SSL certificates and virtual domains
Wil Cooley
wcooley at nakedape.cc
Fri Aug 29 13:47:00 EDT 2003
On Fri, 2003-08-29 at 08:41, Yuri Pimenov wrote:
> Hello.
>
> Im going to try out cyrus22 with virtual domains. For example, i have to
> fqdns pointing to single ip address. Say, imap.example1.com and
> imap.example2.com. How the problem: how to create a certificate which
> will suit both domains? Of course i can set CN of my certificate to the
> ip address of my cyrus22 machine but this is very inconvinient for
> users. Ideas, suggestions?
You can't, in the same way that you can't host multiple SSL-protected
web sites on the same IP address with the same cert. SSL happens before
the higher-level protocol is able to negotiate hostname-based services,
so it can only go on IP address and return one cert per address.
TLS promises to solve this problem, being negotiated
in-application-protocol, but it's not entirely there yet. And anyway,
IMAP itself has no notion of hostname-based service negotiation.
Wil
--
Wil Cooley wcooley at nakedape.cc
Naked Ape Consulting http://nakedape.cc
* * * * Linux, UNIX, Networking and Security Solutions * * * *
* Tired of spam and viruses in your e-mail? Get the *
* Naked Ape Mail Defender! http://nakedape.cc/r/maildefender *
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : https://lists.andrew.cmu.edu/mailman/private/info-cyrus/attachments/20030829/1f86cad8/attachment.bin
More information about the Info-cyrus
mailing list