Hello Bruno,
You are right I used a similar command without -servernameWith this option it
seems to work correctly.
Now, I will debug why Gmail has a problem with one certificate and not the
other.
Thank you
Le Mercredi 28 juin 2017 9h47, Bruno Pagani <[email protected]> a
écrit :
Le 27/06/2017 à 22:56, Mik J a écrit :
Hello Bruno, Edgar,
I'm coming back regarding this topic because I didn't make it work.
Depending on the fqdn I need opensmtpd to reply with the right certificate.
My configuration pki domain1.com certificate "/etc/smtpd/tls/domain1.com.crt"
pki domain1.com key "/etc/smtpd/tls/domain1.com.key"
pki domain2.com certificate "/etc/smtpd/tls/domain2.com.crt"
pki domain2.com key "/etc/smtpd/tls/domain2.com.key"
listen on 1.1.1.1 port 25 tls auth-optional <passwords>
My problem, regardless of the fqdn that is accessed, smtpd always sends the
same certificate. But I have only ONE IP/interface
SMTPD doesn't select the appropriate certificate
How did you test that? Be aware that you have to sent a SNI instruction to
verify the cert used.
For instance, with OpenSSL: openssl s_client -connect hostname:25 -starttls
smtp -servername hostname
If you don’t specify -servername here, you’ll get the default certificate
indeed.
Bruno
