How to check the status of TLS cert?

Unanswered Question
Dec 11th, 2009

Hi all,
Except export (or copy) the cert from the configuration file, and view using openssl, is there anyway / tools to allow me check the TLS / SSL cert is being used?
As beside checking the cert is using by my IronPort, i would like to check the cert using by my partner as well (although i can configure IronPort to accept trust cert only, i still wanna verify it)

Thanks for advise.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Donald Nash Fri, 12/11/2009 - 16:23

You don't need to copy the cert out of your configuration. OpenSSL has an "s_client" subcommand which can open an SSL connection and verify the cert for you. It even knows how to do STARTTLS. Something like this ought to do it:

openssl s_client -starttls smtp -CAfile /path/to/ca/file -connect your.ironport:25

The /path/to/ca/file is necessary to provide openssl with a cache of root CA certs. You could use -CApath instead of -CAfile if you have a hashed directory of root CA certs instead of a single file containing them all.

You can also point this at your partner's SMTP server as well.


This Discussion