I am using Lets Encrypt for Postfix & Dovecot with auto-renewal every 2 months. So I have set myself a reminder to check that they have in fact gone through OK.
So I do this: "echo | openssl s_client -connect myserver.com:993 2>/dev/null | openssl x509 -noout -dates". Sure enough, I get: notBefore=Dec 26 12:39:00 2016 GMT notAfter=Mar 26 12:39:00 2017 GMT
But for port 25 or 587 I get: unable to load certificate 140364216252056:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:701:Expecting: TRUSTED CERTIFICATE
Actually, I'm pretty sure Postfix SSL/TLS is working fine, and I can do: "openssl s_client -connect myserver.com:587 -starttls smtp". This shows the certificates, but not the dates.
I guess I'm doing something wrong? Any idea what?
Thanks
Comments
Submitted by JamieCameron on Wed, 01/04/2017 - 15:06 Comment #1
That's expected, as Dovecot and Postfix don't start the connection in SSL mode - they use the STARTTLS command to switch from plaintext to encrypted. I don't know of any way to support this with the
opensslcommand.Submitted by PaliGap on Thu, 01/05/2017 - 07:40 Pro Licensee Comment #2
Ah, I see. That makes perfect sense. Also, I can see how I can achieve what I want. I can use the command to test via SSL rather than STARTSSL ie on ports eg 993 (Dovecot) & 465 (Postfix)
Many thanks.
Submitted by PaliGap on Thu, 01/05/2017 - 07:40 Pro Licensee Comment #3