svext01.dahlberg.cologne - TLS / STARTTLS Test

Discover if the mail servers for svext01.dahlberg.cologne can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON Refresh

Report created Mon, 21 Oct 2024 14:20:32 +0000

Certificates

Trustworthy
Protocol

Problems found
DANE

Problems found

We can not guarantee a secure connection to the mailservers of svext01.dahlberg.cologne!

Please contact the operator of svext01.dahlberg.cologne and ask him or her to solve this problem. This result stays accessible under the following address:

/mailservers/svext01.dahlberg.cologne

Servers

Incoming Mails

These servers are responsible for incoming mails to @svext01.dahlberg.cologne addresses.

Hostname / IP address	Priority	STARTTLS	Certificates	Protocol
svext01.dahlberg.cologne 213.240.178.133	-	supported	mail.dahlberg.cologne	DANE valid PFS supported Heartbleed not vulnerable Weak ciphers not found	TLSv1.2 ~~SSLv3~~	2024-10-21 4 s
svext01.dahlberg.cologne 2a01:170:1147:1::10 Results incomplete	-	unsupported	not checked	DANE errors PFS not checked Heartbleed not checked Weak ciphers not checked		2024-10-21 1 s

Outgoing Mails

We have not received any emails from a @svext01.dahlberg.cologne address so far. Test mail delivery

Certificates

First seen at: 2024-10-21

CN=mail.dahlberg.cologne

Certificate chain

mail.dahlberg.cologne
- 2024-12-19 remaining
- 4096 bit
- sha256WithRSAEncryption

Subject

Common Name (CN)

mail.dahlberg.cologne

Alternative Names

mail.dahlberg.cologne
svext01.dahlberg.cologne

Issuer

Country (C)

Organization (O)

Let's Encrypt

Common Name (CN)

validity period

Not valid before: 2024-09-20
Not valid after: 2024-12-19

This certifcate has been verified for the following usages:

Digital Signature
Key Encipherment
TLS Web Server Authentication
TLS Web Client Authentication

Fingerprints

SHA256: C2:BB:67:3B:F3:A8:22:AA:F6:8B:2B:84:80:19:30:A9:AA:E1:6B:CF:9A:40:34:4B:43:2C:17:0A:94:91:11:1E
SHA1: 63:20:0D:F8:D0:B0:BA:51:07:AB:AA:25:F1:EA:27:72:55:0C:86:6A

X509v3 extensions

subjectKeyIdentifier

09:27:DC:CC:AB:52:C6:15:65:E5:C3:0A:AD:E6:1A:27:E5:66:8A:2C

authorityKeyIdentifier

keyid:C5:CF:46:A4:EA:F4:C3:C0:7A:6C:95:C4:2D:B0:5E:92:2F:26:E3:B9

authorityInfoAccess

OCSP - URI:http://r11.o.lencr.org
CA Issuers - URI:http://r11.i.lencr.org/

certificatePolicies

Policy: 2.23.140.1.2.1

ct_precert_scts

Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 3F:17:4B:4F:D7:22:47:58:94:1D:65:1C:84:BE:0D:12:
ED:90:37:7F:1F:85:6A:EB:C1:BF:28:85:EC:F8:64:6E
Timestamp : Sep 20 06:09:18.329 2024 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:D7:3F:80:33:E1:6F:F6:19:A6:1A:A7:
94:0C:0D:20:04:BF:EB:2C:7D:CF:34:D1:5D:49:3C:06:
C2:57:AB:4B:87:02:21:00:D6:49:F8:1B:C8:9C:8A:E0:
6C:D5:FE:D6:48:73:35:4D:54:62:DA:50:3D:77:B3:BD:
90:F5:5E:BF:D6:17:70:56
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : EE:CD:D0:64:D5:DB:1A:CE:C5:5C:B7:9D:B4:CD:13:A2:
32:87:46:7C:BC:EC:DE:C3:51:48:59:46:71:1F:B5:9B
Timestamp : Sep 20 06:09:18.327 2024 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:41:9A:C1:82:DD:60:B6:94:70:CD:7C:B8:
15:49:AC:FC:0D:FC:F9:4E:B5:8A:C9:9C:B3:E7:34:37:
1D:20:8C:84:02:21:00:85:20:34:5B:1B:20:DD:43:88:
7D:0A:30:16:5C:36:A2:16:94:5C:D4:B4:60:BA:18:8B:
BB:45:2C:E0:B0:FB:3C

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name	Options	DNSSEC	Matches
_25._tcp.svext01.dahlberg.cologne	DANE-EE: Domain Issued Certificate Use subject public key SHA-512 Hash	valid	—

SSL check results of svext01.dahlberg.cologne