Skip to content

RFC 3092

Etymology of "Foo"

  • The RFC 3092
  • Projects
    • avelsieve
    • check_process_runtime
    • CloudPress
  • About

Check SSL Connection Foo

Posted on July 6, 2016 - December 15, 2018 by peter

It was that time of the year, when I had to renew some SSL certificates. Renewing and updating them in the server is a nice and easy process. But checking, whether the server is delivering the correct certificate and, that I updated and popluated the intermediate certificates correctly, is a different story.

For websites it is quite easy. Every browser is pretty verbose about the certificate of an https connection. But mail clients are not so talkative. Luckily openssl can help here.

To get the certificate in PEM form to compare you can simply call this command. Of course you have to replace and with the correct values, like example.com:993 for IMAPS on example.com:


openssl s_client -showcerts -connect :

If you want it a little bit more verbose, then you can pipe it again through openssl to get a more human readable version:


openssl s_client -showcerts -connect : | openssl x509 -text

Sometimes the connection itself is not supporting SSL or TLS directly, so you have to give it a hint. For instance for SMTP connection with STARTTLS you can use:


openssl s_client -showcerts -connect :25 -starttls smtp | openssl x509 -text

In my version of s_client only smtp, pop3, imap and ftp were supported protocols. If you are looking for more information about this you will find it in the man pages of openssl and s_client.

Posted in Foo, Linux

Post navigation

Nagios Enabling External Command on Debian based Distributions
Labor Day Beach Pictures
Proudly powered by WordPress | Theme: micro, developed by DevriX.