SSL Certificate Analysis for twolibertyboston.com - Security Grade & TLS Configuration

SSL Verification Bypassed

The server's SSL certificate could not be verified. The analysis was completed using insecure mode. Data may be less reliable.

Reason:

Expired Certificate - the server's certificate has expired

Open Cached · just now

55/100 SECURITY SCORE

Certificate Information

Subject

C=US, ST=Illinois, L=Chicago, O=Jones Lang LaSalle IP, Inc., CN=230congress.com

Issuer

C=US, O=DigiCert Inc, CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1

Valid From

March 11, 2024

Valid Until

March 10, 2025 Expired

Public Key

RSA 2048 bit Adequate

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

A9:18:43:37:75:5E:BC:6A:40:75:E3:B6:A4:57:EA:7C:F1:A5:B7:9D:DB:0A:40:82:E9:1D:15:37:9A:39:20:91

Alternative Names

16 domains

Security Configuration

TLS Protocols

TLS 1.0 TLS 1.1 TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

Warnings

• TLS 1.1 is deprecated and should be disabled
• TLS 1.0 is deprecated and should be disabled

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

16 domains

twolibertyboston.com www.twolibertyboston.com

Other domains in certificate

230congress.com www.230congress.com

260franklinstreet.com www.260franklinstreet.com

lafayetteccboston.com www.lafayetteccboston.com

onebeaconstreet.com www.onebeaconstreet.com

onepostofficesq.com www.onepostofficesq.com

pennplaceframingham.com www.pennplaceframingham.com

presidentsplacequincy.com www.presidentsplacequincy.com