SNI for Exim (SKINS)(LANG) BETA

Version 1.535

Feature
Unfinished

DEPRECATED!!! Use mail_sni instead of exim_sni: https://www.directadmin.com/features.php?id=2019 ================================== BETA New variable: exim_sni=0 which is the internal default. To enable, set: exim_sni=1 and restart DirectAdmin. To add Mail SNI Hosts, after you've got a authorized certificate, key, and ca bundle installed, go to: User Level -> SSL Certificates -> Mail SNI Hosts and select the hosts you'd like to add, and click "Enable". -------- The select box will be hidden if: - the host already exists in snidomains, and belongs to some other User - the host is not a subdomain of the current domain, or is not a match of the current domain. -------- When a valid certificate is present under a domain, the SSL Certificates page will show a new table at the bottom called "Mail SNI Hosts". With it, you can select values that are present in the certificate to use for SNI with exim. When a host is enabled, it's added to the file: /etc/virtual/snidomains with the format: mail.domain.com:username:domain.com where mail.domain.com is the $tls_in_sni variable that exim does a lookup with, username is who owns the domain, and domain.com is where the cert lives, eg: /usr/local/directadmin/data/users/username/domains/domain.com.cert.combined which MUST contain mail.domain.com or the SNI hostname verification will fail between the client and exim, causing SSL errors/warnings. -------- If you have a wildcard certificate, like: *.domain.com DA will swap it with mail.domain.com to for adding/checking. -------- Removal of a domain will autiomatically remove all SNI hosts from: /etc/virtual/snidomains where the value matches the :username:domain.com value. The actual SNI name (far left) has no effect on removal. Any value here, such that the user:domain on the right match the domain being removed for that user, will be cleared from the file. -------- The Mail SNI Hosts ================================ API CMD_API_SSL method: POST action=mail_sni domain=domain.com select0=mail.domain.com either: enable=Enable (any text) or disable=Disable (any text) ================================ SKIN user/ssl.html new tokens: CERTIFICATE_HOSTS = list of 'X509v3 Subject Alternative Name' values, eg: domain.com, www.domain.com, mail.domain.com NOT_AFTER = Expiry of the certificate, eg: May 8 05:45:38 2018 GMT EXIM_SNI_HOSTS_TABLE = new <table> with form to add/remove the host values stored in the certificate to be exim sni mail hosts. ================================ LANG lang/en/internal/ssl.txt - up to 54 lang/en/internal/command.txt - up to 585 lang/en/user/ssl.html

Interested to try DirectAdmin? Get a 30-day Free Trial!