Re: [exim] verifying certificate information

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Stephen Gran
Datum:  
To: exim-users
Betreff: Re: [exim] verifying certificate information
On Sat, Jun 14, 2008 at 04:31:44PM +0100, Martin A. Brooks said:
> Hi
>
> I've been looking at using a wildcard certificate with exim. I have the
> cert, exim is configured to use it, and there are no complaints when
> clients use STARTTLS to encrypt their session.
>
> Call me paranoid, but I want to verify that the certificate is actually
> being used and I've drawn a blank as to how to do that. My usual tools
> for SMTP kung-fu, swaks, doesn't have a "show me the cert" option nor
> can I switch enough debugging on for it to show me sufficient details.
>
> Any suggestions?


As others have mentioned, openssl will show it to you. I'm not
convinced you actually can do server side TLS without a cert, though, so
in practice, unless you're just trying to verify the fingerprint or
something, I think you can take it as read that _a_ cert is definitely
being offered, and given that exim failry predictably does what you tell
it to, it will most likely be the one in the file output by
exim -bP configure_file

Cheers,
--
--------------------------------------------------------------------------
|  Stephen Gran                  | BOFH excuse #183:  filesystem not big   |
|  steve@???             | enough for Jumbo Kernel Patch           |
|  http://www.lobefin.net/~steve |                                         |

--------------------------------------------------------------------------