SSL-Tools

SSL check results of heimnetze.org

NEW You can also bulk check multiple servers.

Discover if the mail servers for heimnetze.org can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON Refresh

Report created Mon, 26 Oct 2020 23:02:07 +0000

The mailservers of heimnetze.org can be reached through a secure connection.

Servers

Incoming Mails

These servers are responsible for incoming mails to @heimnetze.org addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
mailsrv.heimnetze.org
2a00:f48:1003:1::1885:9b1c
 10
supported
mailsrv.heimnetze.org
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
2 s
mailsrv.heimnetze.org
62.113.206.167
 10
supported
mailsrv.heimnetze.org
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
2 s

Outgoing Mails

We have not received any emails from a @heimnetze.org address so far. Test mail delivery

Certificates

First seen at:

CN=mailsrv.heimnetze.org

Certificate chain
Subject
Common Name (CN)
  • mailsrv.heimnetze.org
Alternative Names
  • mailsrv.heimnetze.org
  • mta-sts.heimnetze.org
  • www.heimnetze.org
Issuer
Country (C)
  • US
Organization (O)
  • Let's Encrypt
Common Name (CN)
  • Let's Encrypt Authority X3
validity period
Not valid before
2020-10-26
Not valid after
2021-01-24
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
C9:07:6C:F1:97:9C:02:8F:E8:22:B4:59:9F:E9:05:0B:E1:F0:3C:16:CC:4D:0E:22:78:7C:FB:1B:B4:87:E8:2C
SHA1
A2:B2:1F:CB:C9:E2:7A:C3:2E:F2:C5:3E:86:50:92:22:B5:36:79:29
X509v3 extensions
subjectKeyIdentifier
  • 5E:E0:9F:43:2D:22:49:CA:EA:87:9C:85:17:C2:35:0E:39:0E:31:18
authorityKeyIdentifier
  • keyid:A8:4A:6A:63:04:7D:DD:BA:E6:D1:39:B7:A6:45:65:EF:F3:A8:EC:A1
authorityInfoAccess
  • OCSP - URI:http://ocsp.int-x3.letsencrypt.org
  • CA Issuers - URI:http://cert.int-x3.letsencrypt.org/
certificatePolicies
  • Policy: 2.23.140.1.2.1
  • Policy: 1.3.6.1.4.1.44947.1.1.1
  • CPS: http://cps.letsencrypt.org
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 5C:DC:43:92:FE:E6:AB:45:44:B1:5E:9A:D4:56:E6:10:
  • 37:FB:D5:FA:47:DC:A1:73:94:B2:5E:E6:F6:C7:0E:CA
  • Timestamp : Oct 26 22:46:34.186 2020 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:21:00:E0:12:E1:E7:ED:72:49:8B:F0:6C:BD:
  • C5:5A:8C:76:37:35:D6:97:3B:90:5A:57:20:32:A8:F6:
  • 81:43:44:6F:B6:02:20:4C:8A:0D:54:4B:A0:E4:EE:4E:
  • A3:33:83:99:33:5A:28:A6:DD:44:84:B8:5A:A6:53:E5:
  • 55:04:E5:59:E6:7B:E3
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 7D:3E:F2:F8:8F:FF:88:55:68:24:C2:C0:CA:9E:52:89:
  • 79:2B:C5:0E:78:09:7F:2E:6A:97:68:99:7E:22:F0:D7
  • Timestamp : Oct 26 22:46:34.249 2020 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:46:02:21:00:A2:65:B0:60:FF:4C:65:95:9A:74:0A:
  • 0F:E4:19:B8:40:E4:09:A0:E2:1F:5A:13:32:B7:D7:65:
  • 05:9F:39:E8:AC:02:21:00:AC:7A:D8:5D:FD:03:F8:B8:
  • 7D:73:56:4C:DF:88:55:D0:0A:DE:E5:B9:89:BE:82:2A:
  • 30:64:7F:D7:B0:20:71:8F

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name Options DNSSEC Matches
_25._tcp.mailsrv.heimnetze.org
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid