[BlueOnyx:25465] Re: BO Email on IOS devices
Michael Stauber
mstauber at blueonyx.it
Thu Jun 9 16:27:53 -05 2022
Hi Joe,
> I am getting a Certificate Error message on iPhone complaining my
> authentication certificate is not trusted.
>
> I am not able to find any settings on my iPhone to allow certificate.
>
> Same goes for using Mozilla Thunderbird as the mail client except there
> is a pop-up that appears to manually override.
>
> Any suggestions?
The advice from Chris in [BlueOnyx:25464] is spot on. The easiest way to
avoid SSL errors is when you have a valid SSL certificate for the GUI (a
Let's Encrypt cert will do) and everyone connects to the MTA and
POP3/IMAP via the name of the *server*. NOT the names of the Vsites.
On BlueOnyx 5210R the whole spectrum of email supports SNI and if a
Vsite has a valid SSL certificate, then users can connect their email
clients using the Vsite name(s) without getting SSL certificate errors.
However, this only works if your 5210R is using Postfix and not Sendmail.
This is explained in detail on this page:
https://www.blueonyx.it/news/267/15/5210R-Postfix-SNI-for-email-and-Maildir/
Email for Vsites that do not have their own SSL certificates still using
the SSL certificate of the server, in which case those clients then
still get the SSL certificate mismatch error. So you only really benefit
from this if every Vsite that provides email has a valid SSL certificate.
--
With best regards
Michael Stauber
More information about the Blueonyx
mailing list