Dovecot SNI problem

Schrottfresse · 2015-07-23 12:29:14

Hey everybody,

i have a dovecot installation which worked with a CaCert certificate with subject alt names. Because of reasons i had to change this to certificates from Startssl which do not allow subject alt names. So i am trying to use Dovecot with SNI, because i have two domains. The problem is:

When i use the following config, it works (though it keeps complaining if i use example2.org, obviously):

ssl_cert = </path/to/cert-for-example1.org.crt
ssl_key = </path/to/cert-for-example1.org.key

But when i try to use this:

local_name example1.org {
  ssl_cert = </path/to/cert-for-example1.org.crt
  ssl_key = </path/to/cert-for-example1.org.key
}

local_name example2.org {
  ssl_cert = </path/to/cert-for-example2.org.crt
  ssl_key = </path/to/cert-for-example2.org.key
}

i get the following error:

imap-login: Fatal: Can't load ssl_cert: There is no valid PEM certificate. (You probably forgot '<' from ssl_cert=<)
master: Error: service(imap-login): command startup failed, throttling for 2 secs

As i use the same certificate with the same path, i am pretty sure both path and certificate are correct.

Any ideas?

Thank you,
Schrotti

Arch Linux

#1 2015-07-23 12:29:14

Dovecot SNI problem

Board footer