Testing SSL certificates on remote server

Tue, Apr 30, 2013
One-minute read

Warning: This post is over 370 days old. The information may be out of date.

Testing your SSL certificates

From time to time I need to verify the SSL certificate configured for a server - either within the webserver or the mailserver. Here are a few commands I regularly use on a Linux host to verify the configuration on the remote server to test:

(replace HOST with either the hostname or an IP address)

Testing on a webserver

This is probably one of the most used commands when working on this topic:

openssl s_client -showcerts -connect HOST:443

Testing on a Mailserver (SMTP Submission)

The following tests the Submission Port (587), see the last parameter that initiates an SMTP session with the server:

openssl s_client -showcerts -connect HOST:587 -starttls smtp

Depending on the configuration of the mailserver, also port 25 contain an SSL certificate:

openssl s_client -showcerts -connect HOST:25 -starttls smtp

Testing on a Mailserver (IMAP)

The following tests the SSL certificate configured for encrypted IMAP on Port 993:

openssl s_client -showcerts -connect HOST:993

Testing on a Mailserver (POP3)

The following tests the SSL certificate configured for the POP3 server on port 995:

openssl s_client -showcerts -connect HOST:995

Source of inspiration

A post on Stackoverflow

Technology tls certificate ssl