SSL check results of pica.ch

NEW You can also bulk check multiple servers.

Discover if the mail servers for pica.ch can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

Report created Mon, 25 May 2020 12:13:50 +0000

error: Couldn't find Certificate with [WHERE (id=E'\\xe6a3b45b062d509b3382282d196efe97d5956ccb')]

The mailservers of pica.ch can be reached through a secure connection.

Servers

Incoming Mails

These servers are responsible for incoming mails to @pica.ch addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
mta-gw.infomaniak.ch
2001:1600:0:aaaa::1:4
10
supported
mta-gw.infomaniak.ch
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
3 s
mta-gw.infomaniak.ch
2001:1600:0:aaaa::1:3
10
supported
mta-gw.infomaniak.ch
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
3 s
mta-gw.infomaniak.ch
83.166.143.57
10
supported
mta-gw.infomaniak.ch
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
3 s
mta-gw.infomaniak.ch
83.166.143.58
10
supported
mta-gw.infomaniak.ch
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
3 s

Outgoing Mails

We have not received any emails from a @pica.ch address so far. Test mail delivery

Certificates

First seen at:

CN=mta-gw.infomaniak.ch

Certificate chain
Subject
Common Name (CN)
  • mta-gw.infomaniak.ch
Alternative Names
  • mta-gw.infomaniak.ch
  • mx.infomaniak.com
Issuer
Country (C)
  • US
Organization (O)
  • Let's Encrypt
Common Name (CN)
  • Let's Encrypt Authority X3
validity period
Not valid before
2020-03-26
Not valid after
2020-06-24
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
A0:90:BC:8B:70:F5:8A:FD:22:A0:55:1D:77:8D:8D:76:CA:3E:A2:1B:C3:35:E7:BE:46:44:9F:98:0F:A7:BD:80
SHA1
18:91:7C:89:F5:2F:60:AB:50:27:92:FF:20:6A:6E:D5:F6:40:1D:8C
X509v3 extensions
subjectKeyIdentifier
  • 51:C2:09:0A:7C:97:6A:0C:5E:BF:7E:E7:EE:45:08:27:9D:04:02:06
authorityKeyIdentifier
  • keyid:A8:4A:6A:63:04:7D:DD:BA:E6:D1:39:B7:A6:45:65:EF:F3:A8:EC:A1
authorityInfoAccess
  • OCSP - URI:http://ocsp.int-x3.letsencrypt.org
  • CA Issuers - URI:http://cert.int-x3.letsencrypt.org/
certificatePolicies
  • Policy: 2.23.140.1.2.1
  • Policy: 1.3.6.1.4.1.44947.1.1.1
  • CPS: http://cps.letsencrypt.org
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 6F:53:76:AC:31:F0:31:19:D8:99:00:A4:51:15:FF:77:
  • 15:1C:11:D9:02:C1:00:29:06:8D:B2:08:9A:37:D9:13
  • Timestamp : Mar 26 09:22:09.871 2020 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:20:36:5D:66:79:01:ED:8D:4C:96:BF:A3:7A:
  • 40:8C:F5:49:0F:F2:9F:3A:5F:99:24:A2:38:62:91:B4:
  • FA:5C:43:63:02:21:00:E7:23:6A:72:D1:A8:33:1C:97:
  • 2F:80:3E:7D:14:A3:44:89:7F:2D:7D:96:67:FE:08:D5:
  • 96:63:AF:FB:31:D1:C4
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 07:B7:5C:1B:E5:7D:68:FF:F1:B0:C6:1D:23:15:C7:BA:
  • E6:57:7C:57:94:B7:6A:EE:BC:61:3A:1A:69:D3:A2:1C
  • Timestamp : Mar 26 09:22:09.877 2020 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:21:00:B4:9B:73:EA:07:0D:B9:91:61:0F:5A:
  • CB:CA:C3:B1:17:6A:6D:C9:AA:AE:0C:8D:90:C4:71:24:
  • 8E:FF:62:B8:C3:02:20:78:77:B7:C1:B8:BB:5C:DB:16:
  • D7:B3:F8:A4:85:D8:EA:11:D8:A2:3E:83:EB:7F:BA:70:
  • B9:EE:B2:8E:23:6C:10

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name Options DNSSEC Matches
_25._tcp.mta-gw.infomaniak.ch
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid