SSL-Tools

SSL check results of blatzheim.com

NEW You can also bulk check multiple servers.

Discover if the mail servers for blatzheim.com can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON Refresh

Report created Sun, 10 Dec 2023 20:38:53 +0000

We can not guarantee a secure connection to the mailservers of blatzheim.com!

Please contact the operator of blatzheim.com and ask him or her to solve this problem. This result stays accessible under the following address:

/mailservers/blatzheim.com

Servers

Incoming Mails

These servers are responsible for incoming mails to @blatzheim.com addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
mail.blatzheim.com
2a02:b30:101:100::38
Results incomplete
10
supported
mail.blatzheim.com
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
6 s
mail.blatzheim.com
217.76.96.38
Results incomplete
10
supported
mail.blatzheim.com
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
7 s
blatz010.blatzheim.com
2a02:b30:301:100::2
 20
supported
blatz010.blatzheim.com
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • SSLv3
8 s
blatz010.blatzheim.com
217.76.99.34
 20
supported
blatz010.blatzheim.com
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • SSLv3
8 s
mx01.blatzheim.com
217.76.102.244
Results incomplete
50 not checked
DANE
missing
PFS
not checked
Heartbleed
not checked
Weak ciphers
not checked
11 s
mx02.blatzheim.com
217.76.102.245
Results incomplete
60 not checked
DANE
missing
PFS
not checked
Heartbleed
not checked
Weak ciphers
not checked
11 s

Outgoing Mails

We have not received any emails from a @blatzheim.com address so far. Test mail delivery

Certificates

First seen at:

CN=blatz010.blatzheim.com,O=bn:t Blatzheim Networks Telecom GmbH,L=Bonn,ST=Northrhine-Westfalia,C=DE

Certificate chain
  • blatz010.blatzheim.com (Certificate is self-signed.)
    • remaining
    • 2048 bit
    • sha1WithRSAEncryption
    • Expired
    • Unknown Authority
Subject
Country (C)
  • DE
State (ST)
  • Northrhine-Westfalia
Locality (L)
  • Bonn
Organization (O)
  • bn:t Blatzheim Networks Telecom GmbH
Common Name (CN)
  • blatz010.blatzheim.com
Issuer

Certificate is self-signed.

validity period
Not valid before
2012-04-27
Not valid after
2022-04-25
Fingerprints
SHA256
91:F1:4B:B9:A5:85:F6:97:C1:89:9F:64:5D:C2:A2:BF:B4:3E:E5:27:99:9D:08:48:7B:51:4C:FB:2B:7E:DF:B3
SHA1
59:1B:EF:62:55:8C:17:C1:7B:F2:50:78:35:91:18:D9:BB:5C:EE:7E
X509v3 extensions
subjectKeyIdentifier
  • 9C:1F:E8:FB:FC:C8:DB:93:0A:F7:31:43:5A:8B:B9:9F:CE:7C:3C:FC
authorityKeyIdentifier
  • keyid:9C:1F:E8:FB:FC:C8:DB:93:0A:F7:31:43:5A:8B:B9:9F:CE:7C:3C:FC
First seen at:

CN=mail.blatzheim.com,O=bn:t Blatzheim Networks Telecom GmbH,L=Bonn,ST=Nordrhein-Westfalen,C=DE

Certificate chain
Subject
Country (C)
  • DE
State (ST)
  • Nordrhein-Westfalen
Locality (L)
  • Bonn
Organization (O)
  • bn:t Blatzheim Networks Telecom GmbH
Common Name (CN)
  • mail.blatzheim.com
Alternative Names
  • mail.blatzheim.com
  • autodiscover.blatzheim.com
  • blatz816.blatzheim.com
  • www.mail.blatzheim.com
Issuer
Country (C)
  • US
Organization (O)
  • DigiCert Inc
Organizational Unit (OU)
  • www.digicert.com
Common Name (CN)
  • GeoTrust TLS RSA CA G1
validity period
Not valid before
2022-08-11
Not valid after
2023-09-03
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
08:E6:0F:7E:24:75:FD:EB:C1:BD:0F:35:93:F5:A1:6F:6B:E0:AB:1E:4B:BD:7D:C7:E0:CF:89:F9:A2:6A:87:6F
SHA1
7B:95:FA:BA:1A:98:A8:DD:35:45:30:8C:98:5E:10:8A:45:29:C7:CA
X509v3 extensions
authorityKeyIdentifier
  • keyid:94:4F:D4:5D:8B:E4:A4:E2:A6:80:FE:FD:D8:F9:00:EF:A3:BE:02:57
subjectKeyIdentifier
  • 42:C5:A4:18:72:3C:48:76:C5:EB:6F:FE:19:E8:54:5D:05:A1:EF:F5
crlDistributionPoints
  • Full Name:
  • URI:http://cdp.geotrust.com/GeoTrustTLSRSACAG1.crl
certificatePolicies
  • Policy: 2.23.140.1.2.2
  • CPS: http://www.digicert.com/CPS
authorityInfoAccess
  • OCSP - URI:http://status.geotrust.com
  • CA Issuers - URI:http://cacerts.geotrust.com/GeoTrustTLSRSACAG1.crt
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9:
  • 03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E
  • Timestamp : Aug 11 18:05:01.939 2022 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:46:02:21:00:A4:89:4B:ED:AA:CB:34:40:7F:9A:5B:
  • BC:74:55:44:A5:6F:0F:DA:A2:23:BB:54:28:5C:97:DE:
  • 2D:ED:AF:E6:2A:02:21:00:DA:6C:D4:32:B6:0A:36:3B:
  • 9A:CB:45:DA:3C:53:FF:FD:AE:95:F7:77:5E:7B:59:61:
  • 74:B1:09:AD:93:B1:22:EF
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 35:CF:19:1B:BF:B1:6C:57:BF:0F:AD:4C:6D:42:CB:BB:
  • B6:27:20:26:51:EA:3F:E1:2A:EF:A8:03:C3:3B:D6:4C
  • Timestamp : Aug 11 18:05:01.998 2022 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:46:02:21:00:CE:7D:C5:90:26:19:B3:F7:EA:F6:1B:
  • C5:EA:36:63:B6:92:1F:63:9B:B1:1E:85:2D:FB:5C:93:
  • 90:09:2B:58:0A:02:21:00:89:B0:0F:C8:8E:B9:22:9E:
  • 0E:4E:66:83:34:69:30:2B:D1:C8:42:86:B9:44:DA:3B:
  • 1C:59:65:0A:0E:93:49:07
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C:
  • 5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99
  • Timestamp : Aug 11 18:05:01.991 2022 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:44:02:20:35:1E:62:B3:26:92:A0:D7:CA:04:5B:D2:
  • FE:92:9E:17:8D:98:2F:44:20:02:7E:88:DC:6D:B8:E0:
  • CE:E5:76:16:02:20:07:2F:EC:B4:B9:3A:C9:67:29:1B:
  • 94:16:AE:95:3A:39:39:62:CD:8F:B9:D4:4D:28:B9:57:
  • 80:8B:C5:43:09:1F

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name Options DNSSEC Matches
_25._tcp.blatz010.blatzheim.com
  • DANE-EE: Domain Issued Certificate
  • Use full certificate
  • SHA-256 Hash
valid
valid
_25._tcp.mail.blatzheim.com
  • DANE-EE: Domain Issued Certificate
  • Use full certificate
  • SHA-256 Hash
valid
valid