Sometimes, after SSL certificate installation or renewal we need to verify whether it works and installed properly. If the SSL was installed on the web server, to verify it we can use https://www.sslshopper.com/ssl-checker.html
But what if SSL certificate was installed on the mail server? In this case we can use openssl to verify.
First of all SSH to any server which has openssl installed.
To verify SSL use the following commands:
1. SMTP via SSL uses 465 port by default:
– Connect to mail server using openssl :
openssl s_client -showcerts -connect ns72.small-dns.com:465
– Check output and make sure that valid certificate is shown:
CONNECTED(00000003)
depth=2 C = BE, O = GlobalSign nv-sa, OU = Root CA, CN = GlobalSign Root CA
verify return:1
depth=1 C = BE, O = GlobalSign nv-sa, CN = AlphaSSL CA - SHA256 - G2
verify return:1
depth=0 OU = Domain Control Validated, CN = *.small-dns.com
verify return:1
---
Certificate chain
0 s:/OU=Domain Control Validated/CN=*.small-dns.com
i:/C=BE/O=GlobalSign nv-sa/CN=AlphaSSL CA - SHA256 - G2
-----BEGIN CERTIFICATE-----
MIIITzCCBzegAwIBAgIMGnK29S7RVS3P+FDIMA0GCSqGSIb3DQEBCwUAMEwxCzAJ
BgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMSIwIAYDVQQDExlB
bHBoYVNTTCBDQSAtIFNIQTI1NiAtIEcyMB4XDTE2MTAwNzAxMzgxN1oXDTE4MTEw
NzE0NTU0M1owPTEhMB8GA1UECxMYRG9tYWluIENvbnRyb2wgVmFsaWRhdGVkMRgw
FgYDVQQDDA8qLnNtYWxsLWRucy5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw
ggIKAoICAQDcYXLn88u4DLSVMAqOKE6/NLJjhTsAela06pn5II7q62CJ1ySwY/HN
0BDzkwTVw+BEFSr/6kYPlXUYIgh3UZz5Fp1lRvVc78HbD4nwP8ZkTpfz9zTlAgkj
6yx/8w/JoTfBopgscm63TtbCGqWlodkF/SylbqmjBt40X9LupaNiNnB4vXDI7/dg
2Hg/xCYMtXWFRjYFrKMcj4KTDsgnAzddeUC91Tw3o54Ujy0Po9faZc63BuG5tQfv
Er2BVihDyyb8IoP47/nl8N3M74sBfHSVeyP9Xgr7VeKhRN3i7vY4nhV0kEOS7u2h
0pZwHbDx3ffcv0I1n581tCzb5M4vlXl9kpw23UIn77qWqzO2e8t4g7f9q7YUIJSS
O/6zO44lwlQq/Q0nSVCPj7fdjsj2yF1jqXDs7Q9Hkj+5rIeVWucGmdiKMOSr0lTT
PauMaUwXXQ4Qs4WEsl5fVs86/tKHFzE4l21svrWwNZmjIuuxAVSchEqoR/uTdcwI
Q929+JXm4vc/E2jey1oVcUTftio44iS11VJrrfQhI2sgwroOZcaZLZF6m6Jh5LGq
jgI6rXihNB7c5wuf5IWeodMDYHPCpcdsW2jK1HcNoV89YSAq8i+RsoI/bBXIqwbL
g/S0rGRxv01/qCSDto+Byr7wISEgDwOIQxwPkTxYmrA56mTYePyGcwIDAQABo4IE
PjCCBDowDgYDVR0PAQH/BAQDAgWgMIGJBggrBgEFBQcBAQR9MHswQgYIKwYBBQUH
MAKGNmh0dHA6Ly9zZWN1cmUyLmFscGhhc3NsLmNvbS9jYWNlcnQvZ3NhbHBoYXNo
YTJnMnIxLmNydDA1BggrBgEFBQcwAYYpaHR0cDovL29jc3AyLmdsb2JhbHNpZ24u
Y29tL2dzYWxwaGFzaGEyZzIwVwYDVR0gBFAwTjBCBgorBgEEAaAyAQoKMDQwMgYI
KwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkv
MAgGBmeBDAECATAJBgNVHRMEAjAAMD4GA1UdHwQ3MDUwM6AxoC+GLWh0dHA6Ly9j
cmwyLmFscGhhc3NsLmNvbS9ncy9nc2FscGhhc2hhMmcyLmNybDApBgNVHREEIjAg
gg8qLnNtYWxsLWRucy5jb22CDXNtYWxsLWRucy5jb20wHQYDVR0lBBYwFAYIKwYB
BQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBTwkV4smGCnAds1Mc00acS3CnN0LzAf
BgNVHSMEGDAWgBT1zdU8CFD5ak86t5faVoPmadJo9zCCAmwGCisGAQQB1nkCBAIE
ggJcBIICWAJWAHUA3esdK3oNT6Ygi4GtgWhwfi6OnQHVXIiNPRHEzbbsvswAAAFX
nMp9uAAABAMARjBEAiBkwR4yjlWaNcXKoS3QGGdMB5zOtBwAjVnqjDEYTF725wIg
dtF1mcLZt8BMh/MjqxB0SYIJvMvHSIj2IbeiwUMcXCkAdQBWFAaaL9fC7NP14b1E
sj7HRna5vJkRXMDvlJhV1onQ3QAAAVecyoBTAAAEAwBGMEQCIF+b49isWh/3KRwv
TwHW06iAnxznipP+kZXNVrSDDqKgAiBVOQkr/T395IPCfgU66Uh4y1e/tSQg7gjG
SrpXsitUNQB2AGj2mPgfZIK+OozuuSgdTPxxUV1nk9RE0QpnrLtPT/vEAAABV5zK
gJ0AAAQDAEcwRQIhAOGGG/i+LuR2e71mj1+1KexRPhDuw+smAuMpRr2GMY8OAiAF
K1M4FEFWhNZTm9M8P8lPhnwklIJGV7ByYVlSPeh5QAB2AKS5CZC0GFgUh7sTosxn
cAo8NZgE+RvfuON3zQ7IDdwQAAABV5zKgNYAAAQDAEcwRQIgM+/sROfaMMu+q++S
6O+najOgrXpGWvXjJ9vX6SAosgACIQDkjNWj6CQJ3K8Cj0Zmsc1ho2PvC2BitS2n
kHqRJwQ/JwB2AO5Lvbd1zmC64UJpH6vhnmajD35fsHLYgwDEe4l6qP3LAAABV5zK
g84AAAQDAEcwRQIhAKkY3+SHIBQgDnXfw0gGJgh5UfxYMxfGKggRFD5H8NolAiBr
yq7S/e+YREKIwEHukHPjmEk9dB4X26JA1CQ5adRFLzANBgkqhkiG9w0BAQsFAAOC
AQEAVgyjEA6J8FrexBrhcdSgEIP/FCNlRhiHllyWCO//JiwGj2eFhtW4JwuhAQes
Sso4Rc2Dm4z+g63PaXO1wYXG7xjvvHr+7Ek/Ajnzrz/6g5q8fyyIDEXCXn9Tu++w
C4tIM8dCQFDBGXrJpBjGV0mh/mPw0JEIuSd9AVcNq8WubEHPSh36uQEA8YuP83h+
l7TPkeEi4rIh1iY0jg+tFtVWUm4TGzH+EbqFIYS9RyYzP4wxP9H9JBdYboGYYFa0
c84L0a1+akYQ7kV+A7wBmyJlwHq+D0s+8K12cEs03uA6xbJdv1IQ+AInQX9b3Rcx
izp1LPolit+3Ix/xkiFYPBpwKg==
-----END CERTIFICATE-----
1 s:/C=BE/O=GlobalSign nv-sa/CN=AlphaSSL CA - SHA256 - G2
i:/C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA
-----BEGIN CERTIFICATE-----
MIIETTCCAzWgAwIBAgILBAAAAAABRE7wNjEwDQYJKoZIhvcNAQELBQAwVzELMAkG
A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xNDAyMjAxMDAw
MDBaFw0yNDAyMjAxMDAwMDBaMEwxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i
YWxTaWduIG52LXNhMSIwIAYDVQQDExlBbHBoYVNTTCBDQSAtIFNIQTI1NiAtIEcy
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2gHs5OxzYPt+j2q3xhfj
kmQy1KwA2aIPue3ua4qGypJn2XTXXUcCPI9A1p5tFM3D2ik5pw8FCmiiZhoexLKL
dljlq10dj0CzOYvvHoN9ItDjqQAu7FPPYhmFRChMwCfLew7sEGQAEKQFzKByvkFs
MVtI5LHsuSPrVU3QfWJKpbSlpFmFxSWRpv6mCZ8GEG2PgQxkQF5zAJrgLmWYVBAA
cJjI4e00X9icxw3A1iNZRfz+VXqG7pRgIvGu0eZVRvaZxRsIdF+ssGSEj4k4HKGn
kCFPAm694GFn1PhChw8K98kEbSqpL+9Cpd/do1PbmB6B+Zpye1reTz5/olig4het
ZwIDAQABo4IBIzCCAR8wDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8C
AQAwHQYDVR0OBBYEFPXN1TwIUPlqTzq3l9pWg+Zp0mj3MEUGA1UdIAQ+MDwwOgYE
VR0gADAyMDAGCCsGAQUFBwIBFiRodHRwczovL3d3dy5hbHBoYXNzbC5jb20vcmVw
b3NpdG9yeS8wMwYDVR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5nbG9iYWxzaWdu
Lm5ldC9yb290LmNybDA9BggrBgEFBQcBAQQxMC8wLQYIKwYBBQUHMAGGIWh0dHA6
Ly9vY3NwLmdsb2JhbHNpZ24uY29tL3Jvb3RyMTAfBgNVHSMEGDAWgBRge2YaRQ2X
yolQL30EzTSo//z9SzANBgkqhkiG9w0BAQsFAAOCAQEAYEBoFkfnFo3bXKFWKsv0
XJuwHqJL9csCP/gLofKnQtS3TOvjZoDzJUN4LhsXVgdSGMvRqOzm+3M+pGKMgLTS
xRJzo9P6Aji+Yz2EuJnB8br3n8NA0VgYU8Fi3a8YQn80TsVD1XGwMADH45CuP1eG
l87qDBKOInDjZqdUfy4oy9RU0LMeYmcI+Sfhy+NmuCQbiWqJRGXy2UzSWByMTsCV
odTvZy84IOgu/5ZR8LrYPZJwR2UcnnNytGAMXOLRc3bgr07i5TelRS+KIz6HxzDm
MTh89N1SyvNTBCVXVmaU6Avu5gMUTu79bZRknl7OedSyps9AsUSoPocZXun4IRZZ
Uw==
-----END CERTIFICATE-----
---
Server certificate
subject=/OU=Domain Control Validated/CN=*.small-dns.com
issuer=/C=BE/O=GlobalSign nv-sa/CN=AlphaSSL CA - SHA256 - G2
---
No client certificate CA names sent
Server Temp Key: ECDH, prime256v1, 256 bits
---
SSL handshake has read 4154 bytes and written 373 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 4096 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: 76FCE2F6EEABBAD67549AC79D7A24E5516A8B6EDB71305530E5ACC26766A87D3
Session-ID-ctx:
Master-Key: 806D0D10420E2B2C74538F025278041E414B18CF1E67829646AD62B1683A5A2001900B45388CC18F0AA83B99EFB255B4
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
TLS session ticket lifetime hint: 200 (seconds)
TLS session ticket:
0000 - 34 ca 21 c1 e3 d4 7d 8f-40 d2 3a 26 94 7c b2 77 4.!...}.@.:&.|.w
0010 - 9a 06 5b bf fa 34 ec d3-81 27 59 89 82 b8 0c 42 ..[..4...'Y....B
0020 - f0 16 6f a6 4e a9 4b 24-57 a9 f3 07 7c 98 b9 c3 ..o.N.K$W...|...
0030 - 2d da 83 34 67 0a 28 4b-e3 a7 e9 49 c2 10 df 66 -..4g.(K...I...f
0040 - bd a8 6b 51 b2 04 df d8-32 27 88 72 e1 1c 13 14 ..kQ....2'.r....
0050 - 87 a4 3c 7e bd 25 f5 b9-91 0e ae 21 75 fc cf cf ..<~.%.....!u...
0060 - 6e c5 39 95 59 2d 43 3d-0b 32 cd 06 e2 d3 18 9d n.9.Y-C=.2......
0070 - c4 97 92 04 3b 83 76 26-a5 4a a9 14 9f 6f e7 b2 ....;.v&.J...o..
0080 - 93 e7 34 35 cb 85 26 e2-bc e9 f4 58 c4 ee 35 de ..45..&....X..5.
0090 - 28 0c 6a 97 aa 71 a0 05-1a 5c 0e de 2f de 10 4e (.j..q...\../..N
Start Time: 1507014578
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
220 NS72-A.small-dns.com ESMTP Exim 4.89 Tue, 03 Oct 2017 15:09:38 +0800
- Make sure that you received SMTP server response:
220 NS72-A.small-dns.com ESMTP Exim 4.89 Fri, 29 Sep 2017 17:38:23 +0800
2. IMAP via SSL uses 993 port by default:
- Connect to mail server using openssl :
openssl s_client -showcerts -connect ns72.small-dns.com:993
- Check output and make sure that valid certificate (same as for SMTP)
- Make sure that you received IMAP server response:
CONNECTED(00000003)
depth=2 C = BE, O = GlobalSign nv-sa, OU = Root CA, CN = GlobalSign Root CA
verify return:1
depth=1 C = BE, O = GlobalSign nv-sa, CN = AlphaSSL CA - SHA256 - G2
verify return:1
depth=0 OU = Domain Control Validated, CN = *.small-dns.com
verify return:1
---
Certificate chain
0 s:/OU=Domain Control Validated/CN=*.small-dns.com
i:/C=BE/O=GlobalSign nv-sa/CN=AlphaSSL CA - SHA256 - G2
-----BEGIN CERTIFICATE-----
MIIITzCCBzegAwIBAgIMGnK29S7RVS3P+FDIMA0GCSqGSIb3DQEBCwUAMEwxCzAJ
BgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMSIwIAYDVQQDExlB
bHBoYVNTTCBDQSAtIFNIQTI1NiAtIEcyMB4XDTE2MTAwNzAxMzgxN1oXDTE4MTEw
NzE0NTU0M1owPTEhMB8GA1UECxMYRG9tYWluIENvbnRyb2wgVmFsaWRhdGVkMRgw
FgYDVQQDDA8qLnNtYWxsLWRucy5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw
ggIKAoICAQDcYXLn88u4DLSVMAqOKE6/NLJjhTsAela06pn5II7q62CJ1ySwY/HN
0BDzkwTVw+BEFSr/6kYPlXUYIgh3UZz5Fp1lRvVc78HbD4nwP8ZkTpfz9zTlAgkj
6yx/8w/JoTfBopgscm63TtbCGqWlodkF/SylbqmjBt40X9LupaNiNnB4vXDI7/dg
2Hg/xCYMtXWFRjYFrKMcj4KTDsgnAzddeUC91Tw3o54Ujy0Po9faZc63BuG5tQfv
Er2BVihDyyb8IoP47/nl8N3M74sBfHSVeyP9Xgr7VeKhRN3i7vY4nhV0kEOS7u2h
0pZwHbDx3ffcv0I1n581tCzb5M4vlXl9kpw23UIn77qWqzO2e8t4g7f9q7YUIJSS
O/6zO44lwlQq/Q0nSVCPj7fdjsj2yF1jqXDs7Q9Hkj+5rIeVWucGmdiKMOSr0lTT
PauMaUwXXQ4Qs4WEsl5fVs86/tKHFzE4l21svrWwNZmjIuuxAVSchEqoR/uTdcwI
Q929+JXm4vc/E2jey1oVcUTftio44iS11VJrrfQhI2sgwroOZcaZLZF6m6Jh5LGq
jgI6rXihNB7c5wuf5IWeodMDYHPCpcdsW2jK1HcNoV89YSAq8i+RsoI/bBXIqwbL
g/S0rGRxv01/qCSDto+Byr7wISEgDwOIQxwPkTxYmrA56mTYePyGcwIDAQABo4IE
PjCCBDowDgYDVR0PAQH/BAQDAgWgMIGJBggrBgEFBQcBAQR9MHswQgYIKwYBBQUH
MAKGNmh0dHA6Ly9zZWN1cmUyLmFscGhhc3NsLmNvbS9jYWNlcnQvZ3NhbHBoYXNo
YTJnMnIxLmNydDA1BggrBgEFBQcwAYYpaHR0cDovL29jc3AyLmdsb2JhbHNpZ24u
Y29tL2dzYWxwaGFzaGEyZzIwVwYDVR0gBFAwTjBCBgorBgEEAaAyAQoKMDQwMgYI
KwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkv
MAgGBmeBDAECATAJBgNVHRMEAjAAMD4GA1UdHwQ3MDUwM6AxoC+GLWh0dHA6Ly9j
cmwyLmFscGhhc3NsLmNvbS9ncy9nc2FscGhhc2hhMmcyLmNybDApBgNVHREEIjAg
gg8qLnNtYWxsLWRucy5jb22CDXNtYWxsLWRucy5jb20wHQYDVR0lBBYwFAYIKwYB
BQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBTwkV4smGCnAds1Mc00acS3CnN0LzAf
BgNVHSMEGDAWgBT1zdU8CFD5ak86t5faVoPmadJo9zCCAmwGCisGAQQB1nkCBAIE
ggJcBIICWAJWAHUA3esdK3oNT6Ygi4GtgWhwfi6OnQHVXIiNPRHEzbbsvswAAAFX
nMp9uAAABAMARjBEAiBkwR4yjlWaNcXKoS3QGGdMB5zOtBwAjVnqjDEYTF725wIg
dtF1mcLZt8BMh/MjqxB0SYIJvMvHSIj2IbeiwUMcXCkAdQBWFAaaL9fC7NP14b1E
sj7HRna5vJkRXMDvlJhV1onQ3QAAAVecyoBTAAAEAwBGMEQCIF+b49isWh/3KRwv
TwHW06iAnxznipP+kZXNVrSDDqKgAiBVOQkr/T395IPCfgU66Uh4y1e/tSQg7gjG
SrpXsitUNQB2AGj2mPgfZIK+OozuuSgdTPxxUV1nk9RE0QpnrLtPT/vEAAABV5zK
gJ0AAAQDAEcwRQIhAOGGG/i+LuR2e71mj1+1KexRPhDuw+smAuMpRr2GMY8OAiAF
K1M4FEFWhNZTm9M8P8lPhnwklIJGV7ByYVlSPeh5QAB2AKS5CZC0GFgUh7sTosxn
cAo8NZgE+RvfuON3zQ7IDdwQAAABV5zKgNYAAAQDAEcwRQIgM+/sROfaMMu+q++S
6O+najOgrXpGWvXjJ9vX6SAosgACIQDkjNWj6CQJ3K8Cj0Zmsc1ho2PvC2BitS2n
kHqRJwQ/JwB2AO5Lvbd1zmC64UJpH6vhnmajD35fsHLYgwDEe4l6qP3LAAABV5zK
g84AAAQDAEcwRQIhAKkY3+SHIBQgDnXfw0gGJgh5UfxYMxfGKggRFD5H8NolAiBr
yq7S/e+YREKIwEHukHPjmEk9dB4X26JA1CQ5adRFLzANBgkqhkiG9w0BAQsFAAOC
AQEAVgyjEA6J8FrexBrhcdSgEIP/FCNlRhiHllyWCO//JiwGj2eFhtW4JwuhAQes
Sso4Rc2Dm4z+g63PaXO1wYXG7xjvvHr+7Ek/Ajnzrz/6g5q8fyyIDEXCXn9Tu++w
C4tIM8dCQFDBGXrJpBjGV0mh/mPw0JEIuSd9AVcNq8WubEHPSh36uQEA8YuP83h+
l7TPkeEi4rIh1iY0jg+tFtVWUm4TGzH+EbqFIYS9RyYzP4wxP9H9JBdYboGYYFa0
c84L0a1+akYQ7kV+A7wBmyJlwHq+D0s+8K12cEs03uA6xbJdv1IQ+AInQX9b3Rcx
izp1LPolit+3Ix/xkiFYPBpwKg==
-----END CERTIFICATE-----
1 s:/C=BE/O=GlobalSign nv-sa/CN=AlphaSSL CA - SHA256 - G2
i:/C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA
-----BEGIN CERTIFICATE-----
MIIETTCCAzWgAwIBAgILBAAAAAABRE7wNjEwDQYJKoZIhvcNAQELBQAwVzELMAkG
A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xNDAyMjAxMDAw
MDBaFw0yNDAyMjAxMDAwMDBaMEwxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i
YWxTaWduIG52LXNhMSIwIAYDVQQDExlBbHBoYVNTTCBDQSAtIFNIQTI1NiAtIEcy
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2gHs5OxzYPt+j2q3xhfj
kmQy1KwA2aIPue3ua4qGypJn2XTXXUcCPI9A1p5tFM3D2ik5pw8FCmiiZhoexLKL
dljlq10dj0CzOYvvHoN9ItDjqQAu7FPPYhmFRChMwCfLew7sEGQAEKQFzKByvkFs
MVtI5LHsuSPrVU3QfWJKpbSlpFmFxSWRpv6mCZ8GEG2PgQxkQF5zAJrgLmWYVBAA
cJjI4e00X9icxw3A1iNZRfz+VXqG7pRgIvGu0eZVRvaZxRsIdF+ssGSEj4k4HKGn
kCFPAm694GFn1PhChw8K98kEbSqpL+9Cpd/do1PbmB6B+Zpye1reTz5/olig4het
ZwIDAQABo4IBIzCCAR8wDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8C
AQAwHQYDVR0OBBYEFPXN1TwIUPlqTzq3l9pWg+Zp0mj3MEUGA1UdIAQ+MDwwOgYE
VR0gADAyMDAGCCsGAQUFBwIBFiRodHRwczovL3d3dy5hbHBoYXNzbC5jb20vcmVw
b3NpdG9yeS8wMwYDVR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5nbG9iYWxzaWdu
Lm5ldC9yb290LmNybDA9BggrBgEFBQcBAQQxMC8wLQYIKwYBBQUHMAGGIWh0dHA6
Ly9vY3NwLmdsb2JhbHNpZ24uY29tL3Jvb3RyMTAfBgNVHSMEGDAWgBRge2YaRQ2X
yolQL30EzTSo//z9SzANBgkqhkiG9w0BAQsFAAOCAQEAYEBoFkfnFo3bXKFWKsv0
XJuwHqJL9csCP/gLofKnQtS3TOvjZoDzJUN4LhsXVgdSGMvRqOzm+3M+pGKMgLTS
xRJzo9P6Aji+Yz2EuJnB8br3n8NA0VgYU8Fi3a8YQn80TsVD1XGwMADH45CuP1eG
l87qDBKOInDjZqdUfy4oy9RU0LMeYmcI+Sfhy+NmuCQbiWqJRGXy2UzSWByMTsCV
odTvZy84IOgu/5ZR8LrYPZJwR2UcnnNytGAMXOLRc3bgr07i5TelRS+KIz6HxzDm
MTh89N1SyvNTBCVXVmaU6Avu5gMUTu79bZRknl7OedSyps9AsUSoPocZXun4IRZZ
Uw==
-----END CERTIFICATE-----
---
Server certificate
subject=/OU=Domain Control Validated/CN=*.small-dns.com
issuer=/C=BE/O=GlobalSign nv-sa/CN=AlphaSSL CA - SHA256 - G2
---
No client certificate CA names sent
Server Temp Key: ECDH, secp521r1, 521 bits
---
SSL handshake has read 4222 bytes and written 441 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 4096 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: 0103C8DF1AF009ACEB6E038DA9EF6260597D02544EDCA4A4C098CA495D696303
Session-ID-ctx:
Master-Key: 4EE0670EE866BF7347072BF17AEB625B48219E32150FF466030291EE74221EDFB9C34FB7D3685C6B66797D14107D5AFE
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - 89 54 30 9c 5c ee 7d 67-e9 42 11 23 02 2b c4 91 .T0.\.}g.B.#.+..
0010 - 5d 74 5b ae 64 11 f6 cc-7f c1 bc 7e 0f 16 61 66 ]t[.d......~..af
0020 - 97 34 20 26 44 25 c1 48-12 fd fc 86 4f 35 83 1a .4 &D%.H....O5..
0030 - f4 79 ac 03 6c 7a c4 50-7f 64 5e 33 15 0d f3 a3 .y..lz.P.d^3....
0040 - c1 fe f3 f1 8d 3c 74 c7-62 7f ed 26 40 34 2c 03 .....
3. POP3 via SSL uses 995 port by default:
- Perform the same steps as for IMAP but use port 995