arybit.co.ke - TLS / STARTTLS Test

Discover if the mail servers for arybit.co.ke can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON Refresh

Report created Mon, 01 Dec 2025 12:38:49 +0000

Certificates

Problems found
Protocol

Secure
DANE

Missing

We can not guarantee a secure connection to the mailservers of arybit.co.ke!

Please contact the operator of arybit.co.ke and ask him or her to solve this problem. This result stays accessible under the following address:

/mailservers/arybit.co.ke

Servers

Incoming Mails

These servers are responsible for incoming mails to @arybit.co.ke addresses.

Hostname / IP address	Priority	STARTTLS	Certificates	Protocol
rat-01.safaricombusiness.co.ke 197.248.128.138 Results incomplete	0		not checked	DANE missing PFS not checked Heartbleed not checked Weak ciphers not checked		2025-12-01 1 s
rat-01.safaricombusiness.co.ke 41.203.208.133 Results incomplete	0		not checked	DANE missing PFS not checked Heartbleed not checked Weak ciphers not checked		2025-12-01 11 s
rat-01.safaricombusiness.co.ke 197.248.128.5	0	supported	thk-tes-rat01.safaricombusiness.co.ke	DANE missing PFS supported Heartbleed not vulnerable Weak ciphers not found	TLSv1.2 ~~SSLv3~~	2025-12-01 6 s
rat-02.safaricombusiness.co.ke 197.248.128.138 Results incomplete	0		not checked	DANE missing PFS not checked Heartbleed not checked Weak ciphers not checked		2025-12-01 1 s
rat-02.safaricombusiness.co.ke 41.203.208.133	0	supported	thk-tes-rat01.safaricombusiness.co.ke	DANE missing PFS supported Heartbleed not vulnerable Weak ciphers not found	TLSv1.2 ~~SSLv3~~	2025-12-01 11 s
rat-02.safaricombusiness.co.ke 197.248.128.5	0	supported	thk-tes-rat01.safaricombusiness.co.ke	DANE missing PFS supported Heartbleed not vulnerable Weak ciphers not found	TLSv1.2 ~~SSLv3~~	2025-12-01 6 s
rat-03.safaricombusiness.co.ke 197.248.128.138 Results incomplete	10		not checked	DANE missing PFS not checked Heartbleed not checked Weak ciphers not checked		2025-12-01 1 s
rat-03.safaricombusiness.co.ke 41.203.208.141	10	supported	thk-tes-rat01.safaricombusiness.co.ke	DANE missing PFS supported Heartbleed not vulnerable Weak ciphers not found	TLSv1.2 ~~SSLv3~~	2025-12-01 8 s
rat-03.safaricombusiness.co.ke 197.248.128.5	10	supported	thk-tes-rat01.safaricombusiness.co.ke	DANE missing PFS supported Heartbleed not vulnerable Weak ciphers not found	TLSv1.2 ~~SSLv3~~	2025-12-01 6 s
rat-04.safaricombusiness.co.ke 197.248.128.138 Results incomplete	10		not checked	DANE missing PFS not checked Heartbleed not checked Weak ciphers not checked		2025-12-01 1 s
rat-04.safaricombusiness.co.ke 197.248.128.5	10	supported	thk-tes-rat01.safaricombusiness.co.ke	DANE missing PFS supported Heartbleed not vulnerable Weak ciphers not found	TLSv1.2 ~~SSLv3~~	2025-12-01 14 s
rat-04.safaricombusiness.co.ke 41.203.208.141	10	supported	thk-tes-rat01.safaricombusiness.co.ke	DANE missing PFS supported Heartbleed not vulnerable Weak ciphers not found	TLSv1.2 ~~SSLv3~~	2025-12-01 6 s

Outgoing Mails

We have not received any emails from a @arybit.co.ke address so far. Test mail delivery

Certificates

First seen at: 2024-05-24

CN=thk-tes-rat01.safaricombusiness.co.ke,O=Safaricom PLC,L=Nairobi,C=KE

Certificate chain

thk-tes-rat01.safaricombusiness.co.ke
- 2024-03-01 remaining
- 2048 bit
- sha256WithRSAEncryption
- Hostname Mismatch
- Expired

Subject

Country (C)

Locality (L)

Nairobi

Organization (O)

Safaricom PLC

Common Name (CN)

thk-tes-rat01.safaricombusiness.co.ke

Alternative Names

thk-tes-rat01.safaricombusiness.co.ke
thk-tes-rat06.safaricombusiness.co.ke
thk-tes-rat05.safaricombusiness.co.ke
athi-tes-rat02.safaricombusiness.co.ke
athi-tes-rat03.safaricombusiness.co.ke
athi-ecisp-rat01.safaricombusiness.co.ke
thk-ecisp-rat07.safaricombusiness.co.ke

Issuer

Country (C)

Organization (O)

DigiCert Inc

Common Name (CN)

DigiCert TLS RSA SHA256 2020 CA1

validity period

Not valid before: 2023-01-30
Not valid after: 2024-03-01

This certifcate has been verified for the following usages:

Digital Signature
Key Encipherment
TLS Web Server Authentication
TLS Web Client Authentication

Fingerprints

SHA256: 58:61:BA:8A:D1:F0:F5:C4:87:BA:CA:41:4B:CC:56:B6:89:6B:4C:19:E8:10:F0:73:4B:98:26:C0:81:3E:96:C4
SHA1: 4E:0D:B2:31:01:7F:7C:84:DD:0B:32:EB:EC:F3:F8:49:A2:8D:5E:84

X509v3 extensions

authorityKeyIdentifier

keyid:B7:6B:A2:EA:A8:AA:84:8C:79:EA:B4:DA:0F:98:B2:C5:95:76:B9:F4

subjectKeyIdentifier

23:09:2E:66:A1:8C:34:FD:00:0B:9D:F9:DD:3E:EF:E3:92:8A:E8:F4

crlDistributionPoints

Full Name:
URI:http://crl3.digicert.com/DigiCertTLSRSASHA2562020CA1-4.crl
Full Name:
URI:http://crl4.digicert.com/DigiCertTLSRSASHA2562020CA1-4.crl

certificatePolicies

Policy: 2.23.140.1.2.2
CPS: http://www.digicert.com/CPS

authorityInfoAccess

OCSP - URI:http://ocsp.digicert.com
CA Issuers - URI:http://cacerts.digicert.com/DigiCertTLSRSASHA2562020CA1-1.crt

ct_precert_scts

Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : EE:CD:D0:64:D5:DB:1A:CE:C5:5C:B7:9D:B4:CD:13:A2:
32:87:46:7C:BC:EC:DE:C3:51:48:59:46:71:1F:B5:9B
Timestamp : Jan 30 12:54:08.126 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:43:02:20:47:52:54:52:42:57:ED:8B:77:0B:EC:EE:
6C:FD:2B:79:22:B7:E7:0D:D0:74:7A:5E:87:66:E9:85:
D3:62:74:9D:02:1F:27:26:AE:38:6A:36:15:C2:F7:A0:
3B:12:7C:CA:07:DC:37:FF:B1:CB:CD:6D:AD:4B:44:7D:
EE:6D:48:7F:9E
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 73:D9:9E:89:1B:4C:96:78:A0:20:7D:47:9D:E6:B2:C6:
1C:D0:51:5E:71:19:2A:8C:6B:80:10:7A:C1:77:72:B5
Timestamp : Jan 30 12:54:08.260 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:0C:64:20:22:47:21:1A:F9:A1:48:FE:2E:
C4:81:F0:BE:05:EB:AA:D1:AE:CD:18:0D:E9:00:DC:AC:
BA:64:73:4E:02:20:69:1B:98:53:E5:25:13:73:EA:22:
F7:83:E1:44:90:0F:C8:3E:5A:6A:30:C8:03:94:E7:16:
F2:47:6B:77:AF:E8
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 48:B0:E3:6B:DA:A6:47:34:0F:E5:6A:02:FA:9D:30:EB:
1C:52:01:CB:56:DD:2C:81:D9:BB:BF:AB:39:D8:84:73
Timestamp : Jan 30 12:54:08.194 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:8B:8D:9E:D0:DF:0D:4A:F0:BB:B1:10:
25:46:BA:74:78:56:DC:6C:79:18:1E:BF:AB:64:AD:C6:
8F:A6:D9:DE:0D:02:20:6F:51:BD:2E:C4:57:B4:A7:EB:
03:BE:8E:6F:E2:74:BD:10:B2:A3:58:81:35:B9:11:5F:
20:A2:E0:1F:A5:E2:BD

SSL check results of arybit.co.ke