Nethence Newdoc Olddoc Lab Your IP BBDock  

SSL troubleshooting

Checking the certs remotely

Below you will find a few commands to check against SSL/TLS services. Here’s what you should look for:

HTTPS

Check the certificate e.g. from the docker host against a container,

openssl s_client -connect localhost:84XX </dev/null

STARTTLS / SMTP

What ports should we look for?

    egrep 'submission|smtp' /etc/services

See what ports an MX or SMARTHOST offers (25 or 587 / STARTTLS are prefered),

nmap -Pn -p 25,465,587 SMTP_SERVER

Check the certificate provided through SMTP STARTTLS remotely e.g. against port 25,

openssl s_client -starttls smtp -crlf -connect SMTP_SERVER:25 </dev/null

STARTTLS / IMAP

What ports should we look for?

    grep 'imap' /etc/services

See what ports an MX or SMARTHOST offers (143 / STARTTLS is prefered,

nmap -Pn -p 143,993 IMAP_SERVER

Check the certificate provided through IMAP STARTTLS remotely e.g. against port 143,

openssl s_client -starttls imap -crlf -connect IMAP_SERVER:143 </dev/null

openssl s_client -connect IMAP_SERVER:143 -starttls imap
openssl s_client -connect IMAP_SERVER:143 -starttls imap -quiet -crlf
1 login TESTACCOUNT PASSWORD
1 list "" "*"
1 logout

#openssl s_client -connect IMAP_SERVER:143
#openssl s_client -tls1 -connect IMAP_SERVER:143
#-tls1_2

Check that it does NOT respond to SSL version 3,

openssl s_client -connect IMAP_SERVER:993 -ssl3

References

Ruby


Home | GitHub | Donate | Contact