SSL check results of dommel.nl

NEW You can also bulk check multiple servers.

Discover if the mail servers for dommel.nl can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

Report created Fri, 21 Feb 2020 01:30:16 +0000

We can not guarantee a secure connection to the mailservers of dommel.nl!

Please contact the operator of dommel.nl and ask him or her to solve this problem. This result stays accessible under the following address:

/mailservers/dommel.nl

Servers

Incoming Mails

These servers are responsible for incoming mails to @dommel.nl addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
mail.dommel.nl
81.175.72.228
Results incomplete
5
supported
not checked
DANE
errors
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
1 s
fallback.dommel.nl
89.106.167.130
50
supported
fallback.dommel.nl
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
2 s

Outgoing Mails

We have not received any emails from a @dommel.nl address so far. Test mail delivery

Certificates

First seen at:

CN=fallback.dommel.nl,emailAddress=postmaster@dommel.nl,O=Waterschap De Dommel,L=Boxtel,ST=Noord Brabant,C=NL

Certificate chain
  • fallback.dommel.nl
    • remaining
    • 2048 bit
    • sha256WithRSAEncryption
    • Unknown Authority

      internal-ca
Subject
Country (C)
  • NL
State (ST)
  • Noord Brabant
Locality (L)
  • Boxtel
Organization (O)
  • Waterschap De Dommel
Email
  • postmaster@dommel.nl
Common Name (CN)
  • fallback.dommel.nl
Issuer
Country (C)
  • NL
State (ST)
  • Noord Brabant
Locality (L)
  • Boxtel
Organization (O)
  • Waterschap De Dommel
Email
  • postmaster@dommel.nl
Common Name (CN)
  • internal-ca
validity period
Not valid before
2015-11-25
Not valid after
2025-11-22
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
  • 1.3.6.1.5.5.8.2.2
Fingerprints
SHA256
7E:27:A5:54:54:56:0F:21:B8:29:DC:50:16:91:C6:78:0A:08:6A:44:5F:F5:49:DC:36:06:5B:E4:38:96:FB:17
SHA1
28:C2:33:1C:09:7A:21:0B:71:1F:92:AD:51:F3:38:48:F5:8F:7D:2B
X509v3 extensions
nsCertType
  • SSL Server
nsComment
  • OpenSSL Generated Server Certificate
subjectKeyIdentifier
  • 62:4D:2D:33:4E:7C:7E:12:15:EB:E1:E3:4E:B7:A8:7E:86:20:E1:9A
authorityKeyIdentifier
  • keyid:40:06:E3:64:F5:F6:D3:8B:49:49:67:E3:37:AC:FA:F7:96:E0:D8:28
  • DirName:/C=NL/ST=Noord Brabant/L=Boxtel/O=Waterschap De Dommel/emailAddress=postmaster@dommel.nl/CN=internal-ca
  • serial:00

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name Options DNSSEC Matches
_25._tcp.fallback.dommel.nl
  • DANE-EE: Domain Issued Certificate
  • Use full certificate
  • SHA-256 Hash
valid
valid
_25._tcp.mail.dommel.nl
  • DANE-EE: Domain Issued Certificate
  • Use full certificate
  • SHA-256 Hash
valid