SSL-Tools

SSL check results of avs.justice.cz

NEW You can also bulk check multiple servers.

Discover if the mail servers for avs.justice.cz can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON Refresh

Report created Wed, 03 Jun 2026 12:57:14 +0000

The mailservers of avs.justice.cz can be reached through a secure connection.

Servers

Incoming Mails

These servers are responsible for incoming mails to @avs.justice.cz addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
ms.justice.cz
2001:af0:ffee:200::c2d5:2954
 10
supported
ms.justice.cz
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
14 s
ms.justice.cz
194.213.41.84
 10
supported
ms.justice.cz
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
13 s

Outgoing Mails

We have not received any emails from a @avs.justice.cz address so far. Test mail delivery

Certificates

First seen at:

CN=ms.justice.cz,O=Ministerstvo spravedlnosti ČR,L=Praha,C=CZ,serialNumber=Government Entity,businessCategory=Government Entity,jurisdictionC=CZ

Certificate chain
Subject
jurisdictionC
  • CZ
Business category
  • Government Entity
Serial number
  • Government Entity
Country (C)
  • CZ
Locality (L)
  • Praha
Organization (O)
  • Ministerstvo spravedlnosti ČR
Common Name (CN)
  • ms.justice.cz
Alternative Names
  • ms.justice.cz
  • mse1.justice.cz
  • mse2.justice.cz
Issuer
Country (C)
  • US
Organization (O)
  • DigiCert Inc
Common Name (CN)
  • Thawte EV RSA CA G2
validity period
Not valid before
2025-11-28
Not valid after
2026-12-29
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
Fingerprints
SHA256
E3:EB:79:29:97:A6:C4:E6:90:7D:77:E2:50:07:55:69:16:CD:AD:3C:C8:EB:53:D3:74:9F:A1:FE:93:0A:E2:70
SHA1
1D:1A:90:20:98:2C:46:D2:37:04:01:AF:A5:95:05:4F:12:3B:24:A9
X509v3 extensions
authorityKeyIdentifier
  • keyid:6C:2E:E4:61:B4:C3:B9:BD:F0:CA:AD:A6:C1:68:7A:B8:D4:CC:1D:A0
subjectKeyIdentifier
  • 6E:E8:0C:58:2B:5A:36:89:A4:04:94:D8:C8:33:EE:E0:B8:E9:03:09
certificatePolicies
  • Policy: 2.16.840.1.114412.2.1
  • Policy: 2.23.140.1.1
  • CPS: http://www.digicert.com/CPS
crlDistributionPoints
  • Full Name:
  • URI:http://crl3.digicert.com/ThawteEVRSACAG2.crl
  • Full Name:
  • URI:http://crl4.digicert.com/ThawteEVRSACAG2.crl
authorityInfoAccess
  • OCSP - URI:http://ocsp.digicert.com
  • CA Issuers - URI:http://cacerts.digicert.com/ThawteEVRSACAG2.crt
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : D7:6D:7D:10:D1:A7:F5:77:C2:C7:E9:5F:D7:00:BF:F9:
  • 82:C9:33:5A:65:E1:D0:B3:01:73:17:C0:C8:C5:69:77
  • Timestamp : Nov 28 07:17:53.641 2025 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:44:02:20:4F:42:B6:5D:5B:1F:53:85:5E:1C:61:10:
  • 01:4F:23:35:93:35:EA:93:AF:B9:B9:3C:82:FB:07:E5:
  • 66:5E:61:62:02:20:3D:73:77:10:73:38:E0:FE:E7:9C:
  • FC:37:56:7C:79:3E:E3:6E:9E:DC:24:4F:01:31:58:2F:
  • BF:76:FB:E2:65:67
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : C8:A3:C4:7F:C7:B3:AD:B9:35:6B:01:3F:6A:7A:12:6D:
  • E3:3A:4E:43:A5:C6:46:F9:97:AD:39:75:99:1D:CF:9A
  • Timestamp : Nov 28 07:17:53.678 2025 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:21:00:E0:A4:62:47:4C:A2:3A:91:86:57:24:
  • B9:85:06:0C:20:DB:76:2C:01:3E:A8:FC:89:D2:2B:4E:
  • 20:9F:A4:C3:E1:02:20:0E:D7:82:6B:55:92:F6:20:CC:
  • 8C:00:DC:A3:AD:86:78:7A:39:7E:0D:3A:28:C8:16:B9:
  • 35:C9:DA:1E:61:86:76
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : C2:31:7E:57:45:19:A3:45:EE:7F:38:DE:B2:90:41:EB:
  • C7:C2:21:5A:22:BF:7F:D5:B5:AD:76:9A:D9:0E:52:CD
  • Timestamp : Nov 28 07:17:53.690 2025 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:20:62:7F:8D:06:76:9E:E1:CC:D3:23:26:F7:
  • F8:76:93:85:EE:D4:27:74:2F:1F:60:24:CB:B9:16:91:
  • B4:E7:8C:47:02:21:00:DD:1B:6E:C8:59:1F:98:96:9E:
  • 52:7C:BE:BE:90:69:0C:D2:BC:2A:0B:58:0B:96:9C:D7:
  • C9:29:62:53:0C:61:BA

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name Options DNSSEC Matches
_25._tcp.ms.justice.cz
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid
_25._tcp.ms.justice.cz
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid