Open
Cached
·
just now
79/100
SECURITY SCORE
Certificate Information
Subject
UNKNOWN={:asn1_OPENTYPE, <<19, 2, 70, 82>>}, UNKNOWN={:asn1_OPENTYPE, <<12, 14, 195, 142, 108, 101, 45, 100, 101, 45, 70, 114, 97, 110, 99, 101>>}, UNKNOWN={:asn1_OPENTYPE, <<19, 5, 80, 97, 114, 105, 115>>}, UNKNOWN={:asn1_OPENTYPE, <<12, 20, 80, 114, 105, 118, 97, 116, 101, 32, 79, 114, 103, 97, 110, 105, 122, 97, 116, 105, 111, 110>>}, UNKNOWN=662 042 449, C=FR, L=Montreuil, O=BNP PARIBAS SA, CN=www.cetelem.es
Issuer
C=US, O=DigiCert Inc, CN=Thawte EV RSA CA G2
Valid From
July 13, 2025
Valid Until
July 14, 2026
224 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
6B:04:04:99:F4:36:B4:C1:43:01:99:EE:93:1C:C9:3A:13:A8:B2:80:0B:B0:94:87:09:E1:4F:7D:92:F8:CD:8B
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
Forward Secrecy
Limited
(Check cipher configuration)
Warnings
- • TLS 1.3 is not supported (recommended)
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports