<br><br><div><span class="gmail_quote">On 8/23/07, <b class="gmail_sendername">Nels Lindquist</b> <<a href="mailto:nlindq@maei.ca" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">nlindq@maei.ca</a>
> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Hi, all.<br><br>I'm configuring a Cyrus IMAPD server for a number of virtual domains,<br>and I'm concerned about a potential issue with SSL/TLS for the virtual<br>hosts, which is that I can't find a way of specifying different
<br>certificates for each virtual host.</blockquote><div><br>SSL only permit one certificate per IP address (this is by design), but<br>TLS should be able to support one certificate per domain, but I don't know how<br>
to do that with cyrus-imap.<br><br>Anyway what I did is to make my certificate "compatible" with all my domains.<br>I used the openssl option "subjectAltName" to define multiple domain per certificate.
<br><br>You can find more at the end of my post on open-ssl mailing list with subject "wildcard certificate for *.*.example.com"<br><br>This work for cyrus, http, postfix ssl (also tls) connections<br><br> </div>
<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
We strongly encourage users to use encryption, but I don't want mail<br>clients throwing a certificate name mismatch error every time they<br>connect to anything other than the default domain.<br><br>I checked the docs/man pages/FAQ but haven't found a per-domain way of
<br>configuring different cert/key files.<br><br>I'm hoping this functionality exists, but is as yet undocumented...<br><br>I'm using version 2.3.8, if that makes any difference.<br><br>Thanks!<br><br>Nels Lindquist
<br>----<br>Cyrus Home Page: <a href="http://cyrusimap.web.cmu.edu/" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">http://cyrusimap.web.cmu.edu/</a><br>Cyrus Wiki/FAQ: <a href="http://cyrusimap.web.cmu.edu/twiki" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
http://cyrusimap.web.cmu.edu/twiki</a><br>List Archives/Info:
<a href="http://asg.web.cmu.edu/cyrus/mailing-list.html" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">http://asg.web.cmu.edu/cyrus/mailing-list.html</a><br></blockquote></div><br><br clear="all">
<br>-- <br>Alain Spineux<br>aspineux gmail com<br>May the sources be with you