Ispmanager 6 business documentation

How do I check the SSL certificate for the email domain?

 

To check the certificate, execute the command:

openssl s_client -showcerts -servername mail.domain.tld -connect IP:port
Comments to the command

The response to the command will contain information about the certificate that is used when connecting through the mail client.

An example of response

CONNECTED(00000003)
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
depth=0 CN = example.com
verify return:1
---
Certificate chain
0 s:/CN=example.com
i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
-----BEGIN CERTIFICATE-----
MIIFaDCCBFCgAwIBAgISA0ri6wJIDhR2lmwzQyxxzhugMA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xODExMjkxMjE3MTNaFw0x
...
Y5NaMKzSyuaL6rtAC9vS5ZaD6XGDzfIs/fqsJ1whNC+/bpW6QKiJS63G71dTiFx5
WE0CfzScmJkK6oUo81mMZmDdW/MqUKbh3RzPI0U5luhlFHU8l8zknyRj1SAC5iAn
IMmQygKwi/GszV6QgJ4t1D500T61EYYP2gBns33ntPgtSrNEWH8QyIG5FQE=
-----END CERTIFICATE-----
1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
i:/O=Digital Signature Trust Co./CN=DST Root CA X3
-----BEGIN CERTIFICATE-----
MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow
...
wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu
X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG
PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6
KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg==
-----END CERTIFICATE-----
---
Server certificate
subject=/CN=example.com
issuer=/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 3076 bytes and written 330 bytes
Verification: OK
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: CC153897D816CAD36443FB3E3769E9B30A456B099776D99B1B83760673B329DC
Session-ID-ctx:
Master-Key: 597BF1E0D91770E6A64ACF5866166D3CC8FEB545FE23E00B89069FCF77B596C71160A5288411F3FC7CB16ADD50DABB5F
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1543628188
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
---
220 cloud.domain.com ESMTP Exim 4.90_1 Sat, 01 Dec 2018 04:36:29 +0300