Checking when a SSL/TLS certificate for an email server expires

Dave | February 9, 2010

Check if the SSL/TLS certificate for SMTP email has expired on the local server

echo ‘”‘ | openssl s_client -connect localhost:25 -starttls smtp > /var/tmp/jik

depth=0 /C=GB/ST=Hampshire/L=Farnborough/O=Tuqix/CN=mail.tuqix.org
verify error:num=18:self signed certificate
verify return:1
depth=0 /C=GB/ST=Hampshire/L=Farnborough/O=Tuqix/CN=mail.tuqix.org
verify error:num=10:certificate has expired
notAfter=Feb  9 16:03:39 2010 GMT
verify return:1
depth=0 /C=GB/ST=Hampshire/L=Farnborough/O=Tuqix/CN=mail.tuqix.org
notAfter=Feb  9 16:03:39 2010 GMT
verify return:1
250 DSN
DONE
-  As you can see it has! After making a new one with genken –days 1825 mail.tuqix.org  and restarting dovecot ; service dovecot restart:-
-bash-3.2# echo ‘”‘ | openssl s_client -connect localhost:25 -starttls smtp > /var/tmp/jik
depth=0 /C=GB/ST=Hampshire/L=Farnborough/O=Tuqix/CN=mail.tuqix.org
verify error:num=18:self signed certificate
verify return:1
depth=0 /C=GB/ST=Hampshire/L=Farnborough/O=Tuqix/CN=mail.tuqix.org
verify return:1
250 DSN

Comments
1 Comment »
Categories
Centos, Email, Linux
Comments rss Comments rss
Trackback Trackback

Setting up email on a Linux VPS server

Dave | February 10, 2009

Email

In my previous blogs I have documented getting my Linux VPS server and installing Wordpress blogging software. Next comes email.

There are really two parts – the sending and receiving of emails at the server level and the reading and sending emails from the desktop client. I will alos setup Webmail sometime in the future.

For the server the two most popular *IX  MTAs are Sendmail and Postfix , with Sendmail being the standard on Unix servers and Postfix the standard on Linux servers. I choose Postfix as I’ve exclusively used Sendmail in the past and I wanted to see what it was like.

As for the client reading and sending emails I decided to use Dovecot which has become very popular at providing POP3 and IMAP services.

I wanted to avoid connecting to the server with plain text passwords and so TLS was to be used for encryption and  SASL for authentication.

There are two excellent Wiki entries for setting up Postfix , Dovecot and SASL/TLS on Centos.

Setup basic Postfix and Dovecot first ( the only thing extra I had to do was a chown -R user /home/user/Maildir in section 3.3 )

Once the above works then do the  SASL/TLS setup

If you have a firewall setup or are using the Centos system-config-securitylevel like me then you need to allow ports 993 and 995 for the encrypted versions of imap and pop3.

I ran the system-config-securitylevel command – customize and added the above ports.

Future things to do are to install a Spam control system and a Webmail application.

Comments
No Comments »
Categories
Email, VPS server
Comments rss Comments rss
Trackback Trackback