Virtual Architects Support Wiki

User Tools

Site Tools

You are here: start » internet » security » ssl_tls_cert_testing
Trace: hyper-v-live-migration
internet:security:ssl_tls_cert_testing

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
internet:security:ssl_tls_cert_testing [2017/04/20 08:02]
gcooper 		internet:security:ssl_tls_cert_testing [2022/03/22 08:46] (current)
gcooper
Line 12: Line 12:
 |443         |HTTPS        | |443         |HTTPS        |
 |21          |FTP - TLS    | |21          |FTP - TLS    |
-|25          |Mail - TLS   | +|25          |SMTP - TLS   | 
-|465         |Mail - SSL   | +|465         |SMTP - SSL   | 
-|587         |Mail - TLS   |+|587         |SMTP - TLS   
 +|993         |IMAP - SSL   | 
 +|995         |POP - SSL    |
 |10000       |Webmin       | |10000       |Webmin       |
 |20000       |Usermin      | |20000       |Usermin      |
Line 20: Line 22:
 ===== Web Tools ===== ===== Web Tools =====
  
-Check Internet accessible hosts here: https://www.digicert.com/help/+Check Internet accessible hosts here:
  
-or here: http://www.geocerts.com/ssl_checker+https://www.sslchecker.com 
 + 
 +https://www.digicert.com/help/ 
 + 
 +http://www.geocerts.com/ssl_checker
  
 ===== OpenSSL ===== ===== OpenSSL =====
Line 38: Line 44:
 </file> </file>
  
-This first test is the one that is easiest and should work from anywhere:+==== Testing ==== 
 + 
 +The OpenSSL toolkit allows checking SSL certificate installation on a server either remotely or locally. To check STARTTLS ports, run the following command replacing [port] with the port number and [protocol] with **smtp**, **pop3** or **imap** value (see the example below) respectively: 
 + 
 +<file> 
 +openssl s_client -connect example.com:[port] -servername example.com -starttls [protocol] < /dev/null 
 +</file> 
 + 
 +The same command but without -starttls switch can be used for checking non-STARTTLS ports: 
 + 
 +<file> 
 +openssl s_client -connect example.com:[port] -servername example.com 
 +</file> 
 + 
 +This test is easiest and should work from anywhere:
  
 <file> <file>
Line 60: Line 80:
 <file> <file>
 openssl s_client -tls1 -crlf -showcerts -debug -CAfile /etc/postfix/ssl/ca-bundle.pem -connect fqdn.yourdomain.com:465  < /dev/null openssl s_client -tls1 -crlf -showcerts -debug -CAfile /etc/postfix/ssl/ca-bundle.pem -connect fqdn.yourdomain.com:465  < /dev/null
 +</file>
 +
 +=== Show Expiration Date ===
 +
 +Pipe the output of other ''openssl'' commands into this:
 +
 +<file>
 + | openssl x509 -noout -enddate
 +</file>
 +
 +==== SMTP and SMTPS ====
 +
 +<file>
 +openssl s_client -connect fqdn.hostname.tld:25 -starttls smtp < /dev/null
 +
 +openssl s_client -connect fqdn.hostname.tld:587 -starttls smtp < /dev/null
 +
 +openssl s_client -crlf -connect fqdn.hostname.tld:465 < /dev/null
 </file> </file>
  
Line 68: Line 106:
 <file> <file>
 curl -G -v --key /etc/postfix/ssl/fqdn.yourdomain.com.key --cert /etc/postfix/ssl/fqdn.yourdomain.com.crt --cacert /etc/postfix/ssl/ca-bundle.pem https://fqdn.yourdomain.com/robots.txt curl -G -v --key /etc/postfix/ssl/fqdn.yourdomain.com.key --cert /etc/postfix/ssl/fqdn.yourdomain.com.crt --cacert /etc/postfix/ssl/ca-bundle.pem https://fqdn.yourdomain.com/robots.txt
 +</file>
 +
 +===== Apache =====
 +
 +See how your Apache web server is configured for SSL:
 +
 +<file>
 +grep -R SSL /etc/apache2/ |grep -v \#
 </file> </file>
  
internet/security/ssl_tls_cert_testing.1492696969.txt.gz · Last modified: 2017/04/20 08:02 by gcooper

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki