[Cryptography] How to get certificates on email server?
John Levine
johnl at iecc.com
Mon Apr 18 14:56:40 EDT 2016
In article <20147814.1461001944352.JavaMail.wam at mswamui-valley.atl.sa.earthlink.net> you write:
>Stupid question: I'm getting a certificate error when attempting to send email. My email program says that the certification chain can't be verified.
>
>Before I accept this dubious certificate, I'd like to look up this server's certificate myself & check it by hand.
>
>How to do this? (Either Windows or Linux is fine, since I'm not trying to actually send mail; just check the certificate.)
$ openssl s_client -starttls smtp -connect hostname:port
That will do enough of an SMTP session to do the TLS handshake and
tell you about the certificates. Then type quit to tell it you're
done.
The usual problem is that they installed a newly signed certificate
and didn't install the CA's intermediate certificate that goes along
with it.
R's,
John
More information about the cryptography
mailing list