SSL-Tools

SSL check results of hofheim.de

NEW You can also bulk check multiple servers.

Discover if the mail servers for hofheim.de can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON Refresh

Report created Thu, 16 Sep 2021 14:28:26 +0000

The mailservers of hofheim.de can be reached through a secure connection.

Servers

Incoming Mails

These servers are responsible for incoming mails to @hofheim.de addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
mx1sgie.ekom21.de
195.226.81.27
Results incomplete
10
supported
not checked
DANE
errors
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
1 s
mx2sgie.ekom21.de
62.156.249.27
 10
supported
*.ekom21.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • SSLv3
11 s
mx2skas.kgrz-ks.de
80.69.206.86
Results incomplete
20
supported
*.kgrz-ks.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
1 s
mx1skas.kgrz-ks.de
80.69.206.76
Results incomplete
20
supported
*.kgrz-ks.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
1 s

Outgoing Mails

We have not received any emails from a @hofheim.de address so far. Test mail delivery

Certificates

First seen at:

CN=*.ekom21.de,O=ekom21 - KGRZ Hessen K.d.oe.R.,OU=IT-Operations,L=Giessen,ST=Hessen,C=DE

Certificate chain
Subject
Country (C)
  • DE
State (ST)
  • Hessen
Locality (L)
  • Giessen
Organizational Unit (OU)
  • IT-Operations
Organization (O)
  • ekom21 - KGRZ Hessen K.d.oe.R.
Common Name (CN)
  • *.ekom21.de
Alternative Names
  • *.ekom21.de
  • ekom21.de
Issuer
Country (C)
  • BE
Organization (O)
  • GlobalSign nv-sa
Common Name (CN)
  • GlobalSign RSA OV SSL CA 2018
validity period
Not valid before
2021-04-27
Not valid after
2022-05-29
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
00:C8:3C:86:80:3B:60:A6:0E:6C:18:03:82:2D:32:DC:6A:26:C7:D0:1E:81:E7:85:80:FB:C5:D7:5F:2E:C6:3C
SHA1
4E:26:5A:E4:BC:0C:D5:11:B9:44:14:E2:BD:50:A5:89:13:00:25:1A
X509v3 extensions
authorityInfoAccess
  • CA Issuers - URI:http://secure.globalsign.com/cacert/gsrsaovsslca2018.crt
  • OCSP - URI:http://ocsp.globalsign.com/gsrsaovsslca2018
certificatePolicies
  • Policy: 1.3.6.1.4.1.4146.1.20
  • CPS: https://www.globalsign.com/repository/
  • Policy: 2.23.140.1.2.2
crlDistributionPoints
  • Full Name:
  • URI:http://crl.globalsign.com/gsrsaovsslca2018.crl
authorityKeyIdentifier
  • keyid:F8:EF:7F:F2:CD:78:67:A8:DE:6F:8F:24:8D:88:F1:87:03:02:B3:EB
subjectKeyIdentifier
  • B0:27:60:49:46:C7:ED:02:D7:EC:76:77:41:0A:9B:79:18:F8:FB:E2
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 6F:53:76:AC:31:F0:31:19:D8:99:00:A4:51:15:FF:77:
  • 15:1C:11:D9:02:C1:00:29:06:8D:B2:08:9A:37:D9:13
  • Timestamp : Apr 27 14:36:11.678 2021 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:21:00:A3:9B:36:4A:A3:8A:30:43:E1:23:7B:
  • FC:06:EC:98:70:ED:0F:FB:6F:FB:A0:25:E7:DF:66:3C:
  • 94:AE:58:97:AA:02:20:15:CE:35:3F:77:89:51:74:93:
  • 61:16:1A:04:A7:C9:6A:6A:44:1B:E1:62:34:BA:23:4E:
  • 86:6A:92:1B:90:08:C3
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 29:79:BE:F0:9E:39:39:21:F0:56:73:9F:63:A5:77:E5:
  • BE:57:7D:9C:60:0A:F8:F9:4D:5D:26:5C:25:5D:C7:84
  • Timestamp : Apr 27 14:36:11.979 2021 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:44:02:20:58:BD:B1:47:5C:56:CF:36:01:E9:2F:53:
  • 82:8E:E0:90:23:5B:47:8A:B8:94:49:6B:A2:5E:FA:62:
  • DD:18:AE:A8:02:20:5D:9F:60:07:4C:6D:BA:E6:9D:50:
  • B0:ED:52:40:CD:EE:34:08:E0:59:33:93:71:E3:29:19:
  • 66:89:F8:D9:0E:A0
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 55:81:D4:C2:16:90:36:01:4A:EA:0B:9B:57:3C:53:F0:
  • C0:E4:38:78:70:25:08:17:2F:A3:AA:1D:07:13:D3:0C
  • Timestamp : Apr 27 14:36:11.980 2021 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:20:57:8B:04:4B:27:1D:17:8D:62:C6:E8:6C:
  • E3:A6:97:35:27:E5:11:3D:CD:CD:9E:AF:3C:61:ED:2E:
  • 8A:C6:19:9C:02:21:00:B0:B5:36:86:C3:0B:43:F8:4D:
  • 86:1D:EC:FC:8E:D7:68:DB:F7:D3:56:32:D4:08:1E:75:
  • 41:2A:71:A2:83:98:84
First seen at:

CN=*.kgrz-ks.de,O=ekom21 - KGRZ Hessen K.d.oe.R.,OU=IT-Operations,L=Giessen,ST=Hessen,C=DE

Certificate chain
Subject
Country (C)
  • DE
State (ST)
  • Hessen
Locality (L)
  • Giessen
Organizational Unit (OU)
  • IT-Operations
Organization (O)
  • ekom21 - KGRZ Hessen K.d.oe.R.
Common Name (CN)
  • *.kgrz-ks.de
Alternative Names
  • *.kgrz-ks.de
  • kgrz-ks.de
Issuer
Country (C)
  • BE
Organization (O)
  • GlobalSign nv-sa
Common Name (CN)
  • GlobalSign RSA OV SSL CA 2018
validity period
Not valid before
2019-08-15
Not valid after
2021-09-24
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
F8:31:6C:0A:F7:48:22:EE:E7:C1:C3:16:9F:41:B6:76:C5:A8:5B:D2:70:0F:04:5A:D3:17:6A:67:4A:F3:37:12
SHA1
5F:B0:49:07:3B:93:06:D8:B5:4B:5D:1B:46:EE:2E:44:30:29:F8:4B
X509v3 extensions
authorityInfoAccess
  • CA Issuers - URI:http://secure.globalsign.com/cacert/gsrsaovsslca2018.crt
  • OCSP - URI:http://ocsp.globalsign.com/gsrsaovsslca2018
certificatePolicies
  • Policy: 1.3.6.1.4.1.4146.1.20
  • CPS: https://www.globalsign.com/repository/
  • Policy: 2.23.140.1.2.2
crlDistributionPoints
  • Full Name:
  • URI:http://crl.globalsign.com/gsrsaovsslca2018.crl
authorityKeyIdentifier
  • keyid:F8:EF:7F:F2:CD:78:67:A8:DE:6F:8F:24:8D:88:F1:87:03:02:B3:EB
subjectKeyIdentifier
  • 2E:9E:E9:8B:BA:2F:A2:7D:66:0E:E0:DB:65:B2:E0:85:81:1B:FF:BA
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : A4:B9:09:90:B4:18:58:14:87:BB:13:A2:CC:67:70:0A:
  • 3C:35:98:04:F9:1B:DF:B8:E3:77:CD:0E:C8:0D:DC:10
  • Timestamp : Aug 15 10:11:05.148 2019 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:44:02:20:09:B7:1C:58:3C:C7:A6:16:2B:A2:AD:8F:
  • BF:5D:9D:03:BE:C8:E9:E6:4B:EE:A4:5F:A4:95:46:EA:
  • 8A:73:FE:84:02:20:15:A7:A3:A6:51:2F:B8:C0:B4:1A:
  • 3B:BF:40:22:AA:22:94:C5:AB:A9:50:7F:19:0B:87:D8:
  • 8A:7C:E0:6C:B6:19
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 5C:DC:43:92:FE:E6:AB:45:44:B1:5E:9A:D4:56:E6:10:
  • 37:FB:D5:FA:47:DC:A1:73:94:B2:5E:E6:F6:C7:0E:CA
  • Timestamp : Aug 15 10:11:04.271 2019 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:46:02:21:00:B8:D0:6C:40:5E:A4:BD:D9:EB:A9:B7:
  • 24:05:04:84:21:8C:50:86:90:58:3E:4D:DA:E3:97:DA:
  • D6:C4:90:A4:16:02:21:00:DC:DF:CE:AD:0A:9B:3C:F3:
  • E5:9E:26:3C:3A:3B:19:6D:59:79:AE:C7:FC:19:1C:B3:
  • 4B:6D:CC:CF:C3:5A:3E:04
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 87:75:BF:E7:59:7C:F8:8C:43:99:5F:BD:F3:6E:FF:56:
  • 8D:47:56:36:FF:4A:B5:60:C1:B4:EA:FF:5E:A0:83:0F
  • Timestamp : Aug 15 10:11:05.010 2019 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:44:02:20:21:41:85:B9:1D:59:C9:A7:2B:A2:BF:14:
  • 4B:4D:A2:D9:73:06:59:01:C7:2B:BA:58:7B:99:6E:C2:
  • A6:28:A9:BB:02:20:6E:0D:D8:02:74:6F:70:65:69:8C:
  • BF:F8:52:62:7B:27:A7:9F:F2:65:C0:4F:D2:BE:57:36:
  • 9F:6C:4F:FB:D3:F2

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name Options DNSSEC Matches
_25._tcp.mx1sgie.ekom21.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
_25._tcp.mx2sgie.ekom21.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid
_25._tcp.mx1skas.kgrz-ks.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid
_25._tcp.mx2skas.kgrz-ks.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid