1

Topic: Multiple SSL cert based on domain name dovecot/postfix

==== Required information ====
- iRedMail version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Linux/BSD distribution name and version:
- Related log if you're reporting an issue:
====

Hi,

I run a 1.8 iredmail on a centos 5.x

I try to install SSL certificate based on domain name according to this: http://wiki2.dovecot.org/SSL/DovecotConfiguration
But it seems a feature of dovecot 2.0, instead I have 1.2.17
How can I safe upgrade dovecot?

Thanks.

2

Re: Multiple SSL cert based on domain name dovecot/postfix

Reference: http://www.iredmail.org/forum/topic4493 … tos-5.html

3 (edited by posa68 2014-02-16 20:32:52)

Re: Multiple SSL cert based on domain name dovecot/postfix

Thanks Zhang.

Another approach perhaps will be a brand new installation of iredmail and a migration of accounts and mail messages.

I doing some tests just now:

- New installation on a new VM (I use container OpenVZ )
- Install brand new version of iredmail (I use mysql version)
- Copy all content of /var/vmail from old machine to new one
- Dump and reimport of vmail mysql DB

Seems to work...

Can you tell me if it's a wrong way?
Maybe I forget something?

My concern about this, is avoid customers download again all messages...

Thanks again...

4

Re: Multiple SSL cert based on domain name dovecot/postfix

posa68 wrote:

Can you tell me if it's a wrong way?

You're right.
Reference: http://www.iredmail.org/wiki/index.php? … ail.Server

posa68 wrote:

My concern about this, is avoid customers download again all messages...

Then test with one account to make sure it won't happen.

5

Re: Multiple SSL cert based on domain name dovecot/postfix

ZhangHuangbin wrote:
posa68 wrote:

Can you tell me if it's a wrong way?

You're right.
Reference: http://www.iredmail.org/wiki/index.php? … ail.Server

posa68 wrote:

My concern about this, is avoid customers download again all messages...

Then test with one account to make sure it won't happen.

Ok Zhang, I update iredmail as I said and all seems to work as I expected.
I'm on the latest version.

But still I try to figure out how to work with SSL certificates.
I try to follow this procedure to serve SSL cert with dovecot only if a certain domain is called:

local_name imap.example.org {
  ssl_cert = </etc/ssl/certs/imap.example.org.crt
  ssl_key = </etc/ssl/private/imap.example.org.key
}
local_name imap.example2.org {
  ssl_cert = </etc/ssl/certs/imap.example2.org.crt
  ssl_key = </etc/ssl/private/imap.example2.org.key
}

But it seems not work...

Someone have any hints or ideas?
Thanks!

6

Re: Multiple SSL cert based on domain name dovecot/postfix

What do you mean "not work"?

According to Dovecot wiki site, you already have correct settings for multiple SSL certificates. Please try to turn on debug mode in Dovecot to see why it doesn't work.

7

Re: Multiple SSL cert based on domain name dovecot/postfix

ZhangHuangbin wrote:

What do you mean "not work"?

According to Dovecot wiki site, you already have correct settings for multiple SSL certificates. Please try to turn on debug mode in Dovecot to see why it doesn't work.

Wel I try to verify with command:

openssl s_client -connect [mydomain]:pop3s

But dovecot always present me the self signed certificate...

I'm try to debug...