carbonio ce and ssl...
 
Notifications
Clear all

carbonio ce and ssl certificates for alias domain and imap/pop3

3 Posts
3 Users
0 Reactions
987 Views
 KAV
(@kav)
Joined: 2 years ago
Posts: 7
Topic starter  

If you add an ssl certificate to the domain alias, then when connecting to imap ports, only it will always be given:

add main domain: @domain.com

add alias domain: @alias.com

add another domain: @domain2.com

install ssl certificates "/opt/zextras/libexec/zmdomaincertmgr savecrt" for mail.ALIAS.com  and other virt domains

After that:

openssl s_client -connect mail.domain.com:993 -> SSL of mail.ALIAS.com

openssl s_client -connect mail.alias.com:993 -> SSL of mail.ALIAS.com

openssl s_client -connect mail.domain2.com:993 -> SSL of mail.ALIAS.com

 

it's nomarly or its error becouse the proxy server doesn't choose the right certificates?

 

And at the same time:

openssl s_client -connect mail.domain.com:443 -> SSL of mail.domain.com

openssl s_client -connect mail.alias.com:443 -> SSL of mail.alias.com

openssl s_client -connect mail.domain2.com:443 -> SSL of mail.domain2.com

 

It seems that the proxy server does not correctly choose the certificate for IMAP/POP3 and correctly for HTTP ...

This topic was modified 2 years ago by KAV

   
Quote
(@qubaq)
Joined: 2 years ago
Posts: 4
 

I have the same problem with my Carbonio install. Any suggestions?


   
ReplyQuote
(@anahuac)
Joined: 2 years ago
Posts: 328
 

Carbonio doesn't work that way. It doesn't do SNI for domain for POP and IMAP.

So you have two ways to deal with it:

1 - do a root certificate with all domains on it. It' works great but can be quite tough to manage, specially if you have many domains getting added and removed constantly like in Mail Providers;

2 - point all your customers to use the main root hostname on their clients. This is how I do it: certificates for them to access the webmail fine on their domains, but all e-mail clients like Outlook, Thunderbird and mobile have to you my main hostname to connect.

You may want to join us in Telegram: https://www.anahuac.eu/carbonio-adding-a-signature/

Regards


   
ReplyQuote