I’ve checked my certificate using: https://certlogik.com/ssl-checker/
It tells me that my certificate is not trusted. All other tests or fine.
My Dovecot.conf says:
ssl_cert = </etc/httpd/conf/ssl.crt/server.crt
ssl_cipher_list = ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
ssl_key = </etc/httpd/conf/ssl.key/server.key
In that same /etc/httpd/conf/ssl.crt folder is also a server.ca file present. So I added the following line to the Dovecot.conf file:
ssl_ca = </etc/httpd/conf/ssl.crt/server.ca
After restarting Dovecot the ssl-checker on certlogik says everything is fine and the certificate is now trusted. Huray!
But… after testing mail on the phone again I get another error telling me the hostname is invalid for this certificate. The certificate is for my server hostname (like: server01.hoster.com) and my clients connect with their own hostname (like: imap.clientdomain.com). Is this an SNI problem? If yes, how to solve this from Dovecot?