메일 서비스의 현재 인증서를 확인하려면 Linux 명령줄을 사용하여 요청해야 합니다:
IMAP - 인증서 요청
다음 명령을 사용하여 IMAP 인증서를 요청합니다:
openssl s_client -showcerts -connect mail.synay.net:993 -servername mail.synay.net
여기서 mail.synay.net
은 메일 서버의 도메인 이름입니다. 이 명령은 다음과 같은 결과를 반환합니다:
CONNECTED(00000003)
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R11
verify return:1
depth=0 CN = synay.net
verify return:1
---
Certificate chain
0 s:CN = synay.net
i:C = US, O = Let's Encrypt, CN = R11
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Apr 8 07:57:57 2025 GMT; NotAfter: Jul 7 07:57:56 2025 GMT
-----BEGIN CERTIFICATE-----
MIIFIDCCBAigAwIBAgISBjIpZm7xKg/vcy8rxUa+cj9NMA0GCSqGSIb3DQEBCwUA
MDMxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQwwCgYDVQQD
EwNSMTEwHhcNMjUwNDA4MDc1NzU3WhcNMjUwNzA3MDc1NzU2WjAUMRIwEAYDVQQD
EwlzeW5heS5uZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1Y70V
xeJOpav/uJuevP/u9tlE8S03Ht7PuDfmTCql4GyTzpwOK2R8SLGlALFuDohAX+nW
xKLtN84uWqnyDGpsCsAzbos9jADmbro9J88nmXcSj2cH2vbEShrMPl2YcTrDsK/H
ewL8Z9bpjwHf/tR0ubGdDsqIfPCNE5p1gTmfN0QKKaSoI+1w7wMJeHvI865gNik6
Amy3nF4qhTXJdgXITTkZErd1bC433UFEheZaK1Uwv8CmIUMU0LOgcQTE4jhCAN8h
z/TCsqOJX8lU28tpxWfcDVYrEIS2062qpP474a//pbMJcn4kPVqkL+b4ZHRJNzBY
PrlKgJZpspIEff8ZAgMBAAGjggJLMIICRzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0l
BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYE
FD1qp+LOPElq0b6lwi3skTKaia9QMB8GA1UdIwQYMBaAFMXPRqTq9MPAemyVxC2w
XpIvJuO5MFcGCCsGAQUFBwEBBEswSTAiBggrBgEFBQcwAYYWaHR0cDovL3IxMS5v
LmxlbmNyLm9yZzAjBggrBgEFBQcwAoYXaHR0cDovL3IxMS5pLmxlbmNyLm9yZy8w
IQYDVR0RBBowGIILKi5zeW5heS5uZXSCCXN5bmF5Lm5ldDATBgNVHSAEDDAKMAgG
BmeBDAECATAuBgNVHR8EJzAlMCOgIaAfhh1odHRwOi8vcjExLmMubGVuY3Iub3Jn
Lzc4LmNybDCCAQUGCisGAQQB1nkCBAIEgfYEgfMA8QB2AH1ZHhLheCp7HGFnfF79
+NCHXBSgTpWeuQMv2Q6MLnm4AAABlhSdfbUAAAQDAEcwRQIhAMAYci1qOpYgMKvg
QZxFuZ8MQY2KZoMhey+ip+Psgb/PAiA2r/Ko1+c5R2MxE8rBVmHkVh483h+5cFT3
zCLqXBZaJgB3AN3cyjSV1+EWBeeVMvrHn/g9HFDf2wA6FBJ2Ciysu8gqAAABlhSd
ff8AAAQDAEgwRgIhAIXX6rvIuiNY1hhyvFhmYOygIDS55GjJ+RRJ/nGu3+0hAiEA
gWE8/hzyaBbsKzevUUjRmTTGJEfWnSPXt1g+zjAmWxUwDQYJKoZIhvcNAQELBQAD
ggEBAHbpXL+FfISZ3o8atKYNU7g68fVVgssWBNSFADR99p3tU3omS86cYhAUr3gp
6djG/5YoNufFBx/lgWsxSrvfc+O/cMkipAeMAgLDxiAFBz9K7WPYyGmHMtRB5aVF
rF3cogZ4PWGuxxQzOoj3WwWPbXn+O3QgDoP4le49WfMpKZ1Ng0APKOV0CF30ySzK
9lO+T34A0Slcwqpjtb0SbHDBThCLO8lLYd4UZLoKfIozqX1Hx/rbaqn5PO24fzx8
/v013Lq2FWgLEdMheHpUuw73zMqE/hiJ3/oEorNo1lnB6QWzUqDvY/JQNf7zPeIV
MwMIdAmbMw0QSTkQ4DApYmFixBg=
-----END CERTIFICATE-----
완료 후 다음 메시지가 표시됩니다:
* OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ AUTH=PLAIN AUTH=LOGIN AUTH=DIGEST-MD5 AUTH=CRAM-MD5] Dovecot ready.
* BYE Disconnected for inactivity.
그 후 다른 중간 인증서 체인이 표시됩니다. 모든 도메인 및 유효 기간 정보를 얻으려면 인증서 내용(-----BEGIN CERTIFICATE----- 및 -----END CERTIFICATE-----` 줄 포함)을 메모장에 복사하고 파일 확장자를 .txt 에서 .crt 로 변경하거나, 온라인 서비스를 사용하여 인증서를 확인 필드에 붙여넣을 수 있습니다.
메일 서비스의 인증서를 업데이트한 경우 서비스를 재시작하는 것을 잊지 마세요. 응답의 마지막 줄에서 알 수 있듯이 IMAP은 Dovecot을 사용하여 실행됩니다.
POP3 - 인증서 요청
다음 명령을 사용하여 POP3 인증서를 요청합니다:
openssl s_client -showcerts -connect mail.synay.net:995 -servername mail.synay.net
서버 응답은 유사하며, 예시에서 POP3도 Dovecot을 사용하여 실행됩니다:
CONNECTED(00000003)
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R11
verify return:1
depth=0 CN = synay.net
verify return:1
---
Certificate chain
0 s:CN = synay.net
i:C = US, O = Let's Encrypt, CN = R11
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Apr 8 07:57:57 2025 GMT; NotAfter: Jul 7 07:57:56 2025 GMT
-----BEGIN CERTIFICATE-----
MIIFIDCCBAigAwIBAgISBjIpZm7xKg/vcy8rxUa+cj9NMA0GCSqGSIb3DQEBCwUA
MDMxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQwwCgYDVQQD
EwNSMTEwHhcNMjUwNDA4MDc1NzU3WhcNMjUwNzA3MDc1NzU2WjAUMRIwEAYDVQQD
EwlzeW5heS5uZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1Y70V
xeJOpav/uJuevP/u9tlE8S03Ht7PuDfmTCql4GyTzpwOK2R8SLGlALFuDohAX+nW
xKLtN84uWqnyDGpsCsAzbos9jADmbro9J88nmXcSj2cH2vbEShrMPl2YcTrDsK/H
ewL8Z9bpjwHf/tR0ubGdDsqIfPCNE5p1gTmfN0QKKaSoI+1w7wMJeHvI865gNik6
Amy3nF4qhTXJdgXITTkZErd1bC433UFEheZaK1Uwv8CmIUMU0LOgcQTE4jhCAN8h
z/TCsqOJX8lU28tpxWfcDVYrEIS2062qpP474a//pbMJcn4kPVqkL+b4ZHRJNzBY
PrlKgJZpspIEff8ZAgMBAAGjggJLMIICRzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0l
BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYE
FD1qp+LOPElq0b6lwi3skTKaia9QMB8GA1UdIwQYMBaAFMXPRqTq9MPAemyVxC2w
XpIvJuO5MFcGCCsGAQUFBwEBBEswSTAiBggrBgEFBQcwAYYWaHR0cDovL3IxMS5v
LmxlbmNyLm9yZzAjBggrBgEFBQcwAoYXaHR0cDovL3IxMS5pLmxlbmNyLm9yZy8w
IQYDVR0RBBowGIILKi5zeW5heS5uZXSCCXN5bmF5Lm5ldDATBgNVHSAEDDAKMAgG
BmeBDAECATAuBgNVHR8EJzAlMCOgIaAfhh1odHRwOi8vcjExLmMubGVuY3Iub3Jn
Lzc4LmNybDCCAQUGCisGAQQB1nkCBAIEgfYEgfMA8QB2AH1ZHhLheCp7HGFnfF79
+NCHXBSgTpWeuQMv2Q6MLnm4AAABlhSdfbUAAAQDAEcwRQIhAMAYci1qOpYgMKvg
QZxFuZ8MQY2KZoMhey+ip+Psgb/PAiA2r/Ko1+c5R2MxE8rBVmHkVh483h+5cFT3
zCLqXBZaJgB3AN3cyjSV1+EWBeeVMvrHn/g9HFDf2wA6FBJ2Ciysu8gqAAABlhSd
ff8AAAQDAEgwRgIhAIXX6rvIuiNY1hhyvFhmYOygIDS55GjJ+RRJ/nGu3+0hAiEA
gWE8/hzyaBbsKzevUUjRmTTGJEfWnSPXt1g+zjAmWxUwDQYJKoZIhvcNAQELBQAD
ggEBAHbpXL+FfISZ3o8atKYNU7g68fVVgssWBNSFADR99p3tU3omS86cYhAUr3gp
6djG/5YoNufFBx/lgWsxSrvfc+O/cMkipAeMAgLDxiAFBz9K7WPYyGmHMtRB5aVF
rF3cogZ4PWGuxxQzOoj3WwWPbXn+O3QgDoP4le49WfMpKZ1Ng0APKOV0CF30ySzK
9lO+T34A0Slcwqpjtb0SbHDBThCLO8lLYd4UZLoKfIozqX1Hx/rbaqn5PO24fzx8
/v013Lq2FWgLEdMheHpUuw73zMqE/hiJ3/oEorNo1lnB6QWzUqDvY/JQNf7zPeIV
MwMIdAmbMw0QSTkQ4DApYmFixBg=
-----END CERTIFICATE-----
요청이 완료되면 다음과 같은 성공 메시지가 표시됩니다:
read R BLOCK
+OK Dovecot ready. <254142.9ae9.683f08b3.59caa70dz5WbqgCQ7aLJKg==@hosting.synay.net>
SMTP - 인증서 요청
다음 명령을 사용하여 SMTP 인증서를 요청합니다:
openssl s_client -showcerts -connect mail.synay.net:465 -servername mail.synay.net
응답은 다음과 같습니다:
CONNECTED(00000003)
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R11
verify return:1
depth=0 CN = synay.net
verify return:1
---
Certificate chain
0 s:CN = synay.net
i:C = US, O = Let's Encrypt, CN = R11
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Apr 8 07:57:57 2025 GMT; NotAfter: Jul 7 07:57:56 2025 GMT
-----BEGIN CERTIFICATE-----
MIIFIDCCBAigAwIBAgISBjIpZm7xKg/vcy8rxUa+cj9NMA0GCSqGSIb3DQEBCwUA
MDMxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQwwCgYDVQQD
EwNSMTEwHhcNMjUwNDA4MDc1NzU3WhcNMjUwNzA3MDc1NzU2WjAUMRIwEAYDVQQD
EwlzeW5heS5uZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1Y70V
xeJOpav/uJuevP/u9tlE8S03Ht7PuDfmTCql4GyTzpwOK2R8SLGlALFuDohAX+nW
xKLtN84uWqnyDGpsCsAzbos9jADmbro9J88nmXcSj2cH2vbEShrMPl2YcTrDsK/H
ewL8Z9bpjwHf/tR0ubGdDsqIfPCNE5p1gTmfN0QKKaSoI+1w7wMJeHvI865gNik6
Amy3nF4qhTXJdgXITTkZErd1bC433UFEheZaK1Uwv8CmIUMU0LOgcQTE4jhCAN8h
z/TCsqOJX8lU28tpxWfcDVYrEIS2062qpP474a//pbMJcn4kPVqkL+b4ZHRJNzBY
PrlKgJZpspIEff8ZAgMBAAGjggJLMIICRzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0l
BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYE
FD1qp+LOPElq0b6lwi3skTKaia9QMB8GA1UdIwQYMBaAFMXPRqTq9MPAemyVxC2w
XpIvJuO5MFcGCCsGAQUFBwEBBEswSTAiBggrBgEFBQcwAYYWaHR0cDovL3IxMS5v
LmxlbmNyLm9yZzAjBggrBgEFBQcwAoYXaHR0cDovL3IxMS5pLmxlbmNyLm9yZy8w
IQYDVR0RBBowGIILKi5zeW5heS5uZXSCCXN5bmF5Lm5ldDATBgNVHSAEDDAKMAgG
BmeBDAECATAuBgNVHR8EJzAlMCOgIaAfhh1odHRwOi8vcjExLmMubGVuY3Iub3Jn
Lzc4LmNybDCCAQUGCisGAQQB1nkCBAIEgfYEgfMA8QB2AH1ZHhLheCp7HGFnfF79
+NCHXBSgTpWeuQMv2Q6MLnm4AAABlhSdfbUAAAQDAEcwRQIhAMAYci1qOpYgMKvg
QZxFuZ8MQY2KZoMhey+ip+Psgb/PAiA2r/Ko1+c5R2MxE8rBVmHkVh483h+5cFT3
zCLqXBZaJgB3AN3cyjSV1+EWBeeVMvrHn/g9HFDf2wA6FBJ2Ciysu8gqAAABlhSd
ff8AAAQDAEgwRgIhAIXX6rvIuiNY1hhyvFhmYOygIDS55GjJ+RRJ/nGu3+0hAiEA
gWE8/hzyaBbsKzevUUjRmTTGJEfWnSPXt1g+zjAmWxUwDQYJKoZIhvcNAQELBQAD
ggEBAHbpXL+FfISZ3o8atKYNU7g68fVVgssWBNSFADR99p3tU3omS86cYhAUr3gp
6djG/5YoNufFBx/lgWsxSrvfc+O/cMkipAeMAgLDxiAFBz9K7WPYyGmHMtRB5aVF
rF3cogZ4PWGuxxQzOoj3WwWPbXn+O3QgDoP4le49WfMpKZ1Ng0APKOV0CF30ySzK
9lO+T34A0Slcwqpjtb0SbHDBThCLO8lLYd4UZLoKfIozqX1Hx/rbaqn5PO24fzx8
/v013Lq2FWgLEdMheHpUuw73zMqE/hiJ3/oEorNo1lnB6QWzUqDvY/JQNf7zPeIV
MwMIdAmbMw0QSTkQ4DApYmFixBg=
-----END CERTIFICATE-----
그 후 인증서 체인이 이어지며, 요청이 완료되면 성공적으로 실행된 줄이 표시됩니다:
read R BLOCK
220 mail.synay.net ESMTP Postfix (Debian/GNU)
이 요청들에서 모든 서비스의 인증서를 확인하고 검증할 수 있습니다. 이 예시에서는 메일 전송에 Postfix가 사용됩니다.
이러한 명령은 메일 서버를 직접 설정하고 인증서가 만료되었을 때 유용합니다. 이 요청을 통해 경고가 어떤 서비스와 관련 있는지 정확히 알 수 있습니다.