SSL Certificate Analysis for springboot.dmt.vision - Security Grade & TLS Configuration

Certificate Information

Subject

CN=31213.locker

Issuer

C=US, O=Let's Encrypt, CN=R12

Valid From

February 03, 2026

Valid Until

May 04, 2026 85 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

DC:EF:80:A3:68:4E:CF:D7:C2:9F:10:0F:37:95:4B:BD:26:70:F9:70:D5:84:DC:AE:AC:BB:16:01:B6:4F:F4:AC

Alternative Names

89 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

89 domains

dmt.vision *.dmt.vision *.aya.dmt.vision

Other domains in certificate

31213.locker *.31213.locker

318987.vip *.318987.vip

325173.com *.325173.com

33724.pizza *.33724.pizza

371029.com *.371029.com

378008.com *.378008.com

3fj9fk.cc *.3fj9fk.cc

3y7456.top *.3y7456.top

40933.academy *.40933.academy

428649.cc *.428649.cc

444lb.com *.444lb.com

4727.top *.4727.top

481795.cc *.481795.cc

482219.pro *.482219.pro

72556666.top *.72556666.top

73787.bid *.73787.bid

73956.pizza *.73956.pizza

adampark.org *.adampark.org

adyqhi.net *.adyqhi.net

alnawahad.com *.alnawahad.com

apphonehealth.com *.apphonehealth.com

arcadevogue.com *.arcadevogue.com

asteimmobiliare.it *.asteimmobiliare.it

azar.it *.azar.it

b3nto.com *.b3nto.com

carwale.co *.carwale.co

cephaderm.com *.cephaderm.com

chaptersctc.org *.chaptersctc.org

cinquantina.it *.cinquantina.it

classicnudes.net *.classicnudes.net

comandofilmes.club *.comandofilmes.club

consulentecommerciale.it *.consulentecommerciale.it

cresol.it *.cresol.it

crm-software-de-02.click *.crm-software-de-02.click

czykzw.net *.czykzw.net

daikin-jumai.com *.daikin-jumai.com

deeplevora.com *.deeplevora.com

detailedweddingscraft.beauty *.detailedweddingscraft.beauty

digitaltraveljourneys.live *.digitaltraveljourneys.live

dorman.it *.dorman.it

dreamyfoodpathway.food *.dreamyfoodpathway.food

drimmedia.com *.drimmedia.com

easternart.it *.easternart.it