Verify SSL/TLS certificate of an email server

Currently, it is possible to obtain a free StartSSL certificate for our mail server (Postfix / Dovecot). Although using Let’s Encrypt certificates is more common and straightforward, as it allows deploying certificates with a duration of approximately 3 months, which are easy to renew and can be automated with a simple cron job, having certificates on our servers or when accessing third-party servers provides security by ensuring that our communication is not being intercepted.

Now, what happens if we encounter problems with the certificate when trying to connect to a email server, or if a user notifies us that our server is experiencing issues?

In such situations, it is always possible to check the status of the certificate using the following commands:

Postfix

To check the SMTP connection without encryption:

openssl s_client -connect mail.example.com:25 -starttls smtp

To check the SMTP connection with SSL/TLS encryption:

openssl s_client -connect mail.example.com:465

To find out the expiration date of the certificate, additionally:

openssl s_client -connect mail.example.com:25 -starttls smtp | openssl x509 -dates -noout

penssl s_client -connect mail.example.com:465 -starttls smtp | openssl x509 -dates -noout

Dovecot

To verify the IMAPS connection (with SSL/TLS encryption) in Dovecot:

openssl s_client -showcerts -connect smtp.example.com:993 -servername smtp.lambdaforge.io | openssl x509 -dates -noout

To find out the expiration date of the certificate, additionally:

penssl s_client -showcerts -connect smtp.example.com:993 -servername smtp.lambdaforge.io | openssl x509 -dates -noout

These commands will allow you to diagnose and ensure the validity of the certificates on your mail servers. In future articles, I will explain how to add Let’s Encrypt certificates to Postfix and Dovecot.

[GITLAB] Como solucionar *buffer overflow detected* terminated xargs: tail: terminated by signal 6 en Docker

RutaCubano