cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Cisco Secure Email Support Community

Product Support Talos Support Cisco Support Reference + Current Release
Gateway Reputation Lookup Open a support case Secure Email Guided Setup
Gateway: 14.0.0-698
Cloud Gateway Email Status Portal Support & Downloads docs.ces.cisco.com
Email and Web Manager: 14.0.0-404
Email and Web Manager Web & Email Reputation Worldwide Contacts Product Naming Quick Reference
Reporting Plug-in: 1.1.0.136
Encryption Bug Search
Encryption Plug-in: 1.2.1.167
Cloud Mailbox Notification Service
Outlook Add-in(s): More info

575
Views
0
Helpful
4
Replies
AndrewR_ironport
Beginner

Checking Remote TLS?

We've just set up TLS on our C350's and have had a few hosts failing to verify when sending to them (currently set to prefer-verify). One of the hosts is MessageLabs, who I would have thought would be competent enough to put a proper SSL in place!

Is there any way to connect to them, request it and see what the cert actually is? Or alternatively a better way? The logs say there's a self signed certificate in the chain..

4 REPLIES 4
kyerramr
Beginner

Outside the scope of IronPort, you could use openssl utility and connect to the Message labs MTA and issue starttls. This should give you the complete chain of the cert and show if it is incorrectly chained or cannot be validated.

-Kishore

meyd45_ironport
Beginner

Try something like:

openssl s_client -starttls smtp -crlf -showcerts -connect cluster6a.eu.messagelabs.com:25

J.

steven_geerts
Beginner

this Forum is gaining in usefulness every time!

i was seeking for the SSL test syntax for a long time but did not manage to find it. (maybe that says something about my "google capacities" )

thanks for posting this!

Steven

Andrew Wurster
Beginner

Steven -

This would be an awesome feature to request on our ESA's with the help of your Cisco IronPort sales account team! +1 for a good idea.

Cheers!

Andrew

Content for Community-Ad