SSL-Tools

SSL check results of nicholsumc.org

NEW You can also bulk check multiple servers.

Discover if the mail servers for nicholsumc.org can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON Refresh

Report created Sat, 08 Feb 2025 17:48:57 +0000

The mailservers of nicholsumc.org can be reached through a secure connection.

Servers

Incoming Mails

These servers are responsible for incoming mails to @nicholsumc.org addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
mail.nicholsumc.org
2604:a880:400:d0::1afe:d001
 10
supported
mail.nicholsumc.org
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
11 s
mail.nicholsumc.org
198.199.80.221
 10
supported
mail.nicholsumc.org
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
11 s

Outgoing Mails

We have not received any emails from a @nicholsumc.org address so far. Test mail delivery

Certificates

First seen at:

CN=mail.nicholsumc.org

Certificate chain
  • mail.nicholsumc.org
    • remaining
    • 384 bit
    • ecdsa-with-SHA384
      • E6
        • remaining
        • 384 bit
        • sha256WithRSAEncryption
          • ISRG Root X1 (Certificate is self-signed.)
            • remaining
            • 4096 bit
            • sha256WithRSAEncryption
Subject
Common Name (CN)
  • mail.nicholsumc.org
Alternative Names
  • autoconfig.nicholsumc.org
  • autodiscover.nicholsumc.org
  • mail.nicholsumc.org
  • nicholsumc.org
Issuer
Country (C)
  • US
Organization (O)
  • Let's Encrypt
Common Name (CN)
  • E6
validity period
Not valid before
2024-12-17
Not valid after
2025-03-17
This certifcate has been verified for the following usages:
  • Digital Signature
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
D4:24:81:31:55:C0:16:D5:FE:08:90:A8:08:E4:23:58:35:9C:7B:86:99:6F:00:00:09:72:79:AD:00:D0:B4:57
SHA1
E0:B7:B6:6F:34:9E:9C:A4:DF:9A:7D:AC:90:AB:4B:84:EF:63:7F:33
X509v3 extensions
subjectKeyIdentifier
  • 1C:6D:CF:3F:44:37:DC:A8:D2:E3:6A:F6:96:F1:47:23:FA:1B:05:F2
authorityKeyIdentifier
  • keyid:93:27:46:98:03:A9:51:68:8E:98:D6:C4:42:48:DB:23:BF:58:94:D2
authorityInfoAccess
  • OCSP - URI:http://e6.o.lencr.org
  • CA Issuers - URI:http://e6.i.lencr.org/
certificatePolicies
  • Policy: 2.23.140.1.2.1
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : A2:E3:0A:E4:45:EF:BD:AD:9B:7E:38:ED:47:67:77:53:
  • D7:82:5B:84:94:D7:2B:5E:1B:2C:C4:B9:50:A4:47:E7
  • Timestamp : Dec 18 00:39:54.346 2024 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:20:6B:CB:A2:94:F8:F3:5C:DB:83:E7:0C:A0:
  • 93:BD:60:E3:9C:65:AA:D7:8A:A0:87:02:78:E1:F3:D8:
  • B3:13:B1:21:02:21:00:F9:66:89:E8:BF:09:28:9C:4E:
  • 04:8C:7C:D7:3F:E3:58:4D:FA:5F:23:62:DD:93:8B:CB:
  • 24:CD:47:A6:71:BA:44
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : E0:92:B3:FC:0C:1D:C8:E7:68:36:1F:DE:61:B9:96:4D:
  • 0A:52:78:19:8A:72:D6:72:C4:B0:4D:A5:6D:6F:54:04
  • Timestamp : Dec 18 00:39:54.373 2024 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:20:1E:20:A7:33:CD:B6:2A:08:A2:A7:6B:29:
  • 17:61:D5:43:A6:78:41:95:96:DB:25:4E:F9:49:0C:B2:
  • 0B:CC:E4:96:02:21:00:E8:10:E8:14:D5:66:8B:B3:98:
  • 51:5F:F3:7D:8B:7D:E9:CD:B8:A7:FD:54:D1:A8:A0:CD:
  • A7:92:4A:20:26:72:E0

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name Options DNSSEC Matches
_25._tcp.mail.nicholsumc.org
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid