Wil Cooley wrote:
On Fri, 2003-08-29 at 08:41, Yuri Pimenov wrote:
Hello.
Im going to try out cyrus22 with virtual domains. For example, i have to fqdns pointing to single ip address. Say, imap.example1.com and imap.example2.com. How the problem: how to create a certificate which will suit both domains? Of course i can set CN of my certificate to the ip address of my cyrus22 machine but this is very inconvinient for users. Ideas, suggestions?
You can't, in the same way that you can't host multiple SSL-protected web sites on the same IP address with the same cert. SSL happens before the higher-level protocol is able to negotiate hostname-based services, so it can only go on IP address and return one cert per address.
TLS promises to solve this problem, being negotiated in-application-protocol, but it's not entirely there yet. And anyway, IMAP itself has no notion of hostname-based service negotiation.
Actually, TLS intends to solve this within TLS itself, not the application protocol. See RFC 3546, section 3.1.
-- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key-- http://www.oceana.com/~ken/ksm.pgp
