Verify SSL-Certfile against loaded Certificate with OpenSSL

This section contains user-submitted tutorials.
Post Reply
User avatar
Dravion
Senior user
Senior user
Posts: 1688
Joined: 2015-09-26 11:50
Location: Germany
Contact:

Verify SSL-Certfile against loaded Certificate with OpenSSL

Post by Dravion » 2017-05-19 20:18

If you need to verify your selfsigned or production SSL-Certfiles (*.PEM / *.CRT or bundled chain *.PEM) for
primetime or simply want to know if your cert is valid or allready expired, you can do it with OpenSSL.

On Unix/Linux OpenSSL is allready installed on your System, but on Windows you need to compile OpenSSL
from source (requires Visual Studio C++ 2013/ native - NOT C++CLR.NET!) or install a prepackaged OpenSSL-Distribution for Windows 32/64-Bit like the following one: http://slproweb.com/products/Win32OpenSSL.html

Just pick a package which meet your needs and install it.

Now we are ready:
1) Open Windows Command prompt (normal permissions
2) SET HMS_SSL_CERT="%programfiles(x86)%\hMailServer\certs\<your_cert_file.crt>"
3) SET OPENSSL_HOME=%programfiles(x86)%\<YourOpenSSLInstallation>
4) SET SMTP_SERVER_HOST="smtp.myserver.com
5) SET PATH=%PATH%;%OPENSSL_HOME%

#Check if your certfile is valid and hand not being expired
openssl x509 -enddate -noout -in %HMS_SSL_CERT%

#Check your hMailServer SMTP-SSL Configuration online
echo q | openssl s_client -connect %SMTP_SERVER_HOST%:25 -starttls smtp| openssl x509 -noout -enddate

Done.

Post Reply