SSL certificates and virtual domains

Wil Cooley wcooley at
Fri Aug 29 13:47:00 EDT 2003

On Fri, 2003-08-29 at 08:41, Yuri Pimenov wrote:
> Hello.
> Im going to try out cyrus22 with virtual domains. For example, i have to
> fqdns pointing to single ip address. Say, and
> How the problem: how to create a certificate which
> will suit both domains? Of course i can set CN of my certificate to the
> ip address of my cyrus22 machine but this is very inconvinient for
> users. Ideas, suggestions?

You can't, in the same way that you can't host multiple SSL-protected
web sites on the same IP address with the same cert.  SSL happens before
the higher-level protocol is able to negotiate hostname-based services,
so it can only go on IP address and return one cert per address.

TLS promises to solve this problem, being negotiated
in-application-protocol, but it's not entirely there yet.  And anyway,
IMAP itself has no notion of hostname-based service negotiation.

Wil Cooley                                 wcooley at
Naked Ape Consulting              
* * * * Linux, UNIX, Networking and Security Solutions * * * *
*     Tired of spam and viruses in your e-mail?  Get the     *
* Naked Ape Mail Defender! *
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the Info-cyrus mailing list