SSL/TLS certificates with virtual domains
Nels Lindquist
nlindq at maei.ca
Fri Aug 24 13:39:44 EDT 2007
Hello again!
Goetz Babin-Ebell wrote:
> This question pops up occasionally in most list concerning SSL.
>
> You can only use one certificate for one IP address / port pair.
>
> If you have several IP addresses on your host,
> you can run several insances of cyrus to listen on
> the different IP addresses and every one of them having it's own
> certificate.
>
> If all of your servers share the same IP address it is not possible.
> If you have different IP addresses, use something like:
>
> cyrus.conf:
> SERVICES {
> imap cmd="imapd" listen="imap" prefork=1
> imaps cmd="imapd -s -C /etc/imapd1.conf" listen="192.168.0.1:imaps"
> prefork=0
> imaps cmd="imapd -s -C /etc/imapd2.conf" listen="192.168.0.2:imaps"
> prefork=0
Okay, I tried this, but something isn't working quite right.
When I use openssl s_client to test the connection I get:
CONNECTED(00000003)
And then nothing. This happens intermittently on either or both addresses.
In my maillog, I see the following:
Aug 24 11:25:20 mail2 imaps[1919]: imaps TLS negotiation failed:
ip-66-51-100-217.tera-byte.com [66.51.100.217]
Aug 24 11:25:20 mail2 imaps[1919]: Fatal error: tls_start_servertls() failed
Aug 24 11:25:20 mail2 master[1793]: process 1919 exited, status 75
Aug 24 11:25:20 mail2 master[1793]: service imaps pid 1919 in BUSY
state: terminated abnormally
Any way I can turn up the logging and see what's wrong?
Nels Lindquist
More information about the Info-cyrus
mailing list