SSL-Tools

SSL check results of koppelaar.org

NEW You can also bulk check multiple servers.

Discover if the mail servers for koppelaar.org can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON Refresh

Report created Sat, 27 Apr 2024 14:12:40 +0000

The mailservers of koppelaar.org can be reached through a secure connection.

Servers

Incoming Mails

These servers are responsible for incoming mails to @koppelaar.org addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
mail3.koppelaar.org
2a0d:6e00:627::250:56ff:feb2:d3e8
 10
supported
*.koppelaar.org
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
2 s
mail3.koppelaar.org
185.229.55.29
 10
supported
*.koppelaar.org
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
2 s

Outgoing Mails

We have not received any emails from a @koppelaar.org address so far. Test mail delivery

Certificates

First seen at:

CN=*.koppelaar.org

Certificate chain
  • *.koppelaar.org
    • remaining
    • 2048 bit
    • sha256WithRSAEncryption
      • R3
        • remaining
        • 2048 bit
        • sha256WithRSAEncryption
          • ISRG Root X1 (Certificate is self-signed.)
            • remaining
            • 4096 bit
            • sha256WithRSAEncryption
Subject
Common Name (CN)
  • *.koppelaar.org
Alternative Names
  • *.koppelaar.org
  • koppelaar.org
Issuer
Country (C)
  • US
Organization (O)
  • Let's Encrypt
Common Name (CN)
  • R3
validity period
Not valid before
2024-04-04
Not valid after
2024-07-03
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
CD:D4:F1:D2:C2:BB:64:2C:73:CD:08:74:6A:EC:5A:ED:6E:75:E1:82:2A:F4:AE:2D:BF:47:05:8A:35:15:4D:29
SHA1
F2:2B:1E:78:29:C1:17:D7:45:9E:CB:16:69:F7:B4:92:D9:EB:D7:06
X509v3 extensions
subjectKeyIdentifier
  • 3C:C7:51:A3:F6:DD:91:94:93:03:E6:9B:6D:6E:A8:4C:58:42:E0:1F
authorityKeyIdentifier
  • keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
authorityInfoAccess
  • OCSP - URI:http://r3.o.lencr.org
  • CA Issuers - URI:http://r3.i.lencr.org/
certificatePolicies
  • Policy: 2.23.140.1.2.1
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 19:98:10:71:09:F0:D6:52:2E:30:80:D2:9E:3F:64:BB:
  • 83:6E:28:CC:F9:0F:52:8E:EE:DF:CE:4A:3F:16:B4:CA
  • Timestamp : Apr 4 05:46:25.392 2024 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:20:4B:03:18:68:68:DB:82:5F:5A:A9:CC:A2:
  • D5:98:F6:E3:9E:A0:B5:11:20:EA:0A:2B:FD:C2:EA:B6:
  • E7:E4:45:0E:02:21:00:CB:BF:11:A6:4D:73:BE:5E:58:
  • 59:FA:A0:D9:DC:B9:9E:E1:B5:09:2C:21:3D:73:BA:9B:
  • 18:3D:B5:8E:47:B1:4F
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 48:B0:E3:6B:DA:A6:47:34:0F:E5:6A:02:FA:9D:30:EB:
  • 1C:52:01:CB:56:DD:2C:81:D9:BB:BF:AB:39:D8:84:73
  • Timestamp : Apr 4 05:46:25.360 2024 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:20:50:CE:FA:4E:A8:B4:7F:D2:14:DE:95:3F:
  • 4A:1F:F9:47:7C:AC:01:E0:5C:0C:0E:16:4C:79:4B:71:
  • 3C:97:22:F1:02:21:00:ED:4A:99:72:65:8E:50:1B:3D:
  • 8F:88:F5:B7:C4:C3:F1:A1:29:73:F0:CE:96:8B:44:35:
  • 63:12:7D:4F:A3:D1:B6

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name Options DNSSEC Matches
_25._tcp.mail3.koppelaar.org
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid