How to check the status of TLS cert?

Unanswered Question
Dec 11th, 2009
User Badges:

Hi all,
Except export (or copy) the cert from the configuration file, and view using openssl, is there anyway / tools to allow me check the TLS / SSL cert is being used?
As beside checking the cert is using by my IronPort, i would like to check the cert using by my partner as well (although i can configure IronPort to accept trust cert only, i still wanna verify it)

Thanks for advise.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Donald Nash Fri, 12/11/2009 - 16:23
User Badges:

You don't need to copy the cert out of your configuration. OpenSSL has an "s_client" subcommand which can open an SSL connection and verify the cert for you. It even knows how to do STARTTLS. Something like this ought to do it:

openssl s_client -starttls smtp -CAfile /path/to/ca/file -connect your.ironport:25


The /path/to/ca/file is necessary to provide openssl with a cache of root CA certs. You could use -CApath instead of -CAfile if you have a hashed directory of root CA certs instead of a single file containing them all.

You can also point this at your partner's SMTP server as well.

Actions

This Discussion