Articles in this section

How to verify that SSL for IMAP/POP3/SMTP works and a proper SSL certificate is in use

Dobrin Ivanov
Updated
kb: how-to Plesk for Linux ABT: Group B

Applicable to:

  • Plesk for Linux

Question

How to verify that SSL for IMAP/POP3/SMTP works and a proper certificate is installed?

Answer

Using online checkers

Check SSL using online tools:

Using a Linux server

Any Linux server can be used for these tests. If you do not have a Linux server, use the online checkers above.

To verify SSL, connect to any Linux server via SSH and use the instructions below:

IMAP via SSL using port 993:

  1. connect to a mail server using openssl:

    # openssl s_client -showcerts -connect mail.example.com:993 -servername mail.example.com

  2. Check output and make sure that a valid certificate is shown:

    CONFIG_TEXT: Server certificate
    subject=/OU=Domain Control Validated/OU=PositiveSSL/CN=mail.example.com 
    issuer=/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=PositiveSSL CA 2

  3. Make sure that you received IMAP server response:

    CONFIG_TEXT: * OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA AUTH=CRAM-MD5 AUTH=PLAIN IDLE ACL ACL2=UNION] Courier-IMAP ready. Copyright 1998-2004 Double Precision, Inc. See COPYING for distribution information.

POP3 via SSL using port 995:

  1. Connect to a mail server using openssl:

    # openssl s_client -showcerts -connect mail.example.com:995 -servername mail.example.com

  2. Check output and make sure that a valid certificate is shown:

    CONFIG_TEXT: Server certificate
    subject=/OU=Domain Control Validated/OU=PositiveSSL/CN=mail.example.com 
    issuer=/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=PositiveSSL CA 2

  3. Make sure that you received POP3 server response:

    CONFIG_TEXT: +OK Hello there. 1793.1385684315@localhost.localdomain

SMTP via SSL using port 465:

  1. Connect to a mail server using openssl:

    # openssl s_client -showcerts -connect mail.example.com:465 -servername mail.example.com

  2. Check output and make sure that a valid certificate is shown:

    CONFIG_TEXT: Server certificate
    subject=/OU=Domain Control Validated/OU=PositiveSSL/CN=mail.example.com 
    issuer=/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=PositiveSSL CA 2

  3. Make sure that you received SMTP server response:

    CONFIG_TEXT: 220 mail.example.com ESMTP Postfix

SMTP via TLS/StartTLS using port 25 or 587

Note: To use port 587 the submission port should be enabled in Plesk:

  1. Connect to a mail server using openssl:

    # openssl s_client -starttls smtp -showcerts -connect mail.example.com:25 -servername mail.example.com

  2. Check output and make sure that a valid certificate is shown:

    CONFIG_TEXT: Server certificate
    subject=/OU=Domain Control Validated/OU=PositiveSSL/CN=mail.example.com 
    issuer=/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=PositiveSSL CA 2

  3. Make sure that you received SMTP server response:

    CONFIG_TEXT: 250 DSN

Was this article helpful?

Comments

2 comments
Date Votes
  • Avatar
    Hans Moviat

    Can you add a link to an article to help me figuring out how to fix this if it is not working?

    1
  • Avatar
    Stefan Yakubov

    Hans Moviat

    The article is intended for obtaining information. After getting results, you can begin troubleshoot using the gathered info.

    -2

Please sign in to leave a comment.