A+
stripe.com
Certificate
subjectSERIALNUMBER=4675506,CN=stripe.com,O=Stripe\, Inc,L=South San Francisco,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553
issuerDigiCert Global G3 TLS ECC SHA384 2020 CA1 · DigiCert Inc · US
sansstripe.com, www.stripe.com
keyECDSA 256
seriald845a5741f62397a346a389fb293b6f
valid from2026-05-27
expires2026-09-03 (78 days)
chain2 certs · valid
ocsp stapling✗ missing
scts✗ none
Chain
leafstripe.com
issuerDigiCert Global G3 TLS ECC SHA384 2020 CA1
keyECDSA 256 · ECDSA-SHA384
expires2026-09-03 (78d)
rootDigiCert Global G3 TLS ECC SHA384 2020 CA1
issuerDigiCert Global Root G3
keyECDSA 384 · ECDSA-SHA384
expires2031-04-13 (1761d)
Protocol
tls 1.3✓ supported
tls 1.2✓ supported
tls 1.1✗ disabled
tls 1.0✗ disabled
key exchangeECDHE (TLS 1.3)
forward secrecy✓ yes
Cipher Suites
total12 suites
strong6
acceptable2
weak4
TLS 1.3
AES-256-GCM-SHA384
TLS 1.2
ECDHE-RSA AES-128-CBC-SHAECDHE-RSA AES-256-CBC-SHAECDHE-ECDSA AES-128-GCM-SHA256ECDHE-RSA AES-128-GCM-SHA256ECDHE-RSA AES-256-GCM-SHA384ECDHE-RSA CHACHA20-POLY1305-SHA256ECDHE-ECDSA CHACHA20-POLY1305-SHA256RSA AES-128-CBC-SHARSA AES-256-CBC-SHARSA AES-128-GCM-SHA256RSA AES-256-GCM-SHA384
Transport
hsts✓ max-age=63072000
includeSubDomains✓
preload directive✓
preload list✓ listed
http/2✓ supported
http/3—
DNS Security
dnssec✗ unsigned
caaiodef mailto:caa-violations@stripe.com, issue amazon.com, issue digicert.com, issue visa.com
dane / tlsa—
Compliance
PCI DSS 4.0✗ 1 issue: Weak/insecure ciphers: TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_GCM_SHA256 +1 more
NIST 800-52r2✗ 1 issue: Weak/insecure ciphers: TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_GCM_SHA256 +1 more
HIPAA✗ 1 issue: Insecure ciphers: TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_GCM_SHA256 +1 more
transport-layer checks only