On Fri, Jul 30, 2021 at 07:29:33PM +0100, Alain D D Williams via Exim-users wrote:
> I get this error in B's log, it is complaining that M's certificate is using
> the public name, not the VPN name:
>
> [78.32.209.33] SSL verify error: certificate name mismatch: DN="/CN=freshmint.phcomp.co.uk" H="mint-vpn.phcomp.co.uk"
>
> I could generate a certificate that is for 'mint-vpn' without much problem.
>
> My question
>
> How to I get exim on M to present the 'mint-vpn' certificate to
> connections that come over the VPN ?
Exim supports SNI-based server certificate selection. Configure the
appropriate certificate for each SNI name. Configure the VPN client
to send SNI, and otherwise default to the public IP name.
--
Viktor.
