SSL-Tools

SSL check results of ekir.de

NEW You can also bulk check multiple servers.

Discover if the mail servers for ekir.de can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON Refresh

Report created Fri, 25 Aug 2023 12:20:23 +0000

No connection to the mailservers of ekir.de could be established.

Servers

Incoming Mails

These servers are responsible for incoming mails to @ekir.de addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
secure-mail02.de.cancom-mase.com
195.227.216.10
Results incomplete
10
supported
*.de.cancom-mase.com
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
1 s
secure-mail03.de.cancom-mase.com
5.61.80.97
Results incomplete
10
supported
*.de.cancom-mase.com
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
1 s
secure-mail01.de.cancom-mase.com
2001:1440:0:4036::11
Results incomplete
10
supported
*.de.cancom-mase.com
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
1 s
secure-mail01.de.cancom-mase.com
195.227.216.2
Results incomplete
10
supported
*.de.cancom-mase.com
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
1 s
secure-mail04.de.cancom-mase.com
5.61.80.98
Results incomplete
20
supported
*.de.cancom-mase.com
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
2 s

Outgoing Mails

We have not received any emails from a @ekir.de address so far. Test mail delivery

Certificates

First seen at:

CN=*.de.cancom-mase.com

Certificate chain
Subject
Common Name (CN)
  • *.de.cancom-mase.com
Alternative Names
  • *.de.cancom-mase.com
  • de.cancom-mase.com
Issuer
Country (C)
  • US
Organization (O)
  • DigiCert Inc
Organizational Unit (OU)
  • www.digicert.com
Common Name (CN)
  • RapidSSL TLS RSA CA G1
validity period
Not valid before
2023-06-05
Not valid after
2024-06-04
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
DF:24:2A:A2:1E:BE:67:0D:09:96:2B:BD:E2:2B:74:BF:33:6D:3C:DD:C1:57:33:71:58:A1:93:56:4C:1A:7D:9D
SHA1
80:5B:FF:9A:76:E4:63:FC:67:01:3F:5D:34:B3:D0:EB:BB:B2:FA:EF
X509v3 extensions
authorityKeyIdentifier
  • keyid:0C:DB:6C:82:49:0F:4A:67:0A:B8:14:EE:7A:C4:48:52:88:EB:56:38
subjectKeyIdentifier
  • AC:00:C6:E2:DF:68:7C:02:0B:7F:BA:F6:AF:EB:75:A1:AC:FF:15:3C
crlDistributionPoints
  • Full Name:
  • URI:http://cdp.rapidssl.com/RapidSSLTLSRSACAG1.crl
certificatePolicies
  • Policy: 2.23.140.1.2.1
  • CPS: http://www.digicert.com/CPS
authorityInfoAccess
  • OCSP - URI:http://status.rapidssl.com
  • CA Issuers - URI:http://cacerts.rapidssl.com/RapidSSLTLSRSACAG1.crt
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : EE:CD:D0:64:D5:DB:1A:CE:C5:5C:B7:9D:B4:CD:13:A2:
  • 32:87:46:7C:BC:EC:DE:C3:51:48:59:46:71:1F:B5:9B
  • Timestamp : Jun 5 08:43:26.324 2023 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:46:02:21:00:86:37:1E:1D:D3:75:1B:57:54:2A:5B:
  • 16:81:C2:8D:74:4D:C5:52:28:A4:A4:39:16:D1:E3:A3:
  • FD:62:D8:9F:7A:02:21:00:E1:1A:20:9C:5E:3F:5A:B9:
  • C1:2A:99:48:C8:EF:93:2F:6C:67:AC:59:E0:0E:FF:B4:
  • 3D:E2:B8:33:38:8F:7E:3F
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 48:B0:E3:6B:DA:A6:47:34:0F:E5:6A:02:FA:9D:30:EB:
  • 1C:52:01:CB:56:DD:2C:81:D9:BB:BF:AB:39:D8:84:73
  • Timestamp : Jun 5 08:43:26.299 2023 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:44:02:20:60:F7:DA:69:82:32:3F:F1:46:A8:38:22:
  • 2B:AB:4A:34:38:E4:A3:2E:19:5F:84:16:8B:9C:54:F6:
  • 38:E0:8E:B6:02:20:24:BD:F0:08:C6:35:36:32:D7:6A:
  • 23:64:B9:67:EC:2D:43:46:20:FC:A5:65:11:FD:52:42:
  • 96:EE:31:07:AD:D4
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : DA:B6:BF:6B:3F:B5:B6:22:9F:9B:C2:BB:5C:6B:E8:70:
  • 91:71:6C:BB:51:84:85:34:BD:A4:3D:30:48:D7:FB:AB
  • Timestamp : Jun 5 08:43:26.254 2023 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:21:00:BA:A8:B8:C2:2E:02:82:49:5D:65:46:
  • 5F:35:77:99:76:4D:19:39:EF:57:D2:3B:76:A4:7E:B1:
  • EA:C6:D8:06:0D:02:20:35:07:50:FB:19:B0:A9:40:A5:
  • 7C:EA:63:E0:DD:59:11:37:47:1F:F2:23:9B:01:84:CF:
  • D6:F6:26:82:85:FD:8A

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name Options DNSSEC Matches
_25._tcp.secure-mail02.de.cancom-mase.com
  • DANE-EE: Domain Issued Certificate
  • Use full certificate
  • SHA-256 Hash
valid
valid
_25._tcp.secure-mail02.de.cancom-mase.com
  • DANE-EE: Domain Issued Certificate
  • Use full certificate
  • SHA-256 Hash
valid
_25._tcp.secure-mail04.de.cancom-mase.com
  • DANE-EE: Domain Issued Certificate
  • Use full certificate
  • SHA-256 Hash
valid
_25._tcp.secure-mail04.de.cancom-mase.com
  • DANE-EE: Domain Issued Certificate
  • Use full certificate
  • SHA-256 Hash
valid
valid
_25._tcp.secure-mail03.de.cancom-mase.com
  • DANE-EE: Domain Issued Certificate
  • Use full certificate
  • SHA-256 Hash
valid
valid
_25._tcp.secure-mail03.de.cancom-mase.com
  • DANE-EE: Domain Issued Certificate
  • Use full certificate
  • SHA-256 Hash
valid
_25._tcp.secure-mail01.de.cancom-mase.com
  • DANE-EE: Domain Issued Certificate
  • Use full certificate
  • SHA-256 Hash
valid
_25._tcp.secure-mail01.de.cancom-mase.com
  • DANE-EE: Domain Issued Certificate
  • Use full certificate
  • SHA-256 Hash
valid
valid