SSL Certificate Analysis for crm.aplocksmith.com - Security Grade & TLS Configuration

Certificate Information

Subject

CN=domainsentry.com

Issuer

C=US, O=Let's Encrypt, CN=R12

Valid From

February 08, 2026

Valid Until

May 09, 2026 89 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

AA:57:14:5D:B6:D7:26:C0:BA:D1:8D:2B:60:22:68:CB:1F:4F:91:D2:48:82:CE:E0:8F:87:B4:7C:9C:F5:01:29

Alternative Names

74 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

74 domains

aplocksmith.com *.aplocksmith.com *.api.aplocksmith.com *.backup.aplocksmith.com *.beta.aplocksmith.com *.blog.aplocksmith.com *.crm.aplocksmith.com *.sitemap.aplocksmith.com *.sitemaps.aplocksmith.com

Other domains in certificate

adamsfam.com *.adamsfam.com *.app.adamsfam.com *.asa.adamsfam.com *.forums.adamsfam.com *.gateway.adamsfam.com *.laravel.adamsfam.com *.mail.adamsfam.com *.mobileconnect.adamsfam.com *.remote.adamsfam.com *.vpngw.adamsfam.com *.vpnssl.adamsfam.com

brainfold.com *.brainfold.com

cammcorder.de *.cammcorder.de

domainsentry.com *.domainsentry.com *.random.domainsentry.com

environmentalservices.com.au *.environmentalservices.com.au

excellerators.com *.excellerators.com *.random.excellerators.com

jonapps.com *.jonapps.com *.oc.jonapps.com *.slippysantarush.jonapps.com *.trecker.jonapps.com

*.dev.kongdeetourthai.com kongdeetourthai.com *.kongdeetourthai.com *.random.kongdeetourthai.com

onlinebottycall.com *.onlinebottycall.com *.ww38.onlinebottycall.com

*.60e583c79d095.plushome.it plushome.it *.plushome.it *.vzuw1iy1.plushome.it

ruhi.studio *.ruhi.studio

*.ad.secure-deliver.com *.dd1.secure-deliver.com *.dd2.secure-deliver.com *.p1.secure-deliver.com *.p2.secure-deliver.com *.p3.secure-deliver.com secure-deliver.com *.secure-deliver.com *.wc.secure-deliver.com

t20.life *.t20.life

*.hostmaster.thrient.com *.random.thrient.com thrient.com *.thrient.com

tondacic.co.uk *.tondacic.co.uk

*.random.whitesmokevape.com whitesmokevape.com *.whitesmokevape.com *.ww38.whitesmokevape.com

zrx.com.au *.zrx.com.au