Re: [exim] verifying certificate information

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Heiko Schlittermann
Datum:  
To: exim-users
Betreff: Re: [exim] verifying certificate information
Martin A. Brooks <martin@???> (Sa 14 Jun 2008 17:31:44 CEST):
> Hi
>
> I've been looking at using a wildcard certificate with exim. I have the
> cert, exim is configured to use it, and there are no complaints when
> clients use STARTTLS to encrypt their session.
>
> Call me paranoid, but I want to verify that the certificate is actually
> being used and I've drawn a blank as to how to do that. My usual tools
> for SMTP kung-fu, swaks, doesn't have a "show me the cert" option nor
> can I switch enough debugging on for it to show me sufficient details.


If I understand well, do you want to connect to your exim and then have
the cert of the server shown?


    $ openssl s_client -connect <host>:465
or
    $ openssl s_client -starttls smtp -connect <host>:25


The last one only works with a recent openssl, since there is some
bug(?) in the way starttls is implemented in s_client. (If I remember
well s_client doesn't do the initial "ESMTP|EHLO" sequence.)

    Best regards from Dresden
    Viele Grüße aus Dresden
    Heiko Schlittermann
-- 
 SCHLITTERMANN.de ---------------------------- internet & unix support -
 Heiko Schlittermann HS12-RIPE -----------------------------------------
 gnupg encrypted messages are welcome - key ID: 48D0359B ---------------
 gnupg fingerprint: 3061 CFBF 2D88 F034 E8D2  7E92 EE4E AC98 48D0 359B -