Multiple certificate option SNI

Maciej Milaszewski IQ PL maciej.milaszewski at iq.pl
Fri Sep 13 13:10:39 EEST 2019


Hi
I have some problem with SNI and dovecot 2.2.36.4

Server debian 9.x ad dovecot-2.2.36.4

default server ssl cert is a wildcard like *.domain.com (digicert)

ssl_ca = /var/control/cert.pem
ssl_cert = </var/control/cert.pem

I added for test another domain (in dns to) for another ssl (letsencrypt)

from https://wiki.dovecot.org/SSL/DovecotConfiguration

like:

local_name imap.mail.test.domain.com {
  ssl_cert = </etc/dovecot/ssl/imap.mail.test.domain.com.pem
  ssl_key =  < /etc/dovecot/ssl/imap.mail.test.domain.com.key
}


doveconf -n:

local_name imap.mail.test.domain.com {
  ssl_cert = </etc/dovecot/ssl/imap.mail.test.domain.com.pem
  ssl_key =  # hidden, use -P to show it
}

Now I test like:
openssl s_client -connect imap.mail.test.domain.com:993 -tls1_1

and dovecot show me default server cert (digicert) but not dedicated
from letsencrypt

In DNS domain imap.mail.test.domain.com is not match *.domain.com

Any idea ?









More information about the dovecot mailing list