SSL-Tools

SSL check results of ns4.jth.net

NEW You can also bulk check multiple servers.

Discover if the mail servers for ns4.jth.net can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON Refresh

Report created Sun, 10 Aug 2025 00:30:43 +0000

We can not guarantee a secure connection to the mailservers of ns4.jth.net!

Please contact the operator of ns4.jth.net and ask him or her to solve this problem. This result stays accessible under the following address:

/mailservers/ns4.jth.net

Servers

Incoming Mails

These servers are responsible for incoming mails to @ns4.jth.net addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
ns4.jth.net
2a06:4004:b026::1
 10
supported
ns4.jth.net
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
2 s
ns4.jth.net
185.233.252.195
 10
supported
ns4.jth.net
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
2 s
jylland6.jth.net
2a06:4005:8003::2
 15
supported
jth.net
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • SSLv3
2 s
jylland6.jth.net
212.237.178.27
 15
supported
jth.net
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • SSLv3
2 s
mail.jth.net
2a06:4005:8003::2
Results incomplete
20
unsupported
not checked
DANE
errors
PFS
not checked
Heartbleed
not checked
Weak ciphers
not checked
11 s
mail.jth.net
212.237.178.27
Results incomplete
20
unsupported
not checked
DANE
errors
PFS
not checked
Heartbleed
not checked
Weak ciphers
not checked
11 s

Outgoing Mails

We have not received any emails from a @ns4.jth.net address so far. Test mail delivery

Certificates

First seen at:

CN=ns4.jth.net

Certificate chain
  • ns4.jth.net
    • remaining
    • 2048 bit
    • sha256WithRSAEncryption
      • R11
        • remaining
        • 2048 bit
        • sha256WithRSAEncryption
          • ISRG Root X1 (Certificate is self-signed.)
            • remaining
            • 4096 bit
            • sha256WithRSAEncryption
Subject
Common Name (CN)
  • ns4.jth.net
Alternative Names
  • jylland.jth.net
  • ns4.jth.net
Issuer
Country (C)
  • US
Organization (O)
  • Let's Encrypt
Common Name (CN)
  • R11
validity period
Not valid before
2025-07-28
Not valid after
2025-10-26
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
7E:10:1A:C2:E6:36:AF:87:C1:0B:D1:1D:2E:39:52:AB:84:3B:F4:F8:ED:ED:4D:88:99:1C:C7:6B:BC:30:31:B3
SHA1
4E:F5:27:A5:7F:A4:6E:94:C1:24:9F:F0:49:EE:C2:F5:9B:FA:62:E8
X509v3 extensions
subjectKeyIdentifier
  • 72:8E:D9:1E:9D:AB:BE:23:77:F7:BD:9F:86:4B:CE:DE:75:1C:FE:AC
authorityKeyIdentifier
  • keyid:C5:CF:46:A4:EA:F4:C3:C0:7A:6C:95:C4:2D:B0:5E:92:2F:26:E3:B9
authorityInfoAccess
  • CA Issuers - URI:http://r11.i.lencr.org/
certificatePolicies
  • Policy: 2.23.140.1.2.1
crlDistributionPoints
  • Full Name:
  • URI:http://r11.c.lencr.org/48.crl
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : DD:DC:CA:34:95:D7:E1:16:05:E7:95:32:FA:C7:9F:F8:
  • 3D:1C:50:DF:DB:00:3A:14:12:76:0A:2C:AC:BB:C8:2A
  • Timestamp : Jul 28 05:10:57.990 2025 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:20:75:A9:2B:7E:21:03:84:53:60:62:7A:F0:
  • 10:B7:94:95:8A:F4:EC:9D:E6:A6:70:19:87:93:7A:E9:
  • 83:EC:10:3E:02:21:00:EA:EF:AE:FA:95:E1:AD:F4:6F:
  • BD:99:98:29:EE:D3:52:F0:85:86:7D:6F:E7:78:97:F8:
  • 44:BD:C2:1B:6A:74:87
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 0D:E1:F2:30:2B:D3:0D:C1:40:62:12:09:EA:55:2E:FC:
  • 47:74:7C:B1:D7:E9:30:EF:0E:42:1E:B4:7E:4E:AA:34
  • Timestamp : Jul 28 05:10:59.915 2025 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:21:00:D1:0F:00:B9:F1:97:66:DD:BA:92:E9:
  • D2:0E:EA:E4:47:38:AB:AB:E2:8C:1F:03:EE:54:AB:08:
  • 6B:CD:81:9D:29:02:20:2A:9A:2E:76:E3:9A:C0:C4:AB:
  • 91:8A:FD:87:FE:DE:CB:F7:A0:4F:03:05:77:A5:97:90:
  • CF:B7:CD:BD:24:B8:09
First seen at:

CN=jth.net

Certificate chain
  • jth.net
    • remaining
    • 2048 bit
    • sha256WithRSAEncryption
    • Hostname Mismatch
      • R11
        • remaining
        • 2048 bit
        • sha256WithRSAEncryption
          • ISRG Root X1 (Certificate is self-signed.)
            • remaining
            • 4096 bit
            • sha256WithRSAEncryption
Subject
Common Name (CN)
  • jth.net
Alternative Names
  • domregistry.eu
  • jth.net
  • mail.jth.net
  • mail6.jth.net
  • www.domregistry.eu
  • www.jth.net
Issuer
Country (C)
  • US
Organization (O)
  • Let's Encrypt
Common Name (CN)
  • R11
validity period
Not valid before
2025-07-28
Not valid after
2025-10-26
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
28:5C:5F:54:A3:9C:43:FD:27:44:21:85:66:7D:1A:32:BD:8F:9E:1B:70:5B:B3:A0:89:86:14:82:E3:05:89:90
SHA1
30:8C:26:46:06:63:3B:28:11:4D:B8:67:3E:73:5E:02:6D:60:A6:E1
X509v3 extensions
subjectKeyIdentifier
  • BC:7C:1F:78:29:0C:42:20:1A:0F:10:77:11:07:AC:E1:6C:47:D0:0E
authorityKeyIdentifier
  • keyid:C5:CF:46:A4:EA:F4:C3:C0:7A:6C:95:C4:2D:B0:5E:92:2F:26:E3:B9
authorityInfoAccess
  • CA Issuers - URI:http://r11.i.lencr.org/
certificatePolicies
  • Policy: 2.23.140.1.2.1
crlDistributionPoints
  • Full Name:
  • URI:http://r11.c.lencr.org/59.crl
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : DD:DC:CA:34:95:D7:E1:16:05:E7:95:32:FA:C7:9F:F8:
  • 3D:1C:50:DF:DB:00:3A:14:12:76:0A:2C:AC:BB:C8:2A
  • Timestamp : Jul 28 04:09:56.677 2025 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:20:3B:D9:FB:A7:3F:D6:25:0C:E1:E8:07:BD:
  • 23:9A:EC:6D:B5:CF:26:6E:20:C4:53:B4:91:35:26:86:
  • 55:84:25:7E:02:21:00:CC:AD:3D:D0:FD:E2:3D:A9:57:
  • 98:CB:C6:6F:6A:E8:4A:F0:5B:99:BA:56:14:61:A0:A2:
  • 3B:50:2D:F0:98:67:7C
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : AF:18:1A:28:D6:8C:A3:E0:A9:8A:4C:9C:67:AB:09:F8:
  • BB:BC:22:BA:AE:BC:B1:38:A3:A1:9D:D3:F9:B6:03:0D
  • Timestamp : Jul 28 04:09:56.676 2025 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:46:02:21:00:98:32:11:7C:28:FD:55:24:AE:9C:09:
  • 96:50:54:02:EB:B1:4F:02:7F:29:59:73:D0:30:7E:27:
  • 6D:19:5C:43:86:02:21:00:D6:76:18:07:35:77:D8:EE:
  • FC:9A:CC:53:40:5F:4A:F3:98:C0:80:6C:23:49:27:30:
  • 66:07:AE:C3:34:E3:10:50

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name Options DNSSEC Matches
_25._tcp.mail.jth.net
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
_25._tcp.mail.jth.net
  • DANE-TA: Trust Anchor Assertion
  • Use subject public key
  • SHA-256 Hash
valid
_25._tcp.ns4.jth.net
  • DANE-TA: Trust Anchor Assertion
  • Use subject public key
  • SHA-256 Hash
valid
_25._tcp.ns4.jth.net
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid