Dovecot TLS SNI Problem

[geogeo]

Greetings,

I am trying to setup dovecot on a server with several VHosts. Each one will have its own separate certificate. So far I had no luck with it.

On my dovecot.conf I have added the following:

ssl_cert = </etc/ssl/certs/example1_com.crt
ssl_key = </etc/ssl/private/example1.com.key

local_name example1.com {
  ssl_cert = </etc/ssl/certs/example1_com.crt
  ssl_key = </etc/ssl/private/example1.com.key
}
local_name example2.com {
  ssl_cert = </etc/ssl/certs/example2_com.crt
  ssl_key = </etc/ssl/private/example2.com.key
}

The problem is that for every domain the primary certificate is used. It is as if the local_name {} setting does not apply.

I am on dovecot 2.1.7

 

[SeLLeRoNe]

Maybe, and i should be wrong but im going just with my own knloedge, you should put the "common" certificate after every local_name, so, if all those check fail it use the common, otherwise, it stop once he found the right domain name.

Regards

 

[Arieh]

I doubt it's the order (you could try though).

Have you looked at file permissions? Check if crt/key are the same as the one who do work (also parent folders if they are different).

Also are you sure your client is using SNI correctly? You can also try

openssl s_client -connect example1.com:993

 

[Nap]

I know it's been a long time since this was discussed, but I have the same problem right now.

geogeo, did you solve this?

Cheers,
Nap