybrid, pure elliptic curve. According to crypto marketing, this is the future of public key cryptography. It is thus important that new applications support it. For this test, you need our Elliptic Curve CA certificate. Marketing says that this is good for cell phones and small […]


Test #31 :: Hybrid certificate (RSA CA, EC client)

This test is similar to test 30 but in this case it’s the opposite. This is the grand old untrustworthy TLS-O-MATIC CA with the old RSA keys, but a new client that use modern cool elliptic curve technology. The curve used in this certificate is named secp256r1 and is a commonly supported curve.   This test should […]


Test #30 :: Introducing Elliptic Curve Cryptography

Elliptic curve cryptography is the new black in the TLS world. It’s an alternative to the rather old RSA crypto system that is common in the web today. In this test, we are adding a new certificate authority that is based on EC keys. There are many different curves offered, so the client and server […]


New tests added: International characters and SAN

During these first days since our launch we’ve gotten a lot of feedback. The Internet Society has blogged about us, We have gotten bug reports on github. And we have a lot of new ideas. Some you can see if you peek in at our Github project. Certificates and TLS is a complex area. We […]


Test #17 :: CN correct, Subject Alt Name incorrect

If a certificate contains Subject Alt Names, the name in the Subject – the Common Name – should not be used for verification. This is defined in RFC 6125, published in March 2011. Not all old browsers support this rule. It is important that you make sure that new applications and clients support this. This […]


Test #16 :: International domain names in certificate –

In this test, there are two names for the server that has international characters in the domain name. The browsers we tested does not show the domain name in UTF8 in the browser when showing the certificate contents, which we think is wrong. If you have a domain with Swedish characters this should be shown […]


Test #21 :: Good old times are here again

This server has only SSLv2 or SSLv3 and only supports weak crypto algorithms. Based on recommendations from Netscape Communication in the 90’s. Good old times are here again. Did you know that SSL version 1 was released in 1994? And version 2 in 1995? It’s time to give up on crypto that is 20 years […]


Test 15 :: Server Name Indication

Web sites has for a long time shared IPv4 addresses. On one single IPv4 address, one can run many sites. It wasn’t always so – it was only when a “Host:” header was added to HTTP the server could decide which web site to serve for a given request. For TLS this did not work. […]


Test 14 :: A certificate not valid for web site security

Certificates are issued for a specific usage – as an example, CA certificates can be used to sign certificates but your web site certificate can not be used that way – it’s only valid for servers. A certificate includes settings that indicates usage. There are settings for e-mail security, electronic signatures, SIP IP Telephnoy and many […]


Test 11 :: A long chain of trust

This test is similar to test #10 but in this case there are three intermediate certificates, which means that your client will have five certificates in the chain – the CA certificate, three intermediaries and the server certificate. This is not very common in the web, but a perfectly valid setup.   This test should […]