SSL-Tools

SSL check results of wkgt.com

NEW You can also bulk check multiple servers.

Discover if the mail servers for wkgt.com can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON Refresh

Report created Thu, 23 Sep 2021 12:10:44 +0000

The mailservers of wkgt.com can be reached through a secure connection.

Servers

Incoming Mails

These servers are responsible for incoming mails to @wkgt.com addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
mail.merger.de
2003:4b:e044::8
 10
supported
*.merger.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
2 s
mail.merger.de
62.159.64.65
 10
supported
*.merger.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
2 s
mail2.merger.de
2001:1900:5:2:2::56a
 20
supported
*.merger.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
2 s
mail2.merger.de
212.162.30.82
 20
supported
*.merger.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
2 s

Outgoing Mails

We have not received any emails from a @wkgt.com address so far. Test mail delivery

Certificates

First seen at:

CN=*.merger.de,OU=Domain Control Validated

Certificate chain
Subject
Organizational Unit (OU)
  • Domain Control Validated
Common Name (CN)
  • *.merger.de
Alternative Names
  • *.merger.de
  • merger.de
Issuer
Country (C)
  • US
State (ST)
  • Arizona
Locality (L)
  • Scottsdale
Organization (O)
  • Starfield Technologies, Inc.
Organizational Unit (OU)
  • http://certs.starfieldtech.com/repository/
Common Name (CN)
  • Starfield Secure Certificate Authority - G2
validity period
Not valid before
2021-04-26
Not valid after
2022-05-26
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
1A:84:80:4E:CF:D0:59:FD:D2:A2:72:94:19:CF:39:28:4D:B3:42:DD:27:C9:AE:2B:2C:36:86:5F:2B:3A:49:0D
SHA1
2A:E7:5C:E8:D3:7A:64:28:FB:2C:04:9A:26:3D:67:0E:D4:1F:09:F2
X509v3 extensions
crlDistributionPoints
  • Full Name:
  • URI:http://crl.starfieldtech.com/sfig2s1-298.crl
certificatePolicies
  • Policy: 2.16.840.1.114414.1.7.23.1
  • CPS: http://certificates.starfieldtech.com/repository/
  • Policy: 2.23.140.1.2.1
authorityInfoAccess
  • OCSP - URI:http://ocsp.starfieldtech.com/
  • CA Issuers - URI:http://certificates.starfieldtech.com/repository/sfig2.crt
authorityKeyIdentifier
  • keyid:25:45:81:68:50:26:38:3D:3B:2D:2C:BE:CD:6A:D9:B6:3D:B3:66:63
subjectKeyIdentifier
  • C8:A8:C1:C1:0D:6B:F6:DF:41:0F:24:8C:E0:C7:63:58:4C:2E:B2:8A
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 29:79:BE:F0:9E:39:39:21:F0:56:73:9F:63:A5:77:E5:
  • BE:57:7D:9C:60:0A:F8:F9:4D:5D:26:5C:25:5D:C7:84
  • Timestamp : Apr 26 10:50:26.681 2021 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:44:02:20:0E:9C:BD:85:2B:8E:EE:0F:E0:DF:AB:E2:
  • C5:4D:92:9E:64:E0:F1:E3:D3:A0:7A:85:43:72:04:26:
  • E4:E5:4B:BC:02:20:32:5B:6E:1E:C3:A0:2D:A2:0C:8E:
  • E3:CD:4C:FB:43:27:D4:03:70:D7:6D:32:D5:A3:4E:31:
  • DB:F8:84:1D:CA:E3
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 22:45:45:07:59:55:24:56:96:3F:A1:2F:F1:F7:6D:86:
  • E0:23:26:63:AD:C0:4B:7F:5D:C6:83:5C:6E:E2:0F:02
  • Timestamp : Apr 26 10:50:27.022 2021 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:44:02:20:4F:2C:C4:7B:1D:B1:82:35:F7:46:E9:6B:
  • B9:62:48:69:4E:6F:84:97:CC:0B:66:A4:CB:09:C4:2C:
  • D9:E2:4D:A5:02:20:33:EE:B0:47:29:C8:41:EC:C5:86:
  • 7D:CA:47:86:61:F8:F5:F2:EA:40:70:8E:55:D4:20:67:
  • 60:99:3D:C1:8C:D9

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name Options DNSSEC Matches
_25._tcp.mail.merger.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid
_25._tcp.mail2.merger.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid