[Dovecot] Dovecot replies with default SSL certificate instead of the vhost's

Shadi Habbal Sun, 15 Sep 2013 14:40:53 -0700
Hello,
I'm using dovecot v2.0.21.
According to http://wiki2.dovecot.org/SSL/DovecotConfiguration,dovecot 2.x 
supports different SSL certificate for different virtual hosts by using 
"local_name" directive, but I can't get it to work.
When testing the certificate using "openssl s_client -connect domain.com:pop3s" 
I get the default certificate instead of 
domain.com's.----------------------------------------------------------------------------Here
 is the my dovecot.conf:# 2.0.21: /etc/dovecot/dovecot.conf# OS: Linux 
2.6.32-358.6.2.el6.x86_64 x86_64 CentOS release 6.4 (Final) 
auth_master_user_separator = *auth_mechanisms = PLAIN LOGINdict {  acl = 
mysql:/etc/dovecot/dovecot-share-folder.conf  quotadict = 
mysql:/etc/dovecot/dovecot-used-quota.conf}first_valid_uid = 2000last_valid_uid 
= 2000listen = *log_path = /var/log/dovecot.logmail_gid = 2000mail_location = 
maildir:/%Lh/Maildir/:INDEX=/%Lh/Maildir/mail_plugins = quotamail_uid = 
2000managesieve_notify_capability = mailtomanagesieve_sieve_capability = 
fileinto reject envelope encoded-character vacation subaddress 
comparator-i;ascii-numeric relational regex imap4flags copy include variables 
body enotify environment mailbox date ihavenamespace {  inbox = yes  location = 
  prefix =   separator = /  type = private}namespace {  list = children  
location = maildir:/%%Lh/Maildir/:INDEX=/%%Lh/Maildir/Shared/%%u  prefix = 
Shared/%%u/  separator = /  subscriptions = yes  type = shared}passdb {  args = 
/etc/dovecot/dovecot-mysql.conf  driver = sql}passdb {  args = 
/etc/dovecot/dovecot-master-users-password  driver = passwd-file  master = 
yes}plugin {  acl = vfile  acl_shared_dict = proxy::acl  auth_socket_path = 
/var/run/dovecot/auth-master  autocreate = INBOX  autocreate2 = Sent  
autocreate3 = Trash  autocreate4 = Drafts  autocreate5 = Junk  autosubscribe = 
INBOX  autosubscribe2 = Sent  autosubscribe3 = Trash  autosubscribe4 = Drafts  
autosubscribe5 = Junk  quota = dict:user::proxy::quotadict  quota_rule = 
*:storage=1G  quota_warning = storage=85%% quota-warning 85 %u  quota_warning2 
= storage=90%% quota-warning 90 %u  quota_warning3 = storage=95%% quota-warning 
95 %u  sieve = /%Lh/sieve/dovecot.sieve  sieve_dir = /%Lh/sieve  
sieve_global_dir = /var/vmail/sieve  sieve_global_path = 
/var/vmail/sieve/dovecot.sieve}protocols = pop3 imap sieveservice auth {  
unix_listener /var/spool/postfix/dovecot-auth {    group = postfix    mode = 
0666    user = postfix  }  unix_listener auth-master {    group = vmail    mode 
= 0666    user = vmail  }  unix_listener auth-userdb {    group = vmail    mode 
= 0660    user = vmail  }}service dict {  unix_listener dict {    group = vmail 
   mode = 0660    user = vmail  }}service imap-login {  process_limit = 500  
service_count = 1}service pop3-login {  service_count = 1}service quota-warning 
{  executable = script /usr/local/bin/dovecot-quota-warning.sh  unix_listener 
quota-warning {    group = vmail    mode = 0660    user = vmail  }}ssl = 
requiredssl_cert = </etc/pki/tls/certs/iRedMail_CA.pemssl_key = 
</etc/pki/tls/private/iRedMail.keyuserdb {  args = 
/etc/dovecot/dovecot-mysql.conf  driver = sql}verbose_ssl = yesprotocol lda {  
auth_socket_path = /var/run/dovecot/auth-master  lda_mailbox_autocreate = yes  
log_path = /var/log/sieve.log  mail_plugins = quota sieve autocreate  
postmaster_address = root}protocol imap {  imap_client_workarounds = 
tb-extra-mailbox-sep  mail_plugins = quota imap_quota autocreate}protocol pop3 
{  mail_plugins = quota  pop3_client_workarounds = outlook-no-nuls oe-ns-eoh  
pop3_uidl_format = %08Xu%08Xv}local_name nourcc.com {  ssl_ca = 
</etc/ssl/comodo.ca.crt  ssl_cert = </etc/pki/tls/certs/nourcc.com.pem  ssl_key 
= </etc/pki/tls/private/nourcc.com.key}local_name rockmetal-ae.com {  ssl_ca = 
</etc/ssl/comodo.ca.crt  ssl_cert = </etc/pki/tls/certs/rockmetal-ae.com.pem  
ssl_key = </etc/pki/tls/private/rockmetal-ae.com.key}local_name 
alliance-sir.com {  ssl_ca = </etc/ssl/comodo.ca.crt  ssl_cert = 
</etc/pki/tls/certs/alliance-sir.com.pem  ssl_key = 
</etc/pki/tls/private/alliance-sir.com.key}----------------------------------------------------------------------------Here
 are my certs permissions, just in case:[root@epm certs]# ll 
/etc/ssl/comodo.ca.crt-rw-r--r-- 1 root root 6668 Sep 14 21:51 
/etc/ssl/comodo.ca.crt[root@epm certs]# ll 
/etc/pki/tls/certs/nourcc.com.pem-rw-r--r-- 1 root root 1801 Sep 10 00:00 
/etc/pki/tls/certs/nourcc.com.pem[root@epm certs]# ll 
/etc/pki/tls/private/nourcc.com.key-rw------- 1 root root 1708 Sep 15 19:37 
/etc/pki/tls/private/nourcc.com.key----------------------------------------------------------------------------Here
 is my openssl test output:$ openssl s_client -connect 
nourcc.com:pop3sCONNECTED(00000003)depth=0 C = SY, O = epm.nourcc.com, OU = IT, 
CN = epm.nourcc.com, emailAddress = root@epm.nourcc.comverify error:num=18:self 
signed certificateverify return:1depth=0 C = SY, O = epm.nourcc.com, OU = IT, 
CN = epm.nourcc.com, emailAddress = root@epm.nourcc.comverify 
return:1.......................... blah blah blah .........................
so I'm not sure, is there a certain way for doing it that I overlooked?
Thanks.
[Dovecot] Dovecot replies with default SSL certificate instead of the vhost's

Reply via email to
