Differences

This shows you the differences between two versions of the page.

--- internet:security:ssl_tls_cert_testing [2018/09/26 13:43]
gcooper
+++ internet:security:ssl_tls_cert_testing [2022/03/22 08:46] (current)
gcooper
@@ Line 12: / Line 12: @@
 |443         |HTTPS        |
 |21          |FTP - TLS    |
-|25          |Mail - TLS   |
+|25          |SMTP - TLS   |
-|465         |Mail - SSL   |
+|465         |SMTP - SSL   |
-|587         |Mail - TLS   |
+|587         |SMTP - TLS   |
+|993         |IMAP - SSL   |
+|995         |POP - SSL    |
 |10000       |Webmin       |
 |20000       |Usermin      |
@@ Line 44: / Line 46: @@
 ==== Testing ====
-This first test is the one that is easiest and should work from anywhere:
+The OpenSSL toolkit allows checking SSL certificate installation on a server either remotely or locally. To check STARTTLS ports, run the following command replacing [port] with the port number and [protocol] with **smtp**, **pop3** or **imap** value (see the example below) respectively:
+<file>
+openssl s_client -connect example.com:[port] -servername example.com -starttls [protocol] < /dev/null
+</file>
+The same command but without -starttls switch can be used for checking non-STARTTLS ports:
+<file>
+openssl s_client -connect example.com:[port] -servername example.com
+</file>
+This test is easiest and should work from anywhere:
 <file>
@@ Line 68: / Line 82: @@
 </file>
-==== SMTP ====
+=== Show Expiration Date ===
+Pipe the output of other ''openssl'' commands into this:
+<file>
+ | openssl x509 -noout -enddate
+</file>
+==== SMTP and SMTPS ====
 <file>
@@ Line 74: / Line 96: @@
 openssl s_client -connect fqdn.hostname.tld:587 -starttls smtp < /dev/null
+openssl s_client -crlf -connect fqdn.hostname.tld:465 < /dev/null
 </file>

Virtual Architects Support Wiki

User Tools

Site Tools

Differences

Page Tools