From be8bbdb9787044a0d9cec45dfa03f0e78de7e47a Mon Sep 17 00:00:00 2001 From: Raphael Date: Sat, 7 Jan 2023 13:22:32 +0100 Subject: [PATCH] Improve certificate debug commands (#513) * Improve certificate debug commands Simplify. Distinguish TLS & STARTTLS commands. Show additional SAN. * Improve certificate debug commands Simplify. Distinguish TLS & STARTTLS commands. Show additional SAN. --- docs/post_installation/firststeps-ssl.de.md | 16 +++++++++++----- docs/post_installation/firststeps-ssl.en.md | 16 +++++++++++----- 2 files changed, 22 insertions(+), 10 deletions(-) diff --git a/docs/post_installation/firststeps-ssl.de.md b/docs/post_installation/firststeps-ssl.de.md index 0fb488b6c..4f626dc5f 100644 --- a/docs/post_installation/firststeps-ssl.de.md +++ b/docs/post_installation/firststeps-ssl.de.md @@ -154,12 +154,18 @@ Um zu überprüfen, ob nginx das richtige Zertifikat verwendet, benutzen Sie ein Um das von Postfix, Dovecot und Nginx verwendete Zertifikat zu überprüfen, verwenden wir `openssl`: ``` -# Verbindung über SMTP (587) -echo "Q" | openssl s_client -starttls smtp -crlf -connect mx.mailcow.email:587 -# Verbindung über IMAP (143) -echo "Q" | openssl s_client -starttls imap -showcerts -connect mx.mailcow.email:143 +# Verbindung über SMTP STARTTLS (587) +openssl s_client -starttls smtp -connect MAILCOW_HOSTNAME:587 | openssl x509 -noout -text +# Verbindung über SMTP (465) +openssl s_client -connect MAILCOW_HOSTNAME:465 | openssl x509 -noout -text + +# Verbindung über IMAP STARTTLS (143) +openssl s_client -starttls imap -connect MAILCOW_HOSTNAME:143 | openssl x509 -noout -text +# Verbindung über IMAP (993) +openssl s_client -connect MAILCOW_HOSTNAME:993 | openssl x509 -noout -text + # Verbindung über HTTPS (443) -echo "Q" | openssl s_client -connect mx.mailcow.email:443 +openssl s_client -connect MAILCOW_HOSTNAME:443 | openssl x509 -noout -text ``` Um die von openssl zurückgegebenen Verfallsdaten gegen MAILCOW_HOSTNAME zu validieren, können Sie unser Hilfsskript verwenden: diff --git a/docs/post_installation/firststeps-ssl.en.md b/docs/post_installation/firststeps-ssl.en.md index d834d5827..3bcaf7a2f 100644 --- a/docs/post_installation/firststeps-ssl.en.md +++ b/docs/post_installation/firststeps-ssl.en.md @@ -154,12 +154,18 @@ To check if nginx serves the correct certificate, simply use a browser of your c To check the certificate served by Postfix, Dovecot and Nginx we will use `openssl`: ``` -# Connect via SMTP (587) -echo "Q" | openssl s_client -starttls smtp -crlf -connect mx.mailcow.email:587 -# Connect via IMAP (143) -echo "Q" | openssl s_client -starttls imap -showcerts -connect mx.mailcow.email:143 +# Connect via SMTP STARTTLS (587) +openssl s_client -starttls smtp -connect MAILCOW_HOSTNAME:587 | openssl x509 -noout -text +# Connect via SMTP (465) +openssl s_client -connect MAILCOW_HOSTNAME:465 | openssl x509 -noout -text + +# Connect via IMAP STARTTLS (143) +openssl s_client -starttls imap -connect MAILCOW_HOSTNAME:143 | openssl x509 -noout -text +# Connect via IMAP (993) +openssl s_client -connect MAILCOW_HOSTNAME:993 | openssl x509 -noout -text + # Connect via HTTPS (443) -echo "Q" | openssl s_client -connect mx.mailcow.email:443 +openssl s_client -connect MAILCOW_HOSTNAME:443 | openssl x509 -noout -text ``` To validate the expiry dates as returned by openssl against MAILCOW_HOSTNAME, you are able to use our helper script: