Can Dovecot Use Wildcard TLS Certificates?
Hi All,
Quick Q: Can dovecot use wildcard TLS Certificates?
I'm having issues with a new dovecot/postfix stack set-up and I can't get mutt on the local box to connect via imap - its coming back with an SSL error, and as I'm using a wildcard cert for the domain I was wondering if that was my issue.
If dovecot can use wildcard certs then I'll look elsewhere in my troubleshooting.
Thanks in advance
Cheers
Dulux-Oz
Quick Q: Can dovecot use wildcard TLS Certificates?
I'm having issues with a new dovecot/postfix stack set-up and I can't get mutt on the local box to connect via imap - its coming back with an SSL error, and as I'm using a wildcard cert for the domain I was wondering if that was my issue.
If dovecot can use wildcard certs then I'll look elsewhere in my troubleshooting.
I use wildcard certs on my dovecot.
ssl_cert = </var/lib/certs/example.com/fullchain.pem
ssl_key = </var/lib/certs/example.com/privkey.pem
I don't remember if it was dovecot specific, but i did have issues making the cert with ONLY a wild card entry such as "*.example.com" I fixed the issue by creating the cert with two entries, one for "example.com" and one for "*.example.com" No idea if that is helpful in your situation.
On 2023-09-27, dovecot--- via dovecot <dovecot@dovecot.org> wrote:
Quick Q: Can dovecot use wildcard TLS Certificates?
I'm having issues with a new dovecot/postfix stack set-up and I can't get mutt on the local box to connect via imap - its coming back with an SSL error, and as I'm using a wildcard cert for the domain I was wondering if that was my issue.
If dovecot can use wildcard certs then I'll look elsewhere in my troubleshooting.
Check that you have configured dovecot to serve any required intermediate certs. If you post the hostname others can take a look and let you know if that's the problem.
I use wildcard certs on my dovecot.
ssl_cert = </var/lib/certs/example.com/fullchain.pem ssl_key = </var/lib/certs/example.com/privkey.pem
I don't remember if it was dovecot specific, but i did have issues making the cert with ONLY a wild card entry such as "*.example.com" I fixed the issue by creating the cert with two entries, one for "example.com" and one for "*.example.com"
That is standard. A wildcard for *.example.com covers <somename>.example.com but not <somename>.<somename>.example.com or plain example.com.
- duluxoz, 27.09.23 09:34
Quick Q: Can dovecot use wildcard TLS Certificates? [...]
Both dovecot and mutt can handle wildcard certificates just fine.
HTH & HAND Thomas
=-------------------------------------------------------------------------=
- Thomas "ZlatkO" Zajic <zlatko@gmx.at> Linux-6.1 & Thunderbird-115 -
"In layman's terms: speedy thing goes in, speedy thing comes out." -
[ re-sent from my subscription address ... oops :-) ]
- duluxoz, 27.09.23 09:34
Quick Q: Can dovecot use wildcard TLS Certificates? [...]
Both dovecot and mutt can handle wildcard certificates just fine.
HTH & HAND Thomas
=-------------------------------------------------------------------------=
- Thomas "ZlatkO" Zajic <zlatko@gmx.at> Linux-6.1 & Thunderbird-115 -
"In layman's terms: speedy thing goes in, speedy thing comes out." -
Greetings, duluxoz!
Quick Q: Can dovecot use wildcard TLS Certificates?
I'm having issues with a new dovecot/postfix stack set-up and I can't get mutt on the local box to connect via imap - its coming back with an SSL error, and as I'm using a wildcard cert for the domain I was wondering if that was my issue.
If dovecot can use wildcard certs then I'll look elsewhere in my troubleshooting.
Provide your certificate attributes for better diagnostic.
openssl x509 -in cert -noout -text
-- With best regards, Andrey Repin Thursday, September 28, 2023 09:16:33
Sorry for my terrible english...
Hello Andry,
I don't know how or why it happened, but your email only hit my inbox a few minutes ago - approx 13:30 UTC 6 November 2023.
Thank you for sending it me (on the 28 September), but in the intervening 5-6 weeks I got that issue sorted (it was a SELinux issue in the end).
So, again, thanks, but by now a solved issue :-)
Cheers
Dulux-Oz
aka
PEREGRINE IT Signature
*Matthew J BLACK* M.Inf.Tech.(Data Comms) MBA B.Sc. MACS (Snr), CP, IP3P
When you want it done /right/ ‒ the first time!
Phone: +61 4 0411 0089 Email: matthew@peregrineit.net <mailto:matthew@peregrineit.net> Web: www.peregrineit.net <http://www.peregrineit.net>
View Matthew J BLACK's profile on LinkedIn <http://au.linkedin.com/in/mjblack>
This Email is intended only for the addressee. Its use is limited to that intended by the author at the time and it is not to be distributed without the author’s consent. You must not use or disclose the contents of this Email, or add the sender’s Email address to any database, list or mailing list unless you are expressly authorised to do so. Unless otherwise stated, PEREGRINE I.T. Pty Ltd accepts no liability for the contents of this Email except where subsequently confirmed in writing. The opinions expressed in this Email are those of the author and do not necessarily represent the views of PEREGRINE I.T. Pty Ltd. This Email is confidential and may be subject to a claim of legal privilege.
If you have received this Email in error, please notify the author and delete this message immediately.
On 28/09/2023 16:18, Andrey Repin wrote:
Greetings, duluxoz!
Quick Q: Can dovecot use wildcard TLS Certificates? I'm having issues with a new dovecot/postfix stack set-up and I can't get mutt on the local box to connect via imap - its coming back with an SSL error, and as I'm using a wildcard cert for the domain I was wondering if that was my issue. If dovecot can use wildcard certs then I'll look elsewhere in my troubleshooting. Provide your certificate attributes for better diagnostic.
openssl x509 -in cert -noout -text
-- This email has been checked for viruses by Avast antivirus software. www.avast.com
Hello Andry, I don't know how or why it happened, but your email only hit my inbox a few minutes ago - approx 13:30 UTC 6 November 2023. Thank you for sending it me (on the 28 September), but in the intervening 5- 6 weeks I got that issue sorted (it was a SELinux issue in the end). So, again, thanks, but by now a solved issue :-) Cheers Dulux-Oz aka Matthew J BLACK M.Inf.Tech.(Data Comms) MBA B.Sc. MACS (Snr), CP, IP3P When you want it done right ‒ the first time! Phone: +61 4 0411 0089 Email: matthew@peregrineit.net Web: www.peregrineit.net [View_Matthew_J_BLACK's_profile_on_LinkedIn] This Email is intended only for the addressee. Its use is limited to that intended by the author at the time and it is not to be distributed without the author’s consent. You must not use or disclose the contents of this Email, or add the sender’s Email address to any database, list or mailing list unless you are expressly authorised to do so. Unless otherwise stated, PEREGRINE I.T. Pty Ltd accepts no liability for the contents of this Email except where subsequently confirmed in writing. The opinions expressed in this Email are those of the author and do not necessarily represent the views of PEREGRINE I.T. Pty Ltd. This Email is confidential and may be subject to a claim of legal privilege. If you have received this Email in error, please notify the author and delete this message immediately. On 28/09/2023 16:18, Andrey Repin wrote: Greetings, duluxoz! Quick Q: Can dovecot use wildcard TLS Certificates? I'm having issues with a new dovecot/postfix stack set-up and I can't get mutt on the local box to connect via imap - its coming back with an SSL error, and as I'm using a wildcard cert for the domain I was wondering if that was my issue. If dovecot can use wildcard certs then I'll look elsewhere in my troubleshooting. Provide your certificate attributes for better diagnostic.
openssl x509 -in cert -noout -text
Virus-free.www.avast.com
.
On 06/11/2023 21:36, Matthew J Black wrote:
Hello Andry, I don't know how or why it happened, but your email only hit my inbox a few minutes ago - approx 13:30 UTC 6 November 2023.
His smtp server, Office Mail Server, sent it to one of their relay,mail-nwsmtp-smtp-production-main-81.myt.yp-c.yandex.net only on 6 November 2023 20:30:59 +0300
-- Willy Manga @ongolaboy https://ongola.blogspot.com/
participants (8)
-
Andrey Repin
-
dovecot@ptld.com
-
duluxoz
-
Matthew J Black
-
Stuart Henderson
-
Thomas Zajic
-
Thomas Zajic
-
Willy Manga