SSL-Tools

SSL check results of kh-gera.de

NEW You can also bulk check multiple servers.

Discover if the mail servers for kh-gera.de can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON Refresh

Report created Tue, 16 Sep 2025 16:52:57 +0000

The mailservers of kh-gera.de can be reached through a secure connection.

Servers

Incoming Mails

These servers are responsible for incoming mails to @kh-gera.de addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
mail.kh-agz.de
138.201.87.49
 100
supported
mail.kh-agz.de
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
7 s

Outgoing Mails

We have not received any emails from a @kh-gera.de address so far. Test mail delivery

Certificates

First seen at:

CN=mail.kh-agz.de

Certificate chain
  • mail.kh-agz.de
    • remaining
    • 4096 bit
    • sha256WithRSAEncryption
      • R13
        • remaining
        • 2048 bit
        • sha256WithRSAEncryption
          • ISRG Root X1 (Certificate is self-signed.)
            • remaining
            • 4096 bit
            • sha256WithRSAEncryption
Subject
Common Name (CN)
  • mail.kh-agz.de
Alternative Names
  • mail.kh-agz.de
  • mail.kh-gera.de
Issuer
Country (C)
  • US
Organization (O)
  • Let's Encrypt
Common Name (CN)
  • R13
validity period
Not valid before
2025-09-16
Not valid after
2025-12-15
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
79:8E:85:F7:86:2D:8F:B6:C7:41:FC:9F:A3:C2:91:38:FD:90:E1:51:BA:40:3A:90:C4:81:43:1F:39:CC:15:2E
SHA1
CF:5C:C2:A1:16:BC:97:D7:F0:D9:C1:C5:0D:2A:44:65:BA:93:2D:6C
X509v3 extensions
subjectKeyIdentifier
  • 25:D6:AA:10:F1:4A:76:3D:C6:59:47:91:1A:24:52:73:CC:B5:65:7B
authorityKeyIdentifier
  • keyid:E7:AB:9F:0F:2C:33:A0:53:D3:5E:4F:78:C8:B2:84:0E:3B:D6:92:33
authorityInfoAccess
  • CA Issuers - URI:http://r13.i.lencr.org/
certificatePolicies
  • Policy: 2.23.140.1.2.1
crlDistributionPoints
  • Full Name:
  • URI:http://r13.c.lencr.org/69.crl
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 12:F1:4E:34:BD:53:72:4C:84:06:19:C3:8F:3F:7A:13:
  • F8:E7:B5:62:87:88:9C:6D:30:05:84:EB:E5:86:26:3A
  • Timestamp : Sep 16 11:14:23.759 2025 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:46:02:21:00:C5:FD:CE:02:67:12:15:FC:92:9E:A0:
  • 3F:5C:35:76:69:0E:F8:20:81:37:75:A5:6C:EB:6D:DC:
  • BE:38:E9:30:E0:02:21:00:FF:D0:D9:B7:A2:61:0D:A5:
  • D6:30:75:BA:F7:6C:58:A1:64:CD:13:41:36:F7:DB:F7:
  • F2:92:03:03:6B:BE:EB:14
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : ED:3C:4B:D6:E8:06:C2:A4:A2:00:57:DB:CB:24:E2:38:
  • 01:DF:51:2F:ED:C4:86:C5:70:0F:20:DD:B7:3E:3F:E0
  • Timestamp : Sep 16 11:14:25.779 2025 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:44:02:20:55:C8:25:F5:8C:17:71:0B:57:C3:35:25:
  • A1:39:21:D1:CC:98:0F:F7:63:99:C3:6B:BA:41:42:26:
  • 66:2E:9C:CD:02:20:2F:5E:7B:01:D9:F9:10:96:A9:E7:
  • 9B:7B:70:6D:BE:A6:62:02:85:DE:90:BB:21:4B:16:C7:
  • 9F:E1:46:86:D3:8B