What's the process of extracting certificates from TLS server?
I need to get an SSL certificate from some mail servers. I know I need to execute the following steps. Do a DNS mx query on the domain name (dig google.com mx).Use the information to download an SSL certificate (openssl s_client -showcerts -connect google.com:443). But I am not sure what information I should pick up from step 1 and how it should be used in step 2
For extracting certificate from TLS server, you should pick the domain of one MX record from the answer section of your DNS query and feed it to openssl:
$ dig gmail.com mx
[...]
;; ANSWER SECTION:- gmail.com. 3599 IN MX 20 alt2.gmail-smtp-in.l.google.com.
- gmail.com. 3599 IN MX 5 gmail-smtp-in.l.google.com.
- gmail.com. 3599 IN MX 30 alt3.gmail-smtp-in.l.google.com.
- gmail.com. 3599 IN MX 10 alt1.gmail-smtp-in.l.google.com.
- gmail.com. 3599 IN MX 40 alt4.gmail-smtp-in.l.google.com.
[...]
$ openssl s_client -connect gmail-smtp-in.l.google.com:25 -starttls smtp
[...]Note: it's not a safe assumption that the web server (if there is any) running on the same machine as the SMTP server uses the same certificate. see also https://serverfault.com/questions/131627/how-to-inspect-remote-smtp-servers-tls-certificate#131628