SSL/TLS certificates with virtual domains
Alain Spineux
aspineux at gmail.com
Sat Aug 25 06:53:01 EDT 2007
On 8/23/07, Nels Lindquist <nlindq at maei.ca> wrote:
>
> Hi, all.
>
> I'm configuring a Cyrus IMAPD server for a number of virtual domains,
> and I'm concerned about a potential issue with SSL/TLS for the virtual
> hosts, which is that I can't find a way of specifying different
> certificates for each virtual host.
SSL only permit one certificate per IP address (this is by design), but
TLS should be able to support one certificate per domain, but I don't know
how
to do that with cyrus-imap.
Anyway what I did is to make my certificate "compatible" with all my
domains.
I used the openssl option "subjectAltName" to define multiple domain per
certificate.
You can find more at the end of my post on open-ssl mailing list with
subject "wildcard certificate for *.*.example.com"
This work for cyrus, http, postfix ssl (also tls) connections
We strongly encourage users to use encryption, but I don't want mail
> clients throwing a certificate name mismatch error every time they
> connect to anything other than the default domain.
>
> I checked the docs/man pages/FAQ but haven't found a per-domain way of
> configuring different cert/key files.
>
> I'm hoping this functionality exists, but is as yet undocumented...
>
> I'm using version 2.3.8, if that makes any difference.
>
> Thanks!
>
> Nels Lindquist
> ----
> Cyrus Home Page: http://cyrusimap.web.cmu.edu/
> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>
--
Alain Spineux
aspineux gmail com
May the sources be with you
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20070825/95599f79/attachment.html
More information about the Info-cyrus
mailing list