Hi Colin,
We have a strange SSL error with email that has just raised its head.
Been fine for years but may have been an update?
We have a 5210R running postfix.
A Vsite on the server has a couple of web aliases (historical combining
of servers).
The LE cert has all aliases and if using a web browser to access
roundcube then it all works fine. Site is secure.
Many of our customers are still using one of the aliases in their email
client server address and have done for years.
This weekend we started getting complaints of SSL errors when using
email clients – the email client apparently returning the cert for the
host server rather than the vsite when using one of the aliases.
This might be related to a YUM update that was published on Friday.
While working on a client server I noticed that he had non-working SNI
for several Vsites. The Vsites where it didn't work all had a single
FQDN which they responded to. And the Handler/Constructor that parse the
SSL certs to generate the SNI config files for Postfix and Dovecot so
far only parse the "DNS:" line in the certificates, but not the
"Subject:" line. So single FQDN certs resulted in a somewhat borked
email SNI configuration. The update from Friday fixes that.
To address your issue do the following:
Run "yum clean all" and "yum update" to make sure you have all updates
installed. Then restart CCEd for good measure:
/usr/sausalit/sbin/cced.init restart
If that doesn't fix it, try to renew the SSL certificate for the Vsite
in question.
--
With best regards
Michael Stauber
_______________________________________________
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx
