SSL/TLS Analysis for www.ibm.com
Analyzed on November 02, 2025 at 13:44 UTC
Security Score
85
/
100
Certificate Information
Subject
C=US, ST=New York, L=Armonk, O=International Business Machines Corporation, CN=www.ibm.com
Issuer
C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1
Valid From
March 03, 2025
Valid Until
March 03, 2026
121 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
2C:69:20:A8:EF:4F:B9:D1:48:20:36:F8:8C:B5:E4:51:7B:DE:12:F3:F0:CD:45:5D:CE:C2:0A:0D:36:36:CF:23
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31536000
Content-Security-Policy
Weak
upgrade-insecure-requests
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Significantly strengthen CSP directives
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
64 domains
ibm.com
assets.ibm.com
developer.ibm.com
myibm.ibm.com
partnerportal.ibm.com
ts-api.ibm.com
www-01.ibm.com
www-03.ibm.com
www-05.ibm.com
www-06.ibm.com
www-112.ibm.com
www-2000.ibm.com
www-356.ibm.com
www-40.ibm.com
www-50.ibm.com
www-935.ibm.com
www-946.ibm.com
www-969.ibm.com
www-969stage.ibm.com
www-api.ibm.com
www.ibm.com
wwwpoc-112.ibm.com
wwwpoc.ibm.com
wwwstage-api.ibm.com
wwwstage.ibm.com
wwwtest-112.ibm.com
wwwtest.ibm.com
api.marketplace.ibm.com
demo.marketplace.ibm.com
dev-ext.assets.ibm.com
dev.partnerportal.ibm.com
infra-ext.assets.ibm.com
int.partnerportal.ibm.com
manage-stage.marketplace.ibm.com
manage.marketplace.ibm.com
open.marketplace.ibm.com
platform-console.marketplace.ibm.com
preprod-ext.assets.ibm.com
preview.marketplace.ibm.com
prod.ts-api.ibm.com
stage-ext.assets.ibm.com
stage.partnerportal.ibm.com
test-poc.ts-api.ibm.com
test.ts-api.ibm.com
www.developer.ibm.com
www.atss001uat.at.smi.ibm.com
1.cms.s81c.com
1.cmsnew.s81c.com
1.cmspoc.s81c.com
1.cmsstage.s81c.com
1.cmsstagenew.s81c.com
1.cmstest.s81c.com
1.dam.s81c.com
1.damstage.s81c.com
1.www.s81c.com
1.wwwstage.s81c.com
cdn-prod-edit.cms.ibm.net
www.nic.ibm
ap.cms.s81c.com
api.www.s81c.com
eu.cms.s81c.com
mp.s81c.com
us.cms.s81c.com
usmr.cms.s81c.com
Other domains in certificate