Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

Checking Remote TLS?

We've just set up TLS on our C350's and have had a few hosts failing to verify when sending to them (currently set to prefer-verify). One of the hosts is MessageLabs, who I would have thought would be competent enough to put a proper SSL in place!

Is there any way to connect to them, request it and see what the cert actually is? Or alternatively a better way? The logs say there's a self signed certificate in the chain..

4 REPLIES
Community Member

Re: Checking Remote TLS?

Outside the scope of IronPort, you could use openssl utility and connect to the Message labs MTA and issue starttls. This should give you the complete chain of the cert and show if it is incorrectly chained or cannot be validated.

-Kishore

Community Member

Re: Checking Remote TLS?

Try something like:

openssl s_client -starttls smtp -crlf -showcerts -connect cluster6a.eu.messagelabs.com:25

J.

Community Member

Re: Checking Remote TLS?

this Forum is gaining in usefulness every time!

i was seeking for the SSL test syntax for a long time but did not manage to find it. (maybe that says something about my "google capacities" )

thanks for posting this!

Steven

Community Member

Re: Checking Remote TLS?

Steven -

This would be an awesome feature to request on our ESA's with the help of your Cisco IronPort sales account team! +1 for a good idea.

Cheers!

Andrew

207
Views
0
Helpful
4
Replies
CreatePlease to create content