Recipe 8.10 Testing an SSL Mail Connection

8.10.1 Problem

You want to verify an SSL connection to a secure POP or IMAP server.

8.10.2 Solution

For secure POP:

$ openssl s_client -quiet -connect server:995
[messages about server certificate validation]
+OK POP3 server.net v2001.78rh server ready

Type QUIT to exit.

For secure IMAP:

$ openssl s_client -quiet -connect server:993
[messages about server certificate validation]
* OK [CAPABILITY ...] server.net IMAP4rev1 2001.315rh at Mon, 3 Mar 2003 20:01:43 -
0500 (EST)

Type 0 LOGOUT to exit.

8.10.3 Discussion

If you omit the -quiet switch, openssl will print specifics about the SSL protocol negotiation, including the server's X.509 public-key certificate.

The openssl command can verify the server certificate only if that certificate, or one in its issuer chain, is listed in the system trusted certificate cache. [Recipe 4.4]

8.10.4 See Also

openssl(1).