ios12 clients not getting correct certificate, sni supported not? or config error?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

ios12 clients not getting correct certificate, sni supported not? or config error?

Dovecot mailing list


I am having an ios12.4.1 client whine about access problems. He is
getting the 'default' self signed ceritificate instead of the hostname
alias. openssl s_client -servername mail.xxxxx.com -connect
x.x.x.x:pop3s gives a 'Verify return code: 0 (ok)'

I can't imagine this sni support is not available in recent versions.
Should I remove this default certificate in the main section of
10-ssl.conf?


These lines I have added to 10-ssl.conf

ssl_cert = </etc/pki/tls/certs/mail-wildcard.crt
ssl_key = </etc/pki/tls/private/mail-wildcard.key

local 192.168.10.43 {
  ssl_key  = </etc/pki/tls/private/xxxxxxx.local.key
  ssl_cert = </etc/pki/tls/certs/xxxxxxx.local.crt
}
local_name mail.xxxxx.com {
  ssl_key  = </etc/pki/tls/private/mail.xxxxx.com.key
  ssl_cert = </etc/pki/tls/certs/mail.xxxxx.com.crt
}
local_name imap.xxxxxxx.net {
  ssl_key  = </etc/pki/tls/private/imap.xxxxxxx.net.key
  ssl_cert = </etc/pki/tls/certs/imap.xxxxxxx.net.crt
}


[@ conf.d]# doveconf | egrep 'ssl_cert|ssl_key'
ssl_cert = </etc/pki/tls/certs/mail-wildcard.crt
ssl_cert_username_field = commonName
ssl_key =  # hidden, use -P to show it
ssl_key_password =
  ssl_cert = </etc/pki/tls/certs/xxxxxxx.local.crt
  ssl_key =  # hidden, use -P to show it
  ssl_cert = </etc/pki/tls/certs/mail.xxxxx.com.crt
  ssl_key =  # hidden, use -P to show it
  ssl_cert = </etc/pki/tls/certs/imap.xxxxxxx.net.crt
  ssl_key =  # hidden, use -P to show it