different certs for different IP's ?
Ken Murchison
ken at oceana.com
Mon Mar 3 10:02:10 EST 2003
pilsl at goldfisch.at wrote:
>
> Is it possible to tell cyrusd to use different certs for different
> IP's.
>
> I'd like to seperate pop- and imapaccess to different IP's but not to
> maintain to different cyrus-configs and run two master-daemons.
>
> The only problem are the ssl-certs.
>
> in cyrus.conf
>
> imap_ext cmd="imapd" listen="xxx.xxx.xxx.001:imap" prefork=0
> imaps_ext cmd="imapd -s" listen="xxx.xxx.xxx.001:imaps" prefork=0
>
> imap_int cmd="imapd" listen="192.168.0.1:imap" prefork=6
> imaps_int cmd="imapd -s" listen="192.168.0.1:imaps" prefork=0
>
> imap_lo cmd="imapd" listen="127.0.0.1:imap" prefork=0
> imaps_lo cmd="imapd -s" listen="127.0.0.1:imaps" prefork=0
>
> pop3_ext cmd="pop3d" listen="xxx.xxx.xxx.002:pop3" prefork=2
> pop3s_ext cmd="pop3d -s" listen="xxx.xxx.xxx.002:pop3s" prefork=1
>
> but:
>
> in imapd.conf I can only set
>
> tls_cert_file: /data/pki/pop.XXXX.org.pem
> tls_key_file: /data/pki/pop.XXXX.org.pem
What version of Cyrus? With 2.1 (and possibly 2.0, I don't remember),
you can have per-protocol certs/keys. See imapd.conf(5).
--
Kenneth Murchison Oceana Matrix Ltd.
Software Engineer 21 Princeton Place
716-662-8973 x26 Orchard Park, NY 14127
--PGP Public Key-- http://www.oceana.com/~ken/ksm.pgp
More information about the Info-cyrus
mailing list