Check DNS, Urls + Redirects, Certificates and Content of your Website



X

DNS-problem - authoritative Nameserver refused, not defined or timeout

Checked:
19.09.2019 03:21:15


Older results

No older results found


1. IP-Addresses

HostTypeIP-Addressis auth.∑ Queries∑ Timeout
itau.cl
A

yes
1
0

AAAA

yes


www.itau.cl
A
200.11.88.140
Santiago/Santiago Metropolitan/Chile (CL) - Latin American and Caribbean IP address Regional Registry
No Hostname found
yes
1
0

AAAA

yes



2. DNSSEC

Zone (*)DNSSEC - Informations

Zone: (root)
(root)
1 DS RR published



Status: Valid because published



2 DNSKEY RR found



Public Key with Algorithm 8, KeyTag 20326, Flags 257 (SEP = Secure Entry Point)



Public Key with Algorithm 8, KeyTag 59944, Flags 256



1 RRSIG RR to validate DNSKEY RR found



RRSIG-Owner (root), Algorithm: 8, 0 Labels, original TTL: 172800 sec, Signature-expiration: 30.09.2019, 00:00:00 +, Signature-Inception: 09.09.2019, 00:00:00 +, KeyTag 20326, Signer-Name: (root)



Status: Good - Algorithmus 8 and DNSKEY with KeyTag 20326 used to validate the DNSKEY RRSet



Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 20326, DigestType 2 and Digest "4G1EuAuPHTmpXAsNfGXQhFjogECbvGg0VxBCN8f47I0=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone

Zone: cl
cl
1 DS RR in the parent zone found



1 RRSIG RR to validate DS RR found



RRSIG-Owner cl., Algorithm: 8, 1 Labels, original TTL: 86400 sec, Signature-expiration: 01.10.2019, 21:00:00 +, Signature-Inception: 18.09.2019, 20:00:00 +, KeyTag 59944, Signer-Name: (root)



Status: Good - Algorithmus 8 and DNSKEY with KeyTag 59944 used to validate the DS RRSet in the parent zone



2 DNSKEY RR found



Public Key with Algorithm 8, KeyTag 12363, Flags 256



Public Key with Algorithm 8, KeyTag 21199, Flags 257 (SEP = Secure Entry Point)



2 RRSIG RR to validate DNSKEY RR found



RRSIG-Owner cl., Algorithm: 8, 1 Labels, original TTL: 3600 sec, Signature-expiration: 31.10.2019, 23:43:22 +, Signature-Inception: 19.09.2019, 00:00:34 +, KeyTag 12363, Signer-Name: cl



RRSIG-Owner cl., Algorithm: 8, 1 Labels, original TTL: 3600 sec, Signature-expiration: 24.01.2020, 13:52:11 +, Signature-Inception: 11.09.2019, 13:52:11 +, KeyTag 21199, Signer-Name: cl



Status: Good - Algorithmus 8 and DNSKEY with KeyTag 12363 used to validate the DNSKEY RRSet



Status: Good - Algorithmus 8 and DNSKEY with KeyTag 21199 used to validate the DNSKEY RRSet



Status: Valid Chain of trust. Parent-DS with Algorithm 8, KeyTag 21199, DigestType 2 and Digest "fXVt/6ttPNnHhv9cZZlUwilE+u+UM+7ibx2E61Nws5Q=" validates local Key with the same values, Key ist Secure Entry Point (SEP) of the zone

Zone: itau.cl
itau.cl
0 DS RR in the parent zone found



DS-Query in the parent zone has a valid NSEC3 RR as result with the hashed query name "vf83f8dro6s1cj8b9miu5hu0lb6cnnc2" between the hashed NSEC3-owner "ve07itrvcvudsfjkjeqds9ro25stvd97" and the hashed NextOwner "vg5k3c4ks5crejsdrc96rp3fo2ftanan". So the parent zone confirmes the not-existence of a DS RR.
Bitmap: NS, DS, RRSIG Validated: RRSIG-Owner ve07itrvcvudsfjkjeqds9ro25stvd97.cl., Algorithm: 8, 2 Labels, original TTL: 900 sec, Signature-expiration: 29.10.2019, 14:26:29 +, Signature-Inception: 19.09.2019, 00:00:34 +, KeyTag 12363, Signer-Name: cl



0 DNSKEY RR found




Zone: www.itau.cl
www.itau.cl
0 DS RR in the parent zone found


3. Name Servers

DomainNameserverNS-IP
www.itau.cl
  ns.itau.cl

itau.cl
  ns.itau.cl
200.54.67.188
Calama/Antofagasta/Chile (CL) - Latin American and Caribbean IP address Regional Registry


  ns1.itau.cl


U  ns2.itau.cl
190.153.208.74
Lo Barnechea/Santiago Metropolitan/Chile (CL) - Latin American and Caribbean IP address Regional Registry


U  ns3.itau.cl
200.27.77.242
Renca/Santiago Metropolitan/Chile (CL) - Latin American and Caribbean IP address Regional Registry

cl
  a.nic.cl / amsterdam.nic.cl


  b.nic.cl


  c.nic.cl / londres.nic.cl


  cl1.dnsnode.net / s2.amx


  cl1-tld.d-zone.ca / LHR2


  cl2-tld.d-zone.ca / STO1


  cl-ns.anycast.pch.net / 3.fra.pch


4. SOA-Entries


Domain:cl
Zone-Name:
Primary:a.nic.cl
Mail:dnsadmin.nic.cl
Serial:2019091843
Refresh:1200
Retry:300
Expire:2592000
TTL:900
num Entries:7


Domain:itau.cl
Zone-Name:
Primary:
Mail:
Serial:
Refresh:
Retry:
Expire:
TTL:
num Entries:3


Domain:itau.cl
Zone-Name:
Primary:ns.itau.cl
Mail:hostmaster.itau.cl
Serial:2019090902
Refresh:3600
Retry:600
Expire:604800
TTL:600
num Entries:1


Domain:www.itau.cl
Zone-Name:
Primary:ns.itau.cl
Mail:hostmaster.itau.cl
Serial:2019090902
Refresh:3600
Retry:600
Expire:604800
TTL:600
num Entries:1


5. Screenshots

Startaddress: https://banco.itau.cl/wps/portal/BICPublico/home/!ut/p/z1/04_Sj9CPykssy0xPLMnMz0vMAfIjo8ziTf39jC39wywD_f0tLA08vZx93AMD_Yxdg030wwkpiAJKG-AAjgZA_VFgJThMCPQxhSrAY0ZBboRBpqOiIgB2Nwwf/dz/d5/L2dBISEvZ0FBIS9nQSEh/, address used: https://banco.itau.cl/wps/portal/BICPublico/home/!ut/p/z1/04_Sj9CPykssy0xPLMnMz0vMAfIjo8ziTf39jC39wywD_f0tLA08vZx93AMD_Yxdg030wwkpiAJKG-AAjgZA_VFgJThMCPQxhSrAY0ZBboRBpqOiIgB2Nwwf/dz/d5/L2dBISEvZ0FBIS9nQSEh/, Screenshot created 2020-03-28 19:28:03 +00:0

Mobil (412px x 732px)

1319 milliseconds

Screenshot mobile - https://banco.itau.cl/wps/portal/BICPublico/home/!ut/p/z1/04_Sj9CPykssy0xPLMnMz0vMAfIjo8ziTf39jC39wywD_f0tLA08vZx93AMD_Yxdg030wwkpiAJKG-AAjgZA_VFgJThMCPQxhSrAY0ZBboRBpqOiIgB2Nwwf/dz/d5/L2dBISEvZ0FBIS9nQSEh/
Mobil + Landscape (732px x 412px)

1226 milliseconds

Screenshot mobile landscape - https://banco.itau.cl/wps/portal/BICPublico/home/!ut/p/z1/04_Sj9CPykssy0xPLMnMz0vMAfIjo8ziTf39jC39wywD_f0tLA08vZx93AMD_Yxdg030wwkpiAJKG-AAjgZA_VFgJThMCPQxhSrAY0ZBboRBpqOiIgB2Nwwf/dz/d5/L2dBISEvZ0FBIS9nQSEh/
Screen (1280px x 1680px)

6545 milliseconds

Screenshot Desktop - https://banco.itau.cl/wps/portal/BICPublico/home/!ut/p/z1/04_Sj9CPykssy0xPLMnMz0vMAfIjo8ziTf39jC39wywD_f0tLA08vZx93AMD_Yxdg030wwkpiAJKG-AAjgZA_VFgJThMCPQxhSrAY0ZBboRBpqOiIgB2Nwwf/dz/d5/L2dBISEvZ0FBIS9nQSEh/

Mobile- and other Chrome-Checks

widthheight
visual Viewport412732
content Size412732

Good: No horizontal scrollbar. Content-size width = visual Viewport width.

Chrome-Connection: info. obsolete connection settings. The connection to this site is encrypted and authenticated using TLS 1.2, RSA, and AES_128_GCM.

Chrome-Resources : secure. all served securely. All resources on this page are served securely.

6. Url-Checks


:

:
DomainnameHttp-StatusredirectSec.G
• http://www.itau.cl/
200.11.88.140
301
https://banco.itau.cl/wps/portal/BICPublico
0.497
E
Location: https://banco.itau.cl/wps/portal/BICPublico
Server: BigIP
Connection: close
Content-Length: 0

• https://www.itau.cl/
200.11.88.140
301
https://banco.itau.cl/wps/portal/BICPublico
3.714
B
Location: https://banco.itau.cl/wps/portal/BICPublico
Server: BigIP
Connection: close
Content-Length: 0

• https://banco.itau.cl/wps/portal/BICPublico

302
https://banco.itau.cl/wps/portal/BICPublico/home/!ut/p/z1/04_Sj9CPykssy0xPLMnMz0vMAfIjo8ziTf39jC39wywD_f0tLA08vZx93AMD_Yxdg030wwkpiAJKG-AAjgZA_VFgJThMCPQxhSrAY0ZBboRBpqOiIgB2Nwwf/dz/d5/L2dBISEvZ0FBIS9nQSEh/
4.190
B
Date: Thu, 19 Sep 2019 01:30:57 GMT
ARM_CORRELATOR: 002ECC00303030303239383030303035393244444537434131423844303030303145424630303030314542460001
X-Powered-By: Servlet/3.0
Location: https://banco.itau.cl/wps/portal/BICPublico/home/!ut/p/z1/04_Sj9CPykssy0xPLMnMz0vMAfIjo8ziTf39jC39wywD_f0tLA08vZx93AMD_Yxdg030wwkpiAJKG-AAjgZA_VFgJThMCPQxhSrAY0ZBboRBpqOiIgB2Nwwf/dz/d5/L2dBISEvZ0FBIS9nQSEh/
Set-Cookie: JSESSIONID=00002EqIrUMDrHkFHCLiJ29JgNS:1btakv5d1; Path=/; Domain=banco.itau.cl; HttpOnly,lb_portal_ibm_itau_cookie=!XDp/qU2i6e6whBmgmrHpCzkQ+vJZ9NQsUXsdOaIUpqB9pUv9JEjobjQniwYyY+UdypQrh8VByqYiFIk=; Path=/; Domain=banco.itau.cl; HttpOnly; Secure,BIGipServerIBM_https_pool=2013374656.47873.0000; Path=/; Domain=banco.itau.cl; HttpOnly; Secure
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Cache-Control: no-cache="set-cookie, set-cookie2"
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 20
Connection: close
Content-Language: en-US

• https://banco.itau.cl/wps/portal/BICPublico/home/!ut/p/z1/04_Sj9CPykssy0xPLMnMz0vMAfIjo8ziTf39jC39wywD_f0tLA08vZx93AMD_Yxdg030wwkpiAJKG-AAjgZA_VFgJThMCPQxhSrAY0ZBboRBpqOiIgB2Nwwf/dz/d5/L2dBISEvZ0FBIS9nQSEh/
GZip used - 16538 / 71461 - 76.86 %
Inline-JavaScript (∑/total): 20/11886 Inline-CSS (∑/total): 1/34
200

Html is minified: 166.54 %
3.993
B
Date: Thu, 19 Sep 2019 01:24:03 GMT
ARM_CORRELATOR: 002ECC00303030303337344530303035393244444346314630393333303030303432364330303030343236430001
Set-Cookie: WRTCorrelator=0000374E000592ddcf1f09330000426C; Path=/wps/portal/BICPublico/home/!ut/p/z1/04_Sj9CPykssy0xPLMnMz0vMAfIjo8ziTf39jC39wywD_f0tLA08vZx93AMD_Yxdg030wwkpiAJKG-AAjgZA_VFgJThMCPQxhSrAY0ZBboRBpqOiIgB2Nwwf/dz/d5/L2dBISEvZ0FBIS9nQSEh/; Domain=banco.itau.cl,JSESSIONID=0000KXYk9tAYe-XI1zaWF0kKq_f:1btam61co; Path=/; Domain=banco.itau.cl; HttpOnly,lb_portal_ibm_itau_cookie=!MLsJkjmG0EsU0rqgmrHpCzkQ+vJZ9BgBullUcQgrAcGtcbQFXdpgXYNp7BlZiNzw00rLguXz9dq5hT4=; Path=/; Domain=banco.itau.cl; HttpOnly; Secure,BIGipServerIBM_https_pool=2013374656.47873.0000; Path=/; Domain=banco.itau.cl; HttpOnly; Secure
X-Powered-By: Servlet/3.0
Cache-Control: no-cache, no-store, must-revalidate
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Location: /wps/portal/BICPublico/home/!ut/p/z1/04_Sj9CPykssy0xPLMnMz0vMAfIjo8ziTf39jC39wywD_f0tLA08vZx93AMD_Yxdg030wwkpiAJKG-AAjgZA_VFgJThMCPQxhSrAY0ZBboRBpqOiIgB2Nwwf/dz/d5/L2dBISEvZ0FBIS9nQSEh/
Pragma: no-cache
Vary: Cookie,User-Agent,Accept-Encoding
Content-Encoding: gzip
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
Content-Language: en

• http://www.itau.cl/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
200.11.88.140 GZip used - 1183 / 1635 - 27.65 %
Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 1/160
404

Html is minified: 117.37 %
0.487
A
Not Found
Visible Content:
Content-Type: text/html
X-Powered-By: ASP.NET
Date: Thu, 19 Sep 2019 01:28:40 GMT
Connection: close
Content-Length: 1183
Set-Cookie: f5_old_portal_cookie=201435328.20480.0000; Path=/; Domain=www.itau.cl; HttpOnly
Vary: Accept-Encoding
Content-Encoding: gzip

7. Comments


1. General Results, most used to calculate the result

Aname "itau.cl" is domain, public suffix is "cl", top-level-domain-type is "country-code", Country is Chile, tld-manager is "NIC Chile (University of Chile)"
Agood: All ip addresses are public addresses
Ahttps://banco.itau.cl/wps/portal/BICPublico
302
https://banco.itau.cl/wps/portal/BICPublico/home/!ut/p/z1/04_Sj9CPykssy0xPLMnMz0vMAfIjo8ziTf39jC39wywD_f0tLA08vZx93AMD_Yxdg030wwkpiAJKG-AAjgZA_VFgJThMCPQxhSrAY0ZBboRBpqOiIgB2Nwwf/dz/d5/L2dBISEvZ0FBIS9nQSEh/
correct redirect https to https
Agood: destination is https
Agood - only one version with Http-Status 200
Agood: one preferred version: non-www is preferred
HSTS-Preload-Status: unknown. Domain never included in the Preload-list. Check https://hstspreload.org/ to learn some basics about the Google-Preload-List.
AGood: Some urls with http status 200/404 have a complete Content-Type header (MediaType / MediaSubType + correct charset):1 complete Content-Type - header (2 urls)
http://www.itau.cl/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 200.11.88.140


Url with incomplete Content-Type - header - missing charset
Bhttps://banco.itau.cl/wps/portal/BICPublico
302

Missing HSTS-Header
Bhttps://banco.itau.cl/wps/portal/BICPublico/home/!ut/p/z1/04_Sj9CPykssy0xPLMnMz0vMAfIjo8ziTf39jC39wywD_f0tLA08vZx93AMD_Yxdg030wwkpiAJKG-AAjgZA_VFgJThMCPQxhSrAY0ZBboRBpqOiIgB2Nwwf/dz/d5/L2dBISEvZ0FBIS9nQSEh/
200

Missing HSTS-Header
Bhttps://www.itau.cl/ 200.11.88.140
301

Missing HSTS-Header
Bhttps://banco.itau.cl/wps/portal/BICPublico
302
JSESSIONID=00002EqIrUMDrHkFHCLiJ29JgNS:1btakv5d1; Path=/; Domain=banco.itau.cl; HttpOnly
Cookie sent via https, but not marked as secure
Bhttps://banco.itau.cl/wps/portal/BICPublico/home/!ut/p/z1/04_Sj9CPykssy0xPLMnMz0vMAfIjo8ziTf39jC39wywD_f0tLA08vZx93AMD_Yxdg030wwkpiAJKG-AAjgZA_VFgJThMCPQxhSrAY0ZBboRBpqOiIgB2Nwwf/dz/d5/L2dBISEvZ0FBIS9nQSEh/
200
WRTCorrelator=0000374E000592ddcf1f09330000426C; Path=/wps/portal/BICPublico/home/!ut/p/z1/04_Sj9CPykssy0xPLMnMz0vMAfIjo8ziTf39jC39wywD_f0tLA08vZx93AMD_Yxdg030wwkpiAJKG-AAjgZA_VFgJThMCPQxhSrAY0ZBboRBpqOiIgB2Nwwf/dz/d5/L2dBISEvZ0FBIS9nQSEh/; Domain=banco.itau.cl
Cookie sent via https, but not marked as secure
Bhttps://banco.itau.cl/wps/portal/BICPublico/home/!ut/p/z1/04_Sj9CPykssy0xPLMnMz0vMAfIjo8ziTf39jC39wywD_f0tLA08vZx93AMD_Yxdg030wwkpiAJKG-AAjgZA_VFgJThMCPQxhSrAY0ZBboRBpqOiIgB2Nwwf/dz/d5/L2dBISEvZ0FBIS9nQSEh/
200
JSESSIONID=0000KXYk9tAYe-XI1zaWF0kKq_f:1btam61co; Path=/; Domain=banco.itau.cl; HttpOnly
Cookie sent via https, but not marked as secure
Ehttp://www.itau.cl/ 200.11.88.140
301
https://banco.itau.cl/wps/portal/BICPublico
Wrong redirect one domain http to other domain https. First redirect to https without new dns query, so the server can send the HSTS header. That's fundamental using HSTS (Http Strict Transport Security). First step: Add correct redirects http ⇒ https. Perhaps in your port 80 vHost something like "RewriteEngine on" + "RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]" (two rows, without the "). Don't add this in your port 443 vHost, that would create a loop. Then recheck your domain, should be Grade C. There is the rule to select one https version as preferred version.
OOld connection: RSA Key Exchange is unsecure. Use Diffie-Hellman or Elliptic Curve Diffi-Hellmann Key Exchange to support Forward Secrecy
XFatal error: Nameserver isn't defined or has timeout
XFatal error: Nameserver doesn't support TCP connection: ns2.itau.cl / 190.153.208.74: Fatal error - no NameServer IP-Address or connection. Details: One or more errors occurred. - No connection could be made because the target machine actively refused it 190.153.208.74:53
XFatal error: Nameserver doesn't support TCP connection: ns3.itau.cl / 200.27.77.242: Fatal error - no NameServer IP-Address or connection. Details: One or more errors occurred. - No connection could be made because the target machine actively refused it 200.27.77.242:53

2. DNS- and NameServer - Checks

XNameserver Timeout checking Echo Capitalization: ns2.itau.cl / 190.153.208.74
XNameserver Timeout checking Echo Capitalization: ns3.itau.cl / 200.27.77.242
XNameserver Timeout checking EDNS512: ns2.itau.cl / 190.153.208.74
XNameserver Timeout checking EDNS512: ns3.itau.cl / 200.27.77.242
Nameserver doesn't pass all EDNS-Checks: ns1.itau.cl: OP100: no result. FLAGS: no result. V1: no result. V1OP100: no result. V1FLAGS: no result. DNSSEC: no result. V1DNSSEC: no result. NSID: no result. COOKIE: no result. CLIENTSUBNET: no result.
Nameserver doesn't pass all EDNS-Checks: ns2.itau.cl / 190.153.208.74: OP100: fatal timeout. FLAGS: fatal timeout. V1: fatal timeout. V1OP100: fatal timeout. V1FLAGS: fatal timeout. DNSSEC: fatal timeout. V1DNSSEC: fatal timeout. NSID: fatal timeout. COOKIE: fatal timeout. CLIENTSUBNET: fatal timeout.
Nameserver doesn't pass all EDNS-Checks: ns3.itau.cl / 200.27.77.242: OP100: fatal timeout. FLAGS: fatal timeout. V1: fatal timeout. V1OP100: fatal timeout. V1FLAGS: fatal timeout. DNSSEC: fatal timeout. V1DNSSEC: fatal timeout. NSID: fatal timeout. COOKIE: fatal timeout. CLIENTSUBNET: fatal timeout.
AGood: All SOA have the same Serial Number
Warning: No CAA entry with issue/issuewild found, every CAA can create a certificate. Read https://en.wikipedia.org/wiki/DNS_Certification_Authority_Authorization to learn some basics about the idea of CAA. Your name server must support such an entry. Not all dns providers support CAA entries.

3. Content- and Performance-critical Checks

AGood: All checks /.well-known/acme-challenge/random-filename without redirects answer with the expected http status 404 - Not Found. Creating a Letsencrypt certificate via http-01 challenge should work. If it doesn't work: Check your vHost configuration (apachectl -S, httpd -S, nginx -T). Every combination of port and ServerName / ServerAlias (Apache) or Server (Nginx) must be unique. Merge duplicated entries in one vHost. If you use an IIS, extensionless files must be allowed in the /.well-known/acme-challenge subdirectory. Create a web.config in that directory. Content: <configuration><system.webServer><staticContent><mimeMap fileExtension="." mimeType="text/plain" /></staticContent></system.webServer></configuration>. If you have a redirect http ⇒ https, that's ok, Letsencrypt follows such redirects to port 80 / 443 (same or other server). There must be a certificate. But the certificate may be expired, self signed or with a not matching domain name. Checking the validation file Letsencrypt ignores such certificate errors. Trouble creating a certificate? Use https://community.letsencrypt.org/ to ask.
AGood: Domainname is not on the "Specially Designated Nationals And Blocked Persons List" (SDN). That's an US-list of individuals and companies owned or controlled by, or acting for or on behalf of, targeted countries. It also lists individuals, groups, and entities, such as terrorists and narcotics traffickers designated under programs that are not country-specific. Collectively, such individuals and companies are called "Specially Designated Nationals" or "SDNs." Their assets are blocked and U.S. persons are generally prohibited from dealing with them. So if a domain name is on that list, it's impossible to create a Letsencrypt certificate with that domain name. Check the list manual - https://www.treasury.gov/resource-center/sanctions/sdn-list/pages/default.aspx
ADuration: 392903 milliseconds, 392.903 seconds


8. Connections

DomainIPPortCert.ProtocolKeyExchangeStrengthCipherStrengthHashAlgorithmOCSP stapling
Domain/KeyExchangeIP/StrengthPort/CipherCert./StrengthProtocol/HashAlgorithmOCSP stapling
www.itau.cl
200.11.88.140
443
ok
Tls12
RsaKeyX
2048
Aes128
128
Sha256
error checking OCSP stapling
weak
www.itau.cl
200.11.88.140
443
ok
Tls12

RsaKeyX
2048
Aes128
128
Sha256
error checking OCSP stapling
weak
 
no Tls.1.2
no Tls.1.1
no Tls.1.0

no Tls.1.2
no Tls.1.1
no Tls.1.0
Chain (complete)
1CN=www.itau.cl, OU=Gerencia Informatica, O=Itau Corpbanca, L=Santiago, C=CL, ST=Region Metropolitana

2CN=GlobalSign Organization Validation CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE


banco.itau.cl
banco.itau.cl
443
ok
Tls12
RsaKeyX
2048
Aes128
128
Sha256
error checking OCSP stapling
weak

banco.itau.cl
banco.itau.cl
443
ok
Tls12

RsaKeyX
2048
Aes128
128
Sha256
error checking OCSP stapling
weak
 
no Tls.1.2
no Tls.1.1
no Tls.1.0

no Tls.1.2
no Tls.1.1
no Tls.1.0
Chain - incomplete
1CN=banco.itau.cl, OU=Gerencia Informatica, O=Itau Corpbanca, L=Santiago, C=CL, ST=Region Metropolitana

2CN=GlobalSign RSA OV SSL CA 2018, O=GlobalSign nv-sa, C=BE


9. Certificates

1.
1.
CN=www.itau.cl, O=Itau Corpbanca, OU=Gerencia Informatica, L=Santiago, S=Region Metropolitana, C=CL
12.03.2019
23.04.2020
155 days expired
www.itau.cl, itau.cl - 2 entries
1.
1.
CN=www.itau.cl, O=Itau Corpbanca, OU=Gerencia Informatica, L=Santiago, S=Region Metropolitana, C=CL
12.03.2019

23.04.2020
155 days expired
www.itau.cl, itau.cl - 2 entries

KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:0447A7072C83220AF65C44E1
Thumbprint:DF2A34D05B0D53CAF231D7A11EBF7D2CF8C47DEE
SHA256 / Certificate:kUgP97kwu0BSDgquBwBa+hbAk1B50CIK+V9WaOY9gcE=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):924fe74811cdfe62daf9ad59c3fe8c4bf6983546d790d7363237025e468817d9
SHA256 hex / Subject Public Key Information (SPKI):84ac814d2309fd53b030dd316ecab90ae0f29b38fefe30434567e45161847095
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Good: Key isn't compromised
OCSP - Url:http://ocsp2.globalsign.com/gsorganizationvalsha2g2
OCSP - must staple:no
Certificate Transparency:yes
Enhanced Key Usage:Server Authentication (1.3.6.1.5.5.7.3.1), Client Authentication (1.3.6.1.5.5.7.3.2)


2.
CN=GlobalSign Organization Validation CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE
20.02.2014
20.02.2024
expires in 1243 days


2.
CN=GlobalSign Organization Validation CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE
20.02.2014

20.02.2024
expires in 1243 days


KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:040000000001444EF04247
Thumbprint:902EF2DEEB3C5B13EA4C3D5193629309E231AE55
SHA256 / Certificate:dO8zXl4YeIMH+52Jy3BL7BEqvSNIfb/0HE3tUHDyQdk=
SHA256 hex / Cert (DANE * 0 1):74ef335e5e18788307fb9d89cb704bec112abd23487dbff41c4ded5070f241d9
SHA256 hex / PublicKey (DANE * 1 1):21006734112216e863fbcc7a5fc5cb821d3557d21ce7f57721140b34515ceefe
SHA256 hex / Subject Public Key Information (SPKI):9ca9e672e28e42f886343a1104768073af2b03340ec6f312437ad43ee032b410
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Good: Key isn't compromised
OCSP - Url:http://ocsp.globalsign.com/rootr1
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:


3.
CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE
01.09.1998
28.01.2028
expires in 2681 days


3.
CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE
01.09.1998

28.01.2028
expires in 2681 days


KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA-1 with RSA Encryption
Serial Number:040000000001154B5AC394
Thumbprint:B1BC968BD4F49D622AA89A81F2150152A41D829C
SHA256 / Certificate:69QQQOS7PsdCyeOB0x7ypBpItmhclufO88HfbNQzHJk=
SHA256 hex / Cert (DANE * 0 1):ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99
SHA256 hex / PublicKey (DANE * 1 1):2bcee858158cf5465fc9d76f0dfa312fef25a4dca8501da9b46b67d1fbfa1b64
SHA256 hex / Subject Public Key Information (SPKI):9c2e43fc67f0e9410d9743f565520c9956d9ed5779c708e3a48dc1a874d37f64
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Good: Key isn't compromised
OCSP - Url:
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:


2.
1.
CN=banco.itau.cl, O=Itau Corpbanca, OU=Gerencia Informatica, L=Santiago, S=Region Metropolitana, C=CL
10.07.2019
23.08.2020
33 days expired
banco.itau.cl - 1 entry
2.
1.
CN=banco.itau.cl, O=Itau Corpbanca, OU=Gerencia Informatica, L=Santiago, S=Region Metropolitana, C=CL
10.07.2019

23.08.2020
33 days expired
banco.itau.cl - 1 entry

KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:201164A77855BBF79A50CF80
Thumbprint:697C5A4096513AD0DF6950564258150999B05507
SHA256 / Certificate:N/PyTyNqaXaIVU/jU0M2Yj2lZY37uguPVOKv6ed6mzA=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):c95afecfcfd185ad3c65a5c4eed3d7ac8ca38696cc3c1b9877f0aead397c340b
SHA256 hex / Subject Public Key Information (SPKI):6a05b23cc3ae300e17dd20600be8a1d6db098ce30dab6cad4a7d6d42f04dd1f0
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Good: Key isn't compromised
OCSP - Url:http://ocsp.globalsign.com/gsrsaovsslca2018
OCSP - must staple:no
Certificate Transparency:yes
Enhanced Key Usage:Server Authentication (1.3.6.1.5.5.7.3.1), Client Authentication (1.3.6.1.5.5.7.3.2)


2.
CN=banco.itau.cl, O=Itau Corpbanca, OU=Gerencia Informatica, L=Santiago, S=Region Metropolitana, C=CL
10.07.2019
23.08.2020
33 days expired
banco.itau.cl - 1 entry

2.
CN=banco.itau.cl, O=Itau Corpbanca, OU=Gerencia Informatica, L=Santiago, S=Region Metropolitana, C=CL
10.07.2019

23.08.2020
33 days expired
banco.itau.cl - 1 entry

KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:201164A77855BBF79A50CF80
Thumbprint:697C5A4096513AD0DF6950564258150999B05507
SHA256 / Certificate:N/PyTyNqaXaIVU/jU0M2Yj2lZY37uguPVOKv6ed6mzA=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):c95afecfcfd185ad3c65a5c4eed3d7ac8ca38696cc3c1b9877f0aead397c340b
SHA256 hex / Subject Public Key Information (SPKI):6a05b23cc3ae300e17dd20600be8a1d6db098ce30dab6cad4a7d6d42f04dd1f0
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Good: Key isn't compromised
OCSP - Url:http://ocsp.globalsign.com/gsrsaovsslca2018
OCSP - must staple:no
Certificate Transparency:yes
Enhanced Key Usage:Server Authentication (1.3.6.1.5.5.7.3.1), Client Authentication (1.3.6.1.5.5.7.3.2)


3.
CN=GlobalSign RSA OV SSL CA 2018, O=GlobalSign nv-sa, C=BE
21.11.2018
21.11.2028
expires in 2979 days


3.
CN=GlobalSign RSA OV SSL CA 2018, O=GlobalSign nv-sa, C=BE
21.11.2018

21.11.2028
expires in 2979 days


KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:01EE5F221DFC623BD4333A8557
Thumbprint:DFE83023062B997682708B4EAB8E819AFF5D9775
SHA256 / Certificate:tnb/oxeeiBIJOhter+6HauemqvIxB42tG/shzSiTdko=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):8444e9815bda2c2d1bbdc186dedd1cbaa887bebe17c8fd8c4f00a2aa18115b05
SHA256 hex / Subject Public Key Information (SPKI):
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Check unknown. No result 404 / 200
OCSP - Url:http://ocsp2.globalsign.com/rootr3
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:


4.
CN=GlobalSign RSA OV SSL CA 2018, O=GlobalSign nv-sa, C=BE
21.11.2018
21.11.2028
expires in 2979 days


4.
CN=GlobalSign RSA OV SSL CA 2018, O=GlobalSign nv-sa, C=BE
21.11.2018

21.11.2028
expires in 2979 days


KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:01EE5F221DFC623BD4333A8557
Thumbprint:DFE83023062B997682708B4EAB8E819AFF5D9775
SHA256 / Certificate:tnb/oxeeiBIJOhter+6HauemqvIxB42tG/shzSiTdko=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):8444e9815bda2c2d1bbdc186dedd1cbaa887bebe17c8fd8c4f00a2aa18115b05
SHA256 hex / Subject Public Key Information (SPKI):23f2e981c1f8f6f5505ed935244c137f170b574837c91dedde2d90c60191a4c9
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Good: Key isn't compromised
OCSP - Url:http://ocsp2.globalsign.com/rootr3
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:


5.
CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3
19.09.2018
28.01.2028
expires in 2681 days


5.
CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3
19.09.2018

28.01.2028
expires in 2681 days


KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:01EE5F169DFF97352B6465D66A
Thumbprint:0BBFAB97059595E8D1EC48E89EB8657C0E5AAE71
SHA256 / Certificate:RF7seLxhIVBEoDeWVqotXbXkL3bLcLjRTCB3qpQ9Trs=
SHA256 hex / Cert (DANE * 0 1):e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA256 hex / PublicKey (DANE * 1 1):706bb1017c855c59169bad5c1781cf597f12d2cad2f63d1a4aa37493800ffb80
SHA256 hex / Subject Public Key Information (SPKI):642e77667c356fdacbfeab009d30442cae4e01cdc0b9da61ae395c738ad62695
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Good: Key isn't compromised
OCSP - Url:http://ocsp.globalsign.com/rootr1
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:


6.
CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3
18.03.2009
18.03.2029
expires in 3096 days


6.
CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3
18.03.2009

18.03.2029
expires in 3096 days


KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA256 With RSA-Encryption
Serial Number:04000000000121585308A2
Thumbprint:D69B561148F01C77C54578C10926DF5B856976AD
SHA256 / Certificate:y7Ui17fxJ61qAROGW98c1BAufQdZr2NafPRyDcljxTs=
SHA256 hex / Cert (DANE * 0 1):cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b
SHA256 hex / PublicKey (DANE * 1 1):706bb1017c855c59169bad5c1781cf597f12d2cad2f63d1a4aa37493800ffb80
SHA256 hex / Subject Public Key Information (SPKI):f623dcdb30748cc6dbc1125a470cc1ba77aad8367b5987e5ef15f8e916c3f1be
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Good: Key isn't compromised
OCSP - Url:
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:



7.
CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE
01.09.1998
28.01.2028
expires in 2681 days


7.
CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE
01.09.1998

28.01.2028
expires in 2681 days


KeyalgorithmRSA encryption (2048 bit)
Signatur:SHA-1 with RSA Encryption
Serial Number:040000000001154B5AC394
Thumbprint:B1BC968BD4F49D622AA89A81F2150152A41D829C
SHA256 / Certificate:69QQQOS7PsdCyeOB0x7ypBpItmhclufO88HfbNQzHJk=
SHA256 hex / Cert (DANE * 0 1):ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99
SHA256 hex / PublicKey (DANE * 1 1):2bcee858158cf5465fc9d76f0dfa312fef25a4dca8501da9b46b67d1fbfa1b64
SHA256 hex / Subject Public Key Information (SPKI):9c2e43fc67f0e9410d9743f565520c9956d9ed5779c708e3a48dc1a874d37f64
SPKI checked via https://v1.pwnedkeys.com/spki-hash:Good: Key isn't compromised
OCSP - Url:
OCSP - must staple:no
Certificate Transparency:no
Enhanced Key Usage:



10. Last Certificates - Certificate Transparency Log Check

1. Source CertSpotter - active certificates (one check per day)

Issuerlast 7 daysactivenum Certs
CN=GlobalSign Organization Validation CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE
0
2
4
CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US
0
0
1
CN=GlobalSign RSA OV SSL CA 2018, O=GlobalSign nv-sa, C=BE
0
0
1

CertSpotter-IdIssuernot beforenot afterDomain namesLE-Duplicatenext LE
971897689
leaf cert
CN=GlobalSign RSA OV SSL CA 2018, O=GlobalSign nv-sa, C=BE
2019-06-17 17:16:13
2020-07-18 12:00:00
autodiscover.itau.cl, clstgcasp00n1.itauchile.cl, clstgcasp00n2.itauchile.cl, itau.cl, mail.itauchile.cl, piedranegra.itau.cl - 6 entries


807191201
leaf cert
CN=GlobalSign Organization Validation CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE
2019-03-12 19:12:02
2020-04-23 18:56:04
itau.cl, www.itau.cl - 2 entries


806829376
precert
CN=GlobalSign Organization Validation CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE
2019-03-12 14:26:15
2020-04-23 18:56:04
itau.cl, www.itau.cl - 2 entries


737451808
precert
CN=GlobalSign Organization Validation CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE
2019-01-28 19:47:05
2020-12-12 14:51:03
*.itau.cl, itau.cl - 2 entries


669316394
leaf cert
CN=GlobalSign Organization Validation CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE
2018-12-12 14:51:03
2020-12-12 14:51:03
*.itau.cl, itau.cl - 2 entries


392980195
precert
CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US
2018-05-18 00:00:00
2020-05-27 12:00:00
autodiscover.itau.cl, clstgcasp00n1.itauchile.cl, clstgcasp00n2.itauchile.cl, itau.cl, mail.itauchile.cl, piedranegra.itau.cl - 6 entries



2. Source crt.sh - old and new certificates, sometimes very slow - only certificates with "not after" > 2019 are listed

Issuerlast 7 daysactivenum Certs
CN=GlobalSign Organization Validation CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE
0
2
4
CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US
0
0
1
CN=GlobalSign RSA OV SSL CA 2018, O=GlobalSign nv-sa, C=BE
0
0
1

CRT-IdIssuernot beforenot afterDomain namesLE-Duplicatenext LE
1599220244
leaf cert
CN=GlobalSign RSA OV SSL CA 2018, O=GlobalSign nv-sa, C=BE
2019-06-17 15:16:13
2020-07-18 10:00:00
autodiscover.itau.cl, clstgcasp00n1.itauchile.cl, clstgcasp00n2.itauchile.cl, itau.cl, mail.itauchile.cl, piedranegra.itau.cl
6 entries


1303226089
leaf cert
CN=GlobalSign Organization Validation CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE
2019-03-12 18:12:02
2020-04-23 16:56:04
itau.cl, www.itau.cl
2 entries


1279637859
precert
CN=GlobalSign Organization Validation CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE
2019-03-12 13:26:15
2020-04-23 16:56:04
itau.cl, www.itau.cl
2 entries


1152006304
precert
CN=GlobalSign Organization Validation CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE
2019-01-28 18:47:05
2020-12-12 13:51:03
*.itau.cl, itau.cl
2 entries


1113501283
leaf cert
CN=GlobalSign Organization Validation CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE
2018-12-12 13:51:03
2020-12-12 13:51:03
*.itau.cl, itau.cl
2 entries


469665419
precert
CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US
2018-05-17 22:00:00
2020-05-27 10:00:00
autodiscover.itau.cl, clstgcasp00n1.itauchile.cl, clstgcasp00n2.itauchile.cl, itau.cl, mail.itauchile.cl, piedranegra.itau.cl
6 entries



11. Html-Content - Entries

No Html-Content entries found. Only checked if https + status 200/401/403/404


12. Nameserver - IP-Adresses

Required Root-climbing DNS-Queries to find ip addresses of all Name Servers:

No NameServer - IP address informations found. The feature is new (2020-05-07), so recheck this domain.


13. CAA - Entries

DomainnameflagNameValue∑ Queries∑ Timeout
www.itau.cl
0

no CAA entry found
1
0
itau.cl
0

no CAA entry found
1
0
cl
0

no CAA entry found
1
0


14. TXT - Entries

DomainnameTXT EntryStatus∑ Queries∑ Timeout
itau.cl
emevlle8h5b888ae1mfuv6e2qf
ok
1
0
itau.cl
MS=ms97785187
ok
1
0
itau.cl
v=spf1 mx include:spf.masterbase.com include:_spf.gurucontact.com include:spf2.itau.cl include:spf3.itau.cl ~all
ok
1
0
www.itau.cl

ok
1
0
_acme-challenge.itau.cl

Name Error - The domain name does not exist
1
0
_acme-challenge.www.itau.cl

Name Error - The domain name does not exist
1
0
_acme-challenge.itau.cl.itau.cl

Name Error - The domain name does not exist
1
0
_acme-challenge.www.itau.cl.itau.cl

Name Error - The domain name does not exist
1
0
_acme-challenge.www.itau.cl.www.itau.cl

Name Error - The domain name does not exist
1
0


15. Portchecks

No Port checks



Permalink: https://check-your-website.server-daten.de/?i=283b2a4c-6a21-491e-8b4a-0d3d0af912a9


Last Result: https://check-your-website.server-daten.de/?q=itau.cl - 2020-03-28 19:21:59


Do you like this page? Support this tool, add a link on your page:

<a href="https://check-your-website.server-daten.de/?q=itau.cl" target="_blank">Check this Site: itau.cl</a>