Univention Bugzilla – Bug 49064
Dovecot should support multiple SSL certificates with SNI
Last modified: 2019-04-10 14:35:32 CEST
UCS 4.3 backport +++ This bug was initially created as a clone of Bug #48485 +++ Dovecot should support multiple SSL certificates with SNI.
83259838 Add SNI Support to univention-mail-dovecot Additional fqdns and certificates can be configured with UCRvs mail/dovecot/ssl/sni/$fqdn/certificate=$path_to_certificate and mail/dovecot/ssl/sni/$fqdn/key=$path_to_certificate_key 57f964eb testcase fcc1de9e changelog 50181ece yaml
OK: code OK: automated test 40_mail/48_check_ssl_sni fails with univention-mail-dovecot=4.0.0-13 and succeeds with 4.0.0-16 OK: manual test: # univention-certificate new -name foo.bar -days 2 # ucr set mail/dovecot/ssl/sni/foo.bar/certificate=/etc/univention/ssl/foo.bar/cert.pem mail/dovecot/ssl/sni/foo.bar/key=/etc/univention/ssl/foo.bar/private.key # grep foo.bar /etc/dovecot/conf.d/10-ssl.conf local_name foo.bar { ssl_cert = < /etc/univention/ssl/foo.bar/cert.pem ssl_key = < /etc/univention/ssl/foo.bar/private.key # service dovecot restart (my notebook)# echo '10.200.3.53 foo.bar ox53.uni.dtr' >> /etc/hosts (my notebook)# fetchmail -v --ssl --check --nodetach --protocol IMAP --all --keep --username test2m@uni.dtr ox53.uni.dtr Trying to connect to 10.200.3.53/993...connected. fetchmail: Server certificate: fetchmail: Issuer Organization: Uni Test GmbH fetchmail: Issuer CommonName: Univention Corporate Server Root CA (ID=kL5WjO6C) fetchmail: Subject CommonName: ox53.uni.dtr fetchmail: Subject Alternative Name: ox53.uni.dtr fetchmail: Subject Alternative Name: ox53 fetchmail: ox53.uni.dtr key fingerprint: 47:A1:55:60:D8:34:22:EF:FD:C5:FE:56:2B:CE:04:33 (my notebook)# fetchmail -v --ssl --check --nodetach --protocol IMAP --all --keep --username test2m@uni.dtr foo.bar Trying to connect to 10.200.3.53/993...connected. fetchmail: Server certificate: fetchmail: Issuer Organization: Uni Test GmbH fetchmail: Issuer CommonName: Univention Corporate Server Root CA (ID=kL5WjO6C) fetchmail: Subject CommonName: foo.bar fetchmail: Subject Alternative Name: foo.bar fetchmail: Subject Alternative Name: foo fetchmail: foo.bar key fingerprint: A5:8C:50:7A:9C:B7:27:F0:83:B0:B4:20:C9:4A:5E:0D
<http://errata.software-univention.de/ucs/4.3/474.html>