Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1081
Views
0
Helpful
1
Replies

How to check the status of TLS cert?

fai0_ironport
Level 1
Level 1

‎12-11-2009 10:32 AM

Hi all,
Except export (or copy) the cert from the configuration file, and view using openssl, is there anyway / tools to allow me check the TLS / SSL cert is being used?
As beside checking the cert is using by my IronPort, i would like to check the cert using by my partner as well (although i can configure IronPort to accept trust cert only, i still wanna verify it)

Thanks for advise.

Labels:
0 Helpful
1 Reply 1

Donald Nash
Level 3
Level 3

‎12-11-2009 04:23 PM

You don't need to copy the cert out of your configuration. OpenSSL has an "s_client" subcommand which can open an SSL connection and verify the cert for you. It even knows how to do STARTTLS. Something like this ought to do it:

openssl s_client -starttls smtp -CAfile /path/to/ca/file -connect your.ironport:25


The /path/to/ca/file is necessary to provide openssl with a cache of root CA certs. You could use -CApath instead of -CAfile if you have a hashed directory of root CA certs instead of a single file containing them all.

You can also point this at your partner's SMTP server as well.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents