SSL Monitor Web servisa Republike Srbije

Povodom sve većeg broja opasnosti koje kruže Internetom (a i vašim telefonom, frižiderom, automobilom, ...) kao i povodom teksta koji je objavio poverenik za informacije: "Vaša komunikacija nije bezbedna", rešio sam da dam svoj mali doprinos zajednici :) Na ovoj stranici nalazi se monitor SSL sertifikata javnih web servisa Republike Srbije.

Za sada monitor nadgleda samo 'Trust' sertifikata. Testovi ranjivosti su u izgradnji. Za sve komentare, predloge, kritike, kao i za nove adrese servisa pišite na ivanm@security-net.biz.


Vreme poslednje provere: 25-03-2017 20:00:01

ServisInfoPoverenjeRanjivosti
Portal eUprava Republike Srbije
www.euprava.gov.rs
195.222.98.17:443
  
SHA1 Fingerprint:8ad612d6194485b356fab3bcef8d605fe5510cc8
Common Name:     *.euprava.gov.rs
Issuer:    COMODO RSA Domain Validation Secure Server CA
Serial Number:   C600A8BA6EADEAFF18E3C4DF714EB59C
Not Before:Nov 23 00:00:00 2016 GMT
Not After: Nov 23 23:59:59 2017 GMT
Signature Algorithm:   sha256WithRSAEncryption
Public Key Algorithm:  rsaEncryption
Key Size:  2048 bit
Exponent:  65537 (0x10001)
X509v3 Subject Alternative Name:   {'DNS': ['*.euprava.gov.rs', 'euprava.gov.rs']}
  
Hostname Validation:   OK - Subject Alternative Name matches
Google CA Store (09/2015):   OK - Certificate is trusted
Java 6 CA Store (Update 65): OK - Certificate is trusted
Microsoft CA Store (09/2015):OK - Certificate is trusted
Mozilla NSS CA Store (09/2015):    OK - Certificate is trusted
Apple CA Store (OS X 10.10.5):     OK - Certificate is trusted
Certificate Chain Received:  ['*.euprava.gov.rs', 'COMODO RSA Domain Validation Secure Server CA', 'COMODO RSA Certification Authority']
Integrisani Zdravstveni Informacioni Sistem Republike Srbije
app.mojdoktor.gov.rs
212.200.253.231:443
  
SHA1 Fingerprint:fcc65e261814d92f93d0cb7c5181407098f95919
Common Name:     *.mojdoktor.gov.rs
Issuer:    GlobalSign Organization Validation CA - SHA256 - G2
Serial Number:   1121A589B236ED2FF54B23FE6821C9DC83DF
Not Before:Mar 21 08:23:49 2016 GMT
Not After: Mar 22 08:23:49 2018 GMT
Signature Algorithm:   sha256WithRSAEncryption
Public Key Algorithm:  rsaEncryption
Key Size:  2048 bit
Exponent:  65537 (0x10001)
X509v3 Subject Alternative Name:   {'DNS': ['*.mojdoktor.gov.rs', 'mojdoktor.gov.rs']}
  
Hostname Validation:   OK - Subject Alternative Name matches
Google CA Store (09/2015):   OK - Certificate is trusted
Java 6 CA Store (Update 65): FAILED - Certificate is NOT Trusted: certificate has expired
Microsoft CA Store (09/2015):OK - Certificate is trusted
Mozilla NSS CA Store (09/2015):    OK - Certificate is trusted
Apple CA Store (OS X 10.10.5):     OK - Certificate is trusted
Certificate Chain Received:  ['*.mojdoktor.gov.rs', 'GlobalSign Organization Validation CA - SHA256 - G2']
Trust
Poreska uprava Republike Srbije
eporezi.poreskauprava.gov.rs
195.178.50.151:443
  
SHA1 Fingerprint:dd0f2ecddc679914ea1c8e21379b46a07b91de74
Common Name:     mail.purs.gov.rs
Issuer:    Posta CA 1
Serial Number:   48FD6848
Not Before:Jul 11 10:48:23 2013 GMT
Not After: Jul 11 11:18:23 2018 GMT
Signature Algorithm:   sha1WithRSAEncryption
Public Key Algorithm:  rsaEncryption
Key Size:  2048 bit
Exponent:  65537 (0x10001)
X509v3 Subject Alternative Name:   {'DNS': ['mail.purs.gov.rs', 'mail.poreskauprava.gov.rs', 'autodiscover.poreskauprava.gov.rs', 'autodiscover.purs.gov.rs', 'autodiscover.purs.local', 'cenit1srvch1.purs.local', 'cenit1srvch2.purs.local', 'cenit1srvch3.purs.local', 'cenit1srvch4.purs.local', 'eporezi.poreskauprava.gov.rs', 'www.poreskauprava.gov.rs', 'eporezi.purs.gov.rs', 'www.purs.gov.rs']}
  
Hostname Validation:   OK - Subject Alternative Name matches
Google CA Store (09/2015):   FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
Java 6 CA Store (Update 65): FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
Microsoft CA Store (09/2015):FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
Mozilla NSS CA Store (09/2015):    FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
Apple CA Store (OS X 10.10.5):     FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
Certificate Chain Received:  ['mail.purs.gov.rs']
Trust
Republicki fond za zdravstveno osiguranje (Web Servisi)
webapp2.rzzo.rs
212.200.153.155:443
  
SHA1 Fingerprint:267fddba9183e9b37a87f0752bd6708350bd24f5
Common Name:     webapp2.rzzo.rs
Issuer:    COMODO RSA Domain Validation Secure Server CA
Serial Number:   E7940E89C05FE09B976AA9E30FF647CD
Not Before:Aug 26 00:00:00 2016 GMT
Not After: Aug 26 23:59:59 2017 GMT
Signature Algorithm:   sha256WithRSAEncryption
Public Key Algorithm:  rsaEncryption
Key Size:  2048 bit
Exponent:  65537 (0x10001)
X509v3 Subject Alternative Name:   {'DNS': ['webapp2.rzzo.rs', 'www.webapp2.rzzo.rs']}
  
Hostname Validation:   OK - Subject Alternative Name matches
Google CA Store (09/2015):   OK - Certificate is trusted
Java 6 CA Store (Update 65): OK - Certificate is trusted
Microsoft CA Store (09/2015):OK - Certificate is trusted
Apple CA Store (OS X 10.10.5):     OK - Certificate is trusted
Mozilla NSS CA Store (09/2015):    OK - Certificate is trusted
Certificate Chain Received:  ['webapp2.rzzo.rs', 'COMODO RSA Domain Validation Secure Server CA', 'COMODO RSA Certification Authority', 'AddTrust External CA Root']
Web servisi Narodne banke Srbije
webservices.nbs.rs
194.79.41.15:443
  
SHA1 Fingerprint:73141dad7160f3c5b02952a9e142c59a28ae315e
Common Name:     *.nbs.rs
Issuer:    thawte SHA256 SSL CA
Serial Number:   2D4661791ACC53B9F6C491F020455DEB
Not Before:Jun 16 00:00:00 2016 GMT
Not After: Jun 16 23:59:59 2018 GMT
Signature Algorithm:   sha256WithRSAEncryption
Public Key Algorithm:  rsaEncryption
Key Size:  2048 bit
Exponent:  65537 (0x10001)
X509v3 Subject Alternative Name:   {'DNS': ['*.nbs.rs', 'nbs.rs']}
  
Hostname Validation:   OK - Subject Alternative Name matches
Google CA Store (09/2015):   OK - Certificate is trusted
Java 6 CA Store (Update 65): OK - Certificate is trusted
Microsoft CA Store (09/2015):OK - Certificate is trusted
Mozilla NSS CA Store (09/2015):    OK - Certificate is trusted
Apple CA Store (OS X 10.10.5):     OK - Certificate is trusted
Certificate Chain Received:  ['*.nbs.rs', 'thawte SHA256 SSL CA']
eKatastar nepokretnosti
katastar.rgz.gov.rs
93.87.56.105:443
  
SHA1 Fingerprint:067dd12ec7348f628ca8877c17d0ac0a291bd0bd
Common Name:     katastar.rgz.gov.rs
Issuer:    PKS CA Class2 - IT resursi
Serial Number:   34228758F3880FA4
Not Before:Feb 22 08:49:21 2017 GMT
Not After: Feb 22 08:49:21 2022 GMT
Signature Algorithm:   sha256WithRSAEncryption
Public Key Algorithm:  rsaEncryption
Key Size:  2048 bit
Exponent:  65537 (0x10001)
  
Hostname Validation:   OK - Common Name matches
Google CA Store (09/2015):   FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
Java 6 CA Store (Update 65): FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
Microsoft CA Store (09/2015):FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
Mozilla NSS CA Store (09/2015):    FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
Apple CA Store (OS X 10.10.5):     FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
Certificate Chain Received:  ['katastar.rgz.gov.rs', 'PKS CA Class2 - IT resursi']
Trust
Portal Centralnog registra obaveznog socijalnog osiguranja
portal.croso.gov.rs
195.222.96.237:443
  
SHA1 Fingerprint:2269e8cb026d67d45298a3f6f7461cdc8d1806eb
Common Name:     portal.croso.gov.rs
Issuer:    GeoTrust SSL CA - G3
Serial Number:   3B955B406BC708E166555EBAC836516B
Not Before:Dec 24 00:00:00 2015 GMT
Not After: Jan 15 23:59:59 2018 GMT
Signature Algorithm:   sha256WithRSAEncryption
Public Key Algorithm:  rsaEncryption
Key Size:  2048 bit
Exponent:  65537 (0x10001)
X509v3 Subject Alternative Name:   {'DNS': ['portal.croso.gov.rs']}
  
Hostname Validation:   OK - Subject Alternative Name matches
Google CA Store (09/2015):   OK - Certificate is trusted
Java 6 CA Store (Update 65): OK - Certificate is trusted
Microsoft CA Store (09/2015):OK - Certificate is trusted
Mozilla NSS CA Store (09/2015):    OK - Certificate is trusted
Apple CA Store (OS X 10.10.5):     OK - Certificate is trusted
Certificate Chain Received:  ['portal.croso.gov.rs', 'GeoTrust SSL CA - G3']
Republicki fond za penzisko i invalidsko osiguranje
servisi.pio.rs
77.46.148.26:443
  
SHA1 Fingerprint:874d5b8717b1cc7df6e0d8b40ca3b5999613b261
Common Name:     servisi.pio.rs
Issuer:    Symantec Class 3 Secure Server CA - G4
Serial Number:   7404484B6ED8362F4F00F4A4F507093D
Not Before:Aug 12 00:00:00 2016 GMT
Not After: Sep 11 23:59:59 2017 GMT
Signature Algorithm:   sha256WithRSAEncryption
Public Key Algorithm:  rsaEncryption
Key Size:  2048 bit
Exponent:  65537 (0x10001)
X509v3 Subject Alternative Name:   {'DNS': ['servisi.pio.rs']}
  
Hostname Validation:   OK - Subject Alternative Name matches
Google CA Store (09/2015):   OK - Certificate is trusted
Java 6 CA Store (Update 65): OK - Certificate is trusted
Microsoft CA Store (09/2015):OK - Certificate is trusted
Mozilla NSS CA Store (09/2015):    OK - Certificate is trusted
Apple CA Store (OS X 10.10.5):     OK - Certificate is trusted
Certificate Chain Received:  ['servisi.pio.rs', 'Symantec Class 3 Secure Server CA - G4']
Regulatorna agencija za elektronske komnikacije i postanske usluge
portal.ratel.rs
79.101.30.78:443
  
SHA1 Fingerprint:b62fcb954b33ca4b62bcc3dc16fb12452ad03969
Common Name:     portal.ratel.rs
Issuer:    Posta CA 1
Serial Number:   48FE92A8
Not Before:May  4 11:38:59 2015 GMT
Not After: May  4 12:08:59 2018 GMT
Signature Algorithm:   sha1WithRSAEncryption
Public Key Algorithm:  rsaEncryption
Key Size:  2048 bit
Exponent:  65537 (0x10001)
X509v3 Subject Alternative Name:   {'email': ['ratel@ratel.rs']}
  
Hostname Validation:   OK - Common Name matches
Google CA Store (09/2015):   FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
Java 6 CA Store (Update 65): FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
Microsoft CA Store (09/2015):FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
Mozilla NSS CA Store (09/2015):    FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
Apple CA Store (OS X 10.10.5):     FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
Certificate Chain Received:  ['portal.ratel.rs']
Trust
Sistem elektronskog bankarstva Postanske stedionice
ebank2.posted.co.rs
194.145.153.22:443
  
SHA1 Fingerprint:d39f9e9a73c602eb03f2cae0571195829119701e
Common Name:     ebank2.posted.co.rs
Issuer:    Symantec Class 3 Secure Server SHA256 SSL CA
Serial Number:   2AD7809BBA55FCCBABC777D58413EEFD
Not Before:Feb 24 00:00:00 2017 GMT
Not After: Feb 24 23:59:59 2018 GMT
Signature Algorithm:   sha256WithRSAEncryption
Public Key Algorithm:  rsaEncryption
Key Size:  2048 bit
Exponent:  65537 (0x10001)
X509v3 Subject Alternative Name:   {'DNS': ['ebank2.posted.co.rs']}
  
Hostname Validation:   OK - Subject Alternative Name matches
Google CA Store (09/2015):   OK - Certificate is trusted
Java 6 CA Store (Update 65): OK - Certificate is trusted
Microsoft CA Store (09/2015):OK - Certificate is trusted
Mozilla NSS CA Store (09/2015):    OK - Certificate is trusted
Apple CA Store (OS X 10.10.5):     OK - Certificate is trusted
Certificate Chain Received:  ['ebank2.posted.co.rs', 'Symantec Class 3 Secure Server SHA256 SSL CA']
Elektronske usluge Poreske uprave
www.poreskauprava.gov.rs
195.178.50.150:443
  
SHA1 Fingerprint:dd0f2ecddc679914ea1c8e21379b46a07b91de74
Common Name:     mail.purs.gov.rs
Issuer:    Posta CA 1
Serial Number:   48FD6848
Not Before:Jul 11 10:48:23 2013 GMT
Not After: Jul 11 11:18:23 2018 GMT
Signature Algorithm:   sha1WithRSAEncryption
Public Key Algorithm:  rsaEncryption
Key Size:  2048 bit
Exponent:  65537 (0x10001)
X509v3 Subject Alternative Name:   {'DNS': ['mail.purs.gov.rs', 'mail.poreskauprava.gov.rs', 'autodiscover.poreskauprava.gov.rs', 'autodiscover.purs.gov.rs', 'autodiscover.purs.local', 'cenit1srvch1.purs.local', 'cenit1srvch2.purs.local', 'cenit1srvch3.purs.local', 'cenit1srvch4.purs.local', 'eporezi.poreskauprava.gov.rs', 'www.poreskauprava.gov.rs', 'eporezi.purs.gov.rs', 'www.purs.gov.rs']}
  
Hostname Validation:   OK - Subject Alternative Name matches
Google CA Store (09/2015):   FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
Java 6 CA Store (Update 65): FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
Microsoft CA Store (09/2015):FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
Mozilla NSS CA Store (09/2015):    FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
Apple CA Store (OS X 10.10.5):     FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
Certificate Chain Received:  ['mail.purs.gov.rs']
Trust
Narodna banka Srbije
www.nbs.rs
194.79.41.46:443
  
SHA1 Fingerprint:73141dad7160f3c5b02952a9e142c59a28ae315e
Common Name:     *.nbs.rs
Issuer:    thawte SHA256 SSL CA
Serial Number:   2D4661791ACC53B9F6C491F020455DEB
Not Before:Jun 16 00:00:00 2016 GMT
Not After: Jun 16 23:59:59 2018 GMT
Signature Algorithm:   sha256WithRSAEncryption
Public Key Algorithm:  rsaEncryption
Key Size:  2048 bit
Exponent:  65537 (0x10001)
X509v3 Subject Alternative Name:   {'DNS': ['*.nbs.rs', 'nbs.rs']}
  
Hostname Validation:   OK - Subject Alternative Name matches
Google CA Store (09/2015):   OK - Certificate is trusted
Java 6 CA Store (Update 65): OK - Certificate is trusted
Microsoft CA Store (09/2015):OK - Certificate is trusted
Mozilla NSS CA Store (09/2015):    OK - Certificate is trusted
Apple CA Store (OS X 10.10.5):     OK - Certificate is trusted
Certificate Chain Received:  ['*.nbs.rs', 'thawte SHA256 SSL CA']
Ministarstvo drzavne uprave i lokalne samouprave
www.mduls.gov.rs
195.222.96.163:443
  
SHA1 Fingerprint:cd946cf76f1bb2fb48e60685ad67b1bf68510b9e
Common Name:     *.uzzpro.gov.rs
Issuer:    Symantec Class 3 Secure Server CA - G4
Serial Number:   0AFB1087FAEF459942CE56DFF3427DF9
Not Before:Dec 29 00:00:00 2015 GMT
Not After: Aug 28 23:59:59 2017 GMT
Signature Algorithm:   sha256WithRSAEncryption
Public Key Algorithm:  rsaEncryption
Key Size:  2048 bit
Exponent:  65537 (0x10001)
X509v3 Subject Alternative Name:   {'DNS': ['*.uzzpro.gov.rs', 'uzzpro.gov.rs']}
  
Hostname Validation:   FAILED - Certificate does NOT match www.mduls.gov.rs
Google CA Store (09/2015):   OK - Certificate is trusted
Java 6 CA Store (Update 65): OK - Certificate is trusted
Microsoft CA Store (09/2015):OK - Certificate is trusted
Mozilla NSS CA Store (09/2015):    OK - Certificate is trusted
Apple CA Store (OS X 10.10.5):     OK - Certificate is trusted
Certificate Chain Received:  ['*.uzzpro.gov.rs', 'Symantec Class 3 Secure Server CA - G4']
Trust
Ministarstvo finansija, Uprava Carina
www.carina.rs
93.87.54.202:443
  
SHA1 Fingerprint:44a46d0a8e9e6768c944fbe9934c20d6e3745e7f
Common Name:     mail.carina.rs
Issuer:    fcs-BEG-ISSUING-CA
Serial Number:   54A41D8A0001000000A3
Not Before:May 26 12:38:15 2016 GMT
Not After: Mar 28 08:49:34 2018 GMT
Signature Algorithm:   sha1WithRSAEncryption
Public Key Algorithm:  rsaEncryption
Key Size:  2048 bit
Exponent:  65537 (0x10001)
X509v3 Subject Alternative Name:   {'DNS': ['mail.carina.rs', 'autodiscover.carina.rs', 'legacy.carina.rs', 'beg-ex2k7.fcs.yu']}
  
Hostname Validation:   FAILED - Certificate does NOT match www.carina.rs
Google CA Store (09/2015):   FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
Java 6 CA Store (Update 65): FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
Microsoft CA Store (09/2015):FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
Mozilla NSS CA Store (09/2015):    FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
Apple CA Store (OS X 10.10.5):     FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
Certificate Chain Received:  ['mail.carina.rs', 'fcs-BEG-ISSUING-CA', 'POLICY-CA']
Trust
Ministarstvo finansija, Uprava Carina, NCTS
eccgw.carina.rs
93.87.54.210:443
  
SHA1 Fingerprint:d8cfeb99f6cc9aede54ee02faabfa637bd32950a
Common Name:     eccgw.carina.rs
Issuer:    PKS CA Class2 - IT resursi
Serial Number:   5CF592B90B373FF1
Not Before:Sep 22 07:41:53 2014 GMT
Not After: Sep 22 07:41:53 2017 GMT
Signature Algorithm:   sha256WithRSAEncryption
Public Key Algorithm:  rsaEncryption
Key Size:  2048 bit
Exponent:  65537 (0x10001)
  
Hostname Validation:   OK - Common Name matches
Google CA Store (09/2015):   FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
Java 6 CA Store (Update 65): FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
Microsoft CA Store (09/2015):FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
Mozilla NSS CA Store (09/2015):    FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
Apple CA Store (OS X 10.10.5):     FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
Certificate Chain Received:  ['eccgw.carina.rs']
Trust
Elektronsko podnosenje zahteva za zastitu intelektualne svojine
eipr.carina.rs
93.87.54.204:443
  
SHA1 Fingerprint:ee7363519cdc51b034b487f9a306f3f03b38e149
Common Name:     eipr.carina.rs
Issuer:    fcs-BEG-ISSUING-CA
Serial Number:   4545E6E10001000000A8
Not Before:Jun 17 09:31:28 2016 GMT
Not After: Mar 28 08:49:34 2018 GMT
Signature Algorithm:   sha1WithRSAEncryption
Public Key Algorithm:  rsaEncryption
Key Size:  2048 bit
Exponent:  65537 (0x10001)
  
Hostname Validation:   OK - Common Name matches
Google CA Store (09/2015):   FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
Java 6 CA Store (Update 65): FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
Microsoft CA Store (09/2015):FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
Mozilla NSS CA Store (09/2015):    FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
Apple CA Store (OS X 10.10.5):     FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
Certificate Chain Received:  ['eipr.carina.rs', 'fcs-BEG-ISSUING-CA', 'POLICY-CA']
Trust
Agencija za privredne registre
www.apr.gov.rs
195.178.56.17:443
  
SHA1 Fingerprint:821a1283f8e5fb843bb1fcf46a97020aad1617d9
Common Name:     *.apr.gov.rs
Issuer:    COMODO RSA Domain Validation Secure Server CA
Serial Number:   0798A7250AF372BF8FE87C361FED48D0
Not Before:Jan 31 00:00:00 2017 GMT
Not After: Jan 31 23:59:59 2020 GMT
Signature Algorithm:   sha256WithRSAEncryption
Public Key Algorithm:  rsaEncryption
Key Size:  2048 bit
Exponent:  65537 (0x10001)
X509v3 Subject Alternative Name:   {'DNS': ['*.apr.gov.rs', 'apr.gov.rs']}
  
Hostname Validation:   OK - Subject Alternative Name matches
Google CA Store (09/2015):   OK - Certificate is trusted
Java 6 CA Store (Update 65): OK - Certificate is trusted
Microsoft CA Store (09/2015):OK - Certificate is trusted
Mozilla NSS CA Store (09/2015):    OK - Certificate is trusted
Apple CA Store (OS X 10.10.5):     OK - Certificate is trusted
Certificate Chain Received:  ['*.apr.gov.rs', 'COMODO RSA Domain Validation Secure Server CA', 'COMODO RSA Certification Authority']
Ministarstvo gradjevinarstva, saobracaja i infrastrukture
gradjevinskedozvole.rs
144.76.137.211:443
  
SHA1 Fingerprint:7b5bb287ab9e892d40c76217b871cd6c251f793c
Common Name:     Parallels Panel
Issuer:    Parallels Panel
Serial Number:   522729BB
Not Before:Sep  4 12:38:19 2013 GMT
Not After: Sep  4 12:38:19 2014 GMT
Signature Algorithm:   sha1WithRSAEncryption
Public Key Algorithm:  rsaEncryption
Key Size:  2048 bit
Exponent:  65537 (0x10001)
  
Hostname Validation:   FAILED - Certificate does NOT match gradjevinskedozvole.rs
Google CA Store (09/2015):   FAILED - Certificate is NOT Trusted: self signed certificate
Java 6 CA Store (Update 65): FAILED - Certificate is NOT Trusted: self signed certificate
Microsoft CA Store (09/2015):FAILED - Certificate is NOT Trusted: self signed certificate
Mozilla NSS CA Store (09/2015):    FAILED - Certificate is NOT Trusted: self signed certificate
Apple CA Store (OS X 10.10.5):     FAILED - Certificate is NOT Trusted: self signed certificate
Certificate Chain Received:  ['Parallels Panel']
Trust
Registar neplacenih novcanh kazni i drugih novcanih iznosa
rnk.sipres.sud.rs
178.253.198.243:443
  
SHA1 Fingerprint:5cb83ba2552eee7091ffce4e0da65873d3ee0912
Common Name:     rnk.sipres.sud.rs
Issuer:    GeoTrust Extended Validation SHA256 SSL CA
Serial Number:   4B9A61613C01F520C5E258918095A38C
Not Before:Mar 16 00:00:00 2017 GMT
Not After: Mar 16 23:59:59 2018 GMT
Signature Algorithm:   sha256WithRSAEncryption
Public Key Algorithm:  rsaEncryption
Key Size:  2048 bit
Exponent:  65537 (0x10001)
X509v3 Subject Alternative Name:   {'DNS': ['tpps.sipres.sud.rs', 'tppas.sipres.sud.rs', 'int.sipres.sud.rs', 'evp.sipres.sud.rs', 'rnk.sipres.sud.rs']}
  
Hostname Validation:   OK - Subject Alternative Name matches
Google CA Store (09/2015):   OK - Certificate is trusted
Java 6 CA Store (Update 65): OK - Certificate is trusted
Microsoft CA Store (09/2015):OK - Certificate is trusted
Mozilla NSS CA Store (09/2015):    OK - Certificate is trusted
Apple CA Store (OS X 10.10.5):     OK - Certificate is trusted
Certificate Chain Received:  ['rnk.sipres.sud.rs', 'GeoTrust Extended Validation SHA256 SSL CA']
Lokalna poreska administracija, Grad Beograd
lpa.beograd.gov.rs
91.150.67.26:443
  
SHA1 Fingerprint:db9863720d0a2551322098b820eaea9044dae87f
Common Name:     zis.beograd.gov.rs
Issuer:    COMODO RSA Domain Validation Secure Server CA
Serial Number:   0745B877764AE44C66E5AAE279435F1B
Not Before:Nov 18 00:00:00 2015 GMT
Not After: Nov 17 23:59:59 2018 GMT
Signature Algorithm:   sha256WithRSAEncryption
Public Key Algorithm:  rsaEncryption
Key Size:  2048 bit
Exponent:  65537 (0x10001)
X509v3 Subject Alternative Name:   {'DNS': ['zis.beograd.gov.rs', 'app.beograd.gov.rs', 'autodiscover.beograd.gov.rs', 'euprava.beograd.gov.rs', 'konkurs.beograd.gov.rs', 'lpa.beograd.gov.rs', 'mail.beograd.gov.rs', 'nabavke.beograd.gov.rs', 'portal.beograd.gov.rs', 'sap.beograd.gov.rs']}
  
Hostname Validation:   OK - Subject Alternative Name matches
Google CA Store (09/2015):   OK - Certificate is trusted
Java 6 CA Store (Update 65): FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
Microsoft CA Store (09/2015):OK - Certificate is trusted
Mozilla NSS CA Store (09/2015):    OK - Certificate is trusted
Apple CA Store (OS X 10.10.5):     FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
Certificate Chain Received:  ['zis.beograd.gov.rs', 'COMODO RSA Domain Validation Secure Server CA']
Trust
Agencija za privredne registre
reid.apr.gov.rs
195.178.56.17:443
  
SHA1 Fingerprint:821a1283f8e5fb843bb1fcf46a97020aad1617d9
Common Name:     *.apr.gov.rs
Issuer:    COMODO RSA Domain Validation Secure Server CA
Serial Number:   0798A7250AF372BF8FE87C361FED48D0
Not Before:Jan 31 00:00:00 2017 GMT
Not After: Jan 31 23:59:59 2020 GMT
Signature Algorithm:   sha256WithRSAEncryption
Public Key Algorithm:  rsaEncryption
Key Size:  2048 bit
Exponent:  65537 (0x10001)
X509v3 Subject Alternative Name:   {'DNS': ['*.apr.gov.rs', 'apr.gov.rs']}
  
Hostname Validation:   OK - Subject Alternative Name matches
Google CA Store (09/2015):   OK - Certificate is trusted
Java 6 CA Store (Update 65): OK - Certificate is trusted
Microsoft CA Store (09/2015):OK - Certificate is trusted
Mozilla NSS CA Store (09/2015):    OK - Certificate is trusted
Apple CA Store (OS X 10.10.5):     OK - Certificate is trusted
Certificate Chain Received:  ['*.apr.gov.rs', 'COMODO RSA Domain Validation Secure Server CA', 'COMODO RSA Certification Authority']
Trezor, registar zaposlenih
zapos.trezor.gov.rs
195.88.13.101:443
  
SHA1 Fingerprint:b97e89a48fa9ec6a641d1c2e2693041474b2f896
Common Name:     zapos.trezor.gov.rs
Issuer:    PKS CA Class2 - IT resursi
Serial Number:   2AA79E29251B0DCC
Not Before:Jan 18 11:58:03 2016 GMT
Not After: Jan 18 11:58:03 2019 GMT
Signature Algorithm:   sha256WithRSAEncryption
Public Key Algorithm:  rsaEncryption
Key Size:  2048 bit
Exponent:  65537 (0x10001)
X509v3 Subject Alternative Name:   {'email': ['filip.streoski@trezor.gov.rs']}
  
Hostname Validation:   OK - Common Name matches
Google CA Store (09/2015):   FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
Java 6 CA Store (Update 65): FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
Microsoft CA Store (09/2015):FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
Mozilla NSS CA Store (09/2015):    FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
Apple CA Store (OS X 10.10.5):     FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
Certificate Chain Received:  ['zapos.trezor.gov.rs']
Trust
Direkcija za elektronsku upravu
www.deu.gov.rs
195.222.96.163:443
  
SHA1 Fingerprint:cd946cf76f1bb2fb48e60685ad67b1bf68510b9e
Common Name:     *.uzzpro.gov.rs
Issuer:    Symantec Class 3 Secure Server CA - G4
Serial Number:   0AFB1087FAEF459942CE56DFF3427DF9
Not Before:Dec 29 00:00:00 2015 GMT
Not After: Aug 28 23:59:59 2017 GMT
Signature Algorithm:   sha256WithRSAEncryption
Public Key Algorithm:  rsaEncryption
Key Size:  2048 bit
Exponent:  65537 (0x10001)
X509v3 Subject Alternative Name:   {'DNS': ['*.uzzpro.gov.rs', 'uzzpro.gov.rs']}
  
Hostname Validation:   FAILED - Certificate does NOT match www.deu.gov.rs
Google CA Store (09/2015):   OK - Certificate is trusted
Java 6 CA Store (Update 65): OK - Certificate is trusted
Microsoft CA Store (09/2015):OK - Certificate is trusted
Mozilla NSS CA Store (09/2015):    OK - Certificate is trusted
Apple CA Store (OS X 10.10.5):     OK - Certificate is trusted
Certificate Chain Received:  ['*.uzzpro.gov.rs', 'Symantec Class 3 Secure Server CA - G4']
Trust
Beogradska berza
www.belex.rs
Connection rejected
Beogradska berza, Upload
upload.belex.rs
80.93.241.138:443
  
SHA1 Fingerprint:c6a440edbaaff40feffd2dbd0b9f55e1dee3a234
Common Name:     upload.belex.rs
Issuer:    thawte DV SSL CA - G2
Serial Number:   63660237714BC90B98BF9879107FAAE0
Not Before:Mar 10 00:00:00 2016 GMT
Not After: Apr  9 23:59:59 2017 GMT
Signature Algorithm:   sha256WithRSAEncryption
Public Key Algorithm:  rsaEncryption
Key Size:  2048 bit
Exponent:  65537 (0x10001)
X509v3 Subject Alternative Name:   {'DNS': ['upload.belex.rs']}
  
Hostname Validation:   OK - Subject Alternative Name matches
Google CA Store (09/2015):   OK - Certificate is trusted
Java 6 CA Store (Update 65): OK - Certificate is trusted
Microsoft CA Store (09/2015):OK - Certificate is trusted
Mozilla NSS CA Store (09/2015):    OK - Certificate is trusted
Apple CA Store (OS X 10.10.5):     OK - Certificate is trusted
Certificate Chain Received:  ['upload.belex.rs', 'thawte DV SSL CA - G2']
Beogradska berza
www.belex.info
80.93.241.138:443
  
SHA1 Fingerprint:c6a440edbaaff40feffd2dbd0b9f55e1dee3a234
Common Name:     upload.belex.rs
Issuer:    thawte DV SSL CA - G2
Serial Number:   63660237714BC90B98BF9879107FAAE0
Not Before:Mar 10 00:00:00 2016 GMT
Not After: Apr  9 23:59:59 2017 GMT
Signature Algorithm:   sha256WithRSAEncryption
Public Key Algorithm:  rsaEncryption
Key Size:  2048 bit
Exponent:  65537 (0x10001)
X509v3 Subject Alternative Name:   {'DNS': ['upload.belex.rs']}
  
Hostname Validation:   FAILED - Certificate does NOT match www.belex.info
Google CA Store (09/2015):   OK - Certificate is trusted
Java 6 CA Store (Update 65): OK - Certificate is trusted
Microsoft CA Store (09/2015):OK - Certificate is trusted
Mozilla NSS CA Store (09/2015):    OK - Certificate is trusted
Apple CA Store (OS X 10.10.5):     OK - Certificate is trusted
Certificate Chain Received:  ['upload.belex.rs', 'thawte DV SSL CA - G2']
Trust
Nacionalna sluzba za zaposljavanje
www.nsz.gov.rs
Connection rejected
Registar nacionalnog internet domena Srbije
www.rnids.rs
87.237.205.199:443
  
SHA1 Fingerprint:6d8ba5e0e04406549dd9e84f7db77441a0046c23
Common Name:     www.rnids.rs
Issuer:    COMODO RSA Extended Validation Secure Server CA
Serial Number:   BB996D3010A528E4CB583BAE00BBD3F7
Not Before:Oct  7 00:00:00 2015 GMT
Not After: Oct  1 23:59:59 2017 GMT
Signature Algorithm:   sha256WithRSAEncryption
Public Key Algorithm:  rsaEncryption
Key Size:  2048 bit
Exponent:  65537 (0x10001)
X509v3 Subject Alternative Name:   {'DNS': ['www.rnids.rs', 'rnids.rs']}
  
Hostname Validation:   OK - Subject Alternative Name matches
Google CA Store (09/2015):   OK - Certificate is trusted
Java 6 CA Store (Update 65): OK - Certificate is trusted
Microsoft CA Store (09/2015):OK - Certificate is trusted
Mozilla NSS CA Store (09/2015):    OK - Certificate is trusted
Apple CA Store (OS X 10.10.5):     OK - Certificate is trusted
Certificate Chain Received:  ['www.rnids.rs', 'COMODO RSA Extended Validation Secure Server CA', 'COMODO RSA Certification Authority']
Upit u jedinstveni biracki spisak
birackispisak.mduls.gov.rs
195.222.98.78:443
  
SHA1 Fingerprint:ac81110a23b1d14b6a06c990bef5ddeb34e65356
Common Name:     birackispisak.mduls.gov.rs
Issuer:    COMODO RSA Domain Validation Secure Server CA
Serial Number:   AADAE2D69140BF7702ABD7EDDB9F62E7
Not Before:Mar  7 00:00:00 2017 GMT
Not After: Mar  6 23:59:59 2020 GMT
Signature Algorithm:   sha256WithRSAEncryption
Public Key Algorithm:  rsaEncryption
Key Size:  2048 bit
Exponent:  65537 (0x10001)
X509v3 Subject Alternative Name:   {'DNS': ['birackispisak.mduls.gov.rs', 'www.birackispisak.mduls.gov.rs']}
  
Hostname Validation:   OK - Subject Alternative Name matches
Google CA Store (09/2015):   OK - Certificate is trusted
Java 6 CA Store (Update 65): OK - Certificate is trusted
Microsoft CA Store (09/2015):OK - Certificate is trusted
Mozilla NSS CA Store (09/2015):    OK - Certificate is trusted
Apple CA Store (OS X 10.10.5):     OK - Certificate is trusted
Certificate Chain Received:  ['birackispisak.mduls.gov.rs', 'COMODO RSA Domain Validation Secure Server CA', 'COMODO RSA Certification Authority']

Reference

- https://twitter.com/i/moments/801165321583337472
- http://www.poverenik.rs/yu/saopstenja-i-aktuelnosti/2481-poverenik-upozorio-ministre-na-znacaj-bezbednosti-drzavnih-e-portala.html
- http://www.poverenik.rs/images/stories/dokumentacija-nova/pismaorganima/2016/min.trgovine4.11.2016.doc
- http://blog.b92.net/text/27034/VASA-KOMUNIKACIJA-NIJE-BEZBEDNA/
- https://twitter.com/RodoljubSabic/status/794833030770819072
- https://www.ssllabs.com/ssltest/analyze.html?d=www.euprava.gov.rs
- http://ca.mup.gov.rs/zakon%20o%20elektronskom%20potpisu.doc
- http://technet.microsoft.com/en-us/library/cc751157.aspx
- https://support.microsoft.com/kb/2677070
- http://www.oracle.com/technetwork/java/javase/javasecarootcertsprogram-1876540.html
- https://www.mozilla.org/projects/security/certs/policy/
- http://www.apple.com/certificateauthority/ca_program.html
- http://www.ca.posta.rs/elektronski_sertifikati.htm
- http://ca.mup.gov.rs/
- http://blog.b92.net/text/16033/Problem-sa-elektronskim-sertifikatima-u-licnim-kartama/
- http://www.netokracija.rs/euprava-sigurnost-124106
- http://www.netokracija.rs/euprava-zamena-ssl-sertifikat-124319
- http://blog.b92.rs/text/27104/Vasa-komunikacija-nije-bezbedna-vol-20/
- http://www.infotech.org.rs/blog/wp-content/uploads/43.pdf


Preporučujem

- https://www.eff.org/https-everywhere

HTTPS Everywhere is a Firefox, Chrome, and Opera extension that encrypts your communications with many major websites, making your browsing more secure.

- OWASP SSL advanced forensic tool: https://www.owasp.org/index.php/O-Saft

O-Saft is an easy to use tool to show informations about SSL certificate and tests the SSL connection according given list of ciphers and various SSL configurations.

... iz laboratorije Ivan Marković