Add to Favourites Add to Favourites    Print this Article Print this Article

Manually checking the certificate used for smtp on port 25

As more servers and mail clients are requiring valid certificates for mail servers, you might need to view inside the certificate to see what's currently set.  You can do this by running the following command for your hostname:

openssl s_client -connect -starttls smtp -servername

The "CN" value, or "Common Name" will be the current host value set inside the certificate.
You'll be looking for the subject *after* the certificate output, so in the case of our mail server, we have a wildcard, so the imporant bits would look like:

subject=/OU=Domain Control Validated/CN=*

Once run, you'll actually be connected to the remote server, so to leave, just type:


to exit the current SMTP session.

If it's a self-signed certificate, you'll see this in the "SSL-Session:" header:

   Verify return code: 18 (self signed certificate)

Note, the "-servername" is used to specify the ssl host, if your exim is running SNI to allow for multiple certificates.

Was this answer helpful?

Also Read