SSL Certificate Analysis for firewall.lipeck.com - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Certificate Information

Subject

CN=lipeck.com

Issuer

C=US, O=Let's Encrypt, CN=R13

Valid From

February 01, 2026

Valid Until

May 02, 2026 80 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

94:EE:AD:26:84:95:57:66:74:06:55:14:A8:28:31:2A:99:91:A9:61:44:98:C7:55:F4:F2:A8:CD:76:77:88:51

Alternative Names

90 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

90 domains

lipeck.com *.lipeck.com *.cpcontacts.lipeck.com

Other domains in certificate

amtemu.vip *.amtemu.vip *.cpanel.amtemu.vip *.cpcontacts.amtemu.vip *.dc-5aee9857298f.amtemu.vip *.dc-af49924d637b.amtemu.vip *.mail.amtemu.vip *.official.amtemu.vip *.spidermangames1.amtemu.vip *.webdisk.amtemu.vip *.webmail.amtemu.vip *.ww25.amtemu.vip *.ww38.amtemu.vip *.www.amtemu.vip

arsip.com *.arsip.com *.lk21.arsip.com

*.a.ccuweather.com ccuweather.com *.ccuweather.com *.onelink.ccuweather.com

*.gogs.imadoki.com imadoki.com *.imadoki.com

*.mail.maklaren.com maklaren.com *.maklaren.com

*.3g.micresoft.com *.ads.micresoft.com *.auth.micresoft.com *.billing.micresoft.com *.cctn.micresoft.com *.coach.micresoft.com *.copilot.micresoft.com *.dotnet.micresoft.com *.download.micresoft.com *.fabric.micresoft.com *.ffffffffffff.micresoft.com *.fund.micresoft.com *.get.micresoft.com *.guide.micresoft.com *.help.micresoft.com *.httpwsoa.micresoft.com *.hwsoa.micresoft.com *.learn.micresoft.com *.leportal.micresoft.com *.login.micresoft.com *.manage.micresoft.com *.mangage.micresoft.com micresoft.com *.micresoft.com *.research.micresoft.com *.teams.micresoft.com *.test3.micresoft.com *.update.micresoft.com *.visualstudio.micresoft.com *.windows.micresoft.com *.windows365.micresoft.com *.wvd.micresoft.com *.www.micresoft.com *.xl.micresoft.com *.xyz123.micresoft.com *.zs.micresoft.com

*.agustinos.recoletos.com *.app.recoletos.com *.auth.recoletos.com *.citrix.recoletos.com *.hostmaster.recoletos.com *.mx.recoletos.com *.mxs.recoletos.com *.plataformadigital.recoletos.com *.rds1.recoletos.com recoletos.com *.recoletos.com *.remote.recoletos.com *.sitemaps.recoletos.com *.vpn.recoletos.com *.vpn2.recoletos.com *.vpnssl.recoletos.com *.ww16.recoletos.com *.ww25.recoletos.com *.ww38.recoletos.com *.www.recoletos.com

*.elements.sendbutton.click *.paltalk.sendbutton.click sendbutton.click *.sendbutton.click