Nethence NEWDOC OLDDOC Lab Webmail Your IP BBDock  

SSL troubleshooting

Checking the certs remotely

Below you will find a few commands to check against SSL/TLS services. Here’s what you should look for:

HTTPS

Check the certificate e.g. from the docker host against a container,

openssl s_client -connect localhost:84XX

STARTTLS / SMTP

What ports should we look for?

    egrep 'submission|smtp' /etc/services

See what ports an MX or SMARTHOST offers (25 or 587 / STARTTLS are prefered),

nmap -Pn -p 25,465,587 SMTP_SERVER

Check the certificate provided through SMTP STARTTLS remotely e.g. against port 25,

openssl s_client -starttls smtp -crlf -connect SMTP_SERVER:25
openssl s_client -starttls smtp -crlf -connect SMTP_SERVER:25 </dev/null 2>&1 | grep 'CN ='

STARTTLS / IMAP

What ports should we look for?

    grep 'imap' /etc/services

See what ports an MX or SMARTHOST offers (143 / STARTTLS is prefered,

nmap -Pn -p 143,993 IMAP_SERVER

Check the certificate provided through IMAP STARTTLS remotely e.g. against port 143,

openssl s_client -starttls imap -crlf -connect IMAP_SERVER:143
openssl s_client -starttls imap -crlf -connect IMAP_SERVER:143 </dev/null 2>&1 | grep 'CN ='

openssl s_client -connect IMAP_SERVER:143 -starttls imap
openssl s_client -connect IMAP_SERVER:143 -starttls imap -quiet -crlf
1 login TESTACCOUNT PASSWORD
1 list "" "*"
1 logout

openssl s_client -connect IMAP_SERVER:143 openssl s_client -tls1 -connect IMAP_SERVER:143 -tls1_2 -crlf -quiet

Check that it does NOT respond to SSL version 3,

openssl s_client -connect IMAP_SERVER:993 -ssl3

References

Ruby