Today I was trying to figure out how to check the expiration time of an SMTP certificate, to verify that after installing a new certificate the mail server was picking up the right certificate. What I came up with is:

SERVERNAME=mail.example.com
printf 'quit\n' | openssl s_client -connect $SERVERNAME:25 -starttls smtp | openssl x509 -enddate -noout

Just for completeness sake, checking it on a web server can be done with:

SERVERNAME=www.example.com
printf 'GET /\n\n' | openssl s_client -connect $SERVERNAME:443 | openssl x509 -enddate -noout

comments powered by Disqus