Martin A. Brooks <martin@???> (Sa 14 Jun 2008 17:31:44 CEST):
> Hi
>
> I've been looking at using a wildcard certificate with exim. I have the
> cert, exim is configured to use it, and there are no complaints when
> clients use STARTTLS to encrypt their session.
>
> Call me paranoid, but I want to verify that the certificate is actually
> being used and I've drawn a blank as to how to do that. My usual tools
> for SMTP kung-fu, swaks, doesn't have a "show me the cert" option nor
> can I switch enough debugging on for it to show me sufficient details.
If I understand well, do you want to connect to your exim and then have
the cert of the server shown?
$ openssl s_client -connect <host>:465
or
$ openssl s_client -starttls smtp -connect <host>:25
The last one only works with a recent openssl, since there is some
bug(?) in the way starttls is implemented in s_client. (If I remember
well s_client doesn't do the initial "ESMTP|EHLO" sequence.)
Best regards from Dresden
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---------------------------- internet & unix support -
Heiko Schlittermann HS12-RIPE -----------------------------------------
gnupg encrypted messages are welcome - key ID: 48D0359B ---------------
gnupg fingerprint: 3061 CFBF 2D88 F034 E8D2 7E92 EE4E AC98 48D0 359B -
