8.10. Testing an SSL Mail Connection

Problem

You want to verify an SSL connection to a secure POP or IMAP server.

Solution

For secure POP:

$ openssl s_client -quiet -connect server:995
[messages about server certificate validation]
+OK POP3 server.net v2001.78rh server ready

Type QUIT to exit.

For secure IMAP:

$ openssl s_client -quiet -connect server:993
[messages about server certificate validation]
* OK [CAPABILITY ...] server.net IMAP4rev1 2001.315rh at Mon, 3 Mar 2003 20:01:43 -
0500 (EST)

Type 0 LOGOUT to exit.

Discussion

If you omit the -quiet switch, openssl will print specifics about the SSL protocol negotiation, including the server’s X.509 public-key certificate.

The openssl command can verify the server certificate only if that certificate, or one in its issuer chain, is listed in the system trusted certificate cache. [Recipe 4.4]

See Also

openssl(1).

Get Linux Security Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial