SSL/TLS certificates with virtual domains

Nels Lindquist nlindq at
Thu Aug 23 19:25:19 EDT 2007

Goetz Babin-Ebell wrote:

> This question pops up occasionally in most list concerning SSL.
> You can only use one certificate for one IP address / port pair.
> If you have several IP addresses on your host,
> you can run several insances of cyrus to listen on
> the different IP addresses and every one of them having it's own
> certificate.

I do indeed have an IP address for each virtual host, so that should be

> If all of your servers share the same IP address it is not possible.
> If you have different IP addresses, use something like:
> cyrus.conf:
>  imap   cmd="imapd" listen="imap" prefork=1
>  imaps  cmd="imapd -s -C /etc/imapd1.conf" listen=""
> prefork=0
>  imaps  cmd="imapd -s -C /etc/imapd2.conf" listen=""
> prefork=0

How much configuration similarity does there have to be between the
different config files?  Can I change anything except for the
tls_[*]_file directives?

Thanks very much for the information!  I think this could work for us.

Nels Lindquist

More information about the Info-cyrus mailing list