Applicable to:
- Plesk Obsidian for Linux
- Plesk Obsidian for Windows
Question
How to assign a SSL certificate per domain to secure the mail server in Plesk (SNI support)?
Requirements
Answer
Warning: If you're switching from Courier to Dovecot be aware about potential issues.
-
Issue a Let's Encrypt certificate for a domain, or upload a paid certificate
-
For each of the domains that should have separate mail certificate, navigate to Domains > example.com > Mail > Mail Settings
-
Select the domain's certificate in SSL/TLS certificate for mail dropdown:
-
Click on Apply
-
Verify that the separate mail certificate is used:
-
On Windows:
-
Connect to the server via RDP
-
Run OpenSSL with the mail server's domain and check the certificate's CN field:
PS echo 'Q' | plesk sbin openssl s_client -connect localhost:465 -servername example.com -showcerts 2>&1 | SLS -Pattern 'CN=[^/]+' | % { $_.Matches } | % { $_.Value } | Get-Unique
CN=example.com
-
-
On Linux:
-
Connect to the server via SSH
-
Run OpenSSL with the mail server's domain and check the certificate's CN field:
# echo 'Q' | openssl s_client -connect localhost:465 -servername example.com -showcerts 2>&1 | grep -Eo 'CN=[^/]+' | uniq
CN=example.com
-
-
Comments
61 comments
Did not work, still receiving main domain's ssl information. Is there a method for doing this manually?
Please sign in to leave a comment.