8.10. Testing an SSL Mail Connection
Problem
You want to verify an SSL connection to a secure POP or IMAP server.
Solution
For secure POP:
$ openssl s_client -quiet -connect server:995
[messages about server certificate validation]
+OK POP3 server.net v2001.78rh server ready
Type QUIT to exit.
For secure IMAP:
$ openssl s_client -quiet -connect server:993
[messages about server certificate validation]
* OK [CAPABILITY ...] server.net IMAP4rev1 2001.315rh at Mon, 3 Mar 2003 20:01:43 -
0500 (EST)
Type 0 LOGOUT to exit.
Discussion
If you omit the -quiet switch, openssl will print specifics about the SSL protocol negotiation, including the server’s X.509 public-key certificate.
The openssl command can verify the server certificate only if that certificate, or one in its issuer chain, is listed in the system trusted certificate cache. [Recipe 4.4]
See Also
openssl(1).
Get Linux Security Cookbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.