SSL Certificate Analysis for caltech.edu - Security Grade & TLS Configuration

Certificate Information

Subject

C=US, ST=California, O=California Institute of Technology, CN=caltech.edu

Issuer

C=US, O=Internet2, CN=InCommon RSA Server CA 2

Valid From

November 11, 2025

Valid Until

November 11, 2026 364 days

Public Key

RSA 2048 bit Adequate

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

4F:D6:AC:E1:9D:B0:8C:10:10:3E:0F:67:14:E3:FF:86:15:FF:6D:36:74:10:09:FE:06:06:41:2F:4C:A0:B8:B0

Alternative Names

42 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Basic

base-uri; font-src; frame-src; +11 more

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin-when-cross-origin

Permissions-Policy

Present

accelerometer=(), camera=(), gyroscope=(), magnetometer=(), microphone=()

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Improve CSP by adding more specific directives and removing 'unsafe-inline'

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

42 domains

caltech.edu admissions.caltech.edu alumni.caltech.edu aphms.caltech.edu bbe.caltech.edu biology.caltech.edu bond.caltech.edu brinsonhub.caltech.edu cms.caltech.edu cns.caltech.edu csa.caltech.edu eands.caltech.edu eas.caltech.edu ee.caltech.edu einstein.caltech.edu finaid.caltech.edu galcit.caltech.edu gps.caltech.edu hpc.caltech.edu hss.caltech.edu imss.caltech.edu jobs.caltech.edu kiss.caltech.edu lncrna.caltech.edu mayo.caltech.edu mems.caltech.edu ogc.caltech.edu pma.caltech.edu quarantine.caltech.edu registermydevice.caltech.edu spamtrap.caltech.edu srl.caltech.edu studaff.caltech.edu techer.caltech.edu vis.caltech.edu vision.caltech.edu www.csa.caltech.edu www.srl.caltech.edu www.techer.caltech.edu

Other domains in certificate

caltech.info

caltech.net

caltech.org