Open
Cached
·
just now
71/100
SECURITY SCORE
Certificate Information
Subject
C=US, ST=Illinois, O=University of Illinois, CN=www2.wcms.uillinois.edu
Issuer
C=US, O=Internet2, CN=InCommon RSA Server CA 2
Valid From
November 25, 2025
Valid Until
November 25, 2026
317 days
Public Key
RSA
4096 bit
Strong
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
EB:79:48:EE:6C:F7:00:6C:E1:95:D8:3F:29:2B:FF:DB:BB:48:E4:60:0A:8E:D2:A8:F3:0B:F0:25:B1:F0:0F:89
Alternative Names
Security Configuration
TLS Protocols
TLS 1.0
TLS 1.1
TLS 1.2
Forward Secrecy
Limited
(Check cipher configuration)
Warnings
- • TLS 1.3 is not supported (recommended)
- • TLS 1.1 is deprecated and should be disabled
- • TLS 1.0 is deprecated and should be disabled
HTTP Security Headers
Status
Strict-Transport-Security
Missing
Not configured
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Add Strict-Transport-Security header with max-age of at least 1 year
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Configured
(Restricts certificate issuance)
Current Issuer
Not Authorized
(Potential misconfiguration)
Authorized CAs
Wildcard CAs
CAA Issues
- • CRITICAL: Current certificate issuer 'C=US, O=Internet2, CN=InCommon RSA Server CA 2' is NOT authorized by CAA records. Authorized CAs: amazon.com, comodoca.com, amazonaws.com, awstrust.com, amazontrust.com
Recommendations
- • Consider using critical flag (flags=128) for stricter CAA enforcement
- • You have authorized 5 CAs - consider limiting to only the CAs you actively use
- • Consider adding 'iodef' records to receive notifications about unauthorized certificate issuance attempts
Subject Alternative Names
52 domains
uillinois.edu
apps.uillinois.edu
bot.uillinois.edu
cfo.uillinois.edu
cybersecurity.uillinois.edu
dpi.uillinois.edu
github.uillinois.edu
icardperks.uillinois.edu
iin.uillinois.edu
innovation.uillinois.edu
investorrelations.uillinois.edu
smo.uillinois.edu
uaps.uillinois.edu
vpaa.uillinois.edu
web.uillinois.edu
sws.spwebprod.uillinois.edu
www.apps.uillinois.edu
www.bot.uillinois.edu
www.cfo.uillinois.edu
www.cybersecurity.uillinois.edu
www.dpi.uillinois.edu
www.icardperks.uillinois.edu
www.iin.uillinois.edu
www.innovation.uillinois.edu
www.investorrelations.uillinois.edu
www.smo.uillinois.edu
www.uaps.uillinois.edu
www.vpaa.uillinois.edu
www2.wcms.uillinois.edu
www.icardperks.org
cybersecurity.illinois.edu
diversity.illinois.edu
endpointservices.illinois.edu
github.illinois.edu
istc.illinois.edu
isws.illinois.edu
smo.illinois.edu
uniprimary.illinois.edu
www.cybersecurity.illinois.edu
www.diversity.illinois.edu
www.endpointservices.illinois.edu
www.istc.illinois.edu
www.isws.illinois.edu
www.smo.illinois.edu
www.uniprimary.illinois.edu
plandenergy.com
www.plandenergy.com
clery.uic.edu
github.uic.edu
www.clery.uic.edu
cybersecurity.uis.edu
www.cybersecurity.uis.edu
Other domains in certificate