How to inspect remote SMTP server's TLS certificate?

Solution 1:

You can use OpenSSL. If you have to check the certificate with STARTTLS, then just do

openssl s_client -connect mail.example.com:25 -starttls smtp

or for a standard secure smtp port:

openssl s_client -connect mail.example.com:465

Solution 2:

I know this is an old question, but still a relevant question even today for admins wishing to confirm the SSL Certificate validity on their email servers.

You could visit https://www.checktls.com and run the test for free.

Solution 3:

If you don't have OpenSSL, you can also use this Python snippet:

import smtplib
import ssl

connection = smtplib.SMTP() 
connection.connect('[hostname].')
connection.starttls()
print ssl.DER_cert_to_PEM_cert(connection.sock.getpeercert(binary_form=True))

where [hostname] is the server.

Source: https://support.google.com/a/answer/6180220

This pulls the OpenSSL library for you, which makes the install a bit easier.

How to inspect remote SMTP server's TLS certificate?

Solution 1:

Solution 2:

Solution 3:

Tags:

Security

Certificate

Windows Server 2008

Tls

Exchange 2007

Related

Recent Posts