SSL Certificate on mail services

Serge Storme

New Pleskian
Hi Everyone,

First, sorry for my bad English, i'm French !

I have an OVH VPS on which Plesk 12.5 is installed (the host is Centos 6).
I don't have changed anything in the plesk or service configuration.
All is working fine, except one thing ^^
I would like to setup SSL certificate on mail services (pop3, imap and smtp)
I have the default courier-imap service and the default postfix.
To do that, i followed this tutorial : http://wpguru.co.uk/2014/12/plesk-mail-ssl/

So, i have the good certificate (signed by Gandi SAS) in these files :
/etc/postfix/postfix_default.pem
/usr/share/imapd.pem
/usr/share/pop3d.pem

I correctly restart the service (i even reboot the server to be sure) but it still don't work.
I also check in /etc/courier-imap/pop3d-ssl and imapd-ssl that the TLS_CERTFILE was correct.
With http://www.checktls.com i can see that the certificate which is used is the self signed one.
You can test with [email protected] if you want.

So, what i miss ?
I tried to go a grep with the beginning of the certificate, bu there is a lot of results, and i'm not an expert at all...

Thanks a lot for your help,
Cheers,
Serge
 
Hi Serge Storme,

Code:
...
[002.073]       
Certificate 1 of 2 in chain:
subject= /C=--/ST=France/L=--/O=OVH/OU=--/CN=vps221224.ovh.net/[email protected]
issuer= /C=--/ST=France/L=--/O=OVH/OU=--/CN=vps221224.ovh.net/[email protected]                                                                                                                                                                                           
[002.091]       
Certificate 2 of 2 in chain:
subject= /C=--/ST=France/L=--/O=OVH/OU=--/CN=vps221224.ovh.net/[email protected]
issuer= /C=--/ST=France/L=--/O=OVH/OU=--/CN=vps221224.ovh.net/[email protected]                                                                                                                                                                                             
[002.091]        Cert NOT VALIDATED: self signed certificate
[002.091]        So email is encrypted but the domain is not verified
[002.091]        Cert Hostname DOES NOT VERIFY (mail.terroirsdepicardie.com != vps221224.ovh.net)
[002.091]        So email is encrypted but the host is not verified
...

Code:
Transcript: Connecting to 51.255.40.124

Transcript:

Transcript: 220 vps221224.ovh.net ESMTP Postfix [859 ms]

Transcript: EHLO PWS3.mxtoolbox.com

Transcript: 250-vps221224.ovh.net
...
As already stated above "mail.terroirsdepicardie.com" does not match your hostname "vps221224.ovh.net" and a reverse check of "51.255.40.124" points to "124.ip-51-255-40.eu"


SPF - entry:
Code:
"v=spf1 +a +mx -all"

You don't include your hostname in your SPF - entry and miss as well your IPv4. It would be a good idea to use:

"v=spf1 +a +mx +a:vps221224.ovh.net +ip4:51.255.40.124 ?all"


If you experience issues, please consider to include as well configuration files and errors from your mail.log, to solve your issue or to help you with investigations.
I have the default courier-imap service and the default postfix.
... is simply not enough to investigate any possible errors or issues.

 
Back
Top