SSL Certificate Analysis for webmail.tiaga.com - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Certificate Information

Subject

CN=huevos.io

Issuer

C=US, O=Let's Encrypt, CN=R12

Valid From

February 07, 2026

Valid Until

May 08, 2026 88 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

90:D0:AA:DC:0A:B8:FF:6C:4A:93:DA:9A:F4:BE:36:0D:EC:EE:AB:03:6D:F1:5C:43:46:88:7C:D8:C9:05:AE:65

Alternative Names

90 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

90 domains

tiaga.com *.tiaga.com *.api.tiaga.com *.app.tiaga.com *.dev.tiaga.com *.mail.tiaga.com *.pfsqx.tiaga.com *.sitemap.tiaga.com *.sitemaps.tiaga.com *.ssl.tiaga.com *.test.tiaga.com *.vpn.tiaga.com *.webmail.tiaga.com *.ww38.tiaga.com

Other domains in certificate

956349.cc *.956349.cc *.ww25.956349.cc *.ww38.956349.cc *.www.956349.cc *.wwww.956349.cc

betitbet344.com *.betitbet344.com

cima4uu.space *.cima4uu.space *.www.cima4uu.space

*.api.conexaosul.com conexaosul.com *.conexaosul.com *.dev.conexaosul.com *.hostmaster.conexaosul.com *.mail.conexaosul.com *.sitemaps.conexaosul.com *.test.conexaosul.com *.vpn.conexaosul.com

cuan55boss.cfd *.cuan55boss.cfd *.l0r4m.cuan55boss.cfd *.rczhl.cuan55boss.cfd

equipox.online *.equipox.online

f168.net *.f168.net

*.badantesubito.groupworking.it groupworking.it *.groupworking.it

huevos.io *.huevos.io

kycloud.xyz *.kycloud.xyz *.ww1.kycloud.xyz *.www.kycloud.xyz

*.app.mahakaal.com *.beheer.mahakaal.com *.connect.mahakaal.com *.dev.mahakaal.com *.gateway.mahakaal.com *.gp.mahakaal.com *.gw.mahakaal.com *.jai1.mahakaal.com mahakaal.com *.mahakaal.com *.portal.mahakaal.com *.ra.mahakaal.com *.rd.mahakaal.com *.rds.mahakaal.com *.remote.mahakaal.com *.remoteapp.mahakaal.com *.sitemaps.mahakaal.com *.sslvpn.mahakaal.com *.store.mahakaal.com *.test.mahakaal.com *.vpn.mahakaal.com *.vpn2.mahakaal.com *.vpnssl.mahakaal.com *.webmail.mahakaal.com *.webvpn.mahakaal.com *.wp.mahakaal.com

*.m.natpu.com natpu.com *.natpu.com

outliving.com.au *.outliving.com.au *.thecollective.outliving.com.au

perceval.online *.perceval.online

*.owa.raling.com raling.com *.raling.com *.ww25.raling.com *.www.raling.com