SSL Report: aquasswpenang.com (40.119.12.77)
Assessed on:  Fri, 19 Dec 2025 13:31:34 UTC | Clear cache
Scan Another »

Due to a recently discovered bug in Apple's code, your browser is exposed to MITM attacks. Click here for more information.

Summary
Overall Rating
T
If trust issues are ignored: B
0
20
40
60
80
100
Certificate
 
Protocol Support
 
Key Exchange
 
Cipher Strength
 

Visit our documentation page for more information, configuration guides, and books. Known issues are documented here.
This server's certificate is not trusted, see below for details.
This server's certificate chain is incomplete. Grade capped to B.
This site works only in browsers with SNI support.
This server supports TLS 1.3.  MORE INFO »
Certificate #1: RSA 2048 bits (1.2.840.113549.1.1.10)
Server Key and Certificate #1
Subject aquasswpenang.com
Fingerprint SHA256: beaa2531a9365eedd6434489310ba58c4184c666e19a4c908a031a0b35f9aa8f
Pin SHA256: /xT+1wfmz5Zc9mBQxcGX19czACY9mR43wk3ve5BIvFU=
Common names aquasswpenang.com
Alternative names aquasswpenang.com
Serial Number 7a00002f69ec5414dfe1260c47000000002f69
Valid from Wed, 06 Aug 2025 08:44:06 UTC
Valid until Mon, 02 Feb 2026 08:44:06 UTC (expires in 1 month and 13 days)
Key RSA 2048 bits (e 65537)
Weak key (Debian) No
Issuer IntSwgIssuingCA-BGO-CA11
AIA: http://pki.int.shearwatergeo.com/pki/bgo-ca11.int.shearwatergeo.com_IntSwgIssuingCA-BGO-CA11.crt
Signature algorithm 1.2.840.113549.1.1.10
Extended Validation No
Certificate Transparency No
OCSP Must Staple No
Revocation information CRL
CRL: http://pki.int.shearwatergeo.com/pki/IntSwgIssuingCA-BGO-CA11.crl
Revocation status Unchecked (only trusted certificates can be checked)
DNS CAA No (more info)
Trusted No   NOT TRUSTED (Why?)
Mozilla  Apple  Android  Java  Windows 


Additional Certificates (if supplied)
Certificates provided 1 (1598 bytes)
Chain issues Incomplete


Certification Paths
No trust paths available
Issuer unknown, or intermediate certificate(s) missing.
No trust paths available
Issuer unknown, or intermediate certificate(s) missing.
No trust paths available
Issuer unknown, or intermediate certificate(s) missing.
No trust paths available
Issuer unknown, or intermediate certificate(s) missing.
No trust paths available
Issuer unknown, or intermediate certificate(s) missing.

Click here to expand

Certificate #2: RSA 2048 bits (SHA384withRSA) No SNI
Server Key and Certificate #1
Subject *.azurewebsites.net
Fingerprint SHA256: df3f0137e93e498df26f62c5abe1c245f6a4d09a036d83e0c883cee704d5d4dd
Pin SHA256: yE4xoZiVwT/mW1R81pZxXUmaXYdsQIhXuu/7TCL3sYA=
Common names *.azurewebsites.net
Alternative names *.azurewebsites.net *.scm.azurewebsites.net *.sso.azurewebsites.net *.southcentralus-01.azurewebsites.net *.scm.southcentralus-01.azurewebsites.net *.sso.southcentralus-01.azurewebsites.net *.southcentralus.c.azurewebsites.net *.scm.southcentralus.c.azurewebsites.net *.sso.southcentralus.c.azurewebsites.net *.azure-mobile.net *.scm.azure-mobile.net   MISMATCH
Serial Number 3302ba5d518928a98495f470ec000002ba5d51
Valid from Tue, 18 Nov 2025 13:37:39 UTC
Valid until Sun, 17 May 2026 13:37:39 UTC (expires in 4 months and 27 days)
Key RSA 2048 bits (e 65537)
Weak key (Debian) No
Issuer Microsoft Azure RSA TLS Issuing CA 07
AIA: http://www.microsoft.com/pkiops/certs/Microsoft%20Azure%20RSA%20TLS%20Issuing%20CA%2007%20-%20xsign.crt
Signature algorithm SHA384withRSA
Extended Validation No
Certificate Transparency Yes (certificate)
OCSP Must Staple No
Revocation information CRL, OCSP
CRL: http://www.microsoft.com/pkiops/crl/Microsoft%20Azure%20RSA%20TLS%20Issuing%20CA%2007.crl
OCSP: http://oneocsp.microsoft.com/ocsp
Revocation status Good (not revoked)
Trusted No   NOT TRUSTED (Why?)
Mozilla  Apple  Android  Java  Windows 


Additional Certificates (if supplied)
Certificates provided 2 (3964 bytes)
Chain issues None
#2
Subject Microsoft Azure RSA TLS Issuing CA 07
Fingerprint SHA256: 724247794951c93f3e41711617e95ce143263e3196c345a1da78f6639749ec03
Pin SHA256: Mfmoi2wKbxJCpI54JB7B+PPNkO8dRO51Bpbp+Gu4aFg=
Valid until Tue, 25 Aug 2026 23:59:59 UTC (expires in 8 months and 6 days)
Key RSA 4096 bits (e 65537)
Issuer DigiCert Global Root G2
Signature algorithm SHA384withRSA


Certification Paths
Path #1: Not trusted (invalid certificate [Fingerprint SHA256: df3f0137e93e498df26f62c5abe1c245f6a4d09a036d83e0c883cee704d5d4dd])
1 Sent by server *.azurewebsites.net
Fingerprint SHA256: df3f0137e93e498df26f62c5abe1c245f6a4d09a036d83e0c883cee704d5d4dd
Pin SHA256: yE4xoZiVwT/mW1R81pZxXUmaXYdsQIhXuu/7TCL3sYA=
RSA 2048 bits (e 65537) / SHA384withRSA
2 Sent by server Microsoft Azure RSA TLS Issuing CA 07
Fingerprint SHA256: 724247794951c93f3e41711617e95ce143263e3196c345a1da78f6639749ec03
Pin SHA256: Mfmoi2wKbxJCpI54JB7B+PPNkO8dRO51Bpbp+Gu4aFg=
RSA 4096 bits (e 65537) / SHA384withRSA
3 In trust store DigiCert Global Root G2   Self-signed
Fingerprint SHA256: cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
Pin SHA256: i7WTqTvh0OioIruIfFR4kMPnBqrS2rdiVPl/s2uC/CY=
RSA 2048 bits (e 65537) / SHA256withRSA
Path #1: Not trusted (invalid certificate [Fingerprint SHA256: df3f0137e93e498df26f62c5abe1c245f6a4d09a036d83e0c883cee704d5d4dd])
1 Sent by server *.azurewebsites.net
Fingerprint SHA256: df3f0137e93e498df26f62c5abe1c245f6a4d09a036d83e0c883cee704d5d4dd
Pin SHA256: yE4xoZiVwT/mW1R81pZxXUmaXYdsQIhXuu/7TCL3sYA=
RSA 2048 bits (e 65537) / SHA384withRSA
2 Sent by server Microsoft Azure RSA TLS Issuing CA 07
Fingerprint SHA256: 724247794951c93f3e41711617e95ce143263e3196c345a1da78f6639749ec03
Pin SHA256: Mfmoi2wKbxJCpI54JB7B+PPNkO8dRO51Bpbp+Gu4aFg=
RSA 4096 bits (e 65537) / SHA384withRSA
3 In trust store DigiCert Global Root G2   Self-signed
Fingerprint SHA256: cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
Pin SHA256: i7WTqTvh0OioIruIfFR4kMPnBqrS2rdiVPl/s2uC/CY=
RSA 2048 bits (e 65537) / SHA256withRSA
Path #1: Not trusted (invalid certificate [Fingerprint SHA256: df3f0137e93e498df26f62c5abe1c245f6a4d09a036d83e0c883cee704d5d4dd])
1 Sent by server *.azurewebsites.net
Fingerprint SHA256: df3f0137e93e498df26f62c5abe1c245f6a4d09a036d83e0c883cee704d5d4dd
Pin SHA256: yE4xoZiVwT/mW1R81pZxXUmaXYdsQIhXuu/7TCL3sYA=
RSA 2048 bits (e 65537) / SHA384withRSA
2 Sent by server Microsoft Azure RSA TLS Issuing CA 07
Fingerprint SHA256: 724247794951c93f3e41711617e95ce143263e3196c345a1da78f6639749ec03
Pin SHA256: Mfmoi2wKbxJCpI54JB7B+PPNkO8dRO51Bpbp+Gu4aFg=
RSA 4096 bits (e 65537) / SHA384withRSA
3 In trust store DigiCert Global Root G2   Self-signed
Fingerprint SHA256: cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
Pin SHA256: i7WTqTvh0OioIruIfFR4kMPnBqrS2rdiVPl/s2uC/CY=
RSA 2048 bits (e 65537) / SHA256withRSA
Path #1: Not trusted (invalid certificate [Fingerprint SHA256: df3f0137e93e498df26f62c5abe1c245f6a4d09a036d83e0c883cee704d5d4dd])
1 Sent by server *.azurewebsites.net
Fingerprint SHA256: df3f0137e93e498df26f62c5abe1c245f6a4d09a036d83e0c883cee704d5d4dd
Pin SHA256: yE4xoZiVwT/mW1R81pZxXUmaXYdsQIhXuu/7TCL3sYA=
RSA 2048 bits (e 65537) / SHA384withRSA
2 Sent by server Microsoft Azure RSA TLS Issuing CA 07
Fingerprint SHA256: 724247794951c93f3e41711617e95ce143263e3196c345a1da78f6639749ec03
Pin SHA256: Mfmoi2wKbxJCpI54JB7B+PPNkO8dRO51Bpbp+Gu4aFg=
RSA 4096 bits (e 65537) / SHA384withRSA
3 In trust store DigiCert Global Root G2   Self-signed
Fingerprint SHA256: cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
Pin SHA256: i7WTqTvh0OioIruIfFR4kMPnBqrS2rdiVPl/s2uC/CY=
RSA 2048 bits (e 65537) / SHA256withRSA
Path #1: Not trusted (invalid certificate [Fingerprint SHA256: df3f0137e93e498df26f62c5abe1c245f6a4d09a036d83e0c883cee704d5d4dd])
1 Sent by server *.azurewebsites.net
Fingerprint SHA256: df3f0137e93e498df26f62c5abe1c245f6a4d09a036d83e0c883cee704d5d4dd
Pin SHA256: yE4xoZiVwT/mW1R81pZxXUmaXYdsQIhXuu/7TCL3sYA=
RSA 2048 bits (e 65537) / SHA384withRSA
2 Sent by server Microsoft Azure RSA TLS Issuing CA 07
Fingerprint SHA256: 724247794951c93f3e41711617e95ce143263e3196c345a1da78f6639749ec03
Pin SHA256: Mfmoi2wKbxJCpI54JB7B+PPNkO8dRO51Bpbp+Gu4aFg=
RSA 4096 bits (e 65537) / SHA384withRSA
3 In trust store DigiCert Global Root G2   Self-signed
Fingerprint SHA256: cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
Pin SHA256: i7WTqTvh0OioIruIfFR4kMPnBqrS2rdiVPl/s2uC/CY=
RSA 2048 bits (e 65537) / SHA256withRSA

Click here to expand

Click here to expand

Configuration
Protocols
TLS 1.3 Yes
TLS 1.2 Yes*
TLS 1.1 No
TLS 1.0 No
SSL 3 No
SSL 2 No
(*) Experimental: Server negotiated using No-SNI


Cipher Suites
# TLS 1.3 (suites in server-preferred order)
TLS_AES_256_GCM_SHA384 (0x1302)   ECDH secp521r1 (eq. 15360 bits RSA)   FS 256
TLS_AES_128_GCM_SHA256 (0x1301)   ECDH secp256r1 (eq. 3072 bits RSA)   FS 128
# TLS 1.2 (suites in server-preferred order)
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)   ECDH secp521r1 (eq. 15360 bits RSA)   FS 256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)   ECDH secp256r1 (eq. 3072 bits RSA)   FS 128
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)   ECDH secp521r1 (eq. 15360 bits RSA)   FS   WEAK 256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)   ECDH secp256r1 (eq. 3072 bits RSA)   FS   WEAK 128
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)   ECDH secp521r1 (eq. 15360 bits RSA)   FS   WEAK 256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)   ECDH secp256r1 (eq. 3072 bits RSA)   FS   WEAK 128
TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d)   WEAK 256
TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c)   WEAK 128
TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d)   WEAK 256
TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c)   WEAK 128
TLS_RSA_WITH_AES_256_CBC_SHA (0x35)   WEAK 256
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)   WEAK 128