Applicable to:
- Plesk Obsidian for Linux
- Plesk Obsidian for Windows
Question
How to assign an SSL certificate per domain to secure the mail server in Plesk (SNI support)?
Answer
Requirements
Warning: If you're switching from Courier to Dovecot be aware of potential issues.
-
Issue a Let's Encrypt certificate for a domain, or upload a paid certificate
-
For each of the domains that should have a separate mail certificate, navigate to Domains > example.com > Mail > Mail Settings
-
Select the domain's certificate in SSL/TLS certificate for mail dropdown:
-
Click on Apply
-
Verify that the separate mail certificate is used:
-
On Windows:
-
Connect to the server via RDP
-
Run OpenSSL with the mail server's domain and check the certificate's CN field:
PS echo 'Q' | plesk sbin openssl s_client -connect localhost:465 -servername example.com -showcerts 2>&1 | SLS -Pattern 'CN=[^/]+' | % { $_.Matches } | % { $_.Value } | Get-Unique
CN=example.com
-
-
On Linux:
-
Connect to the server via SSH
-
Run OpenSSL with the mail server's domain and check the certificate's CN field:
# echo 'Q' | openssl s_client -connect localhost:465 -servername example.com -showcerts 2>&1 | grep -Eo 'CN=[^/]+' | uniq
CN=example.com
-
-
Comments
this command didn't worked for me:
i have to modify this part: grep -Eo 'CN=[^/]+' into grep -Eo 'CN\s*=[^/]+' because of space char before "="
also, new command:
Please sign in to leave a comment.