SSL-Tools

SSL check results of carstenwegner.de

NEW You can also bulk check multiple servers.

Discover if the mail servers for carstenwegner.de can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON Refresh

Report created Sat, 10 May 2025 00:31:36 +0000

The mailservers of carstenwegner.de can be reached through a secure connection.

Servers

Incoming Mails

These servers are responsible for incoming mails to @carstenwegner.de addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
mail.cwzone.de
2a01:4f8:1c1a:c354::1
 10
supported
mail.cwzone.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
9 s
mail.cwzone.de
91.99.61.3
 10
supported
mail.cwzone.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
4 s

Outgoing Mails

We have not received any emails from a @carstenwegner.de address so far. Test mail delivery

Certificates

First seen at:

CN=mail.cwzone.de

Certificate chain
  • mail.cwzone.de
    • remaining
    • 4096 bit
    • sha256WithRSAEncryption
      • R10
        • remaining
        • 2048 bit
        • sha256WithRSAEncryption
          • ISRG Root X1 (Certificate is self-signed.)
            • remaining
            • 4096 bit
            • sha256WithRSAEncryption
Subject
Common Name (CN)
  • mail.cwzone.de
Alternative Names
  • autoconfig.cwzone.de
  • autodiscover.cwzone.de
  • mail.cwzone.de
Issuer
Country (C)
  • US
Organization (O)
  • Let's Encrypt
Common Name (CN)
  • R10
validity period
Not valid before
2025-04-04
Not valid after
2025-07-03
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
6F:10:8D:CD:7E:BA:71:3E:3B:28:42:43:60:C6:07:B2:2F:0D:8D:A6:5C:DD:E7:C6:9E:E7:C4:21:83:BF:DA:9B
SHA1
AA:A9:42:D4:8B:10:7C:8C:1F:AA:81:2F:EA:73:DC:9E:E7:83:4D:53
X509v3 extensions
subjectKeyIdentifier
  • 0E:FB:46:B9:29:93:92:C6:71:21:D9:61:4D:28:DD:85:D2:30:1C:CF
authorityKeyIdentifier
  • keyid:BB:BC:C3:47:A5:E4:BC:A9:C6:C3:A4:72:0C:10:8D:A2:35:E1:C8:E8
authorityInfoAccess
  • OCSP - URI:http://r10.o.lencr.org
  • CA Issuers - URI:http://r10.i.lencr.org/
certificatePolicies
  • Policy: 2.23.140.1.2.1
crlDistributionPoints
  • Full Name:
  • URI:http://r10.c.lencr.org/124.crl
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 7D:59:1E:12:E1:78:2A:7B:1C:61:67:7C:5E:FD:F8:D0:
  • 87:5C:14:A0:4E:95:9E:B9:03:2F:D9:0E:8C:2E:79:B8
  • Timestamp : Apr 4 10:38:12.022 2025 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:46:02:21:00:DE:D2:A1:C3:FD:D3:D9:50:12:2A:A4:
  • 42:94:72:84:F1:03:5A:C4:24:22:E5:BD:89:E1:78:56:
  • B8:0E:0B:28:61:02:21:00:B4:9B:3F:2F:20:45:22:A3:
  • A8:38:52:D1:2A:EA:7F:B9:A2:9F:9D:BA:B6:B2:43:EC:
  • 15:F7:9E:D8:42:6A:09:14
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : CC:FB:0F:6A:85:71:09:65:FE:95:9B:53:CE:E9:B2:7C:
  • 22:E9:85:5C:0D:97:8D:B6:A9:7E:54:C0:FE:4C:0D:B0
  • Timestamp : Apr 4 10:38:12.053 2025 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:21:00:B1:D0:2C:6C:74:77:DD:B4:C7:0A:B4:
  • B9:69:56:FD:71:08:86:4A:3C:4B:6C:35:7B:AB:2B:9F:
  • 91:ED:8B:4E:A4:02:20:5F:FA:2B:92:4D:9E:CF:71:16:
  • 6C:ED:15:97:F8:4F:8F:07:55:57:3B:FC:5D:91:3E:8F:
  • 02:33:E7:73:99:C6:CD

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name Options DNSSEC Matches
_25._tcp.mail.cwzone.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
error
Debug
valid