Issue Mail servers using old certifcate

[thinkingcap]

Looking at a client site in SSL iT the certificate expires in Feb 2020. If I run the following check against SMTP ports the certificate that SMTP uses expires tomorrow.

echo | openssl s_client -servername clientxxx.com.au -connect clientxxx.com.au:587 2>/dev/null -starttls smtp | openssl x509 -noout -dates

Then if I go into Mail Settings for this client and without changing anything I hit "OK" the certificate gets updated to one issued in November and expires in Feb 2020.

Anyone else seeing this behaviour?
TIA
Dave

 

[G J Piper]

I was getting unpredictable results too using openssl s_client commands on my SMTP server. However, I tried using online testers remotely and found they were reading the correct (expected) certificates. I presume the openssl commands do not read SNI correctly.
Try this tool and see if it differs from your internal results: //email/testTo:

I may be misunderstanding your problem... are you getting incorrect certificate readings, or incorrect certificate creation?

 

[thinkingcap]

I don't think so as a client alerted me to it with an error on their iPhone "Can not verify server identity"

 

[thinkingcap]

Nice tool you posted - thanks.
I definitely have expired certs!

 

[thinkingcap]

Anyone else seeing this issue?

 

[learning_curve]

Anyone else seeing this issue?

It's possible that THIS thread may help