SSL Server Test: test.pdns.service.ncsc.gov.uk (Powered by Qualys SSL Labs)

Summary

Overall Rating

T

If trust issues are ignored: A

0

20

40

60

80

100

Certificate

Protocol Support

Key Exchange

Cipher Strength

Visit our documentation page for more information, configuration guides, and books. Known issues are documented here.

This server's certificate is not trusted, see below for details.

HTTP request to this server failed, see below for details.

This site works only in browsers with SNI support.

This server supports TLS 1.3. MORE INFO »

DNS Certification Authority Authorization (CAA) Policy found for this domain. MORE INFO »

Certificate #1: EC 384 bits (SHA256withECDSA)

Server Key and Certificate #1
Subject	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 1abed0ff760c07238601bf15a416949f74438dd9561d5db9e26153eee8230bad Pin SHA256: pFpTK6saQWK+u+ZMM2ApQ+xdcXFs/NB5GDrIWJMcXA8=
Common names	test.pdns.service.ncsc.gov.uk
Alternative names	test.pdns.service.ncsc.gov.uk
Serial Number	01ba43
Valid from	Sat, 10 Jan 2026 16:29:41 UTC
Valid until	Sun, 18 Jan 2026 16:29:41 UTC (expires in 6 days, 18 hours)
Key	EC 384 bits
Weak key (Debian)	No
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79
Signature algorithm	SHA256withECDSA
Extended Validation	No
Certificate Transparency	No
OCSP Must Staple	No
Revocation information	None
DNS CAA	Yes policy host: ncsc.gov.uk issue: Digicert.com flags:0 iodef: mailto:infrastructure@ncsc.gov.uk flags:0 issue: comodo.com flags:0 issue: globalsign.com flags:0 issue: letsencrypt.org flags:0 issue: amazon.com flags:0
Trusted	No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (1436 bytes)
Chain issues	Contains anchor
#2
Subject	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Not in trust store Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4=
Valid until	Wed, 30 Jan 2030 11:20:00 UTC (expires in 4 years)
Key	EC 256 bits
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed
Signature algorithm	SHA256withECDSA

Certification Paths


Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 1abed0ff760c07238601bf15a416949f74438dd9561d5db9e26153eee8230bad Pin SHA256: pFpTK6saQWK+u+ZMM2ApQ+xdcXFs/NB5GDrIWJMcXA8= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 1abed0ff760c07238601bf15a416949f74438dd9561d5db9e26153eee8230bad Pin SHA256: pFpTK6saQWK+u+ZMM2ApQ+xdcXFs/NB5GDrIWJMcXA8= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 1abed0ff760c07238601bf15a416949f74438dd9561d5db9e26153eee8230bad Pin SHA256: pFpTK6saQWK+u+ZMM2ApQ+xdcXFs/NB5GDrIWJMcXA8= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 1abed0ff760c07238601bf15a416949f74438dd9561d5db9e26153eee8230bad Pin SHA256: pFpTK6saQWK+u+ZMM2ApQ+xdcXFs/NB5GDrIWJMcXA8= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 1abed0ff760c07238601bf15a416949f74438dd9561d5db9e26153eee8230bad Pin SHA256: pFpTK6saQWK+u+ZMM2ApQ+xdcXFs/NB5GDrIWJMcXA8= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA

Click here to expand

Certificate #2: EC 384 bits (SHA256withECDSA)

Server Key and Certificate #1
Subject	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 7368897b7c58b9563b1297c670d7138450ff98c6e5949b9864acc1b23adfaeb2 Pin SHA256: s3MNe/0h3PqMeB2+WBI9cYzVCRl5+E94tAZyVQmpHsQ=
Common names	test.pdns.service.ncsc.gov.uk
Alternative names	test.pdns.service.ncsc.gov.uk
Serial Number	37c3
Valid from	Sat, 10 Jan 2026 16:29:55 UTC
Valid until	Sun, 18 Jan 2026 16:29:55 UTC (expires in 6 days, 18 hours)
Key	EC 384 bits
Weak key (Debian)	No
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79
Signature algorithm	SHA256withECDSA
Extended Validation	No
Certificate Transparency	No
OCSP Must Staple	No
Revocation information	None
DNS CAA	Yes policy host: ncsc.gov.uk issue: Digicert.com flags:0 iodef: mailto:infrastructure@ncsc.gov.uk flags:0 issue: comodo.com flags:0 issue: globalsign.com flags:0 issue: letsencrypt.org flags:0 issue: amazon.com flags:0
Trusted	No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (1436 bytes)
Chain issues	Contains anchor
#2
Subject	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Not in trust store Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4=
Valid until	Wed, 30 Jan 2030 11:20:00 UTC (expires in 4 years)
Key	EC 256 bits
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed
Signature algorithm	SHA256withECDSA

Certification Paths


Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 7368897b7c58b9563b1297c670d7138450ff98c6e5949b9864acc1b23adfaeb2 Pin SHA256: s3MNe/0h3PqMeB2+WBI9cYzVCRl5+E94tAZyVQmpHsQ= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 7368897b7c58b9563b1297c670d7138450ff98c6e5949b9864acc1b23adfaeb2 Pin SHA256: s3MNe/0h3PqMeB2+WBI9cYzVCRl5+E94tAZyVQmpHsQ= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 7368897b7c58b9563b1297c670d7138450ff98c6e5949b9864acc1b23adfaeb2 Pin SHA256: s3MNe/0h3PqMeB2+WBI9cYzVCRl5+E94tAZyVQmpHsQ= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 7368897b7c58b9563b1297c670d7138450ff98c6e5949b9864acc1b23adfaeb2 Pin SHA256: s3MNe/0h3PqMeB2+WBI9cYzVCRl5+E94tAZyVQmpHsQ= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 7368897b7c58b9563b1297c670d7138450ff98c6e5949b9864acc1b23adfaeb2 Pin SHA256: s3MNe/0h3PqMeB2+WBI9cYzVCRl5+E94tAZyVQmpHsQ= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA

Click here to expand

Certificate #3: EC 384 bits (SHA256withECDSA)

Server Key and Certificate #1
Subject	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 0fda9ff910124fe21dd6cc3c719adf3f6677ad5cbd4558a02da58fc56e5bac73 Pin SHA256: 48Mq+Qm1cW3nJzuv23i06fCnUjPu8jqa61UwGQ1GfZM=
Common names	test.pdns.service.ncsc.gov.uk
Alternative names	test.pdns.service.ncsc.gov.uk
Serial Number	0675f6
Valid from	Sat, 10 Jan 2026 16:29:56 UTC
Valid until	Sun, 18 Jan 2026 16:29:56 UTC (expires in 6 days, 18 hours)
Key	EC 384 bits
Weak key (Debian)	No
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79
Signature algorithm	SHA256withECDSA
Extended Validation	No
Certificate Transparency	No
OCSP Must Staple	No
Revocation information	None
DNS CAA	Yes policy host: ncsc.gov.uk issue: Digicert.com flags:0 iodef: mailto:infrastructure@ncsc.gov.uk flags:0 issue: comodo.com flags:0 issue: globalsign.com flags:0 issue: letsencrypt.org flags:0 issue: amazon.com flags:0
Trusted	No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (1436 bytes)
Chain issues	Contains anchor
#2
Subject	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Not in trust store Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4=
Valid until	Wed, 30 Jan 2030 11:20:00 UTC (expires in 4 years)
Key	EC 256 bits
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed
Signature algorithm	SHA256withECDSA

Certification Paths


Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 0fda9ff910124fe21dd6cc3c719adf3f6677ad5cbd4558a02da58fc56e5bac73 Pin SHA256: 48Mq+Qm1cW3nJzuv23i06fCnUjPu8jqa61UwGQ1GfZM= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 0fda9ff910124fe21dd6cc3c719adf3f6677ad5cbd4558a02da58fc56e5bac73 Pin SHA256: 48Mq+Qm1cW3nJzuv23i06fCnUjPu8jqa61UwGQ1GfZM= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 0fda9ff910124fe21dd6cc3c719adf3f6677ad5cbd4558a02da58fc56e5bac73 Pin SHA256: 48Mq+Qm1cW3nJzuv23i06fCnUjPu8jqa61UwGQ1GfZM= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 0fda9ff910124fe21dd6cc3c719adf3f6677ad5cbd4558a02da58fc56e5bac73 Pin SHA256: 48Mq+Qm1cW3nJzuv23i06fCnUjPu8jqa61UwGQ1GfZM= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 0fda9ff910124fe21dd6cc3c719adf3f6677ad5cbd4558a02da58fc56e5bac73 Pin SHA256: 48Mq+Qm1cW3nJzuv23i06fCnUjPu8jqa61UwGQ1GfZM= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA

Click here to expand

Certificate #4: EC 384 bits (SHA256withECDSA)

Server Key and Certificate #1
Subject	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: d132545239d9783870a4831d1c48ad791a51b29e61046e6317a0811a6a5c84ac Pin SHA256: /Mhz9u8zE19lJQeRm3hjefVne5T3YZTklP68zZQAzo0=
Common names	test.pdns.service.ncsc.gov.uk
Alternative names	test.pdns.service.ncsc.gov.uk
Serial Number	18810a
Valid from	Sat, 10 Jan 2026 16:30:39 UTC
Valid until	Sun, 18 Jan 2026 16:30:39 UTC (expires in 6 days, 18 hours)
Key	EC 384 bits
Weak key (Debian)	No
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79
Signature algorithm	SHA256withECDSA
Extended Validation	No
Certificate Transparency	No
OCSP Must Staple	No
Revocation information	None
DNS CAA	Yes policy host: ncsc.gov.uk issue: Digicert.com flags:0 iodef: mailto:infrastructure@ncsc.gov.uk flags:0 issue: comodo.com flags:0 issue: globalsign.com flags:0 issue: letsencrypt.org flags:0 issue: amazon.com flags:0
Trusted	No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (1437 bytes)
Chain issues	Contains anchor
#2
Subject	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Not in trust store Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4=
Valid until	Wed, 30 Jan 2030 11:20:00 UTC (expires in 4 years)
Key	EC 256 bits
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed
Signature algorithm	SHA256withECDSA

Certification Paths


Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: d132545239d9783870a4831d1c48ad791a51b29e61046e6317a0811a6a5c84ac Pin SHA256: /Mhz9u8zE19lJQeRm3hjefVne5T3YZTklP68zZQAzo0= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: d132545239d9783870a4831d1c48ad791a51b29e61046e6317a0811a6a5c84ac Pin SHA256: /Mhz9u8zE19lJQeRm3hjefVne5T3YZTklP68zZQAzo0= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: d132545239d9783870a4831d1c48ad791a51b29e61046e6317a0811a6a5c84ac Pin SHA256: /Mhz9u8zE19lJQeRm3hjefVne5T3YZTklP68zZQAzo0= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: d132545239d9783870a4831d1c48ad791a51b29e61046e6317a0811a6a5c84ac Pin SHA256: /Mhz9u8zE19lJQeRm3hjefVne5T3YZTklP68zZQAzo0= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: d132545239d9783870a4831d1c48ad791a51b29e61046e6317a0811a6a5c84ac Pin SHA256: /Mhz9u8zE19lJQeRm3hjefVne5T3YZTklP68zZQAzo0= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA

Click here to expand

Certificate #5: EC 384 bits (SHA256withECDSA)

Server Key and Certificate #1
Subject	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 73375b9449ed8e012e6b668529ca7300aa1a2a1ef4cf977576436a85049ba11c Pin SHA256: pQzvJczRi5wAdZ3YhRHqF0rdAMCp27PRl4U5bC/+ORs=
Common names	test.pdns.service.ncsc.gov.uk
Alternative names	test.pdns.service.ncsc.gov.uk
Serial Number	088bc2
Valid from	Sat, 10 Jan 2026 16:30:40 UTC
Valid until	Sun, 18 Jan 2026 16:30:40 UTC (expires in 6 days, 18 hours)
Key	EC 384 bits
Weak key (Debian)	No
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79
Signature algorithm	SHA256withECDSA
Extended Validation	No
Certificate Transparency	No
OCSP Must Staple	No
Revocation information	None
DNS CAA	Yes policy host: ncsc.gov.uk issue: Digicert.com flags:0 iodef: mailto:infrastructure@ncsc.gov.uk flags:0 issue: comodo.com flags:0 issue: globalsign.com flags:0 issue: letsencrypt.org flags:0 issue: amazon.com flags:0
Trusted	No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (1437 bytes)
Chain issues	Contains anchor
#2
Subject	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Not in trust store Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4=
Valid until	Wed, 30 Jan 2030 11:20:00 UTC (expires in 4 years)
Key	EC 256 bits
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed
Signature algorithm	SHA256withECDSA

Certification Paths


Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 73375b9449ed8e012e6b668529ca7300aa1a2a1ef4cf977576436a85049ba11c Pin SHA256: pQzvJczRi5wAdZ3YhRHqF0rdAMCp27PRl4U5bC/+ORs= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 73375b9449ed8e012e6b668529ca7300aa1a2a1ef4cf977576436a85049ba11c Pin SHA256: pQzvJczRi5wAdZ3YhRHqF0rdAMCp27PRl4U5bC/+ORs= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 73375b9449ed8e012e6b668529ca7300aa1a2a1ef4cf977576436a85049ba11c Pin SHA256: pQzvJczRi5wAdZ3YhRHqF0rdAMCp27PRl4U5bC/+ORs= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 73375b9449ed8e012e6b668529ca7300aa1a2a1ef4cf977576436a85049ba11c Pin SHA256: pQzvJczRi5wAdZ3YhRHqF0rdAMCp27PRl4U5bC/+ORs= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 73375b9449ed8e012e6b668529ca7300aa1a2a1ef4cf977576436a85049ba11c Pin SHA256: pQzvJczRi5wAdZ3YhRHqF0rdAMCp27PRl4U5bC/+ORs= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA

Click here to expand

Certificate #6: EC 384 bits (SHA256withECDSA)

Server Key and Certificate #1
Subject	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 053b25611ffcb06f64c0d60ffedeac4d9022f71bb8bc735296bf05c7ecca7946 Pin SHA256: 7YT8s6flgG1iSt20WLRL1fwKN6XB8S/vBP0xdlqkGlc=
Common names	test.pdns.service.ncsc.gov.uk
Alternative names	test.pdns.service.ncsc.gov.uk
Serial Number	186bff
Valid from	Sat, 10 Jan 2026 16:30:41 UTC
Valid until	Sun, 18 Jan 2026 16:30:41 UTC (expires in 6 days, 18 hours)
Key	EC 384 bits
Weak key (Debian)	No
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79
Signature algorithm	SHA256withECDSA
Extended Validation	No
Certificate Transparency	No
OCSP Must Staple	No
Revocation information	None
DNS CAA	Yes policy host: ncsc.gov.uk issue: Digicert.com flags:0 iodef: mailto:infrastructure@ncsc.gov.uk flags:0 issue: comodo.com flags:0 issue: globalsign.com flags:0 issue: letsencrypt.org flags:0 issue: amazon.com flags:0
Trusted	No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (1436 bytes)
Chain issues	Contains anchor
#2
Subject	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Not in trust store Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4=
Valid until	Wed, 30 Jan 2030 11:20:00 UTC (expires in 4 years)
Key	EC 256 bits
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed
Signature algorithm	SHA256withECDSA

Certification Paths


Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 053b25611ffcb06f64c0d60ffedeac4d9022f71bb8bc735296bf05c7ecca7946 Pin SHA256: 7YT8s6flgG1iSt20WLRL1fwKN6XB8S/vBP0xdlqkGlc= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 053b25611ffcb06f64c0d60ffedeac4d9022f71bb8bc735296bf05c7ecca7946 Pin SHA256: 7YT8s6flgG1iSt20WLRL1fwKN6XB8S/vBP0xdlqkGlc= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 053b25611ffcb06f64c0d60ffedeac4d9022f71bb8bc735296bf05c7ecca7946 Pin SHA256: 7YT8s6flgG1iSt20WLRL1fwKN6XB8S/vBP0xdlqkGlc= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 053b25611ffcb06f64c0d60ffedeac4d9022f71bb8bc735296bf05c7ecca7946 Pin SHA256: 7YT8s6flgG1iSt20WLRL1fwKN6XB8S/vBP0xdlqkGlc= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 053b25611ffcb06f64c0d60ffedeac4d9022f71bb8bc735296bf05c7ecca7946 Pin SHA256: 7YT8s6flgG1iSt20WLRL1fwKN6XB8S/vBP0xdlqkGlc= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA

Click here to expand

Certificate #7: EC 384 bits (SHA256withECDSA)

Server Key and Certificate #1
Subject	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: aabd73a16234926365b481fb8d5684bdf01170d3040eeffe194335468d8f3502 Pin SHA256: MFzL7TGOdLjUu7+n/fVO1/ZDwfQ/29KZMeML6VIVn7w=
Common names	test.pdns.service.ncsc.gov.uk
Alternative names	test.pdns.service.ncsc.gov.uk
Serial Number	18cb5f
Valid from	Sat, 10 Jan 2026 16:30:42 UTC
Valid until	Sun, 18 Jan 2026 16:30:42 UTC (expires in 6 days, 18 hours)
Key	EC 384 bits
Weak key (Debian)	No
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79
Signature algorithm	SHA256withECDSA
Extended Validation	No
Certificate Transparency	No
OCSP Must Staple	No
Revocation information	None
DNS CAA	Yes policy host: ncsc.gov.uk issue: Digicert.com flags:0 iodef: mailto:infrastructure@ncsc.gov.uk flags:0 issue: comodo.com flags:0 issue: globalsign.com flags:0 issue: letsencrypt.org flags:0 issue: amazon.com flags:0
Trusted	No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (1436 bytes)
Chain issues	Contains anchor
#2
Subject	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Not in trust store Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4=
Valid until	Wed, 30 Jan 2030 11:20:00 UTC (expires in 4 years)
Key	EC 256 bits
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed
Signature algorithm	SHA256withECDSA

Certification Paths


Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: aabd73a16234926365b481fb8d5684bdf01170d3040eeffe194335468d8f3502 Pin SHA256: MFzL7TGOdLjUu7+n/fVO1/ZDwfQ/29KZMeML6VIVn7w= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: aabd73a16234926365b481fb8d5684bdf01170d3040eeffe194335468d8f3502 Pin SHA256: MFzL7TGOdLjUu7+n/fVO1/ZDwfQ/29KZMeML6VIVn7w= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: aabd73a16234926365b481fb8d5684bdf01170d3040eeffe194335468d8f3502 Pin SHA256: MFzL7TGOdLjUu7+n/fVO1/ZDwfQ/29KZMeML6VIVn7w= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: aabd73a16234926365b481fb8d5684bdf01170d3040eeffe194335468d8f3502 Pin SHA256: MFzL7TGOdLjUu7+n/fVO1/ZDwfQ/29KZMeML6VIVn7w= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: aabd73a16234926365b481fb8d5684bdf01170d3040eeffe194335468d8f3502 Pin SHA256: MFzL7TGOdLjUu7+n/fVO1/ZDwfQ/29KZMeML6VIVn7w= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA

Click here to expand

Certificate #8: EC 384 bits (SHA256withECDSA)

Server Key and Certificate #1
Subject	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 6b2801d3785a2f96dc07bcc46c312bb914a12bb433be580e6d9ff0c77486d2ed Pin SHA256: T7ouHda4vYFV48CBUS99pnJANjaCD8X6U1UuGNa23Zg=
Common names	test.pdns.service.ncsc.gov.uk
Alternative names	test.pdns.service.ncsc.gov.uk
Serial Number	22fd
Valid from	Sat, 10 Jan 2026 16:30:43 UTC
Valid until	Sun, 18 Jan 2026 16:30:43 UTC (expires in 6 days, 18 hours)
Key	EC 384 bits
Weak key (Debian)	No
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79
Signature algorithm	SHA256withECDSA
Extended Validation	No
Certificate Transparency	No
OCSP Must Staple	No
Revocation information	None
DNS CAA	Yes policy host: ncsc.gov.uk issue: Digicert.com flags:0 iodef: mailto:infrastructure@ncsc.gov.uk flags:0 issue: comodo.com flags:0 issue: globalsign.com flags:0 issue: letsencrypt.org flags:0 issue: amazon.com flags:0
Trusted	No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (1435 bytes)
Chain issues	Contains anchor
#2
Subject	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Not in trust store Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4=
Valid until	Wed, 30 Jan 2030 11:20:00 UTC (expires in 4 years)
Key	EC 256 bits
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed
Signature algorithm	SHA256withECDSA

Certification Paths


Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 6b2801d3785a2f96dc07bcc46c312bb914a12bb433be580e6d9ff0c77486d2ed Pin SHA256: T7ouHda4vYFV48CBUS99pnJANjaCD8X6U1UuGNa23Zg= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 6b2801d3785a2f96dc07bcc46c312bb914a12bb433be580e6d9ff0c77486d2ed Pin SHA256: T7ouHda4vYFV48CBUS99pnJANjaCD8X6U1UuGNa23Zg= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 6b2801d3785a2f96dc07bcc46c312bb914a12bb433be580e6d9ff0c77486d2ed Pin SHA256: T7ouHda4vYFV48CBUS99pnJANjaCD8X6U1UuGNa23Zg= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 6b2801d3785a2f96dc07bcc46c312bb914a12bb433be580e6d9ff0c77486d2ed Pin SHA256: T7ouHda4vYFV48CBUS99pnJANjaCD8X6U1UuGNa23Zg= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 6b2801d3785a2f96dc07bcc46c312bb914a12bb433be580e6d9ff0c77486d2ed Pin SHA256: T7ouHda4vYFV48CBUS99pnJANjaCD8X6U1UuGNa23Zg= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA

Click here to expand

Certificate #9: EC 384 bits (SHA256withECDSA)

Server Key and Certificate #1
Subject	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: bd8a9149d28d3a9582a0e2a0c3b10102d79ec341161e628e875b279737d6a28c Pin SHA256: rxdFxjkG2lBOeY3ee7n3/RSZ545pxVBtJ4FUvocionI=
Common names	test.pdns.service.ncsc.gov.uk
Alternative names	test.pdns.service.ncsc.gov.uk
Serial Number	01b0fc
Valid from	Sat, 10 Jan 2026 16:30:45 UTC
Valid until	Sun, 18 Jan 2026 16:30:45 UTC (expires in 6 days, 18 hours)
Key	EC 384 bits
Weak key (Debian)	No
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79
Signature algorithm	SHA256withECDSA
Extended Validation	No
Certificate Transparency	No
OCSP Must Staple	No
Revocation information	None
DNS CAA	Yes policy host: ncsc.gov.uk issue: Digicert.com flags:0 iodef: mailto:infrastructure@ncsc.gov.uk flags:0 issue: comodo.com flags:0 issue: globalsign.com flags:0 issue: letsencrypt.org flags:0 issue: amazon.com flags:0
Trusted	No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (1436 bytes)
Chain issues	Contains anchor
#2
Subject	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Not in trust store Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4=
Valid until	Wed, 30 Jan 2030 11:20:00 UTC (expires in 4 years)
Key	EC 256 bits
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed
Signature algorithm	SHA256withECDSA

Certification Paths


Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: bd8a9149d28d3a9582a0e2a0c3b10102d79ec341161e628e875b279737d6a28c Pin SHA256: rxdFxjkG2lBOeY3ee7n3/RSZ545pxVBtJ4FUvocionI= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: bd8a9149d28d3a9582a0e2a0c3b10102d79ec341161e628e875b279737d6a28c Pin SHA256: rxdFxjkG2lBOeY3ee7n3/RSZ545pxVBtJ4FUvocionI= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: bd8a9149d28d3a9582a0e2a0c3b10102d79ec341161e628e875b279737d6a28c Pin SHA256: rxdFxjkG2lBOeY3ee7n3/RSZ545pxVBtJ4FUvocionI= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: bd8a9149d28d3a9582a0e2a0c3b10102d79ec341161e628e875b279737d6a28c Pin SHA256: rxdFxjkG2lBOeY3ee7n3/RSZ545pxVBtJ4FUvocionI= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: bd8a9149d28d3a9582a0e2a0c3b10102d79ec341161e628e875b279737d6a28c Pin SHA256: rxdFxjkG2lBOeY3ee7n3/RSZ545pxVBtJ4FUvocionI= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA

Click here to expand

Certificate #10: EC 384 bits (SHA256withECDSA)

Server Key and Certificate #1
Subject	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 6c286b053db3c3975d528f4b968acd1ddffb832988710fb7fc8432f010d78654 Pin SHA256: hgRyxOMjXEse7DKpLrG/P44s05qJu5tiipypVt1gbhw=
Common names	test.pdns.service.ncsc.gov.uk
Alternative names	test.pdns.service.ncsc.gov.uk
Serial Number	186d71
Valid from	Sat, 10 Jan 2026 16:30:47 UTC
Valid until	Sun, 18 Jan 2026 16:30:47 UTC (expires in 6 days, 18 hours)
Key	EC 384 bits
Weak key (Debian)	No
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79
Signature algorithm	SHA256withECDSA
Extended Validation	No
Certificate Transparency	No
OCSP Must Staple	No
Revocation information	None
DNS CAA	Yes policy host: ncsc.gov.uk issue: Digicert.com flags:0 iodef: mailto:infrastructure@ncsc.gov.uk flags:0 issue: comodo.com flags:0 issue: globalsign.com flags:0 issue: letsencrypt.org flags:0 issue: amazon.com flags:0
Trusted	No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (1436 bytes)
Chain issues	Contains anchor
#2
Subject	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Not in trust store Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4=
Valid until	Wed, 30 Jan 2030 11:20:00 UTC (expires in 4 years)
Key	EC 256 bits
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed
Signature algorithm	SHA256withECDSA

Certification Paths


Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 6c286b053db3c3975d528f4b968acd1ddffb832988710fb7fc8432f010d78654 Pin SHA256: hgRyxOMjXEse7DKpLrG/P44s05qJu5tiipypVt1gbhw= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 6c286b053db3c3975d528f4b968acd1ddffb832988710fb7fc8432f010d78654 Pin SHA256: hgRyxOMjXEse7DKpLrG/P44s05qJu5tiipypVt1gbhw= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 6c286b053db3c3975d528f4b968acd1ddffb832988710fb7fc8432f010d78654 Pin SHA256: hgRyxOMjXEse7DKpLrG/P44s05qJu5tiipypVt1gbhw= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 6c286b053db3c3975d528f4b968acd1ddffb832988710fb7fc8432f010d78654 Pin SHA256: hgRyxOMjXEse7DKpLrG/P44s05qJu5tiipypVt1gbhw= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 6c286b053db3c3975d528f4b968acd1ddffb832988710fb7fc8432f010d78654 Pin SHA256: hgRyxOMjXEse7DKpLrG/P44s05qJu5tiipypVt1gbhw= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA

Click here to expand

Certificate #11: EC 384 bits (SHA256withECDSA)

Server Key and Certificate #1
Subject	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 58ad552e8ae207f4bfc34a93188ea706cfb2fca901e553033f40478f0032ef12 Pin SHA256: VaJvxDQtN7HihlgRhlB/WmrDSFoVhXnIZRZbAqCJbgY=
Common names	test.pdns.service.ncsc.gov.uk
Alternative names	test.pdns.service.ncsc.gov.uk
Serial Number	18925b
Valid from	Sat, 10 Jan 2026 16:30:50 UTC
Valid until	Sun, 18 Jan 2026 16:30:50 UTC (expires in 6 days, 18 hours)
Key	EC 384 bits
Weak key (Debian)	No
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79
Signature algorithm	SHA256withECDSA
Extended Validation	No
Certificate Transparency	No
OCSP Must Staple	No
Revocation information	None
DNS CAA	Yes policy host: ncsc.gov.uk issue: Digicert.com flags:0 iodef: mailto:infrastructure@ncsc.gov.uk flags:0 issue: comodo.com flags:0 issue: globalsign.com flags:0 issue: letsencrypt.org flags:0 issue: amazon.com flags:0
Trusted	No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (1436 bytes)
Chain issues	Contains anchor
#2
Subject	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Not in trust store Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4=
Valid until	Wed, 30 Jan 2030 11:20:00 UTC (expires in 4 years)
Key	EC 256 bits
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed
Signature algorithm	SHA256withECDSA

Certification Paths


Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 58ad552e8ae207f4bfc34a93188ea706cfb2fca901e553033f40478f0032ef12 Pin SHA256: VaJvxDQtN7HihlgRhlB/WmrDSFoVhXnIZRZbAqCJbgY= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 58ad552e8ae207f4bfc34a93188ea706cfb2fca901e553033f40478f0032ef12 Pin SHA256: VaJvxDQtN7HihlgRhlB/WmrDSFoVhXnIZRZbAqCJbgY= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 58ad552e8ae207f4bfc34a93188ea706cfb2fca901e553033f40478f0032ef12 Pin SHA256: VaJvxDQtN7HihlgRhlB/WmrDSFoVhXnIZRZbAqCJbgY= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 58ad552e8ae207f4bfc34a93188ea706cfb2fca901e553033f40478f0032ef12 Pin SHA256: VaJvxDQtN7HihlgRhlB/WmrDSFoVhXnIZRZbAqCJbgY= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 58ad552e8ae207f4bfc34a93188ea706cfb2fca901e553033f40478f0032ef12 Pin SHA256: VaJvxDQtN7HihlgRhlB/WmrDSFoVhXnIZRZbAqCJbgY= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA

Click here to expand

Certificate #12: EC 384 bits (SHA256withECDSA)

Server Key and Certificate #1
Subject	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 1a987a085fd883dbdb5e2fbd0f5559821b618f034e1ad37cd73a4575dec9a56d Pin SHA256: eN87ZyIhWeSPxwD82Bg0lFbbfNtMPwDl2onOmF4NAkA=
Common names	test.pdns.service.ncsc.gov.uk
Alternative names	test.pdns.service.ncsc.gov.uk
Serial Number	15cd
Valid from	Sat, 10 Jan 2026 16:30:51 UTC
Valid until	Sun, 18 Jan 2026 16:30:51 UTC (expires in 6 days, 18 hours)
Key	EC 384 bits
Weak key (Debian)	No
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79
Signature algorithm	SHA256withECDSA
Extended Validation	No
Certificate Transparency	No
OCSP Must Staple	No
Revocation information	None
DNS CAA	Yes policy host: ncsc.gov.uk issue: Digicert.com flags:0 iodef: mailto:infrastructure@ncsc.gov.uk flags:0 issue: comodo.com flags:0 issue: globalsign.com flags:0 issue: letsencrypt.org flags:0 issue: amazon.com flags:0
Trusted	No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (1436 bytes)
Chain issues	Contains anchor
#2
Subject	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Not in trust store Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4=
Valid until	Wed, 30 Jan 2030 11:20:00 UTC (expires in 4 years)
Key	EC 256 bits
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed
Signature algorithm	SHA256withECDSA

Certification Paths


Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 1a987a085fd883dbdb5e2fbd0f5559821b618f034e1ad37cd73a4575dec9a56d Pin SHA256: eN87ZyIhWeSPxwD82Bg0lFbbfNtMPwDl2onOmF4NAkA= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 1a987a085fd883dbdb5e2fbd0f5559821b618f034e1ad37cd73a4575dec9a56d Pin SHA256: eN87ZyIhWeSPxwD82Bg0lFbbfNtMPwDl2onOmF4NAkA= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 1a987a085fd883dbdb5e2fbd0f5559821b618f034e1ad37cd73a4575dec9a56d Pin SHA256: eN87ZyIhWeSPxwD82Bg0lFbbfNtMPwDl2onOmF4NAkA= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 1a987a085fd883dbdb5e2fbd0f5559821b618f034e1ad37cd73a4575dec9a56d Pin SHA256: eN87ZyIhWeSPxwD82Bg0lFbbfNtMPwDl2onOmF4NAkA= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 1a987a085fd883dbdb5e2fbd0f5559821b618f034e1ad37cd73a4575dec9a56d Pin SHA256: eN87ZyIhWeSPxwD82Bg0lFbbfNtMPwDl2onOmF4NAkA= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA

Click here to expand

Certificate #13: EC 384 bits (SHA256withECDSA)

Server Key and Certificate #1
Subject	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 26471fb0de206d1ca7f0c5d24dac629d069308fc265f6de29139ba8e225613e1 Pin SHA256: Fgo0S3x72iLv1sXn07sF7CzufY69ccnhoto9qvg3xW0=
Common names	test.pdns.service.ncsc.gov.uk
Alternative names	test.pdns.service.ncsc.gov.uk
Serial Number	18cb6e
Valid from	Sat, 10 Jan 2026 16:30:52 UTC
Valid until	Sun, 18 Jan 2026 16:30:52 UTC (expires in 6 days, 18 hours)
Key	EC 384 bits
Weak key (Debian)	No
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79
Signature algorithm	SHA256withECDSA
Extended Validation	No
Certificate Transparency	No
OCSP Must Staple	No
Revocation information	None
DNS CAA	Yes policy host: ncsc.gov.uk issue: Digicert.com flags:0 iodef: mailto:infrastructure@ncsc.gov.uk flags:0 issue: comodo.com flags:0 issue: globalsign.com flags:0 issue: letsencrypt.org flags:0 issue: amazon.com flags:0
Trusted	No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (1436 bytes)
Chain issues	Contains anchor
#2
Subject	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Not in trust store Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4=
Valid until	Wed, 30 Jan 2030 11:20:00 UTC (expires in 4 years)
Key	EC 256 bits
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed
Signature algorithm	SHA256withECDSA

Certification Paths


Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 26471fb0de206d1ca7f0c5d24dac629d069308fc265f6de29139ba8e225613e1 Pin SHA256: Fgo0S3x72iLv1sXn07sF7CzufY69ccnhoto9qvg3xW0= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 26471fb0de206d1ca7f0c5d24dac629d069308fc265f6de29139ba8e225613e1 Pin SHA256: Fgo0S3x72iLv1sXn07sF7CzufY69ccnhoto9qvg3xW0= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 26471fb0de206d1ca7f0c5d24dac629d069308fc265f6de29139ba8e225613e1 Pin SHA256: Fgo0S3x72iLv1sXn07sF7CzufY69ccnhoto9qvg3xW0= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 26471fb0de206d1ca7f0c5d24dac629d069308fc265f6de29139ba8e225613e1 Pin SHA256: Fgo0S3x72iLv1sXn07sF7CzufY69ccnhoto9qvg3xW0= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 26471fb0de206d1ca7f0c5d24dac629d069308fc265f6de29139ba8e225613e1 Pin SHA256: Fgo0S3x72iLv1sXn07sF7CzufY69ccnhoto9qvg3xW0= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA

Click here to expand

Certificate #14: EC 384 bits (SHA256withECDSA)

Server Key and Certificate #1
Subject	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 5e766d9ac488cadff2cc2cb73b1a0354f1247faee3b78cc0fb63103310fc8424 Pin SHA256: wxu2+pJEMsIN7yiRFrbHfNpCCeBi2Z5vQKx+nZs9O+k=
Common names	test.pdns.service.ncsc.gov.uk
Alternative names	test.pdns.service.ncsc.gov.uk
Serial Number	01ae4d
Valid from	Sat, 10 Jan 2026 16:30:53 UTC
Valid until	Sun, 18 Jan 2026 16:30:53 UTC (expires in 6 days, 18 hours)
Key	EC 384 bits
Weak key (Debian)	No
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79
Signature algorithm	SHA256withECDSA
Extended Validation	No
Certificate Transparency	No
OCSP Must Staple	No
Revocation information	None
DNS CAA	Yes policy host: ncsc.gov.uk issue: Digicert.com flags:0 iodef: mailto:infrastructure@ncsc.gov.uk flags:0 issue: comodo.com flags:0 issue: globalsign.com flags:0 issue: letsencrypt.org flags:0 issue: amazon.com flags:0
Trusted	No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (1435 bytes)
Chain issues	Contains anchor
#2
Subject	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Not in trust store Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4=
Valid until	Wed, 30 Jan 2030 11:20:00 UTC (expires in 4 years)
Key	EC 256 bits
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed
Signature algorithm	SHA256withECDSA

Certification Paths


Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 5e766d9ac488cadff2cc2cb73b1a0354f1247faee3b78cc0fb63103310fc8424 Pin SHA256: wxu2+pJEMsIN7yiRFrbHfNpCCeBi2Z5vQKx+nZs9O+k= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 5e766d9ac488cadff2cc2cb73b1a0354f1247faee3b78cc0fb63103310fc8424 Pin SHA256: wxu2+pJEMsIN7yiRFrbHfNpCCeBi2Z5vQKx+nZs9O+k= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 5e766d9ac488cadff2cc2cb73b1a0354f1247faee3b78cc0fb63103310fc8424 Pin SHA256: wxu2+pJEMsIN7yiRFrbHfNpCCeBi2Z5vQKx+nZs9O+k= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 5e766d9ac488cadff2cc2cb73b1a0354f1247faee3b78cc0fb63103310fc8424 Pin SHA256: wxu2+pJEMsIN7yiRFrbHfNpCCeBi2Z5vQKx+nZs9O+k= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 5e766d9ac488cadff2cc2cb73b1a0354f1247faee3b78cc0fb63103310fc8424 Pin SHA256: wxu2+pJEMsIN7yiRFrbHfNpCCeBi2Z5vQKx+nZs9O+k= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA

Click here to expand

Certificate #15: EC 384 bits (SHA256withECDSA)

Server Key and Certificate #1
Subject	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: df78f1075e73f1b95a69e9c44663038b37f2e225f96e824e7cea2621b310646a Pin SHA256: Lz/bGsrHZdJ5YGf6wwQUMsnnhL07PY18/cdmvWUXMeE=
Common names	test.pdns.service.ncsc.gov.uk
Alternative names	test.pdns.service.ncsc.gov.uk
Serial Number	185671
Valid from	Sat, 10 Jan 2026 16:30:55 UTC
Valid until	Sun, 18 Jan 2026 16:30:55 UTC (expires in 6 days, 18 hours)
Key	EC 384 bits
Weak key (Debian)	No
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79
Signature algorithm	SHA256withECDSA
Extended Validation	No
Certificate Transparency	No
OCSP Must Staple	No
Revocation information	None
DNS CAA	Yes policy host: ncsc.gov.uk issue: Digicert.com flags:0 iodef: mailto:infrastructure@ncsc.gov.uk flags:0 issue: comodo.com flags:0 issue: globalsign.com flags:0 issue: letsencrypt.org flags:0 issue: amazon.com flags:0
Trusted	No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (1437 bytes)
Chain issues	Contains anchor
#2
Subject	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Not in trust store Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4=
Valid until	Wed, 30 Jan 2030 11:20:00 UTC (expires in 4 years)
Key	EC 256 bits
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed
Signature algorithm	SHA256withECDSA

Certification Paths


Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: df78f1075e73f1b95a69e9c44663038b37f2e225f96e824e7cea2621b310646a Pin SHA256: Lz/bGsrHZdJ5YGf6wwQUMsnnhL07PY18/cdmvWUXMeE= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: df78f1075e73f1b95a69e9c44663038b37f2e225f96e824e7cea2621b310646a Pin SHA256: Lz/bGsrHZdJ5YGf6wwQUMsnnhL07PY18/cdmvWUXMeE= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: df78f1075e73f1b95a69e9c44663038b37f2e225f96e824e7cea2621b310646a Pin SHA256: Lz/bGsrHZdJ5YGf6wwQUMsnnhL07PY18/cdmvWUXMeE= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: df78f1075e73f1b95a69e9c44663038b37f2e225f96e824e7cea2621b310646a Pin SHA256: Lz/bGsrHZdJ5YGf6wwQUMsnnhL07PY18/cdmvWUXMeE= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: df78f1075e73f1b95a69e9c44663038b37f2e225f96e824e7cea2621b310646a Pin SHA256: Lz/bGsrHZdJ5YGf6wwQUMsnnhL07PY18/cdmvWUXMeE= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA

Click here to expand

Certificate #16: EC 384 bits (SHA256withECDSA)

Server Key and Certificate #1
Subject	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: b4fb5467c115159770f6bbc868e082f890e33c4958f90dc4981f29a8936fe463 Pin SHA256: yxWP8ITIA60P5WscuaJ6dpqutHJtg0PaYSSEzA/bbPY=
Common names	test.pdns.service.ncsc.gov.uk
Alternative names	test.pdns.service.ncsc.gov.uk
Serial Number	18cb78
Valid from	Sat, 10 Jan 2026 16:30:56 UTC
Valid until	Sun, 18 Jan 2026 16:30:56 UTC (expires in 6 days, 18 hours)
Key	EC 384 bits
Weak key (Debian)	No
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79
Signature algorithm	SHA256withECDSA
Extended Validation	No
Certificate Transparency	No
OCSP Must Staple	No
Revocation information	None
DNS CAA	Yes policy host: ncsc.gov.uk issue: Digicert.com flags:0 iodef: mailto:infrastructure@ncsc.gov.uk flags:0 issue: comodo.com flags:0 issue: globalsign.com flags:0 issue: letsencrypt.org flags:0 issue: amazon.com flags:0
Trusted	No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (1436 bytes)
Chain issues	Contains anchor
#2
Subject	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Not in trust store Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4=
Valid until	Wed, 30 Jan 2030 11:20:00 UTC (expires in 4 years)
Key	EC 256 bits
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed
Signature algorithm	SHA256withECDSA

Certification Paths


Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: b4fb5467c115159770f6bbc868e082f890e33c4958f90dc4981f29a8936fe463 Pin SHA256: yxWP8ITIA60P5WscuaJ6dpqutHJtg0PaYSSEzA/bbPY= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: b4fb5467c115159770f6bbc868e082f890e33c4958f90dc4981f29a8936fe463 Pin SHA256: yxWP8ITIA60P5WscuaJ6dpqutHJtg0PaYSSEzA/bbPY= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: b4fb5467c115159770f6bbc868e082f890e33c4958f90dc4981f29a8936fe463 Pin SHA256: yxWP8ITIA60P5WscuaJ6dpqutHJtg0PaYSSEzA/bbPY= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: b4fb5467c115159770f6bbc868e082f890e33c4958f90dc4981f29a8936fe463 Pin SHA256: yxWP8ITIA60P5WscuaJ6dpqutHJtg0PaYSSEzA/bbPY= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: b4fb5467c115159770f6bbc868e082f890e33c4958f90dc4981f29a8936fe463 Pin SHA256: yxWP8ITIA60P5WscuaJ6dpqutHJtg0PaYSSEzA/bbPY= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA

Click here to expand

Certificate #17: EC 384 bits (SHA256withECDSA)

Server Key and Certificate #1
Subject	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 0bdb9fa9911a2cac1fb60d668f83ee0f8e1fd83ebf4b8d743fedf4a55d956722 Pin SHA256: DmEsA5Mn0m7av25OIXrj+f34KklmA1aqooXI2bopKiE=
Common names	test.pdns.service.ncsc.gov.uk
Alternative names	test.pdns.service.ncsc.gov.uk
Serial Number	01c06d
Valid from	Sat, 10 Jan 2026 16:30:56 UTC
Valid until	Sun, 18 Jan 2026 16:30:56 UTC (expires in 6 days, 18 hours)
Key	EC 384 bits
Weak key (Debian)	No
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79
Signature algorithm	SHA256withECDSA
Extended Validation	No
Certificate Transparency	No
OCSP Must Staple	No
Revocation information	None
DNS CAA	Yes policy host: ncsc.gov.uk issue: Digicert.com flags:0 iodef: mailto:infrastructure@ncsc.gov.uk flags:0 issue: comodo.com flags:0 issue: globalsign.com flags:0 issue: letsencrypt.org flags:0 issue: amazon.com flags:0
Trusted	No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (1435 bytes)
Chain issues	Contains anchor
#2
Subject	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Not in trust store Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4=
Valid until	Wed, 30 Jan 2030 11:20:00 UTC (expires in 4 years)
Key	EC 256 bits
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed
Signature algorithm	SHA256withECDSA

Certification Paths


Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 0bdb9fa9911a2cac1fb60d668f83ee0f8e1fd83ebf4b8d743fedf4a55d956722 Pin SHA256: DmEsA5Mn0m7av25OIXrj+f34KklmA1aqooXI2bopKiE= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 0bdb9fa9911a2cac1fb60d668f83ee0f8e1fd83ebf4b8d743fedf4a55d956722 Pin SHA256: DmEsA5Mn0m7av25OIXrj+f34KklmA1aqooXI2bopKiE= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 0bdb9fa9911a2cac1fb60d668f83ee0f8e1fd83ebf4b8d743fedf4a55d956722 Pin SHA256: DmEsA5Mn0m7av25OIXrj+f34KklmA1aqooXI2bopKiE= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 0bdb9fa9911a2cac1fb60d668f83ee0f8e1fd83ebf4b8d743fedf4a55d956722 Pin SHA256: DmEsA5Mn0m7av25OIXrj+f34KklmA1aqooXI2bopKiE= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 0bdb9fa9911a2cac1fb60d668f83ee0f8e1fd83ebf4b8d743fedf4a55d956722 Pin SHA256: DmEsA5Mn0m7av25OIXrj+f34KklmA1aqooXI2bopKiE= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA

Click here to expand

Certificate #18: EC 384 bits (SHA256withECDSA)

Server Key and Certificate #1
Subject	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: c83bb3c1ef23451b8c2d5ba59349d042e88eb2c0d1b70552b83c0f08c2ce959c Pin SHA256: Hrp3iUbW9SrliRnevmQhfA8CIrDawl9EoZxn6Hld/KU=
Common names	test.pdns.service.ncsc.gov.uk
Alternative names	test.pdns.service.ncsc.gov.uk
Serial Number	267c
Valid from	Sat, 10 Jan 2026 16:30:57 UTC
Valid until	Sun, 18 Jan 2026 16:30:57 UTC (expires in 6 days, 18 hours)
Key	EC 384 bits
Weak key (Debian)	No
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79
Signature algorithm	SHA256withECDSA
Extended Validation	No
Certificate Transparency	No
OCSP Must Staple	No
Revocation information	None
DNS CAA	Yes policy host: ncsc.gov.uk issue: Digicert.com flags:0 iodef: mailto:infrastructure@ncsc.gov.uk flags:0 issue: comodo.com flags:0 issue: globalsign.com flags:0 issue: letsencrypt.org flags:0 issue: amazon.com flags:0
Trusted	No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (1434 bytes)
Chain issues	Contains anchor
#2
Subject	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Not in trust store Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4=
Valid until	Wed, 30 Jan 2030 11:20:00 UTC (expires in 4 years)
Key	EC 256 bits
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed
Signature algorithm	SHA256withECDSA

Certification Paths


Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: c83bb3c1ef23451b8c2d5ba59349d042e88eb2c0d1b70552b83c0f08c2ce959c Pin SHA256: Hrp3iUbW9SrliRnevmQhfA8CIrDawl9EoZxn6Hld/KU= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: c83bb3c1ef23451b8c2d5ba59349d042e88eb2c0d1b70552b83c0f08c2ce959c Pin SHA256: Hrp3iUbW9SrliRnevmQhfA8CIrDawl9EoZxn6Hld/KU= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: c83bb3c1ef23451b8c2d5ba59349d042e88eb2c0d1b70552b83c0f08c2ce959c Pin SHA256: Hrp3iUbW9SrliRnevmQhfA8CIrDawl9EoZxn6Hld/KU= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: c83bb3c1ef23451b8c2d5ba59349d042e88eb2c0d1b70552b83c0f08c2ce959c Pin SHA256: Hrp3iUbW9SrliRnevmQhfA8CIrDawl9EoZxn6Hld/KU= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: c83bb3c1ef23451b8c2d5ba59349d042e88eb2c0d1b70552b83c0f08c2ce959c Pin SHA256: Hrp3iUbW9SrliRnevmQhfA8CIrDawl9EoZxn6Hld/KU= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA

Click here to expand

Certificate #19: EC 384 bits (SHA256withECDSA)

Server Key and Certificate #1
Subject	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: fc7db6fb8403713a628149c5e7f92e606c6b38774dd1ae10940cb23d128ff888 Pin SHA256: U603tX6pCGaD5jSKM7DURC36+AkTHgcC11FyUmy3aZ8=
Common names	test.pdns.service.ncsc.gov.uk
Alternative names	test.pdns.service.ncsc.gov.uk
Serial Number	01b188
Valid from	Sat, 10 Jan 2026 16:30:58 UTC
Valid until	Sun, 18 Jan 2026 16:30:58 UTC (expires in 6 days, 18 hours)
Key	EC 384 bits
Weak key (Debian)	No
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79
Signature algorithm	SHA256withECDSA
Extended Validation	No
Certificate Transparency	No
OCSP Must Staple	No
Revocation information	None
DNS CAA	Yes policy host: ncsc.gov.uk issue: Digicert.com flags:0 iodef: mailto:infrastructure@ncsc.gov.uk flags:0 issue: comodo.com flags:0 issue: globalsign.com flags:0 issue: letsencrypt.org flags:0 issue: amazon.com flags:0
Trusted	No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (1436 bytes)
Chain issues	Contains anchor
#2
Subject	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Not in trust store Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4=
Valid until	Wed, 30 Jan 2030 11:20:00 UTC (expires in 4 years)
Key	EC 256 bits
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed
Signature algorithm	SHA256withECDSA

Certification Paths


Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: fc7db6fb8403713a628149c5e7f92e606c6b38774dd1ae10940cb23d128ff888 Pin SHA256: U603tX6pCGaD5jSKM7DURC36+AkTHgcC11FyUmy3aZ8= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: fc7db6fb8403713a628149c5e7f92e606c6b38774dd1ae10940cb23d128ff888 Pin SHA256: U603tX6pCGaD5jSKM7DURC36+AkTHgcC11FyUmy3aZ8= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: fc7db6fb8403713a628149c5e7f92e606c6b38774dd1ae10940cb23d128ff888 Pin SHA256: U603tX6pCGaD5jSKM7DURC36+AkTHgcC11FyUmy3aZ8= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: fc7db6fb8403713a628149c5e7f92e606c6b38774dd1ae10940cb23d128ff888 Pin SHA256: U603tX6pCGaD5jSKM7DURC36+AkTHgcC11FyUmy3aZ8= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: fc7db6fb8403713a628149c5e7f92e606c6b38774dd1ae10940cb23d128ff888 Pin SHA256: U603tX6pCGaD5jSKM7DURC36+AkTHgcC11FyUmy3aZ8= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA

Click here to expand

Certificate #20: EC 384 bits (SHA256withECDSA)

Server Key and Certificate #1
Subject	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 761c510d971aaae53abbe0750b242ca477e9eefe7c7a0aabd5ccd3807ad2c2bd Pin SHA256: 2HH0QckzNpaAZgSg/37SRcVEVQ+yAzTIXagEoP0ctpI=
Common names	test.pdns.service.ncsc.gov.uk
Alternative names	test.pdns.service.ncsc.gov.uk
Serial Number	186d80
Valid from	Sat, 10 Jan 2026 16:30:59 UTC
Valid until	Sun, 18 Jan 2026 16:30:59 UTC (expires in 6 days, 18 hours)
Key	EC 384 bits
Weak key (Debian)	No
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79
Signature algorithm	SHA256withECDSA
Extended Validation	No
Certificate Transparency	No
OCSP Must Staple	No
Revocation information	None
DNS CAA	Yes policy host: ncsc.gov.uk issue: Digicert.com flags:0 iodef: mailto:infrastructure@ncsc.gov.uk flags:0 issue: comodo.com flags:0 issue: globalsign.com flags:0 issue: letsencrypt.org flags:0 issue: amazon.com flags:0
Trusted	No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (1436 bytes)
Chain issues	Contains anchor
#2
Subject	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Not in trust store Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4=
Valid until	Wed, 30 Jan 2030 11:20:00 UTC (expires in 4 years)
Key	EC 256 bits
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed
Signature algorithm	SHA256withECDSA

Certification Paths


Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 761c510d971aaae53abbe0750b242ca477e9eefe7c7a0aabd5ccd3807ad2c2bd Pin SHA256: 2HH0QckzNpaAZgSg/37SRcVEVQ+yAzTIXagEoP0ctpI= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 761c510d971aaae53abbe0750b242ca477e9eefe7c7a0aabd5ccd3807ad2c2bd Pin SHA256: 2HH0QckzNpaAZgSg/37SRcVEVQ+yAzTIXagEoP0ctpI= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 761c510d971aaae53abbe0750b242ca477e9eefe7c7a0aabd5ccd3807ad2c2bd Pin SHA256: 2HH0QckzNpaAZgSg/37SRcVEVQ+yAzTIXagEoP0ctpI= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 761c510d971aaae53abbe0750b242ca477e9eefe7c7a0aabd5ccd3807ad2c2bd Pin SHA256: 2HH0QckzNpaAZgSg/37SRcVEVQ+yAzTIXagEoP0ctpI= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 761c510d971aaae53abbe0750b242ca477e9eefe7c7a0aabd5ccd3807ad2c2bd Pin SHA256: 2HH0QckzNpaAZgSg/37SRcVEVQ+yAzTIXagEoP0ctpI= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA

Click here to expand

Certificate #21: EC 384 bits (SHA256withECDSA)

Server Key and Certificate #1
Subject	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 50b60183bf58e64e35e010a29587bdd2d747b6bd38d746946ffc88d1fc6dd3ee Pin SHA256: D3Nyw3gvwvD4lKxZqczGf8+F29CmIcF0DAyFmkXTymg=
Common names	test.pdns.service.ncsc.gov.uk
Alternative names	test.pdns.service.ncsc.gov.uk
Serial Number	189ed4
Valid from	Sat, 10 Jan 2026 16:31:00 UTC
Valid until	Sun, 18 Jan 2026 16:31:00 UTC (expires in 6 days, 18 hours)
Key	EC 384 bits
Weak key (Debian)	No
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79
Signature algorithm	SHA256withECDSA
Extended Validation	No
Certificate Transparency	No
OCSP Must Staple	No
Revocation information	None
DNS CAA	Yes policy host: ncsc.gov.uk issue: Digicert.com flags:0 iodef: mailto:infrastructure@ncsc.gov.uk flags:0 issue: comodo.com flags:0 issue: globalsign.com flags:0 issue: letsencrypt.org flags:0 issue: amazon.com flags:0
Trusted	No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (1436 bytes)
Chain issues	Contains anchor
#2
Subject	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Not in trust store Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4=
Valid until	Wed, 30 Jan 2030 11:20:00 UTC (expires in 4 years)
Key	EC 256 bits
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed
Signature algorithm	SHA256withECDSA

Certification Paths


Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 50b60183bf58e64e35e010a29587bdd2d747b6bd38d746946ffc88d1fc6dd3ee Pin SHA256: D3Nyw3gvwvD4lKxZqczGf8+F29CmIcF0DAyFmkXTymg= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 50b60183bf58e64e35e010a29587bdd2d747b6bd38d746946ffc88d1fc6dd3ee Pin SHA256: D3Nyw3gvwvD4lKxZqczGf8+F29CmIcF0DAyFmkXTymg= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 50b60183bf58e64e35e010a29587bdd2d747b6bd38d746946ffc88d1fc6dd3ee Pin SHA256: D3Nyw3gvwvD4lKxZqczGf8+F29CmIcF0DAyFmkXTymg= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 50b60183bf58e64e35e010a29587bdd2d747b6bd38d746946ffc88d1fc6dd3ee Pin SHA256: D3Nyw3gvwvD4lKxZqczGf8+F29CmIcF0DAyFmkXTymg= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 50b60183bf58e64e35e010a29587bdd2d747b6bd38d746946ffc88d1fc6dd3ee Pin SHA256: D3Nyw3gvwvD4lKxZqczGf8+F29CmIcF0DAyFmkXTymg= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA

Click here to expand

Certificate #22: EC 384 bits (SHA256withECDSA)

Server Key and Certificate #1
Subject	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: cbf0498ba5c2e7d51ec6be5cc3f999a9df7a26634ac34460b4a239cb00412fa9 Pin SHA256: RCZOF2ySuODUVWvDFvreGmQR6CnHxo72jD4lf3w9Uao=
Common names	test.pdns.service.ncsc.gov.uk
Alternative names	test.pdns.service.ncsc.gov.uk
Serial Number	186286
Valid from	Sat, 10 Jan 2026 16:31:01 UTC
Valid until	Sun, 18 Jan 2026 16:31:01 UTC (expires in 6 days, 18 hours)
Key	EC 384 bits
Weak key (Debian)	No
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79
Signature algorithm	SHA256withECDSA
Extended Validation	No
Certificate Transparency	No
OCSP Must Staple	No
Revocation information	None
DNS CAA	Yes policy host: ncsc.gov.uk issue: Digicert.com flags:0 iodef: mailto:infrastructure@ncsc.gov.uk flags:0 issue: comodo.com flags:0 issue: globalsign.com flags:0 issue: letsencrypt.org flags:0 issue: amazon.com flags:0
Trusted	No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (1436 bytes)
Chain issues	Contains anchor
#2
Subject	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Not in trust store Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4=
Valid until	Wed, 30 Jan 2030 11:20:00 UTC (expires in 4 years)
Key	EC 256 bits
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed
Signature algorithm	SHA256withECDSA

Certification Paths


Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: cbf0498ba5c2e7d51ec6be5cc3f999a9df7a26634ac34460b4a239cb00412fa9 Pin SHA256: RCZOF2ySuODUVWvDFvreGmQR6CnHxo72jD4lf3w9Uao= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: cbf0498ba5c2e7d51ec6be5cc3f999a9df7a26634ac34460b4a239cb00412fa9 Pin SHA256: RCZOF2ySuODUVWvDFvreGmQR6CnHxo72jD4lf3w9Uao= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: cbf0498ba5c2e7d51ec6be5cc3f999a9df7a26634ac34460b4a239cb00412fa9 Pin SHA256: RCZOF2ySuODUVWvDFvreGmQR6CnHxo72jD4lf3w9Uao= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: cbf0498ba5c2e7d51ec6be5cc3f999a9df7a26634ac34460b4a239cb00412fa9 Pin SHA256: RCZOF2ySuODUVWvDFvreGmQR6CnHxo72jD4lf3w9Uao= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: cbf0498ba5c2e7d51ec6be5cc3f999a9df7a26634ac34460b4a239cb00412fa9 Pin SHA256: RCZOF2ySuODUVWvDFvreGmQR6CnHxo72jD4lf3w9Uao= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA

Click here to expand

Certificate #23: EC 384 bits (SHA256withECDSA)

Server Key and Certificate #1
Subject	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: c7397c13bf17d00a04daceefdd0df7767ae4f5c458295dbbf6f968fdd4c0c443 Pin SHA256: KIR4DxRh784Z4DJep4QJOL6rA2AgsRHtdNd5h5l23/s=
Common names	test.pdns.service.ncsc.gov.uk
Alternative names	test.pdns.service.ncsc.gov.uk
Serial Number	18883c
Valid from	Sat, 10 Jan 2026 16:31:02 UTC
Valid until	Sun, 18 Jan 2026 16:31:02 UTC (expires in 6 days, 18 hours)
Key	EC 384 bits
Weak key (Debian)	No
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79
Signature algorithm	SHA256withECDSA
Extended Validation	No
Certificate Transparency	No
OCSP Must Staple	No
Revocation information	None
DNS CAA	Yes policy host: ncsc.gov.uk issue: Digicert.com flags:0 iodef: mailto:infrastructure@ncsc.gov.uk flags:0 issue: comodo.com flags:0 issue: globalsign.com flags:0 issue: letsencrypt.org flags:0 issue: amazon.com flags:0
Trusted	No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (1437 bytes)
Chain issues	Contains anchor
#2
Subject	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Not in trust store Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4=
Valid until	Wed, 30 Jan 2030 11:20:00 UTC (expires in 4 years)
Key	EC 256 bits
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed
Signature algorithm	SHA256withECDSA

Certification Paths


Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: c7397c13bf17d00a04daceefdd0df7767ae4f5c458295dbbf6f968fdd4c0c443 Pin SHA256: KIR4DxRh784Z4DJep4QJOL6rA2AgsRHtdNd5h5l23/s= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: c7397c13bf17d00a04daceefdd0df7767ae4f5c458295dbbf6f968fdd4c0c443 Pin SHA256: KIR4DxRh784Z4DJep4QJOL6rA2AgsRHtdNd5h5l23/s= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: c7397c13bf17d00a04daceefdd0df7767ae4f5c458295dbbf6f968fdd4c0c443 Pin SHA256: KIR4DxRh784Z4DJep4QJOL6rA2AgsRHtdNd5h5l23/s= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: c7397c13bf17d00a04daceefdd0df7767ae4f5c458295dbbf6f968fdd4c0c443 Pin SHA256: KIR4DxRh784Z4DJep4QJOL6rA2AgsRHtdNd5h5l23/s= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: c7397c13bf17d00a04daceefdd0df7767ae4f5c458295dbbf6f968fdd4c0c443 Pin SHA256: KIR4DxRh784Z4DJep4QJOL6rA2AgsRHtdNd5h5l23/s= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA

Click here to expand

Certificate #24: EC 384 bits (SHA256withECDSA)

Server Key and Certificate #1
Subject	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: b8c068f95617715c176bbee633478d7e95e1625ab9a0672ee152ae9e5897db90 Pin SHA256: RswZMjrqjXO4dWXcKfXgOTUgEdkhR2DeAJyWLslReQA=
Common names	test.pdns.service.ncsc.gov.uk
Alternative names	test.pdns.service.ncsc.gov.uk
Serial Number	186290
Valid from	Sat, 10 Jan 2026 16:31:03 UTC
Valid until	Sun, 18 Jan 2026 16:31:03 UTC (expires in 6 days, 18 hours)
Key	EC 384 bits
Weak key (Debian)	No
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79
Signature algorithm	SHA256withECDSA
Extended Validation	No
Certificate Transparency	No
OCSP Must Staple	No
Revocation information	None
DNS CAA	Yes policy host: ncsc.gov.uk issue: Digicert.com flags:0 iodef: mailto:infrastructure@ncsc.gov.uk flags:0 issue: comodo.com flags:0 issue: globalsign.com flags:0 issue: letsencrypt.org flags:0 issue: amazon.com flags:0
Trusted	No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (1436 bytes)
Chain issues	Contains anchor
#2
Subject	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Not in trust store Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4=
Valid until	Wed, 30 Jan 2030 11:20:00 UTC (expires in 4 years)
Key	EC 256 bits
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed
Signature algorithm	SHA256withECDSA

Certification Paths


Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: b8c068f95617715c176bbee633478d7e95e1625ab9a0672ee152ae9e5897db90 Pin SHA256: RswZMjrqjXO4dWXcKfXgOTUgEdkhR2DeAJyWLslReQA= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: b8c068f95617715c176bbee633478d7e95e1625ab9a0672ee152ae9e5897db90 Pin SHA256: RswZMjrqjXO4dWXcKfXgOTUgEdkhR2DeAJyWLslReQA= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: b8c068f95617715c176bbee633478d7e95e1625ab9a0672ee152ae9e5897db90 Pin SHA256: RswZMjrqjXO4dWXcKfXgOTUgEdkhR2DeAJyWLslReQA= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: b8c068f95617715c176bbee633478d7e95e1625ab9a0672ee152ae9e5897db90 Pin SHA256: RswZMjrqjXO4dWXcKfXgOTUgEdkhR2DeAJyWLslReQA= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: b8c068f95617715c176bbee633478d7e95e1625ab9a0672ee152ae9e5897db90 Pin SHA256: RswZMjrqjXO4dWXcKfXgOTUgEdkhR2DeAJyWLslReQA= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA

Click here to expand

Certificate #25: EC 384 bits (SHA256withECDSA)

Server Key and Certificate #1
Subject	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 3becc19b8e0d18ed252bed8b7430da4a1dedb90c1ec632bd418f791fa22aa03e Pin SHA256: Wt+cB8KTyWo+9pOPXLsPGNS8nzpEgQyANW1LW444LuE=
Common names	test.pdns.service.ncsc.gov.uk
Alternative names	test.pdns.service.ncsc.gov.uk
Serial Number	189eda
Valid from	Sat, 10 Jan 2026 16:31:04 UTC
Valid until	Sun, 18 Jan 2026 16:31:04 UTC (expires in 6 days, 18 hours)
Key	EC 384 bits
Weak key (Debian)	No
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79
Signature algorithm	SHA256withECDSA
Extended Validation	No
Certificate Transparency	No
OCSP Must Staple	No
Revocation information	None
DNS CAA	Yes policy host: ncsc.gov.uk issue: Digicert.com flags:0 iodef: mailto:infrastructure@ncsc.gov.uk flags:0 issue: comodo.com flags:0 issue: globalsign.com flags:0 issue: letsencrypt.org flags:0 issue: amazon.com flags:0
Trusted	No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (1436 bytes)
Chain issues	Contains anchor
#2
Subject	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Not in trust store Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4=
Valid until	Wed, 30 Jan 2030 11:20:00 UTC (expires in 4 years)
Key	EC 256 bits
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed
Signature algorithm	SHA256withECDSA

Certification Paths


Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 3becc19b8e0d18ed252bed8b7430da4a1dedb90c1ec632bd418f791fa22aa03e Pin SHA256: Wt+cB8KTyWo+9pOPXLsPGNS8nzpEgQyANW1LW444LuE= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 3becc19b8e0d18ed252bed8b7430da4a1dedb90c1ec632bd418f791fa22aa03e Pin SHA256: Wt+cB8KTyWo+9pOPXLsPGNS8nzpEgQyANW1LW444LuE= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 3becc19b8e0d18ed252bed8b7430da4a1dedb90c1ec632bd418f791fa22aa03e Pin SHA256: Wt+cB8KTyWo+9pOPXLsPGNS8nzpEgQyANW1LW444LuE= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 3becc19b8e0d18ed252bed8b7430da4a1dedb90c1ec632bd418f791fa22aa03e Pin SHA256: Wt+cB8KTyWo+9pOPXLsPGNS8nzpEgQyANW1LW444LuE= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 3becc19b8e0d18ed252bed8b7430da4a1dedb90c1ec632bd418f791fa22aa03e Pin SHA256: Wt+cB8KTyWo+9pOPXLsPGNS8nzpEgQyANW1LW444LuE= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA

Click here to expand

Certificate #26: EC 384 bits (SHA256withECDSA)

Server Key and Certificate #1
Subject	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 55b0ef1586d167b04618e73d6334208cacc3a7dea3042b32264fcf8b6c2081b2 Pin SHA256: jfyB5ys3Db8co8DZ9GtuIBPQQIgNj847H5SBSi0iql4=
Common names	test.pdns.service.ncsc.gov.uk
Alternative names	test.pdns.service.ncsc.gov.uk
Serial Number	01d84c
Valid from	Sat, 10 Jan 2026 16:31:07 UTC
Valid until	Sun, 18 Jan 2026 16:31:07 UTC (expires in 6 days, 18 hours)
Key	EC 384 bits
Weak key (Debian)	No
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79
Signature algorithm	SHA256withECDSA
Extended Validation	No
Certificate Transparency	No
OCSP Must Staple	No
Revocation information	None
DNS CAA	Yes policy host: ncsc.gov.uk issue: Digicert.com flags:0 iodef: mailto:infrastructure@ncsc.gov.uk flags:0 issue: comodo.com flags:0 issue: globalsign.com flags:0 issue: letsencrypt.org flags:0 issue: amazon.com flags:0
Trusted	No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (1436 bytes)
Chain issues	Contains anchor
#2
Subject	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Not in trust store Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4=
Valid until	Wed, 30 Jan 2030 11:20:00 UTC (expires in 4 years)
Key	EC 256 bits
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed
Signature algorithm	SHA256withECDSA

Certification Paths


Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 55b0ef1586d167b04618e73d6334208cacc3a7dea3042b32264fcf8b6c2081b2 Pin SHA256: jfyB5ys3Db8co8DZ9GtuIBPQQIgNj847H5SBSi0iql4= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 55b0ef1586d167b04618e73d6334208cacc3a7dea3042b32264fcf8b6c2081b2 Pin SHA256: jfyB5ys3Db8co8DZ9GtuIBPQQIgNj847H5SBSi0iql4= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 55b0ef1586d167b04618e73d6334208cacc3a7dea3042b32264fcf8b6c2081b2 Pin SHA256: jfyB5ys3Db8co8DZ9GtuIBPQQIgNj847H5SBSi0iql4= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 55b0ef1586d167b04618e73d6334208cacc3a7dea3042b32264fcf8b6c2081b2 Pin SHA256: jfyB5ys3Db8co8DZ9GtuIBPQQIgNj847H5SBSi0iql4= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 55b0ef1586d167b04618e73d6334208cacc3a7dea3042b32264fcf8b6c2081b2 Pin SHA256: jfyB5ys3Db8co8DZ9GtuIBPQQIgNj847H5SBSi0iql4= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA

Click here to expand

Certificate #27: EC 384 bits (SHA256withECDSA)

Server Key and Certificate #1
Subject	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: f0b80439f768b9a37383810d60de8b1e34f4383dce69bce9d72596228db8410f Pin SHA256: tNPLOg+EiGYcqQRbe+TT5DvIwA0Pcto80X82WCELk6o=
Common names	test.pdns.service.ncsc.gov.uk
Alternative names	test.pdns.service.ncsc.gov.uk
Serial Number	2677
Valid from	Sat, 10 Jan 2026 16:31:08 UTC
Valid until	Sun, 18 Jan 2026 16:31:08 UTC (expires in 6 days, 18 hours)
Key	EC 384 bits
Weak key (Debian)	No
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79
Signature algorithm	SHA256withECDSA
Extended Validation	No
Certificate Transparency	No
OCSP Must Staple	No
Revocation information	None
DNS CAA	Yes policy host: ncsc.gov.uk issue: Digicert.com flags:0 iodef: mailto:infrastructure@ncsc.gov.uk flags:0 issue: comodo.com flags:0 issue: globalsign.com flags:0 issue: letsencrypt.org flags:0 issue: amazon.com flags:0
Trusted	No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (1436 bytes)
Chain issues	Contains anchor
#2
Subject	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Not in trust store Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4=
Valid until	Wed, 30 Jan 2030 11:20:00 UTC (expires in 4 years)
Key	EC 256 bits
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed
Signature algorithm	SHA256withECDSA

Certification Paths


Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: f0b80439f768b9a37383810d60de8b1e34f4383dce69bce9d72596228db8410f Pin SHA256: tNPLOg+EiGYcqQRbe+TT5DvIwA0Pcto80X82WCELk6o= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: f0b80439f768b9a37383810d60de8b1e34f4383dce69bce9d72596228db8410f Pin SHA256: tNPLOg+EiGYcqQRbe+TT5DvIwA0Pcto80X82WCELk6o= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: f0b80439f768b9a37383810d60de8b1e34f4383dce69bce9d72596228db8410f Pin SHA256: tNPLOg+EiGYcqQRbe+TT5DvIwA0Pcto80X82WCELk6o= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: f0b80439f768b9a37383810d60de8b1e34f4383dce69bce9d72596228db8410f Pin SHA256: tNPLOg+EiGYcqQRbe+TT5DvIwA0Pcto80X82WCELk6o= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: f0b80439f768b9a37383810d60de8b1e34f4383dce69bce9d72596228db8410f Pin SHA256: tNPLOg+EiGYcqQRbe+TT5DvIwA0Pcto80X82WCELk6o= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA

Click here to expand

Certificate #28: EC 384 bits (SHA256withECDSA)

Server Key and Certificate #1
Subject	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: cee1aa05ce95a9ab6d47c3cd714ddc6cb734dc438e1140f67595be38f8b18524 Pin SHA256: UHHsNWR4w73/afiyxppSs2JGgiAWrltojR3BsieGMXo=
Common names	test.pdns.service.ncsc.gov.uk
Alternative names	test.pdns.service.ncsc.gov.uk
Serial Number	2683
Valid from	Sat, 10 Jan 2026 16:31:09 UTC
Valid until	Sun, 18 Jan 2026 16:31:09 UTC (expires in 6 days, 18 hours)
Key	EC 384 bits
Weak key (Debian)	No
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79
Signature algorithm	SHA256withECDSA
Extended Validation	No
Certificate Transparency	No
OCSP Must Staple	No
Revocation information	None
DNS CAA	Yes policy host: ncsc.gov.uk issue: Digicert.com flags:0 iodef: mailto:infrastructure@ncsc.gov.uk flags:0 issue: comodo.com flags:0 issue: globalsign.com flags:0 issue: letsencrypt.org flags:0 issue: amazon.com flags:0
Trusted	No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (1435 bytes)
Chain issues	Contains anchor
#2
Subject	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Not in trust store Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4=
Valid until	Wed, 30 Jan 2030 11:20:00 UTC (expires in 4 years)
Key	EC 256 bits
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed
Signature algorithm	SHA256withECDSA

Certification Paths


Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: cee1aa05ce95a9ab6d47c3cd714ddc6cb734dc438e1140f67595be38f8b18524 Pin SHA256: UHHsNWR4w73/afiyxppSs2JGgiAWrltojR3BsieGMXo= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: cee1aa05ce95a9ab6d47c3cd714ddc6cb734dc438e1140f67595be38f8b18524 Pin SHA256: UHHsNWR4w73/afiyxppSs2JGgiAWrltojR3BsieGMXo= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: cee1aa05ce95a9ab6d47c3cd714ddc6cb734dc438e1140f67595be38f8b18524 Pin SHA256: UHHsNWR4w73/afiyxppSs2JGgiAWrltojR3BsieGMXo= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: cee1aa05ce95a9ab6d47c3cd714ddc6cb734dc438e1140f67595be38f8b18524 Pin SHA256: UHHsNWR4w73/afiyxppSs2JGgiAWrltojR3BsieGMXo= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: cee1aa05ce95a9ab6d47c3cd714ddc6cb734dc438e1140f67595be38f8b18524 Pin SHA256: UHHsNWR4w73/afiyxppSs2JGgiAWrltojR3BsieGMXo= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA

Click here to expand

Certificate #29: EC 384 bits (SHA256withECDSA)

Server Key and Certificate #1
Subject	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: f683ba53bf495bcbdeb393140c200667fdb1a4a1b8ee25445600b95e8157c9ac Pin SHA256: /pmsbrqG0KPjOE5rQx4dW40aE7qeQLiC+kjcVYVzOMo=
Common names	test.pdns.service.ncsc.gov.uk
Alternative names	test.pdns.service.ncsc.gov.uk
Serial Number	186d95
Valid from	Sat, 10 Jan 2026 16:31:15 UTC
Valid until	Sun, 18 Jan 2026 16:31:15 UTC (expires in 6 days, 18 hours)
Key	EC 384 bits
Weak key (Debian)	No
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79
Signature algorithm	SHA256withECDSA
Extended Validation	No
Certificate Transparency	No
OCSP Must Staple	No
Revocation information	None
DNS CAA	Yes policy host: ncsc.gov.uk issue: Digicert.com flags:0 iodef: mailto:infrastructure@ncsc.gov.uk flags:0 issue: comodo.com flags:0 issue: globalsign.com flags:0 issue: letsencrypt.org flags:0 issue: amazon.com flags:0
Trusted	No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (1436 bytes)
Chain issues	Contains anchor
#2
Subject	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Not in trust store Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4=
Valid until	Wed, 30 Jan 2030 11:20:00 UTC (expires in 4 years)
Key	EC 256 bits
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed
Signature algorithm	SHA256withECDSA

Certification Paths


Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: f683ba53bf495bcbdeb393140c200667fdb1a4a1b8ee25445600b95e8157c9ac Pin SHA256: /pmsbrqG0KPjOE5rQx4dW40aE7qeQLiC+kjcVYVzOMo= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: f683ba53bf495bcbdeb393140c200667fdb1a4a1b8ee25445600b95e8157c9ac Pin SHA256: /pmsbrqG0KPjOE5rQx4dW40aE7qeQLiC+kjcVYVzOMo= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: f683ba53bf495bcbdeb393140c200667fdb1a4a1b8ee25445600b95e8157c9ac Pin SHA256: /pmsbrqG0KPjOE5rQx4dW40aE7qeQLiC+kjcVYVzOMo= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: f683ba53bf495bcbdeb393140c200667fdb1a4a1b8ee25445600b95e8157c9ac Pin SHA256: /pmsbrqG0KPjOE5rQx4dW40aE7qeQLiC+kjcVYVzOMo= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: f683ba53bf495bcbdeb393140c200667fdb1a4a1b8ee25445600b95e8157c9ac Pin SHA256: /pmsbrqG0KPjOE5rQx4dW40aE7qeQLiC+kjcVYVzOMo= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA

Click here to expand

Certificate #30: EC 384 bits (SHA256withECDSA)

Server Key and Certificate #1
Subject	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 1f944c29ea5212773defcd91caae676583e281a55e2ad2cf82e82eccf429e3d6 Pin SHA256: MuSPlYThSiCxnJzlMnueR+ktEKBjoLUQ1L1P4GvB6m0=
Common names	test.pdns.service.ncsc.gov.uk
Alternative names	test.pdns.service.ncsc.gov.uk
Serial Number	188146
Valid from	Sat, 10 Jan 2026 16:31:16 UTC
Valid until	Sun, 18 Jan 2026 16:31:16 UTC (expires in 6 days, 18 hours)
Key	EC 384 bits
Weak key (Debian)	No
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79
Signature algorithm	SHA256withECDSA
Extended Validation	No
Certificate Transparency	No
OCSP Must Staple	No
Revocation information	None
DNS CAA	Yes policy host: ncsc.gov.uk issue: Digicert.com flags:0 iodef: mailto:infrastructure@ncsc.gov.uk flags:0 issue: comodo.com flags:0 issue: globalsign.com flags:0 issue: letsencrypt.org flags:0 issue: amazon.com flags:0
Trusted	No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (1435 bytes)
Chain issues	Contains anchor
#2
Subject	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Not in trust store Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4=
Valid until	Wed, 30 Jan 2030 11:20:00 UTC (expires in 4 years)
Key	EC 256 bits
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed
Signature algorithm	SHA256withECDSA

Certification Paths


Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 1f944c29ea5212773defcd91caae676583e281a55e2ad2cf82e82eccf429e3d6 Pin SHA256: MuSPlYThSiCxnJzlMnueR+ktEKBjoLUQ1L1P4GvB6m0= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 1f944c29ea5212773defcd91caae676583e281a55e2ad2cf82e82eccf429e3d6 Pin SHA256: MuSPlYThSiCxnJzlMnueR+ktEKBjoLUQ1L1P4GvB6m0= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 1f944c29ea5212773defcd91caae676583e281a55e2ad2cf82e82eccf429e3d6 Pin SHA256: MuSPlYThSiCxnJzlMnueR+ktEKBjoLUQ1L1P4GvB6m0= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 1f944c29ea5212773defcd91caae676583e281a55e2ad2cf82e82eccf429e3d6 Pin SHA256: MuSPlYThSiCxnJzlMnueR+ktEKBjoLUQ1L1P4GvB6m0= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 1f944c29ea5212773defcd91caae676583e281a55e2ad2cf82e82eccf429e3d6 Pin SHA256: MuSPlYThSiCxnJzlMnueR+ktEKBjoLUQ1L1P4GvB6m0= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA

Click here to expand

Certificate #31: EC 384 bits (SHA256withECDSA)

Server Key and Certificate #1
Subject	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: dc91a9aacda8c1884f59847de72df66d2f40e60802b1e1235550901163ea0ef2 Pin SHA256: 0U3AYsHQhMj22KWUf50I+J1BQ9Wm8D6OJVgxGPgPLug=
Common names	test.pdns.service.ncsc.gov.uk
Alternative names	test.pdns.service.ncsc.gov.uk
Serial Number	189ef5
Valid from	Sat, 10 Jan 2026 16:31:17 UTC
Valid until	Sun, 18 Jan 2026 16:31:17 UTC (expires in 6 days, 18 hours)
Key	EC 384 bits
Weak key (Debian)	No
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79
Signature algorithm	SHA256withECDSA
Extended Validation	No
Certificate Transparency	No
OCSP Must Staple	No
Revocation information	None
DNS CAA	Yes policy host: ncsc.gov.uk issue: Digicert.com flags:0 iodef: mailto:infrastructure@ncsc.gov.uk flags:0 issue: comodo.com flags:0 issue: globalsign.com flags:0 issue: letsencrypt.org flags:0 issue: amazon.com flags:0
Trusted	No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (1437 bytes)
Chain issues	Contains anchor
#2
Subject	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Not in trust store Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4=
Valid until	Wed, 30 Jan 2030 11:20:00 UTC (expires in 4 years)
Key	EC 256 bits
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed
Signature algorithm	SHA256withECDSA

Certification Paths


Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: dc91a9aacda8c1884f59847de72df66d2f40e60802b1e1235550901163ea0ef2 Pin SHA256: 0U3AYsHQhMj22KWUf50I+J1BQ9Wm8D6OJVgxGPgPLug= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: dc91a9aacda8c1884f59847de72df66d2f40e60802b1e1235550901163ea0ef2 Pin SHA256: 0U3AYsHQhMj22KWUf50I+J1BQ9Wm8D6OJVgxGPgPLug= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: dc91a9aacda8c1884f59847de72df66d2f40e60802b1e1235550901163ea0ef2 Pin SHA256: 0U3AYsHQhMj22KWUf50I+J1BQ9Wm8D6OJVgxGPgPLug= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: dc91a9aacda8c1884f59847de72df66d2f40e60802b1e1235550901163ea0ef2 Pin SHA256: 0U3AYsHQhMj22KWUf50I+J1BQ9Wm8D6OJVgxGPgPLug= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: dc91a9aacda8c1884f59847de72df66d2f40e60802b1e1235550901163ea0ef2 Pin SHA256: 0U3AYsHQhMj22KWUf50I+J1BQ9Wm8D6OJVgxGPgPLug= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA

Click here to expand

Certificate #32: EC 384 bits (SHA256withECDSA)

Server Key and Certificate #1
Subject	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: a0108d005b9434f012fd9eb4c74931cd46518604c0944f1019eab62537a4137c Pin SHA256: daMtMI5prwThRkSE+kJo9Cv72dKG7pT8zWY2bf34Cx0=
Common names	test.pdns.service.ncsc.gov.uk
Alternative names	test.pdns.service.ncsc.gov.uk
Serial Number	1880a4
Valid from	Sat, 10 Jan 2026 16:31:18 UTC
Valid until	Sun, 18 Jan 2026 16:31:18 UTC (expires in 6 days, 18 hours)
Key	EC 384 bits
Weak key (Debian)	No
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79
Signature algorithm	SHA256withECDSA
Extended Validation	No
Certificate Transparency	No
OCSP Must Staple	No
Revocation information	None
DNS CAA	Yes policy host: ncsc.gov.uk issue: Digicert.com flags:0 iodef: mailto:infrastructure@ncsc.gov.uk flags:0 issue: comodo.com flags:0 issue: globalsign.com flags:0 issue: letsencrypt.org flags:0 issue: amazon.com flags:0
Trusted	No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (1437 bytes)
Chain issues	Contains anchor
#2
Subject	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Not in trust store Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4=
Valid until	Wed, 30 Jan 2030 11:20:00 UTC (expires in 4 years)
Key	EC 256 bits
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed
Signature algorithm	SHA256withECDSA

Certification Paths


Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: a0108d005b9434f012fd9eb4c74931cd46518604c0944f1019eab62537a4137c Pin SHA256: daMtMI5prwThRkSE+kJo9Cv72dKG7pT8zWY2bf34Cx0= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: a0108d005b9434f012fd9eb4c74931cd46518604c0944f1019eab62537a4137c Pin SHA256: daMtMI5prwThRkSE+kJo9Cv72dKG7pT8zWY2bf34Cx0= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: a0108d005b9434f012fd9eb4c74931cd46518604c0944f1019eab62537a4137c Pin SHA256: daMtMI5prwThRkSE+kJo9Cv72dKG7pT8zWY2bf34Cx0= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: a0108d005b9434f012fd9eb4c74931cd46518604c0944f1019eab62537a4137c Pin SHA256: daMtMI5prwThRkSE+kJo9Cv72dKG7pT8zWY2bf34Cx0= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: a0108d005b9434f012fd9eb4c74931cd46518604c0944f1019eab62537a4137c Pin SHA256: daMtMI5prwThRkSE+kJo9Cv72dKG7pT8zWY2bf34Cx0= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA

Click here to expand

Certificate #33: EC 384 bits (SHA256withECDSA)

Server Key and Certificate #1
Subject	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: b24ce7baceff4209648b1e5a0e7ffeb50a374d9611a9219babc460fde5cbb87d Pin SHA256: CMBJQgnnUgHCHw1g0aqP7gVOBmFHRAZiGz8voPOjvMQ=
Common names	test.pdns.service.ncsc.gov.uk
Alternative names	test.pdns.service.ncsc.gov.uk
Serial Number	15df
Valid from	Sat, 10 Jan 2026 16:31:21 UTC
Valid until	Sun, 18 Jan 2026 16:31:21 UTC (expires in 6 days, 18 hours)
Key	EC 384 bits
Weak key (Debian)	No
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79
Signature algorithm	SHA256withECDSA
Extended Validation	No
Certificate Transparency	No
OCSP Must Staple	No
Revocation information	None
DNS CAA	Yes policy host: ncsc.gov.uk issue: Digicert.com flags:0 iodef: mailto:infrastructure@ncsc.gov.uk flags:0 issue: comodo.com flags:0 issue: globalsign.com flags:0 issue: letsencrypt.org flags:0 issue: amazon.com flags:0
Trusted	No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (1435 bytes)
Chain issues	Contains anchor
#2
Subject	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Not in trust store Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4=
Valid until	Wed, 30 Jan 2030 11:20:00 UTC (expires in 4 years)
Key	EC 256 bits
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed
Signature algorithm	SHA256withECDSA

Certification Paths


Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: b24ce7baceff4209648b1e5a0e7ffeb50a374d9611a9219babc460fde5cbb87d Pin SHA256: CMBJQgnnUgHCHw1g0aqP7gVOBmFHRAZiGz8voPOjvMQ= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: b24ce7baceff4209648b1e5a0e7ffeb50a374d9611a9219babc460fde5cbb87d Pin SHA256: CMBJQgnnUgHCHw1g0aqP7gVOBmFHRAZiGz8voPOjvMQ= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: b24ce7baceff4209648b1e5a0e7ffeb50a374d9611a9219babc460fde5cbb87d Pin SHA256: CMBJQgnnUgHCHw1g0aqP7gVOBmFHRAZiGz8voPOjvMQ= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: b24ce7baceff4209648b1e5a0e7ffeb50a374d9611a9219babc460fde5cbb87d Pin SHA256: CMBJQgnnUgHCHw1g0aqP7gVOBmFHRAZiGz8voPOjvMQ= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: b24ce7baceff4209648b1e5a0e7ffeb50a374d9611a9219babc460fde5cbb87d Pin SHA256: CMBJQgnnUgHCHw1g0aqP7gVOBmFHRAZiGz8voPOjvMQ= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA

Click here to expand

Certificate #34: EC 384 bits (SHA256withECDSA)

Server Key and Certificate #1
Subject	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: ce7749d5456eb030347ed416357f0893f0ce39226f6e0077781dc19db495a23e Pin SHA256: kzBcl88d5cBTrto1Q9SgliRwvJsm10bigfadTNEMd0w=
Common names	test.pdns.service.ncsc.gov.uk
Alternative names	test.pdns.service.ncsc.gov.uk
Serial Number	3749
Valid from	Sat, 10 Jan 2026 16:31:22 UTC
Valid until	Sun, 18 Jan 2026 16:31:22 UTC (expires in 6 days, 18 hours)
Key	EC 384 bits
Weak key (Debian)	No
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79
Signature algorithm	SHA256withECDSA
Extended Validation	No
Certificate Transparency	No
OCSP Must Staple	No
Revocation information	None
DNS CAA	Yes policy host: ncsc.gov.uk issue: Digicert.com flags:0 iodef: mailto:infrastructure@ncsc.gov.uk flags:0 issue: comodo.com flags:0 issue: globalsign.com flags:0 issue: letsencrypt.org flags:0 issue: amazon.com flags:0
Trusted	No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (1435 bytes)
Chain issues	Contains anchor
#2
Subject	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Not in trust store Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4=
Valid until	Wed, 30 Jan 2030 11:20:00 UTC (expires in 4 years)
Key	EC 256 bits
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed
Signature algorithm	SHA256withECDSA

Certification Paths


Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: ce7749d5456eb030347ed416357f0893f0ce39226f6e0077781dc19db495a23e Pin SHA256: kzBcl88d5cBTrto1Q9SgliRwvJsm10bigfadTNEMd0w= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: ce7749d5456eb030347ed416357f0893f0ce39226f6e0077781dc19db495a23e Pin SHA256: kzBcl88d5cBTrto1Q9SgliRwvJsm10bigfadTNEMd0w= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: ce7749d5456eb030347ed416357f0893f0ce39226f6e0077781dc19db495a23e Pin SHA256: kzBcl88d5cBTrto1Q9SgliRwvJsm10bigfadTNEMd0w= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: ce7749d5456eb030347ed416357f0893f0ce39226f6e0077781dc19db495a23e Pin SHA256: kzBcl88d5cBTrto1Q9SgliRwvJsm10bigfadTNEMd0w= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: ce7749d5456eb030347ed416357f0893f0ce39226f6e0077781dc19db495a23e Pin SHA256: kzBcl88d5cBTrto1Q9SgliRwvJsm10bigfadTNEMd0w= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA

Click here to expand

Certificate #35: EC 384 bits (SHA256withECDSA)

Server Key and Certificate #1
Subject	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 57a32a5f1312bd2cec8b8e794a60a4eb59acc8376ff70b3137cc6e15349562e5 Pin SHA256: C4m+YUXVEn+MqFoH3oQiERvTq0DR/K6rH234YDbeV+Y=
Common names	test.pdns.service.ncsc.gov.uk
Alternative names	test.pdns.service.ncsc.gov.uk
Serial Number	188153
Valid from	Sat, 10 Jan 2026 16:31:23 UTC
Valid until	Sun, 18 Jan 2026 16:31:23 UTC (expires in 6 days, 18 hours)
Key	EC 384 bits
Weak key (Debian)	No
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79
Signature algorithm	SHA256withECDSA
Extended Validation	No
Certificate Transparency	No
OCSP Must Staple	No
Revocation information	None
DNS CAA	Yes policy host: ncsc.gov.uk issue: Digicert.com flags:0 iodef: mailto:infrastructure@ncsc.gov.uk flags:0 issue: comodo.com flags:0 issue: globalsign.com flags:0 issue: letsencrypt.org flags:0 issue: amazon.com flags:0
Trusted	No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (1435 bytes)
Chain issues	Contains anchor
#2
Subject	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Not in trust store Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4=
Valid until	Wed, 30 Jan 2030 11:20:00 UTC (expires in 4 years)
Key	EC 256 bits
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed
Signature algorithm	SHA256withECDSA

Certification Paths


Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 57a32a5f1312bd2cec8b8e794a60a4eb59acc8376ff70b3137cc6e15349562e5 Pin SHA256: C4m+YUXVEn+MqFoH3oQiERvTq0DR/K6rH234YDbeV+Y= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 57a32a5f1312bd2cec8b8e794a60a4eb59acc8376ff70b3137cc6e15349562e5 Pin SHA256: C4m+YUXVEn+MqFoH3oQiERvTq0DR/K6rH234YDbeV+Y= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 57a32a5f1312bd2cec8b8e794a60a4eb59acc8376ff70b3137cc6e15349562e5 Pin SHA256: C4m+YUXVEn+MqFoH3oQiERvTq0DR/K6rH234YDbeV+Y= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 57a32a5f1312bd2cec8b8e794a60a4eb59acc8376ff70b3137cc6e15349562e5 Pin SHA256: C4m+YUXVEn+MqFoH3oQiERvTq0DR/K6rH234YDbeV+Y= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 57a32a5f1312bd2cec8b8e794a60a4eb59acc8376ff70b3137cc6e15349562e5 Pin SHA256: C4m+YUXVEn+MqFoH3oQiERvTq0DR/K6rH234YDbeV+Y= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA

Click here to expand

Configuration

Protocols
TLS 1.3	Yes
TLS 1.2	Yes
TLS 1.1	No
TLS 1.0	No
SSL 3	No
SSL 2	No

Cipher Suites
# TLS 1.3 (suites in server-preferred order)
TLS_AES_128_GCM_SHA256 (`0x1301`) ECDH secp256r1 (eq. 3072 bits RSA) FS	128
TLS_AES_256_GCM_SHA384 (`0x1302`) ECDH secp256r1 (eq. 3072 bits RSA) FS	256
# TLS 1.2 (suites in server-preferred order)
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (`0xc02b`) ECDH secp521r1 (eq. 15360 bits RSA) FS	128
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (`0xc02c`) ECDH secp521r1 (eq. 15360 bits RSA) FS	256

Handshake Simulation
Android 4.4.2	EC 384 (SHA256)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp521r1 FS
Android 5.0.0	EC 384 (SHA256)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp521r1 FS
Android 6.0	EC 384 (SHA256)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
Android 7.0	EC 384 (SHA256)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
Android 8.0	EC 384 (SHA256)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
Android 8.1	-	TLS 1.3	TLS_AES_128_GCM_SHA256 ECDH secp256r1 FS
Android 9.0	-	TLS 1.3	TLS_AES_128_GCM_SHA256 ECDH secp256r1 FS
BingPreview Jan 2015	EC 384 (SHA256)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp521r1 FS
Chrome 49 / XP SP3	Server sent fatal alert: handshake_failure
Chrome 69 / Win 7 R	EC 384 (SHA256)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
Chrome 70 / Win 10	-	TLS 1.3	TLS_AES_128_GCM_SHA256 ECDH secp256r1 FS
Chrome 80 / Win 10 R	-	TLS 1.3	TLS_AES_128_GCM_SHA256 ECDH secp256r1 FS
Firefox 31.3.0 ESR / Win 7	EC 384 (SHA256)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
Firefox 47 / Win 7 R	EC 384 (SHA256)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
Firefox 49 / XP SP3	EC 384 (SHA256)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
Firefox 62 / Win 7 R	EC 384 (SHA256)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
Firefox 73 / Win 10 R	-	TLS 1.3	TLS_AES_128_GCM_SHA256 ECDH secp256r1 FS
Googlebot Feb 2018	EC 384 (SHA256)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
IE 11 / Win 7 R	EC 384 (SHA256)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
IE 11 / Win 8.1 R	EC 384 (SHA256)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
IE 11 / Win Phone 8.1 R	EC 384 (SHA256)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
IE 11 / Win Phone 8.1 Update R	EC 384 (SHA256)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
IE 11 / Win 10 R	EC 384 (SHA256)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
Edge 15 / Win 10 R	EC 384 (SHA256)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
Edge 16 / Win 10 R	EC 384 (SHA256)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
Edge 18 / Win 10 R	EC 384 (SHA256)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
Edge 13 / Win Phone 10 R	EC 384 (SHA256)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
Java 8u161	EC 384 (SHA256)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
Java 11.0.3	-	TLS 1.3	TLS_AES_128_GCM_SHA256 ECDH secp256r1 FS
Java 12.0.1	-	TLS 1.3	TLS_AES_128_GCM_SHA256 ECDH secp256r1 FS
OpenSSL 1.0.1l R	EC 384 (SHA256)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp521r1 FS
OpenSSL 1.0.2s R	EC 384 (SHA256)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
OpenSSL 1.1.0k R	EC 384 (SHA256)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
OpenSSL 1.1.1c R	-	TLS 1.3	TLS_AES_128_GCM_SHA256 ECDH secp256r1 FS
Safari 6 / iOS 6.0.1	Server sent fatal alert: handshake_failure
Safari 7 / iOS 7.1 R	Server sent fatal alert: handshake_failure
Safari 7 / OS X 10.9 R	Server sent fatal alert: handshake_failure
Safari 8 / iOS 8.4 R	Server sent fatal alert: handshake_failure
Safari 8 / OS X 10.10 R	Server sent fatal alert: handshake_failure
Safari 9 / iOS 9 R	EC 384 (SHA256)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
Safari 9 / OS X 10.11 R	EC 384 (SHA256)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
Safari 10 / iOS 10 R	EC 384 (SHA256)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
Safari 10 / OS X 10.12 R	EC 384 (SHA256)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
Safari 12.1.2 / MacOS 10.14.6 Beta R	-	TLS 1.3	TLS_AES_128_GCM_SHA256 ECDH secp256r1 FS
Safari 12.1.1 / iOS 12.3.1 R	-	TLS 1.3	TLS_AES_128_GCM_SHA256 ECDH secp256r1 FS
Apple ATS 9 / iOS 9 R	EC 384 (SHA256)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
Yahoo Slurp Jan 2015	EC 384 (SHA256)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp384r1 FS
YandexBot Jan 2015	EC 384 (SHA256)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp521r1 FS
# Not simulated clients (Protocol mismatch)
Android 2.3.7 No SNI ²	Protocol mismatch (not simulated)
Android 4.0.4	Protocol mismatch (not simulated)
Android 4.1.1	Protocol mismatch (not simulated)
Android 4.2.2	Protocol mismatch (not simulated)
Android 4.3	Protocol mismatch (not simulated)
Baidu Jan 2015	Protocol mismatch (not simulated)
IE 6 / XP No FS ¹ No SNI ²	Protocol mismatch (not simulated)
IE 7 / Vista	Protocol mismatch (not simulated)
IE 8 / XP No FS ¹ No SNI ²	Protocol mismatch (not simulated)
IE 8-10 / Win 7 R	Protocol mismatch (not simulated)
IE 10 / Win Phone 8.0	Protocol mismatch (not simulated)
Java 6u45 No SNI ²	Protocol mismatch (not simulated)
Java 7u25	Protocol mismatch (not simulated)
OpenSSL 0.9.8y	Protocol mismatch (not simulated)
Safari 5.1.9 / OS X 10.6.8	Protocol mismatch (not simulated)
Safari 6.0.4 / OS X 10.8.4 R	Protocol mismatch (not simulated)
Click here to expand
(1) Clients that do not support Forward Secrecy (FS) are excluded when determining support for it.
(2) No support for virtual SSL hosting (SNI). Connects to the default site if the server uses SNI.
(3) Only first connection attempt simulated. Browsers sometimes retry with a lower protocol version.
(R) Denotes a reference browser or client, with which we expect better effective security.
(All) We use defaults, but some platforms do not use their best protocols and features (e.g., Java 6 & 7, older IE).
(All) Certificate trust is not checked in handshake simulation, we only perform TLS handshake.

Protocol Details
Secure Renegotiation	Supported
Secure Client-Initiated Renegotiation	No
Insecure Client-Initiated Renegotiation	No
BEAST attack	Mitigated server-side (more info)
POODLE (SSLv3)	No, SSL 3 not supported (more info)
POODLE (TLS)	No (more info)
Zombie POODLE	No (more info)
GOLDENDOODLE	No (more info)
OpenSSL 0-Length	No (more info)
Sleeping POODLE	No (more info)
Downgrade attack prevention	Yes, TLS_FALLBACK_SCSV supported (more info)
SSL/TLS compression	No
RC4	No
Heartbeat (extension)	No
Heartbleed (vulnerability)	No (more info)
Ticketbleed (vulnerability)	Unknown (more info)
OpenSSL CCS vuln. (CVE-2014-0224)	No (more info)
OpenSSL Padding Oracle vuln. (CVE-2016-2107)	No (more info)
ROBOT (vulnerability)	No (more info)
Forward Secrecy	Yes (with most browsers) ROBUST (more info)
ALPN	No
NPN	No
Session resumption (caching)	Unknown
Session resumption (tickets)	Yes
OCSP stapling	No
Strict Transport Security (HSTS)	Unknown (failed HTTP request?)
HSTS Preloading	Chrome Edge Firefox IE
Public Key Pinning (HPKP)	Unknown (failed HTTP request?)
Public Key Pinning Report-Only	Unknown (failed HTTP request?)
Public Key Pinning (Static)	No (more info)
Long handshake intolerance	No
TLS extension intolerance	No
TLS version intolerance	No
Incorrect SNI alerts	No
Uses common DH primes	No, DHE suites not supported
DH public server param (Ys) reuse	No, DHE suites not supported
ECDH public server param reuse	No
Supported Named Groups	secp256r1, secp384r1, secp521r1 (Server has no preference)
SSL 2 handshake compatibility	No
0-RTT enabled	No

HTTP Requests

1 https://test.pdns.service.ncsc.gov.uk/ (Request failed)

Miscellaneous
Test date	Sun, 11 Jan 2026 16:29:26 UTC
Test duration	118.738 seconds
HTTP status code	Request failed
HTTP server signature	Unknown
Server hostname	-

Why is my certificate not trusted?

1. Invalid certificate

2. Invalid configuration

3. Unknown Certificate Authority

4. Interoperability issues

Copyright © 2009-2026 Qualys, Inc. All Rights Reserved. Privacy Policy.	Terms and Conditions
Try Qualys for free! Experience the award-winning Qualys Cloud Platform and the entire collection of Qualys Cloud Apps, including certificate security solutions.