How to inspect the certificate of a mail server over a CLI
A tiny guide to using the openssl CLI tool to inspect and/or save the SSL.TLS certificates used by mail servers
If you ever need to inspect the certificate of a remote SMTP server, you can use the openssl CLI tool.
If you need to check STARTTLS:
1
openssl s_client -connect mail.example.com:25 -starttls smtp
Or, for a standard secure SMTP port:
1
openssl s_client -connect mail.example.com:465
To save the certificate to a file, just redirect the output:
1
openssl s_client -connect mail.example.com:25 -starttls smtp > mail.example.com.crt
You can also check SMTP TLS using MX Toolbox or Check TLS.
This post is licensed under CC BY 4.0 by the author.