SSL-Tools

SSL check results of hedim.ch

NEW You can also bulk check multiple servers.

Discover if the mail servers for hedim.ch can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON Refresh

Report created Mon, 27 Jan 2025 01:30:26 +0000

The mailservers of hedim.ch can be reached through a secure connection.

Servers

Incoming Mails

These servers are responsible for incoming mails to @hedim.ch addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
server.hedim.ch
2a01:4f8:1c1c:c0dc::1
 10
supported
server.hedim.ch
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
1 s
server.hedim.ch
116.203.60.71
 10
supported
server.hedim.ch
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
1 s

Outgoing Mails

We have not received any emails from a @hedim.ch address so far. Test mail delivery

Certificates

First seen at:

CN=server.hedim.ch

Certificate chain
  • server.hedim.ch
    • remaining
    • 2048 bit
    • sha256WithRSAEncryption
      • R10
        • remaining
        • 2048 bit
        • sha256WithRSAEncryption
          • ISRG Root X1 (Certificate is self-signed.)
            • remaining
            • 4096 bit
            • sha256WithRSAEncryption
Subject
Common Name (CN)
  • server.hedim.ch
Alternative Names
  • server.hedim.ch
Issuer
Country (C)
  • US
Organization (O)
  • Let's Encrypt
Common Name (CN)
  • R10
validity period
Not valid before
2025-01-25
Not valid after
2025-04-25
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
B5:B6:7A:12:5D:6D:D2:9D:1D:E9:FD:56:C5:60:7F:F7:BF:28:75:A6:21:72:B0:E9:FB:54:C2:BC:0F:9E:91:31
SHA1
1B:6C:64:7D:DE:9D:1A:19:F9:EF:9C:92:BC:E7:37:FC:6F:73:A6:FA
X509v3 extensions
subjectKeyIdentifier
  • 27:B5:98:45:7A:41:C1:D3:3A:72:C6:A5:EE:43:2A:A3:6A:4D:05:33
authorityKeyIdentifier
  • keyid:BB:BC:C3:47:A5:E4:BC:A9:C6:C3:A4:72:0C:10:8D:A2:35:E1:C8:E8
authorityInfoAccess
  • OCSP - URI:http://r10.o.lencr.org
  • CA Issuers - URI:http://r10.i.lencr.org/
certificatePolicies
  • Policy: 2.23.140.1.2.1
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 4E:75:A3:27:5C:9A:10:C3:38:5B:6C:D4:DF:3F:52:EB:
  • 1D:F0:E0:8E:1B:8D:69:C0:B1:FA:64:B1:62:9A:39:DF
  • Timestamp : Jan 25 08:08:03.494 2025 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:20:38:CE:32:C8:33:A2:5D:18:14:5B:BD:64:
  • EE:2E:A5:0F:E9:5F:22:A7:84:AC:C2:9A:6C:43:E9:94:
  • 92:98:3A:C0:02:21:00:C1:10:AA:C2:5B:2D:4A:FC:B3:
  • 71:D1:D4:96:7A:1D:A7:E2:AB:B0:0E:76:8B:8A:01:1F:
  • A0:B7:ED:27:D3:8A:56
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 13:4A:DF:1A:B5:98:42:09:78:0C:6F:EF:4C:7A:91:A4:
  • 16:B7:23:49:CE:58:57:6A:DF:AE:DA:A7:C2:AB:E0:22
  • Timestamp : Jan 25 08:08:03.694 2025 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:44:02:20:5C:FF:19:63:10:FD:B5:57:9D:87:50:32:
  • 2B:E9:23:57:FF:7C:13:3E:D5:3D:37:BD:C5:52:57:FD:
  • 03:0E:D6:99:02:20:77:A7:72:62:65:3E:6A:67:28:1B:
  • 39:83:DD:E9:70:2D:C5:71:96:F0:59:DC:5A:88:25:D8:
  • E9:DD:CD:F5:37:D8

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name Options DNSSEC Matches
_25._tcp.server.hedim.ch
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid