SSL check results of citi.com

NEW You can also bulk check multiple servers.

Discover if the mail servers for citi.com can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

Report created Fri, 21 Feb 2025 15:06:22 +0000

The mailservers of citi.com can be reached through a secure connection.

Servers

Incoming Mails

These servers are responsible for incoming mails to @citi.com addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
mx-a.mail.citi.com
67.231.145.106
5
supported
mx-a.mail.citi.com
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
19 s
mx-b.mail.citi.com
67.231.153.94
5
supported
mx-b.mail.citi.com
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
16 s

Outgoing Mails

We have not received any emails from a @citi.com address so far. Test mail delivery

Certificates

First seen at:

CN=mx-a.mail.citi.com,O=Citigroup Inc.,L=New York,ST=New York,C=US,serialNumber=2154254,businessCategory=Private Organization,jurisdictionST=Delaware,jurisdictionC=US

Certificate chain
Subject
jurisdictionC
  • US
jurisdictionST
  • Delaware
Business category
  • Private Organization
Serial number
  • 2154254
Country (C)
  • US
State (ST)
  • New York
Locality (L)
  • New York
Organization (O)
  • Citigroup Inc.
Common Name (CN)
  • mx-a.mail.citi.com
Alternative Names
  • mx-a.mail.citi.com
  • user-mx-a-p.mail.citi.com
Issuer
Country (C)
  • US
Organization (O)
  • DigiCert Inc
Organizational Unit (OU)
  • www.digicert.com
Common Name (CN)
  • DigiCert SHA2 Extended Validation Server CA
validity period
Not valid before
2024-03-04
Not valid after
2025-03-18
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
19:8E:76:FA:E0:70:04:E8:E6:E6:24:FA:0C:09:A4:4B:F6:F8:9A:E0:A8:59:82:ED:D9:B6:34:B4:0B:60:45:0A
SHA1
B8:77:6A:F0:38:0B:63:2F:F4:0D:29:E2:90:95:80:70:96:30:E1:D9
X509v3 extensions
authorityKeyIdentifier
  • keyid:3D:D3:50:A5:D6:A0:AD:EE:F3:4A:60:0A:65:D3:21:D4:F8:F8:D6:0F
subjectKeyIdentifier
  • BC:6D:D7:81:FB:A6:13:06:8A:2C:86:2D:18:6E:96:7A:FA:11:CF:55
certificatePolicies
  • Policy: 2.16.840.1.114412.2.1
  • Policy: 2.23.140.1.1
  • CPS: http://www.digicert.com/CPS
crlDistributionPoints
  • Full Name:
  • URI:http://crl3.digicert.com/sha2-ev-server-g3.crl
  • Full Name:
  • URI:http://crl4.digicert.com/sha2-ev-server-g3.crl
authorityInfoAccess
  • OCSP - URI:http://ocsp.digicert.com
  • CA Issuers - URI:http://cacerts.digicert.com/DigiCertSHA2ExtendedValidationServerCA.crt
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : CF:11:56:EE:D5:2E:7C:AF:F3:87:5B:D9:69:2E:9B:E9:
  • 1A:71:67:4A:B0:17:EC:AC:01:D2:5B:77:CE:CC:3B:08
  • Timestamp : Mar 4 08:38:22.988 2024 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:44:02:20:10:9F:E8:81:97:F0:AB:BE:8B:2D:4C:5E:
  • D8:09:88:5B:1F:02:CD:02:FF:D1:58:69:58:3C:41:6A:
  • 83:D1:78:0E:02:20:30:4D:84:20:44:D0:56:69:C7:90:
  • A7:E1:36:01:07:C5:40:23:3A:60:C9:6E:BE:26:47:BE:
  • 82:74:CA:23:2D:37
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 7D:59:1E:12:E1:78:2A:7B:1C:61:67:7C:5E:FD:F8:D0:
  • 87:5C:14:A0:4E:95:9E:B9:03:2F:D9:0E:8C:2E:79:B8
  • Timestamp : Mar 4 08:38:22.930 2024 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:21:00:AF:DC:D9:4A:7A:F5:95:55:18:ED:E1:
  • E0:6A:F8:61:2A:2A:28:FA:BA:6D:C1:DA:FA:B9:A7:25:
  • 2B:97:DA:35:7D:02:20:1E:84:6A:40:2A:78:E5:C0:E8:
  • AC:89:24:7D:E5:42:B6:3C:41:B8:8A:D8:5C:A4:76:1C:
  • 8C:DA:73:67:66:4C:5D
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : E6:D2:31:63:40:77:8C:C1:10:41:06:D7:71:B9:CE:C1:
  • D2:40:F6:96:84:86:FB:BA:87:32:1D:FD:1E:37:8E:50
  • Timestamp : Mar 4 08:38:22.973 2024 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:21:00:82:9F:FC:65:AA:D8:B4:98:49:03:C0:
  • 46:08:C0:20:C7:62:77:8C:F8:65:88:D3:E4:0B:56:AF:
  • 15:79:B5:E8:99:02:20:0E:46:1B:D1:76:6B:77:B1:6B:
  • 33:4A:FC:E3:5C:BE:1C:18:EE:D6:86:C4:17:8A:5E:A0:
  • 97:2C:5A:B4:B3:E1:2C
First seen at:

CN=mx-b.mail.citi.com,O=Citigroup Inc.,L=New York,ST=New York,C=US,serialNumber=2154254,businessCategory=Private Organization,jurisdictionST=Delaware,jurisdictionC=US

Certificate chain
Subject
jurisdictionC
  • US
jurisdictionST
  • Delaware
Business category
  • Private Organization
Serial number
  • 2154254
Country (C)
  • US
State (ST)
  • New York
Locality (L)
  • New York
Organization (O)
  • Citigroup Inc.
Common Name (CN)
  • mx-b.mail.citi.com
Alternative Names
  • mx-b.mail.citi.com
  • user-mx-b-p.mail.citi.com
Issuer
Country (C)
  • US
Organization (O)
  • DigiCert Inc
Organizational Unit (OU)
  • www.digicert.com
Common Name (CN)
  • DigiCert SHA2 Extended Validation Server CA
validity period
Not valid before
2024-03-07
Not valid after
2025-03-20
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
3F:73:17:4C:F0:DE:5B:CB:8F:A5:4A:33:DF:D7:AB:98:BC:56:16:EB:F0:DD:F2:66:16:59:2A:49:4F:F0:56:F8
SHA1
4E:BC:80:20:7C:D5:37:3F:5B:83:4D:5F:CF:3D:70:44:24:A2:5C:63
X509v3 extensions
authorityKeyIdentifier
  • keyid:3D:D3:50:A5:D6:A0:AD:EE:F3:4A:60:0A:65:D3:21:D4:F8:F8:D6:0F
subjectKeyIdentifier
  • B9:2A:91:8F:F7:88:34:F3:0F:C9:4A:E8:2A:DD:54:A3:69:EE:D3:44
certificatePolicies
  • Policy: 2.16.840.1.114412.2.1
  • Policy: 2.23.140.1.1
  • CPS: http://www.digicert.com/CPS
crlDistributionPoints
  • Full Name:
  • URI:http://crl3.digicert.com/sha2-ev-server-g3.crl
  • Full Name:
  • URI:http://crl4.digicert.com/sha2-ev-server-g3.crl
authorityInfoAccess
  • OCSP - URI:http://ocsp.digicert.com
  • CA Issuers - URI:http://cacerts.digicert.com/DigiCertSHA2ExtendedValidationServerCA.crt
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 4E:75:A3:27:5C:9A:10:C3:38:5B:6C:D4:DF:3F:52:EB:
  • 1D:F0:E0:8E:1B:8D:69:C0:B1:FA:64:B1:62:9A:39:DF
  • Timestamp : Mar 7 00:34:14.180 2024 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:21:00:D3:2E:97:B1:F5:C8:66:92:EC:65:48:
  • 6A:5A:4A:0C:20:B6:53:96:54:AE:E8:D2:1F:96:96:BE:
  • E9:BA:A8:10:5F:02:20:71:FD:3F:57:E6:CE:49:6C:D2:
  • C8:E6:F0:D6:53:AD:40:29:52:25:03:89:21:56:6D:91:
  • 68:6D:EF:1E:26:E8:5C
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 7D:59:1E:12:E1:78:2A:7B:1C:61:67:7C:5E:FD:F8:D0:
  • 87:5C:14:A0:4E:95:9E:B9:03:2F:D9:0E:8C:2E:79:B8
  • Timestamp : Mar 7 00:34:14.241 2024 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:44:02:20:2B:3B:52:D3:59:F1:D0:B0:A5:94:45:13:
  • 11:D9:D5:C6:D0:D1:2E:F5:CD:42:57:9E:DF:75:F2:0A:
  • 0B:47:CC:43:02:20:6E:67:6F:13:90:A9:1D:89:BF:44:
  • 0F:BF:C7:58:17:F8:AF:2A:1E:16:4A:FC:BA:E7:B4:E6:
  • 2B:48:56:55:CA:5A
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : E6:D2:31:63:40:77:8C:C1:10:41:06:D7:71:B9:CE:C1:
  • D2:40:F6:96:84:86:FB:BA:87:32:1D:FD:1E:37:8E:50
  • Timestamp : Mar 7 00:34:14.282 2024 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:44:02:20:33:A5:D2:01:CB:9A:21:5E:0B:B6:A2:A2:
  • C4:F9:A5:F0:B2:F2:93:6A:0D:48:43:A1:27:09:C2:24:
  • 91:45:92:69:02:20:5D:86:28:5D:60:5D:2A:87:B4:44:
  • 14:1E:17:E6:D5:53:11:0E:22:EE:98:EA:73:68:E7:7B:
  • D1:DE:C6:3D:38:08