Checking ssl/tls services with openssl

Status of various ssl/tls services can be easily checked with openssl command s_client.

POP3s check:

openssl s_client -no_tls1 -connect pop.gmail.com:995

SMTP – TLS check:

openssl s_client -starttls smtp -connect smtp.gmail.com:25

HTTPS:

openssl s_client -connect mail.google.com:443

This can be used for monitoring services with zabbix using external check (script):

#!/bin/bash

if [ -z $1 ]; then echo 0;
exit 1;
fi

server=$1;

echo "quit" | openssl s_client -quiet -no_tls1 -connect $server:995 2> /dev/null | grep "+OK" | wc -l &
sleep 3;
openssl_pid=`ps aux | grep "openssl s_client -quiet -no_tls1 -connect $server" | awk {'print $2'}`
if [ -n "$openssl_pid" ]; then
kill $openssl_pid 2> /dev/null
fi

Leave a Reply

Your email address will not be published. Required fields are marked *