SSL check results of berchtesgaden.de

NEW You can also bulk check multiple servers.

Discover if the mail servers for berchtesgaden.de can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

Report created Thu, 24 Nov 2022 15:28:53 +0000

The mailservers of berchtesgaden.de can be reached through a secure connection.

Servers

Incoming Mails

These servers are responsible for incoming mails to @berchtesgaden.de addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
gatekeeper.space.net
2001:608:2:84::130
100
supported
*.space.net
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • SSLv3
12 s
gatekeeper.space.net
2001:608:3:84::16
100
supported
*.space.net
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • SSLv3
12 s
gatekeeper.space.net
2001:608:3:84::2
100
supported
*.space.net
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • SSLv3
12 s
gatekeeper.space.net
195.30.114.130
100
supported
*.space.net
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • SSLv3
12 s
gatekeeper.space.net
194.97.132.2
100
supported
*.space.net
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • SSLv3
12 s
gatekeeper.space.net
194.97.132.16
100
supported
*.space.net
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • SSLv3
12 s
gatekeeper.spacenet.de
2001:608:2:84::135
100
supported
*.spacenet.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • SSLv3
12 s
gatekeeper.spacenet.de
2001:608:3:84::6
100
supported
*.spacenet.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • SSLv3
12 s
gatekeeper.spacenet.de
2001:608:3:84::15
100
supported
*.spacenet.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • SSLv3
12 s
gatekeeper.spacenet.de
195.30.114.135
100
supported
*.spacenet.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • SSLv3
12 s
gatekeeper.spacenet.de
194.97.132.15
100
supported
*.spacenet.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • SSLv3
12 s
gatekeeper.spacenet.de
194.97.132.6
100
supported
*.spacenet.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • SSLv3
12 s

Outgoing Mails

We have not received any emails from a @berchtesgaden.de address so far. Test mail delivery

Certificates

First seen at:

CN=*.space.net

Certificate chain
Subject
Common Name (CN)
  • *.space.net
Alternative Names
  • *.space.net
  • space.net
Issuer
Country (C)
  • US
Organization (O)
  • DigiCert Inc
Organizational Unit (OU)
  • www.digicert.com
Common Name (CN)
  • RapidSSL TLS RSA CA G1
validity period
Not valid before
2022-05-02
Not valid after
2023-05-16
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
99:A7:BF:47:CD:3D:A1:FE:8B:BF:8D:7B:A9:8A:70:86:97:21:F6:A2:B4:D7:6A:05:E2:18:EA:28:5E:3A:BE:C3
SHA1
CB:16:6E:4D:49:9C:17:A9:93:DA:75:70:BC:FB:E6:96:3B:85:25:0D
X509v3 extensions
authorityKeyIdentifier
  • keyid:0C:DB:6C:82:49:0F:4A:67:0A:B8:14:EE:7A:C4:48:52:88:EB:56:38
subjectKeyIdentifier
  • 4B:CA:C0:B2:42:42:69:B0:36:72:67:17:EE:B5:9B:9B:08:DD:7D:B0
certificatePolicies
  • Policy: 2.23.140.1.2.1
  • CPS: http://www.digicert.com/CPS
authorityInfoAccess
  • OCSP - URI:http://status.rapidssl.com
  • CA Issuers - URI:http://cacerts.rapidssl.com/RapidSSLTLSRSACAG1.crt
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9:
  • 03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E
  • Timestamp : May 2 08:22:10.787 2022 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:21:00:FA:D3:51:1E:42:78:93:6E:35:E3:5E:
  • 27:AE:E7:E2:5D:6A:28:A4:15:42:C5:E6:40:72:82:5C:
  • 10:0E:D6:FF:D9:02:20:38:3A:EB:A9:02:53:87:BF:28:
  • 1A:6D:86:F3:69:6B:F8:7B:15:58:82:D5:48:71:CE:F2:
  • D0:DA:9E:46:56:B6:3D
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 35:CF:19:1B:BF:B1:6C:57:BF:0F:AD:4C:6D:42:CB:BB:
  • B6:27:20:26:51:EA:3F:E1:2A:EF:A8:03:C3:3B:D6:4C
  • Timestamp : May 2 08:22:10.739 2022 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:46:02:21:00:99:52:18:BE:BD:3F:53:25:2B:86:6D:
  • DE:6C:53:39:A7:35:39:58:CF:F3:07:85:CC:44:65:C2:
  • 3C:16:8D:07:D2:02:21:00:B9:58:10:C5:1B:02:BC:86:
  • 46:A6:37:9A:72:D2:73:21:6C:E0:46:B5:F8:81:B2:39:
  • 25:F7:7F:91:C1:53:5A:DA
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : B3:73:77:07:E1:84:50:F8:63:86:D6:05:A9:DC:11:09:
  • 4A:79:2D:B1:67:0C:0B:87:DC:F0:03:0E:79:36:A5:9A
  • Timestamp : May 2 08:22:10.787 2022 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:20:03:A0:B5:ED:58:80:AD:26:0E:89:88:3D:
  • 4F:A8:23:2A:2A:67:E2:83:91:33:E4:4F:BC:DB:7B:03:
  • 43:CE:DD:CF:02:21:00:C6:81:A8:D4:4A:B4:59:CA:CC:
  • D5:EF:3C:4B:61:C2:C1:3F:6A:8F:6D:BC:6A:83:35:4B:
  • A2:4B:41:A8:BB:73:13
First seen at:

CN=*.spacenet.de

Certificate chain
Subject
Common Name (CN)
  • *.spacenet.de
Alternative Names
  • *.spacenet.de
  • spacenet.de
Issuer
Country (C)
  • US
Organization (O)
  • DigiCert Inc
Organizational Unit (OU)
  • www.digicert.com
Common Name (CN)
  • RapidSSL TLS RSA CA G1
validity period
Not valid before
2021-12-08
Not valid after
2022-12-18
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
6F:26:4F:AA:00:91:0D:63:09:F4:EE:7B:AD:E4:B5:FF:EA:A7:39:CA:70:E5:B2:BB:D1:82:73:5F:B5:A6:57:54
SHA1
14:D9:32:A8:03:24:63:BF:C9:32:81:92:D3:DE:7E:8B:80:80:AF:D2
X509v3 extensions
authorityKeyIdentifier
  • keyid:0C:DB:6C:82:49:0F:4A:67:0A:B8:14:EE:7A:C4:48:52:88:EB:56:38
subjectKeyIdentifier
  • 32:45:06:DB:0F:C5:9E:4E:BF:5D:BF:FF:74:DB:EA:4E:2C:AE:FC:18
crlDistributionPoints
  • Full Name:
  • URI:http://cdp.rapidssl.com/RapidSSLTLSRSACAG1.crl
certificatePolicies
  • Policy: 2.23.140.1.2.1
  • CPS: http://www.digicert.com/CPS
authorityInfoAccess
  • OCSP - URI:http://status.rapidssl.com
  • CA Issuers - URI:http://cacerts.rapidssl.com/RapidSSLTLSRSACAG1.crt
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 29:79:BE:F0:9E:39:39:21:F0:56:73:9F:63:A5:77:E5:
  • BE:57:7D:9C:60:0A:F8:F9:4D:5D:26:5C:25:5D:C7:84
  • Timestamp : Dec 8 09:21:12.331 2021 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:44:02:20:74:78:5A:EF:6F:FD:F1:EE:9B:71:B7:77:
  • E9:A3:E7:0D:EE:5A:E6:B4:99:26:CB:17:B1:64:4A:BD:
  • 9B:A2:FC:B1:02:20:59:2C:4E:DC:47:26:5E:E0:99:D1:
  • FF:16:56:46:44:79:52:27:88:25:33:21:3B:77:ED:83:
  • 64:03:D7:43:BE:0D
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 51:A3:B0:F5:FD:01:79:9C:56:6D:B8:37:78:8F:0C:A4:
  • 7A:CC:1B:27:CB:F7:9E:88:42:9A:0D:FE:D4:8B:05:E5
  • Timestamp : Dec 8 09:21:12.286 2021 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:46:02:21:00:95:23:91:86:6F:F7:A3:4D:02:77:8A:
  • 6C:28:9E:42:D3:B9:63:E8:0C:6E:25:3F:9A:0B:07:92:
  • 91:84:BE:2E:76:02:21:00:E6:3F:21:A7:D6:5C:CE:0B:
  • EA:DA:E1:A7:63:18:9C:05:A0:31:A1:0F:E5:30:19:36:
  • 9B:C1:4C:5C:86:54:78:7F
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 41:C8:CA:B1:DF:22:46:4A:10:C6:A1:3A:09:42:87:5E:
  • 4E:31:8B:1B:03:EB:EB:4B:C7:68:F0:90:62:96:06:F6
  • Timestamp : Dec 8 09:21:12.227 2021 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:20:42:67:4E:21:22:D2:2C:7F:8B:80:5A:00:
  • CA:32:B5:46:99:F8:E6:C0:D6:C6:05:05:68:53:9C:25:
  • C8:E5:36:BD:02:21:00:DF:83:C0:BB:F1:8F:01:01:AF:
  • 16:58:44:7C:42:7F:A0:4F:FD:38:28:9C:31:FD:DC:23:
  • AB:46:8A:23:B9:FD:FF

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name Options DNSSEC Matches
_25._tcp.gatekeeper.space.net
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid
_25._tcp.gatekeeper.spacenet.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid