Topic: Multiple self signed certificate with thunderbird.
==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.6.8
- Deployed with iRedMail Easy or the downloadable installer? downloadable installe
- Linux/BSD distribution name and version: Debian GNU/Linux 12
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): No
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====
Hi all,
I set up new debian 12 server and iredmail without web server two weeks ago. I use multiple domain and multiple self signed certificates per domain. I generated certificates by generate_ssl_keys.sh script.
I can not connect by thunderbird to secondary domain but it is works fine by apple mail app. Also thunderbird works fine on primary domain. I tried startsl and 110, 587 ports.
I shows below that I added for multiple domain.
Certificate for primary domain:
/etc/ssl/certs/iRedMail.crt
/etc/ssl/private/iRedMail.keyCertificate for secondary domain:
/etc/ssl/certs/iRedMail-domain2.crt
/etc/ssl/private/iRedMail-domain2.key
subject=C = XX, ST = xxx, L = xxx, O = mx.domain2.com, OU = IT, CN = mx.domain2.com, emailAddress = info@domain2.com
issuer=C = XX, ST = xxx, L = xxx, O = mx.domain2.com, OU = IT, CN = mx.domain2.com, emailAddress = info@domain2.com/etc/dovecot/dovecot.conf
ssl_cert = </etc/ssl/certs/iRedMail.crt
ssl_key = </etc/ssl/private/iRedMail.key
ssl_dh = </etc/ssl/dh2048_param.pem
local_name mx.domain1.com {
ssl_cert =</etc/ssl/certs/iRedMail.crt
ssl_key =</etc/ssl/private/iRedMail.key
}
local_name mx.domain2.com {
ssl_cert =</etc/ssl/certs/iRedMail-domain2.crt
ssl_key =</etc/ssl/private/iRedMail-domain2.key
}/etc/postfix/main.cf
tls_server_sni_maps = hash:/etc/postfix/sni_maps
sender_dependent_default_transport_maps = hash:/etc/postfix/sender_transport/etc/postfix/sni_maps
mx.domain1.com /etc/ssl/private/iRedMail.key /etc/ssl/certs/iRedMail.crt
mx.domain2.com /etc/ssl/private/iRedMail-domain2.key /etc/ssl/certs/iRedMail-domain2.crt/etc/postfix/sender_transport
@domain1.com domain1.com-out:
@domain2.com domain2.com-out:/etc/postfix/master.cf
domain1.com-out unix - - n - - smtp
-o syslog_name=postfix-mx.domain1.com
-o smtp_helo_name=mx.domain1.com
-o smtp_bind_address=ipv4
-o smtp_bind_address6=ipv6
domain2.com-out unix - - n - - smtp
-o syslog_name=postfix-mx.domain2.com
-o smtp_helo_name=mx.domain2.com
-o smtp_bind_address=ipv4
-o smtp_bind_address6=ipv6Potfix logs
SSL_accept error from unknown[ip addr]: -1
postfix/submission/smtpd[2577]: warning: TLS library problem: error:0A000412:SSL routines::sslv3 alert bad certificate:../ssl/record/rec_layer_s3.c:1586:SSL alert number 42:Dovecot logs
dovecot: pop3-login: Disconnected: Connection closed: SSL_accept() failed: error:0A000412:SSL routines::sslv3 alert bad certificate: SSL alert number 42 (no auth attempts in 0 secs): user<> TLS handshaking: SSL_accept() failed: error:0A000412:SSL routines::sslv3 alert bad certificate: SSL alert number 42, Thanks in advance for help.
----
Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.