SSL Certificate Analysis for ec2-52-87-65-227.compute-1.amazonaws.com - Security Grade & TLS Configuration

SSL Verification Bypassed

The server's SSL certificate could not be verified. The analysis was completed using insecure mode. Data may be less reliable.

Reason:

Hostname Mismatch - certificate is issued for *.data.precisely.services, *.qa-my-datamarketplace.com, qa-my-datamarketplace.com, data.precisely.services, not for ec2-52-87-65-227.compute-1.amazonaws.com

Open Cached · just now

91/100 SECURITY SCORE

Certificate Information

Subject

CN=*.data.precisely.services

Issuer

C=US, O=Amazon, CN=Amazon RSA 2048 M02

Valid From

February 20, 2025

Valid Until

March 22, 2026 99 days

Public Key

RSA 2048 bit Adequate

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

42:FA:BC:80:AC:60:AC:72:6D:7C:F1:D0:83:09:C1:68:68:08:48:6F:B0:B6:90:BF:3F:92:4C:B4:8F:73:A7:25

Alternative Names

4 domains

Security Configuration

TLS Protocols

TLS 1.2

Forward Secrecy

Limited (Check cipher configuration)

Warnings

• TLS 1.3 is not supported (recommended)

HTTP Security Headers

Status

Strict-Transport-Security

Good

max-age=31536000; includeSubDomains

Content-Security-Policy

Good

default-src; frame-src; script-src; +12 more

default-src 'self';frame-src 'self' https://*.precisely.services https://*.precisely.com https://*.userzoom.com https://www.google.com/ https://app.qualified.com/;script-src 'self' https://*.virtualearth.net https://*.google-analytics.com https://*.userzoom.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.googletagmanager.com https://*.qualified.com 'sha256-y1MzBe5Apy0TFVcQh3UwRWHPgLueILzasHjCE+DIDPM=' 'sha256-95W+KpeBYvdkLzuaEVRi6xFKqpQQilnjSxm3kq1u0WE=' 'sha256-PxvlzzcfpeEMQK0dbQ9jGqWNaCfSedlw1ssrMzwkW00=' 'sha256-bwPvtPhVraosHhkZmbL164Vt25dXu20VPffXGS97DU0=' 'sha256-KJTqY1Q6PkROX21swgMKp2T0fPNUdUo6kKmbIYcH5qo=';script-src-elem 'self' https://*.virtualearth.net https://*.google-analytics.com https://*.userzoom.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.googletagmanager.com https://*.qualified.com 'sha256-y1MzBe5Apy0TFVcQh3UwRWHPgLueILzasHjCE+DIDPM=' 'sha256-95W+KpeBYvdkLzuaEVRi6xFKqpQQilnjSxm3kq1u0WE=' 'sha256-H8s4Y0droUeKRIePlriNSLNKT6En2tRWl7ORgEng6wk=' 'sha256-PxvlzzcfpeEMQK0dbQ9jGqWNaCfSedlw1ssrMzwkW00=' 'sha256-kAswFx6JS9qRFy0xuUDlVL6+WwgzbEi1EBCvvkSID9g=' 'sha256-H7sjlj0tr2T6P5dseAYJeIxTr6kFtW3/dn722TyrGWs=' 'sha256-l07frNlJlAmQD6HxxMA4+VHqauzjzahrZLzVrThh8wQ=' 'sha256-KJTqY1Q6PkROX21swgMKp2T0fPNUdUo6kKmbIYcH5qo=';style-src 'self' 'unsafe-inline' https://*.userzoom.com;connect-src 'self' https://*.sumologic.com wss://localhost:4041 https://*.precisely.com https://*.precisely.services https://www.google-analytics.com https://*.virtualearth.net https://*.userzoom.com wss://ws.qualified.com https://*.qualified.com;img-src 'self' data: https://api.precisely.com https://*.google-analytics.com https://*.virtualearth.net https://*.userzoom.com https://js.qualified.com;media-src https://js.qualified.com;base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Present

same-origin

Permissions-Policy

Present

autoplay=(), camera=(), display-capture=(), encrypted-media=(), fullscreen=(), geolocation=(self), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(self), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), usb=(), web-share=(), xr-spatial-tracking=()

Recommendations

• Consider adding 'preload' to HSTS for maximum security
• Strengthen CSP by removing 'unsafe-eval'

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

4 domains

data.precisely.services *.data.precisely.services

qa-my-datamarketplace.com *.qa-my-datamarketplace.com