by https://www.grc.com/fingerprints.htm
So, I added the RatSkep address and got the following:
One or more errors were encountered when querying:
http://www.rationalskepticism.org
The SSL/TLS security certificate obtained from the remote server was invalid FOR THE EXACT DOMAIN YOU ENTERED. However, we were still able to obtain the certificate's common name and fingerprint, which appear below. Since something is wrong, please examine it carefully and give your close attention to the additional diagnostic note(s) appearing next:
Trustworthy certificates are “trusted” when they have been “signed” by a known and trusted “Certificate Authority” (CA). We trust the signer to have verified the identity of the signee. The trouble with the certificate that has just been received from the domain shown above, is that IT WAS NOT SIGNED by any known, authorized, recognized, and valid certificate authority. This most often occurs when a certificate is “self signed”, meaning that no higher authority is vouching for the identity and integrity of the server offering this certificate. (Note that NO VALID COMMERCIAL Internet web sites would ever do this!) While connections to any such web server will be encrypted, you really have no idea to whom your encrypted data is being sent: It could be your boss, your network's IT department (for capture, scanning, logging & analysis), or an entity much more malicious. PROCEED WITH CAUTION if you connect to any such remote web server, and try to determine WHY the server is offering a certificate which no valid certificate authority is vouching for.
The Domain Name (where the certificate was obtained) DOES NOT MATCH any of the names INSIDE the certificate: (And it must.) Trustworthy certificates contain a list of one or more domain names for which they are valid. The leftmost portion of such names MAY also contain an asterisk ( * ) acting as a “wildcard character” which is valid for any domain name appearing in place of the asterisk. The trouble with the certificate returned by the server that accepted the connection at the IP for the domain name shown above, is that no matter how we look at it, IT IS NOT VALID for the domain name. This would be like a web server using someone else's security certificate. It should not happen and you should proceed with caution.
You should examine the Domain Name and Certificate Name (also known as the “Common Name”) shown below. They will often be nearly identical. For example, the Certificate Name might simply have a ‘www’ prefix which is missing from the Domain Name. And if you were to enter the domain name with the leading ‘www’ everything would be fine. But if the names are very different, something is not right.
Web security certificates expire every two to three years so that the identity and integrity of the certificate's owner can be refreshed and reaffirmed. This goes a long way toward helping to keep the entire security certificate system trustworthy. The security certificate returned by THIS server is INVALID because it is either not yet valid or has expired from having been valid. (Certificates contain both a “not valid before” and “not valid after” field and the certificate should only be trusted between those two dates and times.
The trouble may be something you can remedy by altering the domain name submitted, or the trouble might lie with the configuration of the remote secure web server. You should examine the domain name submitted, above, the errors returned, and the error comments to determine your best course of action.
Domain Name Certificate Name EV Security Certificate's Authentic Fingerprint Click to view complete certificate chain
http://www.rationalskepticism.org ratskep — 90:33:29:4C:83:2B:36:2F:FE:25:F6:44:D3:E0:09:90:19:3C:53:18
