How to verify that SSL for IMAP/POP3/SMTP works and the proper certificate is installed?

Created:

2016-11-16 13:26:04 UTC

Modified:

2017-08-16 16:57:32 UTC

32

Was this article helpful?


Have more questions?

Submit a request

How to verify that SSL for IMAP/POP3/SMTP works and the proper certificate is installed?

Applicable to:

  • Plesk 12.5 for Linux
  • Plesk Onyx for Linux
  • Plesk 11.x for Linux
  • Plesk 12.0 for Linux

Question

How to verify that SSL for IMAP/POP3/SMTP works and proper certificate is installed?

Answer

Note: You can find out how to install certificates in How to сhange the default certificates for SMTP, IMAP, and POP3 over SSL article.

First of all, connect to the server using SSH.

To verify SSL please use the following commands:

  1. IMAP via SSL uses 993 port by default:

    a. connect to mail server using openssl :

    # openssl s_client -showcerts -connect mail.example.com:993

    b. Check output and make sure that valid certificate is shown:

    Server certificate
    subject=/OU=Domain Control Validated/OU=PositiveSSL/CN=mail.example.com
    issuer=/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=PositiveSSL CA 2

    c. Make sure that you received IMAP server response:

    * OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA AUTH=CRAM-MD5 AUTH=PLAIN IDLE ACL ACL2=UNION] Courier-IMAP ready. Copyright 1998-2004 Double Precision, Inc.  See COPYING for distribution information.
  2. POP3 via SSL uses 995 port by default:

    a. connect to mail server using openssl :

    # openssl s_client -showcerts -connect mail.example.com:995

    b. Check output and make sure that valid certificate is shown:

    Server certificate
    subject=/OU=Domain Control Validated/OU=PositiveSSL/CN=mail.example.com
    issuer=/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=PositiveSSL CA 2

    c. Make sure that you received POP3 server response:

    +OK Hello there. <1793.1385684315@localhost.localdomain>
  3. SMTP via SSL uses 465 port by default:

    a. connect to mail server using openssl :

    # openssl s_client -showcerts -connect mail.example.com:465

    b. Check output and make sure that valid certificate is shown:

    Server certificate
    subject=/OU=Domain Control Validated/OU=PositiveSSL/CN=mail.example.com
    issuer=/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=PositiveSSL CA 2

    c. Make sure that you received SMTP server response:

    220 mail.example.com ESMTP Postfix
Have more questions? Submit a request

4 Comments

  • 0
    Avatar
    Ruben

    I have a domain with ssl certificate. but i have some problems because when i check the certificate always show me plesk default certificate.

    I need the smtp.domain.ltd takes a domain certificate not the plesk default certificate (self signed).

    I think to change the postfix certificate but this is not correct because if i change this default certificate, this certificates apply over all my domains.

    /etc/postfix/postfix_default.pem

    I need to know how to apply this certificate over domain

     

    thanks

  • 0
    Avatar
    Lev Iurev

    @Ruben, do you want to secure mail or domain?

  • 0
    Avatar
    Ruben

    i want to secure my mail too. At this momment i have secure my domain with a certificate, but when i send a mail my mail sends sign with the default plesk certificate. I want to apply the domain certificate over emails of this domain.

     

    I have multiples domains and multiples certificates but i want to use the same certificate for the domain and its emails.

     

    regards

  • 0
    Avatar
    Lev Iurev

    Hi @Ruben, is the problem still actual?

Please sign in to leave a comment.