Le 13 sept. 2019 à 12:10, Maciej Milaszewski IQ PL via dovecot dovecot@dovecot.org a écrit :
Hi I have some problem with SNI and dovecot 2.2.36.4
Server debian 9.x ad dovecot-2.2.36.4
default server ssl cert is a wildcard like *.domain.com (digicert)
ssl_ca = /var/control/cert.pem ssl_cert =
I added for test another domain (in dns to) for another ssl (letsencrypt)
from https://wiki.dovecot.org/SSL/DovecotConfiguration
like:
local_name imap.mail.test.domain.com { ssl_cert =
doveconf -n:
local_name imap.mail.test.domain.com { ssl_cert =
Now I test like: openssl s_client -connect imap.mail.test.domain.com:993 -tls1_1
and dovecot show me default server cert (digicert) but not dedicated from letsencrypt
In DNS domain imap.mail.test.domain.com is not match *.domain.com
Any idea ?
AFAIK, the -connect option of openssl is not use for SNI, but only for IP resolution. To enable SNI, you have to explicitly pass it using '-servername' parameter.