SSL-Tools

SSL check results of ewers-asp.de

NEW You can also bulk check multiple servers.

Discover if the mail servers for ewers-asp.de can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON Refresh

Report created Fri, 26 Apr 2024 11:55:26 +0000

The mailservers of ewers-asp.de can be reached through a secure connection.

Servers

Incoming Mails

These servers are responsible for incoming mails to @ewers-asp.de addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
pim02.kuhost.de
2a01:4f8:201:929b:a31::12
Results incomplete
0
supported
pim02.kuhost.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
1 s
pim02.kuhost.de
148.251.37.44
Results incomplete
0
supported
pim02.kuhost.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
1 s
mgw1.kompeton.net
148.251.137.26
 2
supported
mgw1.kompeton.net
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
1 s

Outgoing Mails

We have received emails from these servers with @ewers-asp.de sender addresses. Test mail delivery

Host TLS Version & Cipher
mgw1.kompeton.net (148.251.137.26)
TLSv1.3 TLS_AES_256_GCM_SHA384

Certificates

First seen at:

CN=mgw1.kompeton.net

Certificate chain
  • mgw1.kompeton.net
    • remaining
    • 2048 bit
    • sha256WithRSAEncryption
      • R3
        • remaining
        • 2048 bit
        • sha256WithRSAEncryption
          • ISRG Root X1 (Certificate is self-signed.)
            • remaining
            • 4096 bit
            • sha256WithRSAEncryption
Subject
Common Name (CN)
  • mgw1.kompeton.net
Alternative Names
  • mgw1.kompeton.net
Issuer
Country (C)
  • US
Organization (O)
  • Let's Encrypt
Common Name (CN)
  • R3
validity period
Not valid before
2024-03-05
Not valid after
2024-06-03
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
99:60:BB:A8:CF:E0:E3:C3:C0:D2:C3:04:BC:93:F8:D0:78:CC:DF:46:32:04:89:DA:E5:A4:2F:6A:B4:C6:B0:0E
SHA1
50:6A:06:57:F3:E0:0F:1D:E1:6C:57:F5:90:4F:3A:75:10:84:78:AD
X509v3 extensions
subjectKeyIdentifier
  • 5D:E2:87:E7:CF:B1:E8:E3:AF:1E:3F:EB:FF:37:0A:61:F9:0B:29:E7
authorityKeyIdentifier
  • keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
authorityInfoAccess
  • OCSP - URI:http://r3.o.lencr.org
  • CA Issuers - URI:http://r3.i.lencr.org/
certificatePolicies
  • Policy: 2.23.140.1.2.1
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 3B:53:77:75:3E:2D:B9:80:4E:8B:30:5B:06:FE:40:3B:
  • 67:D8:4F:C3:F4:C7:BD:00:0D:2D:72:6F:E1:FA:D4:17
  • Timestamp : Mar 5 07:38:19.452 2024 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:44:02:20:10:CC:32:84:88:E2:00:FC:15:53:97:E5:
  • FB:4B:95:B4:38:1F:25:74:26:29:2D:78:9B:E4:4B:DF:
  • 88:97:AD:BA:02:20:46:E6:04:75:AB:78:A0:EE:AD:7D:
  • E3:1A:2C:07:90:ED:D7:AC:77:63:88:52:2D:31:56:A6:
  • E3:69:67:DF:69:1F
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 76:FF:88:3F:0A:B6:FB:95:51:C2:61:CC:F5:87:BA:34:
  • B4:A4:CD:BB:29:DC:68:42:0A:9F:E6:67:4C:5A:3A:74
  • Timestamp : Mar 5 07:38:19.535 2024 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:46:02:21:00:E1:BE:E6:F7:4A:BB:15:9D:89:8F:24:
  • 66:EA:CC:25:A3:B3:C8:E8:E6:24:83:3B:B8:B6:C7:66:
  • A9:D6:38:BE:C0:02:21:00:BA:FB:4D:A7:44:C5:82:3D:
  • 75:60:5C:88:86:17:FA:74:14:44:0B:E0:C2:E3:43:C0:
  • F8:D5:B5:6C:22:82:CC:92
First seen at:

CN=pim02.kuhost.de

Certificate chain
  • pim02.kuhost.de
    • remaining
    • 4096 bit
    • sha256WithRSAEncryption
      • R3
        • remaining
        • 2048 bit
        • sha256WithRSAEncryption
          • ISRG Root X1 (Certificate is self-signed.)
            • remaining
            • 4096 bit
            • sha256WithRSAEncryption
Subject
Common Name (CN)
  • pim02.kuhost.de
Alternative Names
  • autoconfig.blw2go.de
  • autoconfig.buzzi.biz
  • autoconfig.ewasp.net
  • autoconfig.ewers-asp.de
  • autoconfig.ewers2go.de
  • autoconfig.ihre-edv.de
  • autoconfig.kompeton.de
  • autodiscover.blw2go.de
  • autodiscover.buzzi.biz
  • autodiscover.ewasp.net
  • autodiscover.ewers-asp.de
  • autodiscover.ewers2go.de
  • autodiscover.ihre-edv.de
  • autodiscover.kompeton.de
  • pim02.kuhost.de
Issuer
Country (C)
  • US
Organization (O)
  • Let's Encrypt
Common Name (CN)
  • R3
validity period
Not valid before
2024-03-17
Not valid after
2024-06-15
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
CD:B1:CE:AE:A5:5B:D5:AB:7D:14:55:8A:04:66:FA:B3:0D:6B:0B:EA:33:CC:FA:68:A1:16:FC:ED:62:FF:26:16
SHA1
61:45:2F:D3:76:D9:75:E1:B7:C8:26:EB:5B:44:77:F4:8B:1C:F4:D0
X509v3 extensions
subjectKeyIdentifier
  • C3:B2:2E:B9:FB:F1:D5:59:6A:BA:26:5A:2B:2C:4D:40:02:BB:FD:F6
authorityKeyIdentifier
  • keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
authorityInfoAccess
  • OCSP - URI:http://r3.o.lencr.org
  • CA Issuers - URI:http://r3.i.lencr.org/
certificatePolicies
  • Policy: 2.23.140.1.2.1
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : A2:E2:BF:D6:1E:DE:2F:2F:07:A0:D6:4E:6D:37:A7:DC:
  • 65:43:B0:C6:B5:2E:A2:DA:B7:8A:F8:9A:6D:F5:17:D8
  • Timestamp : Mar 17 22:32:36.126 2024 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:46:02:21:00:8B:C4:EB:C0:38:3A:84:74:13:7B:05:
  • 1E:4B:31:3A:DC:2F:4A:F3:C9:75:C0:65:78:F2:11:36:
  • 0D:06:E2:C7:13:02:21:00:A4:B9:59:8D:FF:86:33:CA:
  • 3A:C4:2E:0C:B4:24:BB:45:C2:D0:7C:20:8A:EC:F9:1A:
  • 1D:30:DE:5F:95:AD:8D:E1
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 48:B0:E3:6B:DA:A6:47:34:0F:E5:6A:02:FA:9D:30:EB:
  • 1C:52:01:CB:56:DD:2C:81:D9:BB:BF:AB:39:D8:84:73
  • Timestamp : Mar 17 22:32:36.158 2024 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:46:02:21:00:97:80:E7:D6:78:20:78:B2:52:9C:03:
  • 4C:05:61:5D:46:4F:CB:F4:D5:68:DF:57:8E:66:58:D7:
  • C5:C2:FF:0C:DA:02:21:00:88:16:13:23:86:B3:BD:AD:
  • 79:94:01:BC:E8:EC:62:E9:A8:68:31:FA:B7:7C:22:EF:
  • 2C:F4:AA:DE:38:33:12:2B

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name Options DNSSEC Matches
_25._tcp.pim02.kuhost.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid