Hi DavidR,
But detected insecurity for the certificate used on/for that Akamai's HTTP Acceleration/Mirror service:
a184-86-178-164.deploy.static.akamaitechnologies.com
Certificate is not installed correctly
a184-86-178-164.deploy.static.akamaitechnologies.com
You have 1 error
Wrong certificate installed.
The domain name does not match the certificate common name or SAN.
Info
BEAST
The BEAST attack is not mitigated on this server.
Certificate information
This server uses an Organizationally Validated (OV) certificate. Information about the site owner has been validated by GeoTrust Inc. to help secure personal and financial information.
Common name:
americanexpress.com
SAN:
m.americanexpress.com, web.aexp-static.com, m.aexp-static.com, secure.americanexpress.com, rewards.americanexpress.com, cms.americanexpress.com,
www.aexp-static.com,
www.americanexpress.com, community.americanexpress.com, developer.americanexpress.com, rewards.aexp-static.com, wwwaiu.americanexpress.com, cardapp.americanexpress.com, amexmobile.com,
www.amexmobile.com, secure.cmax.americanexpress.com, home-int.americanexpress.com, network.americanexpress.com, pub.aexp-static.com, icm.aexp-static.com, home.americanexpress.com, americanexpress.com
Valid from:
2016-May-10 00:00:00 GMT
Valid to:
2017-Jun-09 23:59:59 GMT
Certificate status:
Valid
Revocation check method:
OCSP
Organization:
American Express Travel Related Services Company Inc
Organizational unit:
Consumer
City/locality:
Phoenix
State/province:
Arizona
Country:
US
Certificate Transparency:
Embedded in certificate
Serial number:
4ebd4a85ffcfa86506233ca735c1bfbf
Algorithm type:
SHA256withRSA
Key size:
2048
Certificate chainShow details
GeoTrust SSL CA - G3Intermediate certificate
americanexpress.comTested certificate
Server configuration
Host name:
a184-86-178-164.deploy.static.akamaitechnologies.com
Server type:
AkamaiGHost
IP address:
184.86.178.164
Port number:
443
Protocols enabled:
TLS1.2
TLS1.1
TLS1.0
Protocols not enabled:
SSLv3
SSLv2
Secure Renegotiation:
Enabled
Downgrade attack prevention:
Enabled
Next Protocol Negotiation:
Enabled
Session resumption (caching):
Enabled
Session resumption (tickets):
Enabled
Strict Transport Security (HSTS):
Not Enabled
SSL/TLS compression:
Not Enabled
Heartbeat (extension):
Not Enabled
RC4:
Not Enabled
OCSP stapling:
Not Enabled
Vulnerabilities checked:
Heartbleed
Poodle (TLS)
Poodle (SSLv3)
FREAK
BEAST
CRIME
Here a CNames' survey:
https://www.robtex.org/en/advisory/dns/com/americanexpress/www/with a minus 10 points score from VT, because 2 pages found, triggering on average 1% antiviruses
This for the Amsterdam situation.
polonus