Hi all, currently my `Postfix 2.11` instance runs TLS on a `GoDaddy SSL Certificate` but as i would like to be able to access my server from smtp.domain.com as well as imap.domain.com, domain.com or domain.es i bought a cheap SSL Class2 Certificate at startssl.com website. But after updating Postfix configuration replacing the old Godaddy SSL Certificate by the new StartSSL.com SSL Class2 Certificate, email desktop clients complain about the smtp.domain.com not being the Common Name domain.com.
I've configured `nginx and everything seems to work fine when accessing to any of the following domain names and domain alternative names: domain.com imap.domain.com smtp.domain.com mail.domain.com *.domain.com domain.es imap.domain.es smtp.domain.es mail.domain.es *.domain.es On Postfix i have the following configuration for Godaddy Certificate: smtpd_tls_cert_file=/etc/ssl/certs/domain.crt smtpd_tls_key_file=/etc/ssl/private/domain.key smtp_tls_CAfile=/etc/ssl/certs/sf_bundle.crt smtp_tls_CApath=/etc/ssl/certs For StartSSL.com Class2 Certificate i tried the following setup combinations without luck: Combination1 smtpd_tls_cert_file=/etc/ssl/certs/domain.crt smtpd_tls_key_file=/etc/ssl/private/domain.key smtp_tls_CAfile=/etc/ssl/certs/ca-certificates.crt smtp_tls_CApath=/etc/ssl/certs Combination2 cat domain.crt sub.class2.server.ca.pem >> mycert.crt smtpd_tls_cert_file=/etc/ssl/certs/mycert.crt smtpd_tls_key_file=/etc/ssl/private/domain.key smtp_tls_CAfile=/etc/ssl/certs/ca-certificates.crt smtp_tls_CApath=/etc/ssl/certs Combination3 cat domain.crt sub.class2.server.ca.pem >> /etc/ssl/certs/ca-certificates.crt smtpd_tls_cert_file=/etc/ssl/certs/domain.crt smtpd_tls_key_file=/etc/ssl/private/domain.key smtp_tls_CAfile=/etc/ssl/certs/ca-certificates.crt smtp_tls_CApath=/etc/ssl/certs As i see, the main issue come because clients can't see the alternative names which are located under x509v3 but HTTP browsers like chrome or Firefox do.
