Multiple certificate option SNI
Maciej Milaszewski IQ PL
maciej.milaszewski at iq.pl
Fri Sep 13 13:10:39 EEST 2019
Hi
I have some problem with SNI and dovecot 2.2.36.4
Server debian 9.x ad dovecot-2.2.36.4
default server ssl cert is a wildcard like *.domain.com (digicert)
ssl_ca = /var/control/cert.pem
ssl_cert = </var/control/cert.pem
I added for test another domain (in dns to) for another ssl (letsencrypt)
from https://wiki.dovecot.org/SSL/DovecotConfiguration
like:
local_name imap.mail.test.domain.com {
ssl_cert = </etc/dovecot/ssl/imap.mail.test.domain.com.pem
ssl_key = < /etc/dovecot/ssl/imap.mail.test.domain.com.key
}
doveconf -n:
local_name imap.mail.test.domain.com {
ssl_cert = </etc/dovecot/ssl/imap.mail.test.domain.com.pem
ssl_key = # hidden, use -P to show it
}
Now I test like:
openssl s_client -connect imap.mail.test.domain.com:993 -tls1_1
and dovecot show me default server cert (digicert) but not dedicated
from letsencrypt
In DNS domain imap.mail.test.domain.com is not match *.domain.com
Any idea ?
More information about the dovecot
mailing list