SSL/TLS certificates with virtual domains

Alain Spineux aspineux at
Sat Aug 25 06:53:01 EDT 2007

On 8/23/07, Nels Lindquist <nlindq at> wrote:
> Hi, all.
> I'm configuring a Cyrus IMAPD server for a number of virtual domains,
> and I'm concerned about a potential issue with SSL/TLS for the virtual
> hosts, which is that I can't find a way of specifying different
> certificates for each virtual host.

SSL only permit one certificate per IP address (this is by design), but
TLS should be able to support one certificate per domain, but I don't know
to do that with cyrus-imap.

Anyway what I did is to make my certificate "compatible" with all my
I used the openssl option "subjectAltName" to define multiple domain per

You can find more at the end of my post on open-ssl mailing list with
subject "wildcard certificate for *.*"

This work for cyrus, http, postfix ssl (also tls) connections

We strongly encourage users to use encryption, but I don't want mail
> clients throwing a certificate name mismatch error every time they
> connect to anything other than the default domain.
> I checked the docs/man pages/FAQ but haven't found a per-domain way of
> configuring different cert/key files.
> I'm hoping this functionality exists, but is as yet undocumented...
> I'm using version 2.3.8, if that makes any difference.
> Thanks!
> Nels Lindquist
> ----
> Cyrus Home Page:
> Cyrus Wiki/FAQ:
> List Archives/Info:

Alain Spineux
aspineux gmail com
May the sources be with you
-------------- next part --------------
An HTML attachment was scrubbed...

More information about the Info-cyrus mailing list