On 2023-09-27, dovecot--- via dovecot dovecot@dovecot.org wrote:

...

Quick Q: Can dovecot use wildcard TLS Certificates?

I'm having issues with a new dovecot/postfix stack set-up and I can't get mutt on the local box to connect via imap - its coming back with an SSL error, and as I'm using a wildcard cert for the domain I was wondering if that was my issue.

If dovecot can use wildcard certs then I'll look elsewhere in my troubleshooting.

Check that you have configured dovecot to serve any required intermediate certs. If you post the hostname others can take a look and let you know if that's the problem.

I use wildcard certs on my dovecot.

 ssl_cert = </var/lib/certs/example.com/fullchain.pem
 ssl_key  = </var/lib/certs/example.com/privkey.pem

I don't remember if it was dovecot specific, but i did have issues making the cert with ONLY a wild card entry such as "*.example.com" I fixed the issue by creating the cert with two entries, one for "example.com" and one for "*.example.com"

That is standard. A wildcard for *.example.com covers <somename>.example.com but not <somename>.<somename>.example.com or plain example.com.

Hello Andry,

I don't know how or why it happened, but your email only hit my inbox a few minutes ago - approx 13:30 UTC 6 November 2023.

Thank you for sending it me (on the 28 September), but in the intervening 5-6 weeks I got that issue sorted (it was a SELinux issue in the end).

So, again, thanks, but by now a solved issue  :-)

Cheers

Dulux-Oz

aka

PEREGRINE IT Signature

*Matthew J BLACK* M.Inf.Tech.(Data Comms) MBA B.Sc. MACS (Snr), CP, IP3P

When you want it done /right/ ‒ the first time!

Phone: +61 4 0411 0089 Email: matthew@peregrineit.net mailto:matthew@peregrineit.net Web: www.peregrineit.net http://www.peregrineit.net

View Matthew J BLACK's profile on LinkedIn http://au.linkedin.com/in/mjblack

This Email is intended only for the addressee.  Its use is limited to that intended by the author at the time and it is not to be distributed without the author’s consent.  You must not use or disclose the contents of this Email, or add the sender’s Email address to any database, list or mailing list unless you are expressly authorised to do so.  Unless otherwise stated, PEREGRINE I.T. Pty Ltd accepts no liability for the contents of this Email except where subsequently confirmed in writing.  The opinions expressed in this Email are those of the author and do not necessarily represent the views of PEREGRINE I.T. Pty Ltd.  This Email is confidential and may be subject to a claim of legal privilege.

If you have received this Email in error, please notify the author and delete this message immediately.

On 28/09/2023 16:18, Andrey Repin wrote:

Greetings, duluxoz!

...

Quick Q: Can dovecot use wildcard TLS Certificates? I'm having issues with a new dovecot/postfix stack set-up and I can't get mutt on the local box to connect via imap - its coming back with an SSL error, and as I'm using a wildcard cert for the domain I was wondering if that was my issue. If dovecot can use wildcard certs then I'll look elsewhere in my troubleshooting. Provide your certificate attributes for better diagnostic.

openssl x509 -in cert -noout -text

-- This email has been checked for viruses by Avast antivirus software. www.avast.com

Hello Andry, I don't know how or why it happened, but your email only hit my inbox a few minutes ago - approx 13:30 UTC 6 November 2023. Thank you for sending it me (on the 28 September), but in the intervening 5- 6 weeks I got that issue sorted (it was a SELinux issue in the end). So, again, thanks, but by now a solved issue  :-) Cheers Dulux-Oz aka Matthew J BLACK M.Inf.Tech.(Data Comms) MBA B.Sc. MACS (Snr), CP, IP3P When you want it done right ‒ the first time! Phone: +61 4 0411 0089 Email: matthew@peregrineit.net Web: www.peregrineit.net [View_Matthew_J_BLACK's_profile_on_LinkedIn] This Email is intended only for the addressee.  Its use is limited to that intended by the author at the time and it is not to be distributed without the author’s consent.  You must not use or disclose the contents of this Email, or add the sender’s Email address to any database, list or mailing list unless you are expressly authorised to do so.  Unless otherwise stated, PEREGRINE I.T. Pty Ltd accepts no liability for the contents of this Email except where subsequently confirmed in writing.  The opinions expressed in this Email are those of the author and do not necessarily represent the views of PEREGRINE I.T. Pty Ltd.  This Email is confidential and may be subject to a claim of legal privilege. If you have received this Email in error, please notify the author and delete this message immediately. On 28/09/2023 16:18, Andrey Repin wrote: Greetings, duluxoz! Quick Q: Can dovecot use wildcard TLS Certificates? I'm having issues with a new dovecot/postfix stack set-up and I can't get mutt on the local box to connect via imap - its coming back with an SSL error, and as I'm using a wildcard cert for the domain I was wondering if that was my issue. If dovecot can use wildcard certs then I'll look elsewhere in my troubleshooting. Provide your certificate attributes for better diagnostic.

 openssl x509 -in cert -noout -text

Virus-free.www.avast.com