On 05-19-2021 6:48 pm, Viktor Dukhovni wrote:\
You're fixated on the backend server name matching the certificate,
you really need to drop that assumption.
You misunderstand me. I know the cert has to match whatever the client
connected to, not the backend.
Out of the box, postfix is using a cert that was issued to the backend
server.
This is what ive been saying over and over and over.
I know postfix needs to give the client a cert that matches the load
balancer, not the backend server.
Ive been asking every way from sunday the best way to accomplish this,
the proper way. Not some hacky way.
Best i can gather from your last few replies is to rsync a copy of the
cert created on the load balancer to the backend servers and point
postfix at that cert.
Is that the answer?
This is all ive been trying to ask from the beginning, best method of
getting a cert created on the load balancer to postfix on a different
server to use for TLS.