SSL-Tools

SSL check results of root-servers.cz

NEW You can also bulk check multiple servers.

Discover if the mail servers for root-servers.cz can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON Refresh

Report created Sun, 10 May 2026 08:32:30 +0000

The mailservers of root-servers.cz can be reached through a secure connection.

Servers

Incoming Mails

These servers are responsible for incoming mails to @root-servers.cz addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
wedos.root-servers.cz
2a02:2b88:6:52e0::777
 0
supported
root-servers.cz
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
12 s
wedos.root-servers.cz
31.31.74.35
 0
supported
root-servers.cz
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
13 s

Outgoing Mails

We have not received any emails from a @root-servers.cz address so far. Test mail delivery

Certificates

First seen at:

CN=root-servers.cz

Certificate chain
  • root-servers.cz
    • remaining
    • 2048 bit
    • sha256WithRSAEncryption
      • R13
        • remaining
        • 2048 bit
        • sha256WithRSAEncryption
          • ISRG Root X1 (Certificate is self-signed.)
            • remaining
            • 4096 bit
            • sha256WithRSAEncryption
Subject
Common Name (CN)
  • root-servers.cz
Alternative Names
  • mta-sts.root-servers.cz
  • root-servers.cz
  • wedos.root-servers.cz
  • www.root-servers.cz
Issuer
Country (C)
  • US
Organization (O)
  • Let's Encrypt
Common Name (CN)
  • R13
validity period
Not valid before
2026-05-10
Not valid after
2026-08-08
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
Fingerprints
SHA256
BF:BB:E6:87:74:E0:CE:9E:73:D0:9E:7D:0B:0C:D2:61:B5:15:E4:02:B3:66:60:48:BF:39:84:98:33:8F:51:CB
SHA1
7C:43:E5:E3:83:FF:AC:BA:3C:13:9E:6C:18:E2:96:30:E8:4E:2B:DD
X509v3 extensions
subjectKeyIdentifier
  • D0:B5:22:39:47:88:19:BB:20:9E:8F:0B:8C:2C:AD:ED:F2:78:2B:02
authorityKeyIdentifier
  • keyid:E7:AB:9F:0F:2C:33:A0:53:D3:5E:4F:78:C8:B2:84:0E:3B:D6:92:33
authorityInfoAccess
  • CA Issuers - URI:http://r13.i.lencr.org/
certificatePolicies
  • Policy: 2.23.140.1.2.1
crlDistributionPoints
  • Full Name:
  • URI:http://r13.c.lencr.org/84.crl
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : AF:67:88:3B:57:B0:4E:DD:8F:A6:D9:7E:F6:2E:A8:EB:
  • 81:0A:C7:71:60:F0:24:5E:55:D6:0C:2F:E7:85:87:3A
  • Timestamp : May 10 02:19:49.886 2026 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:20:49:75:43:29:6B:D8:98:05:2A:EA:4C:08:
  • 60:76:BC:10:8A:4F:37:8D:72:A9:C9:E3:EB:F5:B9:3F:
  • 86:4C:42:58:02:21:00:C7:D2:D9:F7:8E:DC:E9:54:2D:
  • 53:6B:62:39:28:0F:77:DC:26:63:47:0F:6F:25:5C:9D:
  • 98:8F:BC:07:BF:E5:57
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 6C:FE:50:19:43:A8:5E:A9:16:BC:52:D1:33:E4:DC:C9:
  • 1E:F1:41:1C:7D:25:84:20:D1:73:80:9E:18:18:EB:3A
  • Timestamp : May 10 02:19:50.150 2026 GMT
  • Extensions: 00:00:05:00:0A:C8:E0:C5
  • Signature : ecdsa-with-SHA256
  • 30:46:02:21:00:FE:C0:BA:28:38:6E:27:FF:3E:AD:7B:
  • EF:18:B9:13:4C:EA:93:25:60:55:E4:81:8D:AB:9E:ED:
  • 46:8A:4D:80:AC:02:21:00:FA:C5:C8:CC:B7:BF:CE:A9:
  • D4:7E:73:CF:A4:C0:AF:B6:58:DB:3A:91:C3:FF:99:A8:
  • FD:20:BA:2E:D2:D5:74:4F

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name Options DNSSEC Matches
_25._tcp.wedos.root-servers.cz
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid