SSL-Tools

SSL check results of posteo.fi

NEW You can also bulk check multiple servers.

Discover if the mail servers for posteo.fi can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON Refresh

Report created Mon, 18 Sep 2023 10:57:43 +0000

The mailservers of posteo.fi can be reached through a secure connection.

Servers

Incoming Mails

These servers are responsible for incoming mails to @posteo.fi addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
mx03.posteo.de
185.67.36.70
 10
supported
mx01.posteo.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
7 s
mx03.posteo.de
185.67.36.63
 10
supported
mx01.posteo.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
7 s
mx04.posteo.de
185.67.36.64
 10
supported
mx01.posteo.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
7 s
mx04.posteo.de
185.67.36.71
Results incomplete
10
supported
mx04.posteo.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
6 s
mx01.posteo.de
185.67.36.61
 10
supported
mx01.posteo.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
7 s
mx01.posteo.de
185.67.36.62
 10
supported
mx01.posteo.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
7 s

Outgoing Mails

We have not received any emails from a @posteo.fi address so far. Test mail delivery

Certificates

First seen at:

CN=mx01.posteo.de,O=Posteo e.K.,L=Berlin,ST=Berlin,C=DE,serialNumber=HRA 47592,businessCategory=Private Organization,jurisdictionL=Charlottenburg,jurisdictionST=Berlin,jurisdictionC=DE

Certificate chain
Subject
jurisdictionC
  • DE
jurisdictionST
  • Berlin
jurisdictionL
  • Charlottenburg
Business category
  • Private Organization
Serial number
  • HRA 47592
Country (C)
  • DE
State (ST)
  • Berlin
Locality (L)
  • Berlin
Organization (O)
  • Posteo e.K.
Common Name (CN)
  • mx01.posteo.de
Alternative Names
  • mx01.posteo.de
  • mx02.posteo.de
  • mx03.posteo.de
  • mx04.posteo.de
  • mxv6.posteo.de
Issuer
Country (C)
  • US
Organization (O)
  • DigiCert Inc
Organizational Unit (OU)
  • www.digicert.com
Common Name (CN)
  • GeoTrust EV RSA CA 2018
validity period
Not valid before
2022-09-07
Not valid after
2023-10-04
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
45:E8:C9:FB:AE:14:48:3B:3D:D6:CD:F6:E5:60:60:38:1D:70:17:0F:59:2B:0F:22:73:C6:CC:5E:1A:74:C2:CD
SHA1
C1:93:2F:F8:36:3B:26:87:CF:D0:00:13:30:5A:7F:2E:AD:4D:D7:B5
X509v3 extensions
authorityKeyIdentifier
  • keyid:CA:92:67:52:61:DE:AE:FC:BA:22:2B:7F:1C:87:4C:25:FB:6F:99:58
subjectKeyIdentifier
  • 53:F9:A5:12:7B:FE:E4:25:93:2A:C6:D3:71:C9:87:95:E3:34:AA:A6
crlDistributionPoints
  • Full Name:
  • URI:http://cdp.geotrust.com/GeoTrustEVRSACA2018.crl
certificatePolicies
  • Policy: 2.16.840.1.114412.2.1
  • Policy: 2.23.140.1.1
  • CPS: http://www.digicert.com/CPS
authorityInfoAccess
  • OCSP - URI:http://status.geotrust.com
  • CA Issuers - URI:http://cacerts.geotrust.com/GeoTrustEVRSACA2018.crt
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9:
  • 03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E
  • Timestamp : Sep 7 17:24:45.596 2022 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:21:00:81:83:78:51:61:82:09:6E:24:FF:A3:
  • F1:E0:63:A0:A5:BB:82:0E:59:A8:60:D7:BB:E7:2F:98:
  • 0F:56:BD:57:A1:02:20:71:F0:0A:D4:84:7B:99:26:12:
  • 67:FF:01:FC:9F:E8:00:89:AE:17:84:82:02:61:0A:90:
  • 95:EC:59:F5:DB:58:2C
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 35:CF:19:1B:BF:B1:6C:57:BF:0F:AD:4C:6D:42:CB:BB:
  • B6:27:20:26:51:EA:3F:E1:2A:EF:A8:03:C3:3B:D6:4C
  • Timestamp : Sep 7 17:24:45.643 2022 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:46:02:21:00:F7:BA:B6:2C:5B:D2:6A:0F:D8:2C:AC:
  • 41:E0:61:B0:F4:C1:D6:0C:E9:09:52:51:D6:B9:47:99:
  • 71:1F:E4:D8:19:02:21:00:DA:54:B3:62:69:6E:58:EB:
  • 09:04:92:BF:2C:2B:5B:75:B2:3C:A3:88:34:71:EC:4F:
  • F6:97:2F:10:04:2C:87:33
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : B3:73:77:07:E1:84:50:F8:63:86:D6:05:A9:DC:11:09:
  • 4A:79:2D:B1:67:0C:0B:87:DC:F0:03:0E:79:36:A5:9A
  • Timestamp : Sep 7 17:24:45.704 2022 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:21:00:8E:F4:2E:3C:30:6C:8D:BF:E2:ED:E2:
  • 5E:7C:F8:FD:02:B1:99:53:4A:D2:8F:80:4D:13:C6:59:
  • 4F:BD:0D:8E:F1:02:20:6A:9F:ED:CF:AF:C9:00:04:D8:
  • BC:15:0D:CF:48:54:E8:6E:8D:0A:B3:1F:78:11:70:1D:
  • 9A:E0:57:72:98:65:15
First seen at:

CN=mx04.posteo.de,O=Posteo e.K.,L=Berlin,ST=Berlin,C=DE,serialNumber=HRA 47592,businessCategory=Private Organization,jurisdictionL=Charlottenburg,jurisdictionST=Berlin,jurisdictionC=DE

Certificate chain
Subject
jurisdictionC
  • DE
jurisdictionST
  • Berlin
jurisdictionL
  • Charlottenburg
Business category
  • Private Organization
Serial number
  • HRA 47592
Country (C)
  • DE
State (ST)
  • Berlin
Locality (L)
  • Berlin
Organization (O)
  • Posteo e.K.
Common Name (CN)
  • mx04.posteo.de
Alternative Names
  • mx04.posteo.de
Issuer
Country (C)
  • US
Organization (O)
  • DigiCert Inc
Common Name (CN)
  • GeoTrust EV RSA CA G2
validity period
Not valid before
2023-06-19
Not valid after
2023-12-15
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
C9:94:47:A8:83:A1:32:2E:7A:A9:33:0E:4C:B5:44:8D:89:1E:59:29:8A:1E:EE:CC:CA:4D:3A:17:D0:A5:D5:41
SHA1
AC:22:21:07:64:73:3F:D8:96:BE:8A:BF:A1:3E:3B:75:35:F1:57:B0
X509v3 extensions
authorityKeyIdentifier
  • keyid:28:D2:CF:EE:09:84:75:DD:B5:B2:B5:BF:3C:D5:A0:C6:73:88:5D:1F
subjectKeyIdentifier
  • D5:EC:26:80:58:95:B3:29:35:BB:C4:6C:BA:6F:C0:8D:BC:40:C5:4E
crlDistributionPoints
  • Full Name:
  • URI:http://crl3.digicert.com/GeoTrustEVRSACAG2.crl
  • Full Name:
  • URI:http://crl4.digicert.com/GeoTrustEVRSACAG2.crl
certificatePolicies
  • Policy: 2.16.840.1.114412.2.1
  • Policy: 2.23.140.1.1
  • CPS: http://www.digicert.com/CPS
authorityInfoAccess
  • OCSP - URI:http://ocsp.digicert.com
  • CA Issuers - URI:http://cacerts.digicert.com/GeoTrustEVRSACAG2.crt
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : E8:3E:D0:DA:3E:F5:06:35:32:E7:57:28:BC:89:6B:C9:
  • 03:D3:CB:D1:11:6B:EC:EB:69:E1:77:7D:6D:06:BD:6E
  • Timestamp : Jun 19 17:14:29.290 2023 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:20:42:59:BA:DD:C4:E9:82:62:02:7D:EF:45:
  • CE:24:12:82:F0:03:3E:D8:40:08:7A:15:39:F7:87:83:
  • 17:A9:8C:A4:02:21:00:AB:D7:29:22:D8:3D:F6:ED:30:
  • A9:5F:E2:A9:AE:8F:1E:E7:A0:E9:B0:42:56:F8:CC:0E:
  • 14:C5:E5:8B:2A:A0:00
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 7A:32:8C:54:D8:B7:2D:B6:20:EA:38:E0:52:1E:E9:84:
  • 16:70:32:13:85:4D:3B:D2:2B:C1:3A:57:A3:52:EB:52
  • Timestamp : Jun 19 17:14:29.298 2023 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:21:00:ED:66:B7:F4:B5:18:DA:7B:45:E8:CD:
  • CA:FF:FD:6D:6A:D6:F1:85:2D:2F:F3:1A:EC:EA:80:5B:
  • 42:A3:16:83:22:02:20:20:C3:29:AC:67:F9:C6:9B:F1:
  • 4A:AB:0E:F9:0B:0A:6C:4F:14:A7:D2:50:1F:1D:82:D2:
  • 01:BA:C2:C7:0D:C6:10
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : B7:3E:FB:24:DF:9C:4D:BA:75:F2:39:C5:BA:58:F4:6C:
  • 5D:FC:42:CF:7A:9F:35:C4:9E:1D:09:81:25:ED:B4:99
  • Timestamp : Jun 19 17:14:29.344 2023 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:46:02:21:00:B1:1F:5F:B2:30:70:25:EE:B3:70:56:
  • 62:A9:BA:24:C7:4A:09:B5:FD:E2:3D:44:CD:EF:C9:13:
  • 81:75:6A:9A:09:02:21:00:D4:43:3E:8C:E5:FE:57:23:
  • 4C:61:5E:CA:5C:65:7F:15:98:BA:E1:87:51:B8:35:FF:
  • 1B:1B:74:A3:26:BC:B0:1C

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name Options DNSSEC Matches
_25._tcp.mx03.posteo.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
_25._tcp.mx03.posteo.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid
_25._tcp.mx03.posteo.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
_25._tcp.mx04.posteo.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid
_25._tcp.mx04.posteo.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
_25._tcp.mx04.posteo.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
_25._tcp.mx04.posteo.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
_25._tcp.mx01.posteo.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
_25._tcp.mx01.posteo.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid
_25._tcp.mx01.posteo.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid