How to check mailserver ssl certificate and expiration date

Linux / certificate, ssh, ssl / By
4.6
(15)

How to verify that SSL for IMAP/POP3/SMTP works and a proper certificate is installed?

Using online checkers

Check SSL using online tools:

Using a Linux server

Any Linux server can be used for these tests. If you do not have a Linux server, use the online checkers above.
To verify SSL, connect to any Linux server via SSH and use the instructions below:

IMAP via SSL uses port 993:
connect to a mail server using openssl:

# openssl s_client -showcerts -connect mail.example.com:993

output like:

Server certificate
subject=/OU=Domain Control Validated/OU=PositiveSSL/CN=mail.example.com
issuer=/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=PositiveSSL CA 2

POP3 via SSL uses port 995:

openssl s_client -showcerts -connect mail.example.com:995

check output like:

Server certificate
subject=/OU=Domain Control Validated/OU=PositiveSSL/CN=mail.example.com
issuer=/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=PositiveSSL CA 2

SMTP via SSL uses port 465:

# openssl s_client -showcerts -connect mail.example.com:465

output

Server certificate
subject=/OU=Domain Control Validated/OU=PositiveSSL/CN=mail.example.com
issuer=/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=PositiveSSL CA 2

SMTP via TLS/StartTLS uses port 25 or 587

openssl s_client -starttls smtp -showcerts -connect mail.example.com:25

output

Server certificate
subject=/OU=Domain Control Validated/OU=PositiveSSL/CN=mail.example.com
issuer=/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=PositiveSSL CA 2

Getting the expiration time of an SMTP certificate.

openssl s_client -connect mail.example.com:25 -starttls smtp | openssl x509 -enddate -noout

check output like

# openssl s_client -connect mail.example.com:995 | openssl x509 -enddate -noout
depth=2 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Certification Authority
verify return:1
depth=1 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Domain Validation Secure Server CA
verify return:1
depth=0 OU = Domain Control Validated, OU = PositiveSSL, CN = mail.example.com
verify return:1
notAfter=Sep 20 23:59:59 2019 GMT

Similar Posts:

20,137

How useful was this post?

Click on a star to rate it!

Average rating 4.6 / 5. Vote count: 15

No votes so far! Be the first to rate this post.

Scroll to Top