SSL-Tools

SSL check results of kirche-hettenhausen.de

NEW You can also bulk check multiple servers.

Discover if the mail servers for kirche-hettenhausen.de can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON Refresh

Report created Fri, 05 Dec 2025 01:30:37 +0000

The mailservers of kirche-hettenhausen.de can be reached through a secure connection.

Servers

Incoming Mails

These servers are responsible for incoming mails to @kirche-hettenhausen.de addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
kirche-hettenhausen.de
2a03:4000:17:ea8:b4c6:8cff:fe9b:90f9
 10
supported
kirche-hettenhausen.de
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
1 s
kirche-hettenhausen.de
188.68.41.39
 10
supported
kirche-hettenhausen.de
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
2 s

Outgoing Mails

We have not received any emails from a @kirche-hettenhausen.de address so far. Test mail delivery

Certificates

First seen at:

CN=kirche-hettenhausen.de

Certificate chain
  • kirche-hettenhausen.de
    • remaining
    • 4096 bit
    • sha256WithRSAEncryption
      • R12
        • remaining
        • 2048 bit
        • sha256WithRSAEncryption
          • ISRG Root X1 (Certificate is self-signed.)
            • remaining
            • 4096 bit
            • sha256WithRSAEncryption
Subject
Common Name (CN)
  • kirche-hettenhausen.de
Alternative Names
  • kirche-hettenhausen.de
Issuer
Country (C)
  • US
Organization (O)
  • Let's Encrypt
Common Name (CN)
  • R12
validity period
Not valid before
2025-11-29
Not valid after
2026-02-27
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
D0:5D:37:A7:7F:20:3B:11:9F:48:75:03:A2:37:48:B4:D5:62:B0:91:94:67:10:41:11:A3:02:BB:28:CE:3A:80
SHA1
7B:79:5C:06:B5:15:3B:3C:A8:8F:44:3D:9A:49:56:E7:23:18:07:D5
X509v3 extensions
subjectKeyIdentifier
  • C3:22:D5:9B:AF:D8:00:48:E9:06:93:DF:74:FC:5D:F8:27:DF:A6:6F
authorityKeyIdentifier
  • keyid:00:B5:29:F2:2D:8E:6F:31:E8:9B:4C:AD:78:3E:FA:DC:E9:0C:D1:D2
authorityInfoAccess
  • CA Issuers - URI:http://r12.i.lencr.org/
certificatePolicies
  • Policy: 2.23.140.1.2.1
crlDistributionPoints
  • Full Name:
  • URI:http://r12.c.lencr.org/48.crl
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : CB:38:F7:15:89:7C:84:A1:44:5F:5B:C1:DD:FB:C9:6E:
  • F2:9A:59:CD:47:0A:69:05:85:B0:CB:14:C3:14:58:E7
  • Timestamp : Nov 29 15:01:50.268 2025 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:46:02:21:00:94:0E:57:09:0F:FE:51:E1:40:23:4A:
  • 01:B1:55:B9:44:F0:8D:DA:F0:A2:48:49:F1:2F:11:1B:
  • DF:20:5B:CD:BB:02:21:00:99:B9:C5:A6:D8:D3:52:98:
  • 68:05:B6:61:8E:25:5D:AA:3A:BF:40:2F:14:AB:24:EC:
  • D4:07:6F:84:B6:F9:D2:D1
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 96:97:64:BF:55:58:97:AD:F7:43:87:68:37:08:42:77:
  • E9:F0:3A:D5:F6:A4:F3:36:6E:46:A4:3F:0F:CA:A9:C6
  • Timestamp : Nov 29 15:01:50.326 2025 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:46:02:21:00:8F:2C:20:82:10:ED:F0:FD:EE:12:12:
  • 37:B2:C2:0F:E3:45:0F:CF:9A:1A:7E:D8:22:B8:C9:09:
  • CF:82:99:8B:4F:02:21:00:CA:64:93:6E:F6:18:91:A1:
  • F8:38:27:75:E2:EF:33:BD:4D:90:27:10:F1:DA:A1:14:
  • 5F:5B:87:E5:4F:E8:42:56