Hi,
Ok. Now lets switch to another scenario where a non-default email client (=NOT Thunderbird) want to send emails through stunnel to the remote mail server. Everything is setup in stunnel.conf and propriatary email client. But how do I get the remote server certificate (for stunnel)?
With openssl? For example (with verification over a pre-installed certificate store):
openssl s_client -connect posteo.de:587 -starttls smtp -verify 3 -CApath /etc/ssl/certs/
verify depth is 3 depth=2 C = IL, O = StartCom Ltd., OU = Secure Digital Certificate Signing, CN = StartCom Certification Authority verify return:1 depth=1 C = IL, O = StartCom Ltd., OU = Secure Digital Certificate Signing, CN = StartCom Class 3 Primary Intermediate Server CA verify return:1 depth=0 description = maUx6h6atcFx0LEi, C = DE, ST = Berlin, L = Berlin, O = Posteo e.K., CN = *.posteo.de, emailAddress = postmaster@posteo.de verify return:1 --- Certificate chain 0 s:/description=maUx6h6atcFx0LEi/C=DE/ST=Berlin/L=Berlin/O=Posteo e.K./CN=*.posteo.de/emailAddress=postmaster@posteo.de i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Class 3 Primary Intermediate Server CA 1 s:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Class 3 Primary Intermediate Server CA i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Certification Authority --- Server certificate -----BEGIN CERTIFICATE----- ^^^ what you can store as the server certificate for stunnel.
Or without verification:
openssl s_client -connect posteo.de:587 -starttls smtp