Manually checking the certificate used for ftps on port 21


Enter Your Query:
Use '%' for wildcards and quotes for "exact phrases"


Top Level » Ftp

Manually checking the certificate used for ftps on port 21Last Modified: Oct 31, 2019, 2:57 pm
As more ftp clients are requiring valid certificates for ftps servers, you might need to view inside the certificate to see what's currently set.  You can do this by running the following command for your hostname:

openssl s_client -connect server.hostname.com:21 -starttls ftp -servername server.hostname.com

The "CN" value, or "Common Name" will be the current host value set inside the certificate.
You'll be looking for the subject *after* the certificate output, so in the case of our mail server, we have a wildcard, so the imporant bits would look like:

-----END CERTIFICATE-----
subject=/OU=Domain Control Validated/CN=*.server.hostname.com



Once run, you'll actually be connected to the remote server, so to leave, just type:

QUIT

to exit the current FTPS session.

If it's a self-signed certificate, you'll see this in the "SSL-Session:" header:

   Verify return code: 18 (self signed certificate)


Note, the "-servername" is used to specify the ssl host, if your exim is running SNI to allow for multiple certificates.

© 2018 JBMC Software, Suite 173  3-11 Bellerose Drive, St Albert, AB  T8N 1P7  Canada.  Mon-Fri 9AM-5PM MST