- Plesk 12.5 for Linux
It is not possible to set up mail client to use secure connection because of SSL warning message about bad certificate
If check security with online tools like SSL Labs , it shows warnigns as the following one:
CONFIG_TEXT: Cert Hostname DOES NOT VERIFY (mail.example.com != *.example.com | DNS:*.*.example.com | DNS:*.example.com)
So email is encrypted but the host is not verified
- The installed SSL certificate is not wildcard.
- The multidomain certificate is used and
- The mail server certificate is checked using a certificate for a domain that is not used to secure the mail server.
Install SSL wildcard certificate or request new SSL certificate having required domain in the list.
In case of multidomain certificate
X509v3 Subject Alternative Name
should be checked for a domain name.
# openssl s_client -showcerts -connect mail.example.com:25 -starttls smtp 2>/dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' | openssl x509 -noout -text | grep DNS
Note: When connecting to the mail server, make sure to use the domain name in the certificate issued during securing Plesk mail server.
Advise your customers to do the same. Otherwise, the mail client software may be unable to verify the mail server identity, which may cause issues when sending or receiving mail, like this one.