Eli Sand wrote:
Hugo Monteiro wrote:
Ah ... wildcard certs .. from what i recall, certs issued like
*.example.com were not very well accepted by M$ clients. You should
test against non wildcard certs and see how it behaves.
Already have and no luck :( My domain is elisand.com and I have tried
*.elisand.com, mx1.elisand.com (I believe that's what my MX record is... if
not, whatever it is is what I tried) and mail.elisand.com which is the
smtp/imap server name I use in Outlook. All three yield the same result :(
Eli.
I have taken the liberty to connect to your server, using openssl, i've
seen the following:
$ openssl s_client -CApath /usr/share/ca-certificates/cacert.org/
-connect mail.elisand.com:993
CONNECTED(00000003)
depth=1 /O=Root CA/OU=http://www.cacert.org/CN=CA Cert Signing
Authority/[EMAIL PROTECTED]
verify return:1
depth=0 /CN=*.elisand.com
verify return:1
---
Certificate chain
0 s:/CN=*.elisand.com
i:/O=Root CA/OU=http://www.cacert.org/CN=CA Cert Signing
Authority/[EMAIL PROTECTED]
---
i believe you should change two things. If the name you wish to use on
your clients is mail.alisand.com, then the certificate should read
CN=mail.elisand.com. Furthermore, it's always a good idea to provide the
chaining certificate path on dovecots side. Try using the ssl_ca_file
directive on dovecot's configuration.
Regards,
Hugo Monteiro.
--
ci.fct.unl.pt:~# cat .signature
Hugo Monteiro
Email : [EMAIL PROTECTED]
Telefone : +351 212948300 Ext.15307
Centro de Informática
Faculdade de Ciências e Tecnologia da
Universidade Nova de Lisboa
Quinta da Torre 2829-516 Caparica Portugal
Telefone: +351 212948596 Fax: +351 212948548
www.ci.fct.unl.pt [EMAIL PROTECTED]
ci.fct.unl.pt:~# _
