If you are using different hostname for each server then you need different certificates or SAN certificate with corresponding subjectAltName extensions. Certificates verifies hostname so if your hostnames are different then you have to use different certificates. However it is more useful if you keep your server hostname and service hostname separately. Your server hostnames might be mx1.mydomain, mx2.mydomain but you can use imap.mydomain as dovecot service name (in this case you can use same certificate for dovecot but different certificates for postfix and you also will load balance clients connecting to dovecot instance). Or you might use same hostname for both servers (in that case you need only one certificate) and dovecot and postfix will be automatically load balanced.
Anvar Kuchkartaev an...@anvartay.com Original Message From: SH Development Sent: jueves, 12 de octubre de 2017 05:17 a.m. To: dovecot@dovecot.org Subject: SSL overview... Can someone help me understand the overall picture of SSL certificates in this scenario? I have a working dovecot/postfix/mysql server. It has a certificate. I now want to create a second, essentially duplicate configured server for use with replication. What is the relationship between the certificate and the hostname, or the DNS entry since the certs are created using the server’s domain name? mail.serverA.mydomain has a certificate that was created using mail.serverA.mydomain. The server's hostname is mail.serverA.mydomain. Now enter the new server. It would probably be: mailserverB.mydomain and a certificate created using mail.serverB.mydomain. The server’s hostname would be mail.serverB.mydomain. My questions: 1. Can I use the same certificate on both servers since they are serving email for the same domain? 2. Does the hostname have to be the same as the domain name, and thus the name used to create the cert? Sorry if I’m muddled about this. It was never really an issue until I wanted to add a secondary server into the mix. Ethon B.
