sslyze.exe --certinfo=basic HOSTNAME eg sslyze.exe --certinfo=basic activation.sls.microsoft.com eg sslyze.exe --certinfo=basic --starttls=auto crimson.spectrumcs.net:587 eg sslyze.exe --certinfo=basic --starttls=auto crimson.spectrumcs.net:25 c:\SUPPORT\SSL Software\sslyze>sslyze.exe --certinfo=basic activation.sls.microsoft.com
c:\SUPPORT\SSL Software\sslyze>sslyze.exe --certinfo=basic activation.sls.microsoft.com
REGISTERING AVAILABLE PLUGINS
-----------------------------
PluginCertInfo
PluginCompression
PluginChromeSha1Deprecation
PluginSessionResumption
PluginSessionRenegotiation
PluginOpenSSLCipherSuites
PluginHSTS
PluginHeartbleed
CHECKING HOST(S) AVAILABILITY
-----------------------------
activation.sls.microsoft.com:443 => 65.52.98.231:443
SCAN RESULTS FOR ACTIVATION.SLS.MICROSOFT.COM:443 - 65.52.98.231:443
--------------------------------------------------------------------
* Certificate - Content:
SHA1 Fingerprint: d2ad042d87429a8140e8a8e639f8dafda14ae1b2
Common Name: activation.sls.microsoft.com
Issuer: Microsoft Secure Server CA 2012
Serial Number: 33000000158E4D48B789602237000000000015
Not Before: Jul 1 17:58:33 2015 GMT
Not After: Oct 1 17:58:33 2016 GMT
Signature Algorithm: sha1WithRSAEncryption
Key Size: 2048 bit
Exponent: 65537 (0x10001)
* Certificate - Trust:
Hostname Validation: OK - Common Name matches
"Mozilla NSS - 08/2014" CA Store: FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
"Microsoft - 08/2014" CA Store: OK - Certificate is trusted
"Apple - OS X 10.9.4" CA Store: FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
"Java 6 - Update 65" CA Store: FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
Certificate Chain Received: ['activation.sls.microsoft.com', 'Microsoft Secure Server CA 2012']
* Certificate - OCSP Stapling:
NOT SUPPORTED - Server did not send back an OCSP response.
SCAN COMPLETED IN 1.64 S
------------------------
—
c:\SUPPORT\SSL Software\sslyze>sslyze.exe --certinfo=basic www.google.com
REGISTERING AVAILABLE PLUGINS
-----------------------------
PluginHeartbleed
PluginCertInfo
PluginCompression
PluginChromeSha1Deprecation
PluginSessionResumption
PluginSessionRenegotiation
PluginOpenSSLCipherSuites
PluginHSTS
CHECKING HOST(S) AVAILABILITY
-----------------------------
www.google.com:443 => 216.58.208.68:443
SCAN RESULTS FOR WWW.GOOGLE.COM:443 - 216.58.208.68:443
-------------------------------------------------------
* Certificate - Content:
SHA1 Fingerprint: 3266c21c4b8f516264b020165854766be762c4e9
Common Name: www.google.com
Issuer: Google Internet Authority G2
Serial Number: 5E962EFD88A61399
Not Before: Nov 12 18:27:01 2015 GMT
Not After: Feb 10 00:00:00 2016 GMT
Signature Algorithm: sha256WithRSAEncryption
Key Size: 2048 bit
Exponent: 65537 (0x10001)
X509v3 Subject Alternative Name: {'DNS': ['www.google.com']}
* Certificate - Trust:
Hostname Validation: OK - Subject Alternative Name matches
"Mozilla NSS - 08/2014" CA Store: OK - Certificate is trusted
"Microsoft - 08/2014" CA Store: OK - Certificate is trusted
"Apple - OS X 10.9.4" CA Store: OK - Certificate is trusted
"Java 6 - Update 65" CA Store: OK - Certificate is trusted
Certificate Chain Received: ['www.google.com', 'Google Internet Authority G2', 'GeoTrust Global CA']
* Certificate - OCSP Stapling:
NOT SUPPORTED - Server did not send back an OCSP response.
SCAN COMPLETED IN 0.45 S
------------------------
Add the common name to the SSL whitelist