SSL-Tools

SSL check results of ekom21.de

NEW You can also bulk check multiple servers.

Discover if the mail servers for ekom21.de can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON Refresh

Report created Fri, 03 Nov 2023 08:13:10 +0000

The mailservers of ekom21.de can be reached through a secure connection.

Servers

Incoming Mails

These servers are responsible for incoming mails to @ekom21.de addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
mx5skas.kgrz-ks.de
62.156.249.82
 10
supported
*.kgrz-ks.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
2 s
mx3skas.kgrz-ks.de
80.69.201.82
 10
supported
*.kgrz-ks.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
1 s
mx4skas.kgrz-ks.de
80.69.201.83
 10
supported
*.kgrz-ks.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
2 s
mx3sgie.ekom21.de
2a02:1010:c210:2d::2b
 10
supported
*.ekom21.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
1 s
mx3sgie.ekom21.de
195.226.81.82
 10
supported
*.ekom21.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
1 s

Outgoing Mails

We have not received any emails from a @ekom21.de address so far. Test mail delivery

Certificates

First seen at:

CN=*.kgrz-ks.de,O=ekom21 - KGRZ Hessen K.d.oe.R.,L=Giessen,ST=Hessen,C=DE

Certificate chain
Subject
Country (C)
  • DE
State (ST)
  • Hessen
Locality (L)
  • Giessen
Organization (O)
  • ekom21 - KGRZ Hessen K.d.oe.R.
Common Name (CN)
  • *.kgrz-ks.de
Alternative Names
  • *.kgrz-ks.de
  • kgrz-ks.de
Issuer
Country (C)
  • BE
Organization (O)
  • GlobalSign nv-sa
Common Name (CN)
  • GlobalSign RSA OV SSL CA 2018
validity period
Not valid before
2023-11-01
Not valid after
2024-12-02
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
77:AB:57:B6:61:1C:1E:20:97:F3:65:C1:29:61:1E:BF:66:2B:8A:C6:52:03:A5:BA:C4:6A:53:20:E7:08:53:B3
SHA1
8E:6D:51:D9:67:ED:46:6E:26:38:7D:AE:63:56:8A:E8:71:6B:6D:E0
X509v3 extensions
authorityInfoAccess
  • CA Issuers - URI:http://secure.globalsign.com/cacert/gsrsaovsslca2018.crt
  • OCSP - URI:http://ocsp.globalsign.com/gsrsaovsslca2018
certificatePolicies
  • Policy: 1.3.6.1.4.1.4146.1.20
  • CPS: https://www.globalsign.com/repository/
  • Policy: 2.23.140.1.2.2
crlDistributionPoints
  • Full Name:
  • URI:http://crl.globalsign.com/gsrsaovsslca2018.crl
authorityKeyIdentifier
  • keyid:F8:EF:7F:F2:CD:78:67:A8:DE:6F:8F:24:8D:88:F1:87:03:02:B3:EB
subjectKeyIdentifier
  • B7:18:8A:93:ED:82:82:EE:56:AF:2E:30:18:74:74:12:58:86:59:F2
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : EE:CD:D0:64:D5:DB:1A:CE:C5:5C:B7:9D:B4:CD:13:A2:
  • 32:87:46:7C:BC:EC:DE:C3:51:48:59:46:71:1F:B5:9B
  • Timestamp : Nov 1 14:56:06.096 2023 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:44:02:20:0B:9F:AD:53:E4:9C:3C:87:63:26:B3:27:
  • 6E:BF:BD:7A:29:0C:31:D0:C7:76:68:43:09:38:E6:B4:
  • 6E:00:34:A5:02:20:2A:EE:FB:FE:47:C1:77:2B:4B:FE:
  • FB:2E:60:9B:05:42:FF:D7:3C:9D:09:4E:19:33:C8:00:
  • 0E:A9:29:1F:4B:80
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 48:B0:E3:6B:DA:A6:47:34:0F:E5:6A:02:FA:9D:30:EB:
  • 1C:52:01:CB:56:DD:2C:81:D9:BB:BF:AB:39:D8:84:73
  • Timestamp : Nov 1 14:56:05.698 2023 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:44:02:20:1D:7B:A2:27:6D:B7:86:98:76:34:1A:74:
  • 1E:90:E8:4A:8B:39:DB:F9:2C:4B:30:BF:E0:19:FF:39:
  • 8A:82:E7:E0:02:20:6B:45:24:02:ED:6D:CB:07:03:0F:
  • 23:95:55:B9:CD:2F:7C:D2:88:1D:FB:23:1F:9E:0A:A5:
  • 1D:18:AE:50:FB:28
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : DA:B6:BF:6B:3F:B5:B6:22:9F:9B:C2:BB:5C:6B:E8:70:
  • 91:71:6C:BB:51:84:85:34:BD:A4:3D:30:48:D7:FB:AB
  • Timestamp : Nov 1 14:56:06.046 2023 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:44:02:20:33:17:86:72:67:B5:5F:25:D0:B3:C1:72:
  • 61:01:45:5D:F0:9E:74:3E:06:63:21:BF:76:E2:C0:0B:
  • 80:61:ED:35:02:20:11:8F:AF:CC:B9:05:01:22:4F:5D:
  • 1D:B3:E7:BC:A5:14:3B:94:5A:B1:F7:B7:96:58:4F:A7:
  • 2E:A7:69:B0:42:C3
First seen at:

CN=*.ekom21.de,O=ekom21 - KGRZ Hessen K.d.oe.R.,L=Giessen,ST=Hessen,C=DE

Certificate chain
Subject
Country (C)
  • DE
State (ST)
  • Hessen
Locality (L)
  • Giessen
Organization (O)
  • ekom21 - KGRZ Hessen K.d.oe.R.
Common Name (CN)
  • *.ekom21.de
Alternative Names
  • *.ekom21.de
  • ekom21.de
Issuer
Country (C)
  • BE
Organization (O)
  • GlobalSign nv-sa
Common Name (CN)
  • GlobalSign RSA OV SSL CA 2018
validity period
Not valid before
2023-06-06
Not valid after
2024-07-07
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
07:5F:DF:5B:59:A8:52:25:EE:DF:8A:25:43:C2:9E:D7:31:8D:92:94:EF:4D:3A:AB:A6:2D:63:A7:49:E0:58:72
SHA1
29:3A:A8:F0:9C:70:09:B2:6A:ED:33:FD:0B:44:09:A3:4A:5A:45:2B
X509v3 extensions
authorityInfoAccess
  • CA Issuers - URI:http://secure.globalsign.com/cacert/gsrsaovsslca2018.crt
  • OCSP - URI:http://ocsp.globalsign.com/gsrsaovsslca2018
certificatePolicies
  • Policy: 1.3.6.1.4.1.4146.1.20
  • CPS: https://www.globalsign.com/repository/
  • Policy: 2.23.140.1.2.2
crlDistributionPoints
  • Full Name:
  • URI:http://crl.globalsign.com/gsrsaovsslca2018.crl
authorityKeyIdentifier
  • keyid:F8:EF:7F:F2:CD:78:67:A8:DE:6F:8F:24:8D:88:F1:87:03:02:B3:EB
subjectKeyIdentifier
  • B0:27:60:49:46:C7:ED:02:D7:EC:76:77:41:0A:9B:79:18:F8:FB:E2
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : EE:CD:D0:64:D5:DB:1A:CE:C5:5C:B7:9D:B4:CD:13:A2:
  • 32:87:46:7C:BC:EC:DE:C3:51:48:59:46:71:1F:B5:9B
  • Timestamp : Jun 6 14:41:18.573 2023 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:46:02:21:00:C4:44:8B:CC:CA:8B:97:2D:11:88:90:
  • 55:AD:C6:62:24:E2:AE:D1:BA:E2:E6:E1:AA:99:15:B6:
  • E4:F1:3A:B0:22:02:21:00:A4:D5:6F:F0:40:59:9A:64:
  • 05:40:08:30:1C:78:CB:6B:80:5E:76:0A:3A:9B:11:36:
  • 1C:CF:96:73:F4:63:BF:92
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 48:B0:E3:6B:DA:A6:47:34:0F:E5:6A:02:FA:9D:30:EB:
  • 1C:52:01:CB:56:DD:2C:81:D9:BB:BF:AB:39:D8:84:73
  • Timestamp : Jun 6 14:41:18.594 2023 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:21:00:CF:20:30:C8:4D:9B:C9:A1:17:17:18:
  • 3D:F5:F0:06:E7:76:12:47:64:45:86:19:F9:82:E9:26:
  • EF:82:58:DF:0A:02:20:65:90:5F:C7:1C:DA:BA:3C:30:
  • 02:42:7E:4E:E0:86:B7:C0:2C:66:71:88:28:CA:D5:0B:
  • F0:94:CB:E7:BB:0F:24
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : DA:B6:BF:6B:3F:B5:B6:22:9F:9B:C2:BB:5C:6B:E8:70:
  • 91:71:6C:BB:51:84:85:34:BD:A4:3D:30:48:D7:FB:AB
  • Timestamp : Jun 6 14:41:18.626 2023 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:46:02:21:00:86:13:9F:CB:A3:1C:82:D2:9A:26:43:
  • C8:CE:EB:42:59:C3:A3:44:3B:D3:3D:52:D0:3D:CA:3D:
  • 54:82:82:92:B5:02:21:00:F5:89:96:CF:44:49:EE:FC:
  • BB:21:F8:48:EB:CE:89:C6:83:76:B1:C4:C2:FB:F4:C5:
  • 36:7C:2B:C5:AA:7C:97:6D

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name Options DNSSEC Matches
_25._tcp.mx5skas.kgrz-ks.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid
_25._tcp.mx3skas.kgrz-ks.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid
_25._tcp.mx4skas.kgrz-ks.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid
_25._tcp.mx3sgie.ekom21.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid