Check your mail servers cert using a tls connection:

home | blog | Terrible people and places | Covid-19 links | Teh Internet | guest blog |rants | placeholder | political | projects | Gwen and Liam | Citadel patched | Tools | Scouts




See this post by koppor on serverfault.com:
http://serverfault.com/questions/521425/exim4-is-showing-a-tls-error-on-connection-gnutls-handshake
If that site or link goes away, here are the gory details:
apt-get install gnutls-bin to have gnutls-cli available.
gnutls-cli -s -p 25 YOURSMTPHOST (starts a session with your mailserver)
ehlo foo
starttls
Press CTRL+d (^d)


This one works as well:
Thanks to Dan Andreatta, and Skyhawk (for the edits):
http://serverfault.com/questions/131627/how-to-inspect-remote-smtp-servers-tls-certificate
Again, in case that goes away:
openssl s_client -connect mail.example.com:25 -starttls smtp
or standard secure smtp
openssl s_client -connect mail.example.com:465

If you need the dates of the cert expiry:
openssl s_client -connect mail.server.name:25 -starttls smtp | openssl x509 -noout -subject -dates; echo ""
quit

openssl s_client -connect mail.server.name:993 | openssl x509 -noout -subject -dates; echo ""
quit

openssl s_client -connect mail.server.name:995 | openssl x509 -noout -subject -dates; echo ""
quit


Bonus: Check for website subject alternative name


openssl s_client -connect website.com:443 | openssl x509 -noout -ext subjectAltName ; echo ""
quit



[æ]