Le 27/06/2017 à 22:56, Mik J a écrit : > Hello Bruno, Edgar, > > I'm coming back regarding this topic because I didn't make it work. > > Depending on the fqdn I need opensmtpd to reply with the right > certificate. > > > > My configuration > pki domain1.com certificate "/etc/smtpd/tls/domain1.com.crt" > pki domain1.com key "/etc/smtpd/tls/domain1.com.key" > pki domain2.com certificate "/etc/smtpd/tls/domain2.com.crt" > pki domain2.com key "/etc/smtpd/tls/domain2.com.key" > listen on 1.1.1.1 port 25 tls auth-optional <passwords> > > My problem, regardless of the fqdn that is accessed, smtpd always > sends the same certificate. But I have only ONE IP/interface > SMTPD doesn't select the appropriate certificate
How did you test that? Be aware that you have to sent a SNI instruction to verify the cert used. For instance, with OpenSSL: openssl s_client -connect hostname:25 -starttls smtp -servername hostname If you don’t specify -servername here, you’ll get the default certificate indeed. Bruno
signature.asc
Description: OpenPGP digital signature