SSL-Tools

SSL check results of websteps.de

NEW You can also bulk check multiple servers.

Discover if the mail servers for websteps.de can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON Refresh

Report created Mon, 16 Sep 2024 16:05:12 +0000

The mailservers of websteps.de can be reached through a secure connection.

Servers

Incoming Mails

These servers are responsible for incoming mails to @websteps.de addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
mail.postix.email
2a01:4f8:211:1752::2
 10
supported
mail.postix.email
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
5 s
mail.postix.email
148.251.182.83
 10
supported
mail.postix.email
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
3 s

Outgoing Mails

We have not received any emails from a @websteps.de address so far. Test mail delivery

Certificates

First seen at:

CN=mail.postix.email

Certificate chain
  • mail.postix.email
    • remaining
    • 4096 bit
    • sha256WithRSAEncryption
      • R11
        • remaining
        • 2048 bit
        • sha256WithRSAEncryption
          • ISRG Root X1 (Certificate is self-signed.)
            • remaining
            • 4096 bit
            • sha256WithRSAEncryption
Subject
Common Name (CN)
  • mail.postix.email
Alternative Names
  • autoconfig.postix.email
  • autodiscover.postix.email
  • mail.postix.email
  • mta-sts.postix.email
Issuer
Country (C)
  • US
Organization (O)
  • Let's Encrypt
Common Name (CN)
  • R11
validity period
Not valid before
2024-08-21
Not valid after
2024-11-19
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
6C:A9:28:F7:92:63:F2:1E:B7:B5:C8:00:09:18:58:F3:03:0E:48:ED:F0:95:A9:BE:CF:13:18:E4:FE:38:06:42
SHA1
57:3B:1B:F3:4F:15:AD:5D:96:E6:E5:B0:55:97:E9:BF:D6:9D:E3:0C
X509v3 extensions
subjectKeyIdentifier
  • 88:63:11:64:4E:0A:BA:47:22:BC:3F:39:FE:29:FE:F1:CA:2F:F7:3D
authorityKeyIdentifier
  • keyid:C5:CF:46:A4:EA:F4:C3:C0:7A:6C:95:C4:2D:B0:5E:92:2F:26:E3:B9
authorityInfoAccess
  • OCSP - URI:http://r11.o.lencr.org
  • CA Issuers - URI:http://r11.i.lencr.org/
certificatePolicies
  • Policy: 2.23.140.1.2.1
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 3F:17:4B:4F:D7:22:47:58:94:1D:65:1C:84:BE:0D:12:
  • ED:90:37:7F:1F:85:6A:EB:C1:BF:28:85:EC:F8:64:6E
  • Timestamp : Aug 21 21:09:40.005 2024 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:20:6C:8D:8E:46:B9:12:DB:2E:3F:8F:55:0D:
  • 83:2A:38:E6:98:E2:D3:0A:CF:44:01:EE:2A:EC:53:5E:
  • 53:9A:E0:58:02:21:00:CA:60:59:6F:EF:45:FA:04:99:
  • 60:D2:46:5E:87:F6:E4:BC:A8:19:16:12:E8:59:4C:9B:
  • D9:65:BF:21:03:EB:64
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 19:98:10:71:09:F0:D6:52:2E:30:80:D2:9E:3F:64:BB:
  • 83:6E:28:CC:F9:0F:52:8E:EE:DF:CE:4A:3F:16:B4:CA
  • Timestamp : Aug 21 21:09:40.020 2024 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:21:00:E1:0C:78:7C:9C:00:4D:1E:66:DB:8D:
  • 59:E9:0F:0B:6E:B2:32:43:6C:DC:B9:24:C1:C8:5D:02:
  • FE:56:CA:81:24:02:20:2F:4F:E9:8C:11:07:65:2D:7E:
  • 5D:06:83:DA:9B:2F:8B:24:21:76:62:09:F3:A2:81:E2:
  • 78:82:CB:CD:30:37:D6

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name Options DNSSEC Matches
_25._tcp.mail.postix.email
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid