This document describes how to use TLSVERIFY to troubleshoot TLS delivery issues.
In relation to mail processing on the Cisco Email Security Appliance (ESA), you may see that TLS is not delivering or returning error or alert.
From the CLI on the appliance, use tlsverify to test TLS communication from your appliance to the external domain.
Enter the TLS domain to verify against: > example.com
Enter the destination host to connect to. Append the port (example.com:26) if you are not connecting on port 25: [example.com]> mxe.example.com:25
Connecting to 188.8.131.52 on port 25. Connected to 184.108.40.206 from interface 10.10.10.10. Checking TLS connection. TLS connection established: protocol TLSv1, cipher RC4-SHA. Verifying peer certificate. Verifying certificate common name mxe.example.com. TLS certificate match mxe.example.com TLS certificate verified. TLS connection to 220.127.116.11 succeeded.
TLS successfully connected to mxe.example.com. TLS verification completed.
The above output from tlsverify command shows TLS verification from this appliance to the destination with IP address 18.104.22.168.