SSL Certificate Analysis for yoursrs.com - Security Grade & TLS Configuration

SSL Verification Bypassed

The server's SSL certificate could not be verified. The analysis was completed using insecure mode. Data may be less reliable.

Reason:

Hostname Mismatch - certificate is issued for dm.realtimeregister.com, api.yoursrs.com, adac.realtimeregister.com, adac.api.yoursrs.com, rdap.yoursrs.com, not for yoursrs.com

Open Cached · just now

89/100 SECURITY SCORE

Certificate Information

Subject

UNKNOWN={:asn1_OPENTYPE, <<19, 2, 78, 76>>}, UNKNOWN={:asn1_OPENTYPE, <<12, 20, 80, 114, 105, 118, 97, 116, 101, 32, 79, 114, 103, 97, 110, 105, 122, 97, 116, 105, 111, 110>>}, UNKNOWN=05074456, C=NL, ST=Overijssel, L=Zwolle, O=Realtime Register B.V., CN=dm.realtimeregister.com

Issuer

C=NL, O=PerfectSSL, CN=PerfectSSL

Valid From

April 08, 2026

Valid Until

October 23, 2026 196 days

Public Key

RSA 2048 bit Adequate

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

DF:5F:F3:DD:B0:E9:02:F1:62:8D:96:F6:B1:4B:B9:B4:C9:EB:52:A0:51:52:6A:A6:A6:E1:67:CC:3C:1C:72:23

Alternative Names

5 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=31536000; includeSubDomains; preload

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin

Permissions-Policy

Present

geolocation=(), midi=(), sync-xhr=(); +6 more

Recommendations

• Add Content-Security-Policy header to prevent XSS attacks

CAA Records (Certificate Authority Authorization)

CAA Records

Configured (Restricts certificate issuance)

Current Issuer

Not Authorized (Potential misconfiguration)

Authorized CAs

letsencrypt.org sectigo.com digicert.com

CAA Issues

• CRITICAL: Current certificate issuer 'C=NL, O=PerfectSSL, CN=PerfectSSL' is NOT authorized by CAA records. Authorized CAs: letsencrypt.org, sectigo.com, digicert.com

Recommendations

• Consider using critical flag (flags=128) for stricter CAA enforcement
• Consider adding 'iodef' records to receive notifications about unauthorized certificate issuance attempts
• Consider adding 'issuewild' records to control wildcard certificate issuance

Subject Alternative Names

5 domains

api.yoursrs.com rdap.yoursrs.com adac.api.yoursrs.com

Other domains in certificate

adac.realtimeregister.com dm.realtimeregister.com