SSL check results of lab.grohcs.de

NEW You can also bulk check multiple servers.

Discover if the mail servers for lab.grohcs.de can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

Report created Tue, 07 Jul 2026 00:31:06 +0000

The mailservers of lab.grohcs.de can be reached through a secure connection.

Servers

Incoming Mails

These servers are responsible for incoming mails to @lab.grohcs.de addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
mx1.lab.grohcs.de
185.66.237.73
10
supported
mx1.lab.grohcs.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
2 s
mx2.lab.grohcs.de
185.66.237.74
10
supported
mx2.lab.grohcs.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
2 s

Outgoing Mails

We have not received any emails from a @lab.grohcs.de address so far. Test mail delivery

Certificates

First seen at:

CN=mx1.lab.grohcs.de

Certificate chain
  • mx1.lab.grohcs.de
    • remaining
    • 256 bit
    • ecdsa-with-SHA384

      • YE1
        • remaining
        • 384 bit
        • ecdsa-with-SHA384

          • Root YE
            • remaining
            • 384 bit
            • ecdsa-with-SHA384

              • ISRG Root X2 (Certificate is self-signed.)
                • remaining
                • 384 bit
                • ecdsa-with-SHA384

Subject
Common Name (CN)
  • mx1.lab.grohcs.de
Alternative Names
  • mx1.lab.grohcs.de
Issuer
Country (C)
  • US
Organization (O)
  • Let's Encrypt
Common Name (CN)
  • YE1
validity period
Not valid before
2026-07-02
Not valid after
2026-09-30
This certifcate has been verified for the following usages:
  • Digital Signature
  • TLS Web Server Authentication
Fingerprints
SHA256
D0:88:F8:6F:01:4E:9B:58:EC:40:4D:D3:1E:AE:73:1E:CC:E0:64:68:B0:8C:15:F6:E8:6C:E1:1D:9F:7F:3E:83
SHA1
B2:1F:4B:50:7A:05:34:0F:0F:DE:8A:93:F3:D8:28:B8:55:24:DE:0A
X509v3 extensions
subjectKeyIdentifier
  • 6D:ED:DB:A7:5C:97:05:0A:CB:BC:05:5A:3C:A7:A8:71:8C:B6:38:3F
authorityKeyIdentifier
  • keyid:BB:20:CA:47:0B:FE:D7:E5:9C:F9:8F:09:2A:A3:8C:37:45:B1:BC:D8
authorityInfoAccess
  • CA Issuers - URI:http://ye1.i.lencr.org/
certificatePolicies
  • Policy: 2.23.140.1.2.1
crlDistributionPoints
  • Full Name:
  • URI:http://ye1.c.lencr.org/15.crl
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : D8:09:55:3B:94:4F:7A:FF:C8:16:19:6F:94:4F:85:AB:
  • B0:F8:FC:5E:87:55:26:0F:15:D1:2E:72:BB:45:4B:14
  • Timestamp : Jul 2 06:52:28.105 2026 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:20:62:FD:04:33:EE:DA:5C:D2:35:27:EC:63:
  • E2:38:9C:F7:F3:4B:E9:76:27:E0:2F:28:75:C9:7B:A9:
  • CF:BA:12:38:02:21:00:CB:71:17:59:C2:26:5B:C2:EA:
  • 07:74:93:3F:3D:65:2E:E4:3C:7E:B8:2E:E4:D4:DF:F9:
  • 0D:33:B9:B0:ED:54:1D
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : A8:26:CB:E3:0A:C6:35:12:46:53:3F:E0:65:F1:4F:19:
  • D9:6E:19:08:13:C4:1D:D9:6D:79:00:B3:12:3C:55:27
  • Timestamp : Jul 2 06:52:28.288 2026 GMT
  • Extensions: 00:00:05:00:12:03:50:37
  • Signature : ecdsa-with-SHA256
  • 30:45:02:20:1A:4F:94:8A:00:01:E4:41:9F:F8:EA:83:
  • 98:0F:FC:BE:8F:44:6F:9F:B2:68:E6:BF:4B:67:F8:48:
  • A3:0A:A5:79:02:21:00:82:03:38:FD:14:A9:86:54:EB:
  • E9:D3:28:6D:9F:A2:FB:0C:74:DD:68:A8:8B:3C:3C:87:
  • 06:74:4E:C6:41:9B:A2
First seen at:

CN=mx2.lab.grohcs.de

Certificate chain
  • mx2.lab.grohcs.de
    • remaining
    • 256 bit
    • ecdsa-with-SHA384

      • YE2
        • remaining
        • 384 bit
        • ecdsa-with-SHA384

          • Root YE
            • remaining
            • 384 bit
            • ecdsa-with-SHA384

              • ISRG Root X2 (Certificate is self-signed.)
                • remaining
                • 384 bit
                • ecdsa-with-SHA384

Subject
Common Name (CN)
  • mx2.lab.grohcs.de
Alternative Names
  • mx2.lab.grohcs.de
Issuer
Country (C)
  • US
Organization (O)
  • Let's Encrypt
Common Name (CN)
  • YE2
validity period
Not valid before
2026-07-02
Not valid after
2026-09-30
This certifcate has been verified for the following usages:
  • Digital Signature
  • TLS Web Server Authentication
Fingerprints
SHA256
1F:E9:CF:7E:3F:B5:40:8F:9E:19:5A:83:35:22:B8:D3:0A:87:11:13:4B:F8:08:1C:50:63:7B:6F:AD:C2:7B:57
SHA1
C7:66:05:55:CB:D6:40:09:8A:D5:98:73:3D:7E:99:D7:43:CF:13:2E
X509v3 extensions
subjectKeyIdentifier
  • FC:F3:62:96:52:81:31:A7:05:3D:76:AB:19:99:BB:DB:0F:BD:45:6D
authorityKeyIdentifier
  • keyid:B9:59:F2:8E:CF:22:F0:86:D3:37:48:FF:76:14:18:BA:82:D8:55:87
authorityInfoAccess
  • CA Issuers - URI:http://ye2.i.lencr.org/
certificatePolicies
  • Policy: 2.23.140.1.2.1
crlDistributionPoints
  • Full Name:
  • URI:http://ye2.c.lencr.org/4.crl
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : D8:09:55:3B:94:4F:7A:FF:C8:16:19:6F:94:4F:85:AB:
  • B0:F8:FC:5E:87:55:26:0F:15:D1:2E:72:BB:45:4B:14
  • Timestamp : Jul 2 06:52:41.416 2026 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:44:02:20:16:8C:E2:81:F2:D1:A6:EF:1C:C8:6C:96:
  • 93:E3:25:13:9D:AF:40:34:30:2C:71:C4:E9:84:D4:DB:
  • 5D:E6:85:62:02:20:75:F0:7F:2B:17:EC:A1:1E:8C:A9:
  • 1A:F5:FF:22:11:16:3C:7A:B3:0E:F1:E3:AF:5C:91:3F:
  • C7:62:9F:B3:50:B3
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 26:E3:64:6E:58:69:21:23:BC:34:3F:47:24:35:9B:37:
  • 92:CD:24:5A:88:D8:15:D3:93:33:FD:99:18:AB:47:23
  • Timestamp : Jul 2 06:52:40.907 2026 GMT
  • Extensions: 00:00:05:00:24:75:1E:8F
  • Signature : ecdsa-with-SHA256
  • 30:45:02:20:23:6D:39:ED:CA:2F:1F:D2:05:18:30:0F:
  • B9:6D:2B:0D:78:97:6D:5A:81:7E:08:9B:36:1B:BF:87:
  • FA:40:54:0F:02:21:00:EA:3A:C8:4D:00:D9:77:E2:0D:
  • 25:AB:4A:48:98:25:AE:0A:44:DE:B7:88:8D:96:F6:0C:
  • 19:DA:52:04:65:BF:8E

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name Options DNSSEC Matches
_25._tcp.mx1.lab.grohcs.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid
_25._tcp.mx1.lab.grohcs.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
_25._tcp.mx2.lab.grohcs.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
_25._tcp.mx2.lab.grohcs.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid