SSL Server Test: test.pdns.service.ncsc.gov.uk (Powered by Qualys SSL Labs)

Summary

Overall Rating

T

If trust issues are ignored: A

0

20

40

60

80

100

Certificate

Protocol Support

Key Exchange

Cipher Strength

Visit our documentation page for more information, configuration guides, and books. Known issues are documented here.

This server's certificate is not trusted, see below for details.

This site works only in browsers with SNI support.

This server supports TLS 1.3. MORE INFO »

DNS Certification Authority Authorization (CAA) Policy found for this domain. MORE INFO »

Certificate #1: EC 384 bits (SHA256withECDSA)

Server Key and Certificate #1
Subject	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: cef4b0bca0c6c45b1c6560b7b6a8768f8ea7cd902025a5585e4f2f93ce8b46e4 Pin SHA256: nAgJhMVfL80ZBcrRn+9RD7Cc9G88NKFLoB18yGTRX9g=
Common names	test.pdns.service.ncsc.gov.uk
Alternative names	test.pdns.service.ncsc.gov.uk
Serial Number	018a7a
Valid from	Mon, 20 Oct 2025 14:27:49 UTC
Valid until	Tue, 28 Oct 2025 14:27:49 UTC (expires in 6 days, 14 hours)
Key	EC 384 bits
Weak key (Debian)	No
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79
Signature algorithm	SHA256withECDSA
Extended Validation	No
Certificate Transparency	No
OCSP Must Staple	No
Revocation information	None
DNS CAA	Yes policy host: ncsc.gov.uk issue: Digicert.com flags:0 issue: globalsign.com flags:0 issue: amazon.com flags:0 issue: letsencrypt.org flags:0 issue: comodo.com flags:0 iodef: mailto:infrastructure@ncsc.gov.uk flags:0
Trusted	No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (1437 bytes)
Chain issues	Contains anchor
#2
Subject	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Not in trust store Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4=
Valid until	Wed, 30 Jan 2030 11:20:00 UTC (expires in 4 years and 3 months)
Key	EC 256 bits
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed
Signature algorithm	SHA256withECDSA

Certification Paths


Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: cef4b0bca0c6c45b1c6560b7b6a8768f8ea7cd902025a5585e4f2f93ce8b46e4 Pin SHA256: nAgJhMVfL80ZBcrRn+9RD7Cc9G88NKFLoB18yGTRX9g= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: cef4b0bca0c6c45b1c6560b7b6a8768f8ea7cd902025a5585e4f2f93ce8b46e4 Pin SHA256: nAgJhMVfL80ZBcrRn+9RD7Cc9G88NKFLoB18yGTRX9g= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: cef4b0bca0c6c45b1c6560b7b6a8768f8ea7cd902025a5585e4f2f93ce8b46e4 Pin SHA256: nAgJhMVfL80ZBcrRn+9RD7Cc9G88NKFLoB18yGTRX9g= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: cef4b0bca0c6c45b1c6560b7b6a8768f8ea7cd902025a5585e4f2f93ce8b46e4 Pin SHA256: nAgJhMVfL80ZBcrRn+9RD7Cc9G88NKFLoB18yGTRX9g= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: cef4b0bca0c6c45b1c6560b7b6a8768f8ea7cd902025a5585e4f2f93ce8b46e4 Pin SHA256: nAgJhMVfL80ZBcrRn+9RD7Cc9G88NKFLoB18yGTRX9g= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA

Click here to expand

Certificate #2: EC 384 bits (SHA256withECDSA)

Server Key and Certificate #1
Subject	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: d7b8d31914bd596f4279e5f3a07efb63009d4a9c9edb32ac3faaf0bb98205ec0 Pin SHA256: VKxCvDzz1Wh7ulEld4Z74qGFChh8kciswsQsV3xyp+Q=
Common names	test.pdns.service.ncsc.gov.uk
Alternative names	test.pdns.service.ncsc.gov.uk
Serial Number	0135a8
Valid from	Mon, 20 Oct 2025 14:28:08 UTC
Valid until	Tue, 28 Oct 2025 14:28:08 UTC (expires in 6 days, 14 hours)
Key	EC 384 bits
Weak key (Debian)	No
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79
Signature algorithm	SHA256withECDSA
Extended Validation	No
Certificate Transparency	No
OCSP Must Staple	No
Revocation information	None
DNS CAA	Yes policy host: ncsc.gov.uk issue: Digicert.com flags:0 issue: globalsign.com flags:0 issue: amazon.com flags:0 issue: letsencrypt.org flags:0 issue: comodo.com flags:0 iodef: mailto:infrastructure@ncsc.gov.uk flags:0
Trusted	No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (1437 bytes)
Chain issues	Contains anchor
#2
Subject	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Not in trust store Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4=
Valid until	Wed, 30 Jan 2030 11:20:00 UTC (expires in 4 years and 3 months)
Key	EC 256 bits
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed
Signature algorithm	SHA256withECDSA

Certification Paths


Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: d7b8d31914bd596f4279e5f3a07efb63009d4a9c9edb32ac3faaf0bb98205ec0 Pin SHA256: VKxCvDzz1Wh7ulEld4Z74qGFChh8kciswsQsV3xyp+Q= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: d7b8d31914bd596f4279e5f3a07efb63009d4a9c9edb32ac3faaf0bb98205ec0 Pin SHA256: VKxCvDzz1Wh7ulEld4Z74qGFChh8kciswsQsV3xyp+Q= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: d7b8d31914bd596f4279e5f3a07efb63009d4a9c9edb32ac3faaf0bb98205ec0 Pin SHA256: VKxCvDzz1Wh7ulEld4Z74qGFChh8kciswsQsV3xyp+Q= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: d7b8d31914bd596f4279e5f3a07efb63009d4a9c9edb32ac3faaf0bb98205ec0 Pin SHA256: VKxCvDzz1Wh7ulEld4Z74qGFChh8kciswsQsV3xyp+Q= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: d7b8d31914bd596f4279e5f3a07efb63009d4a9c9edb32ac3faaf0bb98205ec0 Pin SHA256: VKxCvDzz1Wh7ulEld4Z74qGFChh8kciswsQsV3xyp+Q= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA

Click here to expand

Certificate #3: EC 384 bits (SHA256withECDSA)

Server Key and Certificate #1
Subject	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: bbab8efe656135783b58d5780f4a844fe4fd4b0d079dcf8c3978a7349eea6217 Pin SHA256: IUYyP9DHZpfbzTgpdn9y5xnsVg3XZpPGl6fe3DKFUQg=
Common names	test.pdns.service.ncsc.gov.uk
Alternative names	test.pdns.service.ncsc.gov.uk
Serial Number	018cea
Valid from	Mon, 20 Oct 2025 14:28:09 UTC
Valid until	Tue, 28 Oct 2025 14:28:09 UTC (expires in 6 days, 14 hours)
Key	EC 384 bits
Weak key (Debian)	No
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79
Signature algorithm	SHA256withECDSA
Extended Validation	No
Certificate Transparency	No
OCSP Must Staple	No
Revocation information	None
DNS CAA	Yes policy host: ncsc.gov.uk issue: Digicert.com flags:0 issue: globalsign.com flags:0 issue: amazon.com flags:0 issue: letsencrypt.org flags:0 issue: comodo.com flags:0 iodef: mailto:infrastructure@ncsc.gov.uk flags:0
Trusted	No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (1436 bytes)
Chain issues	Contains anchor
#2
Subject	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Not in trust store Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4=
Valid until	Wed, 30 Jan 2030 11:20:00 UTC (expires in 4 years and 3 months)
Key	EC 256 bits
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed
Signature algorithm	SHA256withECDSA

Certification Paths


Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: bbab8efe656135783b58d5780f4a844fe4fd4b0d079dcf8c3978a7349eea6217 Pin SHA256: IUYyP9DHZpfbzTgpdn9y5xnsVg3XZpPGl6fe3DKFUQg= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: bbab8efe656135783b58d5780f4a844fe4fd4b0d079dcf8c3978a7349eea6217 Pin SHA256: IUYyP9DHZpfbzTgpdn9y5xnsVg3XZpPGl6fe3DKFUQg= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: bbab8efe656135783b58d5780f4a844fe4fd4b0d079dcf8c3978a7349eea6217 Pin SHA256: IUYyP9DHZpfbzTgpdn9y5xnsVg3XZpPGl6fe3DKFUQg= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: bbab8efe656135783b58d5780f4a844fe4fd4b0d079dcf8c3978a7349eea6217 Pin SHA256: IUYyP9DHZpfbzTgpdn9y5xnsVg3XZpPGl6fe3DKFUQg= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: bbab8efe656135783b58d5780f4a844fe4fd4b0d079dcf8c3978a7349eea6217 Pin SHA256: IUYyP9DHZpfbzTgpdn9y5xnsVg3XZpPGl6fe3DKFUQg= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA

Click here to expand

Certificate #4: EC 384 bits (SHA256withECDSA)

Server Key and Certificate #1
Subject	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 205d110b443c7f96e208f5d58bf5a8ce31555e186ec83a366520607d980122c1 Pin SHA256: DglqJg/aZcFBgUpyAnmPe1VlFjzmViBqbIfJJf6RTMM=
Common names	test.pdns.service.ncsc.gov.uk
Alternative names	test.pdns.service.ncsc.gov.uk
Serial Number	014231
Valid from	Mon, 20 Oct 2025 14:28:51 UTC
Valid until	Tue, 28 Oct 2025 14:28:51 UTC (expires in 6 days, 15 hours)
Key	EC 384 bits
Weak key (Debian)	No
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79
Signature algorithm	SHA256withECDSA
Extended Validation	No
Certificate Transparency	No
OCSP Must Staple	No
Revocation information	None
DNS CAA	Yes policy host: ncsc.gov.uk issue: Digicert.com flags:0 issue: globalsign.com flags:0 issue: amazon.com flags:0 issue: letsencrypt.org flags:0 issue: comodo.com flags:0 iodef: mailto:infrastructure@ncsc.gov.uk flags:0
Trusted	No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (1435 bytes)
Chain issues	Contains anchor
#2
Subject	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Not in trust store Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4=
Valid until	Wed, 30 Jan 2030 11:20:00 UTC (expires in 4 years and 3 months)
Key	EC 256 bits
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed
Signature algorithm	SHA256withECDSA

Certification Paths


Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 205d110b443c7f96e208f5d58bf5a8ce31555e186ec83a366520607d980122c1 Pin SHA256: DglqJg/aZcFBgUpyAnmPe1VlFjzmViBqbIfJJf6RTMM= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 205d110b443c7f96e208f5d58bf5a8ce31555e186ec83a366520607d980122c1 Pin SHA256: DglqJg/aZcFBgUpyAnmPe1VlFjzmViBqbIfJJf6RTMM= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 205d110b443c7f96e208f5d58bf5a8ce31555e186ec83a366520607d980122c1 Pin SHA256: DglqJg/aZcFBgUpyAnmPe1VlFjzmViBqbIfJJf6RTMM= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 205d110b443c7f96e208f5d58bf5a8ce31555e186ec83a366520607d980122c1 Pin SHA256: DglqJg/aZcFBgUpyAnmPe1VlFjzmViBqbIfJJf6RTMM= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 205d110b443c7f96e208f5d58bf5a8ce31555e186ec83a366520607d980122c1 Pin SHA256: DglqJg/aZcFBgUpyAnmPe1VlFjzmViBqbIfJJf6RTMM= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA

Click here to expand

Certificate #5: EC 384 bits (SHA256withECDSA)

Server Key and Certificate #1
Subject	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 8e7330e64550b90fb61382f3b205f283e7415faf8a984bb0e5200cecc3396d69 Pin SHA256: oS5cqSwE6q6MThbNmrwLgFIFxYuGLthVTc9bcnGKwt4=
Common names	test.pdns.service.ncsc.gov.uk
Alternative names	test.pdns.service.ncsc.gov.uk
Serial Number	00f801
Valid from	Mon, 20 Oct 2025 14:28:52 UTC
Valid until	Tue, 28 Oct 2025 14:28:52 UTC (expires in 6 days, 15 hours)
Key	EC 384 bits
Weak key (Debian)	No
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79
Signature algorithm	SHA256withECDSA
Extended Validation	No
Certificate Transparency	No
OCSP Must Staple	No
Revocation information	None
DNS CAA	Yes policy host: ncsc.gov.uk issue: Digicert.com flags:0 issue: globalsign.com flags:0 issue: amazon.com flags:0 issue: letsencrypt.org flags:0 issue: comodo.com flags:0 iodef: mailto:infrastructure@ncsc.gov.uk flags:0
Trusted	No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (1435 bytes)
Chain issues	Contains anchor
#2
Subject	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Not in trust store Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4=
Valid until	Wed, 30 Jan 2030 11:20:00 UTC (expires in 4 years and 3 months)
Key	EC 256 bits
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed
Signature algorithm	SHA256withECDSA

Certification Paths


Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 8e7330e64550b90fb61382f3b205f283e7415faf8a984bb0e5200cecc3396d69 Pin SHA256: oS5cqSwE6q6MThbNmrwLgFIFxYuGLthVTc9bcnGKwt4= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 8e7330e64550b90fb61382f3b205f283e7415faf8a984bb0e5200cecc3396d69 Pin SHA256: oS5cqSwE6q6MThbNmrwLgFIFxYuGLthVTc9bcnGKwt4= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 8e7330e64550b90fb61382f3b205f283e7415faf8a984bb0e5200cecc3396d69 Pin SHA256: oS5cqSwE6q6MThbNmrwLgFIFxYuGLthVTc9bcnGKwt4= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 8e7330e64550b90fb61382f3b205f283e7415faf8a984bb0e5200cecc3396d69 Pin SHA256: oS5cqSwE6q6MThbNmrwLgFIFxYuGLthVTc9bcnGKwt4= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 8e7330e64550b90fb61382f3b205f283e7415faf8a984bb0e5200cecc3396d69 Pin SHA256: oS5cqSwE6q6MThbNmrwLgFIFxYuGLthVTc9bcnGKwt4= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA

Click here to expand

Certificate #6: EC 384 bits (SHA256withECDSA)

Server Key and Certificate #1
Subject	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 0f77245ea6dd9acf703a50013da00ff3a0fa1d04fd2fd2060ab78eb26e814a5a Pin SHA256: rrEpMxoPZP9CF/ppTPRhys1ZlBf0VgriBrQN3be8Hfw=
Common names	test.pdns.service.ncsc.gov.uk
Alternative names	test.pdns.service.ncsc.gov.uk
Serial Number	018c76
Valid from	Mon, 20 Oct 2025 14:28:53 UTC
Valid until	Tue, 28 Oct 2025 14:28:53 UTC (expires in 6 days, 15 hours)
Key	EC 384 bits
Weak key (Debian)	No
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79
Signature algorithm	SHA256withECDSA
Extended Validation	No
Certificate Transparency	No
OCSP Must Staple	No
Revocation information	None
DNS CAA	Yes policy host: ncsc.gov.uk issue: Digicert.com flags:0 issue: globalsign.com flags:0 issue: amazon.com flags:0 issue: letsencrypt.org flags:0 issue: comodo.com flags:0 iodef: mailto:infrastructure@ncsc.gov.uk flags:0
Trusted	No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (1435 bytes)
Chain issues	Contains anchor
#2
Subject	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Not in trust store Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4=
Valid until	Wed, 30 Jan 2030 11:20:00 UTC (expires in 4 years and 3 months)
Key	EC 256 bits
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed
Signature algorithm	SHA256withECDSA

Certification Paths


Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 0f77245ea6dd9acf703a50013da00ff3a0fa1d04fd2fd2060ab78eb26e814a5a Pin SHA256: rrEpMxoPZP9CF/ppTPRhys1ZlBf0VgriBrQN3be8Hfw= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 0f77245ea6dd9acf703a50013da00ff3a0fa1d04fd2fd2060ab78eb26e814a5a Pin SHA256: rrEpMxoPZP9CF/ppTPRhys1ZlBf0VgriBrQN3be8Hfw= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 0f77245ea6dd9acf703a50013da00ff3a0fa1d04fd2fd2060ab78eb26e814a5a Pin SHA256: rrEpMxoPZP9CF/ppTPRhys1ZlBf0VgriBrQN3be8Hfw= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 0f77245ea6dd9acf703a50013da00ff3a0fa1d04fd2fd2060ab78eb26e814a5a Pin SHA256: rrEpMxoPZP9CF/ppTPRhys1ZlBf0VgriBrQN3be8Hfw= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 0f77245ea6dd9acf703a50013da00ff3a0fa1d04fd2fd2060ab78eb26e814a5a Pin SHA256: rrEpMxoPZP9CF/ppTPRhys1ZlBf0VgriBrQN3be8Hfw= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA

Click here to expand

Certificate #7: EC 384 bits (SHA256withECDSA)

Server Key and Certificate #1
Subject	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 0f2df37ac83e63313e82a865f1efd475219fe74252e4dde27cf6fc991c79068a Pin SHA256: o0VzoFcpeQhz8t4piJfpxyQeFDVTWSS8U0lRW9qfBPs=
Common names	test.pdns.service.ncsc.gov.uk
Alternative names	test.pdns.service.ncsc.gov.uk
Serial Number	014442
Valid from	Mon, 20 Oct 2025 14:28:53 UTC
Valid until	Tue, 28 Oct 2025 14:28:53 UTC (expires in 6 days, 15 hours)
Key	EC 384 bits
Weak key (Debian)	No
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79
Signature algorithm	SHA256withECDSA
Extended Validation	No
Certificate Transparency	No
OCSP Must Staple	No
Revocation information	None
DNS CAA	Yes policy host: ncsc.gov.uk issue: Digicert.com flags:0 issue: globalsign.com flags:0 issue: amazon.com flags:0 issue: letsencrypt.org flags:0 issue: comodo.com flags:0 iodef: mailto:infrastructure@ncsc.gov.uk flags:0
Trusted	No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (1435 bytes)
Chain issues	Contains anchor
#2
Subject	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Not in trust store Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4=
Valid until	Wed, 30 Jan 2030 11:20:00 UTC (expires in 4 years and 3 months)
Key	EC 256 bits
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed
Signature algorithm	SHA256withECDSA

Certification Paths


Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 0f2df37ac83e63313e82a865f1efd475219fe74252e4dde27cf6fc991c79068a Pin SHA256: o0VzoFcpeQhz8t4piJfpxyQeFDVTWSS8U0lRW9qfBPs= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 0f2df37ac83e63313e82a865f1efd475219fe74252e4dde27cf6fc991c79068a Pin SHA256: o0VzoFcpeQhz8t4piJfpxyQeFDVTWSS8U0lRW9qfBPs= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 0f2df37ac83e63313e82a865f1efd475219fe74252e4dde27cf6fc991c79068a Pin SHA256: o0VzoFcpeQhz8t4piJfpxyQeFDVTWSS8U0lRW9qfBPs= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 0f2df37ac83e63313e82a865f1efd475219fe74252e4dde27cf6fc991c79068a Pin SHA256: o0VzoFcpeQhz8t4piJfpxyQeFDVTWSS8U0lRW9qfBPs= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 0f2df37ac83e63313e82a865f1efd475219fe74252e4dde27cf6fc991c79068a Pin SHA256: o0VzoFcpeQhz8t4piJfpxyQeFDVTWSS8U0lRW9qfBPs= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA

Click here to expand

Certificate #8: EC 384 bits (SHA256withECDSA)

Server Key and Certificate #1
Subject	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 1299442c806820baa9a8d76bb0dbc3673a37bd3f7524da451b963fb49607b3c4 Pin SHA256: XiKsumxeCDh093IREsyF0kuQrqJPrjXvLiDjIG+C9V4=
Common names	test.pdns.service.ncsc.gov.uk
Alternative names	test.pdns.service.ncsc.gov.uk
Serial Number	03d7ac
Valid from	Mon, 20 Oct 2025 14:28:54 UTC
Valid until	Tue, 28 Oct 2025 14:28:54 UTC (expires in 6 days, 15 hours)
Key	EC 384 bits
Weak key (Debian)	No
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79
Signature algorithm	SHA256withECDSA
Extended Validation	No
Certificate Transparency	No
OCSP Must Staple	No
Revocation information	None
DNS CAA	Yes policy host: ncsc.gov.uk issue: Digicert.com flags:0 issue: globalsign.com flags:0 issue: amazon.com flags:0 issue: letsencrypt.org flags:0 issue: comodo.com flags:0 iodef: mailto:infrastructure@ncsc.gov.uk flags:0
Trusted	No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (1436 bytes)
Chain issues	Contains anchor
#2
Subject	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Not in trust store Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4=
Valid until	Wed, 30 Jan 2030 11:20:00 UTC (expires in 4 years and 3 months)
Key	EC 256 bits
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed
Signature algorithm	SHA256withECDSA

Certification Paths


Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 1299442c806820baa9a8d76bb0dbc3673a37bd3f7524da451b963fb49607b3c4 Pin SHA256: XiKsumxeCDh093IREsyF0kuQrqJPrjXvLiDjIG+C9V4= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 1299442c806820baa9a8d76bb0dbc3673a37bd3f7524da451b963fb49607b3c4 Pin SHA256: XiKsumxeCDh093IREsyF0kuQrqJPrjXvLiDjIG+C9V4= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 1299442c806820baa9a8d76bb0dbc3673a37bd3f7524da451b963fb49607b3c4 Pin SHA256: XiKsumxeCDh093IREsyF0kuQrqJPrjXvLiDjIG+C9V4= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 1299442c806820baa9a8d76bb0dbc3673a37bd3f7524da451b963fb49607b3c4 Pin SHA256: XiKsumxeCDh093IREsyF0kuQrqJPrjXvLiDjIG+C9V4= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 1299442c806820baa9a8d76bb0dbc3673a37bd3f7524da451b963fb49607b3c4 Pin SHA256: XiKsumxeCDh093IREsyF0kuQrqJPrjXvLiDjIG+C9V4= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA

Click here to expand

Certificate #9: EC 384 bits (SHA256withECDSA)

Server Key and Certificate #1
Subject	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 4c96cda3548cccac23f605bea3f899cc12aeca8438bd5a03a99f05363f780704 Pin SHA256: WgcP2H9Ru3KBf/NGSodtNz5dBgIoxmPd8pJr+t+xMVY=
Common names	test.pdns.service.ncsc.gov.uk
Alternative names	test.pdns.service.ncsc.gov.uk
Serial Number	013ecf
Valid from	Mon, 20 Oct 2025 14:28:57 UTC
Valid until	Tue, 28 Oct 2025 14:28:57 UTC (expires in 6 days, 15 hours)
Key	EC 384 bits
Weak key (Debian)	No
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79
Signature algorithm	SHA256withECDSA
Extended Validation	No
Certificate Transparency	No
OCSP Must Staple	No
Revocation information	None
DNS CAA	Yes policy host: ncsc.gov.uk issue: Digicert.com flags:0 issue: globalsign.com flags:0 issue: amazon.com flags:0 issue: letsencrypt.org flags:0 issue: comodo.com flags:0 iodef: mailto:infrastructure@ncsc.gov.uk flags:0
Trusted	No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (1436 bytes)
Chain issues	Contains anchor
#2
Subject	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Not in trust store Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4=
Valid until	Wed, 30 Jan 2030 11:20:00 UTC (expires in 4 years and 3 months)
Key	EC 256 bits
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed
Signature algorithm	SHA256withECDSA

Certification Paths


Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 4c96cda3548cccac23f605bea3f899cc12aeca8438bd5a03a99f05363f780704 Pin SHA256: WgcP2H9Ru3KBf/NGSodtNz5dBgIoxmPd8pJr+t+xMVY= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 4c96cda3548cccac23f605bea3f899cc12aeca8438bd5a03a99f05363f780704 Pin SHA256: WgcP2H9Ru3KBf/NGSodtNz5dBgIoxmPd8pJr+t+xMVY= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 4c96cda3548cccac23f605bea3f899cc12aeca8438bd5a03a99f05363f780704 Pin SHA256: WgcP2H9Ru3KBf/NGSodtNz5dBgIoxmPd8pJr+t+xMVY= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 4c96cda3548cccac23f605bea3f899cc12aeca8438bd5a03a99f05363f780704 Pin SHA256: WgcP2H9Ru3KBf/NGSodtNz5dBgIoxmPd8pJr+t+xMVY= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 4c96cda3548cccac23f605bea3f899cc12aeca8438bd5a03a99f05363f780704 Pin SHA256: WgcP2H9Ru3KBf/NGSodtNz5dBgIoxmPd8pJr+t+xMVY= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA

Click here to expand

Certificate #10: EC 384 bits (SHA256withECDSA)

Server Key and Certificate #1
Subject	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 2e7208e8fd98d018f67042fa5c555b0b4b8b8b2251500e52a884ed43adc80834 Pin SHA256: 6Gxj9Up7ZikdWc/JRTKv0jS8yPK9UxYHo46faMKhwvM=
Common names	test.pdns.service.ncsc.gov.uk
Alternative names	test.pdns.service.ncsc.gov.uk
Serial Number	018c81
Valid from	Mon, 20 Oct 2025 14:28:58 UTC
Valid until	Tue, 28 Oct 2025 14:28:58 UTC (expires in 6 days, 15 hours)
Key	EC 384 bits
Weak key (Debian)	No
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79
Signature algorithm	SHA256withECDSA
Extended Validation	No
Certificate Transparency	No
OCSP Must Staple	No
Revocation information	None
DNS CAA	Yes policy host: ncsc.gov.uk issue: Digicert.com flags:0 issue: globalsign.com flags:0 issue: amazon.com flags:0 issue: letsencrypt.org flags:0 issue: comodo.com flags:0 iodef: mailto:infrastructure@ncsc.gov.uk flags:0
Trusted	No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (1436 bytes)
Chain issues	Contains anchor
#2
Subject	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Not in trust store Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4=
Valid until	Wed, 30 Jan 2030 11:20:00 UTC (expires in 4 years and 3 months)
Key	EC 256 bits
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed
Signature algorithm	SHA256withECDSA

Certification Paths


Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 2e7208e8fd98d018f67042fa5c555b0b4b8b8b2251500e52a884ed43adc80834 Pin SHA256: 6Gxj9Up7ZikdWc/JRTKv0jS8yPK9UxYHo46faMKhwvM= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 2e7208e8fd98d018f67042fa5c555b0b4b8b8b2251500e52a884ed43adc80834 Pin SHA256: 6Gxj9Up7ZikdWc/JRTKv0jS8yPK9UxYHo46faMKhwvM= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 2e7208e8fd98d018f67042fa5c555b0b4b8b8b2251500e52a884ed43adc80834 Pin SHA256: 6Gxj9Up7ZikdWc/JRTKv0jS8yPK9UxYHo46faMKhwvM= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 2e7208e8fd98d018f67042fa5c555b0b4b8b8b2251500e52a884ed43adc80834 Pin SHA256: 6Gxj9Up7ZikdWc/JRTKv0jS8yPK9UxYHo46faMKhwvM= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 2e7208e8fd98d018f67042fa5c555b0b4b8b8b2251500e52a884ed43adc80834 Pin SHA256: 6Gxj9Up7ZikdWc/JRTKv0jS8yPK9UxYHo46faMKhwvM= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA

Click here to expand

Certificate #11: EC 384 bits (SHA256withECDSA)

Server Key and Certificate #1
Subject	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 765b62c7890d51c1c8027bdf7c2a5176f11f98f8ad4d39f52dffc8f26012c857 Pin SHA256: lDGBGGh/WDW4DZy4hfUcAfIctELf2CQdUcJdEEmIDj0=
Common names	test.pdns.service.ncsc.gov.uk
Alternative names	test.pdns.service.ncsc.gov.uk
Serial Number	00a077
Valid from	Mon, 20 Oct 2025 14:29:01 UTC
Valid until	Tue, 28 Oct 2025 14:29:01 UTC (expires in 6 days, 15 hours)
Key	EC 384 bits
Weak key (Debian)	No
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79
Signature algorithm	SHA256withECDSA
Extended Validation	No
Certificate Transparency	No
OCSP Must Staple	No
Revocation information	None
DNS CAA	Yes policy host: ncsc.gov.uk issue: Digicert.com flags:0 issue: globalsign.com flags:0 issue: amazon.com flags:0 issue: letsencrypt.org flags:0 issue: comodo.com flags:0 iodef: mailto:infrastructure@ncsc.gov.uk flags:0
Trusted	No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (1436 bytes)
Chain issues	Contains anchor
#2
Subject	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Not in trust store Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4=
Valid until	Wed, 30 Jan 2030 11:20:00 UTC (expires in 4 years and 3 months)
Key	EC 256 bits
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed
Signature algorithm	SHA256withECDSA

Certification Paths


Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 765b62c7890d51c1c8027bdf7c2a5176f11f98f8ad4d39f52dffc8f26012c857 Pin SHA256: lDGBGGh/WDW4DZy4hfUcAfIctELf2CQdUcJdEEmIDj0= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 765b62c7890d51c1c8027bdf7c2a5176f11f98f8ad4d39f52dffc8f26012c857 Pin SHA256: lDGBGGh/WDW4DZy4hfUcAfIctELf2CQdUcJdEEmIDj0= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 765b62c7890d51c1c8027bdf7c2a5176f11f98f8ad4d39f52dffc8f26012c857 Pin SHA256: lDGBGGh/WDW4DZy4hfUcAfIctELf2CQdUcJdEEmIDj0= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 765b62c7890d51c1c8027bdf7c2a5176f11f98f8ad4d39f52dffc8f26012c857 Pin SHA256: lDGBGGh/WDW4DZy4hfUcAfIctELf2CQdUcJdEEmIDj0= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 765b62c7890d51c1c8027bdf7c2a5176f11f98f8ad4d39f52dffc8f26012c857 Pin SHA256: lDGBGGh/WDW4DZy4hfUcAfIctELf2CQdUcJdEEmIDj0= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA

Click here to expand

Certificate #12: EC 384 bits (SHA256withECDSA)

Server Key and Certificate #1
Subject	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 716b8bbf48c6d55c3a28674afaffab49193be8fb532fcb26a9aba4bc9ef63d0c Pin SHA256: tAOZSIeY7NyV3+MjcJ5xHfbyUx65Zkh1+9ZWUqY7Wkg=
Common names	test.pdns.service.ncsc.gov.uk
Alternative names	test.pdns.service.ncsc.gov.uk
Serial Number	02799a
Valid from	Mon, 20 Oct 2025 14:29:02 UTC
Valid until	Tue, 28 Oct 2025 14:29:02 UTC (expires in 6 days, 15 hours)
Key	EC 384 bits
Weak key (Debian)	No
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79
Signature algorithm	SHA256withECDSA
Extended Validation	No
Certificate Transparency	No
OCSP Must Staple	No
Revocation information	None
DNS CAA	Yes policy host: ncsc.gov.uk issue: Digicert.com flags:0 issue: globalsign.com flags:0 issue: amazon.com flags:0 issue: letsencrypt.org flags:0 issue: comodo.com flags:0 iodef: mailto:infrastructure@ncsc.gov.uk flags:0
Trusted	No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (1437 bytes)
Chain issues	Contains anchor
#2
Subject	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Not in trust store Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4=
Valid until	Wed, 30 Jan 2030 11:20:00 UTC (expires in 4 years and 3 months)
Key	EC 256 bits
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed
Signature algorithm	SHA256withECDSA

Certification Paths


Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 716b8bbf48c6d55c3a28674afaffab49193be8fb532fcb26a9aba4bc9ef63d0c Pin SHA256: tAOZSIeY7NyV3+MjcJ5xHfbyUx65Zkh1+9ZWUqY7Wkg= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 716b8bbf48c6d55c3a28674afaffab49193be8fb532fcb26a9aba4bc9ef63d0c Pin SHA256: tAOZSIeY7NyV3+MjcJ5xHfbyUx65Zkh1+9ZWUqY7Wkg= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 716b8bbf48c6d55c3a28674afaffab49193be8fb532fcb26a9aba4bc9ef63d0c Pin SHA256: tAOZSIeY7NyV3+MjcJ5xHfbyUx65Zkh1+9ZWUqY7Wkg= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 716b8bbf48c6d55c3a28674afaffab49193be8fb532fcb26a9aba4bc9ef63d0c Pin SHA256: tAOZSIeY7NyV3+MjcJ5xHfbyUx65Zkh1+9ZWUqY7Wkg= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 716b8bbf48c6d55c3a28674afaffab49193be8fb532fcb26a9aba4bc9ef63d0c Pin SHA256: tAOZSIeY7NyV3+MjcJ5xHfbyUx65Zkh1+9ZWUqY7Wkg= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA

Click here to expand

Certificate #13: EC 384 bits (SHA256withECDSA)

Server Key and Certificate #1
Subject	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 6a1143033e9b2372bb0248909066f333e5f51649eb62e8fd0f1a7e21c6536edb Pin SHA256: ZAWzfVRtz97WQ0q82IYlKtGSB/r6Nr/CKUSmka8IuR4=
Common names	test.pdns.service.ncsc.gov.uk
Alternative names	test.pdns.service.ncsc.gov.uk
Serial Number	018bd2
Valid from	Mon, 20 Oct 2025 14:29:03 UTC
Valid until	Tue, 28 Oct 2025 14:29:03 UTC (expires in 6 days, 15 hours)
Key	EC 384 bits
Weak key (Debian)	No
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79
Signature algorithm	SHA256withECDSA
Extended Validation	No
Certificate Transparency	No
OCSP Must Staple	No
Revocation information	None
DNS CAA	Yes policy host: ncsc.gov.uk issue: Digicert.com flags:0 issue: globalsign.com flags:0 issue: amazon.com flags:0 issue: letsencrypt.org flags:0 issue: comodo.com flags:0 iodef: mailto:infrastructure@ncsc.gov.uk flags:0
Trusted	No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (1436 bytes)
Chain issues	Contains anchor
#2
Subject	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Not in trust store Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4=
Valid until	Wed, 30 Jan 2030 11:20:00 UTC (expires in 4 years and 3 months)
Key	EC 256 bits
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed
Signature algorithm	SHA256withECDSA

Certification Paths


Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 6a1143033e9b2372bb0248909066f333e5f51649eb62e8fd0f1a7e21c6536edb Pin SHA256: ZAWzfVRtz97WQ0q82IYlKtGSB/r6Nr/CKUSmka8IuR4= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 6a1143033e9b2372bb0248909066f333e5f51649eb62e8fd0f1a7e21c6536edb Pin SHA256: ZAWzfVRtz97WQ0q82IYlKtGSB/r6Nr/CKUSmka8IuR4= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 6a1143033e9b2372bb0248909066f333e5f51649eb62e8fd0f1a7e21c6536edb Pin SHA256: ZAWzfVRtz97WQ0q82IYlKtGSB/r6Nr/CKUSmka8IuR4= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 6a1143033e9b2372bb0248909066f333e5f51649eb62e8fd0f1a7e21c6536edb Pin SHA256: ZAWzfVRtz97WQ0q82IYlKtGSB/r6Nr/CKUSmka8IuR4= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 6a1143033e9b2372bb0248909066f333e5f51649eb62e8fd0f1a7e21c6536edb Pin SHA256: ZAWzfVRtz97WQ0q82IYlKtGSB/r6Nr/CKUSmka8IuR4= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA

Click here to expand

Certificate #14: EC 384 bits (SHA256withECDSA)

Server Key and Certificate #1
Subject	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 9b68d9ce1a146d9c68ca7cac4a328a7dd42f7c231a56447ce37ad183d981b4a4 Pin SHA256: EVvCUJKmyKv9aAutt6Nuvf1sdsNQDUIjQOhJuA+zhug=
Common names	test.pdns.service.ncsc.gov.uk
Alternative names	test.pdns.service.ncsc.gov.uk
Serial Number	035411
Valid from	Mon, 20 Oct 2025 14:29:04 UTC
Valid until	Tue, 28 Oct 2025 14:29:04 UTC (expires in 6 days, 15 hours)
Key	EC 384 bits
Weak key (Debian)	No
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79
Signature algorithm	SHA256withECDSA
Extended Validation	No
Certificate Transparency	No
OCSP Must Staple	No
Revocation information	None
DNS CAA	Yes policy host: ncsc.gov.uk issue: Digicert.com flags:0 issue: globalsign.com flags:0 issue: amazon.com flags:0 issue: letsencrypt.org flags:0 issue: comodo.com flags:0 iodef: mailto:infrastructure@ncsc.gov.uk flags:0
Trusted	No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (1436 bytes)
Chain issues	Contains anchor
#2
Subject	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Not in trust store Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4=
Valid until	Wed, 30 Jan 2030 11:20:00 UTC (expires in 4 years and 3 months)
Key	EC 256 bits
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed
Signature algorithm	SHA256withECDSA

Certification Paths


Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 9b68d9ce1a146d9c68ca7cac4a328a7dd42f7c231a56447ce37ad183d981b4a4 Pin SHA256: EVvCUJKmyKv9aAutt6Nuvf1sdsNQDUIjQOhJuA+zhug= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 9b68d9ce1a146d9c68ca7cac4a328a7dd42f7c231a56447ce37ad183d981b4a4 Pin SHA256: EVvCUJKmyKv9aAutt6Nuvf1sdsNQDUIjQOhJuA+zhug= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 9b68d9ce1a146d9c68ca7cac4a328a7dd42f7c231a56447ce37ad183d981b4a4 Pin SHA256: EVvCUJKmyKv9aAutt6Nuvf1sdsNQDUIjQOhJuA+zhug= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 9b68d9ce1a146d9c68ca7cac4a328a7dd42f7c231a56447ce37ad183d981b4a4 Pin SHA256: EVvCUJKmyKv9aAutt6Nuvf1sdsNQDUIjQOhJuA+zhug= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 9b68d9ce1a146d9c68ca7cac4a328a7dd42f7c231a56447ce37ad183d981b4a4 Pin SHA256: EVvCUJKmyKv9aAutt6Nuvf1sdsNQDUIjQOhJuA+zhug= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA

Click here to expand

Certificate #15: EC 384 bits (SHA256withECDSA)

Server Key and Certificate #1
Subject	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: b10047a264b7c52ecb92e1316ba6e39dc8411aea18bb17ad3c7eb52cd3249d98 Pin SHA256: 5IhaGAuT+AX+VyKGB9acR3wKFlV39GgnHsKfkXyeyPc=
Common names	test.pdns.service.ncsc.gov.uk
Alternative names	test.pdns.service.ncsc.gov.uk
Serial Number	01406d
Valid from	Mon, 20 Oct 2025 14:29:05 UTC
Valid until	Tue, 28 Oct 2025 14:29:05 UTC (expires in 6 days, 15 hours)
Key	EC 384 bits
Weak key (Debian)	No
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79
Signature algorithm	SHA256withECDSA
Extended Validation	No
Certificate Transparency	No
OCSP Must Staple	No
Revocation information	None
DNS CAA	Yes policy host: ncsc.gov.uk issue: Digicert.com flags:0 issue: globalsign.com flags:0 issue: amazon.com flags:0 issue: letsencrypt.org flags:0 issue: comodo.com flags:0 iodef: mailto:infrastructure@ncsc.gov.uk flags:0
Trusted	No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (1436 bytes)
Chain issues	Contains anchor
#2
Subject	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Not in trust store Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4=
Valid until	Wed, 30 Jan 2030 11:20:00 UTC (expires in 4 years and 3 months)
Key	EC 256 bits
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed
Signature algorithm	SHA256withECDSA

Certification Paths


Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: b10047a264b7c52ecb92e1316ba6e39dc8411aea18bb17ad3c7eb52cd3249d98 Pin SHA256: 5IhaGAuT+AX+VyKGB9acR3wKFlV39GgnHsKfkXyeyPc= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: b10047a264b7c52ecb92e1316ba6e39dc8411aea18bb17ad3c7eb52cd3249d98 Pin SHA256: 5IhaGAuT+AX+VyKGB9acR3wKFlV39GgnHsKfkXyeyPc= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: b10047a264b7c52ecb92e1316ba6e39dc8411aea18bb17ad3c7eb52cd3249d98 Pin SHA256: 5IhaGAuT+AX+VyKGB9acR3wKFlV39GgnHsKfkXyeyPc= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: b10047a264b7c52ecb92e1316ba6e39dc8411aea18bb17ad3c7eb52cd3249d98 Pin SHA256: 5IhaGAuT+AX+VyKGB9acR3wKFlV39GgnHsKfkXyeyPc= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: b10047a264b7c52ecb92e1316ba6e39dc8411aea18bb17ad3c7eb52cd3249d98 Pin SHA256: 5IhaGAuT+AX+VyKGB9acR3wKFlV39GgnHsKfkXyeyPc= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA

Click here to expand

Certificate #16: EC 384 bits (SHA256withECDSA)

Server Key and Certificate #1
Subject	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 3c7fc933cef51d4b05588eba7b651a28988b3b4af133a3e1da48c10dd9ace28e Pin SHA256: 8br3t0CZvZEv44CUbn7sAhi3HOi1udF2bPd8LqkapdA=
Common names	test.pdns.service.ncsc.gov.uk
Alternative names	test.pdns.service.ncsc.gov.uk
Serial Number	018d05
Valid from	Mon, 20 Oct 2025 14:29:06 UTC
Valid until	Tue, 28 Oct 2025 14:29:06 UTC (expires in 6 days, 15 hours)
Key	EC 384 bits
Weak key (Debian)	No
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79
Signature algorithm	SHA256withECDSA
Extended Validation	No
Certificate Transparency	No
OCSP Must Staple	No
Revocation information	None
DNS CAA	Yes policy host: ncsc.gov.uk issue: Digicert.com flags:0 issue: globalsign.com flags:0 issue: amazon.com flags:0 issue: letsencrypt.org flags:0 issue: comodo.com flags:0 iodef: mailto:infrastructure@ncsc.gov.uk flags:0
Trusted	No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (1436 bytes)
Chain issues	Contains anchor
#2
Subject	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Not in trust store Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4=
Valid until	Wed, 30 Jan 2030 11:20:00 UTC (expires in 4 years and 3 months)
Key	EC 256 bits
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed
Signature algorithm	SHA256withECDSA

Certification Paths


Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 3c7fc933cef51d4b05588eba7b651a28988b3b4af133a3e1da48c10dd9ace28e Pin SHA256: 8br3t0CZvZEv44CUbn7sAhi3HOi1udF2bPd8LqkapdA= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 3c7fc933cef51d4b05588eba7b651a28988b3b4af133a3e1da48c10dd9ace28e Pin SHA256: 8br3t0CZvZEv44CUbn7sAhi3HOi1udF2bPd8LqkapdA= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 3c7fc933cef51d4b05588eba7b651a28988b3b4af133a3e1da48c10dd9ace28e Pin SHA256: 8br3t0CZvZEv44CUbn7sAhi3HOi1udF2bPd8LqkapdA= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 3c7fc933cef51d4b05588eba7b651a28988b3b4af133a3e1da48c10dd9ace28e Pin SHA256: 8br3t0CZvZEv44CUbn7sAhi3HOi1udF2bPd8LqkapdA= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 3c7fc933cef51d4b05588eba7b651a28988b3b4af133a3e1da48c10dd9ace28e Pin SHA256: 8br3t0CZvZEv44CUbn7sAhi3HOi1udF2bPd8LqkapdA= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA

Click here to expand

Certificate #17: EC 384 bits (SHA256withECDSA)

Server Key and Certificate #1
Subject	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 7de940a9680f89ad3a06e5af6f5798681da42f52ec6bb39b74b4419633776805 Pin SHA256: LZ+mg4zNP6t+lh+UoZmqm/WOdxpDx21gqlesqrjpCfU=
Common names	test.pdns.service.ncsc.gov.uk
Alternative names	test.pdns.service.ncsc.gov.uk
Serial Number	01ccc8
Valid from	Mon, 20 Oct 2025 14:29:07 UTC
Valid until	Tue, 28 Oct 2025 14:29:07 UTC (expires in 6 days, 15 hours)
Key	EC 384 bits
Weak key (Debian)	No
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79
Signature algorithm	SHA256withECDSA
Extended Validation	No
Certificate Transparency	No
OCSP Must Staple	No
Revocation information	None
DNS CAA	Yes policy host: ncsc.gov.uk issue: Digicert.com flags:0 issue: globalsign.com flags:0 issue: amazon.com flags:0 issue: letsencrypt.org flags:0 issue: comodo.com flags:0 iodef: mailto:infrastructure@ncsc.gov.uk flags:0
Trusted	No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (1436 bytes)
Chain issues	Contains anchor
#2
Subject	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Not in trust store Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4=
Valid until	Wed, 30 Jan 2030 11:20:00 UTC (expires in 4 years and 3 months)
Key	EC 256 bits
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed
Signature algorithm	SHA256withECDSA

Certification Paths


Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 7de940a9680f89ad3a06e5af6f5798681da42f52ec6bb39b74b4419633776805 Pin SHA256: LZ+mg4zNP6t+lh+UoZmqm/WOdxpDx21gqlesqrjpCfU= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 7de940a9680f89ad3a06e5af6f5798681da42f52ec6bb39b74b4419633776805 Pin SHA256: LZ+mg4zNP6t+lh+UoZmqm/WOdxpDx21gqlesqrjpCfU= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 7de940a9680f89ad3a06e5af6f5798681da42f52ec6bb39b74b4419633776805 Pin SHA256: LZ+mg4zNP6t+lh+UoZmqm/WOdxpDx21gqlesqrjpCfU= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 7de940a9680f89ad3a06e5af6f5798681da42f52ec6bb39b74b4419633776805 Pin SHA256: LZ+mg4zNP6t+lh+UoZmqm/WOdxpDx21gqlesqrjpCfU= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 7de940a9680f89ad3a06e5af6f5798681da42f52ec6bb39b74b4419633776805 Pin SHA256: LZ+mg4zNP6t+lh+UoZmqm/WOdxpDx21gqlesqrjpCfU= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA

Click here to expand

Certificate #18: EC 384 bits (SHA256withECDSA)

Server Key and Certificate #1
Subject	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 00c3588d6ffc916821e21c89c78a3ab6f184b733087167e23a5525facb614b3f Pin SHA256: qOzyc8FfjiyB8i5VPwnPAFk0x5qaJe+0fxVZQBqLveU=
Common names	test.pdns.service.ncsc.gov.uk
Alternative names	test.pdns.service.ncsc.gov.uk
Serial Number	01b662
Valid from	Mon, 20 Oct 2025 14:29:08 UTC
Valid until	Tue, 28 Oct 2025 14:29:08 UTC (expires in 6 days, 15 hours)
Key	EC 384 bits
Weak key (Debian)	No
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79
Signature algorithm	SHA256withECDSA
Extended Validation	No
Certificate Transparency	No
OCSP Must Staple	No
Revocation information	None
DNS CAA	Yes policy host: ncsc.gov.uk issue: Digicert.com flags:0 issue: globalsign.com flags:0 issue: amazon.com flags:0 issue: letsencrypt.org flags:0 issue: comodo.com flags:0 iodef: mailto:infrastructure@ncsc.gov.uk flags:0
Trusted	No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (1436 bytes)
Chain issues	Contains anchor
#2
Subject	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Not in trust store Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4=
Valid until	Wed, 30 Jan 2030 11:20:00 UTC (expires in 4 years and 3 months)
Key	EC 256 bits
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed
Signature algorithm	SHA256withECDSA

Certification Paths


Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 00c3588d6ffc916821e21c89c78a3ab6f184b733087167e23a5525facb614b3f Pin SHA256: qOzyc8FfjiyB8i5VPwnPAFk0x5qaJe+0fxVZQBqLveU= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 00c3588d6ffc916821e21c89c78a3ab6f184b733087167e23a5525facb614b3f Pin SHA256: qOzyc8FfjiyB8i5VPwnPAFk0x5qaJe+0fxVZQBqLveU= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 00c3588d6ffc916821e21c89c78a3ab6f184b733087167e23a5525facb614b3f Pin SHA256: qOzyc8FfjiyB8i5VPwnPAFk0x5qaJe+0fxVZQBqLveU= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 00c3588d6ffc916821e21c89c78a3ab6f184b733087167e23a5525facb614b3f Pin SHA256: qOzyc8FfjiyB8i5VPwnPAFk0x5qaJe+0fxVZQBqLveU= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 00c3588d6ffc916821e21c89c78a3ab6f184b733087167e23a5525facb614b3f Pin SHA256: qOzyc8FfjiyB8i5VPwnPAFk0x5qaJe+0fxVZQBqLveU= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA

Click here to expand

Certificate #19: EC 384 bits (SHA256withECDSA)

Server Key and Certificate #1
Subject	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 31495ae8e8d6a3c0a666edc9a77afccbcd8732a13622982a139505999b5d1180 Pin SHA256: QbHzsEO8uhrUfHuHyUwDo9pGQcpJEtGnjgU3fYs1WTE=
Common names	test.pdns.service.ncsc.gov.uk
Alternative names	test.pdns.service.ncsc.gov.uk
Serial Number	00d546
Valid from	Mon, 20 Oct 2025 14:29:09 UTC
Valid until	Tue, 28 Oct 2025 14:29:09 UTC (expires in 6 days, 15 hours)
Key	EC 384 bits
Weak key (Debian)	No
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79
Signature algorithm	SHA256withECDSA
Extended Validation	No
Certificate Transparency	No
OCSP Must Staple	No
Revocation information	None
DNS CAA	Yes policy host: ncsc.gov.uk issue: Digicert.com flags:0 issue: globalsign.com flags:0 issue: amazon.com flags:0 issue: letsencrypt.org flags:0 issue: comodo.com flags:0 iodef: mailto:infrastructure@ncsc.gov.uk flags:0
Trusted	No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (1437 bytes)
Chain issues	Contains anchor
#2
Subject	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Not in trust store Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4=
Valid until	Wed, 30 Jan 2030 11:20:00 UTC (expires in 4 years and 3 months)
Key	EC 256 bits
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed
Signature algorithm	SHA256withECDSA

Certification Paths


Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 31495ae8e8d6a3c0a666edc9a77afccbcd8732a13622982a139505999b5d1180 Pin SHA256: QbHzsEO8uhrUfHuHyUwDo9pGQcpJEtGnjgU3fYs1WTE= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 31495ae8e8d6a3c0a666edc9a77afccbcd8732a13622982a139505999b5d1180 Pin SHA256: QbHzsEO8uhrUfHuHyUwDo9pGQcpJEtGnjgU3fYs1WTE= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 31495ae8e8d6a3c0a666edc9a77afccbcd8732a13622982a139505999b5d1180 Pin SHA256: QbHzsEO8uhrUfHuHyUwDo9pGQcpJEtGnjgU3fYs1WTE= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 31495ae8e8d6a3c0a666edc9a77afccbcd8732a13622982a139505999b5d1180 Pin SHA256: QbHzsEO8uhrUfHuHyUwDo9pGQcpJEtGnjgU3fYs1WTE= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 31495ae8e8d6a3c0a666edc9a77afccbcd8732a13622982a139505999b5d1180 Pin SHA256: QbHzsEO8uhrUfHuHyUwDo9pGQcpJEtGnjgU3fYs1WTE= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA

Click here to expand

Certificate #20: EC 384 bits (SHA256withECDSA)

Server Key and Certificate #1
Subject	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: be0eb05c24d114435e193ce413f42d9e9f4837a3c762822c3c1af410fefa86fd Pin SHA256: 6OgTGBuCYFjQizhGZBnnR6emQki2ZKKbcxjChmAhIYI=
Common names	test.pdns.service.ncsc.gov.uk
Alternative names	test.pdns.service.ncsc.gov.uk
Serial Number	009c35
Valid from	Mon, 20 Oct 2025 14:29:10 UTC
Valid until	Tue, 28 Oct 2025 14:29:10 UTC (expires in 6 days, 15 hours)
Key	EC 384 bits
Weak key (Debian)	No
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79
Signature algorithm	SHA256withECDSA
Extended Validation	No
Certificate Transparency	No
OCSP Must Staple	No
Revocation information	None
DNS CAA	Yes policy host: ncsc.gov.uk issue: Digicert.com flags:0 issue: globalsign.com flags:0 issue: amazon.com flags:0 issue: letsencrypt.org flags:0 issue: comodo.com flags:0 iodef: mailto:infrastructure@ncsc.gov.uk flags:0
Trusted	No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (1436 bytes)
Chain issues	Contains anchor
#2
Subject	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Not in trust store Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4=
Valid until	Wed, 30 Jan 2030 11:20:00 UTC (expires in 4 years and 3 months)
Key	EC 256 bits
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed
Signature algorithm	SHA256withECDSA

Certification Paths


Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: be0eb05c24d114435e193ce413f42d9e9f4837a3c762822c3c1af410fefa86fd Pin SHA256: 6OgTGBuCYFjQizhGZBnnR6emQki2ZKKbcxjChmAhIYI= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: be0eb05c24d114435e193ce413f42d9e9f4837a3c762822c3c1af410fefa86fd Pin SHA256: 6OgTGBuCYFjQizhGZBnnR6emQki2ZKKbcxjChmAhIYI= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: be0eb05c24d114435e193ce413f42d9e9f4837a3c762822c3c1af410fefa86fd Pin SHA256: 6OgTGBuCYFjQizhGZBnnR6emQki2ZKKbcxjChmAhIYI= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: be0eb05c24d114435e193ce413f42d9e9f4837a3c762822c3c1af410fefa86fd Pin SHA256: 6OgTGBuCYFjQizhGZBnnR6emQki2ZKKbcxjChmAhIYI= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: be0eb05c24d114435e193ce413f42d9e9f4837a3c762822c3c1af410fefa86fd Pin SHA256: 6OgTGBuCYFjQizhGZBnnR6emQki2ZKKbcxjChmAhIYI= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA

Click here to expand

Certificate #21: EC 384 bits (SHA256withECDSA)

Server Key and Certificate #1
Subject	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 278bc03b5a7dffd4862ab5de9f1be7def95d41f07d25f9648de52ace328407b7 Pin SHA256: zxvTtwXHlAj/16FShUKijdyUhV+VOc3v5eAJS0llCSM=
Common names	test.pdns.service.ncsc.gov.uk
Alternative names	test.pdns.service.ncsc.gov.uk
Serial Number	01867e
Valid from	Mon, 20 Oct 2025 14:29:10 UTC
Valid until	Tue, 28 Oct 2025 14:29:10 UTC (expires in 6 days, 15 hours)
Key	EC 384 bits
Weak key (Debian)	No
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79
Signature algorithm	SHA256withECDSA
Extended Validation	No
Certificate Transparency	No
OCSP Must Staple	No
Revocation information	None
DNS CAA	Yes policy host: ncsc.gov.uk issue: Digicert.com flags:0 issue: globalsign.com flags:0 issue: amazon.com flags:0 issue: letsencrypt.org flags:0 issue: comodo.com flags:0 iodef: mailto:infrastructure@ncsc.gov.uk flags:0
Trusted	No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (1436 bytes)
Chain issues	Contains anchor
#2
Subject	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Not in trust store Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4=
Valid until	Wed, 30 Jan 2030 11:20:00 UTC (expires in 4 years and 3 months)
Key	EC 256 bits
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed
Signature algorithm	SHA256withECDSA

Certification Paths


Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 278bc03b5a7dffd4862ab5de9f1be7def95d41f07d25f9648de52ace328407b7 Pin SHA256: zxvTtwXHlAj/16FShUKijdyUhV+VOc3v5eAJS0llCSM= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 278bc03b5a7dffd4862ab5de9f1be7def95d41f07d25f9648de52ace328407b7 Pin SHA256: zxvTtwXHlAj/16FShUKijdyUhV+VOc3v5eAJS0llCSM= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 278bc03b5a7dffd4862ab5de9f1be7def95d41f07d25f9648de52ace328407b7 Pin SHA256: zxvTtwXHlAj/16FShUKijdyUhV+VOc3v5eAJS0llCSM= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 278bc03b5a7dffd4862ab5de9f1be7def95d41f07d25f9648de52ace328407b7 Pin SHA256: zxvTtwXHlAj/16FShUKijdyUhV+VOc3v5eAJS0llCSM= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 278bc03b5a7dffd4862ab5de9f1be7def95d41f07d25f9648de52ace328407b7 Pin SHA256: zxvTtwXHlAj/16FShUKijdyUhV+VOc3v5eAJS0llCSM= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA

Click here to expand

Certificate #22: EC 384 bits (SHA256withECDSA)

Server Key and Certificate #1
Subject	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: a81c0c4e38a0a14878dfc8eb334c697986ade715374cde1926aa1ffc089d45b2 Pin SHA256: pbbRZMv5e2LpadoJw3oSZ9a7Gj0P3H5GnIWr5oLxXIk=
Common names	test.pdns.service.ncsc.gov.uk
Alternative names	test.pdns.service.ncsc.gov.uk
Serial Number	018478
Valid from	Mon, 20 Oct 2025 14:29:11 UTC
Valid until	Tue, 28 Oct 2025 14:29:11 UTC (expires in 6 days, 15 hours)
Key	EC 384 bits
Weak key (Debian)	No
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79
Signature algorithm	SHA256withECDSA
Extended Validation	No
Certificate Transparency	No
OCSP Must Staple	No
Revocation information	None
DNS CAA	Yes policy host: ncsc.gov.uk issue: Digicert.com flags:0 issue: globalsign.com flags:0 issue: amazon.com flags:0 issue: letsencrypt.org flags:0 issue: comodo.com flags:0 iodef: mailto:infrastructure@ncsc.gov.uk flags:0
Trusted	No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (1436 bytes)
Chain issues	Contains anchor
#2
Subject	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Not in trust store Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4=
Valid until	Wed, 30 Jan 2030 11:20:00 UTC (expires in 4 years and 3 months)
Key	EC 256 bits
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed
Signature algorithm	SHA256withECDSA

Certification Paths


Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: a81c0c4e38a0a14878dfc8eb334c697986ade715374cde1926aa1ffc089d45b2 Pin SHA256: pbbRZMv5e2LpadoJw3oSZ9a7Gj0P3H5GnIWr5oLxXIk= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: a81c0c4e38a0a14878dfc8eb334c697986ade715374cde1926aa1ffc089d45b2 Pin SHA256: pbbRZMv5e2LpadoJw3oSZ9a7Gj0P3H5GnIWr5oLxXIk= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: a81c0c4e38a0a14878dfc8eb334c697986ade715374cde1926aa1ffc089d45b2 Pin SHA256: pbbRZMv5e2LpadoJw3oSZ9a7Gj0P3H5GnIWr5oLxXIk= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: a81c0c4e38a0a14878dfc8eb334c697986ade715374cde1926aa1ffc089d45b2 Pin SHA256: pbbRZMv5e2LpadoJw3oSZ9a7Gj0P3H5GnIWr5oLxXIk= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: a81c0c4e38a0a14878dfc8eb334c697986ade715374cde1926aa1ffc089d45b2 Pin SHA256: pbbRZMv5e2LpadoJw3oSZ9a7Gj0P3H5GnIWr5oLxXIk= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA

Click here to expand

Certificate #23: EC 384 bits (SHA256withECDSA)

Server Key and Certificate #1
Subject	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 8ec128af4331f0c54875166851e9e6cb97bf86e8633e5a53df70f846cf1e66d0 Pin SHA256: 4RvWw4uXe+CAFph2Q/WFgEPGqHEHX/eAT64nt2jccbE=
Common names	test.pdns.service.ncsc.gov.uk
Alternative names	test.pdns.service.ncsc.gov.uk
Serial Number	00a336
Valid from	Mon, 20 Oct 2025 14:29:12 UTC
Valid until	Tue, 28 Oct 2025 14:29:12 UTC (expires in 6 days, 15 hours)
Key	EC 384 bits
Weak key (Debian)	No
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79
Signature algorithm	SHA256withECDSA
Extended Validation	No
Certificate Transparency	No
OCSP Must Staple	No
Revocation information	None
DNS CAA	Yes policy host: ncsc.gov.uk issue: Digicert.com flags:0 issue: globalsign.com flags:0 issue: amazon.com flags:0 issue: letsencrypt.org flags:0 issue: comodo.com flags:0 iodef: mailto:infrastructure@ncsc.gov.uk flags:0
Trusted	No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (1437 bytes)
Chain issues	Contains anchor
#2
Subject	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Not in trust store Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4=
Valid until	Wed, 30 Jan 2030 11:20:00 UTC (expires in 4 years and 3 months)
Key	EC 256 bits
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed
Signature algorithm	SHA256withECDSA

Certification Paths


Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 8ec128af4331f0c54875166851e9e6cb97bf86e8633e5a53df70f846cf1e66d0 Pin SHA256: 4RvWw4uXe+CAFph2Q/WFgEPGqHEHX/eAT64nt2jccbE= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 8ec128af4331f0c54875166851e9e6cb97bf86e8633e5a53df70f846cf1e66d0 Pin SHA256: 4RvWw4uXe+CAFph2Q/WFgEPGqHEHX/eAT64nt2jccbE= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 8ec128af4331f0c54875166851e9e6cb97bf86e8633e5a53df70f846cf1e66d0 Pin SHA256: 4RvWw4uXe+CAFph2Q/WFgEPGqHEHX/eAT64nt2jccbE= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 8ec128af4331f0c54875166851e9e6cb97bf86e8633e5a53df70f846cf1e66d0 Pin SHA256: 4RvWw4uXe+CAFph2Q/WFgEPGqHEHX/eAT64nt2jccbE= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 8ec128af4331f0c54875166851e9e6cb97bf86e8633e5a53df70f846cf1e66d0 Pin SHA256: 4RvWw4uXe+CAFph2Q/WFgEPGqHEHX/eAT64nt2jccbE= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA

Click here to expand

Certificate #24: EC 384 bits (SHA256withECDSA)

Server Key and Certificate #1
Subject	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: c67f1a865d372d34ff2116bd017fd40e97496b94c79e2e3a85b98f7aed254a7f Pin SHA256: dUqmEDrURG8jLdVyKB2N+2fBoFxp0nEVsZqNVOd+Rag=
Common names	test.pdns.service.ncsc.gov.uk
Alternative names	test.pdns.service.ncsc.gov.uk
Serial Number	64b3
Valid from	Mon, 20 Oct 2025 14:29:13 UTC
Valid until	Tue, 28 Oct 2025 14:29:13 UTC (expires in 6 days, 15 hours)
Key	EC 384 bits
Weak key (Debian)	No
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79
Signature algorithm	SHA256withECDSA
Extended Validation	No
Certificate Transparency	No
OCSP Must Staple	No
Revocation information	None
DNS CAA	Yes policy host: ncsc.gov.uk issue: Digicert.com flags:0 issue: globalsign.com flags:0 issue: amazon.com flags:0 issue: letsencrypt.org flags:0 issue: comodo.com flags:0 iodef: mailto:infrastructure@ncsc.gov.uk flags:0
Trusted	No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (1435 bytes)
Chain issues	Contains anchor
#2
Subject	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Not in trust store Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4=
Valid until	Wed, 30 Jan 2030 11:20:00 UTC (expires in 4 years and 3 months)
Key	EC 256 bits
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed
Signature algorithm	SHA256withECDSA

Certification Paths


Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: c67f1a865d372d34ff2116bd017fd40e97496b94c79e2e3a85b98f7aed254a7f Pin SHA256: dUqmEDrURG8jLdVyKB2N+2fBoFxp0nEVsZqNVOd+Rag= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: c67f1a865d372d34ff2116bd017fd40e97496b94c79e2e3a85b98f7aed254a7f Pin SHA256: dUqmEDrURG8jLdVyKB2N+2fBoFxp0nEVsZqNVOd+Rag= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: c67f1a865d372d34ff2116bd017fd40e97496b94c79e2e3a85b98f7aed254a7f Pin SHA256: dUqmEDrURG8jLdVyKB2N+2fBoFxp0nEVsZqNVOd+Rag= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: c67f1a865d372d34ff2116bd017fd40e97496b94c79e2e3a85b98f7aed254a7f Pin SHA256: dUqmEDrURG8jLdVyKB2N+2fBoFxp0nEVsZqNVOd+Rag= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: c67f1a865d372d34ff2116bd017fd40e97496b94c79e2e3a85b98f7aed254a7f Pin SHA256: dUqmEDrURG8jLdVyKB2N+2fBoFxp0nEVsZqNVOd+Rag= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA

Click here to expand

Certificate #25: EC 384 bits (SHA256withECDSA)

Server Key and Certificate #1
Subject	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: e537d4e4f5290449d33f484c88ef30ae7ca73e32f5c9ab3cb3de98dc35eb4be2 Pin SHA256: Fl+J/vr1WR1M6iaBSJv76e1LgoUt3MsbgqtqfUK170I=
Common names	test.pdns.service.ncsc.gov.uk
Alternative names	test.pdns.service.ncsc.gov.uk
Serial Number	01cc1a
Valid from	Mon, 20 Oct 2025 14:29:14 UTC
Valid until	Tue, 28 Oct 2025 14:29:14 UTC (expires in 6 days, 15 hours)
Key	EC 384 bits
Weak key (Debian)	No
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79
Signature algorithm	SHA256withECDSA
Extended Validation	No
Certificate Transparency	No
OCSP Must Staple	No
Revocation information	None
DNS CAA	Yes policy host: ncsc.gov.uk issue: Digicert.com flags:0 issue: globalsign.com flags:0 issue: amazon.com flags:0 issue: letsencrypt.org flags:0 issue: comodo.com flags:0 iodef: mailto:infrastructure@ncsc.gov.uk flags:0
Trusted	No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (1436 bytes)
Chain issues	Contains anchor
#2
Subject	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Not in trust store Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4=
Valid until	Wed, 30 Jan 2030 11:20:00 UTC (expires in 4 years and 3 months)
Key	EC 256 bits
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed
Signature algorithm	SHA256withECDSA

Certification Paths


Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: e537d4e4f5290449d33f484c88ef30ae7ca73e32f5c9ab3cb3de98dc35eb4be2 Pin SHA256: Fl+J/vr1WR1M6iaBSJv76e1LgoUt3MsbgqtqfUK170I= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: e537d4e4f5290449d33f484c88ef30ae7ca73e32f5c9ab3cb3de98dc35eb4be2 Pin SHA256: Fl+J/vr1WR1M6iaBSJv76e1LgoUt3MsbgqtqfUK170I= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: e537d4e4f5290449d33f484c88ef30ae7ca73e32f5c9ab3cb3de98dc35eb4be2 Pin SHA256: Fl+J/vr1WR1M6iaBSJv76e1LgoUt3MsbgqtqfUK170I= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: e537d4e4f5290449d33f484c88ef30ae7ca73e32f5c9ab3cb3de98dc35eb4be2 Pin SHA256: Fl+J/vr1WR1M6iaBSJv76e1LgoUt3MsbgqtqfUK170I= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: e537d4e4f5290449d33f484c88ef30ae7ca73e32f5c9ab3cb3de98dc35eb4be2 Pin SHA256: Fl+J/vr1WR1M6iaBSJv76e1LgoUt3MsbgqtqfUK170I= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA

Click here to expand

Certificate #26: EC 384 bits (SHA256withECDSA)

Server Key and Certificate #1
Subject	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 294a25e56a8167d10ea124a77af5d840e4549e61a7c964e70e31ad8e03563e15 Pin SHA256: uBij9q4BD2snTZSP7x2MBKDaSktnahCLWpFnfdhAmbo=
Common names	test.pdns.service.ncsc.gov.uk
Alternative names	test.pdns.service.ncsc.gov.uk
Serial Number	01a791
Valid from	Mon, 20 Oct 2025 14:29:16 UTC
Valid until	Tue, 28 Oct 2025 14:29:16 UTC (expires in 6 days, 15 hours)
Key	EC 384 bits
Weak key (Debian)	No
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79
Signature algorithm	SHA256withECDSA
Extended Validation	No
Certificate Transparency	No
OCSP Must Staple	No
Revocation information	None
DNS CAA	Yes policy host: ncsc.gov.uk issue: Digicert.com flags:0 issue: globalsign.com flags:0 issue: amazon.com flags:0 issue: letsencrypt.org flags:0 issue: comodo.com flags:0 iodef: mailto:infrastructure@ncsc.gov.uk flags:0
Trusted	No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (1436 bytes)
Chain issues	Contains anchor
#2
Subject	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Not in trust store Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4=
Valid until	Wed, 30 Jan 2030 11:20:00 UTC (expires in 4 years and 3 months)
Key	EC 256 bits
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed
Signature algorithm	SHA256withECDSA

Certification Paths


Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 294a25e56a8167d10ea124a77af5d840e4549e61a7c964e70e31ad8e03563e15 Pin SHA256: uBij9q4BD2snTZSP7x2MBKDaSktnahCLWpFnfdhAmbo= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 294a25e56a8167d10ea124a77af5d840e4549e61a7c964e70e31ad8e03563e15 Pin SHA256: uBij9q4BD2snTZSP7x2MBKDaSktnahCLWpFnfdhAmbo= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 294a25e56a8167d10ea124a77af5d840e4549e61a7c964e70e31ad8e03563e15 Pin SHA256: uBij9q4BD2snTZSP7x2MBKDaSktnahCLWpFnfdhAmbo= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 294a25e56a8167d10ea124a77af5d840e4549e61a7c964e70e31ad8e03563e15 Pin SHA256: uBij9q4BD2snTZSP7x2MBKDaSktnahCLWpFnfdhAmbo= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 294a25e56a8167d10ea124a77af5d840e4549e61a7c964e70e31ad8e03563e15 Pin SHA256: uBij9q4BD2snTZSP7x2MBKDaSktnahCLWpFnfdhAmbo= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA

Click here to expand

Certificate #27: EC 384 bits (SHA256withECDSA)

Server Key and Certificate #1
Subject	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: b9db2253d639ea51b320fabfe77caee9767a8a348a6bfcb9d60f17e958f868bf Pin SHA256: NzjWCEI35kb0y/hHcWTVuD7XXJmpbnNhGhwWaxf+AxA=
Common names	test.pdns.service.ncsc.gov.uk
Alternative names	test.pdns.service.ncsc.gov.uk
Serial Number	018a93
Valid from	Mon, 20 Oct 2025 14:29:17 UTC
Valid until	Tue, 28 Oct 2025 14:29:17 UTC (expires in 6 days, 15 hours)
Key	EC 384 bits
Weak key (Debian)	No
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79
Signature algorithm	SHA256withECDSA
Extended Validation	No
Certificate Transparency	No
OCSP Must Staple	No
Revocation information	None
DNS CAA	Yes policy host: ncsc.gov.uk issue: Digicert.com flags:0 issue: globalsign.com flags:0 issue: amazon.com flags:0 issue: letsencrypt.org flags:0 issue: comodo.com flags:0 iodef: mailto:infrastructure@ncsc.gov.uk flags:0
Trusted	No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (1436 bytes)
Chain issues	Contains anchor
#2
Subject	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Not in trust store Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4=
Valid until	Wed, 30 Jan 2030 11:20:00 UTC (expires in 4 years and 3 months)
Key	EC 256 bits
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed
Signature algorithm	SHA256withECDSA

Certification Paths


Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: b9db2253d639ea51b320fabfe77caee9767a8a348a6bfcb9d60f17e958f868bf Pin SHA256: NzjWCEI35kb0y/hHcWTVuD7XXJmpbnNhGhwWaxf+AxA= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: b9db2253d639ea51b320fabfe77caee9767a8a348a6bfcb9d60f17e958f868bf Pin SHA256: NzjWCEI35kb0y/hHcWTVuD7XXJmpbnNhGhwWaxf+AxA= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: b9db2253d639ea51b320fabfe77caee9767a8a348a6bfcb9d60f17e958f868bf Pin SHA256: NzjWCEI35kb0y/hHcWTVuD7XXJmpbnNhGhwWaxf+AxA= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: b9db2253d639ea51b320fabfe77caee9767a8a348a6bfcb9d60f17e958f868bf Pin SHA256: NzjWCEI35kb0y/hHcWTVuD7XXJmpbnNhGhwWaxf+AxA= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: b9db2253d639ea51b320fabfe77caee9767a8a348a6bfcb9d60f17e958f868bf Pin SHA256: NzjWCEI35kb0y/hHcWTVuD7XXJmpbnNhGhwWaxf+AxA= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA

Click here to expand

Certificate #28: EC 384 bits (SHA256withECDSA)

Server Key and Certificate #1
Subject	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 70abbf524bb2ad19ad9d0e4a7eebebd84c54cf07fd2b4ac9111efd3fb31f90ae Pin SHA256: NJN/ZiK9elMbP52De9X7VNS+TTb+wToKC9T+dHve01g=
Common names	test.pdns.service.ncsc.gov.uk
Alternative names	test.pdns.service.ncsc.gov.uk
Serial Number	6291
Valid from	Mon, 20 Oct 2025 14:29:18 UTC
Valid until	Tue, 28 Oct 2025 14:29:18 UTC (expires in 6 days, 15 hours)
Key	EC 384 bits
Weak key (Debian)	No
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79
Signature algorithm	SHA256withECDSA
Extended Validation	No
Certificate Transparency	No
OCSP Must Staple	No
Revocation information	None
DNS CAA	Yes policy host: ncsc.gov.uk issue: Digicert.com flags:0 issue: globalsign.com flags:0 issue: amazon.com flags:0 issue: letsencrypt.org flags:0 issue: comodo.com flags:0 iodef: mailto:infrastructure@ncsc.gov.uk flags:0
Trusted	No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (1436 bytes)
Chain issues	Contains anchor
#2
Subject	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Not in trust store Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4=
Valid until	Wed, 30 Jan 2030 11:20:00 UTC (expires in 4 years and 3 months)
Key	EC 256 bits
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed
Signature algorithm	SHA256withECDSA

Certification Paths


Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 70abbf524bb2ad19ad9d0e4a7eebebd84c54cf07fd2b4ac9111efd3fb31f90ae Pin SHA256: NJN/ZiK9elMbP52De9X7VNS+TTb+wToKC9T+dHve01g= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 70abbf524bb2ad19ad9d0e4a7eebebd84c54cf07fd2b4ac9111efd3fb31f90ae Pin SHA256: NJN/ZiK9elMbP52De9X7VNS+TTb+wToKC9T+dHve01g= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 70abbf524bb2ad19ad9d0e4a7eebebd84c54cf07fd2b4ac9111efd3fb31f90ae Pin SHA256: NJN/ZiK9elMbP52De9X7VNS+TTb+wToKC9T+dHve01g= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 70abbf524bb2ad19ad9d0e4a7eebebd84c54cf07fd2b4ac9111efd3fb31f90ae Pin SHA256: NJN/ZiK9elMbP52De9X7VNS+TTb+wToKC9T+dHve01g= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 70abbf524bb2ad19ad9d0e4a7eebebd84c54cf07fd2b4ac9111efd3fb31f90ae Pin SHA256: NJN/ZiK9elMbP52De9X7VNS+TTb+wToKC9T+dHve01g= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA

Click here to expand

Certificate #29: EC 384 bits (SHA256withECDSA)

Server Key and Certificate #1
Subject	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 5de48c7166ea9ed2d7d47eff02e23f3ba09809f6feb2b662b1f2db5d61e30f4d Pin SHA256: D5HkpO29LzsOVz8KXYecT4UXq6ZFTQgVcL0TlG12h/s=
Common names	test.pdns.service.ncsc.gov.uk
Alternative names	test.pdns.service.ncsc.gov.uk
Serial Number	03d5f3
Valid from	Mon, 20 Oct 2025 14:29:24 UTC
Valid until	Tue, 28 Oct 2025 14:29:24 UTC (expires in 6 days, 15 hours)
Key	EC 384 bits
Weak key (Debian)	No
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79
Signature algorithm	SHA256withECDSA
Extended Validation	No
Certificate Transparency	No
OCSP Must Staple	No
Revocation information	None
DNS CAA	Yes policy host: ncsc.gov.uk issue: Digicert.com flags:0 issue: globalsign.com flags:0 issue: amazon.com flags:0 issue: letsencrypt.org flags:0 issue: comodo.com flags:0 iodef: mailto:infrastructure@ncsc.gov.uk flags:0
Trusted	No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (1435 bytes)
Chain issues	Contains anchor
#2
Subject	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Not in trust store Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4=
Valid until	Wed, 30 Jan 2030 11:20:00 UTC (expires in 4 years and 3 months)
Key	EC 256 bits
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed
Signature algorithm	SHA256withECDSA

Certification Paths


Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 5de48c7166ea9ed2d7d47eff02e23f3ba09809f6feb2b662b1f2db5d61e30f4d Pin SHA256: D5HkpO29LzsOVz8KXYecT4UXq6ZFTQgVcL0TlG12h/s= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 5de48c7166ea9ed2d7d47eff02e23f3ba09809f6feb2b662b1f2db5d61e30f4d Pin SHA256: D5HkpO29LzsOVz8KXYecT4UXq6ZFTQgVcL0TlG12h/s= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 5de48c7166ea9ed2d7d47eff02e23f3ba09809f6feb2b662b1f2db5d61e30f4d Pin SHA256: D5HkpO29LzsOVz8KXYecT4UXq6ZFTQgVcL0TlG12h/s= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 5de48c7166ea9ed2d7d47eff02e23f3ba09809f6feb2b662b1f2db5d61e30f4d Pin SHA256: D5HkpO29LzsOVz8KXYecT4UXq6ZFTQgVcL0TlG12h/s= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 5de48c7166ea9ed2d7d47eff02e23f3ba09809f6feb2b662b1f2db5d61e30f4d Pin SHA256: D5HkpO29LzsOVz8KXYecT4UXq6ZFTQgVcL0TlG12h/s= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA

Click here to expand

Certificate #30: EC 384 bits (SHA256withECDSA)

Server Key and Certificate #1
Subject	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 8a6d72fd4c915f0a08e087deeee1102407a75bef06d126b6b30f0fca20ef616a Pin SHA256: WS2vOHbuVlEjDsuk9RTED6BaHWU8vDVoAX/QoNR3z9Q=
Common names	test.pdns.service.ncsc.gov.uk
Alternative names	test.pdns.service.ncsc.gov.uk
Serial Number	018d75
Valid from	Mon, 20 Oct 2025 14:29:25 UTC
Valid until	Tue, 28 Oct 2025 14:29:25 UTC (expires in 6 days, 15 hours)
Key	EC 384 bits
Weak key (Debian)	No
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79
Signature algorithm	SHA256withECDSA
Extended Validation	No
Certificate Transparency	No
OCSP Must Staple	No
Revocation information	None
DNS CAA	Yes policy host: ncsc.gov.uk issue: Digicert.com flags:0 issue: globalsign.com flags:0 issue: amazon.com flags:0 issue: letsencrypt.org flags:0 issue: comodo.com flags:0 iodef: mailto:infrastructure@ncsc.gov.uk flags:0
Trusted	No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (1437 bytes)
Chain issues	Contains anchor
#2
Subject	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Not in trust store Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4=
Valid until	Wed, 30 Jan 2030 11:20:00 UTC (expires in 4 years and 3 months)
Key	EC 256 bits
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed
Signature algorithm	SHA256withECDSA

Certification Paths


Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 8a6d72fd4c915f0a08e087deeee1102407a75bef06d126b6b30f0fca20ef616a Pin SHA256: WS2vOHbuVlEjDsuk9RTED6BaHWU8vDVoAX/QoNR3z9Q= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 8a6d72fd4c915f0a08e087deeee1102407a75bef06d126b6b30f0fca20ef616a Pin SHA256: WS2vOHbuVlEjDsuk9RTED6BaHWU8vDVoAX/QoNR3z9Q= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 8a6d72fd4c915f0a08e087deeee1102407a75bef06d126b6b30f0fca20ef616a Pin SHA256: WS2vOHbuVlEjDsuk9RTED6BaHWU8vDVoAX/QoNR3z9Q= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 8a6d72fd4c915f0a08e087deeee1102407a75bef06d126b6b30f0fca20ef616a Pin SHA256: WS2vOHbuVlEjDsuk9RTED6BaHWU8vDVoAX/QoNR3z9Q= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 8a6d72fd4c915f0a08e087deeee1102407a75bef06d126b6b30f0fca20ef616a Pin SHA256: WS2vOHbuVlEjDsuk9RTED6BaHWU8vDVoAX/QoNR3z9Q= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA

Click here to expand

Certificate #31: EC 384 bits (SHA256withECDSA)

Server Key and Certificate #1
Subject	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 663026043e462a743faddc9d07d3e3447b316bd3e0c83f2a32ab69914f9472da Pin SHA256: CaStbU40TyNVo8nXfOMKI67nOSoH6+23sE4OQN/tAQk=
Common names	test.pdns.service.ncsc.gov.uk
Alternative names	test.pdns.service.ncsc.gov.uk
Serial Number	01a1a5
Valid from	Mon, 20 Oct 2025 14:29:26 UTC
Valid until	Tue, 28 Oct 2025 14:29:26 UTC (expires in 6 days, 15 hours)
Key	EC 384 bits
Weak key (Debian)	No
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79
Signature algorithm	SHA256withECDSA
Extended Validation	No
Certificate Transparency	No
OCSP Must Staple	No
Revocation information	None
DNS CAA	Yes policy host: ncsc.gov.uk issue: Digicert.com flags:0 issue: globalsign.com flags:0 issue: amazon.com flags:0 issue: letsencrypt.org flags:0 issue: comodo.com flags:0 iodef: mailto:infrastructure@ncsc.gov.uk flags:0
Trusted	No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (1436 bytes)
Chain issues	Contains anchor
#2
Subject	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Not in trust store Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4=
Valid until	Wed, 30 Jan 2030 11:20:00 UTC (expires in 4 years and 3 months)
Key	EC 256 bits
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed
Signature algorithm	SHA256withECDSA

Certification Paths


Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 663026043e462a743faddc9d07d3e3447b316bd3e0c83f2a32ab69914f9472da Pin SHA256: CaStbU40TyNVo8nXfOMKI67nOSoH6+23sE4OQN/tAQk= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 663026043e462a743faddc9d07d3e3447b316bd3e0c83f2a32ab69914f9472da Pin SHA256: CaStbU40TyNVo8nXfOMKI67nOSoH6+23sE4OQN/tAQk= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 663026043e462a743faddc9d07d3e3447b316bd3e0c83f2a32ab69914f9472da Pin SHA256: CaStbU40TyNVo8nXfOMKI67nOSoH6+23sE4OQN/tAQk= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 663026043e462a743faddc9d07d3e3447b316bd3e0c83f2a32ab69914f9472da Pin SHA256: CaStbU40TyNVo8nXfOMKI67nOSoH6+23sE4OQN/tAQk= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 663026043e462a743faddc9d07d3e3447b316bd3e0c83f2a32ab69914f9472da Pin SHA256: CaStbU40TyNVo8nXfOMKI67nOSoH6+23sE4OQN/tAQk= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA

Click here to expand

Certificate #32: EC 384 bits (SHA256withECDSA)

Server Key and Certificate #1
Subject	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: dfef07e68804fd152ad6b0911dc11c994fc3aa17d20387adcca3901b95d6d2cb Pin SHA256: FnciEDcYYD3FEedmrWSZEjc/yTq3GtzbM1/eeB85o/s=
Common names	test.pdns.service.ncsc.gov.uk
Alternative names	test.pdns.service.ncsc.gov.uk
Serial Number	011ec7
Valid from	Mon, 20 Oct 2025 14:29:27 UTC
Valid until	Tue, 28 Oct 2025 14:29:27 UTC (expires in 6 days, 15 hours)
Key	EC 384 bits
Weak key (Debian)	No
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79
Signature algorithm	SHA256withECDSA
Extended Validation	No
Certificate Transparency	No
OCSP Must Staple	No
Revocation information	None
DNS CAA	Yes policy host: ncsc.gov.uk issue: Digicert.com flags:0 issue: globalsign.com flags:0 issue: amazon.com flags:0 issue: letsencrypt.org flags:0 issue: comodo.com flags:0 iodef: mailto:infrastructure@ncsc.gov.uk flags:0
Trusted	No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (1436 bytes)
Chain issues	Contains anchor
#2
Subject	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Not in trust store Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4=
Valid until	Wed, 30 Jan 2030 11:20:00 UTC (expires in 4 years and 3 months)
Key	EC 256 bits
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed
Signature algorithm	SHA256withECDSA

Certification Paths


Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: dfef07e68804fd152ad6b0911dc11c994fc3aa17d20387adcca3901b95d6d2cb Pin SHA256: FnciEDcYYD3FEedmrWSZEjc/yTq3GtzbM1/eeB85o/s= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: dfef07e68804fd152ad6b0911dc11c994fc3aa17d20387adcca3901b95d6d2cb Pin SHA256: FnciEDcYYD3FEedmrWSZEjc/yTq3GtzbM1/eeB85o/s= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: dfef07e68804fd152ad6b0911dc11c994fc3aa17d20387adcca3901b95d6d2cb Pin SHA256: FnciEDcYYD3FEedmrWSZEjc/yTq3GtzbM1/eeB85o/s= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: dfef07e68804fd152ad6b0911dc11c994fc3aa17d20387adcca3901b95d6d2cb Pin SHA256: FnciEDcYYD3FEedmrWSZEjc/yTq3GtzbM1/eeB85o/s= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: dfef07e68804fd152ad6b0911dc11c994fc3aa17d20387adcca3901b95d6d2cb Pin SHA256: FnciEDcYYD3FEedmrWSZEjc/yTq3GtzbM1/eeB85o/s= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA

Click here to expand

Certificate #33: EC 384 bits (SHA256withECDSA)

Server Key and Certificate #1
Subject	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 2b004050874aace6441953ec5ca0cdeb83fce604149b355f0201d8b2757631f8 Pin SHA256: AuievrRltNQU0RHU5ea+cfiRKHUyAxDPsMDkOxpuuRk=
Common names	test.pdns.service.ncsc.gov.uk
Alternative names	test.pdns.service.ncsc.gov.uk
Serial Number	0114d2
Valid from	Mon, 20 Oct 2025 14:29:29 UTC
Valid until	Tue, 28 Oct 2025 14:29:29 UTC (expires in 6 days, 15 hours)
Key	EC 384 bits
Weak key (Debian)	No
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79
Signature algorithm	SHA256withECDSA
Extended Validation	No
Certificate Transparency	No
OCSP Must Staple	No
Revocation information	None
DNS CAA	Yes policy host: ncsc.gov.uk issue: Digicert.com flags:0 issue: globalsign.com flags:0 issue: amazon.com flags:0 issue: letsencrypt.org flags:0 issue: comodo.com flags:0 iodef: mailto:infrastructure@ncsc.gov.uk flags:0
Trusted	No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (1436 bytes)
Chain issues	Contains anchor
#2
Subject	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Not in trust store Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4=
Valid until	Wed, 30 Jan 2030 11:20:00 UTC (expires in 4 years and 3 months)
Key	EC 256 bits
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed
Signature algorithm	SHA256withECDSA

Certification Paths


Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 2b004050874aace6441953ec5ca0cdeb83fce604149b355f0201d8b2757631f8 Pin SHA256: AuievrRltNQU0RHU5ea+cfiRKHUyAxDPsMDkOxpuuRk= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 2b004050874aace6441953ec5ca0cdeb83fce604149b355f0201d8b2757631f8 Pin SHA256: AuievrRltNQU0RHU5ea+cfiRKHUyAxDPsMDkOxpuuRk= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 2b004050874aace6441953ec5ca0cdeb83fce604149b355f0201d8b2757631f8 Pin SHA256: AuievrRltNQU0RHU5ea+cfiRKHUyAxDPsMDkOxpuuRk= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 2b004050874aace6441953ec5ca0cdeb83fce604149b355f0201d8b2757631f8 Pin SHA256: AuievrRltNQU0RHU5ea+cfiRKHUyAxDPsMDkOxpuuRk= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 2b004050874aace6441953ec5ca0cdeb83fce604149b355f0201d8b2757631f8 Pin SHA256: AuievrRltNQU0RHU5ea+cfiRKHUyAxDPsMDkOxpuuRk= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA

Click here to expand

Certificate #34: EC 384 bits (SHA256withECDSA)

Server Key and Certificate #1
Subject	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: cb745dc4a72390c0ec2a2311b48b195953619333328ee457c49bc72664cae63d Pin SHA256: mFmS3sPzpXyLYWys7AVd1srPJr9WIj/sT5KiCiRpDKc=
Common names	test.pdns.service.ncsc.gov.uk
Alternative names	test.pdns.service.ncsc.gov.uk
Serial Number	467a
Valid from	Mon, 20 Oct 2025 14:29:30 UTC
Valid until	Tue, 28 Oct 2025 14:29:30 UTC (expires in 6 days, 15 hours)
Key	EC 384 bits
Weak key (Debian)	No
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79
Signature algorithm	SHA256withECDSA
Extended Validation	No
Certificate Transparency	No
OCSP Must Staple	No
Revocation information	None
DNS CAA	Yes policy host: ncsc.gov.uk issue: Digicert.com flags:0 issue: globalsign.com flags:0 issue: amazon.com flags:0 issue: letsencrypt.org flags:0 issue: comodo.com flags:0 iodef: mailto:infrastructure@ncsc.gov.uk flags:0
Trusted	No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (1434 bytes)
Chain issues	Contains anchor
#2
Subject	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Not in trust store Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4=
Valid until	Wed, 30 Jan 2030 11:20:00 UTC (expires in 4 years and 3 months)
Key	EC 256 bits
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed
Signature algorithm	SHA256withECDSA

Certification Paths


Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: cb745dc4a72390c0ec2a2311b48b195953619333328ee457c49bc72664cae63d Pin SHA256: mFmS3sPzpXyLYWys7AVd1srPJr9WIj/sT5KiCiRpDKc= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: cb745dc4a72390c0ec2a2311b48b195953619333328ee457c49bc72664cae63d Pin SHA256: mFmS3sPzpXyLYWys7AVd1srPJr9WIj/sT5KiCiRpDKc= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: cb745dc4a72390c0ec2a2311b48b195953619333328ee457c49bc72664cae63d Pin SHA256: mFmS3sPzpXyLYWys7AVd1srPJr9WIj/sT5KiCiRpDKc= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: cb745dc4a72390c0ec2a2311b48b195953619333328ee457c49bc72664cae63d Pin SHA256: mFmS3sPzpXyLYWys7AVd1srPJr9WIj/sT5KiCiRpDKc= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: cb745dc4a72390c0ec2a2311b48b195953619333328ee457c49bc72664cae63d Pin SHA256: mFmS3sPzpXyLYWys7AVd1srPJr9WIj/sT5KiCiRpDKc= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA

Click here to expand

Certificate #35: EC 384 bits (SHA256withECDSA)

Server Key and Certificate #1
Subject	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: d3b99ce873a68023e082ec5e9379c47ccb846692e79afaf2a4368b886b6d2638 Pin SHA256: fDxEydCT5ZYbA66ZSKnlZr/6+lsemroJMzlJ33QzxUY=
Common names	test.pdns.service.ncsc.gov.uk
Alternative names	test.pdns.service.ncsc.gov.uk
Serial Number	01c325
Valid from	Mon, 20 Oct 2025 14:29:31 UTC
Valid until	Tue, 28 Oct 2025 14:29:31 UTC (expires in 6 days, 15 hours)
Key	EC 384 bits
Weak key (Debian)	No
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79
Signature algorithm	SHA256withECDSA
Extended Validation	No
Certificate Transparency	No
OCSP Must Staple	No
Revocation information	None
DNS CAA	Yes policy host: ncsc.gov.uk issue: Digicert.com flags:0 issue: globalsign.com flags:0 issue: amazon.com flags:0 issue: letsencrypt.org flags:0 issue: comodo.com flags:0 iodef: mailto:infrastructure@ncsc.gov.uk flags:0
Trusted	No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (1436 bytes)
Chain issues	Contains anchor
#2
Subject	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Not in trust store Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4=
Valid until	Wed, 30 Jan 2030 11:20:00 UTC (expires in 4 years and 3 months)
Key	EC 256 bits
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed
Signature algorithm	SHA256withECDSA

Certification Paths


Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: d3b99ce873a68023e082ec5e9379c47ccb846692e79afaf2a4368b886b6d2638 Pin SHA256: fDxEydCT5ZYbA66ZSKnlZr/6+lsemroJMzlJ33QzxUY= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: d3b99ce873a68023e082ec5e9379c47ccb846692e79afaf2a4368b886b6d2638 Pin SHA256: fDxEydCT5ZYbA66ZSKnlZr/6+lsemroJMzlJ33QzxUY= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: d3b99ce873a68023e082ec5e9379c47ccb846692e79afaf2a4368b886b6d2638 Pin SHA256: fDxEydCT5ZYbA66ZSKnlZr/6+lsemroJMzlJ33QzxUY= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: d3b99ce873a68023e082ec5e9379c47ccb846692e79afaf2a4368b886b6d2638 Pin SHA256: fDxEydCT5ZYbA66ZSKnlZr/6+lsemroJMzlJ33QzxUY= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: d3b99ce873a68023e082ec5e9379c47ccb846692e79afaf2a4368b886b6d2638 Pin SHA256: fDxEydCT5ZYbA66ZSKnlZr/6+lsemroJMzlJ33QzxUY= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA

Click here to expand

Configuration

Protocols
TLS 1.3	Yes
TLS 1.2	Yes
TLS 1.1	No
TLS 1.0	No
SSL 3	No
SSL 2	No

Cipher Suites
# TLS 1.3 (suites in server-preferred order)
TLS_AES_128_GCM_SHA256 (`0x1301`) ECDH secp256r1 (eq. 3072 bits RSA) FS	128
TLS_AES_256_GCM_SHA384 (`0x1302`) ECDH secp256r1 (eq. 3072 bits RSA) FS	256
# TLS 1.2 (suites in server-preferred order)
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (`0xc02b`) ECDH secp521r1 (eq. 15360 bits RSA) FS	128
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (`0xc02c`) ECDH secp521r1 (eq. 15360 bits RSA) FS	256

Handshake Simulation
Android 4.4.2	EC 384 (SHA256)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp521r1 FS
Android 5.0.0	EC 384 (SHA256)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp521r1 FS
Android 6.0	EC 384 (SHA256)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
Android 7.0	EC 384 (SHA256)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
Android 8.0	EC 384 (SHA256)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
Android 8.1	-	TLS 1.3	TLS_AES_128_GCM_SHA256 ECDH secp256r1 FS
Android 9.0	-	TLS 1.3	TLS_AES_128_GCM_SHA256 ECDH secp256r1 FS
BingPreview Jan 2015	EC 384 (SHA256)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp521r1 FS
Chrome 49 / XP SP3	Server sent fatal alert: handshake_failure
Chrome 69 / Win 7 R	EC 384 (SHA256)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
Chrome 70 / Win 10	-	TLS 1.3	TLS_AES_128_GCM_SHA256 ECDH secp256r1 FS
Chrome 80 / Win 10 R	-	TLS 1.3	TLS_AES_128_GCM_SHA256 ECDH secp256r1 FS
Firefox 31.3.0 ESR / Win 7	EC 384 (SHA256)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
Firefox 47 / Win 7 R	EC 384 (SHA256)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
Firefox 49 / XP SP3	EC 384 (SHA256)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
Firefox 62 / Win 7 R	EC 384 (SHA256)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
Firefox 73 / Win 10 R	-	TLS 1.3	TLS_AES_128_GCM_SHA256 ECDH secp256r1 FS
Googlebot Feb 2018	EC 384 (SHA256)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
IE 11 / Win 7 R	EC 384 (SHA256)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
IE 11 / Win 8.1 R	EC 384 (SHA256)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
IE 11 / Win Phone 8.1 R	EC 384 (SHA256)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
IE 11 / Win Phone 8.1 Update R	EC 384 (SHA256)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
IE 11 / Win 10 R	EC 384 (SHA256)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
Edge 15 / Win 10 R	EC 384 (SHA256)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
Edge 16 / Win 10 R	EC 384 (SHA256)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
Edge 18 / Win 10 R	EC 384 (SHA256)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
Edge 13 / Win Phone 10 R	EC 384 (SHA256)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
Java 8u161	EC 384 (SHA256)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
Java 11.0.3	-	TLS 1.3	TLS_AES_128_GCM_SHA256 ECDH secp256r1 FS
Java 12.0.1	-	TLS 1.3	TLS_AES_128_GCM_SHA256 ECDH secp256r1 FS
OpenSSL 1.0.1l R	EC 384 (SHA256)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp521r1 FS
OpenSSL 1.0.2s R	EC 384 (SHA256)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
OpenSSL 1.1.0k R	EC 384 (SHA256)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
OpenSSL 1.1.1c R	-	TLS 1.3	TLS_AES_128_GCM_SHA256 ECDH secp256r1 FS
Safari 6 / iOS 6.0.1	Server sent fatal alert: handshake_failure
Safari 7 / iOS 7.1 R	Server sent fatal alert: handshake_failure
Safari 7 / OS X 10.9 R	Server sent fatal alert: handshake_failure
Safari 8 / iOS 8.4 R	Server sent fatal alert: handshake_failure
Safari 8 / OS X 10.10 R	Server sent fatal alert: handshake_failure
Safari 9 / iOS 9 R	EC 384 (SHA256)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
Safari 9 / OS X 10.11 R	EC 384 (SHA256)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
Safari 10 / iOS 10 R	EC 384 (SHA256)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
Safari 10 / OS X 10.12 R	EC 384 (SHA256)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
Safari 12.1.2 / MacOS 10.14.6 Beta R	-	TLS 1.3	TLS_AES_128_GCM_SHA256 ECDH secp256r1 FS
Safari 12.1.1 / iOS 12.3.1 R	-	TLS 1.3	TLS_AES_128_GCM_SHA256 ECDH secp256r1 FS
Apple ATS 9 / iOS 9 R	EC 384 (SHA256)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
Yahoo Slurp Jan 2015	EC 384 (SHA256)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp384r1 FS
YandexBot Jan 2015	EC 384 (SHA256)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp521r1 FS
# Not simulated clients (Protocol mismatch)
Android 2.3.7 No SNI ²	Protocol mismatch (not simulated)
Android 4.0.4	Protocol mismatch (not simulated)
Android 4.1.1	Protocol mismatch (not simulated)
Android 4.2.2	Protocol mismatch (not simulated)
Android 4.3	Protocol mismatch (not simulated)
Baidu Jan 2015	Protocol mismatch (not simulated)
IE 6 / XP No FS ¹ No SNI ²	Protocol mismatch (not simulated)
IE 7 / Vista	Protocol mismatch (not simulated)
IE 8 / XP No FS ¹ No SNI ²	Protocol mismatch (not simulated)
IE 8-10 / Win 7 R	Protocol mismatch (not simulated)
IE 10 / Win Phone 8.0	Protocol mismatch (not simulated)
Java 6u45 No SNI ²	Protocol mismatch (not simulated)
Java 7u25	Protocol mismatch (not simulated)
OpenSSL 0.9.8y	Protocol mismatch (not simulated)
Safari 5.1.9 / OS X 10.6.8	Protocol mismatch (not simulated)
Safari 6.0.4 / OS X 10.8.4 R	Protocol mismatch (not simulated)
Click here to expand
(1) Clients that do not support Forward Secrecy (FS) are excluded when determining support for it.
(2) No support for virtual SSL hosting (SNI). Connects to the default site if the server uses SNI.
(3) Only first connection attempt simulated. Browsers sometimes retry with a lower protocol version.
(R) Denotes a reference browser or client, with which we expect better effective security.
(All) We use defaults, but some platforms do not use their best protocols and features (e.g., Java 6 & 7, older IE).
(All) Certificate trust is not checked in handshake simulation, we only perform TLS handshake.

Protocol Details
Secure Renegotiation	Supported
Secure Client-Initiated Renegotiation	No
Insecure Client-Initiated Renegotiation	No
BEAST attack	Mitigated server-side (more info)
POODLE (SSLv3)	No, SSL 3 not supported (more info)
POODLE (TLS)	No (more info)
Zombie POODLE	No (more info)
GOLDENDOODLE	No (more info)
OpenSSL 0-Length	No (more info)
Sleeping POODLE	No (more info)
Downgrade attack prevention	Yes, TLS_FALLBACK_SCSV supported (more info)
SSL/TLS compression	No
RC4	No
Heartbeat (extension)	No
Heartbleed (vulnerability)	No (more info)
Ticketbleed (vulnerability)	No (more info)
OpenSSL CCS vuln. (CVE-2014-0224)	No (more info)
OpenSSL Padding Oracle vuln. (CVE-2016-2107)	No (more info)
ROBOT (vulnerability)	No (more info)
Forward Secrecy	Yes (with most browsers) ROBUST (more info)
ALPN	No
NPN	No
Session resumption (caching)	No (IDs empty)
Session resumption (tickets)	Yes
OCSP stapling	No
Strict Transport Security (HSTS)	No
HSTS Preloading	Chrome Edge Firefox IE
Public Key Pinning (HPKP)	No (more info)
Public Key Pinning Report-Only	No
Public Key Pinning (Static)	No (more info)
Long handshake intolerance	No
TLS extension intolerance	No
TLS version intolerance	No
Incorrect SNI alerts	No
Uses common DH primes	No, DHE suites not supported
DH public server param (Ys) reuse	No, DHE suites not supported
ECDH public server param reuse	No
Supported Named Groups	secp256r1, secp384r1, secp521r1 (Server has no preference)
SSL 2 handshake compatibility	No
0-RTT enabled	No

HTTP Requests

1 https://test.pdns.service.ncsc.gov.uk/ (HTTP/1.1 303 See Other)
1
	Content-Type	text/html; charset=utf-8
	Location	https://blocked.teams.cloudflare.com?account_id=544553379982413c82c5450a1bac6f79&background_color=%23051d49&block_reason=&footer_text=Please+contact+your+local+Network+Administrator+or+IT+support+if+you+require+further+assistance&header_text=%E2%80%8BAccess+to+this+site+has+been+blocked+by+the+Protective+DNS+Service&location=&logo_path=https%3A%2F%2Fwelcome.pdns.service.ncsc.gov.uk%2Fncsclogo146.png&mailto_address=&mailto_subject=&name=This+site+may+be+associated+with+malicious+activity+or+malware.&params_sign=iH7t%2B2g8a2YFHC778p4l4ZZzSd9lbDcMS94fbQ0B4%2Fg%3D&query_id=&rule_id=&source_ip=69.67.183.112&suppress_footer=true&url=test.pdns.service.ncsc.gov.uk
	Date	Tue, 21 Oct 2025 14:27:51 GMT
	Content-Length	751
	Connection	close

Miscellaneous
Test date	Tue, 21 Oct 2025 14:27:36 UTC
Test duration	127.129 seconds
HTTP status code	303
HTTP forwarding	https://blocked.teams.cloudflare.com
HTTP server signature	-
Server hostname	-

Why is my certificate not trusted?

1. Invalid certificate

2. Invalid configuration

3. Unknown Certificate Authority

4. Interoperability issues

Copyright © 2009-2025 Qualys, Inc. All Rights Reserved. Privacy Policy.	Terms and Conditions
Try Qualys for free! Experience the award-winning Qualys Cloud Platform and the entire collection of Qualys Cloud Apps, including certificate security solutions.