SSL Certificate Analysis for orchardatapple.com - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Certificate Information

Subject

C=US, ST=California, O=Apple Inc., CN=me.com

Issuer

C=US, O=Apple Inc., CN=Apple Public Server RSA CA 1 - G1

Valid From

January 30, 2026

Valid Until

April 30, 2026 27 days

Public Key

RSA 2048 bit Adequate

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

97:02:BC:E5:04:5C:0D:78:36:C0:93:69:AF:7F:9C:1D:C8:F2:06:9D:12:FF:D9:4C:E5:82:D4:BA:BB:98:A7:2F

Alternative Names

57 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=63072000; includeSubdomains; preload

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Configured (Restricts certificate issuance)

Current Issuer

Not Authorized (Potential misconfiguration)

Authorized CAs

pki.apple.com

Wildcard CAs

pki.apple.com

Incident Reporting

mailto:[email protected]

CAA Issues

• CRITICAL: Current certificate issuer 'C=US, O=Apple Inc., CN=Apple Public Server RSA CA 1 - G1' is NOT authorized by CAA records. Authorized CAs: pki.apple.com

Recommendations

• Consider using critical flag (flags=128) for stricter CAA enforcement

Subject Alternative Names

57 domains

orchardatapple.com www.orchardatapple.com

Other domains in certificate

me.com www.me.com

metapushpin.com www.metapushpin.com

mobileme.com www.mobileme.com

myappleid.com www.myappleid.com

myicloudid.com www.myicloudid.com

myiphoneid.com www.myiphoneid.com

newton.com www.newton.com

next.com www.next.com

nothingreal.com www.nothingreal.com

omegamap.com www.omegamap.com

oneline-apple-store.com www.oneline-apple-store.com

online-apple-store.com www.online-apple-store.com

onlineapplestore.com www.onlineapplestore.com

orchardisdope.com www.orchardisdope.com

mandrill.organicfruitapps.com resources.organicfruitapps.com union.organicfruitapps.com

osxlionlaunchpad.com www.osxlionlaunchpad.com

pixelmatorpro.com www.pixelmatorpro.com

pixelmatorteam.com www.pixelmatorteam.com

playquicktime.com www.playquicktime.com

polyesterdinosaur.com www.polyesterdinosaur.com

powerbook.com www.powerbook.com

prismo.com www.prismo.com

publishing-research.com

publishing-survey.com

publishingsurvey.com

qapple.com www.qapple.com

quicktime.com www.quicktime.com

quicktimestreaming.com

quicktimetv.com www.quicktimetv.com