SSL Certificate Analysis for cloud.crnf.org - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Detected Technologies

See all in URL Inspect 1

Let's Encrypt Active incidents

Certificate Information

Subject

CN=03279.my

Issuer

C=US, O=Let's Encrypt, CN=R12

Valid From

May 27, 2026

Valid Until

August 25, 2026 65 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

F1:16:3C:0C:45:6B:7E:27:20:C1:62:01:19:55:AE:F2:D7:B3:B4:F0:9C:01:87:C1:64:7D:39:C8:FC:C6:27:6A

Alternative Names

90 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

90 domains

crnf.org *.crnf.org

Other domains in certificate

03279.my *.03279.my

07271.my *.07271.my

12351.my *.12351.my

16754.my *.16754.my

1x-bet31616.world *.1x-bet31616.world

35415.my *.35415.my

39122.my *.39122.my

41174.my *.41174.my

41981.my *.41981.my

458023.blog *.458023.blog

751514.gdn *.751514.gdn

77188.my *.77188.my

781.me *.781.me

78800.my *.78800.my

84939.my *.84939.my

86913.me *.86913.me

89019.my *.89019.my

90519.my *.90519.my

90526.my *.90526.my

90537.my *.90537.my

92121.my *.92121.my

92901.my *.92901.my

95073.vip *.95073.vip

95968.my *.95968.my

97625.my *.97625.my

9movies.info *.9movies.info

forwomenconsulting.net *.forwomenconsulting.net

handofart.com *.handofart.com

hehh.org *.hehh.org

hk93.my *.hk93.my

kinggadgets.com *.kinggadgets.com

koqio.my *.koqio.my

lauxanh.cc *.lauxanh.cc

ldkbn.my *.ldkbn.my

ldkgr.my *.ldkgr.my

pioneersquare.net *.pioneersquare.net

playiwin.space *.playiwin.space

playiwin.store *.playiwin.store

qjckn.gdn *.qjckn.gdn

reviveintimacy.life *.reviveintimacy.life

solidbasegardens.com *.solidbasegardens.com

unforgettable-desert-899402848.click *.unforgettable-desert-899402848.click

vawe-africa.com *.vawe-africa.com

wetdoctor.com *.wetdoctor.com