Checking Remote TLS?

Unanswered Question
May 19th, 2009
User Badges:

We've just set up TLS on our C350's and have had a few hosts failing to verify when sending to them (currently set to prefer-verify). One of the hosts is MessageLabs, who I would have thought would be competent enough to put a proper SSL in place!

Is there any way to connect to them, request it and see what the cert actually is? Or alternatively a better way? The logs say there's a self signed certificate in the chain..

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
kyerramr Tue, 05/26/2009 - 08:38
User Badges:

Outside the scope of IronPort, you could use openssl utility and connect to the Message labs MTA and issue starttls. This should give you the complete chain of the cert and show if it is incorrectly chained or cannot be validated.


meyd45_ironport Wed, 06/24/2009 - 10:35
User Badges:

Try something like:

openssl s_client -starttls smtp -crlf -showcerts -connect


steven_geerts Sat, 06/27/2009 - 23:40
User Badges:

this Forum is gaining in usefulness every time!

i was seeking for the SSL test syntax for a long time but did not manage to find it. (maybe that says something about my "google capacities" )

thanks for posting this!


Andrew Wurster Sat, 07/11/2009 - 01:01
User Badges:

Steven -

This would be an awesome feature to request on our ESA's with the help of your Cisco IronPort sales account team! +1 for a good idea.




This Discussion