SSL-Tools

SSL check results of nausch.org

NEW You can also bulk check multiple servers.

Discover if the mail servers for nausch.org can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON Refresh

Report created Wed, 01 Nov 2023 10:12:07 +0000

No connection to the mailservers of nausch.org could be established.

Servers

Incoming Mails

These servers are responsible for incoming mails to @nausch.org addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
mx1.nausch.org
217.92.13.131
Results incomplete
10
supported
mx1.nausch.org
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
6 s
mx1.tachtler.net
88.217.171.167
Results incomplete
20
supported
not checked
DANE
errors
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
8 s

Outgoing Mails

We have not received any emails from a @nausch.org address so far. Test mail delivery

Certificates

First seen at:

CN=mx1.nausch.org

Certificate chain
Subject
Common Name (CN)
  • mx1.nausch.org
Alternative Names
  • mx1.nausch.org
Issuer
Country (C)
  • BE
Organization (O)
  • GlobalSign nv-sa
Common Name (CN)
  • AlphaSSL CA - SHA256 - G4
validity period
Not valid before
2023-03-29
Not valid after
2024-04-29
This certifcate has been verified for the following usages:
  • Digital Signature
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
40:71:DB:E3:C8:20:F4:D1:23:84:D3:BE:F2:78:A0:A1:15:36:B4:77:47:62:2C:19:6B:5F:9E:2B:A5:50:3E:88
SHA1
A5:FF:92:04:DB:96:59:49:A9:E6:A8:01:B0:D5:CA:61:FE:C4:AF:6B
X509v3 extensions
authorityInfoAccess
  • CA Issuers - URI:http://secure.globalsign.com/cacert/alphasslcasha256g4.crt
  • OCSP - URI:http://ocsp.globalsign.com/alphasslcasha256g4
certificatePolicies
  • Policy: 2.23.140.1.2.1
  • Policy: 1.3.6.1.4.1.4146.10.1.3
  • CPS: https://www.globalsign.com/repository/
crlDistributionPoints
  • Full Name:
  • URI:http://crl.globalsign.com/alphasslcasha256g4.crl
authorityKeyIdentifier
  • keyid:4F:CB:AC:A8:C2:EF:AB:DD:83:6F:6B:BF:CE:98:3D:5C:58:25:76:15
subjectKeyIdentifier
  • E0:A9:2F:8C:4B:12:8C:E1:E3:AD:9B:4E:D3:E5:AD:41:5B:B8:86:E4
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : EE:CD:D0:64:D5:DB:1A:CE:C5:5C:B7:9D:B4:CD:13:A2:
  • 32:87:46:7C:BC:EC:DE:C3:51:48:59:46:71:1F:B5:9B
  • Timestamp : Mar 29 17:23:41.389 2023 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:21:00:9A:E2:EB:A8:5C:DE:44:1A:CE:3F:0D:
  • 8C:10:80:10:0F:89:36:80:99:35:E2:BD:01:7A:55:CA:
  • E0:24:24:21:63:02:20:0C:F5:35:23:8C:A5:8A:3E:E0:
  • 7C:9C:7B:5B:45:D4:17:8C:53:9F:F7:C2:21:3B:DD:89:
  • 3A:E3:33:62:53:0C:C8
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 48:B0:E3:6B:DA:A6:47:34:0F:E5:6A:02:FA:9D:30:EB:
  • 1C:52:01:CB:56:DD:2C:81:D9:BB:BF:AB:39:D8:84:73
  • Timestamp : Mar 29 17:23:40.975 2023 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:21:00:E9:4D:A7:83:4E:62:D0:8F:AF:A0:E3:
  • 37:60:10:35:C1:F3:6B:FF:E3:5B:52:5D:E9:5F:8C:A3:
  • 52:E5:E2:6A:60:02:20:14:D2:E1:F6:05:A8:86:44:5D:
  • EF:C8:A5:CE:B8:06:1B:5F:A4:62:6F:16:17:0F:D4:19:
  • 1F:76:FE:7D:BE:18:CE
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : DA:B6:BF:6B:3F:B5:B6:22:9F:9B:C2:BB:5C:6B:E8:70:
  • 91:71:6C:BB:51:84:85:34:BD:A4:3D:30:48:D7:FB:AB
  • Timestamp : Mar 29 17:23:41.264 2023 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:20:63:75:D4:95:1E:82:D7:E8:18:DF:3A:C6:
  • 4D:53:35:DC:10:B6:E9:7D:DA:CA:C3:8F:B5:4D:33:32:
  • 0B:B0:69:76:02:21:00:D5:27:FC:A1:6D:5C:42:97:48:
  • 94:F0:BE:11:40:D8:A2:AA:3D:A9:6C:FB:36:6C:4A:32:
  • 17:BC:9D:F3:D6:66:2F

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name Options DNSSEC Matches
_25._tcp.mx1.tachtler.net
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
_25._tcp.mx1.nausch.org
  • DANE-EE: Domain Issued Certificate
  • Use full certificate
  • SHA-256 Hash
valid
valid
_25._tcp.mx1.nausch.org
  • DANE-EE: Domain Issued Certificate
  • Use full certificate
  • SHA-256 Hash
valid