[Dovecot] Dovecot replies with default SSL certificate instead of the vhost's

Reindl Harald h.reindl at thelounge.net
Mon Sep 16 01:09:46 EEST 2013

Am 15.09.2013 23:45, schrieb Shadi Habbal:
> I'm using dovecot v2.0.21.
> According to http://wiki2.dovecot.org/SSL/DovecotConfiguration,
> dovecot 2.x supports different SSL certificate for different virtual hosts by using "local_name" directive, but I can't get it to work.
> When testing the certificate using "openssl s_client -connect domain.com:pop3s" I get the default certificate instead of domain.com's

you did read "With client TLS SNI (Server Name Indication) support"
and "Different certificates per IP and protocol"


on POP3s (995) you have *most likely* no SNI and even with
STATTLS only less chances to work relieable with different
clients which is also part of the documentation you refer to

why do people waste their time with such useless things instead setup
"mail.yourcompany.tld" and tell every user exactly tjis hostname?

servernames in case of *email* are worthless becasue you do
not have different document roots

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 263 bytes
Desc: OpenPGP digital signature
URL: <http://dovecot.org/pipermail/dovecot/attachments/20130916/cf7b24fa/attachment.bin>

More information about the dovecot mailing list