Cert Hostname DOES NOT VERIFY

Created:

2016-12-12 03:46:19 UTC

Modified:

2017-08-08 13:27:00 UTC

2

Was this article helpful?


Have more questions?

Submit a request

Cert Hostname DOES NOT VERIFY

Applicable to:

  • Plesk 12.5 for Linux

Symptoms

  1. It is not possible to set up mail client to use secure connection because of SSL warning message about bad certificate

  2. If check security with online tools like SSL Labs , it shows warnigns as the following one:

    Cert Hostname DOES NOT VERIFY (mail.example.com != example.com)
    So email is encrypted but the host is not verified

Cause

SSL certificate installed either is not wildcard or in case of multidomain certificate is used mail.example.com is absent

Resolution

Install SSL wildcard certificate or request new SSL certificate having required domain in the list.

In case of multidomain certificate X509v3 Subject Alternative Name should be checked for a domain name.

# openssl s_client -showcerts -connect mail.example.com:25 -starttls smtp 2>/dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' | openssl x509 -noout -text | grep DNS
DNS:domain1.tld, DNS:example.com, DNS:mail.domain.tld
Have more questions? Submit a request
Please sign in to leave a comment.