SSL Server Test: test.pdns.service.ncsc.gov.uk (Powered by Qualys SSL Labs)

Summary

Overall Rating

T

If trust issues are ignored: A

0

20

40

60

80

100

Certificate

Protocol Support

Key Exchange

Cipher Strength

Visit our documentation page for more information, configuration guides, and books. Known issues are documented here.

This server's certificate is not trusted, see below for details.

This site works only in browsers with SNI support.

This server supports TLS 1.3. MORE INFO »

DNS Certification Authority Authorization (CAA) Policy found for this domain. MORE INFO »

Certificate #1: EC 384 bits (SHA256withECDSA)

Server Key and Certificate #1
Subject	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: df37521b3bba45180fc1af62fcb9cfbc81758839ea918c20e19441a82783673e Pin SHA256: Re4iG2EXbARJveSRnwSuZCKbUfqxFI6Ie4ZqixcDsp0=
Common names	test.pdns.service.ncsc.gov.uk
Alternative names	test.pdns.service.ncsc.gov.uk
Serial Number	0e55
Valid from	Thu, 17 Jul 2025 10:45:03 UTC
Valid until	Fri, 25 Jul 2025 10:45:03 UTC (expires in 6 days, 19 hours)
Key	EC 384 bits
Weak key (Debian)	No
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79
Signature algorithm	SHA256withECDSA
Extended Validation	No
Certificate Transparency	No
OCSP Must Staple	No
Revocation information	None
DNS CAA	Yes policy host: ncsc.gov.uk issue: letsencrypt.org flags:0 iodef: mailto:infrastructure@ncsc.gov.uk flags:0 issue: comodo.com flags:0 issue: amazon.com flags:0 issue: globalsign.com flags:0 issue: Digicert.com flags:0
Trusted	No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (1436 bytes)
Chain issues	Contains anchor
#2
Subject	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Not in trust store Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4=
Valid until	Wed, 30 Jan 2030 11:20:00 UTC (expires in 4 years and 6 months)
Key	EC 256 bits
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed
Signature algorithm	SHA256withECDSA

Certification Paths


Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: df37521b3bba45180fc1af62fcb9cfbc81758839ea918c20e19441a82783673e Pin SHA256: Re4iG2EXbARJveSRnwSuZCKbUfqxFI6Ie4ZqixcDsp0= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: df37521b3bba45180fc1af62fcb9cfbc81758839ea918c20e19441a82783673e Pin SHA256: Re4iG2EXbARJveSRnwSuZCKbUfqxFI6Ie4ZqixcDsp0= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: df37521b3bba45180fc1af62fcb9cfbc81758839ea918c20e19441a82783673e Pin SHA256: Re4iG2EXbARJveSRnwSuZCKbUfqxFI6Ie4ZqixcDsp0= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: df37521b3bba45180fc1af62fcb9cfbc81758839ea918c20e19441a82783673e Pin SHA256: Re4iG2EXbARJveSRnwSuZCKbUfqxFI6Ie4ZqixcDsp0= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: df37521b3bba45180fc1af62fcb9cfbc81758839ea918c20e19441a82783673e Pin SHA256: Re4iG2EXbARJveSRnwSuZCKbUfqxFI6Ie4ZqixcDsp0= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA

Click here to expand

Certificate #2: EC 384 bits (SHA256withECDSA)

Server Key and Certificate #1
Subject	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 8094d420531cab7c871c9cdcbd3d48e727a7a04cc5e2f7c8a90d9ba92a441345 Pin SHA256: IbzMWlwyVoU96jHjfW+SCphhghADiU/iH6fetsFsu0o=
Common names	test.pdns.service.ncsc.gov.uk
Alternative names	test.pdns.service.ncsc.gov.uk
Serial Number	5b34
Valid from	Thu, 17 Jul 2025 10:45:22 UTC
Valid until	Fri, 25 Jul 2025 10:45:22 UTC (expires in 6 days, 19 hours)
Key	EC 384 bits
Weak key (Debian)	No
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79
Signature algorithm	SHA256withECDSA
Extended Validation	No
Certificate Transparency	No
OCSP Must Staple	No
Revocation information	None
DNS CAA	Yes policy host: ncsc.gov.uk issue: letsencrypt.org flags:0 iodef: mailto:infrastructure@ncsc.gov.uk flags:0 issue: comodo.com flags:0 issue: amazon.com flags:0 issue: globalsign.com flags:0 issue: Digicert.com flags:0
Trusted	No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (1436 bytes)
Chain issues	Contains anchor
#2
Subject	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Not in trust store Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4=
Valid until	Wed, 30 Jan 2030 11:20:00 UTC (expires in 4 years and 6 months)
Key	EC 256 bits
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed
Signature algorithm	SHA256withECDSA

Certification Paths


Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 8094d420531cab7c871c9cdcbd3d48e727a7a04cc5e2f7c8a90d9ba92a441345 Pin SHA256: IbzMWlwyVoU96jHjfW+SCphhghADiU/iH6fetsFsu0o= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 8094d420531cab7c871c9cdcbd3d48e727a7a04cc5e2f7c8a90d9ba92a441345 Pin SHA256: IbzMWlwyVoU96jHjfW+SCphhghADiU/iH6fetsFsu0o= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 8094d420531cab7c871c9cdcbd3d48e727a7a04cc5e2f7c8a90d9ba92a441345 Pin SHA256: IbzMWlwyVoU96jHjfW+SCphhghADiU/iH6fetsFsu0o= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 8094d420531cab7c871c9cdcbd3d48e727a7a04cc5e2f7c8a90d9ba92a441345 Pin SHA256: IbzMWlwyVoU96jHjfW+SCphhghADiU/iH6fetsFsu0o= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 8094d420531cab7c871c9cdcbd3d48e727a7a04cc5e2f7c8a90d9ba92a441345 Pin SHA256: IbzMWlwyVoU96jHjfW+SCphhghADiU/iH6fetsFsu0o= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA

Click here to expand

Certificate #3: EC 384 bits (SHA256withECDSA)

Server Key and Certificate #1
Subject	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 251d0baa19bf172d78b6eadafb9e5690cdb63ab8925f4d1d30ee0ebe0c0654fb Pin SHA256: 8pi8H236LQAiPJaRlGtaPbL/CzVVxrTR162mg2gASAo=
Common names	test.pdns.service.ncsc.gov.uk
Alternative names	test.pdns.service.ncsc.gov.uk
Serial Number	379b
Valid from	Thu, 17 Jul 2025 10:45:23 UTC
Valid until	Fri, 25 Jul 2025 10:45:23 UTC (expires in 6 days, 19 hours)
Key	EC 384 bits
Weak key (Debian)	No
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79
Signature algorithm	SHA256withECDSA
Extended Validation	No
Certificate Transparency	No
OCSP Must Staple	No
Revocation information	None
DNS CAA	Yes policy host: ncsc.gov.uk issue: letsencrypt.org flags:0 iodef: mailto:infrastructure@ncsc.gov.uk flags:0 issue: comodo.com flags:0 issue: amazon.com flags:0 issue: globalsign.com flags:0 issue: Digicert.com flags:0
Trusted	No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (1434 bytes)
Chain issues	Contains anchor
#2
Subject	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Not in trust store Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4=
Valid until	Wed, 30 Jan 2030 11:20:00 UTC (expires in 4 years and 6 months)
Key	EC 256 bits
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed
Signature algorithm	SHA256withECDSA

Certification Paths


Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 251d0baa19bf172d78b6eadafb9e5690cdb63ab8925f4d1d30ee0ebe0c0654fb Pin SHA256: 8pi8H236LQAiPJaRlGtaPbL/CzVVxrTR162mg2gASAo= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 251d0baa19bf172d78b6eadafb9e5690cdb63ab8925f4d1d30ee0ebe0c0654fb Pin SHA256: 8pi8H236LQAiPJaRlGtaPbL/CzVVxrTR162mg2gASAo= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 251d0baa19bf172d78b6eadafb9e5690cdb63ab8925f4d1d30ee0ebe0c0654fb Pin SHA256: 8pi8H236LQAiPJaRlGtaPbL/CzVVxrTR162mg2gASAo= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 251d0baa19bf172d78b6eadafb9e5690cdb63ab8925f4d1d30ee0ebe0c0654fb Pin SHA256: 8pi8H236LQAiPJaRlGtaPbL/CzVVxrTR162mg2gASAo= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 251d0baa19bf172d78b6eadafb9e5690cdb63ab8925f4d1d30ee0ebe0c0654fb Pin SHA256: 8pi8H236LQAiPJaRlGtaPbL/CzVVxrTR162mg2gASAo= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA

Click here to expand

Certificate #4: EC 384 bits (SHA256withECDSA)

Server Key and Certificate #1
Subject	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 7cd50f6aaf546e8eb53fbab47d0fd8583e8eb3ea4c0960f55fd9e13042cdb741 Pin SHA256: HLu0jVzb5eWu9cbfMGbc1styifIfdVCp/hwZd8Lo720=
Common names	test.pdns.service.ncsc.gov.uk
Alternative names	test.pdns.service.ncsc.gov.uk
Serial Number	783e
Valid from	Thu, 17 Jul 2025 10:46:05 UTC
Valid until	Fri, 25 Jul 2025 10:46:05 UTC (expires in 6 days, 19 hours)
Key	EC 384 bits
Weak key (Debian)	No
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79
Signature algorithm	SHA256withECDSA
Extended Validation	No
Certificate Transparency	No
OCSP Must Staple	No
Revocation information	None
DNS CAA	Yes policy host: ncsc.gov.uk issue: letsencrypt.org flags:0 iodef: mailto:infrastructure@ncsc.gov.uk flags:0 issue: comodo.com flags:0 issue: amazon.com flags:0 issue: globalsign.com flags:0 issue: Digicert.com flags:0
Trusted	No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (1435 bytes)
Chain issues	Contains anchor
#2
Subject	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Not in trust store Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4=
Valid until	Wed, 30 Jan 2030 11:20:00 UTC (expires in 4 years and 6 months)
Key	EC 256 bits
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed
Signature algorithm	SHA256withECDSA

Certification Paths


Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 7cd50f6aaf546e8eb53fbab47d0fd8583e8eb3ea4c0960f55fd9e13042cdb741 Pin SHA256: HLu0jVzb5eWu9cbfMGbc1styifIfdVCp/hwZd8Lo720= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 7cd50f6aaf546e8eb53fbab47d0fd8583e8eb3ea4c0960f55fd9e13042cdb741 Pin SHA256: HLu0jVzb5eWu9cbfMGbc1styifIfdVCp/hwZd8Lo720= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 7cd50f6aaf546e8eb53fbab47d0fd8583e8eb3ea4c0960f55fd9e13042cdb741 Pin SHA256: HLu0jVzb5eWu9cbfMGbc1styifIfdVCp/hwZd8Lo720= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 7cd50f6aaf546e8eb53fbab47d0fd8583e8eb3ea4c0960f55fd9e13042cdb741 Pin SHA256: HLu0jVzb5eWu9cbfMGbc1styifIfdVCp/hwZd8Lo720= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 7cd50f6aaf546e8eb53fbab47d0fd8583e8eb3ea4c0960f55fd9e13042cdb741 Pin SHA256: HLu0jVzb5eWu9cbfMGbc1styifIfdVCp/hwZd8Lo720= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA

Click here to expand

Certificate #5: EC 384 bits (SHA256withECDSA)

Server Key and Certificate #1
Subject	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: f141327becee1a172136f4ddba8f3d7be9b42e707da30ca55da5608add0dc479 Pin SHA256: oyl0ASU1rdOI6VrEe9hXxgV90gQvixG9l9eZ6Zv5AQU=
Common names	test.pdns.service.ncsc.gov.uk
Alternative names	test.pdns.service.ncsc.gov.uk
Serial Number	42ab
Valid from	Thu, 17 Jul 2025 10:46:06 UTC
Valid until	Fri, 25 Jul 2025 10:46:06 UTC (expires in 6 days, 19 hours)
Key	EC 384 bits
Weak key (Debian)	No
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79
Signature algorithm	SHA256withECDSA
Extended Validation	No
Certificate Transparency	No
OCSP Must Staple	No
Revocation information	None
DNS CAA	Yes policy host: ncsc.gov.uk issue: letsencrypt.org flags:0 iodef: mailto:infrastructure@ncsc.gov.uk flags:0 issue: comodo.com flags:0 issue: amazon.com flags:0 issue: globalsign.com flags:0 issue: Digicert.com flags:0
Trusted	No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (1435 bytes)
Chain issues	Contains anchor
#2
Subject	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Not in trust store Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4=
Valid until	Wed, 30 Jan 2030 11:20:00 UTC (expires in 4 years and 6 months)
Key	EC 256 bits
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed
Signature algorithm	SHA256withECDSA

Certification Paths


Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: f141327becee1a172136f4ddba8f3d7be9b42e707da30ca55da5608add0dc479 Pin SHA256: oyl0ASU1rdOI6VrEe9hXxgV90gQvixG9l9eZ6Zv5AQU= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: f141327becee1a172136f4ddba8f3d7be9b42e707da30ca55da5608add0dc479 Pin SHA256: oyl0ASU1rdOI6VrEe9hXxgV90gQvixG9l9eZ6Zv5AQU= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: f141327becee1a172136f4ddba8f3d7be9b42e707da30ca55da5608add0dc479 Pin SHA256: oyl0ASU1rdOI6VrEe9hXxgV90gQvixG9l9eZ6Zv5AQU= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: f141327becee1a172136f4ddba8f3d7be9b42e707da30ca55da5608add0dc479 Pin SHA256: oyl0ASU1rdOI6VrEe9hXxgV90gQvixG9l9eZ6Zv5AQU= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: f141327becee1a172136f4ddba8f3d7be9b42e707da30ca55da5608add0dc479 Pin SHA256: oyl0ASU1rdOI6VrEe9hXxgV90gQvixG9l9eZ6Zv5AQU= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA

Click here to expand

Certificate #6: EC 384 bits (SHA256withECDSA)

Server Key and Certificate #1
Subject	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: c60039a91f46d6755f6e66119aa51dd8d6163ca568e3a7afb041d2484fbca87c Pin SHA256: P6Eo6mUMNcAXmutAOJllr4X2y74+X+Mv1pJLUlYwa1s=
Common names	test.pdns.service.ncsc.gov.uk
Alternative names	test.pdns.service.ncsc.gov.uk
Serial Number	512f
Valid from	Thu, 17 Jul 2025 10:46:07 UTC
Valid until	Fri, 25 Jul 2025 10:46:07 UTC (expires in 6 days, 19 hours)
Key	EC 384 bits
Weak key (Debian)	No
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79
Signature algorithm	SHA256withECDSA
Extended Validation	No
Certificate Transparency	No
OCSP Must Staple	No
Revocation information	None
DNS CAA	Yes policy host: ncsc.gov.uk issue: letsencrypt.org flags:0 iodef: mailto:infrastructure@ncsc.gov.uk flags:0 issue: comodo.com flags:0 issue: amazon.com flags:0 issue: globalsign.com flags:0 issue: Digicert.com flags:0
Trusted	No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (1434 bytes)
Chain issues	Contains anchor
#2
Subject	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Not in trust store Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4=
Valid until	Wed, 30 Jan 2030 11:20:00 UTC (expires in 4 years and 6 months)
Key	EC 256 bits
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed
Signature algorithm	SHA256withECDSA

Certification Paths


Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: c60039a91f46d6755f6e66119aa51dd8d6163ca568e3a7afb041d2484fbca87c Pin SHA256: P6Eo6mUMNcAXmutAOJllr4X2y74+X+Mv1pJLUlYwa1s= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: c60039a91f46d6755f6e66119aa51dd8d6163ca568e3a7afb041d2484fbca87c Pin SHA256: P6Eo6mUMNcAXmutAOJllr4X2y74+X+Mv1pJLUlYwa1s= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: c60039a91f46d6755f6e66119aa51dd8d6163ca568e3a7afb041d2484fbca87c Pin SHA256: P6Eo6mUMNcAXmutAOJllr4X2y74+X+Mv1pJLUlYwa1s= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: c60039a91f46d6755f6e66119aa51dd8d6163ca568e3a7afb041d2484fbca87c Pin SHA256: P6Eo6mUMNcAXmutAOJllr4X2y74+X+Mv1pJLUlYwa1s= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: c60039a91f46d6755f6e66119aa51dd8d6163ca568e3a7afb041d2484fbca87c Pin SHA256: P6Eo6mUMNcAXmutAOJllr4X2y74+X+Mv1pJLUlYwa1s= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA

Click here to expand

Certificate #7: EC 384 bits (SHA256withECDSA)

Server Key and Certificate #1
Subject	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 2ecade1b6598724ea23f6fab773fee78f3821804f6bcb0ec879572c3993115b5 Pin SHA256: BGYW9nQiEi4OO8Jl6FfKyJYqZi0JwqVeCmodf88UYUs=
Common names	test.pdns.service.ncsc.gov.uk
Alternative names	test.pdns.service.ncsc.gov.uk
Serial Number	0087a2
Valid from	Thu, 17 Jul 2025 10:46:07 UTC
Valid until	Fri, 25 Jul 2025 10:46:07 UTC (expires in 6 days, 19 hours)
Key	EC 384 bits
Weak key (Debian)	No
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79
Signature algorithm	SHA256withECDSA
Extended Validation	No
Certificate Transparency	No
OCSP Must Staple	No
Revocation information	None
DNS CAA	Yes policy host: ncsc.gov.uk issue: letsencrypt.org flags:0 iodef: mailto:infrastructure@ncsc.gov.uk flags:0 issue: comodo.com flags:0 issue: amazon.com flags:0 issue: globalsign.com flags:0 issue: Digicert.com flags:0
Trusted	No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (1437 bytes)
Chain issues	Contains anchor
#2
Subject	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Not in trust store Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4=
Valid until	Wed, 30 Jan 2030 11:20:00 UTC (expires in 4 years and 6 months)
Key	EC 256 bits
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed
Signature algorithm	SHA256withECDSA

Certification Paths


Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 2ecade1b6598724ea23f6fab773fee78f3821804f6bcb0ec879572c3993115b5 Pin SHA256: BGYW9nQiEi4OO8Jl6FfKyJYqZi0JwqVeCmodf88UYUs= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 2ecade1b6598724ea23f6fab773fee78f3821804f6bcb0ec879572c3993115b5 Pin SHA256: BGYW9nQiEi4OO8Jl6FfKyJYqZi0JwqVeCmodf88UYUs= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 2ecade1b6598724ea23f6fab773fee78f3821804f6bcb0ec879572c3993115b5 Pin SHA256: BGYW9nQiEi4OO8Jl6FfKyJYqZi0JwqVeCmodf88UYUs= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 2ecade1b6598724ea23f6fab773fee78f3821804f6bcb0ec879572c3993115b5 Pin SHA256: BGYW9nQiEi4OO8Jl6FfKyJYqZi0JwqVeCmodf88UYUs= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 2ecade1b6598724ea23f6fab773fee78f3821804f6bcb0ec879572c3993115b5 Pin SHA256: BGYW9nQiEi4OO8Jl6FfKyJYqZi0JwqVeCmodf88UYUs= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA

Click here to expand

Certificate #8: EC 384 bits (SHA256withECDSA)

Server Key and Certificate #1
Subject	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 81fd6ea02830be8061e3243bf8731373d2eea1cd9a6242789ed4b667b9399e78 Pin SHA256: O23FjdiEYRLMU/Ha2y6MCHdzdWEir+sYDADDdJTBfaU=
Common names	test.pdns.service.ncsc.gov.uk
Alternative names	test.pdns.service.ncsc.gov.uk
Serial Number	008f0c
Valid from	Thu, 17 Jul 2025 10:46:08 UTC
Valid until	Fri, 25 Jul 2025 10:46:08 UTC (expires in 6 days, 19 hours)
Key	EC 384 bits
Weak key (Debian)	No
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79
Signature algorithm	SHA256withECDSA
Extended Validation	No
Certificate Transparency	No
OCSP Must Staple	No
Revocation information	None
DNS CAA	Yes policy host: ncsc.gov.uk issue: letsencrypt.org flags:0 iodef: mailto:infrastructure@ncsc.gov.uk flags:0 issue: comodo.com flags:0 issue: amazon.com flags:0 issue: globalsign.com flags:0 issue: Digicert.com flags:0
Trusted	No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (1436 bytes)
Chain issues	Contains anchor
#2
Subject	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Not in trust store Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4=
Valid until	Wed, 30 Jan 2030 11:20:00 UTC (expires in 4 years and 6 months)
Key	EC 256 bits
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed
Signature algorithm	SHA256withECDSA

Certification Paths


Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 81fd6ea02830be8061e3243bf8731373d2eea1cd9a6242789ed4b667b9399e78 Pin SHA256: O23FjdiEYRLMU/Ha2y6MCHdzdWEir+sYDADDdJTBfaU= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 81fd6ea02830be8061e3243bf8731373d2eea1cd9a6242789ed4b667b9399e78 Pin SHA256: O23FjdiEYRLMU/Ha2y6MCHdzdWEir+sYDADDdJTBfaU= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 81fd6ea02830be8061e3243bf8731373d2eea1cd9a6242789ed4b667b9399e78 Pin SHA256: O23FjdiEYRLMU/Ha2y6MCHdzdWEir+sYDADDdJTBfaU= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 81fd6ea02830be8061e3243bf8731373d2eea1cd9a6242789ed4b667b9399e78 Pin SHA256: O23FjdiEYRLMU/Ha2y6MCHdzdWEir+sYDADDdJTBfaU= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 81fd6ea02830be8061e3243bf8731373d2eea1cd9a6242789ed4b667b9399e78 Pin SHA256: O23FjdiEYRLMU/Ha2y6MCHdzdWEir+sYDADDdJTBfaU= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA

Click here to expand

Certificate #9: EC 384 bits (SHA256withECDSA)

Server Key and Certificate #1
Subject	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 85727041612e681e87e555ef0cdcba6cad76f2cc5e1d46705933d968baadb0c8 Pin SHA256: +VYx05fz1e1ZgLKpD3JktTnvsFb4qayXaM0UwOXoHOY=
Common names	test.pdns.service.ncsc.gov.uk
Alternative names	test.pdns.service.ncsc.gov.uk
Serial Number	7683
Valid from	Thu, 17 Jul 2025 10:46:11 UTC
Valid until	Fri, 25 Jul 2025 10:46:11 UTC (expires in 6 days, 19 hours)
Key	EC 384 bits
Weak key (Debian)	No
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79
Signature algorithm	SHA256withECDSA
Extended Validation	No
Certificate Transparency	No
OCSP Must Staple	No
Revocation information	None
DNS CAA	Yes policy host: ncsc.gov.uk issue: letsencrypt.org flags:0 iodef: mailto:infrastructure@ncsc.gov.uk flags:0 issue: comodo.com flags:0 issue: amazon.com flags:0 issue: globalsign.com flags:0 issue: Digicert.com flags:0
Trusted	No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (1435 bytes)
Chain issues	Contains anchor
#2
Subject	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Not in trust store Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4=
Valid until	Wed, 30 Jan 2030 11:20:00 UTC (expires in 4 years and 6 months)
Key	EC 256 bits
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed
Signature algorithm	SHA256withECDSA

Certification Paths


Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 85727041612e681e87e555ef0cdcba6cad76f2cc5e1d46705933d968baadb0c8 Pin SHA256: +VYx05fz1e1ZgLKpD3JktTnvsFb4qayXaM0UwOXoHOY= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 85727041612e681e87e555ef0cdcba6cad76f2cc5e1d46705933d968baadb0c8 Pin SHA256: +VYx05fz1e1ZgLKpD3JktTnvsFb4qayXaM0UwOXoHOY= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 85727041612e681e87e555ef0cdcba6cad76f2cc5e1d46705933d968baadb0c8 Pin SHA256: +VYx05fz1e1ZgLKpD3JktTnvsFb4qayXaM0UwOXoHOY= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 85727041612e681e87e555ef0cdcba6cad76f2cc5e1d46705933d968baadb0c8 Pin SHA256: +VYx05fz1e1ZgLKpD3JktTnvsFb4qayXaM0UwOXoHOY= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 85727041612e681e87e555ef0cdcba6cad76f2cc5e1d46705933d968baadb0c8 Pin SHA256: +VYx05fz1e1ZgLKpD3JktTnvsFb4qayXaM0UwOXoHOY= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA

Click here to expand

Certificate #10: EC 384 bits (SHA256withECDSA)

Server Key and Certificate #1
Subject	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: b3cefd6db1058153d0ee88485039fa7795378004f5934d16b1d116d0e4bdfdf5 Pin SHA256: UEon619TxWuegiGFhilHCQqaheCBIMdyjzwDfGYivVA=
Common names	test.pdns.service.ncsc.gov.uk
Alternative names	test.pdns.service.ncsc.gov.uk
Serial Number	5eaa
Valid from	Thu, 17 Jul 2025 10:46:13 UTC
Valid until	Fri, 25 Jul 2025 10:46:13 UTC (expires in 6 days, 19 hours)
Key	EC 384 bits
Weak key (Debian)	No
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79
Signature algorithm	SHA256withECDSA
Extended Validation	No
Certificate Transparency	No
OCSP Must Staple	No
Revocation information	None
DNS CAA	Yes policy host: ncsc.gov.uk issue: letsencrypt.org flags:0 iodef: mailto:infrastructure@ncsc.gov.uk flags:0 issue: comodo.com flags:0 issue: amazon.com flags:0 issue: globalsign.com flags:0 issue: Digicert.com flags:0
Trusted	No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (1435 bytes)
Chain issues	Contains anchor
#2
Subject	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Not in trust store Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4=
Valid until	Wed, 30 Jan 2030 11:20:00 UTC (expires in 4 years and 6 months)
Key	EC 256 bits
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed
Signature algorithm	SHA256withECDSA

Certification Paths


Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: b3cefd6db1058153d0ee88485039fa7795378004f5934d16b1d116d0e4bdfdf5 Pin SHA256: UEon619TxWuegiGFhilHCQqaheCBIMdyjzwDfGYivVA= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: b3cefd6db1058153d0ee88485039fa7795378004f5934d16b1d116d0e4bdfdf5 Pin SHA256: UEon619TxWuegiGFhilHCQqaheCBIMdyjzwDfGYivVA= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: b3cefd6db1058153d0ee88485039fa7795378004f5934d16b1d116d0e4bdfdf5 Pin SHA256: UEon619TxWuegiGFhilHCQqaheCBIMdyjzwDfGYivVA= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: b3cefd6db1058153d0ee88485039fa7795378004f5934d16b1d116d0e4bdfdf5 Pin SHA256: UEon619TxWuegiGFhilHCQqaheCBIMdyjzwDfGYivVA= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: b3cefd6db1058153d0ee88485039fa7795378004f5934d16b1d116d0e4bdfdf5 Pin SHA256: UEon619TxWuegiGFhilHCQqaheCBIMdyjzwDfGYivVA= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA

Click here to expand

Certificate #11: EC 384 bits (SHA256withECDSA)

Server Key and Certificate #1
Subject	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: db45456bd163887a44e801d01ba856c0a16010c3cc0f2af47bccc432fc1c3d8d Pin SHA256: PEV/plUrhnPvmtw5GiQBGdWeuetbQRQUBAKUXl/kOJI=
Common names	test.pdns.service.ncsc.gov.uk
Alternative names	test.pdns.service.ncsc.gov.uk
Serial Number	30bf
Valid from	Thu, 17 Jul 2025 10:46:15 UTC
Valid until	Fri, 25 Jul 2025 10:46:15 UTC (expires in 6 days, 19 hours)
Key	EC 384 bits
Weak key (Debian)	No
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79
Signature algorithm	SHA256withECDSA
Extended Validation	No
Certificate Transparency	No
OCSP Must Staple	No
Revocation information	None
DNS CAA	Yes policy host: ncsc.gov.uk issue: letsencrypt.org flags:0 iodef: mailto:infrastructure@ncsc.gov.uk flags:0 issue: comodo.com flags:0 issue: amazon.com flags:0 issue: globalsign.com flags:0 issue: Digicert.com flags:0
Trusted	No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (1434 bytes)
Chain issues	Contains anchor
#2
Subject	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Not in trust store Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4=
Valid until	Wed, 30 Jan 2030 11:20:00 UTC (expires in 4 years and 6 months)
Key	EC 256 bits
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed
Signature algorithm	SHA256withECDSA

Certification Paths


Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: db45456bd163887a44e801d01ba856c0a16010c3cc0f2af47bccc432fc1c3d8d Pin SHA256: PEV/plUrhnPvmtw5GiQBGdWeuetbQRQUBAKUXl/kOJI= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: db45456bd163887a44e801d01ba856c0a16010c3cc0f2af47bccc432fc1c3d8d Pin SHA256: PEV/plUrhnPvmtw5GiQBGdWeuetbQRQUBAKUXl/kOJI= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: db45456bd163887a44e801d01ba856c0a16010c3cc0f2af47bccc432fc1c3d8d Pin SHA256: PEV/plUrhnPvmtw5GiQBGdWeuetbQRQUBAKUXl/kOJI= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: db45456bd163887a44e801d01ba856c0a16010c3cc0f2af47bccc432fc1c3d8d Pin SHA256: PEV/plUrhnPvmtw5GiQBGdWeuetbQRQUBAKUXl/kOJI= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: db45456bd163887a44e801d01ba856c0a16010c3cc0f2af47bccc432fc1c3d8d Pin SHA256: PEV/plUrhnPvmtw5GiQBGdWeuetbQRQUBAKUXl/kOJI= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA

Click here to expand

Certificate #12: EC 384 bits (SHA256withECDSA)

Server Key and Certificate #1
Subject	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 85240b4b8a89eca2093e456fecef2a50e535ae275d72bcfa65790cc2b2e22100 Pin SHA256: K128A5j/QF6e++cEb+dzGsrnBtdVyggIjTLz8n9Pji4=
Common names	test.pdns.service.ncsc.gov.uk
Alternative names	test.pdns.service.ncsc.gov.uk
Serial Number	3dc7
Valid from	Thu, 17 Jul 2025 10:46:16 UTC
Valid until	Fri, 25 Jul 2025 10:46:16 UTC (expires in 6 days, 19 hours)
Key	EC 384 bits
Weak key (Debian)	No
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79
Signature algorithm	SHA256withECDSA
Extended Validation	No
Certificate Transparency	No
OCSP Must Staple	No
Revocation information	None
DNS CAA	Yes policy host: ncsc.gov.uk issue: letsencrypt.org flags:0 iodef: mailto:infrastructure@ncsc.gov.uk flags:0 issue: comodo.com flags:0 issue: amazon.com flags:0 issue: globalsign.com flags:0 issue: Digicert.com flags:0
Trusted	No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (1435 bytes)
Chain issues	Contains anchor
#2
Subject	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Not in trust store Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4=
Valid until	Wed, 30 Jan 2030 11:20:00 UTC (expires in 4 years and 6 months)
Key	EC 256 bits
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed
Signature algorithm	SHA256withECDSA

Certification Paths


Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 85240b4b8a89eca2093e456fecef2a50e535ae275d72bcfa65790cc2b2e22100 Pin SHA256: K128A5j/QF6e++cEb+dzGsrnBtdVyggIjTLz8n9Pji4= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 85240b4b8a89eca2093e456fecef2a50e535ae275d72bcfa65790cc2b2e22100 Pin SHA256: K128A5j/QF6e++cEb+dzGsrnBtdVyggIjTLz8n9Pji4= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 85240b4b8a89eca2093e456fecef2a50e535ae275d72bcfa65790cc2b2e22100 Pin SHA256: K128A5j/QF6e++cEb+dzGsrnBtdVyggIjTLz8n9Pji4= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 85240b4b8a89eca2093e456fecef2a50e535ae275d72bcfa65790cc2b2e22100 Pin SHA256: K128A5j/QF6e++cEb+dzGsrnBtdVyggIjTLz8n9Pji4= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 85240b4b8a89eca2093e456fecef2a50e535ae275d72bcfa65790cc2b2e22100 Pin SHA256: K128A5j/QF6e++cEb+dzGsrnBtdVyggIjTLz8n9Pji4= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA

Click here to expand

Certificate #13: EC 384 bits (SHA256withECDSA)

Server Key and Certificate #1
Subject	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: de59010dcbcf49ca90950a1e031921ff4f90dccdb1a1a908196b2b1aaa04ada6 Pin SHA256: pt8D0ZKYg2YWQ3BuRmOBPhLLNZtIGUyWzJaZlrC88c4=
Common names	test.pdns.service.ncsc.gov.uk
Alternative names	test.pdns.service.ncsc.gov.uk
Serial Number	598a
Valid from	Thu, 17 Jul 2025 10:46:17 UTC
Valid until	Fri, 25 Jul 2025 10:46:17 UTC (expires in 6 days, 19 hours)
Key	EC 384 bits
Weak key (Debian)	No
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79
Signature algorithm	SHA256withECDSA
Extended Validation	No
Certificate Transparency	No
OCSP Must Staple	No
Revocation information	None
DNS CAA	Yes policy host: ncsc.gov.uk issue: letsencrypt.org flags:0 iodef: mailto:infrastructure@ncsc.gov.uk flags:0 issue: comodo.com flags:0 issue: amazon.com flags:0 issue: globalsign.com flags:0 issue: Digicert.com flags:0
Trusted	No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (1434 bytes)
Chain issues	Contains anchor
#2
Subject	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Not in trust store Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4=
Valid until	Wed, 30 Jan 2030 11:20:00 UTC (expires in 4 years and 6 months)
Key	EC 256 bits
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed
Signature algorithm	SHA256withECDSA

Certification Paths


Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: de59010dcbcf49ca90950a1e031921ff4f90dccdb1a1a908196b2b1aaa04ada6 Pin SHA256: pt8D0ZKYg2YWQ3BuRmOBPhLLNZtIGUyWzJaZlrC88c4= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: de59010dcbcf49ca90950a1e031921ff4f90dccdb1a1a908196b2b1aaa04ada6 Pin SHA256: pt8D0ZKYg2YWQ3BuRmOBPhLLNZtIGUyWzJaZlrC88c4= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: de59010dcbcf49ca90950a1e031921ff4f90dccdb1a1a908196b2b1aaa04ada6 Pin SHA256: pt8D0ZKYg2YWQ3BuRmOBPhLLNZtIGUyWzJaZlrC88c4= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: de59010dcbcf49ca90950a1e031921ff4f90dccdb1a1a908196b2b1aaa04ada6 Pin SHA256: pt8D0ZKYg2YWQ3BuRmOBPhLLNZtIGUyWzJaZlrC88c4= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: de59010dcbcf49ca90950a1e031921ff4f90dccdb1a1a908196b2b1aaa04ada6 Pin SHA256: pt8D0ZKYg2YWQ3BuRmOBPhLLNZtIGUyWzJaZlrC88c4= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA

Click here to expand

Certificate #14: EC 384 bits (SHA256withECDSA)

Server Key and Certificate #1
Subject	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: a56992b8f88e2df6af0e474a3c58e81100cbdafde0b5d1a390fad2cc0a199155 Pin SHA256: 04axZnwMHLecoutpsrJq4LF2BZXENC7QVce3RDRS4ys=
Common names	test.pdns.service.ncsc.gov.uk
Alternative names	test.pdns.service.ncsc.gov.uk
Serial Number	2741
Valid from	Thu, 17 Jul 2025 10:46:18 UTC
Valid until	Fri, 25 Jul 2025 10:46:18 UTC (expires in 6 days, 19 hours)
Key	EC 384 bits
Weak key (Debian)	No
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79
Signature algorithm	SHA256withECDSA
Extended Validation	No
Certificate Transparency	No
OCSP Must Staple	No
Revocation information	None
DNS CAA	Yes policy host: ncsc.gov.uk issue: letsencrypt.org flags:0 iodef: mailto:infrastructure@ncsc.gov.uk flags:0 issue: comodo.com flags:0 issue: amazon.com flags:0 issue: globalsign.com flags:0 issue: Digicert.com flags:0
Trusted	No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (1436 bytes)
Chain issues	Contains anchor
#2
Subject	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Not in trust store Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4=
Valid until	Wed, 30 Jan 2030 11:20:00 UTC (expires in 4 years and 6 months)
Key	EC 256 bits
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed
Signature algorithm	SHA256withECDSA

Certification Paths


Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: a56992b8f88e2df6af0e474a3c58e81100cbdafde0b5d1a390fad2cc0a199155 Pin SHA256: 04axZnwMHLecoutpsrJq4LF2BZXENC7QVce3RDRS4ys= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: a56992b8f88e2df6af0e474a3c58e81100cbdafde0b5d1a390fad2cc0a199155 Pin SHA256: 04axZnwMHLecoutpsrJq4LF2BZXENC7QVce3RDRS4ys= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: a56992b8f88e2df6af0e474a3c58e81100cbdafde0b5d1a390fad2cc0a199155 Pin SHA256: 04axZnwMHLecoutpsrJq4LF2BZXENC7QVce3RDRS4ys= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: a56992b8f88e2df6af0e474a3c58e81100cbdafde0b5d1a390fad2cc0a199155 Pin SHA256: 04axZnwMHLecoutpsrJq4LF2BZXENC7QVce3RDRS4ys= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: a56992b8f88e2df6af0e474a3c58e81100cbdafde0b5d1a390fad2cc0a199155 Pin SHA256: 04axZnwMHLecoutpsrJq4LF2BZXENC7QVce3RDRS4ys= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA

Click here to expand

Certificate #15: EC 384 bits (SHA256withECDSA)

Server Key and Certificate #1
Subject	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 76088bc46e75bc582837217496b04c30a33471c1acf39ea40f1aecf123d17d5e Pin SHA256: OEShEzUxBEZCu9YdAG72egCEOTbZtRmAcwFgk6EJRio=
Common names	test.pdns.service.ncsc.gov.uk
Alternative names	test.pdns.service.ncsc.gov.uk
Serial Number	2871
Valid from	Thu, 17 Jul 2025 10:46:20 UTC
Valid until	Fri, 25 Jul 2025 10:46:20 UTC (expires in 6 days, 19 hours)
Key	EC 384 bits
Weak key (Debian)	No
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79
Signature algorithm	SHA256withECDSA
Extended Validation	No
Certificate Transparency	No
OCSP Must Staple	No
Revocation information	None
DNS CAA	Yes policy host: ncsc.gov.uk issue: letsencrypt.org flags:0 iodef: mailto:infrastructure@ncsc.gov.uk flags:0 issue: comodo.com flags:0 issue: amazon.com flags:0 issue: globalsign.com flags:0 issue: Digicert.com flags:0
Trusted	No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (1435 bytes)
Chain issues	Contains anchor
#2
Subject	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Not in trust store Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4=
Valid until	Wed, 30 Jan 2030 11:20:00 UTC (expires in 4 years and 6 months)
Key	EC 256 bits
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed
Signature algorithm	SHA256withECDSA

Certification Paths


Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 76088bc46e75bc582837217496b04c30a33471c1acf39ea40f1aecf123d17d5e Pin SHA256: OEShEzUxBEZCu9YdAG72egCEOTbZtRmAcwFgk6EJRio= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 76088bc46e75bc582837217496b04c30a33471c1acf39ea40f1aecf123d17d5e Pin SHA256: OEShEzUxBEZCu9YdAG72egCEOTbZtRmAcwFgk6EJRio= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 76088bc46e75bc582837217496b04c30a33471c1acf39ea40f1aecf123d17d5e Pin SHA256: OEShEzUxBEZCu9YdAG72egCEOTbZtRmAcwFgk6EJRio= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 76088bc46e75bc582837217496b04c30a33471c1acf39ea40f1aecf123d17d5e Pin SHA256: OEShEzUxBEZCu9YdAG72egCEOTbZtRmAcwFgk6EJRio= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 76088bc46e75bc582837217496b04c30a33471c1acf39ea40f1aecf123d17d5e Pin SHA256: OEShEzUxBEZCu9YdAG72egCEOTbZtRmAcwFgk6EJRio= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA

Click here to expand

Certificate #16: EC 384 bits (SHA256withECDSA)

Server Key and Certificate #1
Subject	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: f589f753ddf6b87ff2082170473a15956166c2e525a3f88ec83611f14eba7137 Pin SHA256: VW5xlsQR6wvf1f+GvrazUdAgu3RgFM9dpq/TFWGXcv0=
Common names	test.pdns.service.ncsc.gov.uk
Alternative names	test.pdns.service.ncsc.gov.uk
Serial Number	5b8a
Valid from	Thu, 17 Jul 2025 10:46:20 UTC
Valid until	Fri, 25 Jul 2025 10:46:20 UTC (expires in 6 days, 19 hours)
Key	EC 384 bits
Weak key (Debian)	No
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79
Signature algorithm	SHA256withECDSA
Extended Validation	No
Certificate Transparency	No
OCSP Must Staple	No
Revocation information	None
DNS CAA	Yes policy host: ncsc.gov.uk issue: letsencrypt.org flags:0 iodef: mailto:infrastructure@ncsc.gov.uk flags:0 issue: comodo.com flags:0 issue: amazon.com flags:0 issue: globalsign.com flags:0 issue: Digicert.com flags:0
Trusted	No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (1434 bytes)
Chain issues	Contains anchor
#2
Subject	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Not in trust store Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4=
Valid until	Wed, 30 Jan 2030 11:20:00 UTC (expires in 4 years and 6 months)
Key	EC 256 bits
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed
Signature algorithm	SHA256withECDSA

Certification Paths


Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: f589f753ddf6b87ff2082170473a15956166c2e525a3f88ec83611f14eba7137 Pin SHA256: VW5xlsQR6wvf1f+GvrazUdAgu3RgFM9dpq/TFWGXcv0= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: f589f753ddf6b87ff2082170473a15956166c2e525a3f88ec83611f14eba7137 Pin SHA256: VW5xlsQR6wvf1f+GvrazUdAgu3RgFM9dpq/TFWGXcv0= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: f589f753ddf6b87ff2082170473a15956166c2e525a3f88ec83611f14eba7137 Pin SHA256: VW5xlsQR6wvf1f+GvrazUdAgu3RgFM9dpq/TFWGXcv0= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: f589f753ddf6b87ff2082170473a15956166c2e525a3f88ec83611f14eba7137 Pin SHA256: VW5xlsQR6wvf1f+GvrazUdAgu3RgFM9dpq/TFWGXcv0= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: f589f753ddf6b87ff2082170473a15956166c2e525a3f88ec83611f14eba7137 Pin SHA256: VW5xlsQR6wvf1f+GvrazUdAgu3RgFM9dpq/TFWGXcv0= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA

Click here to expand

Certificate #17: EC 384 bits (SHA256withECDSA)

Server Key and Certificate #1
Subject	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: a6dee6a3b94b6cd88b60fd7dbb12b01f584e991705afbeb90ee0e7ae9afe25fc Pin SHA256: HpMxSj8lndsUGiSJRjZNVMuwbqSB+iQJWQ+R8qHkdgk=
Common names	test.pdns.service.ncsc.gov.uk
Alternative names	test.pdns.service.ncsc.gov.uk
Serial Number	2946
Valid from	Thu, 17 Jul 2025 10:46:21 UTC
Valid until	Fri, 25 Jul 2025 10:46:21 UTC (expires in 6 days, 19 hours)
Key	EC 384 bits
Weak key (Debian)	No
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79
Signature algorithm	SHA256withECDSA
Extended Validation	No
Certificate Transparency	No
OCSP Must Staple	No
Revocation information	None
DNS CAA	Yes policy host: ncsc.gov.uk issue: letsencrypt.org flags:0 iodef: mailto:infrastructure@ncsc.gov.uk flags:0 issue: comodo.com flags:0 issue: amazon.com flags:0 issue: globalsign.com flags:0 issue: Digicert.com flags:0
Trusted	No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (1435 bytes)
Chain issues	Contains anchor
#2
Subject	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Not in trust store Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4=
Valid until	Wed, 30 Jan 2030 11:20:00 UTC (expires in 4 years and 6 months)
Key	EC 256 bits
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed
Signature algorithm	SHA256withECDSA

Certification Paths


Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: a6dee6a3b94b6cd88b60fd7dbb12b01f584e991705afbeb90ee0e7ae9afe25fc Pin SHA256: HpMxSj8lndsUGiSJRjZNVMuwbqSB+iQJWQ+R8qHkdgk= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: a6dee6a3b94b6cd88b60fd7dbb12b01f584e991705afbeb90ee0e7ae9afe25fc Pin SHA256: HpMxSj8lndsUGiSJRjZNVMuwbqSB+iQJWQ+R8qHkdgk= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: a6dee6a3b94b6cd88b60fd7dbb12b01f584e991705afbeb90ee0e7ae9afe25fc Pin SHA256: HpMxSj8lndsUGiSJRjZNVMuwbqSB+iQJWQ+R8qHkdgk= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: a6dee6a3b94b6cd88b60fd7dbb12b01f584e991705afbeb90ee0e7ae9afe25fc Pin SHA256: HpMxSj8lndsUGiSJRjZNVMuwbqSB+iQJWQ+R8qHkdgk= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: a6dee6a3b94b6cd88b60fd7dbb12b01f584e991705afbeb90ee0e7ae9afe25fc Pin SHA256: HpMxSj8lndsUGiSJRjZNVMuwbqSB+iQJWQ+R8qHkdgk= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA

Click here to expand

Certificate #18: EC 384 bits (SHA256withECDSA)

Server Key and Certificate #1
Subject	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 342e38015a3b8b95a945a8e49aa0a1fec79f36dc40cf788873a48389c7c4bb23 Pin SHA256: UB5R5xUyvEmIgg7sHEGUA9ELxtSrCXobuBLJn5yu+1o=
Common names	test.pdns.service.ncsc.gov.uk
Alternative names	test.pdns.service.ncsc.gov.uk
Serial Number	354d
Valid from	Thu, 17 Jul 2025 10:46:22 UTC
Valid until	Fri, 25 Jul 2025 10:46:22 UTC (expires in 6 days, 19 hours)
Key	EC 384 bits
Weak key (Debian)	No
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79
Signature algorithm	SHA256withECDSA
Extended Validation	No
Certificate Transparency	No
OCSP Must Staple	No
Revocation information	None
DNS CAA	Yes policy host: ncsc.gov.uk issue: letsencrypt.org flags:0 iodef: mailto:infrastructure@ncsc.gov.uk flags:0 issue: comodo.com flags:0 issue: amazon.com flags:0 issue: globalsign.com flags:0 issue: Digicert.com flags:0
Trusted	No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (1435 bytes)
Chain issues	Contains anchor
#2
Subject	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Not in trust store Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4=
Valid until	Wed, 30 Jan 2030 11:20:00 UTC (expires in 4 years and 6 months)
Key	EC 256 bits
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed
Signature algorithm	SHA256withECDSA

Certification Paths


Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 342e38015a3b8b95a945a8e49aa0a1fec79f36dc40cf788873a48389c7c4bb23 Pin SHA256: UB5R5xUyvEmIgg7sHEGUA9ELxtSrCXobuBLJn5yu+1o= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 342e38015a3b8b95a945a8e49aa0a1fec79f36dc40cf788873a48389c7c4bb23 Pin SHA256: UB5R5xUyvEmIgg7sHEGUA9ELxtSrCXobuBLJn5yu+1o= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 342e38015a3b8b95a945a8e49aa0a1fec79f36dc40cf788873a48389c7c4bb23 Pin SHA256: UB5R5xUyvEmIgg7sHEGUA9ELxtSrCXobuBLJn5yu+1o= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 342e38015a3b8b95a945a8e49aa0a1fec79f36dc40cf788873a48389c7c4bb23 Pin SHA256: UB5R5xUyvEmIgg7sHEGUA9ELxtSrCXobuBLJn5yu+1o= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 342e38015a3b8b95a945a8e49aa0a1fec79f36dc40cf788873a48389c7c4bb23 Pin SHA256: UB5R5xUyvEmIgg7sHEGUA9ELxtSrCXobuBLJn5yu+1o= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA

Click here to expand

Certificate #19: EC 384 bits (SHA256withECDSA)

Server Key and Certificate #1
Subject	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: acd22a7885b61821f8be5a231366d84c377b09b48da6913179427c9f7a506078 Pin SHA256: 08YUgXlzxwHr63pSoHYUdIOdlKbxXO8GfDOmpdUWVtk=
Common names	test.pdns.service.ncsc.gov.uk
Alternative names	test.pdns.service.ncsc.gov.uk
Serial Number	009f4c
Valid from	Thu, 17 Jul 2025 10:46:23 UTC
Valid until	Fri, 25 Jul 2025 10:46:23 UTC (expires in 6 days, 19 hours)
Key	EC 384 bits
Weak key (Debian)	No
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79
Signature algorithm	SHA256withECDSA
Extended Validation	No
Certificate Transparency	No
OCSP Must Staple	No
Revocation information	None
DNS CAA	Yes policy host: ncsc.gov.uk issue: letsencrypt.org flags:0 iodef: mailto:infrastructure@ncsc.gov.uk flags:0 issue: comodo.com flags:0 issue: amazon.com flags:0 issue: globalsign.com flags:0 issue: Digicert.com flags:0
Trusted	No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (1437 bytes)
Chain issues	Contains anchor
#2
Subject	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Not in trust store Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4=
Valid until	Wed, 30 Jan 2030 11:20:00 UTC (expires in 4 years and 6 months)
Key	EC 256 bits
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed
Signature algorithm	SHA256withECDSA

Certification Paths


Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: acd22a7885b61821f8be5a231366d84c377b09b48da6913179427c9f7a506078 Pin SHA256: 08YUgXlzxwHr63pSoHYUdIOdlKbxXO8GfDOmpdUWVtk= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: acd22a7885b61821f8be5a231366d84c377b09b48da6913179427c9f7a506078 Pin SHA256: 08YUgXlzxwHr63pSoHYUdIOdlKbxXO8GfDOmpdUWVtk= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: acd22a7885b61821f8be5a231366d84c377b09b48da6913179427c9f7a506078 Pin SHA256: 08YUgXlzxwHr63pSoHYUdIOdlKbxXO8GfDOmpdUWVtk= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: acd22a7885b61821f8be5a231366d84c377b09b48da6913179427c9f7a506078 Pin SHA256: 08YUgXlzxwHr63pSoHYUdIOdlKbxXO8GfDOmpdUWVtk= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: acd22a7885b61821f8be5a231366d84c377b09b48da6913179427c9f7a506078 Pin SHA256: 08YUgXlzxwHr63pSoHYUdIOdlKbxXO8GfDOmpdUWVtk= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA

Click here to expand

Certificate #20: EC 384 bits (SHA256withECDSA)

Server Key and Certificate #1
Subject	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 59287a790751712db28092d9af7ed3dbe9b953344a02d71ada5ca179083dbfbe Pin SHA256: jSP1251s2m9r/tqaZJtUFLG5E8O9LA6wcjhjZI4b3tc=
Common names	test.pdns.service.ncsc.gov.uk
Alternative names	test.pdns.service.ncsc.gov.uk
Serial Number	008e99
Valid from	Thu, 17 Jul 2025 10:46:24 UTC
Valid until	Fri, 25 Jul 2025 10:46:24 UTC (expires in 6 days, 19 hours)
Key	EC 384 bits
Weak key (Debian)	No
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79
Signature algorithm	SHA256withECDSA
Extended Validation	No
Certificate Transparency	No
OCSP Must Staple	No
Revocation information	None
DNS CAA	Yes policy host: ncsc.gov.uk issue: letsencrypt.org flags:0 iodef: mailto:infrastructure@ncsc.gov.uk flags:0 issue: comodo.com flags:0 issue: amazon.com flags:0 issue: globalsign.com flags:0 issue: Digicert.com flags:0
Trusted	No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (1437 bytes)
Chain issues	Contains anchor
#2
Subject	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Not in trust store Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4=
Valid until	Wed, 30 Jan 2030 11:20:00 UTC (expires in 4 years and 6 months)
Key	EC 256 bits
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed
Signature algorithm	SHA256withECDSA

Certification Paths


Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 59287a790751712db28092d9af7ed3dbe9b953344a02d71ada5ca179083dbfbe Pin SHA256: jSP1251s2m9r/tqaZJtUFLG5E8O9LA6wcjhjZI4b3tc= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 59287a790751712db28092d9af7ed3dbe9b953344a02d71ada5ca179083dbfbe Pin SHA256: jSP1251s2m9r/tqaZJtUFLG5E8O9LA6wcjhjZI4b3tc= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 59287a790751712db28092d9af7ed3dbe9b953344a02d71ada5ca179083dbfbe Pin SHA256: jSP1251s2m9r/tqaZJtUFLG5E8O9LA6wcjhjZI4b3tc= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 59287a790751712db28092d9af7ed3dbe9b953344a02d71ada5ca179083dbfbe Pin SHA256: jSP1251s2m9r/tqaZJtUFLG5E8O9LA6wcjhjZI4b3tc= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 59287a790751712db28092d9af7ed3dbe9b953344a02d71ada5ca179083dbfbe Pin SHA256: jSP1251s2m9r/tqaZJtUFLG5E8O9LA6wcjhjZI4b3tc= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA

Click here to expand

Certificate #21: EC 384 bits (SHA256withECDSA)

Server Key and Certificate #1
Subject	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: ed6f6797a9c3fdd9d81335b8cb60de27210a18ffaafe0de4a39af17496087b0f Pin SHA256: dz+bZ6Y4J05VabOoQ98k4yjauvHe4PxHqwTQPeW28JM=
Common names	test.pdns.service.ncsc.gov.uk
Alternative names	test.pdns.service.ncsc.gov.uk
Serial Number	3d3e
Valid from	Thu, 17 Jul 2025 10:46:25 UTC
Valid until	Fri, 25 Jul 2025 10:46:25 UTC (expires in 6 days, 19 hours)
Key	EC 384 bits
Weak key (Debian)	No
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79
Signature algorithm	SHA256withECDSA
Extended Validation	No
Certificate Transparency	No
OCSP Must Staple	No
Revocation information	None
DNS CAA	Yes policy host: ncsc.gov.uk issue: letsencrypt.org flags:0 iodef: mailto:infrastructure@ncsc.gov.uk flags:0 issue: comodo.com flags:0 issue: amazon.com flags:0 issue: globalsign.com flags:0 issue: Digicert.com flags:0
Trusted	No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (1436 bytes)
Chain issues	Contains anchor
#2
Subject	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Not in trust store Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4=
Valid until	Wed, 30 Jan 2030 11:20:00 UTC (expires in 4 years and 6 months)
Key	EC 256 bits
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed
Signature algorithm	SHA256withECDSA

Certification Paths


Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: ed6f6797a9c3fdd9d81335b8cb60de27210a18ffaafe0de4a39af17496087b0f Pin SHA256: dz+bZ6Y4J05VabOoQ98k4yjauvHe4PxHqwTQPeW28JM= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: ed6f6797a9c3fdd9d81335b8cb60de27210a18ffaafe0de4a39af17496087b0f Pin SHA256: dz+bZ6Y4J05VabOoQ98k4yjauvHe4PxHqwTQPeW28JM= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: ed6f6797a9c3fdd9d81335b8cb60de27210a18ffaafe0de4a39af17496087b0f Pin SHA256: dz+bZ6Y4J05VabOoQ98k4yjauvHe4PxHqwTQPeW28JM= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: ed6f6797a9c3fdd9d81335b8cb60de27210a18ffaafe0de4a39af17496087b0f Pin SHA256: dz+bZ6Y4J05VabOoQ98k4yjauvHe4PxHqwTQPeW28JM= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: ed6f6797a9c3fdd9d81335b8cb60de27210a18ffaafe0de4a39af17496087b0f Pin SHA256: dz+bZ6Y4J05VabOoQ98k4yjauvHe4PxHqwTQPeW28JM= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA

Click here to expand

Certificate #22: EC 384 bits (SHA256withECDSA)

Server Key and Certificate #1
Subject	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: c81dc2e78d5a7bcb741ac85ee2977f8b76d8603d590faa6a1c02e4a3471899d0 Pin SHA256: DYZdt+GaUswVPpXsPq1buE2vkkPaBBVc7z3nEN4/XQg=
Common names	test.pdns.service.ncsc.gov.uk
Alternative names	test.pdns.service.ncsc.gov.uk
Serial Number	26b3
Valid from	Thu, 17 Jul 2025 10:46:25 UTC
Valid until	Fri, 25 Jul 2025 10:46:25 UTC (expires in 6 days, 19 hours)
Key	EC 384 bits
Weak key (Debian)	No
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79
Signature algorithm	SHA256withECDSA
Extended Validation	No
Certificate Transparency	No
OCSP Must Staple	No
Revocation information	None
DNS CAA	Yes policy host: ncsc.gov.uk issue: letsencrypt.org flags:0 iodef: mailto:infrastructure@ncsc.gov.uk flags:0 issue: comodo.com flags:0 issue: amazon.com flags:0 issue: globalsign.com flags:0 issue: Digicert.com flags:0
Trusted	No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (1436 bytes)
Chain issues	Contains anchor
#2
Subject	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Not in trust store Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4=
Valid until	Wed, 30 Jan 2030 11:20:00 UTC (expires in 4 years and 6 months)
Key	EC 256 bits
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed
Signature algorithm	SHA256withECDSA

Certification Paths


Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: c81dc2e78d5a7bcb741ac85ee2977f8b76d8603d590faa6a1c02e4a3471899d0 Pin SHA256: DYZdt+GaUswVPpXsPq1buE2vkkPaBBVc7z3nEN4/XQg= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: c81dc2e78d5a7bcb741ac85ee2977f8b76d8603d590faa6a1c02e4a3471899d0 Pin SHA256: DYZdt+GaUswVPpXsPq1buE2vkkPaBBVc7z3nEN4/XQg= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: c81dc2e78d5a7bcb741ac85ee2977f8b76d8603d590faa6a1c02e4a3471899d0 Pin SHA256: DYZdt+GaUswVPpXsPq1buE2vkkPaBBVc7z3nEN4/XQg= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: c81dc2e78d5a7bcb741ac85ee2977f8b76d8603d590faa6a1c02e4a3471899d0 Pin SHA256: DYZdt+GaUswVPpXsPq1buE2vkkPaBBVc7z3nEN4/XQg= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: c81dc2e78d5a7bcb741ac85ee2977f8b76d8603d590faa6a1c02e4a3471899d0 Pin SHA256: DYZdt+GaUswVPpXsPq1buE2vkkPaBBVc7z3nEN4/XQg= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA

Click here to expand

Certificate #23: EC 384 bits (SHA256withECDSA)

Server Key and Certificate #1
Subject	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: ebebcef561f5a6ba48731065de2c9a35fbc7e55555fb021409c08085064acfb9 Pin SHA256: zbPOfzd1b66rLU3/n1fsNpTaew9tuBFjOD7LjryqkYE=
Common names	test.pdns.service.ncsc.gov.uk
Alternative names	test.pdns.service.ncsc.gov.uk
Serial Number	62aa
Valid from	Thu, 17 Jul 2025 10:46:26 UTC
Valid until	Fri, 25 Jul 2025 10:46:26 UTC (expires in 6 days, 19 hours)
Key	EC 384 bits
Weak key (Debian)	No
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79
Signature algorithm	SHA256withECDSA
Extended Validation	No
Certificate Transparency	No
OCSP Must Staple	No
Revocation information	None
DNS CAA	Yes policy host: ncsc.gov.uk issue: letsencrypt.org flags:0 iodef: mailto:infrastructure@ncsc.gov.uk flags:0 issue: comodo.com flags:0 issue: amazon.com flags:0 issue: globalsign.com flags:0 issue: Digicert.com flags:0
Trusted	No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (1435 bytes)
Chain issues	Contains anchor
#2
Subject	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Not in trust store Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4=
Valid until	Wed, 30 Jan 2030 11:20:00 UTC (expires in 4 years and 6 months)
Key	EC 256 bits
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed
Signature algorithm	SHA256withECDSA

Certification Paths


Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: ebebcef561f5a6ba48731065de2c9a35fbc7e55555fb021409c08085064acfb9 Pin SHA256: zbPOfzd1b66rLU3/n1fsNpTaew9tuBFjOD7LjryqkYE= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: ebebcef561f5a6ba48731065de2c9a35fbc7e55555fb021409c08085064acfb9 Pin SHA256: zbPOfzd1b66rLU3/n1fsNpTaew9tuBFjOD7LjryqkYE= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: ebebcef561f5a6ba48731065de2c9a35fbc7e55555fb021409c08085064acfb9 Pin SHA256: zbPOfzd1b66rLU3/n1fsNpTaew9tuBFjOD7LjryqkYE= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: ebebcef561f5a6ba48731065de2c9a35fbc7e55555fb021409c08085064acfb9 Pin SHA256: zbPOfzd1b66rLU3/n1fsNpTaew9tuBFjOD7LjryqkYE= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: ebebcef561f5a6ba48731065de2c9a35fbc7e55555fb021409c08085064acfb9 Pin SHA256: zbPOfzd1b66rLU3/n1fsNpTaew9tuBFjOD7LjryqkYE= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA

Click here to expand

Certificate #24: EC 384 bits (SHA256withECDSA)

Server Key and Certificate #1
Subject	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 2b5ededdbad793d6736fa6482e81b4ca6782a916935e00ec35353bd7baca0a00 Pin SHA256: aCrQC+4wOyjK+7MCiimF83mVoISMv/WKmzSVXvChEV4=
Common names	test.pdns.service.ncsc.gov.uk
Alternative names	test.pdns.service.ncsc.gov.uk
Serial Number	1689
Valid from	Thu, 17 Jul 2025 10:46:27 UTC
Valid until	Fri, 25 Jul 2025 10:46:27 UTC (expires in 6 days, 19 hours)
Key	EC 384 bits
Weak key (Debian)	No
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79
Signature algorithm	SHA256withECDSA
Extended Validation	No
Certificate Transparency	No
OCSP Must Staple	No
Revocation information	None
DNS CAA	Yes policy host: ncsc.gov.uk issue: letsencrypt.org flags:0 iodef: mailto:infrastructure@ncsc.gov.uk flags:0 issue: comodo.com flags:0 issue: amazon.com flags:0 issue: globalsign.com flags:0 issue: Digicert.com flags:0
Trusted	No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (1434 bytes)
Chain issues	Contains anchor
#2
Subject	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Not in trust store Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4=
Valid until	Wed, 30 Jan 2030 11:20:00 UTC (expires in 4 years and 6 months)
Key	EC 256 bits
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed
Signature algorithm	SHA256withECDSA

Certification Paths


Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 2b5ededdbad793d6736fa6482e81b4ca6782a916935e00ec35353bd7baca0a00 Pin SHA256: aCrQC+4wOyjK+7MCiimF83mVoISMv/WKmzSVXvChEV4= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 2b5ededdbad793d6736fa6482e81b4ca6782a916935e00ec35353bd7baca0a00 Pin SHA256: aCrQC+4wOyjK+7MCiimF83mVoISMv/WKmzSVXvChEV4= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 2b5ededdbad793d6736fa6482e81b4ca6782a916935e00ec35353bd7baca0a00 Pin SHA256: aCrQC+4wOyjK+7MCiimF83mVoISMv/WKmzSVXvChEV4= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 2b5ededdbad793d6736fa6482e81b4ca6782a916935e00ec35353bd7baca0a00 Pin SHA256: aCrQC+4wOyjK+7MCiimF83mVoISMv/WKmzSVXvChEV4= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 2b5ededdbad793d6736fa6482e81b4ca6782a916935e00ec35353bd7baca0a00 Pin SHA256: aCrQC+4wOyjK+7MCiimF83mVoISMv/WKmzSVXvChEV4= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA

Click here to expand

Certificate #25: EC 384 bits (SHA256withECDSA)

Server Key and Certificate #1
Subject	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: e0b4646717e61ff13a0e7323cdb5203a6525d0d985e1f3fecd54ad0b8edf6541 Pin SHA256: CH2vfW3c78e/4kiIn+R+Z7YwdnBQaJlVx4WU3Hh5yJY=
Common names	test.pdns.service.ncsc.gov.uk
Alternative names	test.pdns.service.ncsc.gov.uk
Serial Number	0098d5
Valid from	Thu, 17 Jul 2025 10:46:28 UTC
Valid until	Fri, 25 Jul 2025 10:46:28 UTC (expires in 6 days, 19 hours)
Key	EC 384 bits
Weak key (Debian)	No
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79
Signature algorithm	SHA256withECDSA
Extended Validation	No
Certificate Transparency	No
OCSP Must Staple	No
Revocation information	None
DNS CAA	Yes policy host: ncsc.gov.uk issue: letsencrypt.org flags:0 iodef: mailto:infrastructure@ncsc.gov.uk flags:0 issue: comodo.com flags:0 issue: amazon.com flags:0 issue: globalsign.com flags:0 issue: Digicert.com flags:0
Trusted	No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (1436 bytes)
Chain issues	Contains anchor
#2
Subject	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Not in trust store Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4=
Valid until	Wed, 30 Jan 2030 11:20:00 UTC (expires in 4 years and 6 months)
Key	EC 256 bits
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed
Signature algorithm	SHA256withECDSA

Certification Paths


Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: e0b4646717e61ff13a0e7323cdb5203a6525d0d985e1f3fecd54ad0b8edf6541 Pin SHA256: CH2vfW3c78e/4kiIn+R+Z7YwdnBQaJlVx4WU3Hh5yJY= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: e0b4646717e61ff13a0e7323cdb5203a6525d0d985e1f3fecd54ad0b8edf6541 Pin SHA256: CH2vfW3c78e/4kiIn+R+Z7YwdnBQaJlVx4WU3Hh5yJY= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: e0b4646717e61ff13a0e7323cdb5203a6525d0d985e1f3fecd54ad0b8edf6541 Pin SHA256: CH2vfW3c78e/4kiIn+R+Z7YwdnBQaJlVx4WU3Hh5yJY= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: e0b4646717e61ff13a0e7323cdb5203a6525d0d985e1f3fecd54ad0b8edf6541 Pin SHA256: CH2vfW3c78e/4kiIn+R+Z7YwdnBQaJlVx4WU3Hh5yJY= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: e0b4646717e61ff13a0e7323cdb5203a6525d0d985e1f3fecd54ad0b8edf6541 Pin SHA256: CH2vfW3c78e/4kiIn+R+Z7YwdnBQaJlVx4WU3Hh5yJY= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA

Click here to expand

Certificate #26: EC 384 bits (SHA256withECDSA)

Server Key and Certificate #1
Subject	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 06db591f81423d0e7a75326a65d2f1983d43fb546c30e7646cd90d58834f5bad Pin SHA256: sJE4ak/PN0phlHCYvX1ccfU6i1NzcFbHZFFd3LCUbr0=
Common names	test.pdns.service.ncsc.gov.uk
Alternative names	test.pdns.service.ncsc.gov.uk
Serial Number	0ef7
Valid from	Thu, 17 Jul 2025 10:46:31 UTC
Valid until	Fri, 25 Jul 2025 10:46:31 UTC (expires in 6 days, 19 hours)
Key	EC 384 bits
Weak key (Debian)	No
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79
Signature algorithm	SHA256withECDSA
Extended Validation	No
Certificate Transparency	No
OCSP Must Staple	No
Revocation information	None
DNS CAA	Yes policy host: ncsc.gov.uk issue: letsencrypt.org flags:0 iodef: mailto:infrastructure@ncsc.gov.uk flags:0 issue: comodo.com flags:0 issue: amazon.com flags:0 issue: globalsign.com flags:0 issue: Digicert.com flags:0
Trusted	No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (1435 bytes)
Chain issues	Contains anchor
#2
Subject	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Not in trust store Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4=
Valid until	Wed, 30 Jan 2030 11:20:00 UTC (expires in 4 years and 6 months)
Key	EC 256 bits
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed
Signature algorithm	SHA256withECDSA

Certification Paths


Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 06db591f81423d0e7a75326a65d2f1983d43fb546c30e7646cd90d58834f5bad Pin SHA256: sJE4ak/PN0phlHCYvX1ccfU6i1NzcFbHZFFd3LCUbr0= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 06db591f81423d0e7a75326a65d2f1983d43fb546c30e7646cd90d58834f5bad Pin SHA256: sJE4ak/PN0phlHCYvX1ccfU6i1NzcFbHZFFd3LCUbr0= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 06db591f81423d0e7a75326a65d2f1983d43fb546c30e7646cd90d58834f5bad Pin SHA256: sJE4ak/PN0phlHCYvX1ccfU6i1NzcFbHZFFd3LCUbr0= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 06db591f81423d0e7a75326a65d2f1983d43fb546c30e7646cd90d58834f5bad Pin SHA256: sJE4ak/PN0phlHCYvX1ccfU6i1NzcFbHZFFd3LCUbr0= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 06db591f81423d0e7a75326a65d2f1983d43fb546c30e7646cd90d58834f5bad Pin SHA256: sJE4ak/PN0phlHCYvX1ccfU6i1NzcFbHZFFd3LCUbr0= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA

Click here to expand

Certificate #27: EC 384 bits (SHA256withECDSA)

Server Key and Certificate #1
Subject	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 324bd654d5fd2a5d0ab42588f77de72e13ca7433c6b46fe17266e81229a696de Pin SHA256: 2vVsEStNoUuXXMdx8qzoJhRy4VPxBTPDoLCUXj+bOJA=
Common names	test.pdns.service.ncsc.gov.uk
Alternative names	test.pdns.service.ncsc.gov.uk
Serial Number	3770
Valid from	Thu, 17 Jul 2025 10:46:31 UTC
Valid until	Fri, 25 Jul 2025 10:46:31 UTC (expires in 6 days, 19 hours)
Key	EC 384 bits
Weak key (Debian)	No
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79
Signature algorithm	SHA256withECDSA
Extended Validation	No
Certificate Transparency	No
OCSP Must Staple	No
Revocation information	None
DNS CAA	Yes policy host: ncsc.gov.uk issue: letsencrypt.org flags:0 iodef: mailto:infrastructure@ncsc.gov.uk flags:0 issue: comodo.com flags:0 issue: amazon.com flags:0 issue: globalsign.com flags:0 issue: Digicert.com flags:0
Trusted	No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (1435 bytes)
Chain issues	Contains anchor
#2
Subject	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Not in trust store Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4=
Valid until	Wed, 30 Jan 2030 11:20:00 UTC (expires in 4 years and 6 months)
Key	EC 256 bits
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed
Signature algorithm	SHA256withECDSA

Certification Paths


Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 324bd654d5fd2a5d0ab42588f77de72e13ca7433c6b46fe17266e81229a696de Pin SHA256: 2vVsEStNoUuXXMdx8qzoJhRy4VPxBTPDoLCUXj+bOJA= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 324bd654d5fd2a5d0ab42588f77de72e13ca7433c6b46fe17266e81229a696de Pin SHA256: 2vVsEStNoUuXXMdx8qzoJhRy4VPxBTPDoLCUXj+bOJA= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 324bd654d5fd2a5d0ab42588f77de72e13ca7433c6b46fe17266e81229a696de Pin SHA256: 2vVsEStNoUuXXMdx8qzoJhRy4VPxBTPDoLCUXj+bOJA= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 324bd654d5fd2a5d0ab42588f77de72e13ca7433c6b46fe17266e81229a696de Pin SHA256: 2vVsEStNoUuXXMdx8qzoJhRy4VPxBTPDoLCUXj+bOJA= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 324bd654d5fd2a5d0ab42588f77de72e13ca7433c6b46fe17266e81229a696de Pin SHA256: 2vVsEStNoUuXXMdx8qzoJhRy4VPxBTPDoLCUXj+bOJA= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA

Click here to expand

Certificate #28: EC 384 bits (SHA256withECDSA)

Server Key and Certificate #1
Subject	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: f8beb91c1e2d0b8302ee77c75908d2b5ad787e4ea21c52eda4e81ea1762ed8b0 Pin SHA256: MT5yaoiZhFFjz+XunV84y2BNcDwUxsGH319Hsc54pi8=
Common names	test.pdns.service.ncsc.gov.uk
Alternative names	test.pdns.service.ncsc.gov.uk
Serial Number	24d8
Valid from	Thu, 17 Jul 2025 10:46:32 UTC
Valid until	Fri, 25 Jul 2025 10:46:32 UTC (expires in 6 days, 19 hours)
Key	EC 384 bits
Weak key (Debian)	No
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79
Signature algorithm	SHA256withECDSA
Extended Validation	No
Certificate Transparency	No
OCSP Must Staple	No
Revocation information	None
DNS CAA	Yes policy host: ncsc.gov.uk issue: letsencrypt.org flags:0 iodef: mailto:infrastructure@ncsc.gov.uk flags:0 issue: comodo.com flags:0 issue: amazon.com flags:0 issue: globalsign.com flags:0 issue: Digicert.com flags:0
Trusted	No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (1435 bytes)
Chain issues	Contains anchor
#2
Subject	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Not in trust store Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4=
Valid until	Wed, 30 Jan 2030 11:20:00 UTC (expires in 4 years and 6 months)
Key	EC 256 bits
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed
Signature algorithm	SHA256withECDSA

Certification Paths


Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: f8beb91c1e2d0b8302ee77c75908d2b5ad787e4ea21c52eda4e81ea1762ed8b0 Pin SHA256: MT5yaoiZhFFjz+XunV84y2BNcDwUxsGH319Hsc54pi8= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: f8beb91c1e2d0b8302ee77c75908d2b5ad787e4ea21c52eda4e81ea1762ed8b0 Pin SHA256: MT5yaoiZhFFjz+XunV84y2BNcDwUxsGH319Hsc54pi8= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: f8beb91c1e2d0b8302ee77c75908d2b5ad787e4ea21c52eda4e81ea1762ed8b0 Pin SHA256: MT5yaoiZhFFjz+XunV84y2BNcDwUxsGH319Hsc54pi8= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: f8beb91c1e2d0b8302ee77c75908d2b5ad787e4ea21c52eda4e81ea1762ed8b0 Pin SHA256: MT5yaoiZhFFjz+XunV84y2BNcDwUxsGH319Hsc54pi8= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: f8beb91c1e2d0b8302ee77c75908d2b5ad787e4ea21c52eda4e81ea1762ed8b0 Pin SHA256: MT5yaoiZhFFjz+XunV84y2BNcDwUxsGH319Hsc54pi8= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA

Click here to expand

Certificate #29: EC 384 bits (SHA256withECDSA)

Server Key and Certificate #1
Subject	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: b1845e26eaf054aa7ed7c53de8963ea91e0fbf1da8298b210f6e191df8f07402 Pin SHA256: bOS5Ee8zo+HTQUB8p790dbcf1LEBYblpD+Gh4qeGStM=
Common names	test.pdns.service.ncsc.gov.uk
Alternative names	test.pdns.service.ncsc.gov.uk
Serial Number	29d5
Valid from	Thu, 17 Jul 2025 10:46:38 UTC
Valid until	Fri, 25 Jul 2025 10:46:38 UTC (expires in 6 days, 19 hours)
Key	EC 384 bits
Weak key (Debian)	No
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79
Signature algorithm	SHA256withECDSA
Extended Validation	No
Certificate Transparency	No
OCSP Must Staple	No
Revocation information	None
DNS CAA	Yes policy host: ncsc.gov.uk issue: letsencrypt.org flags:0 iodef: mailto:infrastructure@ncsc.gov.uk flags:0 issue: comodo.com flags:0 issue: amazon.com flags:0 issue: globalsign.com flags:0 issue: Digicert.com flags:0
Trusted	No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (1436 bytes)
Chain issues	Contains anchor
#2
Subject	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Not in trust store Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4=
Valid until	Wed, 30 Jan 2030 11:20:00 UTC (expires in 4 years and 6 months)
Key	EC 256 bits
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed
Signature algorithm	SHA256withECDSA

Certification Paths


Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: b1845e26eaf054aa7ed7c53de8963ea91e0fbf1da8298b210f6e191df8f07402 Pin SHA256: bOS5Ee8zo+HTQUB8p790dbcf1LEBYblpD+Gh4qeGStM= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: b1845e26eaf054aa7ed7c53de8963ea91e0fbf1da8298b210f6e191df8f07402 Pin SHA256: bOS5Ee8zo+HTQUB8p790dbcf1LEBYblpD+Gh4qeGStM= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: b1845e26eaf054aa7ed7c53de8963ea91e0fbf1da8298b210f6e191df8f07402 Pin SHA256: bOS5Ee8zo+HTQUB8p790dbcf1LEBYblpD+Gh4qeGStM= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: b1845e26eaf054aa7ed7c53de8963ea91e0fbf1da8298b210f6e191df8f07402 Pin SHA256: bOS5Ee8zo+HTQUB8p790dbcf1LEBYblpD+Gh4qeGStM= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: b1845e26eaf054aa7ed7c53de8963ea91e0fbf1da8298b210f6e191df8f07402 Pin SHA256: bOS5Ee8zo+HTQUB8p790dbcf1LEBYblpD+Gh4qeGStM= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA

Click here to expand

Certificate #30: EC 384 bits (SHA256withECDSA)

Server Key and Certificate #1
Subject	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 5f80ab12561a40a4b4c4073d1a86058252b6bc6aae564bd61b9a2fe59b5f6c67 Pin SHA256: gcb0EI963YGEx5+NGjb5QLQ3Hl60P85nrvqNqqA21p4=
Common names	test.pdns.service.ncsc.gov.uk
Alternative names	test.pdns.service.ncsc.gov.uk
Serial Number	2f0d
Valid from	Thu, 17 Jul 2025 10:46:39 UTC
Valid until	Fri, 25 Jul 2025 10:46:39 UTC (expires in 6 days, 19 hours)
Key	EC 384 bits
Weak key (Debian)	No
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79
Signature algorithm	SHA256withECDSA
Extended Validation	No
Certificate Transparency	No
OCSP Must Staple	No
Revocation information	None
DNS CAA	Yes policy host: ncsc.gov.uk issue: letsencrypt.org flags:0 iodef: mailto:infrastructure@ncsc.gov.uk flags:0 issue: comodo.com flags:0 issue: amazon.com flags:0 issue: globalsign.com flags:0 issue: Digicert.com flags:0
Trusted	No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (1436 bytes)
Chain issues	Contains anchor
#2
Subject	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Not in trust store Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4=
Valid until	Wed, 30 Jan 2030 11:20:00 UTC (expires in 4 years and 6 months)
Key	EC 256 bits
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed
Signature algorithm	SHA256withECDSA

Certification Paths


Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 5f80ab12561a40a4b4c4073d1a86058252b6bc6aae564bd61b9a2fe59b5f6c67 Pin SHA256: gcb0EI963YGEx5+NGjb5QLQ3Hl60P85nrvqNqqA21p4= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 5f80ab12561a40a4b4c4073d1a86058252b6bc6aae564bd61b9a2fe59b5f6c67 Pin SHA256: gcb0EI963YGEx5+NGjb5QLQ3Hl60P85nrvqNqqA21p4= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 5f80ab12561a40a4b4c4073d1a86058252b6bc6aae564bd61b9a2fe59b5f6c67 Pin SHA256: gcb0EI963YGEx5+NGjb5QLQ3Hl60P85nrvqNqqA21p4= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 5f80ab12561a40a4b4c4073d1a86058252b6bc6aae564bd61b9a2fe59b5f6c67 Pin SHA256: gcb0EI963YGEx5+NGjb5QLQ3Hl60P85nrvqNqqA21p4= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 5f80ab12561a40a4b4c4073d1a86058252b6bc6aae564bd61b9a2fe59b5f6c67 Pin SHA256: gcb0EI963YGEx5+NGjb5QLQ3Hl60P85nrvqNqqA21p4= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA

Click here to expand

Certificate #31: EC 384 bits (SHA256withECDSA)

Server Key and Certificate #1
Subject	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: cf8e3f67595e9b05866246da7bf1815d23e6a67d525b2455709807753a72ed97 Pin SHA256: YX0oq4MyB4VITBJSWmPpy80AgAvJzPfRtu8gJ5d6w6o=
Common names	test.pdns.service.ncsc.gov.uk
Alternative names	test.pdns.service.ncsc.gov.uk
Serial Number	5bcd
Valid from	Thu, 17 Jul 2025 10:46:40 UTC
Valid until	Fri, 25 Jul 2025 10:46:40 UTC (expires in 6 days, 19 hours)
Key	EC 384 bits
Weak key (Debian)	No
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79
Signature algorithm	SHA256withECDSA
Extended Validation	No
Certificate Transparency	No
OCSP Must Staple	No
Revocation information	None
DNS CAA	Yes policy host: ncsc.gov.uk issue: letsencrypt.org flags:0 iodef: mailto:infrastructure@ncsc.gov.uk flags:0 issue: comodo.com flags:0 issue: amazon.com flags:0 issue: globalsign.com flags:0 issue: Digicert.com flags:0
Trusted	No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (1434 bytes)
Chain issues	Contains anchor
#2
Subject	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Not in trust store Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4=
Valid until	Wed, 30 Jan 2030 11:20:00 UTC (expires in 4 years and 6 months)
Key	EC 256 bits
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed
Signature algorithm	SHA256withECDSA

Certification Paths


Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: cf8e3f67595e9b05866246da7bf1815d23e6a67d525b2455709807753a72ed97 Pin SHA256: YX0oq4MyB4VITBJSWmPpy80AgAvJzPfRtu8gJ5d6w6o= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: cf8e3f67595e9b05866246da7bf1815d23e6a67d525b2455709807753a72ed97 Pin SHA256: YX0oq4MyB4VITBJSWmPpy80AgAvJzPfRtu8gJ5d6w6o= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: cf8e3f67595e9b05866246da7bf1815d23e6a67d525b2455709807753a72ed97 Pin SHA256: YX0oq4MyB4VITBJSWmPpy80AgAvJzPfRtu8gJ5d6w6o= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: cf8e3f67595e9b05866246da7bf1815d23e6a67d525b2455709807753a72ed97 Pin SHA256: YX0oq4MyB4VITBJSWmPpy80AgAvJzPfRtu8gJ5d6w6o= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: cf8e3f67595e9b05866246da7bf1815d23e6a67d525b2455709807753a72ed97 Pin SHA256: YX0oq4MyB4VITBJSWmPpy80AgAvJzPfRtu8gJ5d6w6o= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA

Click here to expand

Certificate #32: EC 384 bits (SHA256withECDSA)

Server Key and Certificate #1
Subject	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: edf805584067405ce2f2f7a5e72319e7ee2062bfe54527da21c55e7482d2376c Pin SHA256: UeeSI7HxOO5Y8feW1k89HC8AipNqZHERsP+58EZxczo=
Common names	test.pdns.service.ncsc.gov.uk
Alternative names	test.pdns.service.ncsc.gov.uk
Serial Number	3615
Valid from	Thu, 17 Jul 2025 10:46:41 UTC
Valid until	Fri, 25 Jul 2025 10:46:41 UTC (expires in 6 days, 19 hours)
Key	EC 384 bits
Weak key (Debian)	No
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79
Signature algorithm	SHA256withECDSA
Extended Validation	No
Certificate Transparency	No
OCSP Must Staple	No
Revocation information	None
DNS CAA	Yes policy host: ncsc.gov.uk issue: letsencrypt.org flags:0 iodef: mailto:infrastructure@ncsc.gov.uk flags:0 issue: comodo.com flags:0 issue: amazon.com flags:0 issue: globalsign.com flags:0 issue: Digicert.com flags:0
Trusted	No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (1435 bytes)
Chain issues	Contains anchor
#2
Subject	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Not in trust store Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4=
Valid until	Wed, 30 Jan 2030 11:20:00 UTC (expires in 4 years and 6 months)
Key	EC 256 bits
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed
Signature algorithm	SHA256withECDSA

Certification Paths


Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: edf805584067405ce2f2f7a5e72319e7ee2062bfe54527da21c55e7482d2376c Pin SHA256: UeeSI7HxOO5Y8feW1k89HC8AipNqZHERsP+58EZxczo= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: edf805584067405ce2f2f7a5e72319e7ee2062bfe54527da21c55e7482d2376c Pin SHA256: UeeSI7HxOO5Y8feW1k89HC8AipNqZHERsP+58EZxczo= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: edf805584067405ce2f2f7a5e72319e7ee2062bfe54527da21c55e7482d2376c Pin SHA256: UeeSI7HxOO5Y8feW1k89HC8AipNqZHERsP+58EZxczo= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: edf805584067405ce2f2f7a5e72319e7ee2062bfe54527da21c55e7482d2376c Pin SHA256: UeeSI7HxOO5Y8feW1k89HC8AipNqZHERsP+58EZxczo= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: edf805584067405ce2f2f7a5e72319e7ee2062bfe54527da21c55e7482d2376c Pin SHA256: UeeSI7HxOO5Y8feW1k89HC8AipNqZHERsP+58EZxczo= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA

Click here to expand

Certificate #33: EC 384 bits (SHA256withECDSA)

Server Key and Certificate #1
Subject	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: ed61e4ec7cefcab66ab5091c26a9224e60c86d264620983e728369d820770df1 Pin SHA256: XjvGXVNsBl/nrpA3OUk8Q+CqiGnhL7R2/s4a1sNgHeA=
Common names	test.pdns.service.ncsc.gov.uk
Alternative names	test.pdns.service.ncsc.gov.uk
Serial Number	3e35
Valid from	Thu, 17 Jul 2025 10:46:43 UTC
Valid until	Fri, 25 Jul 2025 10:46:43 UTC (expires in 6 days, 19 hours)
Key	EC 384 bits
Weak key (Debian)	No
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79
Signature algorithm	SHA256withECDSA
Extended Validation	No
Certificate Transparency	No
OCSP Must Staple	No
Revocation information	None
DNS CAA	Yes policy host: ncsc.gov.uk issue: letsencrypt.org flags:0 iodef: mailto:infrastructure@ncsc.gov.uk flags:0 issue: comodo.com flags:0 issue: amazon.com flags:0 issue: globalsign.com flags:0 issue: Digicert.com flags:0
Trusted	No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (1436 bytes)
Chain issues	Contains anchor
#2
Subject	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Not in trust store Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4=
Valid until	Wed, 30 Jan 2030 11:20:00 UTC (expires in 4 years and 6 months)
Key	EC 256 bits
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed
Signature algorithm	SHA256withECDSA

Certification Paths


Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: ed61e4ec7cefcab66ab5091c26a9224e60c86d264620983e728369d820770df1 Pin SHA256: XjvGXVNsBl/nrpA3OUk8Q+CqiGnhL7R2/s4a1sNgHeA= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: ed61e4ec7cefcab66ab5091c26a9224e60c86d264620983e728369d820770df1 Pin SHA256: XjvGXVNsBl/nrpA3OUk8Q+CqiGnhL7R2/s4a1sNgHeA= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: ed61e4ec7cefcab66ab5091c26a9224e60c86d264620983e728369d820770df1 Pin SHA256: XjvGXVNsBl/nrpA3OUk8Q+CqiGnhL7R2/s4a1sNgHeA= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: ed61e4ec7cefcab66ab5091c26a9224e60c86d264620983e728369d820770df1 Pin SHA256: XjvGXVNsBl/nrpA3OUk8Q+CqiGnhL7R2/s4a1sNgHeA= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: ed61e4ec7cefcab66ab5091c26a9224e60c86d264620983e728369d820770df1 Pin SHA256: XjvGXVNsBl/nrpA3OUk8Q+CqiGnhL7R2/s4a1sNgHeA= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA

Click here to expand

Certificate #34: EC 384 bits (SHA256withECDSA)

Server Key and Certificate #1
Subject	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 5cb8843c05e5cf4241c01e1ec28b80b2e6ec71c8e42992dec5842a0b91a3b121 Pin SHA256: esM0g+iZitPKNnIdCLDvaupbScXuN3oZwyISSJozc5I=
Common names	test.pdns.service.ncsc.gov.uk
Alternative names	test.pdns.service.ncsc.gov.uk
Serial Number	16bc
Valid from	Thu, 17 Jul 2025 10:46:44 UTC
Valid until	Fri, 25 Jul 2025 10:46:44 UTC (expires in 6 days, 19 hours)
Key	EC 384 bits
Weak key (Debian)	No
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79
Signature algorithm	SHA256withECDSA
Extended Validation	No
Certificate Transparency	No
OCSP Must Staple	No
Revocation information	None
DNS CAA	Yes policy host: ncsc.gov.uk issue: letsencrypt.org flags:0 iodef: mailto:infrastructure@ncsc.gov.uk flags:0 issue: comodo.com flags:0 issue: amazon.com flags:0 issue: globalsign.com flags:0 issue: Digicert.com flags:0
Trusted	No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (1435 bytes)
Chain issues	Contains anchor
#2
Subject	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Not in trust store Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4=
Valid until	Wed, 30 Jan 2030 11:20:00 UTC (expires in 4 years and 6 months)
Key	EC 256 bits
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed
Signature algorithm	SHA256withECDSA

Certification Paths


Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 5cb8843c05e5cf4241c01e1ec28b80b2e6ec71c8e42992dec5842a0b91a3b121 Pin SHA256: esM0g+iZitPKNnIdCLDvaupbScXuN3oZwyISSJozc5I= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 5cb8843c05e5cf4241c01e1ec28b80b2e6ec71c8e42992dec5842a0b91a3b121 Pin SHA256: esM0g+iZitPKNnIdCLDvaupbScXuN3oZwyISSJozc5I= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 5cb8843c05e5cf4241c01e1ec28b80b2e6ec71c8e42992dec5842a0b91a3b121 Pin SHA256: esM0g+iZitPKNnIdCLDvaupbScXuN3oZwyISSJozc5I= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 5cb8843c05e5cf4241c01e1ec28b80b2e6ec71c8e42992dec5842a0b91a3b121 Pin SHA256: esM0g+iZitPKNnIdCLDvaupbScXuN3oZwyISSJozc5I= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: 5cb8843c05e5cf4241c01e1ec28b80b2e6ec71c8e42992dec5842a0b91a3b121 Pin SHA256: esM0g+iZitPKNnIdCLDvaupbScXuN3oZwyISSJozc5I= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA

Click here to expand

Certificate #35: EC 384 bits (SHA256withECDSA)

Server Key and Certificate #1
Subject	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: f215e046413fd0ba1a9c1a88ce68ea87f8c4db5304b5d78ac20ef0084f83aa70 Pin SHA256: aMRRbXIrYBKFQY+KGCHbv4RW7pF9W7ZUYeHodtIzhLc=
Common names	test.pdns.service.ncsc.gov.uk
Alternative names	test.pdns.service.ncsc.gov.uk
Serial Number	2770
Valid from	Thu, 17 Jul 2025 10:46:45 UTC
Valid until	Fri, 25 Jul 2025 10:46:45 UTC (expires in 6 days, 19 hours)
Key	EC 384 bits
Weak key (Debian)	No
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79
Signature algorithm	SHA256withECDSA
Extended Validation	No
Certificate Transparency	No
OCSP Must Staple	No
Revocation information	None
DNS CAA	Yes policy host: ncsc.gov.uk issue: letsencrypt.org flags:0 iodef: mailto:infrastructure@ncsc.gov.uk flags:0 issue: comodo.com flags:0 issue: amazon.com flags:0 issue: globalsign.com flags:0 issue: Digicert.com flags:0
Trusted	No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (1436 bytes)
Chain issues	Contains anchor
#2
Subject	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Not in trust store Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4=
Valid until	Wed, 30 Jan 2030 11:20:00 UTC (expires in 4 years and 6 months)
Key	EC 256 bits
Issuer	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed
Signature algorithm	SHA256withECDSA

Certification Paths


Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: f215e046413fd0ba1a9c1a88ce68ea87f8c4db5304b5d78ac20ef0084f83aa70 Pin SHA256: aMRRbXIrYBKFQY+KGCHbv4RW7pF9W7ZUYeHodtIzhLc= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: f215e046413fd0ba1a9c1a88ce68ea87f8c4db5304b5d78ac20ef0084f83aa70 Pin SHA256: aMRRbXIrYBKFQY+KGCHbv4RW7pF9W7ZUYeHodtIzhLc= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: f215e046413fd0ba1a9c1a88ce68ea87f8c4db5304b5d78ac20ef0084f83aa70 Pin SHA256: aMRRbXIrYBKFQY+KGCHbv4RW7pF9W7ZUYeHodtIzhLc= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: f215e046413fd0ba1a9c1a88ce68ea87f8c4db5304b5d78ac20ef0084f83aa70 Pin SHA256: aMRRbXIrYBKFQY+KGCHbv4RW7pF9W7ZUYeHodtIzhLc= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA
Path #1: Not trusted (path does not chain to a trusted anchor)
1	Sent by server	test.pdns.service.ncsc.gov.uk Fingerprint SHA256: f215e046413fd0ba1a9c1a88ce68ea87f8c4db5304b5d78ac20ef0084f83aa70 Pin SHA256: aMRRbXIrYBKFQY+KGCHbv4RW7pF9W7ZUYeHodtIzhLc= EC 384 bits / SHA256withECDSA
2	Sent by server Not in trust store	Gateway CA - Cloudflare Managed G1 544553379982413c82c5450a1bac6f79 Self-signed Fingerprint SHA256: a496f939e5ec4be1f7c58243f3a51aada042ced8710b0171946973e018167c11 Pin SHA256: q0ewEdwHLtRst34v7DnCKFrQpRzb7M4PS33G8kQd1X4= EC 256 bits / SHA256withECDSA

Click here to expand

Configuration

Protocols
TLS 1.3	Yes
TLS 1.2	Yes
TLS 1.1	No
TLS 1.0	No
SSL 3	No
SSL 2	No

Cipher Suites
# TLS 1.3 (suites in server-preferred order)
TLS_AES_128_GCM_SHA256 (`0x1301`) ECDH secp256r1 (eq. 3072 bits RSA) FS	128
TLS_AES_256_GCM_SHA384 (`0x1302`) ECDH secp256r1 (eq. 3072 bits RSA) FS	256
# TLS 1.2 (suites in server-preferred order)
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (`0xc02b`) ECDH secp521r1 (eq. 15360 bits RSA) FS	128
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (`0xc02c`) ECDH secp521r1 (eq. 15360 bits RSA) FS	256

Handshake Simulation
Android 4.4.2	EC 384 (SHA256)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp521r1 FS
Android 5.0.0	EC 384 (SHA256)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp521r1 FS
Android 6.0	EC 384 (SHA256)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
Android 7.0	EC 384 (SHA256)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
Android 8.0	EC 384 (SHA256)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
Android 8.1	-	TLS 1.3	TLS_AES_128_GCM_SHA256 ECDH secp256r1 FS
Android 9.0	-	TLS 1.3	TLS_AES_128_GCM_SHA256 ECDH secp256r1 FS
BingPreview Jan 2015	EC 384 (SHA256)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp521r1 FS
Chrome 49 / XP SP3	Server sent fatal alert: handshake_failure
Chrome 69 / Win 7 R	EC 384 (SHA256)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
Chrome 70 / Win 10	-	TLS 1.3	TLS_AES_128_GCM_SHA256 ECDH secp256r1 FS
Chrome 80 / Win 10 R	-	TLS 1.3	TLS_AES_128_GCM_SHA256 ECDH secp256r1 FS
Firefox 31.3.0 ESR / Win 7	EC 384 (SHA256)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
Firefox 47 / Win 7 R	EC 384 (SHA256)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
Firefox 49 / XP SP3	EC 384 (SHA256)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
Firefox 62 / Win 7 R	EC 384 (SHA256)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
Firefox 73 / Win 10 R	-	TLS 1.3	TLS_AES_128_GCM_SHA256 ECDH secp256r1 FS
Googlebot Feb 2018	EC 384 (SHA256)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
IE 11 / Win 7 R	EC 384 (SHA256)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
IE 11 / Win 8.1 R	EC 384 (SHA256)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
IE 11 / Win Phone 8.1 R	EC 384 (SHA256)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
IE 11 / Win Phone 8.1 Update R	EC 384 (SHA256)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
IE 11 / Win 10 R	EC 384 (SHA256)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
Edge 15 / Win 10 R	EC 384 (SHA256)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
Edge 16 / Win 10 R	EC 384 (SHA256)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
Edge 18 / Win 10 R	EC 384 (SHA256)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
Edge 13 / Win Phone 10 R	EC 384 (SHA256)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
Java 8u161	EC 384 (SHA256)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
Java 11.0.3	-	TLS 1.3	TLS_AES_128_GCM_SHA256 ECDH secp256r1 FS
Java 12.0.1	-	TLS 1.3	TLS_AES_128_GCM_SHA256 ECDH secp256r1 FS
OpenSSL 1.0.1l R	EC 384 (SHA256)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp521r1 FS
OpenSSL 1.0.2s R	EC 384 (SHA256)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
OpenSSL 1.1.0k R	EC 384 (SHA256)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
OpenSSL 1.1.1c R	-	TLS 1.3	TLS_AES_128_GCM_SHA256 ECDH secp256r1 FS
Safari 6 / iOS 6.0.1	Server sent fatal alert: handshake_failure
Safari 7 / iOS 7.1 R	Server sent fatal alert: handshake_failure
Safari 7 / OS X 10.9 R	Server sent fatal alert: handshake_failure
Safari 8 / iOS 8.4 R	Server sent fatal alert: handshake_failure
Safari 8 / OS X 10.10 R	Server sent fatal alert: handshake_failure
Safari 9 / iOS 9 R	EC 384 (SHA256)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
Safari 9 / OS X 10.11 R	EC 384 (SHA256)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
Safari 10 / iOS 10 R	EC 384 (SHA256)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
Safari 10 / OS X 10.12 R	EC 384 (SHA256)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
Safari 12.1.2 / MacOS 10.14.6 Beta R	-	TLS 1.3	TLS_AES_128_GCM_SHA256 ECDH secp256r1 FS
Safari 12.1.1 / iOS 12.3.1 R	-	TLS 1.3	TLS_AES_128_GCM_SHA256 ECDH secp256r1 FS
Apple ATS 9 / iOS 9 R	EC 384 (SHA256)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
Yahoo Slurp Jan 2015	EC 384 (SHA256)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp384r1 FS
YandexBot Jan 2015	EC 384 (SHA256)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp521r1 FS
# Not simulated clients (Protocol mismatch)
Android 2.3.7 No SNI ²	Protocol mismatch (not simulated)
Android 4.0.4	Protocol mismatch (not simulated)
Android 4.1.1	Protocol mismatch (not simulated)
Android 4.2.2	Protocol mismatch (not simulated)
Android 4.3	Protocol mismatch (not simulated)
Baidu Jan 2015	Protocol mismatch (not simulated)
IE 6 / XP No FS ¹ No SNI ²	Protocol mismatch (not simulated)
IE 7 / Vista	Protocol mismatch (not simulated)
IE 8 / XP No FS ¹ No SNI ²	Protocol mismatch (not simulated)
IE 8-10 / Win 7 R	Protocol mismatch (not simulated)
IE 10 / Win Phone 8.0	Protocol mismatch (not simulated)
Java 6u45 No SNI ²	Protocol mismatch (not simulated)
Java 7u25	Protocol mismatch (not simulated)
OpenSSL 0.9.8y	Protocol mismatch (not simulated)
Safari 5.1.9 / OS X 10.6.8	Protocol mismatch (not simulated)
Safari 6.0.4 / OS X 10.8.4 R	Protocol mismatch (not simulated)
Click here to expand
(1) Clients that do not support Forward Secrecy (FS) are excluded when determining support for it.
(2) No support for virtual SSL hosting (SNI). Connects to the default site if the server uses SNI.
(3) Only first connection attempt simulated. Browsers sometimes retry with a lower protocol version.
(R) Denotes a reference browser or client, with which we expect better effective security.
(All) We use defaults, but some platforms do not use their best protocols and features (e.g., Java 6 & 7, older IE).
(All) Certificate trust is not checked in handshake simulation, we only perform TLS handshake.

Protocol Details
Secure Renegotiation	Supported
Secure Client-Initiated Renegotiation	No
Insecure Client-Initiated Renegotiation	No
BEAST attack	Mitigated server-side (more info)
POODLE (SSLv3)	No, SSL 3 not supported (more info)
POODLE (TLS)	No (more info)
Zombie POODLE	No (more info)
GOLDENDOODLE	No (more info)
OpenSSL 0-Length	No (more info)
Sleeping POODLE	No (more info)
Downgrade attack prevention	Yes, TLS_FALLBACK_SCSV supported (more info)
SSL/TLS compression	No
RC4	No
Heartbeat (extension)	No
Heartbleed (vulnerability)	No (more info)
Ticketbleed (vulnerability)	No (more info)
OpenSSL CCS vuln. (CVE-2014-0224)	No (more info)
OpenSSL Padding Oracle vuln. (CVE-2016-2107)	No (more info)
ROBOT (vulnerability)	No (more info)
Forward Secrecy	Yes (with most browsers) ROBUST (more info)
ALPN	No
NPN	No
Session resumption (caching)	No (IDs empty)
Session resumption (tickets)	Yes
OCSP stapling	No
Strict Transport Security (HSTS)	No
HSTS Preloading	Chrome Edge Firefox IE
Public Key Pinning (HPKP)	No (more info)
Public Key Pinning Report-Only	No
Public Key Pinning (Static)	No (more info)
Long handshake intolerance	No
TLS extension intolerance	No
TLS version intolerance	No
Incorrect SNI alerts	No
Uses common DH primes	No, DHE suites not supported
DH public server param (Ys) reuse	No, DHE suites not supported
ECDH public server param reuse	No
Supported Named Groups	secp256r1, secp384r1, secp521r1 (Server has no preference)
SSL 2 handshake compatibility	No
0-RTT enabled	No

HTTP Requests

1 https://test.pdns.service.ncsc.gov.uk/ (HTTP/1.1 303 See Other)
1
	Content-Type	text/html; charset=utf-8
	Location	https://blocked.teams.cloudflare.com?account_id=544553379982413c82c5450a1bac6f79&background_color=%23051d49&block_reason=&footer_text=Please+contact+your+local+Network+Administrator+or+IT+support+if+you+require+further+assistance&header_text=%E2%80%8BAccess+to+this+site+has+been+blocked+by+the+Protective+DNS+Service&location=&logo_path=https%3A%2F%2Fwelcome.pdns.service.ncsc.gov.uk%2Fncsclogo146.png&mailto_address=&mailto_subject=&name=This+site+may+be+associated+with+malicious+activity+or+malware.&params_sign=U%2BmorrlnQNW1i2Te1KhDiiiBDUh5xrhKew%2BQa1nlvNY%3D&query_id=&rule_id=&source_ip=69.67.183.105&suppress_footer=true&url=test.pdns.service.ncsc.gov.uk
	Date	Fri, 18 Jul 2025 10:45:05 GMT
	Content-Length	751
	Connection	close

Miscellaneous
Test date	Fri, 18 Jul 2025 10:44:50 UTC
Test duration	116.679 seconds
HTTP status code	303
HTTP forwarding	https://blocked.teams.cloudflare.com
HTTP server signature	-
Server hostname	-

Why is my certificate not trusted?

1. Invalid certificate

2. Invalid configuration

3. Unknown Certificate Authority

4. Interoperability issues

Copyright © 2009-2025 Qualys, Inc. All Rights Reserved. Privacy Policy.	Terms and Conditions
Try Qualys for free! Experience the award-winning Qualys Cloud Platform and the entire collection of Qualys Cloud Apps, including certificate security solutions.