Using openssl instead of telnet to test HTTPS, POP3S connections

From lxadm | Linux administration tips, tutorials, HOWTOs and articles
Jump to: navigation, search

SSL is being used more often than plain text connections, so the usual testing with telnet may not work anymore.

Fortunately, it's possible to use openssl command to test webservers, POP3S/IMAPS/SMTPS mailserver, FTPS servers etc. which use SSL.

Testing HTTPS[edit]

$ openssl s_client -quiet -connect example.com:443 
(...some certificate debugging will be displayed here...)
(...after that, use the normal commands you would use in a telnet connection to port 80...)
GET / HTTP/1.1
Host: example.com


Testing SSMTP / SMTPS[edit]

$ openssl s_client -quiet -connect mail.yourserver.tld:485
(...some certificate debugging will be displayed here...)
(...after that, use the normal commands you would use in a telnet connection to port 25...)
220 mail.yourserver.tld
HELO your-name
250 remote-server
MAIL FROM:<me@example.com>
250 2.1.0 Ok
RCPT TO:<tch@example.com>


Or, to test TLS on port 25:

$ openssl s_client -quiet -starttls smtp -connect mail.yourserver.tld:25


Testing IMAP on port 143[edit]

Note the "-starttls imap" added to the command line - this one shows an expired certificate:

$ openssl s_client -quiet -starttls imap -connect mail.yourserver.tld:143
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
depth=0 CN = mail.yourserver.tld
verify error:num=10:certificate has expired
notAfter=Sep 21 09:07:00 2016 GMT
verify return:1
depth=0 CN = mail.yourserver.tld
notAfter=Sep 21 09:07:00 2016 GMT
verify return:1
. OK Completed