How to verify that SSL for IMAP/POP3/SMTP works and a proper certificate is installed?
Using online checkers
Check SSL using online tools:
SSL Checker – SSL Certificate Verify
SSL Server Test (Powered by Qualys SSL Labs)
Using a Linux server
Any Linux server can be used for these tests. If you do not have a Linux server, use the online checkers above.
To verify SSL, connect to any Linux server via SSH and use the instructions below:
IMAP via SSL uses port 993:
connect to a mail server using openssl:
# openssl s_client -showcerts -connect mail.example.com:993
output like:
Server certificate
subject=/OU=Domain Control Validated/OU=PositiveSSL/CN=mail.example.com
issuer=/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=PositiveSSL CA 2
SMTP via SSL uses port 465:
# openssl s_client -showcerts -connect mail.example.com:465
output like
Server certificate
subject=/OU=Domain Control Validated/OU=PositiveSSL/CN=mail.example.com
issuer=/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=PositiveSSL CA 2
SMTP via TLS/StartTLS uses port 25 or 587
openssl s_client -starttls smtp -showcerts -connect mail.example.com:25
output
Server certificate
subject=/OU=Domain Control Validated/OU=PositiveSSL/CN=mail.example.com
issuer=/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=PositiveSSL CA 2
Getting the expiration time of an SMTP certificate.
openssl s_client -connect mail.example.com:25 -starttls smtp | openssl x509 -enddate -noout
output
# openssl s_client -connect mail.example.com:995 | openssl x509 -enddate -noout
depth=2 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Certification Authority
verify return:1
depth=1 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Domain Validation Secure Server CA
verify return:1
depth=0 OU = Domain Control Validated, OU = PositiveSSL, CN = mail.example.com
verify return:1
notAfter=Sep 20 23:59:59 2019 GMT