Category

TLS

How to verify that Mail SNI (Domain SNI) SSL/TLS for IMAP/POP3/SMTP works in cPanel and a proper certificate is installed

By | cPanel, IMAP, POP3, SMTP, SSL Certificate, TLS | No Comments

Issue

Cannot verify that Mail SNI (Domain SNI) SSL/TLS for IMAP/POP3/SMTP works in cPanel and a proper certificate is installed.

Resolution

To verify SSL please use the following commands:

1 – IMAP via SSL uses 993 port by default:

a. Connect to mail server using openssl:

openssl s_client -servername maildomain.com -connect maildomain.com:993

b. Check output and make sure that valid certificate is shown:

Server certificate
subject=/OU=Domain Control Validated/OU=EssentialSSL Wildcard/CN=mail.example.com
issuer=/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA

c. Make sure that you received IMAP server response:

* OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA AUTH=CRAM-MD5 AUTH=PLAIN IDLE ACL ACL2=UNION] Courier-IMAP ready. Copyright 1998-2004 Double Precision, Inc.  See COPYING for distribution information.

2 – POP3 via SSL uses 995 port by default:

a. connect to mail server using openssl:

openssl s_client -servername maildomain.com -connect maildomain.com:995

b. Check output and make sure that valid certificate is shown:

Server certificate
subject=/OU=Domain Control Validated/OU=EssentialSSL Wildcard/CN=mail.example.com
issuer=/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA

c. Make sure that you received POP3 server response:

+OK Hello there. <1793.1385684315@localhost.localdomain>

3 – SMTP via SSL uses 465 port by default:

a. connect to mail server using openssl:

openssl s_client -servername maildomain.com -connect maildomain.com:465

b. Check output and make sure that valid certificate is shown:

Server certificate
subject=/OU=Domain Control Validated/OU=EssentialSSL Wildcard/CN=mail.example.com
issuer=/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA

c. Make sure that you received SMTP server response:

220 mail.example.com ESMTP Postfix