Applicable to:
- Plesk 12.5 for Linux
Symptoms
-
It is not possible to set up mail client to use secure connection because of SSL warning message about bad certificate
-
If check security with online tools like SSL Labs , it shows warnigns as the following one:
CONFIG_TEXT: Cert Hostname DOES NOT VERIFY (mail.example.com != example.com)
So email is encrypted but the host is not verified
Cause
SSL certificate installed either is not wildcard or in case of multidomain certificate is used
mail.example.com
is absent
Resolution
Install SSL wildcard certificate or request new SSL certificate having required domain in the list.
In case of multidomain certificate
X509v3 Subject Alternative Name
should be checked for a domain name.
# openssl s_client -showcerts -connect mail.example.com:25 -starttls smtp 2>/dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' | openssl x509 -noout -text | grep DNS
Comments
0 comments
Please sign in to leave a comment.