June 2003
Intermediate to advanced
336 pages
8h 54m
English
Content preview from Linux Security CookbookBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
8.10. Testing an SSL Mail Connection
Problem
You want to verify an SSL connection to a secure POP or IMAP server.
Solution
For secure POP:
$ openssl s_client -quiet -connect server:995
[messages about server certificate validation]
+OK POP3 server.net v2001.78rh server readyType QUIT to exit.
For secure IMAP:
$ openssl s_client -quiet -connect server:993
[messages about server certificate validation]
* OK [CAPABILITY ...] server.net IMAP4rev1 2001.315rh at Mon, 3 Mar 2003 20:01:43 -
0500 (EST)Type 0 LOGOUT to exit.
Discussion
If you omit the -quiet switch, openssl will print specifics about the SSL protocol negotiation, including the server’s X.509 public-key certificate.
The openssl command can verify the server certificate only if that certificate, or one in its issuer chain, is listed in the system trusted certificate cache. [Recipe 4.4]
See Also
openssl(1).