To make sure that you have installed the SSL certificate correctly, we have have compiled a cheatsheet with OpenSSL commands to verify that multiple protocols use the correct certificate.



Enter the domain you want to check here: {INPUT:servername|server.yourwebhoster.eu}
Your domain will get updated in the commands below.



Test FTP certificate

openssl s_client -connect {VAR:servername}:21 -starttls ftp

Test POP3 certificate

openssl s_client -connect {VAR:servername}:995

Test IMAP certificate

openssl s_client -connect {VAR:servername}:993

Test SMTP SSL certificate

openssl s_client -connect {VAR:servername}:465

Test SMTP TLS certificate

openssl s_client -connect {VAR:servername}:587 -starttls smtp

Test HTTPS certificate

openssl s_client -connect {VAR:servername}:443

Test DirectAdmin certificate

openssl s_client -connect {VAR:servername}:2222


Tip: Add the following to extract the certificate expiry date from the server.

2>/dev/null | openssl x509 -noout -dates

How to verify SSL certificates with SNI (Server Name Indication) using OpenSSL

Using SNI with OpenSSL is easy. Just add the -servername flag and you are good to go. Replace in the examples below mail.domain.com with the SNI name. Note: you can also use the SNI name to replace server.yourwebhoster.eu with.

Test FTP certificate

openssl s_client -connect {VAR:servername}:21 -starttls ftp -servername {VAR:servername}

Test POP3 certificate

openssl s_client -connect {VAR:servername}:995 -servername {VAR:servername}

Test IMAP certificate

openssl s_client -connect {VAR:servername}:993 -servername {VAR:servername}

Test SMTP SSL certificate

openssl s_client -connect {VAR:servername}:465 -servername {VAR:servername}

Test SMTP TLS certificate

openssl s_client -connect {VAR:servername}:587 -starttls smtp -servername {VAR:servername}

Test HTTPS certificate

openssl s_client -connect {VAR:servername}:443 -servername {VAR:servername}

Test DirectAdmin certificate

openssl s_client -connect {VAR:servername}u:2222 -servername {VAR:servername}