How to verify SSL certificates with OpenSSL on Command Line

Modified on Thu, 21 Oct, 2021 at 1:46 PM

To make sure that you have installed the SSL certificate correctly, we have have compiled a cheatsheet with OpenSSL commands to verify that multiple protocols use the correct certificate.



Enter the domain you want to check here: {INPUT:servername|server.yourwebhoster.eu}
Your domain will get updated in the commands below.



Test FTP certificate

openssl s_client -connect {VAR:servername}:21 -starttls ftp

Test POP3 certificate

openssl s_client -connect {VAR:servername}:995

Test IMAP certificate

openssl s_client -connect {VAR:servername}:993

Test SMTP SSL certificate

openssl s_client -connect {VAR:servername}:465

Test SMTP TLS certificate

openssl s_client -connect {VAR:servername}:587 -starttls smtp

Test HTTPS certificate

openssl s_client -connect {VAR:servername}:443

Test DirectAdmin certificate

openssl s_client -connect {VAR:servername}:2222


Tip: Add the following to extract the certificate expiry date from the server.

2>/dev/null | openssl x509 -noout -dates

How to verify SSL certificates with SNI (Server Name Indication) using OpenSSL

Using SNI with OpenSSL is easy. Just add the -servername flag and you are good to go. Replace in the examples below mail.domain.com with the SNI name. Note: you can also use the SNI name to replace server.yourwebhoster.eu with.

Test FTP certificate

openssl s_client -connect {VAR:servername}:21 -starttls ftp -servername {VAR:servername}

Test POP3 certificate

openssl s_client -connect {VAR:servername}:995 -servername {VAR:servername}

Test IMAP certificate

openssl s_client -connect {VAR:servername}:993 -servername {VAR:servername}

Test SMTP SSL certificate

openssl s_client -connect {VAR:servername}:465 -servername {VAR:servername}

Test SMTP TLS certificate

openssl s_client -connect {VAR:servername}:587 -starttls smtp -servername {VAR:servername}

Test HTTPS certificate

openssl s_client -connect {VAR:servername}:443 -servername {VAR:servername}

Test DirectAdmin certificate

openssl s_client -connect {VAR:servername}u:2222 -servername {VAR:servername}

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article