carstenwegner.de - TLS / STARTTLS Test

Discover if the mail servers for carstenwegner.de can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON Refresh

Report created Mon, 03 Nov 2025 10:32:46 +0000

Certificates

Trustworthy
Protocol

Secure
DANE

Problems found

The mailservers of carstenwegner.de can be reached through a secure connection.

Servers

Incoming Mails

These servers are responsible for incoming mails to @carstenwegner.de addresses.

Hostname / IP address	Priority	STARTTLS	Certificates	Protocol
mail.carstenwegner.de 2a01:4f8:1c1a:c354::1	10	supported	mail.carstenwegner.de	DANE valid PFS supported Heartbleed not vulnerable Weak ciphers not found	TLSv1.2 ~~SSLv3~~	2025-11-03 2 s
mail.carstenwegner.de 91.99.61.3	10	supported	mail.carstenwegner.de	DANE valid PFS supported Heartbleed not vulnerable Weak ciphers not found	TLSv1.2 ~~SSLv3~~	2025-11-03 2 s

Outgoing Mails

We have not received any emails from a @carstenwegner.de address so far. Test mail delivery

Certificates

First seen at: 2025-11-03

CN=mail.carstenwegner.de

Certificate chain

mail.carstenwegner.de
- 2026-01-31 remaining
- 4096 bit
- sha256WithRSAEncryption

Subject

Common Name (CN)

mail.carstenwegner.de

Alternative Names

autoconfig.carstenwegner.de
autoconfig.cwzone.de
autodiscover.carstenwegner.de
autodiscover.cwzone.de
mail.carstenwegner.de
mta-sts.carstenwegner.de

Issuer

Country (C)

Organization (O)

Let's Encrypt

Common Name (CN)

validity period

Not valid before: 2025-11-02
Not valid after: 2026-01-31

This certifcate has been verified for the following usages:

Digital Signature
Key Encipherment
TLS Web Server Authentication
TLS Web Client Authentication

Fingerprints

SHA256: F8:89:F6:68:03:EF:3D:14:6F:AB:EC:9B:14:E4:B6:74:66:6D:32:AE:46:1D:DC:FA:A5:D1:E5:A9:B5:77:F6:1A
SHA1: E9:3C:BF:71:CC:4B:90:63:36:63:E4:A5:AE:BD:CA:86:13:D6:19:3E

X509v3 extensions

subjectKeyIdentifier

F4:14:CA:CF:62:21:A3:96:3B:77:9D:31:31:E6:F5:57:3D:C8:B1:5D

authorityKeyIdentifier

keyid:00:B5:29:F2:2D:8E:6F:31:E8:9B:4C:AD:78:3E:FA:DC:E9:0C:D1:D2

authorityInfoAccess

CA Issuers - URI:http://r12.i.lencr.org/

certificatePolicies

Policy: 2.23.140.1.2.1

crlDistributionPoints

Full Name:
URI:http://r12.c.lencr.org/34.crl

ct_precert_scts

Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 96:97:64:BF:55:58:97:AD:F7:43:87:68:37:08:42:77:
E9:F0:3A:D5:F6:A4:F3:36:6E:46:A4:3F:0F:CA:A9:C6
Timestamp : Nov 2 08:03:34.251 2025 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:DB:54:80:B1:92:D6:4D:AD:F4:17:C3:
21:67:94:5B:17:4A:2C:87:FA:27:BA:77:64:5A:7D:6F:
92:40:E1:95:7A:02:20:72:F6:D1:6E:E2:AA:4B:A4:63:
CC:D2:1E:A4:73:CD:AD:B8:DF:28:B9:0A:C0:47:2D:EF:
06:04:E2:C3:41:EE:0A
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 64:11:C4:6C:A4:12:EC:A7:89:1C:A2:02:2E:00:BC:AB:
4F:28:07:D4:1E:35:27:AB:EA:FE:D5:03:C9:7D:CD:F0
Timestamp : Nov 2 08:03:36.174 2025 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:E0:F6:87:DC:96:D4:93:C6:D0:B5:91:
7D:57:37:7B:46:94:C6:2C:59:E8:80:FE:40:97:82:87:
C2:5D:E2:BC:85:02:20:2B:D2:6E:AB:41:37:E1:C7:95:
67:BC:05:CD:29:26:B8:64:95:95:C9:B6:CE:77:51:28:
6C:B2:ED:C3:1E:E6:F5

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name	Options	DNSSEC	Matches
_25._tcp.mail.carstenwegner.de	DANE-EE: Domain Issued Certificate Use subject public key SHA-256 Hash	error Debug	valid

SSL check results of carstenwegner.de