SSL Certificate Analysis for bitnoi.com - Security Grade & TLS Configuration

Certificate Information

Subject

CN=striano.com

Issuer

C=US, O=Let's Encrypt, CN=R13

Valid From

February 01, 2026

Valid Until

May 02, 2026 82 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

E2:AF:7B:B9:D7:F5:61:FC:2A:D8:18:EB:8C:B0:BD:ED:5F:90:C5:F5:8B:0C:1D:22:D2:03:8C:26:7D:20:C3:37

Alternative Names

90 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

90 domains

bitnoi.com *.bitnoi.com *.utm.bitnoi.com

Other domains in certificate

akredite.com *.akredite.com *.webvpn.akredite.com

ayris.com *.ayris.com *.ww25.ayris.com

ecomovers.info *.ecomovers.info

*.8b22db57-df8f-4266-a78a-4b0c92d73942.greatpowerai.com greatpowerai.com *.greatpowerai.com *.rd.greatpowerai.com

lklfx.net *.lklfx.net

lm99d4.top *.lm99d4.top

medtelsite.com *.medtelsite.com

mesmd.com *.mesmd.com

mp187.top *.mp187.top

negfy.shop *.negfy.shop

owzvl.bid *.owzvl.bid

packages-zanzibar-and-safari-010.cfd *.packages-zanzibar-and-safari-010.cfd

pahscdjwhyffstnmvxhb.com *.pahscdjwhyffstnmvxhb.com

panen-gg.pro *.panen-gg.pro

peemy.gdn *.peemy.gdn

*.api.projeny.com *.backup.projeny.com projeny.com *.projeny.com

qrqgz.pro *.qrqgz.pro

quanter.io *.quanter.io

rq323.top *.rq323.top

sassyscene.com *.sassyscene.com

scpropertymanagers.com *.scpropertymanagers.com

sportiberias.com *.sportiberias.com

*.admin.striano.com *.drvpn.striano.com striano.com *.striano.com

trueviewing.com *.trueviewing.com

turd.lol *.turd.lol

tzkf63q2.top *.tzkf63q2.top

usemedtel.com *.usemedtel.com

uu03.top *.uu03.top

vaccarello.com *.vaccarello.com *.ww38.vaccarello.com

vecaku.my *.vecaku.my

vrm62zi.top *.vrm62zi.top

wgqbop.net *.wgqbop.net

workplacelawyer938849.icu *.workplacelawyer938849.icu

wrfgo.academy *.wrfgo.academy

wyvernschool.info *.wyvernschool.info

xcovr.com *.xcovr.com

xn--tgt35w.com *.xn--tgt35w.com

ygfvc.pro *.ygfvc.pro

ygfvi.pro *.ygfvi.pro