On 8/23/07, Nels Lindquist <[EMAIL PROTECTED]> wrote: > > Hi, all. > > I'm configuring a Cyrus IMAPD server for a number of virtual domains, > and I'm concerned about a potential issue with SSL/TLS for the virtual > hosts, which is that I can't find a way of specifying different > certificates for each virtual host.
SSL only permit one certificate per IP address (this is by design), but TLS should be able to support one certificate per domain, but I don't know how to do that with cyrus-imap. Anyway what I did is to make my certificate "compatible" with all my domains. I used the openssl option "subjectAltName" to define multiple domain per certificate. You can find more at the end of my post on open-ssl mailing list with subject "wildcard certificate for *.*.example.com" This work for cyrus, http, postfix ssl (also tls) connections We strongly encourage users to use encryption, but I don't want mail > clients throwing a certificate name mismatch error every time they > connect to anything other than the default domain. > > I checked the docs/man pages/FAQ but haven't found a per-domain way of > configuring different cert/key files. > > I'm hoping this functionality exists, but is as yet undocumented... > > I'm using version 2.3.8, if that makes any difference. > > Thanks! > > Nels Lindquist > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > -- Alain Spineux aspineux gmail com May the sources be with you
---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
