05-19-2009 04:13 PM
We've just set up TLS on our C350's and have had a few hosts failing to verify when sending to them (currently set to prefer-verify). One of the hosts is MessageLabs, who I would have thought would be competent enough to put a proper SSL in place!
Is there any way to connect to them, request it and see what the cert actually is? Or alternatively a better way? The logs say there's a self signed certificate in the chain..
05-26-2009 08:38 AM
Outside the scope of IronPort, you could use openssl utility and connect to the Message labs MTA and issue starttls. This should give you the complete chain of the cert and show if it is incorrectly chained or cannot be validated.
-Kishore
06-24-2009 10:35 AM
Try something like:
openssl s_client -starttls smtp -crlf -showcerts -connect cluster6a.eu.messagelabs.com:25
J.
06-27-2009 11:40 PM
this Forum is gaining in usefulness every time!
i was seeking for the SSL test syntax for a long time but did not manage to find it. (maybe that says something about my "google capacities" )
thanks for posting this!
Steven
07-11-2009 01:01 AM
Steven -
This would be an awesome feature to request on our ESA's with the help of your Cisco IronPort sales account team! +1 for a good idea.
Cheers!
Andrew
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: