SSL Certificate Analysis for ambassify.eu - Security Grade & TLS Configuration

Certificate Information

Subject

CN=ambassify.eu

Issuer

C=US, O=Let's Encrypt, CN=E7

Valid From

January 23, 2026

Valid Until

April 23, 2026 80 days

Public Key

ECDSA 256 bit (P-256) Adequate

Signature Algorithm

ECDSA-SHA384

SHA-256 Fingerprint

0C:8C:D2:5E:B6:EC:40:2A:08:3F:10:64:B6:2F:A2:C2:38:D4:22:73:F0:B6:45:9A:F6:CF:6C:AC:D8:EA:14:63

Alternative Names

3 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=31536000; includeSubDomains; preload

Content-Security-Policy

Weak

upgrade-insecure-requests

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Present

same-origin

Permissions-Policy

Present

geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()

Recommendations

• Significantly strengthen CSP directives

CAA Records (Certificate Authority Authorization)

CAA Records

Configured (Restricts certificate issuance)

Current Issuer

Authorized (Matches CAA policy)

Authorized CAs

amazon.com digicert.com letsencrypt.org

Wildcard CAs

digicert.com letsencrypt.org amazon.com

Incident Reporting

mailto:[email protected]

Recommendations

• Consider using critical flag (flags=128) for stricter CAA enforcement

Subject Alternative Names

3 domains

ambassify.eu *.ambassify.eu *.internal.ambassify.eu