SSL Report: aovpn.das.nl (194.151.171.164)
Assessed on:  Fri, 07 Nov 2025 00:15:02 UTC | Clear cache
Scan Another »

Due to a recently discovered bug in Apple's code, your browser is exposed to MITM attacks. Click here for more information.

Summary
Overall Rating
T
If trust issues are ignored: B
0
20
40
60
80
100
Certificate
 
Protocol Support
 
Key Exchange
 
Cipher Strength
 

Visit our documentation page for more information, configuration guides, and books. Known issues are documented here.
This server's certificate is not trusted, see below for details.
This server's certificate is not trusted by major browsers. MORE INFO »
This server's certificate chain is incomplete. Grade capped to B.
This server does not support TLS 1.3.  MORE INFO »
Certificate #1: RSA 2048 bits (1.2.840.113549.1.1.10)
Server Key and Certificate #1
Subject aovpn.das.nl
Fingerprint SHA256: 122130db78153dc1c43b654f9849224d349d12a2ea5b047b4d8ca560a6228a55
Pin SHA256: jXth/3IfndmrKFyy4Lrb6UPs6QIxxxgRSqczxpw//6Q=
Common names aovpn.das.nl
Alternative names aovpn.das.nl aovpn1.das.nl aovpn2.das.nl aovpn3.das.nl
Serial Number 520000424f67a17e9610137b4100000000424f
Valid from Sat, 23 Mar 2024 18:42:40 UTC
Valid until Mon, 23 Mar 2026 18:42:40 UTC (expires in 4 months and 16 days)
Key RSA 2048 bits (e 65537)
Weak key (Debian) No
Issuer dasPKI
AIA: ldap:///CN=dasPKI,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=das,DC=local?cACertificate?base?objectClass=certificationAuthority
AIA: http://pki.das.local/pki/pkip2.das.local_dasPKI.crt
AIA: http://crlndes-dasrechtsbijstand.msappproxy.net/pkip2.das.local_dasPKI.crt
Signature algorithm 1.2.840.113549.1.1.10
Extended Validation No
Certificate Transparency No
OCSP Must Staple No
Revocation information CRL
CRL: http://crlndes-dasrechtsbijstand.msappproxy.net/dasPKI.crl
Revocation status Unchecked (only trusted certificates can be checked)
DNS CAA No (more info)
Trusted No   NOT TRUSTED (Why?)
Mozilla  Apple  Android  Java  Windows 


Additional Certificates (if supplied)
Certificates provided 2 (3674 bytes)
Chain issues Incomplete
#2
Subject dasPKI
Fingerprint SHA256: e4c830f7c4bc404de52c5b00d3753081b9ba6fba0574a25479f6cea3a87384a5
Pin SHA256: ogETLK/2TX5A0vRgSO6rEU2zx2QtI2SRGHi60z8Pc40=
Valid until Mon, 14 Oct 2030 13:52:21 UTC (expires in 4 years and 11 months)
Key RSA 4096 bits (e 65537)
Issuer PKIP1
Signature algorithm SHA512withRSA


Certification Paths
No trust paths available
Issuer unknown, or intermediate certificate(s) missing.
No trust paths available
Issuer unknown, or intermediate certificate(s) missing.
No trust paths available
Issuer unknown, or intermediate certificate(s) missing.
No trust paths available
Issuer unknown, or intermediate certificate(s) missing.
No trust paths available
Issuer unknown, or intermediate certificate(s) missing.

Click here to expand

Configuration
Protocols
TLS 1.3 No
TLS 1.2 Yes
TLS 1.1 No
TLS 1.0 No
SSL 3 No
SSL 2 No


Cipher Suites
# TLS 1.2 (suites in server-preferred order)
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)   ECDH secp384r1 (eq. 7680 bits RSA)   FS 256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)   ECDH x25519 (eq. 3072 bits RSA)   FS 128
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f)   DH 2048 bits   FS 256
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e)   DH 2048 bits   FS 128
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)   ECDH secp384r1 (eq. 7680 bits RSA)   FS   WEAK 256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)   ECDH x25519 (eq. 3072 bits RSA)   FS   WEAK 128
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)   ECDH secp384r1 (eq. 7680 bits RSA)   FS   WEAK 256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)   ECDH x25519 (eq. 3072 bits RSA)   FS   WEAK 128
TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d)   WEAK 256
TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c)   WEAK 128
TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d)   WEAK 256
TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c)   WEAK 128