When you connect like that you are probably relying on the SNI extension to ssl which is needed to tell the server which host you want to talk to. You need SNI in the server and client to work, it is in some distributions of surgemail but not all, (what platform are you running on?)
Also, you must restart surgemail when you change g_ssl_per_domain, as the certificates etc are loaded at startup, and if you have any invalid or expired certificates it will behave very badly!!!, check mail.err after startup to see if any failed to load.
ChrisP.
Hi there, at the very begining i would like to say hello to all of you guys over here!
Yesterday i've enabled g_ssl_per_domain=true and i've copied certs into ssl/domain/ folder. In browser (surgeweb) everythink works fine, however when i ask for domains SSL using openssl i get invalid respond from server:
openssl s_client -showcerts -connect mail.budotel.pl:443
subject=/CN=mail.ipartner.net.pl
issuer=/CN=mail.ipartner.net.pl
openssl s_client -showcerts -connect mail.ipartner.com.pl:443 | egrep "subject|issuer"
subject=/CN=mail.ipartner.net.pl
issuer=/CN=mail.ipartner.net.pl
My Mac Mail client also gets stupid, getting from server ssl for invalid domain. When i disable ssl_per_domain surgemail uses default SSL for my main domain: mail.ipartner.com.pl and everythink works fine (with single ssl for all domains). I wonder why surgemail responds with SSL for mail.ipartner.net.pl, not with SSL for specific domain i am asking for.
My surgemail version is the latest available (6.4a-1). Any hints guys?
