🥒 CCC.ObjStor Test: ccc-test-container-20260410t121838z

Test Parameters

PortNumber	443
HostName	stgcfi20260410t121838z.blob.core.windows.net
Protocol	https
ServiceType	object-storage
ProviderServiceType	Microsoft.Storage/storageAccounts
CatalogTypes	CCC.ObjStor
TagFilter	@object-storage, @PerPort, @tls, ~@ftp, ~@telnet, ~@ssh, ~@smtp, ~@dns, ~@ldap, ~@NEGATIVE, ~@OPT_IN
UID	/subscriptions/c1cedd8e-bf91-4d7d-a4cc-45700402a2a1/resourceGroups/cfi_test_20260410t121838z/providers/Microsoft.Storage/storageAccounts/stgcfi20260410t121838z
ResourceName	ccc-test-container-20260410t121838z
ReportFile	ccc-test-container-20260410t121838z-port
ReportTitle	stgcfi20260410t121838z.blob.core.windows.net:443
Instance	{ "ID": "main-azure", "Properties": { "Provider": "azure", "Region": "eastus", "AzureResourceGroup": "cfi_test_20260410t121838z", "AzureSubscriptionID": "c1cedd8e-bf91-4d7d-a4cc-45700402a2a1", "GcpProjectId": "" }, "Services": [ { "Type": "object-storage", "Properties": { "azure-storage-account": "stgcfi20260410t121838z", "default-container": "ccc-test-container-20260410t121838z", "object-storage-retention-period-days": 2 } }, { "Type": "logging", "Properties": {} } ], "Rules": { "permitted-destination-storage-accounts": [], "permitted-regions": [ "eastus" ], "replication-locations": [ "eastus", "westus" ] } }
AzureResourceGroup	cfi_test_20260410t121838z
AzureStorageAccount	stgcfi20260410t121838z
AzureSubscriptionID	c1cedd8e-bf91-4d7d-a4cc-45700402a2a1
DefaultContainer	ccc-test-container-20260410t121838z
ObjectStorageRetentionPeriodDays	2
PermittedDestinationStorageAccounts	[]
PermittedRegions	[ "eastus" ]
Provider	azure
Region	eastus
ReplicationLocations	[ "eastus", "westus" ]
ResourceGroup	cfi_test_20260410t121838z
SubscriptionId	c1cedd8e-bf91-4d7d-a4cc-45700402a2a1

Summary

Generated: 2026-04-10 12:58:59

Total Run Time: 1m7s

Features: 4

Scenarios: 11 (✅ 8 | ❌ 3)

Steps: 45 (✅ 39 | ❌ 3 | ⏭️ 3 | ❓ 0)

Filter by Tag:

Feature: CCC.Core.CN01.AR01

Scenario: Service accepts TLS 1.3 encrypted traffic @CCC.Core @tlp-green @tlp-amber @tlp-red @CCC.Core.CN01 @Behavioural @PerPort @tls @object-storage

Given a cloud api for "{Instance}" in "api"56µs

Given an openssl s_client request using "tls1_3" to "{portNumber}" on "{hostName}" protocol "{protocol}"762µs

And I refer to "{result}" as "connection"41µs

And "{connection}" state is open29µs

And "{connection.State}" is "open"26µs

And I close connection "{connection}"30µs

Then "{connection}" state is closed27µs

Scenario: Service rejects TLS 1.2 traffic @CCC.Core @tlp-green @tlp-amber @tlp-red @CCC.Core.CN01 @Behavioural @PerPort @tls @object-storage

Given a cloud api for "{Instance}" in "api"44µs

Given an openssl s_client request using "tls1_2" to "{portNumber}" on "{hostName}" protocol "{protocol}"548µs

And I refer to "{result}" as "connection"221µs

And we wait for a period of "40" ms40ms

Then "{connection.State}" is "closed"77µs

Scenario: Service rejects TLS 1.1 traffic @CCC.Core @tlp-green @tlp-amber @tlp-red @CCC.Core.CN01 @Behavioural @PerPort @tls @object-storage

Given a cloud api for "{Instance}" in "api"33µs

Given an openssl s_client request using "tls1_1" to "{portNumber}" on "{hostName}" protocol "{protocol}"598µs

And I refer to "{result}" as "connection"27µs

And we wait for a period of "40" ms41ms

Then "{connection.State}" is "closed"33µs

Scenario: Service rejects TLS 1.0 traffic @CCC.Core @tlp-green @tlp-amber @tlp-red @CCC.Core.CN01 @Behavioural @PerPort @tls @object-storage

Given a cloud api for "{Instance}" in "api"35µs

Given an openssl s_client request using "tls1" to "{portNumber}" on "{hostName}" protocol "{protocol}"803µs

And I refer to "{result}" as "connection"25µs

And we wait for a period of "40" ms41ms

Then "{connection.State}" is "closed"30µs

Scenario: Verify SSL/TLS protocol support @CCC.Core @tlp-green @tlp-amber @tlp-red @CCC.Core.CN01 @Behavioural @PerPort @tls @object-storage

Given a cloud api for "{Instance}" in "api"36µs

Given "report" contains details of SSL Support type "protocols" for "{hostName}" on port "{portNumber}"6s

Then "{report}" is an array of objects which doesn't contain any of1ms

id	finding
SSLv2	offered
SSLv3	offered
TLS1	offered
TLS1_1	offered
TLS1_2	offered

unwanted row found in array: map[finding:offered id:TLS1_2]

And "{report}" is an array of objects with at least the following contents37µs

id	finding
TLS1_3	offered with final

📎 Attachments:

testssl_protocols_stgcfi20260410t121838z.blob.core.windows.net_443.json

View JSON (3708 bytes)

[
         {
              "id"           : "engine_problem",
              "ip"           : "/",
              "port"         : "443",
              "severity"     : "WARN",
              "finding"      : "No engine or GOST support via engine with your /opt/testssl/bin/openssl.Linux.x86_64"
          }
,         {
              "id"           : "service",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "INFO",
              "finding"      : "HTTP"
          }
,         {
              "id"           : "pre_128cipher",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "INFO",
              "finding"      : "No 128 cipher limit bug"
          }
,         {
              "id"           : "SSLv2",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "OK",
              "finding"      : "not offered"
          }
,         {
              "id"           : "SSLv3",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "OK",
              "finding"      : "not offered"
          }
,         {
              "id"           : "TLS1",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "LOW",
              "finding"      : "offered (deprecated)"
          }
,         {
              "id"           : "TLS1_1",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "LOW",
              "finding"      : "offered (deprecated)"
          }
,         {
              "id"           : "TLS1_2",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "OK",
              "finding"      : "offered"
          }
,         {
              "id"           : "TLS1_3",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "OK",
              "finding"      : "offered with final"
          }
,         {
              "id"           : "QUIC",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "WARN",
              "finding"      : "not tested due to lack of local OpenSSL support"
          }
,         {
              "id"           : "NPN",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "INFO",
              "finding"      : "not offered"
          }
,         {
              "id"           : "ALPN",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "INFO",
              "finding"      : "not offered"
          }
,         {
              "id"           : "scanTime",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "INFO",
              "finding"      : "6"
          }
]

Scenario: Verify no known SSL/TLS vulnerabilities @CCC.Core @tlp-green @tlp-amber @tlp-red @CCC.Core.CN01 @Behavioural @PerPort @tls @object-storage

Given a cloud api for "{Instance}" in "api"43µs

Given "report" contains details of SSL Support type "vulnerable" for "{hostName}" on port "{portNumber}"28s

Then "{report}" is an array of objects with at least the following contents449µs

id	severity
heartbleed	OK
CCS	OK
ticketbleed	OK
ROBOT	OK
secure_renego	OK

📎 Attachments:

testssl_vulnerable_stgcfi20260410t121838z.blob.core.windows.net_443.json

View JSON (9968 bytes)

[
         {
              "id"           : "engine_problem",
              "ip"           : "/",
              "port"         : "443",
              "severity"     : "WARN",
              "finding"      : "No engine or GOST support via engine with your /opt/testssl/bin/openssl.Linux.x86_64"
          }
,         {
              "id"           : "service",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "INFO",
              "finding"      : "HTTP"
          }
,         {
              "id"           : "pre_128cipher",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "INFO",
              "finding"      : "No 128 cipher limit bug"
          }
,         {
              "id"           : "heartbleed",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "OK",
              "cve"          : "CVE-2014-0160",
              "cwe"          : "CWE-119",
              "finding"      : "not vulnerable, no heartbeat extension"
          }
,         {
              "id"           : "CCS",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "OK",
              "cve"          : "CVE-2014-0224",
              "cwe"          : "CWE-310",
              "finding"      : "not vulnerable"
          }
,         {
              "id"           : "ticketbleed",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "OK",
              "cve"          : "CVE-2016-9244",
              "cwe"          : "CWE-200",
              "finding"      : "no session ticket extension"
          }
,         {
              "id"           : "opossum",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "OK",
              "cve"          : "CVE-2025-49812",
              "cwe"          : "CWE-287",
              "finding"      : "not vulnerable"
          }
,         {
              "id"           : "ROBOT",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "OK",
              "cve"          : "CVE-2017-17382 CVE-2017-17427 CVE-2017-17428 CVE-2017-13098 CVE-2017-1000385 CVE-2017-13099 CVE-2016-6883 CVE-2012-5081 CVE-2017-6168",
              "cwe"          : "CWE-203",
              "finding"      : "not vulnerable"
          }
,         {
              "id"           : "secure_renego",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "OK",
              "cwe"          : "CWE-310",
              "finding"      : "supported"
          }
,         {
              "id"           : "secure_client_renego",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "OK",
              "cve"          : "CVE-2011-1473",
              "cwe"          : "CWE-310",
              "finding"      : "not vulnerable"
          }
,         {
              "id"           : "CRIME_TLS",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "OK",
              "cve"          : "CVE-2012-4929",
              "cwe"          : "CWE-310",
              "finding"      : "not vulnerable"
          }
,         {
              "id"           : "BREACH",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "OK",
              "cve"          : "CVE-2013-3587",
              "cwe"          : "CWE-310",
              "finding"      : "not vulnerable, no gzip/deflate/compress/br HTTP compression  - only supplied '/' tested"
          }
,         {
              "id"           : "POODLE_SSL",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "OK",
              "cve"          : "CVE-2014-3566",
              "cwe"          : "CWE-310",
              "finding"      : "not vulnerable"
          }
,         {
              "id"           : "fallback_SCSV",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "MEDIUM",
              "finding"      : "NOT supported"
          }
,         {
              "id"           : "SWEET32",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "LOW",
              "cve"          : "CVE-2016-2183 CVE-2016-6329",
              "cwe"          : "CWE-327",
              "finding"      : "uses 64 bit block ciphers"
          }
,         {
              "id"           : "FREAK",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "OK",
              "cve"          : "CVE-2015-0204",
              "cwe"          : "CWE-310",
              "finding"      : "not vulnerable"
          }
,         {
              "id"           : "DROWN",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "OK",
              "cve"          : "CVE-2016-0800 CVE-2016-0703",
              "cwe"          : "CWE-310",
              "finding"      : "not vulnerable on this host and port"
          }
,         {
              "id"           : "DROWN_hint",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "INFO",
              "cve"          : "CVE-2016-0800 CVE-2016-0703",
              "cwe"          : "CWE-310",
              "finding"      : "Make sure you don't use this certificate elsewhere with SSLv2 enabled services, see https://search.censys.io/search?resource=hosts&virtual_hosts=INCLUDE&q=FE568C9BCF05C32CBC0039C770F336391730427A9FF2D6F851EFC3F87633BF5C"
          }
,         {
              "id"           : "LOGJAM",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "OK",
              "cve"          : "CVE-2015-4000",
              "cwe"          : "CWE-310",
              "finding"      : "not vulnerable, no DH EXPORT ciphers,"
          }
,         {
              "id"           : "LOGJAM-common_primes",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "OK",
              "cve"          : "CVE-2015-4000",
              "cwe"          : "CWE-310",
              "finding"      : "no DH key with <= TLS 1.2"
          }
,         {
              "id"           : "BEAST_CBC_TLS1",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "MEDIUM",
              "cve"          : "CVE-2011-3389",
              "cwe"          : "CWE-20",
              "finding"      : "ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA AES256-SHA AES128-SHA DES-CBC3-SHA"
          }
,         {
              "id"           : "BEAST",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "LOW",
              "cve"          : "CVE-2011-3389",
              "cwe"          : "CWE-20",
              "finding"      : "VULNERABLE -- but also supports higher protocols  TLSv1.1 TLSv1.2 (likely mitigated)"
          }
,         {
              "id"           : "LUCKY13",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "LOW",
              "cve"          : "CVE-2013-0169",
              "cwe"          : "CWE-310",
              "finding"      : "potentially vulnerable, uses TLS CBC ciphers"
          }
,         {
              "id"           : "winshock",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "OK",
              "cve"          : "CVE-2014-6321",
              "cwe"          : "CWE-94",
              "finding"      : "not vulnerable"
          }
,         {
              "id"           : "RC4",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "OK",
              "cve"          : "CVE-2013-2566 CVE-2015-2808",
              "cwe"          : "CWE-310",
              "finding"      : "not vulnerable"
          }
,         {
              "id"           : "scanTime",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "INFO",
              "finding"      : "27"
          }
]

Scenario: Verify TLS 1.3 only certificate validity @CCC.Core @tlp-green @tlp-amber @tlp-red @CCC.Core.CN01 @Behavioural @PerPort @tls @object-storage

Given a cloud api for "{Instance}" in "api"42µs

Given "report" contains details of SSL Support type "server-defaults" for "{hostName}" on port "{portNumber}"14s

Then "{report}" is an array of objects with at least the following contents681µs

id	severity
cert_expirationStatus	OK
cert_chain_of_trust	OK

📎 Attachments:

testssl_server-defaults_stgcfi20260410t121838z.blob.core.windows.net_443.json

View JSON (24805 bytes)

[
         {
              "id"           : "engine_problem",
              "ip"           : "/",
              "port"         : "443",
              "severity"     : "WARN",
              "finding"      : "No engine or GOST support via engine with your /opt/testssl/bin/openssl.Linux.x86_64"
          }
,         {
              "id"           : "service",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "INFO",
              "finding"      : "HTTP"
          }
,         {
              "id"           : "pre_128cipher",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "INFO",
              "finding"      : "No 128 cipher limit bug"
          }
,         {
              "id"           : "TLS_extensions",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "INFO",
              "finding"      : "'status request/#5' 'extended master secret/#23' 'supported versions/#43' 'key share/#51' 'renegotiation info/#65281'"
          }
,         {
              "id"           : "TLS_misses_extension_23",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "INFO",
              "finding"      : "Extended master secret extension detected"
          }
,         {
              "id"           : "TLS_session_ticket",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "INFO",
              "finding"      : "no -- no lifetime advertised"
          }
,         {
              "id"           : "SSL_sessionID_support",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "INFO",
              "finding"      : "yes"
          }
,         {
              "id"           : "sessionresumption_ticket",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "INFO",
              "finding"      : "not supported"
          }
,         {
              "id"           : "sessionresumption_ID",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "INFO",
              "finding"      : "not supported"
          }
,         {
              "id"           : "early_data",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "OK",
              "finding"      : "No early data"
          }
,         {
              "id"           : "TLS_timestamp",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "INFO",
              "finding"      : "off by 0 seconds from your localtime"
          }
,         {
              "id"           : "certificate_compression",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "INFO",
              "finding"      : "none"
          }
,         {
              "id"           : "clientAuth",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "INFO",
              "finding"      : "none"
          }
,         {
              "id"           : "cert_numbers",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "INFO",
              "finding"      : "1"
          }
,         {
              "id"           : "cert_signatureAlgorithm",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "OK",
              "finding"      : "SHA384 with RSA"
          }
,         {
              "id"           : "cert_keySize",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "INFO",
              "finding"      : "RSA 2048 bits (exponent is 65537)"
          }
,         {
              "id"           : "cert_keyUsage",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "INFO",
              "finding"      : "Digital Signature, Key Encipherment"
          }
,         {
              "id"           : "cert_extKeyUsage",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "INFO",
              "finding"      : "TLS Web Client Authentication, TLS Web Server Authentication"
          }
,         {
              "id"           : "cert_serialNumber",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "INFO",
              "finding"      : "3303547288146F59E735B7CA07000003547288"
          }
,         {
              "id"           : "cert_serialNumberLen",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "INFO",
              "finding"      : "19"
          }
,         {
              "id"           : "cert_fingerprintSHA1",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "INFO",
              "finding"      : "6DE5493D9C2001A18909D9929BAFA8518B8CB2B8"
          }
,         {
              "id"           : "cert_fingerprintSHA256",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "INFO",
              "finding"      : "FE568C9BCF05C32CBC0039C770F336391730427A9FF2D6F851EFC3F87633BF5C"
          }
,         {
              "id"           : "cert",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "INFO",
              "finding"      : "-----BEGIN CERTIFICATE-----\nMIIOjjCCDHagAwIBAgITMwNUcogUb1nnNbfKBwAAA1RyiDANBgkqhkiG9w0BAQwFADBdMQswCQYDVQQGEwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMS4wLAYDVQQDEyVNaWNyb3NvZnQgQXp1cmUgUlNBIFRMUyBJc3N1aW5nIENBIDA0MB4XDTI2MDEyMzEzMDcxNVoXDTI2MDcyMjEzMDcxNVowbjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAldBMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xIDAeBgNVBAMMFyouYmxvYi5jb3JlLndpbmRvd3MubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuiB556ZMsvJpONe9E1mpi4w9a2LCagHR5PM+ZOYhRWFfdyEScBejWtt7MpndBMQ/yvlNDTvDB0VwkB1RiK/BOqz3DnBjMmymd74KFdHWzgbn6mRxN05SXvmc5XVh4m0M15BUg42tNYa+5fzqn2ewLUaWmmuEnPlBZDIjWya+YnNVooUwPIWYxv8hdkkASh1DuLGu7V7MCaCWcenOPrZJyBmV8fyIK4eekfVnFnOGeZVt7ONFytt1CN83I12IPIoVWkfI+LE4DLGxx71AFOpHmzNpAvB0t0c5997xdgyBywtfNSp6BifKGhkvPEp5M5oTaJiD+zKBWQHveVrVQNRKIQIDAQABo4IKNDCCCjAwggF9BgorBgEEAdZ5AgQCBIIBbQSCAWkBZwB2ANdtfRDRp/V3wsfpX9cAv/mCyTNaZeHQswFzF8DIxWl3AAABm+sAiloAAAQDAEcwRQIhAPmFkRThxaV0OFz46h+J6igytHSvM/DvUdZypwITbfl9AiBTYjDn9SQ69XasNVc7+b1fsFVlILfMcapffzUpUACwZAB1AMIxfldFGaNF7n843rKQQevHwiFaIr9/1bWtdprZDlLNAAABm+sAimMAAAQDAEYwRAIgFL0HFKi2Hg4v50WUyyRntMcKl2sSvRPpl6OgomAnZ5oCIDDen/reeCfx53bRB0I4e2dAXkAHTvry+QPhMVW34IEpAHYAyKPEf8ezrbk1awE/anoSbeM6TkOlxkb5l605dZkdz5oAAAGb6wCKlAAABAMARzBFAiEAndJWRrqBBOuZ+tAvRcamz5SV5lrmxjmoGfIW92oWH1kCIF/7sGPQ7oxaR13Numcxf6oJGYrqZ0igXM0PfyvI1AvKMCcGCSsGAQQBgjcVCgQaMBgwCgYIKwYBBQUHAwIwCgYIKwYBBQUHAwEwPAYJKwYBBAGCNxUHBC8wLQYlKwYBBAGCNxUIh73XG4Hn60aCgZ0ujtAMh/DaHV2Cq+cwh+3xHwIBZAIBLTCBtAYIKwYBBQUHAQEEgacwgaQwcwYIKwYBBQUHMAKGZ2h0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2lvcHMvY2VydHMvTWljcm9zb2Z0JTIwQXp1cmUlMjBSU0ElMjBUTFMlMjBJc3N1aW5nJTIwQ0ElMjAwNCUyMC0lMjB4c2lnbi5jcnQwLQYIKwYBBQUHMAGGIWh0dHA6Ly9vbmVvY3NwLm1pY3Jvc29mdC5jb20vb2NzcDAdBgNVHQ4EFgQUTzwP8c3GBJrUGeRtJrLiu06NKyQwDgYDVR0PAQH/BAQDAgWgMIIGPAYDVR0RBIIGMzCCBi+CFyouYmxvYi5jb3JlLndpbmRvd3MubmV0gicqLmlhZDA0cHJkc3RyNDVhLnN0b3JlLmNvcmUud2luZG93cy5uZXSCGCouYmxvYi5zdG9yYWdlLmF6dXJlLm5ldIIbKi56MS5ibG9iLnN0b3JhZ2UuYXp1cmUubmV0ghsqLnoyLmJsb2Iuc3RvcmFnZS5henVyZS5uZXSCGyouejMuYmxvYi5zdG9yYWdlLmF6dXJlLm5ldIIbKi56NC5ibG9iLnN0b3JhZ2UuYXp1cmUubmV0ghsqLno1LmJsb2Iuc3RvcmFnZS5henVyZS5uZXSCGyouejYuYmxvYi5zdG9yYWdlLmF6dXJlLm5ldIIbKi56Ny5ibG9iLnN0b3JhZ2UuYXp1cmUubmV0ghsqLno4LmJsb2Iuc3RvcmFnZS5henVyZS5uZXSCGyouejkuYmxvYi5zdG9yYWdlLmF6dXJlLm5ldIIcKi56MTAuYmxvYi5zdG9yYWdlLmF6dXJlLm5ldIIcKi56MTEuYmxvYi5zdG9yYWdlLmF6dXJlLm5ldIIcKi56MTIuYmxvYi5zdG9yYWdlLmF6dXJlLm5ldIIcKi56MTMuYmxvYi5zdG9yYWdlLmF6dXJlLm5ldIIcKi56MTQuYmxvYi5zdG9yYWdlLmF6dXJlLm5ldIIcKi56MTUuYmxvYi5zdG9yYWdlLmF6dXJlLm5ldIIcKi56MTYuYmxvYi5zdG9yYWdlLmF6dXJlLm5ldIIcKi56MTcuYmxvYi5zdG9yYWdlLmF6dXJlLm5ldIIcKi56MTguYmxvYi5zdG9yYWdlLmF6dXJlLm5ldIIcKi56MTkuYmxvYi5zdG9yYWdlLmF6dXJlLm5ldIIcKi56MjAuYmxvYi5zdG9yYWdlLmF6dXJlLm5ldIIcKi56MjEuYmxvYi5zdG9yYWdlLmF6dXJlLm5ldIIcKi56MjIuYmxvYi5zdG9yYWdlLmF6dXJlLm5ldIIcKi56MjMuYmxvYi5zdG9yYWdlLmF6dXJlLm5ldIIcKi56MjQuYmxvYi5zdG9yYWdlLmF6dXJlLm5ldIIcKi56MjUuYmxvYi5zdG9yYWdlLmF6dXJlLm5ldIIcKi56MjYuYmxvYi5zdG9yYWdlLmF6dXJlLm5ldIIcKi56MjcuYmxvYi5zdG9yYWdlLmF6dXJlLm5ldIIcKi56MjguYmxvYi5zdG9yYWdlLmF6dXJlLm5ldIIcKi56MjkuYmxvYi5zdG9yYWdlLmF6dXJlLm5ldIIcKi56MzAuYmxvYi5zdG9yYWdlLmF6dXJlLm5ldIIcKi56MzEuYmxvYi5zdG9yYWdlLmF6dXJlLm5ldIIcKi56MzIuYmxvYi5zdG9yYWdlLmF6dXJlLm5ldIIcKi56MzMuYmxvYi5zdG9yYWdlLmF6dXJlLm5ldIIcKi56MzQuYmxvYi5zdG9yYWdlLmF6dXJlLm5ldIIcKi56MzUuYmxvYi5zdG9yYWdlLmF6dXJlLm5ldIIcKi56MzYuYmxvYi5zdG9yYWdlLmF6dXJlLm5ldIIcKi56MzcuYmxvYi5zdG9yYWdlLmF6dXJlLm5ldIIcKi56MzguYmxvYi5zdG9yYWdlLmF6dXJlLm5ldIIcKi56MzkuYmxvYi5zdG9yYWdlLmF6dXJlLm5ldIIcKi56NDAuYmxvYi5zdG9yYWdlLmF6dXJlLm5ldIIcKi56NDEuYmxvYi5zdG9yYWdlLmF6dXJlLm5ldIIcKi56NDIuYmxvYi5zdG9yYWdlLmF6dXJlLm5ldIIcKi56NDMuYmxvYi5zdG9yYWdlLmF6dXJlLm5ldIIcKi56NDQuYmxvYi5zdG9yYWdlLmF6dXJlLm5ldIIcKi56NDUuYmxvYi5zdG9yYWdlLmF6dXJlLm5ldIIcKi56NDYuYmxvYi5zdG9yYWdlLmF6dXJlLm5ldIIcKi56NDcuYmxvYi5zdG9yYWdlLmF6dXJlLm5ldIIcKi56NDguYmxvYi5zdG9yYWdlLmF6dXJlLm5ldIIcKi56NDkuYmxvYi5zdG9yYWdlLmF6dXJlLm5ldIIcKi56NTAuYmxvYi5zdG9yYWdlLmF6dXJlLm5ldDAMBgNVHRMBAf8EAjAAMGoGA1UdHwRjMGEwX6BdoFuGWWh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2lvcHMvY3JsL01pY3Jvc29mdCUyMEF6dXJlJTIwUlNBJTIwVExTJTIwSXNzdWluZyUyMENBJTIwMDQuY3JsMGYGA1UdIARfMF0wUQYMKwYBBAGCN0yDfQEBMEEwPwYIKwYBBQUHAgEWM2h0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2lvcHMvRG9jcy9SZXBvc2l0b3J5Lmh0bTAIBgZngQwBAgIwHwYDVR0jBBgwFoAUO3DRU+l2JZ1gqMpmD8abrm9UFmowHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA0GCSqGSIb3DQEBDAUAA4ICAQAjx3XpxFg00g9+1S5zGI5OGDg9biYimeWUSm2LagDaXfZWVJ8NCbZEBPGgZ/oaRMsJKZpqNRV6bM30Gdxf/RO4ewz9fpqz+bjX6CbezOd25PVOTN0M9VFuzjWsoQBbyCLWDwhXzyRnDJE+5RD53GtVkDNLF6Qoe4p26nxSFgmemCuhd0cOweSYJCdAuYouam0IUUY6nPu2o4dTmCRMvt3xkvGVrWfxjygrWWpaFnDH+XOGzzLwaUfMhpNv+hshBhSia8X5mNrl53UBnfhw/8ZBOhGyXL0B5Eq96en+nwzkiCourzrwa60z0EmSQpNTnCHpE9+7guu9vJFU2TPxXMpaL5g7ogXnV5nPzZ1UK9BZUoFybziyI4y5g4DL5eAvkk9zpgNoYj47+t5szsMn/K9ZLqHwH67CF7tojLi0HQ1lM+nAbkZUXZJ/G8Ep9nhuAPrmabQBPGpxVYcH3tT10s1HOvPV6APFmNnpofFclPUJ6ElVLRGKcDl5c3eSVf6V9Qr6XJCtZUrCQC7kWvmoX0hR02AsVNFoY5z6m/MaVozY6cgT6qOb0hYUcBkCYl7jbxE2kGp1PwIIkn0rpeFj60yMsAIvyG+zh0RhNeQVoJcJ4oH8mU2EDixuzbTW1xxxAQ6xU0NDuNYs8B8JpvmuYHUaGq86buXm9aQwla3/fh5mMA==\n-----END CERTIFICATE-----"
          }
,         {
              "id"           : "cert_commonName",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "OK",
              "finding"      : "*.blob.core.windows.net"
          }
,         {
              "id"           : "cert_commonName_wo_SNI",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "INFO",
              "finding"      : "*.blob.core.windows.net"
          }
,         {
              "id"           : "cert_subjectAltName",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "INFO",
              "finding"      : "*.blob.core.windows.net *.iad04prdstr45a.store.core.windows.net *.blob.storage.azure.net *.z1.blob.storage.azure.net *.z2.blob.storage.azure.net *.z3.blob.storage.azure.net *.z4.blob.storage.azure.net *.z5.blob.storage.azure.net *.z6.blob.storage.azure.net *.z7.blob.storage.azure.net *.z8.blob.storage.azure.net *.z9.blob.storage.azure.net *.z10.blob.storage.azure.net *.z11.blob.storage.azure.net *.z12.blob.storage.azure.net *.z13.blob.storage.azure.net *.z14.blob.storage.azure.net *.z15.blob.storage.azure.net *.z16.blob.storage.azure.net *.z17.blob.storage.azure.net *.z18.blob.storage.azure.net *.z19.blob.storage.azure.net *.z20.blob.storage.azure.net *.z21.blob.storage.azure.net *.z22.blob.storage.azure.net *.z23.blob.storage.azure.net *.z24.blob.storage.azure.net *.z25.blob.storage.azure.net *.z26.blob.storage.azure.net *.z27.blob.storage.azure.net *.z28.blob.storage.azure.net *.z29.blob.storage.azure.net *.z30.blob.storage.azure.net *.z31.blob.storage.azure.net *.z32.blob.storage.azure.net *.z33.blob.storage.azure.net *.z34.blob.storage.azure.net *.z35.blob.storage.azure.net *.z36.blob.storage.azure.net *.z37.blob.storage.azure.net *.z38.blob.storage.azure.net *.z39.blob.storage.azure.net *.z40.blob.storage.azure.net *.z41.blob.storage.azure.net *.z42.blob.storage.azure.net *.z43.blob.storage.azure.net *.z44.blob.storage.azure.net *.z45.blob.storage.azure.net *.z46.blob.storage.azure.net *.z47.blob.storage.azure.net *.z48.blob.storage.azure.net *.z49.blob.storage.azure.net *.z50.blob.storage.azure.net"
          }
,         {
              "id"           : "cert_trust",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "OK",
              "finding"      : "Ok via SAN wildcard and CN wildcard (same w/o SNI)"
          }
,         {
              "id"           : "cert_trust_wildcard",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "LOW",
              "finding"      : "trust is via wildcard"
          }
,         {
              "id"           : "cert_chain_of_trust",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "OK",
              "finding"      : "passed."
          }
,         {
              "id"           : "cert_certificatePolicies_EV",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "INFO",
              "finding"      : "no"
          }
,         {
              "id"           : "cert_expirationStatus",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "OK",
              "finding"      : "103 >= 60 days"
          }
,         {
              "id"           : "cert_notBefore",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "INFO",
              "finding"      : "2026-01-23 13:07"
          }
,         {
              "id"           : "cert_notAfter",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "OK",
              "finding"      : "2026-07-22 13:07"
          }
,         {
              "id"           : "cert_extlifeSpan",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "OK",
              "finding"      : "certificate has no extended life time according to browser forum"
          }
,         {
              "id"           : "cert_eTLS",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "INFO",
              "finding"      : "not present"
          }
,         {
              "id"           : "cert_crlDistributionPoints",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "INFO",
              "finding"      : "http://www.microsoft.com/pkiops/crl/Microsoft%20Azure%20RSA%20TLS%20Issuing%20CA%2004.crl"
          }
,         {
              "id"           : "cert_ocspURL",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "INFO",
              "finding"      : "http://oneocsp.microsoft.com/ocsp"
          }
,         {
              "id"           : "OCSP_stapling",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "OK",
              "finding"      : "offered"
          }
,         {
              "id"           : "cert_ocspRevoked",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "OK",
              "finding"      : "not revoked"
          }
,         {
              "id"           : "cert_mustStapleExtension",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "INFO",
              "finding"      : "--"
          }
,         {
              "id"           : "DNS_CAArecord",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "OK",
              "finding"      : "contactemail=caarecordaware@microsoft.com"
          }
,         {
              "id"           : "certificate_transparency",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "OK",
              "finding"      : "yes (certificate extension)"
          }
,         {
              "id"           : "certs_countServer",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "INFO",
              "finding"      : "2"
          }
,         {
              "id"           : "certs_list_ordering_problem",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "INFO",
              "finding"      : "no"
          }
,         {
              "id"           : "cert_caIssuers",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "INFO",
              "finding"      : "Microsoft Azure RSA TLS Issuing CA 04 (Microsoft Corporation from US)"
          }
,         {
              "id"           : "intermediate_cert <#1>",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "INFO",
              "finding"      : "-----BEGIN CERTIFICATE-----\nMIIFrDCCBJSgAwIBAgIQCfluwpVVXyR0nq8eXc7UnTANBgkqhkiG9w0BAQwFADBhMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBHMjAeFw0yMzA2MDgwMDAwMDBaFw0yNjA4MjUyMzU5NTlaMF0xCzAJBgNVBAYTAlVTMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xLjAsBgNVBAMTJU1pY3Jvc29mdCBBenVyZSBSU0EgVExTIElzc3VpbmcgQ0EgMDQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDBeUy13eRZ/QC5bN7/IOGxodny7Xm2BFc88d3cca3yHyyVx1Y60+afY6DAo/2Ls1uzAfbDfMzAVWJazPH4tckaItDv//htEbbNJnAGvZPB4VqNviwDEmlAWT/MTAmzXfTgWXuUNgRlzZbjoFaPm+t6iJ6HdvDpWQAJbsBUZCgat257tM28JnAHUTWdiDBn+2z6EGh2DA6BCx04zHDKVSegLY8+5P80Lqze0d6i3T2JJ7rfxCmxUXfCGOv9iQIUZfhv4vCb8hsm/JdNUMiomJhSPa0bi3rda/swuJHCH//dwz2AGzZRRGdj7Kna4t6ToxK17lAF3Q6Qp368C9cE6JLMj+3UbY3umWCPRA5/Dms4/wl3GvDEw7HpyKsvRNPpjDZyiFzZGC2HZmGMsrZMT3hxmyQwmz1O3eGYdO5EIq1SW/vT1yShZTSusqmICQo5gWWRZTwCENekSbVX9qRr77o0pjKtuBMZTGQTixwpT/rgUl7Mr4M2nqK55Kovy/kUN1znfPdW/Fj9iCuvPKwKFdyt2RVgxJDvgIF/bNoRkRxhwVB6qRgs4EiTrNbRoZAHEFF5wRBf9gWn9HeoI66VtdMZvJRH+0/FDWB4/zwxS16nnADJaVPXh6JHJFYs9p0wZmvct3GNdWrOLRAG2yzbfFZS8fJcX1PYxXXo4By16yGWhQIDAQABo4IBYjCCAV4wEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQUO3DRU+l2JZ1gqMpmD8abrm9UFmowHwYDVR0jBBgwFoAUTiJUIBiV5uNu5g/6+rkS7QYXjzkwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjB2BggrBgEFBQcBAQRqMGgwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBABggrBgEFBQcwAoY0aHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0R2xvYmFsUm9vdEcyLmNydDBCBgNVHR8EOzA5MDegNaAzhjFodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRHbG9iYWxSb290RzIuY3JsMB0GA1UdIAQWMBQwCAYGZ4EMAQIBMAgGBmeBDAECAjANBgkqhkiG9w0BAQwFAAOCAQEAo9sJvBNLQSJ1e7VaG3cSZHBz6zjS70A1gVO1pqsmX34BWDPz1TAlOyJiLlA+eUF4B2OWHd3F//dJJ/3TaCFunjBhZudv3busl7flz42K/BG/eOdlg0kiUf07PCYY5/FKYTIch51j1moFlBqbglwkdNIVae2tOu0OdX2JiA+bprYcGxa7eayLetvPiA77ynTcUNMKOqYB41FZHOXe5IXDI5t2RsDM9dMEZv4+cOb9G9qXcgDar1AzPHEt/39335zCHofQ0QuItCDCDzahWZci9Nn9hb/SvAtPWHZLkLBG6I0iwGxvMwcTTc9Jnb4FlysrmQlwKsS2MphOoI23Qq3cSA==\n-----END CERTIFICATE-----"
          }
,         {
              "id"           : "intermediate_cert_fingerprintSHA256 <#1>",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "INFO",
              "finding"      : "33F9731BE910A66DC6ACD07D9D9CA212EE8D0A9A5C78C8BF3E89BB74DF8FB936"
          }
,         {
              "id"           : "intermediate_cert_notBefore <#1>",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "INFO",
              "finding"      : "2023-06-08 00:00"
          }
,         {
              "id"           : "intermediate_cert_notAfter <#1>",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "OK",
              "finding"      : "2026-08-25 23:59"
          }
,         {
              "id"           : "intermediate_cert_expiration <#1>",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "OK",
              "finding"      : "ok > 40 days"
          }
,         {
              "id"           : "intermediate_cert_chain <#1>",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "INFO",
              "finding"      : "Microsoft Azure RSA TLS Issuing CA 04 <-- DigiCert Global Root G2"
          }
,         {
              "id"           : "intermediate_cert_badOCSP",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "OK",
              "finding"      : "intermediate certificate(s) is/are ok"
          }
,         {
              "id"           : "scanTime",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "INFO",
              "finding"      : "14"
          }
]

Feature: CCC.Core.CN01.AR03

Scenario: HTTP redirects to HTTPS @tlp-green @tlp-amber @tlp-red @CCC.Core @CCC.Core.CN01 @PerPort @Behavioural @http @tls @object-storage

Given a client connects to "{hostName}" with protocol "http" on port "80"981µs

And I refer to "{result}" as "connection"50µs

And "{connection}" is not an error43µs

And I transmit "GET / HTTP/1.1\r\nHost: {hostName}\r\n\r\n" to "{connection}"501ms

And I attach "{connection}" to the test output as "HTTP response"82µs

And "{connection.Output}" contains "301"41µs

expected {connection.Output} to contain '301', but got 'HTTP/1.1 400 The account being accessed does not support http. Content-Length: 287 Content-Type: application/xml x-ms-request-id: 2a064b0c-401e-00e7-35e9-c88445000000 Date: Fri, 10 Apr 2026 12:59:47 GMT AccountRequiresHttpsThe account being accessed does not support http. RequestId:2a064b0c-401e-00e7-35e9-c88445000000 Time:2026-04-10T12:59:47.2673023Zstgcfi20260410t121838z'

And I call "{connection}" with "Close"20µs

Then "{connection.State}" is "closed"16µs

📎 Attachments:

HTTP response

View JSON (644 bytes)

{"State":"open","Input":{},"Output":"HTTP/1.1 400 The account being accessed does not support http.\r\nContent-Length: 287\r\nContent-Type: application/xml\r\nx-ms-request-id: 2a064b0c-401e-00e7-35e9-c88445000000\r\nDate: Fri, 10 Apr 2026 12:59:47 GMT\r\n\r\n\u003c?xml version=\"1.0\" encoding=\"utf-8\"?\u003e\u003cError\u003e\u003cCode\u003eAccountRequiresHttps\u003c/Code\u003e\u003cMessage\u003eThe account being accessed does not support http.\nRequestId:2a064b0c-401e-00e7-35e9-c88445000000\nTime:2026-04-10T12:59:47.2673023Z\u003c/Message\u003e\u003cAccountName\u003estgcfi20260410t121838z\u003c/AccountName\u003e\u003c/Error\u003e"}

Scenario: Only secure protocols are exposed @tlp-green @tlp-amber @tlp-red @CCC.Core @CCC.Core.CN01 @PerPort @Behavioural @tls @object-storage

Given "report" contains details of SSL Support type "protocols" for "{hostName}" on port "{portNumber}"6s

Then "{report}" is an array of objects with at least the following contents190µs

id	severity
TLS1_2	OK
TLS1_3	OK

📎 Attachments:

testssl_protocols_stgcfi20260410t121838z.blob.core.windows.net_443.json

View JSON (3708 bytes)

[
         {
              "id"           : "engine_problem",
              "ip"           : "/",
              "port"         : "443",
              "severity"     : "WARN",
              "finding"      : "No engine or GOST support via engine with your /opt/testssl/bin/openssl.Linux.x86_64"
          }
,         {
              "id"           : "service",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "INFO",
              "finding"      : "HTTP"
          }
,         {
              "id"           : "pre_128cipher",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "INFO",
              "finding"      : "No 128 cipher limit bug"
          }
,         {
              "id"           : "SSLv2",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "OK",
              "finding"      : "not offered"
          }
,         {
              "id"           : "SSLv3",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "OK",
              "finding"      : "not offered"
          }
,         {
              "id"           : "TLS1",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "LOW",
              "finding"      : "offered (deprecated)"
          }
,         {
              "id"           : "TLS1_1",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "LOW",
              "finding"      : "offered (deprecated)"
          }
,         {
              "id"           : "TLS1_2",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "OK",
              "finding"      : "offered"
          }
,         {
              "id"           : "TLS1_3",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "OK",
              "finding"      : "offered with final"
          }
,         {
              "id"           : "QUIC",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "WARN",
              "finding"      : "not tested due to lack of local OpenSSL support"
          }
,         {
              "id"           : "NPN",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "INFO",
              "finding"      : "not offered"
          }
,         {
              "id"           : "ALPN",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "INFO",
              "finding"      : "not offered"
          }
,         {
              "id"           : "scanTime",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "INFO",
              "finding"      : "6"
          }
]

Feature: CCC.Core.CN01.AR07

Scenario: Verify HTTPS uses IANA-assigned port 443 @tlp-clear @tlp-green @tlp-amber @tlp-red @CCC.Core @CCC.Core.CN01 @Behavioural @PerPort @http @tls @object-storage

Then "{portNumber}" is "443"20µs

Feature: CCC.Core.CN01.AR08

Scenario: Verify mTLS requires client certificate authentication @tls @tlp-amber @tlp-red @CCC.Core @CCC.Core.CN01 @Behavioural @PerPort @tls @object-storage

Given "report" contains details of SSL Support type "server-defaults" for "{hostName}" on port "{portNumber}"13s

Then "{report}" is an array of objects with at least the following contents600µs

id	finding
clientAuth	required

expected row not found: map[finding:required id:clientAuth]

📎 Attachments:

testssl_server-defaults_stgcfi20260410t121838z.blob.core.windows.net_443.json

View JSON (24805 bytes)

[
         {
              "id"           : "engine_problem",
              "ip"           : "/",
              "port"         : "443",
              "severity"     : "WARN",
              "finding"      : "No engine or GOST support via engine with your /opt/testssl/bin/openssl.Linux.x86_64"
          }
,         {
              "id"           : "service",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "INFO",
              "finding"      : "HTTP"
          }
,         {
              "id"           : "pre_128cipher",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "INFO",
              "finding"      : "No 128 cipher limit bug"
          }
,         {
              "id"           : "TLS_extensions",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "INFO",
              "finding"      : "'status request/#5' 'extended master secret/#23' 'supported versions/#43' 'key share/#51' 'renegotiation info/#65281'"
          }
,         {
              "id"           : "TLS_misses_extension_23",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "INFO",
              "finding"      : "Extended master secret extension detected"
          }
,         {
              "id"           : "TLS_session_ticket",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "INFO",
              "finding"      : "no -- no lifetime advertised"
          }
,         {
              "id"           : "SSL_sessionID_support",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "INFO",
              "finding"      : "yes"
          }
,         {
              "id"           : "sessionresumption_ticket",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "INFO",
              "finding"      : "not supported"
          }
,         {
              "id"           : "sessionresumption_ID",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "INFO",
              "finding"      : "not supported"
          }
,         {
              "id"           : "early_data",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "OK",
              "finding"      : "No early data"
          }
,         {
              "id"           : "TLS_timestamp",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "INFO",
              "finding"      : "off by 0 seconds from your localtime"
          }
,         {
              "id"           : "certificate_compression",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "INFO",
              "finding"      : "none"
          }
,         {
              "id"           : "clientAuth",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "INFO",
              "finding"      : "none"
          }
,         {
              "id"           : "cert_numbers",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "INFO",
              "finding"      : "1"
          }
,         {
              "id"           : "cert_signatureAlgorithm",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "OK",
              "finding"      : "SHA384 with RSA"
          }
,         {
              "id"           : "cert_keySize",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "INFO",
              "finding"      : "RSA 2048 bits (exponent is 65537)"
          }
,         {
              "id"           : "cert_keyUsage",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "INFO",
              "finding"      : "Digital Signature, Key Encipherment"
          }
,         {
              "id"           : "cert_extKeyUsage",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "INFO",
              "finding"      : "TLS Web Client Authentication, TLS Web Server Authentication"
          }
,         {
              "id"           : "cert_serialNumber",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "INFO",
              "finding"      : "3303547288146F59E735B7CA07000003547288"
          }
,         {
              "id"           : "cert_serialNumberLen",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "INFO",
              "finding"      : "19"
          }
,         {
              "id"           : "cert_fingerprintSHA1",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "INFO",
              "finding"      : "6DE5493D9C2001A18909D9929BAFA8518B8CB2B8"
          }
,         {
              "id"           : "cert_fingerprintSHA256",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "INFO",
              "finding"      : "FE568C9BCF05C32CBC0039C770F336391730427A9FF2D6F851EFC3F87633BF5C"
          }
,         {
              "id"           : "cert",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "INFO",
              "finding"      : "-----BEGIN CERTIFICATE-----\nMIIOjjCCDHagAwIBAgITMwNUcogUb1nnNbfKBwAAA1RyiDANBgkqhkiG9w0BAQwFADBdMQswCQYDVQQGEwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMS4wLAYDVQQDEyVNaWNyb3NvZnQgQXp1cmUgUlNBIFRMUyBJc3N1aW5nIENBIDA0MB4XDTI2MDEyMzEzMDcxNVoXDTI2MDcyMjEzMDcxNVowbjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAldBMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xIDAeBgNVBAMMFyouYmxvYi5jb3JlLndpbmRvd3MubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuiB556ZMsvJpONe9E1mpi4w9a2LCagHR5PM+ZOYhRWFfdyEScBejWtt7MpndBMQ/yvlNDTvDB0VwkB1RiK/BOqz3DnBjMmymd74KFdHWzgbn6mRxN05SXvmc5XVh4m0M15BUg42tNYa+5fzqn2ewLUaWmmuEnPlBZDIjWya+YnNVooUwPIWYxv8hdkkASh1DuLGu7V7MCaCWcenOPrZJyBmV8fyIK4eekfVnFnOGeZVt7ONFytt1CN83I12IPIoVWkfI+LE4DLGxx71AFOpHmzNpAvB0t0c5997xdgyBywtfNSp6BifKGhkvPEp5M5oTaJiD+zKBWQHveVrVQNRKIQIDAQABo4IKNDCCCjAwggF9BgorBgEEAdZ5AgQCBIIBbQSCAWkBZwB2ANdtfRDRp/V3wsfpX9cAv/mCyTNaZeHQswFzF8DIxWl3AAABm+sAiloAAAQDAEcwRQIhAPmFkRThxaV0OFz46h+J6igytHSvM/DvUdZypwITbfl9AiBTYjDn9SQ69XasNVc7+b1fsFVlILfMcapffzUpUACwZAB1AMIxfldFGaNF7n843rKQQevHwiFaIr9/1bWtdprZDlLNAAABm+sAimMAAAQDAEYwRAIgFL0HFKi2Hg4v50WUyyRntMcKl2sSvRPpl6OgomAnZ5oCIDDen/reeCfx53bRB0I4e2dAXkAHTvry+QPhMVW34IEpAHYAyKPEf8ezrbk1awE/anoSbeM6TkOlxkb5l605dZkdz5oAAAGb6wCKlAAABAMARzBFAiEAndJWRrqBBOuZ+tAvRcamz5SV5lrmxjmoGfIW92oWH1kCIF/7sGPQ7oxaR13Numcxf6oJGYrqZ0igXM0PfyvI1AvKMCcGCSsGAQQBgjcVCgQaMBgwCgYIKwYBBQUHAwIwCgYIKwYBBQUHAwEwPAYJKwYBBAGCNxUHBC8wLQYlKwYBBAGCNxUIh73XG4Hn60aCgZ0ujtAMh/DaHV2Cq+cwh+3xHwIBZAIBLTCBtAYIKwYBBQUHAQEEgacwgaQwcwYIKwYBBQUHMAKGZ2h0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2lvcHMvY2VydHMvTWljcm9zb2Z0JTIwQXp1cmUlMjBSU0ElMjBUTFMlMjBJc3N1aW5nJTIwQ0ElMjAwNCUyMC0lMjB4c2lnbi5jcnQwLQYIKwYBBQUHMAGGIWh0dHA6Ly9vbmVvY3NwLm1pY3Jvc29mdC5jb20vb2NzcDAdBgNVHQ4EFgQUTzwP8c3GBJrUGeRtJrLiu06NKyQwDgYDVR0PAQH/BAQDAgWgMIIGPAYDVR0RBIIGMzCCBi+CFyouYmxvYi5jb3JlLndpbmRvd3MubmV0gicqLmlhZDA0cHJkc3RyNDVhLnN0b3JlLmNvcmUud2luZG93cy5uZXSCGCouYmxvYi5zdG9yYWdlLmF6dXJlLm5ldIIbKi56MS5ibG9iLnN0b3JhZ2UuYXp1cmUubmV0ghsqLnoyLmJsb2Iuc3RvcmFnZS5henVyZS5uZXSCGyouejMuYmxvYi5zdG9yYWdlLmF6dXJlLm5ldIIbKi56NC5ibG9iLnN0b3JhZ2UuYXp1cmUubmV0ghsqLno1LmJsb2Iuc3RvcmFnZS5henVyZS5uZXSCGyouejYuYmxvYi5zdG9yYWdlLmF6dXJlLm5ldIIbKi56Ny5ibG9iLnN0b3JhZ2UuYXp1cmUubmV0ghsqLno4LmJsb2Iuc3RvcmFnZS5henVyZS5uZXSCGyouejkuYmxvYi5zdG9yYWdlLmF6dXJlLm5ldIIcKi56MTAuYmxvYi5zdG9yYWdlLmF6dXJlLm5ldIIcKi56MTEuYmxvYi5zdG9yYWdlLmF6dXJlLm5ldIIcKi56MTIuYmxvYi5zdG9yYWdlLmF6dXJlLm5ldIIcKi56MTMuYmxvYi5zdG9yYWdlLmF6dXJlLm5ldIIcKi56MTQuYmxvYi5zdG9yYWdlLmF6dXJlLm5ldIIcKi56MTUuYmxvYi5zdG9yYWdlLmF6dXJlLm5ldIIcKi56MTYuYmxvYi5zdG9yYWdlLmF6dXJlLm5ldIIcKi56MTcuYmxvYi5zdG9yYWdlLmF6dXJlLm5ldIIcKi56MTguYmxvYi5zdG9yYWdlLmF6dXJlLm5ldIIcKi56MTkuYmxvYi5zdG9yYWdlLmF6dXJlLm5ldIIcKi56MjAuYmxvYi5zdG9yYWdlLmF6dXJlLm5ldIIcKi56MjEuYmxvYi5zdG9yYWdlLmF6dXJlLm5ldIIcKi56MjIuYmxvYi5zdG9yYWdlLmF6dXJlLm5ldIIcKi56MjMuYmxvYi5zdG9yYWdlLmF6dXJlLm5ldIIcKi56MjQuYmxvYi5zdG9yYWdlLmF6dXJlLm5ldIIcKi56MjUuYmxvYi5zdG9yYWdlLmF6dXJlLm5ldIIcKi56MjYuYmxvYi5zdG9yYWdlLmF6dXJlLm5ldIIcKi56MjcuYmxvYi5zdG9yYWdlLmF6dXJlLm5ldIIcKi56MjguYmxvYi5zdG9yYWdlLmF6dXJlLm5ldIIcKi56MjkuYmxvYi5zdG9yYWdlLmF6dXJlLm5ldIIcKi56MzAuYmxvYi5zdG9yYWdlLmF6dXJlLm5ldIIcKi56MzEuYmxvYi5zdG9yYWdlLmF6dXJlLm5ldIIcKi56MzIuYmxvYi5zdG9yYWdlLmF6dXJlLm5ldIIcKi56MzMuYmxvYi5zdG9yYWdlLmF6dXJlLm5ldIIcKi56MzQuYmxvYi5zdG9yYWdlLmF6dXJlLm5ldIIcKi56MzUuYmxvYi5zdG9yYWdlLmF6dXJlLm5ldIIcKi56MzYuYmxvYi5zdG9yYWdlLmF6dXJlLm5ldIIcKi56MzcuYmxvYi5zdG9yYWdlLmF6dXJlLm5ldIIcKi56MzguYmxvYi5zdG9yYWdlLmF6dXJlLm5ldIIcKi56MzkuYmxvYi5zdG9yYWdlLmF6dXJlLm5ldIIcKi56NDAuYmxvYi5zdG9yYWdlLmF6dXJlLm5ldIIcKi56NDEuYmxvYi5zdG9yYWdlLmF6dXJlLm5ldIIcKi56NDIuYmxvYi5zdG9yYWdlLmF6dXJlLm5ldIIcKi56NDMuYmxvYi5zdG9yYWdlLmF6dXJlLm5ldIIcKi56NDQuYmxvYi5zdG9yYWdlLmF6dXJlLm5ldIIcKi56NDUuYmxvYi5zdG9yYWdlLmF6dXJlLm5ldIIcKi56NDYuYmxvYi5zdG9yYWdlLmF6dXJlLm5ldIIcKi56NDcuYmxvYi5zdG9yYWdlLmF6dXJlLm5ldIIcKi56NDguYmxvYi5zdG9yYWdlLmF6dXJlLm5ldIIcKi56NDkuYmxvYi5zdG9yYWdlLmF6dXJlLm5ldIIcKi56NTAuYmxvYi5zdG9yYWdlLmF6dXJlLm5ldDAMBgNVHRMBAf8EAjAAMGoGA1UdHwRjMGEwX6BdoFuGWWh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2lvcHMvY3JsL01pY3Jvc29mdCUyMEF6dXJlJTIwUlNBJTIwVExTJTIwSXNzdWluZyUyMENBJTIwMDQuY3JsMGYGA1UdIARfMF0wUQYMKwYBBAGCN0yDfQEBMEEwPwYIKwYBBQUHAgEWM2h0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2lvcHMvRG9jcy9SZXBvc2l0b3J5Lmh0bTAIBgZngQwBAgIwHwYDVR0jBBgwFoAUO3DRU+l2JZ1gqMpmD8abrm9UFmowHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA0GCSqGSIb3DQEBDAUAA4ICAQAjx3XpxFg00g9+1S5zGI5OGDg9biYimeWUSm2LagDaXfZWVJ8NCbZEBPGgZ/oaRMsJKZpqNRV6bM30Gdxf/RO4ewz9fpqz+bjX6CbezOd25PVOTN0M9VFuzjWsoQBbyCLWDwhXzyRnDJE+5RD53GtVkDNLF6Qoe4p26nxSFgmemCuhd0cOweSYJCdAuYouam0IUUY6nPu2o4dTmCRMvt3xkvGVrWfxjygrWWpaFnDH+XOGzzLwaUfMhpNv+hshBhSia8X5mNrl53UBnfhw/8ZBOhGyXL0B5Eq96en+nwzkiCourzrwa60z0EmSQpNTnCHpE9+7guu9vJFU2TPxXMpaL5g7ogXnV5nPzZ1UK9BZUoFybziyI4y5g4DL5eAvkk9zpgNoYj47+t5szsMn/K9ZLqHwH67CF7tojLi0HQ1lM+nAbkZUXZJ/G8Ep9nhuAPrmabQBPGpxVYcH3tT10s1HOvPV6APFmNnpofFclPUJ6ElVLRGKcDl5c3eSVf6V9Qr6XJCtZUrCQC7kWvmoX0hR02AsVNFoY5z6m/MaVozY6cgT6qOb0hYUcBkCYl7jbxE2kGp1PwIIkn0rpeFj60yMsAIvyG+zh0RhNeQVoJcJ4oH8mU2EDixuzbTW1xxxAQ6xU0NDuNYs8B8JpvmuYHUaGq86buXm9aQwla3/fh5mMA==\n-----END CERTIFICATE-----"
          }
,         {
              "id"           : "cert_commonName",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "OK",
              "finding"      : "*.blob.core.windows.net"
          }
,         {
              "id"           : "cert_commonName_wo_SNI",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "INFO",
              "finding"      : "*.blob.core.windows.net"
          }
,         {
              "id"           : "cert_subjectAltName",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "INFO",
              "finding"      : "*.blob.core.windows.net *.iad04prdstr45a.store.core.windows.net *.blob.storage.azure.net *.z1.blob.storage.azure.net *.z2.blob.storage.azure.net *.z3.blob.storage.azure.net *.z4.blob.storage.azure.net *.z5.blob.storage.azure.net *.z6.blob.storage.azure.net *.z7.blob.storage.azure.net *.z8.blob.storage.azure.net *.z9.blob.storage.azure.net *.z10.blob.storage.azure.net *.z11.blob.storage.azure.net *.z12.blob.storage.azure.net *.z13.blob.storage.azure.net *.z14.blob.storage.azure.net *.z15.blob.storage.azure.net *.z16.blob.storage.azure.net *.z17.blob.storage.azure.net *.z18.blob.storage.azure.net *.z19.blob.storage.azure.net *.z20.blob.storage.azure.net *.z21.blob.storage.azure.net *.z22.blob.storage.azure.net *.z23.blob.storage.azure.net *.z24.blob.storage.azure.net *.z25.blob.storage.azure.net *.z26.blob.storage.azure.net *.z27.blob.storage.azure.net *.z28.blob.storage.azure.net *.z29.blob.storage.azure.net *.z30.blob.storage.azure.net *.z31.blob.storage.azure.net *.z32.blob.storage.azure.net *.z33.blob.storage.azure.net *.z34.blob.storage.azure.net *.z35.blob.storage.azure.net *.z36.blob.storage.azure.net *.z37.blob.storage.azure.net *.z38.blob.storage.azure.net *.z39.blob.storage.azure.net *.z40.blob.storage.azure.net *.z41.blob.storage.azure.net *.z42.blob.storage.azure.net *.z43.blob.storage.azure.net *.z44.blob.storage.azure.net *.z45.blob.storage.azure.net *.z46.blob.storage.azure.net *.z47.blob.storage.azure.net *.z48.blob.storage.azure.net *.z49.blob.storage.azure.net *.z50.blob.storage.azure.net"
          }
,         {
              "id"           : "cert_trust",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "OK",
              "finding"      : "Ok via SAN wildcard and CN wildcard (same w/o SNI)"
          }
,         {
              "id"           : "cert_trust_wildcard",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "LOW",
              "finding"      : "trust is via wildcard"
          }
,         {
              "id"           : "cert_chain_of_trust",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "OK",
              "finding"      : "passed."
          }
,         {
              "id"           : "cert_certificatePolicies_EV",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "INFO",
              "finding"      : "no"
          }
,         {
              "id"           : "cert_expirationStatus",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "OK",
              "finding"      : "103 >= 60 days"
          }
,         {
              "id"           : "cert_notBefore",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "INFO",
              "finding"      : "2026-01-23 13:07"
          }
,         {
              "id"           : "cert_notAfter",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "OK",
              "finding"      : "2026-07-22 13:07"
          }
,         {
              "id"           : "cert_extlifeSpan",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "OK",
              "finding"      : "certificate has no extended life time according to browser forum"
          }
,         {
              "id"           : "cert_eTLS",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "INFO",
              "finding"      : "not present"
          }
,         {
              "id"           : "cert_crlDistributionPoints",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "INFO",
              "finding"      : "http://www.microsoft.com/pkiops/crl/Microsoft%20Azure%20RSA%20TLS%20Issuing%20CA%2004.crl"
          }
,         {
              "id"           : "cert_ocspURL",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "INFO",
              "finding"      : "http://oneocsp.microsoft.com/ocsp"
          }
,         {
              "id"           : "OCSP_stapling",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "OK",
              "finding"      : "offered"
          }
,         {
              "id"           : "cert_ocspRevoked",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "OK",
              "finding"      : "not revoked"
          }
,         {
              "id"           : "cert_mustStapleExtension",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "INFO",
              "finding"      : "--"
          }
,         {
              "id"           : "DNS_CAArecord",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "OK",
              "finding"      : "contactemail=caarecordaware@microsoft.com"
          }
,         {
              "id"           : "certificate_transparency",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "OK",
              "finding"      : "yes (certificate extension)"
          }
,         {
              "id"           : "certs_countServer",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "INFO",
              "finding"      : "2"
          }
,         {
              "id"           : "certs_list_ordering_problem",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "INFO",
              "finding"      : "no"
          }
,         {
              "id"           : "cert_caIssuers",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "INFO",
              "finding"      : "Microsoft Azure RSA TLS Issuing CA 04 (Microsoft Corporation from US)"
          }
,         {
              "id"           : "intermediate_cert <#1>",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "INFO",
              "finding"      : "-----BEGIN CERTIFICATE-----\nMIIFrDCCBJSgAwIBAgIQCfluwpVVXyR0nq8eXc7UnTANBgkqhkiG9w0BAQwFADBhMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBHMjAeFw0yMzA2MDgwMDAwMDBaFw0yNjA4MjUyMzU5NTlaMF0xCzAJBgNVBAYTAlVTMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xLjAsBgNVBAMTJU1pY3Jvc29mdCBBenVyZSBSU0EgVExTIElzc3VpbmcgQ0EgMDQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDBeUy13eRZ/QC5bN7/IOGxodny7Xm2BFc88d3cca3yHyyVx1Y60+afY6DAo/2Ls1uzAfbDfMzAVWJazPH4tckaItDv//htEbbNJnAGvZPB4VqNviwDEmlAWT/MTAmzXfTgWXuUNgRlzZbjoFaPm+t6iJ6HdvDpWQAJbsBUZCgat257tM28JnAHUTWdiDBn+2z6EGh2DA6BCx04zHDKVSegLY8+5P80Lqze0d6i3T2JJ7rfxCmxUXfCGOv9iQIUZfhv4vCb8hsm/JdNUMiomJhSPa0bi3rda/swuJHCH//dwz2AGzZRRGdj7Kna4t6ToxK17lAF3Q6Qp368C9cE6JLMj+3UbY3umWCPRA5/Dms4/wl3GvDEw7HpyKsvRNPpjDZyiFzZGC2HZmGMsrZMT3hxmyQwmz1O3eGYdO5EIq1SW/vT1yShZTSusqmICQo5gWWRZTwCENekSbVX9qRr77o0pjKtuBMZTGQTixwpT/rgUl7Mr4M2nqK55Kovy/kUN1znfPdW/Fj9iCuvPKwKFdyt2RVgxJDvgIF/bNoRkRxhwVB6qRgs4EiTrNbRoZAHEFF5wRBf9gWn9HeoI66VtdMZvJRH+0/FDWB4/zwxS16nnADJaVPXh6JHJFYs9p0wZmvct3GNdWrOLRAG2yzbfFZS8fJcX1PYxXXo4By16yGWhQIDAQABo4IBYjCCAV4wEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQUO3DRU+l2JZ1gqMpmD8abrm9UFmowHwYDVR0jBBgwFoAUTiJUIBiV5uNu5g/6+rkS7QYXjzkwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjB2BggrBgEFBQcBAQRqMGgwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBABggrBgEFBQcwAoY0aHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0R2xvYmFsUm9vdEcyLmNydDBCBgNVHR8EOzA5MDegNaAzhjFodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRHbG9iYWxSb290RzIuY3JsMB0GA1UdIAQWMBQwCAYGZ4EMAQIBMAgGBmeBDAECAjANBgkqhkiG9w0BAQwFAAOCAQEAo9sJvBNLQSJ1e7VaG3cSZHBz6zjS70A1gVO1pqsmX34BWDPz1TAlOyJiLlA+eUF4B2OWHd3F//dJJ/3TaCFunjBhZudv3busl7flz42K/BG/eOdlg0kiUf07PCYY5/FKYTIch51j1moFlBqbglwkdNIVae2tOu0OdX2JiA+bprYcGxa7eayLetvPiA77ynTcUNMKOqYB41FZHOXe5IXDI5t2RsDM9dMEZv4+cOb9G9qXcgDar1AzPHEt/39335zCHofQ0QuItCDCDzahWZci9Nn9hb/SvAtPWHZLkLBG6I0iwGxvMwcTTc9Jnb4FlysrmQlwKsS2MphOoI23Qq3cSA==\n-----END CERTIFICATE-----"
          }
,         {
              "id"           : "intermediate_cert_fingerprintSHA256 <#1>",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "INFO",
              "finding"      : "33F9731BE910A66DC6ACD07D9D9CA212EE8D0A9A5C78C8BF3E89BB74DF8FB936"
          }
,         {
              "id"           : "intermediate_cert_notBefore <#1>",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "INFO",
              "finding"      : "2023-06-08 00:00"
          }
,         {
              "id"           : "intermediate_cert_notAfter <#1>",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "OK",
              "finding"      : "2026-08-25 23:59"
          }
,         {
              "id"           : "intermediate_cert_expiration <#1>",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "OK",
              "finding"      : "ok > 40 days"
          }
,         {
              "id"           : "intermediate_cert_chain <#1>",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "INFO",
              "finding"      : "Microsoft Azure RSA TLS Issuing CA 04 <-- DigiCert Global Root G2"
          }
,         {
              "id"           : "intermediate_cert_badOCSP",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "OK",
              "finding"      : "intermediate certificate(s) is/are ok"
          }
,         {
              "id"           : "scanTime",
              "ip"           : "stgcfi20260410t121838z.blob.core.windows.net/135.130.64.96",
              "port"         : "443",
              "severity"     : "INFO",
              "finding"      : "13"
          }
]