Hi! I've been using Dovecot for one single Domain with SSL certificates. Now I would like to use Dovecot with several Domains and proper SSL certificates. I tried to setup TLS SNI but it does not work. What I basically did was just adding
local_name imap.samsoft.at { ssl_cert = </etc/ssl/private/mailserver/imap.samsoft.at.crt ssl_key = </etc/ssl/private/mailserver/imap.samsoft.at.key }
for the additional domain.
When trying to login via IMAP, I see the following lines in the log file:
Dec 22 21:01:05 mx0 dovecot: imap-login: Warning: SSL alert: where=0x4004, ret=554: fatal bad certificate [151.236.5.22] Dec 22 21:01:05 mx0 dovecot: imap-login: Warning: SSL failed: where=0x2002: SSLv3 read client certificate A [151.236.5.22] Dec 22 21:01:05 mx0 dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=151.236.5.22, lip=151.38.7.25, TLS handshaking: SSL_accept() failed: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate: SSL alert number 42, session=<Rg5EzyXutgCX7AaF>
The actual Dovecot config is pasted below.
How can I solve that and server different certificates on the same IP Address?
Thanks, Michael
doveconf -n # 2.2.7: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-042stab076.8 i686 CentOS release 6.5 (Final) simfs auth_mechanisms = plain login mail_location = maildir:/var/mail/vhosts/%d/%n mail_plugins = notify mail_privileged_group = mail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave imapflags namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Spam { auto = subscribe special_use = \Junk } mailbox Trash { auto = subscribe special_use = \Trash } prefix = } passdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } plugin { antispam_backend = dspam antispam_dspam_args = --source=error;--signature=%%s;--user;%u antispam_dspam_binary = /usr/bin/dspam antispam_signature = X-DSPAM-Signature antispam_signature_missing = move antispam_spam = Spam antispam_trash = trash;Trash;Deleted Items;Deleted Messages sieve = /var/mail/vhosts/sieve-scripts/%d/%n/.dovecot.sieve sieve_before = /var/mail/vhosts/sieve-scripts/before sieve_dir = /var/mail/vhosts/sieve-scripts/%d/%n/sieve sieve_extensions = +imapflags } postmaster_address = postmaster@changed.at protocols = imap pop3 lmtp sieve service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } unix_listener auth-userdb { mode = 0600 user = vmail } user = dovecot } service dict { unix_listener dict { user = vmail } } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } service managesieve-login { inet_listener sieve { port = 4190 } } ssl = required ssl_ca = </etc/ssl/private/mailserver/ca-bundle.crt ssl_cert = </etc/ssl/private/mailserver/mx0.domain1.at.pem ssl_key = </etc/ssl/private/mailserver/mx0.domain1.at.key userdb { driver = prefetch } userdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } protocol lmtp { mail_plugins = sieve } protocol lda { mail_plugins = sieve } protocol imap { mail_plugins = antispam } local_name imap.samsoft.at { ssl_cert = </etc/ssl/private/mailserver/imap.samsoft.at.crt ssl_key = </etc/ssl/private/mailserver/imap.samsoft.at.key }