SSL-Tools

SSL check results of mil.se

NEW You can also bulk check multiple servers.

Discover if the mail servers for mil.se can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON Refresh

Report created Tue, 22 Mar 2022 19:42:13 +0000

The mailservers of mil.se can be reached through a secure connection.

Servers

Incoming Mails

These servers are responsible for incoming mails to @mil.se addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
mx-10.mil.se
193.241.15.196
 10
supported
mx-10.mil.se
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • SSLv3
12 s
mx-40.mil.se
193.241.15.199
 10
supported
mx-10.mil.se
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • SSLv3
16 s
mx-30.mil.se
193.241.15.198
 10
supported
mx-10.mil.se
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • SSLv3
12 s
mx-20.mil.se
193.241.15.197
 10
supported
mx-10.mil.se
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • SSLv3
12 s

Outgoing Mails

We have not received any emails from a @mil.se address so far. Test mail delivery

Certificates

First seen at:

CN=mx-10.mil.se,OU=FMTIS,O=Forsvarsmakten,L=Stockholm,C=SE

Certificate chain
Subject
Country (C)
  • SE
Locality (L)
  • Stockholm
Organization (O)
  • Forsvarsmakten
Organizational Unit (OU)
  • FMTIS
Common Name (CN)
  • mx-10.mil.se
Alternative Names
  • mx-10.mil.se
  • mx-20.mil.se
  • mx-30.mil.se
  • mx-40.mil.se
Issuer
Country (C)
  • US
Organization (O)
  • DigiCert Inc
Common Name (CN)
  • DigiCert SHA2 Secure Server CA
validity period
Not valid before
2020-05-18
Not valid after
2022-05-19
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
42:84:0C:9C:60:CC:05:F3:51:1C:B6:2B:F7:E1:99:7F:EE:87:66:6D:47:0A:4D:C0:B0:03:27:A4:0F:78:D0:BE
SHA1
E4:AC:6E:32:CD:8A:72:49:C8:43:69:EF:9D:3E:AA:24:97:0A:7C:98
X509v3 extensions
authorityKeyIdentifier
  • keyid:0F:80:61:1C:82:31:61:D5:2F:28:E7:8D:46:38:B4:2C:E1:C6:D9:E2
subjectKeyIdentifier
  • 2E:B3:F3:07:82:23:69:2D:A7:34:B8:20:E4:96:E3:CA:30:AF:59:87
crlDistributionPoints
  • Full Name:
  • URI:http://crl3.digicert.com/ssca-sha2-g6.crl
  • Full Name:
  • URI:http://crl4.digicert.com/ssca-sha2-g6.crl
certificatePolicies
  • Policy: 2.16.840.1.114412.1.1
  • CPS: https://www.digicert.com/CPS
  • Policy: 2.23.140.1.2.2
authorityInfoAccess
  • OCSP - URI:http://ocsp.digicert.com
  • CA Issuers - URI:http://cacerts.digicert.com/DigiCertSHA2SecureServerCA.crt
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 29:79:BE:F0:9E:39:39:21:F0:56:73:9F:63:A5:77:E5:
  • BE:57:7D:9C:60:0A:F8:F9:4D:5D:26:5C:25:5D:C7:84
  • Timestamp : May 18 10:51:23.709 2020 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:20:39:4B:91:EF:85:5E:DA:94:88:AE:54:99:
  • 88:49:8E:48:EC:47:0E:45:5C:1A:26:96:97:31:E4:F0:
  • 51:46:5E:85:02:21:00:EE:B4:04:95:8A:2D:E1:58:E9:
  • C9:E4:58:81:55:93:1C:C9:A4:7B:A3:68:F9:A9:86:EF:
  • CB:C3:B3:F1:34:CB:8C
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 22:45:45:07:59:55:24:56:96:3F:A1:2F:F1:F7:6D:86:
  • E0:23:26:63:AD:C0:4B:7F:5D:C6:83:5C:6E:E2:0F:02
  • Timestamp : May 18 10:51:23.758 2020 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:21:00:F6:43:62:46:6D:9F:CF:D8:F8:1E:6D:
  • E0:95:A5:1D:12:4C:98:03:01:24:75:C1:B0:1C:B6:33:
  • D5:34:4F:A8:ED:02:20:62:F8:DB:9C:4B:5A:C0:67:E5:
  • 47:7E:98:B6:8A:52:C8:40:00:73:CE:F4:69:F5:F8:FE:
  • 1D:15:3E:72:6C:B0:E4
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 51:A3:B0:F5:FD:01:79:9C:56:6D:B8:37:78:8F:0C:A4:
  • 7A:CC:1B:27:CB:F7:9E:88:42:9A:0D:FE:D4:8B:05:E5
  • Timestamp : May 18 10:51:23.822 2020 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:44:02:20:69:7C:25:65:7F:A1:DF:44:05:13:27:80:
  • B7:F5:C7:05:D1:EC:25:5A:CC:70:FE:DA:C1:92:A0:C6:
  • 3B:C7:EC:A1:02:20:64:69:B0:C8:58:6B:1A:6A:68:3C:
  • FA:D1:3C:8B:8A:BA:D9:A5:EF:75:85:C5:A5:01:BA:4B:
  • 02:BB:FE:FE:24:48

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name Options DNSSEC Matches
_25._tcp.mx-10.mil.se
  • DANE-TA: Trust Anchor Assertion
  • Use subject public key
  • SHA-256 Hash
valid
valid
_25._tcp.mx-10.mil.se
  • DANE-EE: Domain Issued Certificate
  • Use full certificate
  • SHA-512 Hash
valid
valid
_25._tcp.mx-40.mil.se
  • DANE-TA: Trust Anchor Assertion
  • Use subject public key
  • SHA-256 Hash
valid
valid
_25._tcp.mx-40.mil.se
  • DANE-EE: Domain Issued Certificate
  • Use full certificate
  • SHA-512 Hash
valid
valid
_25._tcp.mx-30.mil.se
  • DANE-EE: Domain Issued Certificate
  • Use full certificate
  • SHA-512 Hash
valid
valid
_25._tcp.mx-30.mil.se
  • DANE-TA: Trust Anchor Assertion
  • Use subject public key
  • SHA-256 Hash
valid
valid
_25._tcp.mx-20.mil.se
  • DANE-EE: Domain Issued Certificate
  • Use full certificate
  • SHA-512 Hash
valid
valid
_25._tcp.mx-20.mil.se
  • DANE-TA: Trust Anchor Assertion
  • Use subject public key
  • SHA-256 Hash
valid
valid