What's the easiest way to connect to a SMTP server that supports STARTTLS and get its server SSL certificate? I know it can be done using openssl with something like this openssl sclient -starttls smtp -crlf -connect 192.168.0.1:25 How can I do it from within Python and I don't want to call openssl and parse its output. I looked at M2Crypto which is an openssl wrapper, but as far as I can tell that doesn't support starttls. An example of how to do it with a Python library would be very much appreciated. This returns a certificate in binary format (DER-encoded): import socket, ssl s = socket.socket s.connect(('host', 25)) s.send('STARTTLS n') s.recv(1000) ss = ssl.wrapsocket(s) certificateder = ss.getpeercert(True) This is jus to give you an idea, error handling, etc.

• Download Smtp Server For Windows

Is required of course. If you want to decode the information from the certificate you either have to prodivde a certificate authorities bundle/directory for acceptable CAs (getpeercert will return a meaningfull dict in this case), or use a more capable ssl library, M2Crypto for example.

Does anyone know a way to manually inspect a remote SMTP server's TLS certificate. Set Windows Server 2008 R2 SMTP for Opportunistic TLS. Change Default Certificates for SMTP. For the purposes of this article, we will use the default self-signed certificate that came with your DV server.

Try these links, too. NOte: Windows 2008 and 2008 R2 (IIS 7.0 and 7.5) are the same steps. How to install ssl certificate in windows 2008 server?

Installing an SSL Certificate in Windows Server 2008 (IIS 7.0) Ace Fekay MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003 Microsoft Certified Trainer Microsoft MVP - Directory Services Technical Blogs & Videos: This post is provided AS-IS with no warranties or guarantees and confers no rights. Thanks Alex this has proven to be the answer for 2008 server: 1. Open IIS7 and create a self signed cert, even though the smtp server is installed under IIS6. Under connections click on the server name - Server Certificates - Create Self signed cert or purchase cert with Full-qualified domain name as subject. Be advised if you use a self signed cert it is only good for one year, but will work fine for testing purposes. Make sure that the Fully-quilified domain name configured under the SMTP Virtial Server properties matches the certificates subject name.

Download Smtp Server For Windows

Delivery - Advanced - Fully-qualified domain name 3. Configure the SMTP Virtial Server FQDN goto: SMTP Virtual Server Properties Delivery TAB Advanced BUTTON and type the FQDN in the 'Fully-quilified domain name' textbox (Again this must match exactly the subject on the cert) Apply and close properties box. Restart the service Simple Mail Transfer Protocol SMTP 5. Confirm that the certificate was found by the SMTP service: Open the SMTP Vitual Server properties Access TAB and the Secure communications SECTION should read 'A TLS cerificate is found with expiration date: day/month/year'. Compare the shown date with the actual certificate expiration date. Thanks for your help.